kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Set up Redis using the latest version of redisio

Browse Source 
This replaces the deprecated redis cookbook. Compiles the latest version
of Redis, currently 7.0.11

Refs #488
This commit is contained in:
Greg Karékinian 2023-06-19 16:02:58 +02:00
parent b164d7a444
commit 6116729907
119 changed files with 2568 additions and 7343 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cookbooks/redis/.gitignore vendored
View File

@ -1,9 +0,0 @@
*.tgz
*.tar.gz
vendor/bundle
.bundle
.DS_Store
build/*
tmp/
*.lock
.kitchen/*

20
cookbooks/redis/.kitchen.yml
View File

@ -1,20 +0,0 @@
driver:
require_chef_omnibus: <%= ENV.fetch("CHEF_VERSION", "latest") %>
ssh_key: <%= File.expand_path("./test/support/keys/vagrant") %>
name: vagrant
provisioner:
name: chef_solo
platforms:
- name: debian-6.0.8
- name: debian-7.2.0
- name: ubuntu-12.04
- name: ubuntu-14.04
suites:
- name: default
run_list:
- recipe[redis::server]
- recipe[redis::client]
# - recipe[minitest-handler]

18
cookbooks/redis/.rubocop.yml
View File

@ -1,18 +0,0 @@
LineLength:
Max: 80
Exclude:
- "**/attributes/*.rb"
- "**/metadata.rb"
StringLiterals:
EnforcedStyle: double_quotes
PercentLiteralDelimiters:
PreferredDelimiters:
"%w": "[]" # Arrays use brackets
SingleSpaceBeforeFirstArg:
Enabled: false # too strict about metadata and certain formatting
inherit_from: test/support/rubocop/enabled.yml
inherit_from: test/support/rubocop/disabled.yml

1
cookbooks/redis/.ruby-gemset
View File

@ -1 +0,0 @@
chef-redis

1
cookbooks/redis/.ruby-version
View File

@ -1 +0,0 @@
2.1.5

19
cookbooks/redis/.travis.yml
View File

@ -1,19 +0,0 @@
language: ruby
bundler_args: --jobs 3 --without integration
rvm:
- 1.9.3
- 2.0.0
- 2.1.5
before_script:
- "gem install bundler-audit --no-rdoc --no-ri && bundle-audit update"
script:
- bundle-audit
- bundle exec rake rubocop
- bundle exec rake foodcritic
- bundle exec rake chefspec
- bundle exec rake kitchen:all
- bundle exec license_finder --quiet
env:
matrix:
- CHEF_VERSION: "10.30"
- CHEF_VERSION: "11.16"

7
cookbooks/redis/Berksfile
View File

@ -1,7 +0,0 @@
source "http://api.berkshelf.com"
metadata
group :integration do
cookbook "minitest-handler"
end

20
cookbooks/redis/Gemfile
View File

@ -1,20 +0,0 @@
source "https://rubygems.org"
chef_version = ENV.fetch("CHEF_VERSION", "11.16")
gem "chef", "~> #{chef_version}"
gem "chefspec", "~> 4.1.1" if chef_version =~ /^11/
gem "berkshelf", "~> 3.2.1"
gem "foodcritic", "~> 4.0.0"
gem "license_finder", "~> 1.2.0"
gem "rake"
gem "rubocop", "~> 0.27.1"
gem "serverspec", "~> 2.3.1"
group :integration do
gem "busser-serverspec", "~> 0.5.3"
gem "guard-rspec", "~> 4.3.1"
gem "kitchen-vagrant", "~> 0.15.0"
gem "test-kitchen", "~> 1.2.1"
end

5
cookbooks/redis/Guardfile
View File

@ -1,5 +0,0 @@
guard :rspec, cmd: "rspec --color", all_on_start: false do
watch(/^spec\/(.+)_spec\.rb$/)
watch(/^recipes\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" }
watch("spec/spec_helper.rb") { "spec" }
end

20
cookbooks/redis/LICENSE.txt
View File

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright © 2012-2014 Phil Cohen <github@phlippers.net>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

155
cookbooks/redis/README.md
View File

@ -1,155 +0,0 @@
# chef-redis [![Build Status](https://travis-ci.org/phlipper/chef-redis.svg?branch=master)](https://travis-ci.org/phlipper/chef-redis)
## Description
This cookbook installs [Redis](http://redis.io) from Chris Lea's [ppa archive](https://launchpad.net/~chris-lea/+archive/redis-server).
Redis is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.
## Requirements
### Supported Platforms
The following platforms are supported by this cookbook, meaning that the recipes run on these platforms without error:
* Ubuntu 12.04+
* Debian 6+
### Cookbooks
* [apt](http://community.opscode.com/cookbooks/apt)
* [minitest-handler](http://community.opscode.com/cookbooks/minitest-handler) _(suggested, not required)_
## Recipes
* `redis` - The default recipe. Setup apt with ppa details.
* `redis::server` - Install the Redis server.
* `redis::client` - Install the Redis client.
# Usage
This cookbook installs the Redis components if not present, and pulls updates if they are installed on the system.
## Attributes
```ruby
case node["platform"]
when "debian"
default["redis"]["apt_distribution"] = node["lsb"]["codename"]
default["redis"]["apt_repository"] = "dotdeb"
default["redis"]["apt_uri"] = "http://packages.dotdeb.org"
default["redis"]["apt_components"] = ["all"]
default["redis"]["apt_key"] = "http://www.dotdeb.org/dotdeb.gpg"
when "ubuntu"
default["redis"]["apt_distribution"] = node["lsb"]["codename"]
default["redis"]["apt_repository"] = "chris-lea-redis-server"
default["redis"]["apt_uri"] = "http://ppa.launchpad.net/chris-lea/redis-server/ubuntu"
default["redis"]["apt_components"] = ["main"]
default["redis"]["apt_keyserver"] = "keyserver.ubuntu.com"
default["redis"]["apt_key"] = "C7917B12"
end
default["redis"]["pidfile"] = "/var/run/redis/redis-server.pid"
default["redis"]["daemonize"] = "yes"
default["redis"]["port"] = 6379
default["redis"]["bind"] = "127.0.0.1"
default["redis"]["unixsocket"] = "/var/run/redis/redis.sock"
default["redis"]["unixsocketperm"] = 755
default["redis"]["timeout"] = 300
default["redis"]["loglevel"] = "notice"
default["redis"]["logfile"] = "/var/log/redis/redis-server.log"
default["redis"]["syslog_enabled"] = "no"
default["redis"]["syslog_ident"] = "redis"
default["redis"]["syslog_facility"] = "local0"
default["redis"]["databases"] = 16
default["redis"]["snapshots"] = {
900 => 1,
300 => 10,
60 => 10000
}
default["redis"]["stop_writes_on_bgsave_error"] = "yes"
default["redis"]["rdbcompression"] = "yes"
default["redis"]["rdbchecksum"] = "yes"
default["redis"]["dbfilename"] = "dump.rdb"
default["redis"]["dir"] = "/var/lib/redis"
default["redis"]["slaveof"] = ""
default["redis"]["masterauth"] = ""
default["redis"]["slave_serve_stale_data"] = "yes"
default["redis"]["slave_read_only"] = "yes"
default["redis"]["repl_ping_slave_period"] = 10
default["redis"]["repl_timeout"] = 60
default["redis"]["slave_priority"] = 100
default["redis"]["requirepass"] = ""
default["redis"]["rename_commands"] = []
default["redis"]["maxclients"] = 128
default["redis"]["maxmemory"] = "64mb"
default["redis"]["maxmemory_policy"] = "volatile-lru"
default["redis"]["maxmemory_samples"] = 3
default["redis"]["appendonly"] = "no"
default["redis"]["appendfilename"] = "appendonly.aof"
default["redis"]["appendfsync"] = "everysec"
default["redis"]["no_appendfsync_on_rewrite"] = "no"
default["redis"]["auto_aof_rewrite_percentage"] = 100
default["redis"]["auto_aof_rewrite_min_size"] = "64mb"
default["redis"]["lua_time_limit"] = 5000
default["redis"]["slowlog_log_slower_than"] = 10000
default["redis"]["slowlog_max_len"] = 1024
default["redis"]["hash_max_ziplist_entries"] = 512
default["redis"]["hash_max_ziplist_value"] = 64
default["redis"]["list_max_ziplist_entries"] = 512
default["redis"]["list_max_ziplist_value"] = 64
default["redis"]["set_max_intset_entries"] = 512
default["redis"]["zset_max_ziplist_entries"] = 128
default["redis"]["zset_max_ziplist_value"] = 64
default["redis"]["activerehashing"] = "yes"
default["redis"]["client_output_buffer_limit"] = {
"normal" => "0 0 0",
"slave" => "256mb 64mb 60",
"pubsub" => "32mb 8mb 60"
}
default["redis"]["include_config_files"] = []
default["redis"]["ulimit"] = ""
default["redis"]["auto_upgrade"] = false
```
## Basic Settings
* `node["redis"]["ulimit"]` - Sets the maximum number of file descriptors for the Redis process. If this is unset or empty, the limit is the system default. The default may not be high enough to handle a large number of concurrent connections. See [Redis Clients Handling](http://redis.io/topics/clients).
## Contributors
Many thanks go to the following [contributors](https://github.com/phlipper/chef-redis/graphs/contributors) who have helped to make this cookbook even better:
* **[@smoil](https://github.com/smoil)**
* `redis.conf` updates for Redis 2.6
* **[@svend](https://github.com/svend)**
* add attribute to set ulimit
* **[@maciej](https://github.com/maciej)**
* ensure `node["redis"]["dir"]` exists
* **[@dwradcliffe](https://github.com/dwradcliffe)**
* allow bind to all interfaces
* **[@duggan](https://github.com/duggan)**
* allow customizable apt sources
## Contributing
This cookbook could have way more personality... Help make it so!
1. Fork it
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Added some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create new Pull Request
## License
**chef-redis**
* Freely distributable and licensed under the [MIT license](http://phlipper.mit-license.org/2012-2014/license.html).
* Copyright (c) 2012-2014 Phil Cohen (github@phlippers.net) [![endorse](http://api.coderwall.com/phlipper/endorsecount.png)](http://coderwall.com/phlipper) [![Gittip](http://img.shields.io/gittip/phlipper.png)](https://www.gittip.com/phlipper/)
* http://phlippers.net/

31
cookbooks/redis/Rakefile
View File

@ -1,31 +0,0 @@
task default: "test"
desc "Run all tests except `kitchen`"
task test: [:rubocop, :foodcritic, :chefspec]
desc "Run all tests"
task all_tests: [:rubocop, :foodcritic, :chefspec, "kitchen:all"]
# rubocop style checker
require "rubocop/rake_task"
RuboCop::RakeTask.new
# foodcritic chef lint
require "foodcritic"
FoodCritic::Rake::LintTask.new do |t|
t.options = { fail_tags: ["any"] }
end
# chefspec unit tests
require "rspec/core/rake_task"
RSpec::Core::RakeTask.new(:chefspec) do |t|
t.rspec_opts = "--color --format progress"
end
# test-kitchen integration tests
begin
require "kitchen/rake_tasks"
Kitchen::RakeTasks.new
rescue LoadError
task("kitchen:all") { puts "Unable to run `test-kitchen`" }
end

77
cookbooks/redis/attributes/default.rb
View File

@ -1,77 +0,0 @@
case node["platform"]
when "debian"
default["redis"]["apt_distribution"] = node["lsb"]["codename"]
default["redis"]["apt_repository"] = "dotdeb"
default["redis"]["apt_uri"] = "http://packages.dotdeb.org"
default["redis"]["apt_components"] = ["all"]
default["redis"]["apt_key"] = "http://www.dotdeb.org/dotdeb.gpg"
when "ubuntu"
default["redis"]["apt_distribution"] = node["lsb"]["codename"]
default["redis"]["apt_repository"] = "chris-lea-redis-server"
default["redis"]["apt_uri"] = "http://ppa.launchpad.net/chris-lea/redis-server/ubuntu"
default["redis"]["apt_components"] = ["main"]
default["redis"]["apt_keyserver"] = "keyserver.ubuntu.com"
default["redis"]["apt_key"] = "C7917B12"
end
default["redis"]["pidfile"] = "/var/run/redis/redis-server.pid"
default["redis"]["daemonize"] = "yes"
default["redis"]["port"] = 6379
default["redis"]["bind"] = "127.0.0.1"
default["redis"]["unixsocket"] = "/var/run/redis/redis.sock"
default["redis"]["unixsocketperm"] = 755
default["redis"]["timeout"] = 300
default["redis"]["loglevel"] = "notice"
default["redis"]["logfile"] = "/var/log/redis/redis-server.log"
default["redis"]["syslog_enabled"] = "no"
default["redis"]["syslog_ident"] = "redis"
default["redis"]["syslog_facility"] = "local0"
default["redis"]["databases"] = 16
default["redis"]["snapshots"] = {
900 => 1,
300 => 10,
60 => 10_000
}
default["redis"]["stop_writes_on_bgsave_error"] = "yes"
default["redis"]["rdbcompression"] = "yes"
default["redis"]["rdbchecksum"] = "yes"
default["redis"]["dbfilename"] = "dump.rdb"
default["redis"]["dir"] = "/var/lib/redis"
default["redis"]["slaveof"] = ""
default["redis"]["masterauth"] = ""
default["redis"]["slave_serve_stale_data"] = "yes"
default["redis"]["slave_read_only"] = "yes"
default["redis"]["repl_ping_slave_period"] = 10
default["redis"]["repl_timeout"] = 60
default["redis"]["slave_priority"] = 100
default["redis"]["requirepass"] = ""
default["redis"]["rename_commands"] = []
default["redis"]["maxclients"] = 128
default["redis"]["maxmemory"] = "64mb"
default["redis"]["maxmemory_policy"] = "volatile-lru"
default["redis"]["maxmemory_samples"] = 3
default["redis"]["appendonly"] = "no"
default["redis"]["appendfilename"] = "appendonly.aof"
default["redis"]["appendfsync"] = "everysec"
default["redis"]["no_appendfsync_on_rewrite"] = "no"
default["redis"]["auto_aof_rewrite_percentage"] = 100
default["redis"]["auto_aof_rewrite_min_size"] = "64mb"
default["redis"]["lua_time_limit"] = 5000
default["redis"]["slowlog_log_slower_than"] = 10_000
default["redis"]["slowlog_max_len"] = 1024
default["redis"]["hash_max_ziplist_entries"] = 512
default["redis"]["hash_max_ziplist_value"] = 64
default["redis"]["list_max_ziplist_entries"] = 512
default["redis"]["list_max_ziplist_value"] = 64
default["redis"]["set_max_intset_entries"] = 512
default["redis"]["zset_max_ziplist_entries"] = 128
default["redis"]["zset_max_ziplist_value"] = 64
default["redis"]["activerehashing"] = "yes"
default["redis"]["client_output_buffer_limit"] = {
"normal" => "0 0 0",
"slave" => "256mb 64mb 60",
"pubsub" => "32mb 8mb 60"
}
default["redis"]["include_config_files"] = []
default["redis"]["ulimit"] = ""
default["redis"]["auto_upgrade"] = false

11
cookbooks/redis/config/license_finder.yml
View File

@ -1,11 +0,0 @@
---
whitelist:
- Apache 2.0
- Apache v2
- BSD
- BSD-3
- ISC
- MIT
- Ruby
dependencies_file_dir: doc/license_finder
project_name: chef-redis

105
cookbooks/redis/doc/license_finder/dependencies.csv
View File

@ -1,105 +0,0 @@
addressable, 2.3.6, Apache 2.0
ast, 2.0.0, MIT
astrolabe, 1.3.0, MIT
berkshelf, 3.2.1, Apache 2.0
berkshelf-api-client, 1.2.0, Apache 2.0
buff-config, 1.0.1, Apache 2.0
buff-extensions, 1.0.0, Apache 2.0
buff-ignore, 1.1.1, Apache 2.0
buff-ruby_engine, 0.1.0, Apache 2.0
buff-shell_out, 0.2.0, Apache 2.0
bundler, 1.7.6, MIT
busser, 0.6.0, Apache 2.0
busser-serverspec, 0.5.3, Apache 2.0
celluloid, 0.16.0, MIT
celluloid-io, 0.16.1, MIT
chef, 11.16.4, Apache 2.0
chef-zero, 2.2.1, Apache 2.0
chefspec, 4.1.1, MIT
cleanroom, 1.0.0, Apache 2.0
coderay, 1.1.0, MIT
dep-selector-libgecode, 1.0.2, MIT, Apache 2.0
dep_selector, 1.0.3, Apache v2
diff-lcs, 1.2.5, MIT, Perl Artistic v2, GNU GPL v2
erubis, 2.7.0, MIT
faraday, 0.9.0, MIT
fauxhai, 2.2.0, MIT
ffi, 1.9.6, BSD
ffi-yajl, 1.3.0, Apache 2.0
foodcritic, 4.0.0, MIT
formatador, 0.2.5, MIT
gherkin, 2.12.2, MIT
guard, 2.8.2, MIT
guard-rspec, 4.3.1, MIT
hashie, 2.1.2, MIT
highline, 1.6.21, ruby
hitimes, 1.2.2, ISC
httparty, 0.13.3, MIT
ipaddress, 0.8.0, MIT
json, 1.8.1, ruby
kitchen-vagrant, 0.15.0, Apache 2.0
libyajl2, 1.2.0, Apache 2.0
license_finder, 1.2, MIT
listen, 2.8.0, MIT
lumberjack, 1.0.9, MIT
method_source, 0.8.2, MIT
mime-types, 1.25.1, MIT, Artistic 2.0, GPL-2
mini_portile, 0.6.1, MIT
minitar, 0.5.4, ruby
mixlib-authentication, 1.3.0, Apache 2.0
mixlib-cli, 1.5.0, Apache 2.0
mixlib-config, 2.1.0, Apache 2.0
mixlib-log, 1.6.0, Apache 2.0
mixlib-shellout, 1.6.0, Apache 2.0
multi_json, 1.10.1, MIT
multi_xml, 0.5.5, MIT
multipart-post, 2.0.0, MIT
net-http-persistent, 2.9.4, MIT
net-scp, 1.2.1, MIT
net-ssh, 2.9.1, MIT
net-ssh-gateway, 1.2.0, MIT
net-ssh-multi, 1.2.0, MIT
nio4r, 1.0.1, MIT
nokogiri, 1.6.4.1, MIT
octokit, 3.5.2, MIT
ohai, 7.4.0, Apache 2.0
parser, 2.2.0.pre.8, MIT
plist, 3.1.0, MIT
polyglot, 0.3.5, MIT
powerpack, 0.0.9, MIT
pry, 0.10.1, MIT
rack, 1.5.2, MIT
rainbow, 2.0.0, MIT
rake, 10.3.2, MIT
rb-fsevent, 0.9.4, MIT
rb-inotify, 0.9.5, MIT
rest-client, 1.6.7, MIT
retryable, 1.3.6, MIT
ridley, 4.1.0, Apache 2.0
rspec, 3.1.0, MIT
rspec-core, 3.1.7, MIT
rspec-expectations, 3.1.2, MIT
rspec-its, 1.1.0, MIT
rspec-mocks, 3.1.3, MIT
rspec-support, 3.1.2, MIT
rubocop, 0.27.1, MIT
ruby-progressbar, 1.7.0, MIT
rufus-lru, 1.0.5, MIT
safe_yaml, 1.0.4, MIT
sawyer, 0.5.5, MIT
semverse, 1.2.1, Apache 2.0
sequel, 4.16.0, MIT
serverspec, 2.3.1, MIT
slop, 3.6.0, MIT
solve, 1.2.1, Apache 2.0
specinfra, 2.5.0, MIT
sqlite3, 1.3.10, New BSD
systemu, 2.6.4, ruby
test-kitchen, 1.2.1, Apache 2.0
thor, 0.19.1, MIT
timers, 4.0.1, MIT
treetop, 1.5.3, MIT
varia_model, 0.4.0, Apache 2.0
wmi-lite, 1.0.0, Apache 2.0
xml-simple, 1.1.4, ruby
yajl-ruby, 1.2.1, MIT
Can't render this file because it has a wrong number of fields in line 21.

BIN
cookbooks/redis/doc/license_finder/dependencies.db
View File

Binary file not shown.

2509
cookbooks/redis/doc/license_finder/dependencies.html
View File

File diff suppressed because one or more lines are too long

991
cookbooks/redis/doc/license_finder/dependencies.md
View File

@ -1,991 +0,0 @@
# chef-redis
As of November 22, 2014 9:37pm. 105 total
## Summary
* 65 MIT
* 28 Apache 2.0
* 5 ruby
* 1 Apache 2.0, MIT
* 1 BSD
* 1 Apache v2
* 1 ISC
* 1 Artistic 2.0, GPL-2, MIT
* 1 GNU GPL v2, MIT, Perl Artistic v2
* 1 New BSD
## Items
<a name="addressable"></a>
### <a href="http://addressable.rubyforge.org/">addressable</a> v2.3.6
#### URI Implementation
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Addressable is a replacement for the URI implementation that is part of
Ruby's standard library. It more closely conforms to the relevant RFCs and
adds support for IRIs and URI templates.
<a name="ast"></a>
### <a href="https://whitequark.github.io/ast/">ast</a> v2.0.0
#### A library for working with Abstract Syntax Trees.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A library for working with Abstract Syntax Trees.
<a name="astrolabe"></a>
### <a href="https://github.com/yujinakayama/astrolabe">astrolabe</a> v1.3.0
#### An object-oriented AST extension for Parser
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
An object-oriented AST extension for Parser
<a name="berkshelf"></a>
### <a href="http://berkshelf.com">berkshelf</a> v3.2.1 (default)
#### Manages a Cookbook's, or an Application's, Cookbook dependencies
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Manages a Cookbook's, or an Application's, Cookbook dependencies
<a name="berkshelf-api-client"></a>
### <a href="http://berkshelf.com">berkshelf-api-client</a> v1.2.0
#### API Client for communicating with a Berkshelf API server
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
API Client for communicating with a Berkshelf API server
<a name="buff-config"></a>
### <a href="https://github.com/RiotGames/buff-config">buff-config</a> v1.0.1
#### A simple configuration class
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A simple configuration class
<a name="buff-extensions"></a>
### <a href="https://github.com/RiotGames/buff-extensions">buff-extensions</a> v1.0.0
#### Extensions to Core Ruby classes
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Extensions to Core Ruby classes
<a name="buff-ignore"></a>
### <a href="https://github.com/sethvargo/buff-ignore">buff-ignore</a> v1.1.1
#### A Ruby library for parsing lists of files and applying pattern matching exclusion (such as .gitignore)
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Parse ignore files with Ruby
<a name="buff-ruby_engine"></a>
### <a href="https://github.com/RiotGames/buff-ruby_engine">buff-ruby_engine</a> v0.1.0
#### Buff up your code with a mixin for querying the platform running Ruby
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A mixin for querying the platform running Ruby
<a name="buff-shell_out"></a>
### <a href="https://github.com/RiotGames/buff-shell_out">buff-shell_out</a> v0.2.0
#### Buff up your code with a mixin for issuing shell commands and collecting the output
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A mixin for issuing shell commands and collecting the output
<a name="bundler"></a>
### bundler v1.7.6
####
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
<a name="busser"></a>
### <a href="https://github.com/fnichol/busser">busser</a> v0.6.0
#### Kitchen Busser - Runs tests for projects in test-kitchen
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Kitchen Busser - Runs tests for projects in test-kitchen
<a name="busser-serverspec"></a>
### <a href="https://github.com/test-kitchen/busser-serverspec">busser-serverspec</a> v0.5.3 (integration)
#### A Busser runner plugin for Serverspec
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A Busser runner plugin for Serverspec
<a name="celluloid"></a>
### <a href="https://github.com/celluloid/celluloid">celluloid</a> v0.16.0
#### Actor-based concurrent object framework for Ruby
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Celluloid enables people to build concurrent programs out of concurrent objects just as easily as they build sequential programs out of sequential objects
<a name="celluloid-io"></a>
### <a href="http://github.com/celluloid/celluloid-io">celluloid-io</a> v0.16.1
#### Celluloid::IO allows you to monitor multiple IO objects within a Celluloid actor
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Evented IO for Celluloid actors
<a name="chef"></a>
### <a href="http://wiki.opscode.com/display/chef">chef</a> v11.16.4 (default)
#### A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.
<a name="chef-zero"></a>
### <a href="http://www.opscode.com">chef-zero</a> v2.2.1
#### Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes
<a name="chefspec"></a>
### <a href="http://code.sethvargo.com/chefspec">chefspec</a> v4.1.1 (default)
#### Write RSpec examples and generate coverage reports for Chef recipes!
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
ChefSpec is a unit testing and resource coverage (code coverage) framework for testing Chef cookbooks ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.
<a name="cleanroom"></a>
### <a href="https://github.com/sethvargo/cleanroom">cleanroom</a> v1.0.0
#### (More) safely evaluate Ruby DSLs with cleanroom
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!
<a name="coderay"></a>
### <a href="http://coderay.rubychan.de">coderay</a> v1.1.0
#### Fast syntax highlighting for selected languages.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Fast and easy syntax highlighting for selected languages, written in Ruby. Comes with RedCloth integration and LOC counter.
<a name="dep-selector-libgecode"></a>
### dep-selector-libgecode v1.0.2
#### Installs a vendored copy of Gecode suitable for use with dep-selector
<a href="http://opensource.org/licenses/mit-license">MIT</a>, <a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Installs a vendored copy of Gecode suitable for use with dep-selector
<a name="dep_selector"></a>
### <a href="http://github.com/opscode/dep-selector">dep_selector</a> v1.0.3
#### Given packages, versions, and a dependency graph, find a valid assignment of package versions
Apache v2 whitelisted
Given packages, versions, and a dependency graph, find a valid assignment of package versions
<a name="diff-lcs"></a>
### <a href="http://diff-lcs.rubyforge.org/">diff-lcs</a> v1.2.5
#### Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm
<a href="http://opensource.org/licenses/mit-license">MIT</a>, Perl Artistic v2, GNU GPL v2 whitelisted
Diff::LCS computes the difference between two Enumerable sequences using the
McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities
to create a simple HTML diff output format and a standard diff-like tool.
This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did
not properly prune common sequences at the beginning of a comparison set.
Thanks to Paul Kunysch for fixing this issue.
Coincident with the release of diff-lcs 1.2.3, we reported an issue with
Rubinius in 1.9 mode
({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]).
We are happy to report that this issue has been resolved.
<a name="erubis"></a>
### <a href="http://www.kuwata-lab.com/erubis/">erubis</a> v2.7.0
#### a fast and extensible eRuby implementation which supports multi-language
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Erubis is an implementation of eRuby and has the following features:
* Very fast, almost three times faster than ERB and about 10% faster than eruby.
* Multi-language support (Ruby/PHP/C/Java/Scheme/Perl/Javascript)
* Auto escaping support
* Auto trimming spaces around '<% %>'
* Embedded pattern changeable (default '<% %>')
* Enable to handle Processing Instructions (PI) as embedded pattern (ex. '<?rb ... ?>')
* Context object available and easy to combine eRuby template with YAML datafile
* Print statement available
* Easy to extend and customize in subclass
* Ruby on Rails support
<a name="faraday"></a>
### <a href="https://github.com/lostisland/faraday">faraday</a> v0.9.0
#### HTTP/REST API client library.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
<a name="fauxhai"></a>
### <a href="https://github.com/customink/fauxhai">fauxhai</a> v2.2.0
#### Fauxhai provides an easy way to mock out your ohai data for testing with chefspec!
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Easily mock out ohai data
<a name="ffi"></a>
### <a href="http://wiki.github.com/ffi/ffi">ffi</a> v1.9.6
#### Ruby FFI
<a href="http://en.wikipedia.org/wiki/BSD_licenses#4-clause_license_.28original_.22BSD_License.22.29">BSD</a> whitelisted
Ruby FFI library
<a name="ffi-yajl"></a>
### <a href="http://github.com/opscode/ffi-yajl">ffi-yajl</a> v1.3.0
#### Ruby FFI wrapper around YAJL 2.x
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Ruby FFI wrapper around YAJL 2.x
<a name="foodcritic"></a>
### <a href="http://foodcritic.io">foodcritic</a> v4.0.0 (default)
#### foodcritic-4.0.0
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Lint tool for Opscode Chef cookbooks.
<a name="formatador"></a>
### <a href="http://github.com/geemus/formatador">formatador</a> v0.2.5
#### Ruby STDOUT text formatting
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
STDOUT text formatting
<a name="gherkin"></a>
### <a href="http://github.com/cucumber/gherkin">gherkin</a> v2.12.2
#### gherkin-2.12.2
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A fast Gherkin lexer/parser based on the Ragel State Machine Compiler.
<a name="guard"></a>
### <a href="http://guardgem.org">guard</a> v2.8.2
#### Guard keeps an eye on your file modifications
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Guard is a command line tool to easily handle events on file system modifications.
<a name="guard-rspec"></a>
### <a href="https://rubygems.org/gems/guard-rspec">guard-rspec</a> v4.3.1 (integration)
#### Guard gem for RSpec
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Guard::RSpec automatically run your specs (much like autotest).
<a name="hashie"></a>
### <a href="https://github.com/intridea/hashie">hashie</a> v2.1.2
#### Your friendly neighborhood hash library.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Hashie is a collection of classes and mixins that make hashes more powerful.
<a name="highline"></a>
### <a href="http://highline.rubyforge.org">highline</a> v1.6.21
#### HighLine is a high-level command-line IO library.
<a href="http://www.ruby-lang.org/en/LICENSE.txt">ruby</a> whitelisted
A high-level IO library that provides validation, type conversion, and more for
command-line interfaces. HighLine also includes a complete menu system that can
crank out anything from simple list selection to complete shells with just
minutes of work.
<a name="hitimes"></a>
### <a href="http://github.com/copiousfreetime/hitimes">hitimes</a> v1.2.2
#### Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible.
<a href="http://en.wikipedia.org/wiki/ISC_license">ISC</a> whitelisted
Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. It currently supports any of the following systems: * any system with the POSIX call `clock_gettime()` * Mac OS X * Windows * JRuby Using Hitimes can be faster than using a series of `Time.new` calls, and it will have a much higher granularity. It is definitely faster than using `Process.times`.
<a name="httparty"></a>
### <a href="http://jnunemaker.github.com/httparty">httparty</a> v0.13.3
#### Makes http fun! Also, makes consuming restful web services dead easy.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Makes http fun! Also, makes consuming restful web services dead easy.
<a name="ipaddress"></a>
### <a href="http://github.com/bluemonk/ipaddress">ipaddress</a> v0.8.0
#### IPv4/IPv6 addresses manipulation library
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
IPAddress is a Ruby library designed to make manipulation
of IPv4 and IPv6 addresses both powerful and simple. It mantains
a layer of compatibility with Ruby's own IPAddr, while
addressing many of its issues.
<a name="json"></a>
### json v1.8.1
#### This json is bundled with Ruby
<a href="http://www.ruby-lang.org/en/LICENSE.txt">ruby</a> whitelisted
<a name="kitchen-vagrant"></a>
### <a href="https://github.com/test-kitchen/kitchen-vagrant/">kitchen-vagrant</a> v0.15.0 (integration)
#### Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.
<a name="libyajl2"></a>
### <a href="https://github.com/opscode/libyajl2-gem">libyajl2</a> v1.2.0
#### Installs a vendored copy of libyajl2 for distributions which lack it
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Installs a vendored copy of libyajl2 for distributions which lack it
<a name="license_finder"></a>
### <a href="https://github.com/pivotal/LicenseFinder">license_finder</a> v1.2 (default)
#### Audit the OSS licenses of your application's dependencies.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
LicenseFinder works with your package managers to find
dependencies, detect the licenses of the packages in them, compare
those licenses against a user-defined whitelist, and give you an
actionable exception report.
<a name="listen"></a>
### <a href="https://github.com/guard/listen">listen</a> v2.8.0
#### Listen to file modifications
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
The Listen gem listens to file modifications and notifies you about the changes. Works everywhere!
<a name="lumberjack"></a>
### <a href="http://github.com/bdurand/lumberjack">lumberjack</a> v1.0.9
#### A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. Provides support for automatically rolling log files even with multiple processes writing the same log file.
<a name="method_source"></a>
### <a href="http://banisterfiend.wordpress.com">method_source</a> v0.8.2
#### retrieve the sourcecode for a method
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
retrieve the sourcecode for a method
<a name="mime-types"></a>
### <a href="http://mime-types.rubyforge.org/">mime-types</a> v1.25.1
#### This library allows for the identification of a file's likely MIME content type
<a href="http://opensource.org/licenses/mit-license">MIT</a>, Artistic 2.0, GPL-2 whitelisted
This library allows for the identification of a file's likely MIME content
type. This is release 1.25.1, fixing an issue with priority comparison for
mime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or
later.
Release 1.25.1 contains all features of 1.25, including the experimental
caching and lazy loading functionality. The caching and lazy loading features
were initially implemented by Greg Brockman (gdb). As these features are
experimental, they are disabled by default and must be enabled through the use
of environment variables. The cache is invalidated on a per-version basis; the
cache for version 1.25 will not be reused for any later version.
To use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+
to any value other than 'false'. When using lazy loading, the initial startup
of MIME::Types is around 1225× faster than normal startup (on my system,
normal startup is about 90 ms; lazy startup is about 4 ms). This isn't
generally useful, however, as the MIME::Types database has not been loaded.
Lazy startup and load is just *slightly* faster—around 1 ms. The real advantage
comes from using the cache.
To enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a
filename where MIME::Types will have read-write access. The first time a new
version of MIME::Types is run using this file, it will be created, taking a
little longer than normal. Subsequent loads using the same cache file will be
approximately 3½× faster (25 ms) than normal loads. This can be combined with
+RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded
or multiprocess environment where all threads or processes will be using the
same cache file.
As the caching interface is still experimental, the only values cached are the
default MIME::Types database, not any custom MIME::Types added by users.
MIME types are used in MIME-compliant communications, as in e-mail or HTTP
traffic, to indicate the type of content which is transmitted. MIME::Types
provides the ability for detailed information about MIME entities (provided as
a set of MIME::Type objects) to be determined and used programmatically. There
are many types defined by RFCs and vendors, so the list is long but not
complete; don't hesitate to ask to add additional information. This library
follows the IANA collection of MIME types (see below for reference).
MIME::Types for Ruby was originally based on MIME::Types for Perl by Mark
Overmeer, copyright 2001 - 2009.
MIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It
tracks the {IANA registry}[http://www.iana.org/assignments/media-types/]
({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types
added from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp]
and added by the users of MIME::Types.
<a name="mini_portile"></a>
### <a href="http://github.com/luislavena/mini_portile">mini_portile</a> v0.6.1
#### Simplistic port-like solution for developers
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Simplistic port-like solution for developers. It provides a standard and simplified way to compile against dependency libraries without messing up your system.
<a name="minitar"></a>
### <a href="http://www.github.com/atoulme/minitar">minitar</a> v0.5.4
#### Provides POSIX tarchive management from Ruby programs.
<a href="http://www.ruby-lang.org/en/LICENSE.txt">ruby</a> whitelisted
Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files. The implementation is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been reorganised to promote reuse in other projects. Antoine Toulme forked the original project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar
<a name="mixlib-authentication"></a>
### <a href="http://www.opscode.com">mixlib-authentication</a> v1.3.0
#### Mixes in simple per-request authentication
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Mixes in simple per-request authentication
<a name="mixlib-cli"></a>
### <a href="http://www.opscode.com">mixlib-cli</a> v1.5.0
#### A simple mixin for CLI interfaces, including option parsing
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A simple mixin for CLI interfaces, including option parsing
<a name="mixlib-config"></a>
### <a href="http://www.opscode.com">mixlib-config</a> v2.1.0
#### A class based configuration library
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A class based configuration library
<a name="mixlib-log"></a>
### <a href="http://www.opscode.com">mixlib-log</a> v1.6.0
#### A gem that provides a simple mixin for log functionality
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
<a name="mixlib-shellout"></a>
### <a href="http://wiki.opscode.com/">mixlib-shellout</a> v1.6.0
#### Run external commands on Unix or Windows
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Run external commands on Unix or Windows
<a name="multi_json"></a>
### <a href="http://github.com/intridea/multi_json">multi_json</a> v1.10.1
#### A common interface to multiple JSON libraries.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A common interface to multiple JSON libraries, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, NSJSONSerialization, gson.rb, JrJackson, and OkJson.
<a name="multi_xml"></a>
### <a href="https://github.com/sferik/multi_xml">multi_xml</a> v0.5.5
#### A generic swappable back-end for XML parsing
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Provides swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML.
<a name="multipart-post"></a>
### <a href="https://github.com/nicksieger/multipart-post">multipart-post</a> v2.0.0
#### A multipart form post accessory for Net::HTTP.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Use with Net::HTTP to do multipart form posts. IO values that have #content_type, #original_filename, and #local_path will be posted as a binary file.
<a name="net-http-persistent"></a>
### <a href="http://docs.seattlerb.org/net-http-persistent">net-http-persistent</a> v2.9.4
#### Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8.
It's thread-safe too!
Using persistent HTTP connections can dramatically increase the speed of HTTP.
Creating a new HTTP connection for every request involves an extra TCP
round-trip and causes TCP congestion avoidance negotiation to start over.
Net::HTTP supports persistent connections with some API methods but does not
handle reconnection gracefully. Net::HTTP::Persistent supports reconnection
and retry according to RFC 2616.
<a name="net-scp"></a>
### <a href="https://github.com/net-ssh/net-scp">net-scp</a> v1.2.1
#### A pure Ruby implementation of the SCP client protocol
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A pure Ruby implementation of the SCP client protocol
<a name="net-ssh"></a>
### <a href="https://github.com/net-ssh/net-ssh">net-ssh</a> v2.9.1
#### Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.
<a name="net-ssh-gateway"></a>
### <a href="https://github.com/net-ssh/net-scp">net-ssh-gateway</a> v1.2.0
#### A simple library to assist in establishing tunneled Net::SSH connections
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A simple library to assist in establishing tunneled Net::SSH connections
<a name="net-ssh-multi"></a>
### <a href="https://github.com/net-ssh/net-scp">net-ssh-multi</a> v1.2.0
#### Control multiple Net::SSH connections via a single interface.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Control multiple Net::SSH connections via a single interface.
<a name="nio4r"></a>
### <a href="https://github.com/celluloid/nio4r">nio4r</a> v1.0.1
#### NIO provides a high performance selector API for monitoring IO objects
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
New IO for Ruby
<a name="nokogiri"></a>
### <a href="http://nokogiri.org">nokogiri</a> v1.6.4.1
#### Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's
many features is the ability to search documents via XPath or CSS3 selectors.
XML is like violence - if it doesnt solve your problems, you are not using
enough of it.
<a name="octokit"></a>
### <a href="https://github.com/octokit/octokit.rb">octokit</a> v3.5.2
#### Ruby toolkit for working with the GitHub API
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Simple wrapper for the GitHub API
<a name="ohai"></a>
### <a href="http://wiki.opscode.com/display/chef/Ohai">ohai</a> v7.4.0
#### Ohai profiles your system and emits JSON
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Ohai profiles your system and emits JSON
<a name="parser"></a>
### <a href="http://github.com/whitequark/parser">parser</a> v2.2.0.pre.8
#### A Ruby parser written in pure Ruby.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A Ruby parser written in pure Ruby.
<a name="plist"></a>
### <a href="http://plist.rubyforge.org">plist</a> v3.1.0
#### All-purpose Property List manipulation library.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Plist is a library to manipulate Property List files, also known as plists. It can parse plist files into native Ruby data structures as well as generating new plist files from your Ruby objects.
<a name="polyglot"></a>
### <a href="http://github.com/cjheath/polyglot">polyglot</a> v0.3.5
#### Augment 'require' to load non-Ruby file types
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
The Polyglot library allows a Ruby module to register a loader
for the file type associated with a filename extension, and it
augments 'require' to find and load matching files.
<a name="powerpack"></a>
### <a href="https://github.com/bbatsov/powerpack">powerpack</a> v0.0.9
#### A few useful extensions to core Ruby classes.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A few useful extensions to core Ruby classes.
<a name="pry"></a>
### <a href="http://pryrepl.org">pry</a> v0.10.1
#### An IRB alternative and runtime developer console
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
An IRB alternative and runtime developer console
<a name="rack"></a>
### <a href="http://rack.github.com/">rack</a> v1.5.2
#### a modular Ruby webserver interface
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
Also see http://rack.github.com/.
<a name="rainbow"></a>
### <a href="https://github.com/sickill/rainbow">rainbow</a> v2.0.0
#### Colorize printed text on ANSI terminals
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Colorize printed text on ANSI terminals
<a name="rake"></a>
### <a href="https://github.com/jimweirich/rake">rake</a> v10.3.2 (default)
#### Rake is a Make-like program implemented in Ruby
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Rake is a Make-like program implemented in Ruby. Tasks and dependencies are
specified in standard Ruby syntax.
Rake has the following features:
* Rakefiles (rake's version of Makefiles) are completely defined in
standard Ruby syntax. No XML files to edit. No quirky Makefile
syntax to worry about (is that a tab or a space?)
* Users can specify tasks with prerequisites.
* Rake supports rule patterns to synthesize implicit tasks.
* Flexible FileLists that act like arrays but know about manipulating
file names and paths.
* A library of prepackaged tasks to make building rakefiles easier. For example,
tasks for building tarballs and publishing to FTP or SSH sites. (Formerly
tasks for building RDoc and Gems were included in rake but they're now
available in RDoc and RubyGems respectively.)
* Supports parallel execution of tasks.
<a name="rb-fsevent"></a>
### <a href="http://rubygems.org/gems/rb-fsevent">rb-fsevent</a> v0.9.4
#### Very simple & usable FSEvents API
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
FSEvents API with Signals catching (without RubyCocoa)
<a name="rb-inotify"></a>
### <a href="http://github.com/nex3/rb-inotify">rb-inotify</a> v0.9.5
#### A Ruby wrapper for Linux's inotify, using FFI
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A Ruby wrapper for Linux's inotify, using FFI
<a name="rest-client"></a>
### <a href="http://github.com/archiloque/rest-client">rest-client</a> v1.6.7
#### Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete.
<a name="retryable"></a>
### <a href="http://github.com/nfedyashev/retryable">retryable</a> v1.3.6
#### Kernel#retryable, allow for retrying of code blocks.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Kernel#retryable, allow for retrying of code blocks.
<a name="ridley"></a>
### <a href="https://github.com/RiotGames/ridley">ridley</a> v4.1.0
#### A reliable Chef API client with a clean syntax
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A reliable Chef API client with a clean syntax
<a name="rspec"></a>
### <a href="http://github.com/rspec">rspec</a> v3.1.0
#### rspec-3.1.0
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
BDD for Ruby
<a name="rspec-core"></a>
### <a href="http://github.com/rspec/rspec-core">rspec-core</a> v3.1.7
#### rspec-core-3.1.7
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
BDD for Ruby. RSpec runner and example groups.
<a name="rspec-expectations"></a>
### <a href="http://github.com/rspec/rspec-expectations">rspec-expectations</a> v3.1.2
#### rspec-expectations-3.1.2
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
rspec-expectations provides a simple, readable API to express expected outcomes of a code example.
<a name="rspec-its"></a>
### <a href="https://github.com/rspec/rspec-its">rspec-its</a> v1.1.0
#### Provides "its" method formally part of rspec-core
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
RSpec extension gem for attribute matching
<a name="rspec-mocks"></a>
### <a href="http://github.com/rspec/rspec-mocks">rspec-mocks</a> v3.1.3
#### rspec-mocks-3.1.3
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
RSpec's 'test double' framework, with support for stubbing and mocking
<a name="rspec-support"></a>
### <a href="https://github.com/rspec/rspec-support">rspec-support</a> v3.1.2
#### rspec-support-3.1.2
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Support utilities for RSpec gems
<a name="rubocop"></a>
### <a href="http://github.com/bbatsov/rubocop">rubocop</a> v0.27.1 (default)
#### Automatic Ruby code style checking tool.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Automatic Ruby code style checking tool.
Aims to enforce the community-driven Ruby Style Guide.
<a name="ruby-progressbar"></a>
### <a href="https://github.com/jfelchner/ruby-progressbar">ruby-progressbar</a> v1.7.0
#### Ruby/ProgressBar is a flexible text progress bar library for Ruby.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Ruby/ProgressBar is an extremely flexible text progress bar library for Ruby.
The output can be customized with a flexible formatting system including:
percentage, bars of various formats, elapsed time and estimated time remaining.
<a name="rufus-lru"></a>
### <a href="http://github.com/jmettraux/rufus-lru">rufus-lru</a> v1.0.5
#### A Hash with a max size, controlled by a LRU mechanism
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
LruHash class, a Hash with a max size, controlled by a LRU mechanism
<a name="safe_yaml"></a>
### <a href="https://github.com/dtao/safe_yaml">safe_yaml</a> v1.0.4
#### SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Parse YAML safely
<a name="sawyer"></a>
### <a href="https://github.com/lostisland/sawyer">sawyer</a> v0.5.5
#### Secret User Agent of HTTP
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
<a name="semverse"></a>
### <a href="https://github.com/berkshelf/semverse">semverse</a> v1.2.1
#### An elegant library for representing and comparing SemVer versions and constraints
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
An elegant library for representing and comparing SemVer versions and constraints
<a name="sequel"></a>
### <a href="http://sequel.jeremyevans.net">sequel</a> v4.16.0
#### The Database Toolkit for Ruby
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
The Database Toolkit for Ruby
<a name="serverspec"></a>
### <a href="http://serverspec.org/">serverspec</a> v2.3.1 (default)
#### RSpec tests for your servers configured by Puppet, Chef or anything else
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
RSpec tests for your servers configured by Puppet, Chef or anything else
<a name="slop"></a>
### <a href="http://github.com/leejarvis/slop">slop</a> v3.6.0
#### Simple Lightweight Option Parsing
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
A simple DSL for gathering options and parsing the command line
<a name="solve"></a>
### <a href="https://github.com/berkshelf/solve">solve</a> v1.2.1
#### A Ruby version constraint solver implementing Semantic Versioning 2.0.0-rc.1
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A Ruby version constraint solver
<a name="specinfra"></a>
### specinfra v2.5.0
#### Common layer for serverspec and itamae
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Common layer for serverspec and itamae
<a name="sqlite3"></a>
### <a href="https://github.com/sparklemotion/sqlite3-ruby">sqlite3</a> v1.3.10
#### This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org)
<a href="http://opensource.org/licenses/BSD-3-Clause">New BSD</a> whitelisted
This module allows Ruby programs to interface with the SQLite3
database engine (http://www.sqlite.org). You must have the
SQLite engine installed in order to build this module.
Note that this module is only compatible with SQLite 3.6.16 or newer.
<a name="systemu"></a>
### <a href="https://github.com/ahoward/systemu">systemu</a> v2.6.4
#### systemu
<a href="http://www.ruby-lang.org/en/LICENSE.txt">ruby</a> whitelisted
universal capture of stdout and stderr and handling of child process pid for windows, *nix, etc.
<a name="test-kitchen"></a>
### <a href="http://kitchen.ci">test-kitchen</a> v1.2.1 (integration)
#### Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.
<a name="thor"></a>
### <a href="http://whatisthor.com/">thor</a> v0.19.1
#### Thor is a toolkit for building powerful command-line interfaces.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Thor is a toolkit for building powerful command-line interfaces.
<a name="timers"></a>
### <a href="https://github.com/celluloid/timers">timers</a> v4.0.1
#### Schedule procs to run after a certain time, or at periodic intervals, using any API that accepts a timeout
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
Pure Ruby one-shot and periodic timers
<a name="treetop"></a>
### <a href="https://github.com/cjheath/treetop">treetop</a> v1.5.3
#### A Ruby-based text parsing and interpretation DSL
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted
<a name="varia_model"></a>
### <a href="https://github.com/RiotGames/varia_model">varia_model</a> v0.4.0
#### A mixin to provide objects with magic attribute reading and writing
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A mixin to provide objects with magic attribute reading and writing
<a name="wmi-lite"></a>
### <a href="https://github.com/opscode/wmi-lite">wmi-lite</a> v1.0.0
#### A lightweight utility library for accessing basic WMI (Windows Management Instrumentation) functionality on Windows
<a href="http://www.apache.org/licenses/LICENSE-2.0.txt">Apache 2.0</a> whitelisted
A lightweight utility over win32ole for accessing basic WMI (Windows Management Instrumentation) functionality in the Microsoft Windows operating system. It has no runtime dependencies other than Ruby, so it can be used without concerns around dependency issues.
<a name="xml-simple"></a>
### <a href="https://github.com/maik/xml-simple">xml-simple</a> v1.1.4
#### A simple API for XML processing.
<a href="http://www.ruby-lang.org/en/LICENSE.txt">ruby</a> whitelisted
<a name="yajl-ruby"></a>
### <a href="http://github.com/brianmario/yajl-ruby">yajl-ruby</a> v1.2.1
#### Ruby C bindings to the excellent Yajl JSON stream-based parser library.
<a href="http://opensource.org/licenses/mit-license">MIT</a> whitelisted

234
cookbooks/redis/doc/license_finder/dependencies_detailed.csv
View File

@ -1,234 +0,0 @@
addressable,2.3.6,Apache 2.0,URI Implementation,"Addressable is a replacement for the URI implementation that is part of
Ruby's standard library. It more closely conforms to the relevant RFCs and
adds support for IRIs and URI templates."
ast,2.0.0,MIT,A library for working with Abstract Syntax Trees.,A library for working with Abstract Syntax Trees.
astrolabe,1.3.0,MIT,An object-oriented AST extension for Parser,An object-oriented AST extension for Parser
berkshelf,3.2.1,Apache 2.0,"Manages a Cookbook's, or an Application's, Cookbook dependencies","Manages a Cookbook's, or an Application's, Cookbook dependencies"
berkshelf-api-client,1.2.0,Apache 2.0,API Client for communicating with a Berkshelf API server,API Client for communicating with a Berkshelf API server
buff-config,1.0.1,Apache 2.0,A simple configuration class,A simple configuration class
buff-extensions,1.0.0,Apache 2.0,Extensions to Core Ruby classes,Extensions to Core Ruby classes
buff-ignore,1.1.1,Apache 2.0,A Ruby library for parsing lists of files and applying pattern matching exclusion (such as .gitignore),Parse ignore files with Ruby
buff-ruby_engine,0.1.0,Apache 2.0,Buff up your code with a mixin for querying the platform running Ruby,A mixin for querying the platform running Ruby
buff-shell_out,0.2.0,Apache 2.0,Buff up your code with a mixin for issuing shell commands and collecting the output,A mixin for issuing shell commands and collecting the output
bundler,1.7.6,MIT,"",""
busser,0.6.0,Apache 2.0,Kitchen Busser - Runs tests for projects in test-kitchen,Kitchen Busser - Runs tests for projects in test-kitchen
busser-serverspec,0.5.3,Apache 2.0,A Busser runner plugin for Serverspec,A Busser runner plugin for Serverspec
celluloid,0.16.0,MIT,Actor-based concurrent object framework for Ruby,Celluloid enables people to build concurrent programs out of concurrent objects just as easily as they build sequential programs out of sequential objects
celluloid-io,0.16.1,MIT,Celluloid::IO allows you to monitor multiple IO objects within a Celluloid actor,Evented IO for Celluloid actors
chef,11.16.4,Apache 2.0,"A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.","A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure."
chef-zero,2.2.1,Apache 2.0,"Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes","Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes"
chefspec,4.1.1,MIT,Write RSpec examples and generate coverage reports for Chef recipes!,ChefSpec is a unit testing and resource coverage (code coverage) framework for testing Chef cookbooks ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.
cleanroom,1.0.0,Apache 2.0,(More) safely evaluate Ruby DSLs with cleanroom,"Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!"
coderay,1.1.0,MIT,Fast syntax highlighting for selected languages.,"Fast and easy syntax highlighting for selected languages, written in Ruby. Comes with RedCloth integration and LOC counter."
dep-selector-libgecode,1.0.2,"MIT,Apache 2.0",Installs a vendored copy of Gecode suitable for use with dep-selector,Installs a vendored copy of Gecode suitable for use with dep-selector
dep_selector,1.0.3,Apache v2,"Given packages, versions, and a dependency graph, find a valid assignment of package versions","Given packages, versions, and a dependency graph, find a valid assignment of package versions"
diff-lcs,1.2.5,"MIT,Perl Artistic v2,GNU GPL v2",Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm,"Diff::LCS computes the difference between two Enumerable sequences using the
McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities
to create a simple HTML diff output format and a standard diff-like tool.
This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did
not properly prune common sequences at the beginning of a comparison set.
Thanks to Paul Kunysch for fixing this issue.
Coincident with the release of diff-lcs 1.2.3, we reported an issue with
Rubinius in 1.9 mode
({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]).
We are happy to report that this issue has been resolved."
erubis,2.7.0,MIT,a fast and extensible eRuby implementation which supports multi-language,"Erubis is an implementation of eRuby and has the following features:
* Very fast, almost three times faster than ERB and about 10% faster than eruby.
* Multi-language support (Ruby/PHP/C/Java/Scheme/Perl/Javascript)
* Auto escaping support
* Auto trimming spaces around '<% %>'
* Embedded pattern changeable (default '<% %>')
* Enable to handle Processing Instructions (PI) as embedded pattern (ex. '<?rb ... ?>')
* Context object available and easy to combine eRuby template with YAML datafile
* Print statement available
* Easy to extend and customize in subclass
* Ruby on Rails support"
faraday,0.9.0,MIT,HTTP/REST API client library.,""
fauxhai,2.2.0,MIT,Fauxhai provides an easy way to mock out your ohai data for testing with chefspec!,Easily mock out ohai data
ffi,1.9.6,BSD,Ruby FFI,Ruby FFI library
ffi-yajl,1.3.0,Apache 2.0,Ruby FFI wrapper around YAJL 2.x,Ruby FFI wrapper around YAJL 2.x
foodcritic,4.0.0,MIT,foodcritic-4.0.0,Lint tool for Opscode Chef cookbooks.
formatador,0.2.5,MIT,Ruby STDOUT text formatting,STDOUT text formatting
gherkin,2.12.2,MIT,gherkin-2.12.2,A fast Gherkin lexer/parser based on the Ragel State Machine Compiler.
guard,2.8.2,MIT,Guard keeps an eye on your file modifications,Guard is a command line tool to easily handle events on file system modifications.
guard-rspec,4.3.1,MIT,Guard gem for RSpec,Guard::RSpec automatically run your specs (much like autotest).
hashie,2.1.2,MIT,Your friendly neighborhood hash library.,Hashie is a collection of classes and mixins that make hashes more powerful.
highline,1.6.21,ruby,HighLine is a high-level command-line IO library.,"A high-level IO library that provides validation, type conversion, and more for
command-line interfaces. HighLine also includes a complete menu system that can
crank out anything from simple list selection to complete shells with just
minutes of work."
hitimes,1.2.2,ISC,"Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible.","Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. It currently supports any of the following systems: * any system with the POSIX call `clock_gettime()` * Mac OS X * Windows * JRuby Using Hitimes can be faster than using a series of `Time.new` calls, and it will have a much higher granularity. It is definitely faster than using `Process.times`."
httparty,0.13.3,MIT,"Makes http fun! Also, makes consuming restful web services dead easy.","Makes http fun! Also, makes consuming restful web services dead easy."
ipaddress,0.8.0,MIT,IPv4/IPv6 addresses manipulation library,"IPAddress is a Ruby library designed to make manipulation
of IPv4 and IPv6 addresses both powerful and simple. It mantains
a layer of compatibility with Ruby's own IPAddr, while
addressing many of its issues."
json,1.8.1,ruby,This json is bundled with Ruby,""
kitchen-vagrant,0.15.0,Apache 2.0,Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.,Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.
libyajl2,1.2.0,Apache 2.0,Installs a vendored copy of libyajl2 for distributions which lack it,Installs a vendored copy of libyajl2 for distributions which lack it
license_finder,1.2,MIT,Audit the OSS licenses of your application's dependencies.,"LicenseFinder works with your package managers to find
dependencies, detect the licenses of the packages in them, compare
those licenses against a user-defined whitelist, and give you an
actionable exception report."
listen,2.8.0,MIT,Listen to file modifications,The Listen gem listens to file modifications and notifies you about the changes. Works everywhere!
lumberjack,1.0.9,MIT,"A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger.","A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. Provides support for automatically rolling log files even with multiple processes writing the same log file."
method_source,0.8.2,MIT,retrieve the sourcecode for a method,retrieve the sourcecode for a method
mime-types,1.25.1,"MIT,Artistic 2.0,GPL-2",This library allows for the identification of a file's likely MIME content type,"This library allows for the identification of a file's likely MIME content
type. This is release 1.25.1, fixing an issue with priority comparison for
mime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or
later.
Release 1.25.1 contains all features of 1.25, including the experimental
caching and lazy loading functionality. The caching and lazy loading features
were initially implemented by Greg Brockman (gdb). As these features are
experimental, they are disabled by default and must be enabled through the use
of environment variables. The cache is invalidated on a per-version basis; the
cache for version 1.25 will not be reused for any later version.
To use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+
to any value other than 'false'. When using lazy loading, the initial startup
of MIME::Types is around 1225× faster than normal startup (on my system,
normal startup is about 90 ms; lazy startup is about 4 ms). This isn't
generally useful, however, as the MIME::Types database has not been loaded.
Lazy startup and load is just *slightly* faster—around 1 ms. The real advantage
comes from using the cache.
To enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a
filename where MIME::Types will have read-write access. The first time a new
version of MIME::Types is run using this file, it will be created, taking a
little longer than normal. Subsequent loads using the same cache file will be
approximately 3½× faster (25 ms) than normal loads. This can be combined with
+RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded
or multiprocess environment where all threads or processes will be using the
same cache file.
As the caching interface is still experimental, the only values cached are the
default MIME::Types database, not any custom MIME::Types added by users.
MIME types are used in MIME-compliant communications, as in e-mail or HTTP
traffic, to indicate the type of content which is transmitted. MIME::Types
provides the ability for detailed information about MIME entities (provided as
a set of MIME::Type objects) to be determined and used programmatically. There
are many types defined by RFCs and vendors, so the list is long but not
complete; don't hesitate to ask to add additional information. This library
follows the IANA collection of MIME types (see below for reference).
MIME::Types for Ruby was originally based on MIME::Types for Perl by Mark
Overmeer, copyright 2001 - 2009.
MIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It
tracks the {IANA registry}[http://www.iana.org/assignments/media-types/]
({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types
added from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp]
and added by the users of MIME::Types."
mini_portile,0.6.1,MIT,Simplistic port-like solution for developers,Simplistic port-like solution for developers. It provides a standard and simplified way to compile against dependency libraries without messing up your system.
minitar,0.5.4,ruby,Provides POSIX tarchive management from Ruby programs.,"Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files. The implementation is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been reorganised to promote reuse in other projects. Antoine Toulme forked the original project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar"
mixlib-authentication,1.3.0,Apache 2.0,Mixes in simple per-request authentication,Mixes in simple per-request authentication
mixlib-cli,1.5.0,Apache 2.0,"A simple mixin for CLI interfaces, including option parsing","A simple mixin for CLI interfaces, including option parsing"
mixlib-config,2.1.0,Apache 2.0,A class based configuration library,A class based configuration library
mixlib-log,1.6.0,Apache 2.0,A gem that provides a simple mixin for log functionality,""
mixlib-shellout,1.6.0,Apache 2.0,Run external commands on Unix or Windows,Run external commands on Unix or Windows
multi_json,1.10.1,MIT,A common interface to multiple JSON libraries.,"A common interface to multiple JSON libraries, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, NSJSONSerialization, gson.rb, JrJackson, and OkJson."
multi_xml,0.5.5,MIT,A generic swappable back-end for XML parsing,"Provides swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML."
multipart-post,2.0.0,MIT,A multipart form post accessory for Net::HTTP.,"Use with Net::HTTP to do multipart form posts. IO values that have #content_type, #original_filename, and #local_path will be posted as a binary file."
net-http-persistent,2.9.4,MIT,Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8,"Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8.
It's thread-safe too!
Using persistent HTTP connections can dramatically increase the speed of HTTP.
Creating a new HTTP connection for every request involves an extra TCP
round-trip and causes TCP congestion avoidance negotiation to start over.
Net::HTTP supports persistent connections with some API methods but does not
handle reconnection gracefully. Net::HTTP::Persistent supports reconnection
and retry according to RFC 2616."
net-scp,1.2.1,MIT,A pure Ruby implementation of the SCP client protocol,A pure Ruby implementation of the SCP client protocol
net-ssh,2.9.1,MIT,Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.,"Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
net-ssh-gateway,1.2.0,MIT,A simple library to assist in establishing tunneled Net::SSH connections,A simple library to assist in establishing tunneled Net::SSH connections
net-ssh-multi,1.2.0,MIT,Control multiple Net::SSH connections via a single interface.,Control multiple Net::SSH connections via a single interface.
nio4r,1.0.1,MIT,NIO provides a high performance selector API for monitoring IO objects,New IO for Ruby
nokogiri,1.6.4.1,MIT,"Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser","Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's
many features is the ability to search documents via XPath or CSS3 selectors.
XML is like violence - if it doesnt solve your problems, you are not using
enough of it."
octokit,3.5.2,MIT,Ruby toolkit for working with the GitHub API,Simple wrapper for the GitHub API
ohai,7.4.0,Apache 2.0,Ohai profiles your system and emits JSON,Ohai profiles your system and emits JSON
parser,2.2.0.pre.8,MIT,A Ruby parser written in pure Ruby.,A Ruby parser written in pure Ruby.
plist,3.1.0,MIT,All-purpose Property List manipulation library.,"Plist is a library to manipulate Property List files, also known as plists. It can parse plist files into native Ruby data structures as well as generating new plist files from your Ruby objects."
polyglot,0.3.5,MIT,Augment 'require' to load non-Ruby file types,"The Polyglot library allows a Ruby module to register a loader
for the file type associated with a filename extension, and it
augments 'require' to find and load matching files."
powerpack,0.0.9,MIT,A few useful extensions to core Ruby classes.,A few useful extensions to core Ruby classes.
pry,0.10.1,MIT,An IRB alternative and runtime developer console,An IRB alternative and runtime developer console
rack,1.5.2,MIT,a modular Ruby webserver interface,"Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
Also see http://rack.github.com/."
rainbow,2.0.0,MIT,Colorize printed text on ANSI terminals,Colorize printed text on ANSI terminals
rake,10.3.2,MIT,Rake is a Make-like program implemented in Ruby,"Rake is a Make-like program implemented in Ruby. Tasks and dependencies are
specified in standard Ruby syntax.
Rake has the following features:
* Rakefiles (rake's version of Makefiles) are completely defined in
standard Ruby syntax. No XML files to edit. No quirky Makefile
syntax to worry about (is that a tab or a space?)
* Users can specify tasks with prerequisites.
* Rake supports rule patterns to synthesize implicit tasks.
* Flexible FileLists that act like arrays but know about manipulating
file names and paths.
* A library of prepackaged tasks to make building rakefiles easier. For example,
tasks for building tarballs and publishing to FTP or SSH sites. (Formerly
tasks for building RDoc and Gems were included in rake but they're now
available in RDoc and RubyGems respectively.)
* Supports parallel execution of tasks."
rb-fsevent,0.9.4,MIT,Very simple & usable FSEvents API,FSEvents API with Signals catching (without RubyCocoa)
rb-inotify,0.9.5,MIT,"A Ruby wrapper for Linux's inotify, using FFI","A Ruby wrapper for Linux's inotify, using FFI"
rest-client,1.6.7,MIT,"Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.","A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete."
retryable,1.3.6,MIT,"Kernel#retryable, allow for retrying of code blocks.","Kernel#retryable, allow for retrying of code blocks."
ridley,4.1.0,Apache 2.0,A reliable Chef API client with a clean syntax,A reliable Chef API client with a clean syntax
rspec,3.1.0,MIT,rspec-3.1.0,BDD for Ruby
rspec-core,3.1.7,MIT,rspec-core-3.1.7,BDD for Ruby. RSpec runner and example groups.
rspec-expectations,3.1.2,MIT,rspec-expectations-3.1.2,"rspec-expectations provides a simple, readable API to express expected outcomes of a code example."
rspec-its,1.1.0,MIT,"Provides ""its"" method formally part of rspec-core",RSpec extension gem for attribute matching
rspec-mocks,3.1.3,MIT,rspec-mocks-3.1.3,"RSpec's 'test double' framework, with support for stubbing and mocking"
rspec-support,3.1.2,MIT,rspec-support-3.1.2,Support utilities for RSpec gems
rubocop,0.27.1,MIT,Automatic Ruby code style checking tool.,"Automatic Ruby code style checking tool.
Aims to enforce the community-driven Ruby Style Guide."
ruby-progressbar,1.7.0,MIT,Ruby/ProgressBar is a flexible text progress bar library for Ruby.,"Ruby/ProgressBar is an extremely flexible text progress bar library for Ruby.
The output can be customized with a flexible formatting system including:
percentage, bars of various formats, elapsed time and estimated time remaining."
rufus-lru,1.0.5,MIT,"A Hash with a max size, controlled by a LRU mechanism","LruHash class, a Hash with a max size, controlled by a LRU mechanism"
safe_yaml,1.0.4,MIT,SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.,Parse YAML safely
sawyer,0.5.5,MIT,Secret User Agent of HTTP,""
semverse,1.2.1,Apache 2.0,An elegant library for representing and comparing SemVer versions and constraints,An elegant library for representing and comparing SemVer versions and constraints
sequel,4.16.0,MIT,The Database Toolkit for Ruby,The Database Toolkit for Ruby
serverspec,2.3.1,MIT,"RSpec tests for your servers configured by Puppet, Chef or anything else","RSpec tests for your servers configured by Puppet, Chef or anything else"
slop,3.6.0,MIT,Simple Lightweight Option Parsing,A simple DSL for gathering options and parsing the command line
solve,1.2.1,Apache 2.0,A Ruby version constraint solver implementing Semantic Versioning 2.0.0-rc.1,A Ruby version constraint solver
specinfra,2.5.0,MIT,Common layer for serverspec and itamae,Common layer for serverspec and itamae
sqlite3,1.3.10,New BSD,This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org),"This module allows Ruby programs to interface with the SQLite3
database engine (http://www.sqlite.org). You must have the
SQLite engine installed in order to build this module.
Note that this module is only compatible with SQLite 3.6.16 or newer."
systemu,2.6.4,ruby,systemu,"universal capture of stdout and stderr and handling of child process pid for windows, *nix, etc."
test-kitchen,1.2.1,Apache 2.0,Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.,Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.
thor,0.19.1,MIT,Thor is a toolkit for building powerful command-line interfaces.,Thor is a toolkit for building powerful command-line interfaces.
timers,4.0.1,MIT,"Schedule procs to run after a certain time, or at periodic intervals, using any API that accepts a timeout",Pure Ruby one-shot and periodic timers
treetop,1.5.3,MIT,A Ruby-based text parsing and interpretation DSL,""
varia_model,0.4.0,Apache 2.0,A mixin to provide objects with magic attribute reading and writing,A mixin to provide objects with magic attribute reading and writing
wmi-lite,1.0.0,Apache 2.0,A lightweight utility library for accessing basic WMI (Windows Management Instrumentation) functionality on Windows,"A lightweight utility over win32ole for accessing basic WMI (Windows Management Instrumentation) functionality in the Microsoft Windows operating system. It has no runtime dependencies other than Ruby, so it can be used without concerns around dependency issues."
xml-simple,1.1.4,ruby,A simple API for XML processing.,""
yajl-ruby,1.2.1,MIT,Ruby C bindings to the excellent Yajl JSON stream-based parser library.,""
1 addressable 2.3.6 Apache 2.0 URI Implementation Addressable is a replacement for the URI implementation that is part of Ruby's standard library. It more closely conforms to the relevant RFCs and adds support for IRIs and URI templates.
2 ast 2.0.0 MIT A library for working with Abstract Syntax Trees. A library for working with Abstract Syntax Trees.
3 astrolabe 1.3.0 MIT An object-oriented AST extension for Parser An object-oriented AST extension for Parser
4 berkshelf 3.2.1 Apache 2.0 Manages a Cookbook's, or an Application's, Cookbook dependencies Manages a Cookbook's, or an Application's, Cookbook dependencies
5 berkshelf-api-client 1.2.0 Apache 2.0 API Client for communicating with a Berkshelf API server API Client for communicating with a Berkshelf API server
6 buff-config 1.0.1 Apache 2.0 A simple configuration class A simple configuration class
7 buff-extensions 1.0.0 Apache 2.0 Extensions to Core Ruby classes Extensions to Core Ruby classes
8 buff-ignore 1.1.1 Apache 2.0 A Ruby library for parsing lists of files and applying pattern matching exclusion (such as .gitignore) Parse ignore files with Ruby
9 buff-ruby_engine 0.1.0 Apache 2.0 Buff up your code with a mixin for querying the platform running Ruby A mixin for querying the platform running Ruby
10 buff-shell_out 0.2.0 Apache 2.0 Buff up your code with a mixin for issuing shell commands and collecting the output A mixin for issuing shell commands and collecting the output
11 bundler 1.7.6 MIT
12 busser 0.6.0 Apache 2.0 Kitchen Busser - Runs tests for projects in test-kitchen Kitchen Busser - Runs tests for projects in test-kitchen
13 busser-serverspec 0.5.3 Apache 2.0 A Busser runner plugin for Serverspec A Busser runner plugin for Serverspec
14 celluloid 0.16.0 MIT Actor-based concurrent object framework for Ruby Celluloid enables people to build concurrent programs out of concurrent objects just as easily as they build sequential programs out of sequential objects
15 celluloid-io 0.16.1 MIT Celluloid::IO allows you to monitor multiple IO objects within a Celluloid actor Evented IO for Celluloid actors
16 chef 11.16.4 Apache 2.0 A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure. A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.
17 chef-zero 2.2.1 Apache 2.0 Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes
18 chefspec 4.1.1 MIT Write RSpec examples and generate coverage reports for Chef recipes! ChefSpec is a unit testing and resource coverage (code coverage) framework for testing Chef cookbooks ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.
19 cleanroom 1.0.0 Apache 2.0 (More) safely evaluate Ruby DSLs with cleanroom Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!
20 coderay 1.1.0 MIT Fast syntax highlighting for selected languages. Fast and easy syntax highlighting for selected languages, written in Ruby. Comes with RedCloth integration and LOC counter.
21 dep-selector-libgecode 1.0.2 MIT,Apache 2.0 Installs a vendored copy of Gecode suitable for use with dep-selector Installs a vendored copy of Gecode suitable for use with dep-selector
22 dep_selector 1.0.3 Apache v2 Given packages, versions, and a dependency graph, find a valid assignment of package versions Given packages, versions, and a dependency graph, find a valid assignment of package versions
23 diff-lcs 1.2.5 MIT,Perl Artistic v2,GNU GPL v2 Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities to create a simple HTML diff output format and a standard diff-like tool. This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did not properly prune common sequences at the beginning of a comparison set. Thanks to Paul Kunysch for fixing this issue. Coincident with the release of diff-lcs 1.2.3, we reported an issue with Rubinius in 1.9 mode ({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]). We are happy to report that this issue has been resolved.
24 erubis 2.7.0 MIT a fast and extensible eRuby implementation which supports multi-language Erubis is an implementation of eRuby and has the following features: * Very fast, almost three times faster than ERB and about 10% faster than eruby. * Multi-language support (Ruby/PHP/C/Java/Scheme/Perl/Javascript) * Auto escaping support * Auto trimming spaces around '<% %>' * Embedded pattern changeable (default '<% %>') * Enable to handle Processing Instructions (PI) as embedded pattern (ex. '<?rb ... ?>') * Context object available and easy to combine eRuby template with YAML datafile * Print statement available * Easy to extend and customize in subclass * Ruby on Rails support
25 faraday 0.9.0 MIT HTTP/REST API client library.
26 fauxhai 2.2.0 MIT Fauxhai provides an easy way to mock out your ohai data for testing with chefspec! Easily mock out ohai data
27 ffi 1.9.6 BSD Ruby FFI Ruby FFI library
28 ffi-yajl 1.3.0 Apache 2.0 Ruby FFI wrapper around YAJL 2.x Ruby FFI wrapper around YAJL 2.x
29 foodcritic 4.0.0 MIT foodcritic-4.0.0 Lint tool for Opscode Chef cookbooks.
30 formatador 0.2.5 MIT Ruby STDOUT text formatting STDOUT text formatting
31 gherkin 2.12.2 MIT gherkin-2.12.2 A fast Gherkin lexer/parser based on the Ragel State Machine Compiler.
32 guard 2.8.2 MIT Guard keeps an eye on your file modifications Guard is a command line tool to easily handle events on file system modifications.
33 guard-rspec 4.3.1 MIT Guard gem for RSpec Guard::RSpec automatically run your specs (much like autotest).
34 hashie 2.1.2 MIT Your friendly neighborhood hash library. Hashie is a collection of classes and mixins that make hashes more powerful.
35 highline 1.6.21 ruby HighLine is a high-level command-line IO library. A high-level IO library that provides validation, type conversion, and more for command-line interfaces. HighLine also includes a complete menu system that can crank out anything from simple list selection to complete shells with just minutes of work.
36 hitimes 1.2.2 ISC Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. It currently supports any of the following systems: * any system with the POSIX call `clock_gettime()` * Mac OS X * Windows * JRuby Using Hitimes can be faster than using a series of `Time.new` calls, and it will have a much higher granularity. It is definitely faster than using `Process.times`.
37 httparty 0.13.3 MIT Makes http fun! Also, makes consuming restful web services dead easy. Makes http fun! Also, makes consuming restful web services dead easy.
38 ipaddress 0.8.0 MIT IPv4/IPv6 addresses manipulation library IPAddress is a Ruby library designed to make manipulation of IPv4 and IPv6 addresses both powerful and simple. It mantains a layer of compatibility with Ruby's own IPAddr, while addressing many of its issues.
39 json 1.8.1 ruby This json is bundled with Ruby
40 kitchen-vagrant 0.15.0 Apache 2.0 Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen. Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.
41 libyajl2 1.2.0 Apache 2.0 Installs a vendored copy of libyajl2 for distributions which lack it Installs a vendored copy of libyajl2 for distributions which lack it
42 license_finder 1.2 MIT Audit the OSS licenses of your application's dependencies. LicenseFinder works with your package managers to find dependencies, detect the licenses of the packages in them, compare those licenses against a user-defined whitelist, and give you an actionable exception report.
43 listen 2.8.0 MIT Listen to file modifications The Listen gem listens to file modifications and notifies you about the changes. Works everywhere!
44 lumberjack 1.0.9 MIT A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. Provides support for automatically rolling log files even with multiple processes writing the same log file.
45 method_source 0.8.2 MIT retrieve the sourcecode for a method retrieve the sourcecode for a method
46 mime-types 1.25.1 MIT,Artistic 2.0,GPL-2 This library allows for the identification of a file's likely MIME content type This library allows for the identification of a file's likely MIME content type. This is release 1.25.1, fixing an issue with priority comparison for mime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or later. Release 1.25.1 contains all features of 1.25, including the experimental caching and lazy loading functionality. The caching and lazy loading features were initially implemented by Greg Brockman (gdb). As these features are experimental, they are disabled by default and must be enabled through the use of environment variables. The cache is invalidated on a per-version basis; the cache for version 1.25 will not be reused for any later version. To use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+ to any value other than 'false'. When using lazy loading, the initial startup of MIME::Types is around 12–25× faster than normal startup (on my system, normal startup is about 90 ms; lazy startup is about 4 ms). This isn't generally useful, however, as the MIME::Types database has not been loaded. Lazy startup and load is just *slightly* faster—around 1 ms. The real advantage comes from using the cache. To enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a filename where MIME::Types will have read-write access. The first time a new version of MIME::Types is run using this file, it will be created, taking a little longer than normal. Subsequent loads using the same cache file will be approximately 3½× faster (25 ms) than normal loads. This can be combined with +RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded or multiprocess environment where all threads or processes will be using the same cache file. As the caching interface is still experimental, the only values cached are the default MIME::Types database, not any custom MIME::Types added by users. MIME types are used in MIME-compliant communications, as in e-mail or HTTP traffic, to indicate the type of content which is transmitted. MIME::Types provides the ability for detailed information about MIME entities (provided as a set of MIME::Type objects) to be determined and used programmatically. There are many types defined by RFCs and vendors, so the list is long but not complete; don't hesitate to ask to add additional information. This library follows the IANA collection of MIME types (see below for reference). MIME::Types for Ruby was originally based on MIME::Types for Perl by Mark Overmeer, copyright 2001 - 2009. MIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It tracks the {IANA registry}[http://www.iana.org/assignments/media-types/] ({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types added from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp] and added by the users of MIME::Types.
47 mini_portile 0.6.1 MIT Simplistic port-like solution for developers Simplistic port-like solution for developers. It provides a standard and simplified way to compile against dependency libraries without messing up your system.
48 minitar 0.5.4 ruby Provides POSIX tarchive management from Ruby programs. Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files. The implementation is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been reorganised to promote reuse in other projects. Antoine Toulme forked the original project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar
49 mixlib-authentication 1.3.0 Apache 2.0 Mixes in simple per-request authentication Mixes in simple per-request authentication
50 mixlib-cli 1.5.0 Apache 2.0 A simple mixin for CLI interfaces, including option parsing A simple mixin for CLI interfaces, including option parsing
51 mixlib-config 2.1.0 Apache 2.0 A class based configuration library A class based configuration library
52 mixlib-log 1.6.0 Apache 2.0 A gem that provides a simple mixin for log functionality
53 mixlib-shellout 1.6.0 Apache 2.0 Run external commands on Unix or Windows Run external commands on Unix or Windows
54 multi_json 1.10.1 MIT A common interface to multiple JSON libraries. A common interface to multiple JSON libraries, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, NSJSONSerialization, gson.rb, JrJackson, and OkJson.
55 multi_xml 0.5.5 MIT A generic swappable back-end for XML parsing Provides swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML.
56 multipart-post 2.0.0 MIT A multipart form post accessory for Net::HTTP. Use with Net::HTTP to do multipart form posts. IO values that have #content_type, #original_filename, and #local_path will be posted as a binary file.
57 net-http-persistent 2.9.4 MIT Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8 Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8. It's thread-safe too! Using persistent HTTP connections can dramatically increase the speed of HTTP. Creating a new HTTP connection for every request involves an extra TCP round-trip and causes TCP congestion avoidance negotiation to start over. Net::HTTP supports persistent connections with some API methods but does not handle reconnection gracefully. Net::HTTP::Persistent supports reconnection and retry according to RFC 2616.
58 net-scp 1.2.1 MIT A pure Ruby implementation of the SCP client protocol A pure Ruby implementation of the SCP client protocol
59 net-ssh 2.9.1 MIT Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.
60 net-ssh-gateway 1.2.0 MIT A simple library to assist in establishing tunneled Net::SSH connections A simple library to assist in establishing tunneled Net::SSH connections
61 net-ssh-multi 1.2.0 MIT Control multiple Net::SSH connections via a single interface. Control multiple Net::SSH connections via a single interface.
62 nio4r 1.0.1 MIT NIO provides a high performance selector API for monitoring IO objects New IO for Ruby
63 nokogiri 1.6.4.1 MIT Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors. XML is like violence - if it doesn’t solve your problems, you are not using enough of it.
64 octokit 3.5.2 MIT Ruby toolkit for working with the GitHub API Simple wrapper for the GitHub API
65 ohai 7.4.0 Apache 2.0 Ohai profiles your system and emits JSON Ohai profiles your system and emits JSON
66 parser 2.2.0.pre.8 MIT A Ruby parser written in pure Ruby. A Ruby parser written in pure Ruby.
67 plist 3.1.0 MIT All-purpose Property List manipulation library. Plist is a library to manipulate Property List files, also known as plists. It can parse plist files into native Ruby data structures as well as generating new plist files from your Ruby objects.
68 polyglot 0.3.5 MIT Augment 'require' to load non-Ruby file types The Polyglot library allows a Ruby module to register a loader for the file type associated with a filename extension, and it augments 'require' to find and load matching files.
69 powerpack 0.0.9 MIT A few useful extensions to core Ruby classes. A few useful extensions to core Ruby classes.
70 pry 0.10.1 MIT An IRB alternative and runtime developer console An IRB alternative and runtime developer console
71 rack 1.5.2 MIT a modular Ruby webserver interface Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. Also see http://rack.github.com/.
72 rainbow 2.0.0 MIT Colorize printed text on ANSI terminals Colorize printed text on ANSI terminals
73 rake 10.3.2 MIT Rake is a Make-like program implemented in Ruby Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax. Rake has the following features: * Rakefiles (rake's version of Makefiles) are completely defined in standard Ruby syntax. No XML files to edit. No quirky Makefile syntax to worry about (is that a tab or a space?) * Users can specify tasks with prerequisites. * Rake supports rule patterns to synthesize implicit tasks. * Flexible FileLists that act like arrays but know about manipulating file names and paths. * A library of prepackaged tasks to make building rakefiles easier. For example, tasks for building tarballs and publishing to FTP or SSH sites. (Formerly tasks for building RDoc and Gems were included in rake but they're now available in RDoc and RubyGems respectively.) * Supports parallel execution of tasks.
74 rb-fsevent 0.9.4 MIT Very simple & usable FSEvents API FSEvents API with Signals catching (without RubyCocoa)
75 rb-inotify 0.9.5 MIT A Ruby wrapper for Linux's inotify, using FFI A Ruby wrapper for Linux's inotify, using FFI
76 rest-client 1.6.7 MIT Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions. A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete.
77 retryable 1.3.6 MIT Kernel#retryable, allow for retrying of code blocks. Kernel#retryable, allow for retrying of code blocks.
78 ridley 4.1.0 Apache 2.0 A reliable Chef API client with a clean syntax A reliable Chef API client with a clean syntax
79 rspec 3.1.0 MIT rspec-3.1.0 BDD for Ruby
80 rspec-core 3.1.7 MIT rspec-core-3.1.7 BDD for Ruby. RSpec runner and example groups.
81 rspec-expectations 3.1.2 MIT rspec-expectations-3.1.2 rspec-expectations provides a simple, readable API to express expected outcomes of a code example.
82 rspec-its 1.1.0 MIT Provides "its" method formally part of rspec-core RSpec extension gem for attribute matching
83 rspec-mocks 3.1.3 MIT rspec-mocks-3.1.3 RSpec's 'test double' framework, with support for stubbing and mocking
84 rspec-support 3.1.2 MIT rspec-support-3.1.2 Support utilities for RSpec gems
85 rubocop 0.27.1 MIT Automatic Ruby code style checking tool. Automatic Ruby code style checking tool. Aims to enforce the community-driven Ruby Style Guide.
86 ruby-progressbar 1.7.0 MIT Ruby/ProgressBar is a flexible text progress bar library for Ruby. Ruby/ProgressBar is an extremely flexible text progress bar library for Ruby. The output can be customized with a flexible formatting system including: percentage, bars of various formats, elapsed time and estimated time remaining.
87 rufus-lru 1.0.5 MIT A Hash with a max size, controlled by a LRU mechanism LruHash class, a Hash with a max size, controlled by a LRU mechanism
88 safe_yaml 1.0.4 MIT SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications. Parse YAML safely
89 sawyer 0.5.5 MIT Secret User Agent of HTTP
90 semverse 1.2.1 Apache 2.0 An elegant library for representing and comparing SemVer versions and constraints An elegant library for representing and comparing SemVer versions and constraints
91 sequel 4.16.0 MIT The Database Toolkit for Ruby The Database Toolkit for Ruby
92 serverspec 2.3.1 MIT RSpec tests for your servers configured by Puppet, Chef or anything else RSpec tests for your servers configured by Puppet, Chef or anything else
93 slop 3.6.0 MIT Simple Lightweight Option Parsing A simple DSL for gathering options and parsing the command line
94 solve 1.2.1 Apache 2.0 A Ruby version constraint solver implementing Semantic Versioning 2.0.0-rc.1 A Ruby version constraint solver
95 specinfra 2.5.0 MIT Common layer for serverspec and itamae Common layer for serverspec and itamae
96 sqlite3 1.3.10 New BSD This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org) This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org). You must have the SQLite engine installed in order to build this module. Note that this module is only compatible with SQLite 3.6.16 or newer.
97 systemu 2.6.4 ruby systemu universal capture of stdout and stderr and handling of child process pid for windows, *nix, etc.
98 test-kitchen 1.2.1 Apache 2.0 Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms. Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.
99 thor 0.19.1 MIT Thor is a toolkit for building powerful command-line interfaces. Thor is a toolkit for building powerful command-line interfaces.
100 timers 4.0.1 MIT Schedule procs to run after a certain time, or at periodic intervals, using any API that accepts a timeout Pure Ruby one-shot and periodic timers
101 treetop 1.5.3 MIT A Ruby-based text parsing and interpretation DSL
102 varia_model 0.4.0 Apache 2.0 A mixin to provide objects with magic attribute reading and writing A mixin to provide objects with magic attribute reading and writing
103 wmi-lite 1.0.0 Apache 2.0 A lightweight utility library for accessing basic WMI (Windows Management Instrumentation) functionality on Windows A lightweight utility over win32ole for accessing basic WMI (Windows Management Instrumentation) functionality in the Microsoft Windows operating system. It has no runtime dependencies other than Ruby, so it can be used without concerns around dependency issues.
104 xml-simple 1.1.4 ruby A simple API for XML processing.
105 yajl-ruby 1.2.1 MIT Ruby C bindings to the excellent Yajl JSON stream-based parser library.

7
cookbooks/redis/files/default/tests/minitest/client_test.rb
View File

@ -1,7 +0,0 @@
require_relative "test_helper"
describe_recipe "redis::client" do
it "installed the `redis-tools` package" do
package("redis-tools").must_be_installed
end
end

19
cookbooks/redis/files/default/tests/minitest/default_test.rb
View File

@ -1,19 +0,0 @@
require_relative "test_helper"
describe_recipe "redis::default" do
let(:apt_path) do
"/etc/apt/sources.list.d"
end
it "set up an apt repository" do
repo = {
"debian" => { name: "dotdeb", content: "dotdeb" },
"ubuntu" => { name: "chris-lea-redis-server", content: "chris-lea" }
}[node["platform"]]
apt_file = "#{apt_path}/#{repo[:name]}.list"
file(apt_file).must_exist
file(apt_file).must_include repo[:content]
end
end

48
cookbooks/redis/files/default/tests/minitest/server_test.rb
View File

@ -1,48 +0,0 @@
require_relative "test_helper"
describe_recipe "redis::server" do
it "installed the `redis-server` package" do
package("redis-server").must_be_installed
end
it "enabled the `redis-server` service" do
service("redis-server").must_be_enabled
end
it "started the `redis-server` service" do
service("redis-server").must_be_running
end
describe "data directory" do
let(:dir) do
directory node["redis"]["dir"]
end
it { dir.must_exist }
it { dir.must_have :owner, "redis" }
it { dir.must_have :group, "redis" }
it { dir.must_have :mode, "750" }
end
describe "redis.conf" do
let(:conf) do
file "/etc/redis/redis.conf"
end
it { conf.must_exist }
it { conf.must_have :owner, "root" }
it { conf.must_have :group, "root" }
it { conf.must_have :mode, "644" }
end
describe "`default` file" do
let(:default) do
file "/etc/default/redis-server"
end
it { default.must_exist }
it { default.must_have :owner, "root" }
it { default.must_have :group, "root" }
it { default.must_have :mode, "644" }
end
end

5
cookbooks/redis/files/default/tests/minitest/test_helper.rb
View File

@ -1,5 +0,0 @@
require "minitest/spec"
include MiniTest::Chef::Assertions
include MiniTest::Chef::Context
include MiniTest::Chef::Resources

37
cookbooks/redis/metadata.json
View File

@ -1,37 +0,0 @@
{
"name": "redis",
"description": "Installs and configures Redis",
"long_description": "",
"maintainer": "Phil Cohen",
"maintainer_email": "github@phlippers.net",
"license": "MIT",
"platforms": {
"debian": ">= 0.0.0",
"ubuntu": ">= 0.0.0"
},
"dependencies": {
"apt": ">= 0.0.0"
},
"providing": {
},
"recipes": {
"redis::default": "Sets up ppa apt repository",
"redis::server": "Installs redis server",
"redis::client": "Installs redis client"
},
"version": "0.5.6",
"source_url": "",
"issues_url": "",
"privacy": false,
"chef_versions": [
],
"ohai_versions": [
],
"gems": [
],
"eager_load_libraries": true
}

15
cookbooks/redis/metadata.rb
View File

@ -1,15 +0,0 @@
name "redis"
maintainer "Phil Cohen"
maintainer_email "github@phlippers.net"
license "MIT"
description "Installs and configures Redis"
version "0.5.6"
recipe "redis::default", "Sets up ppa apt repository"
recipe "redis::server", "Installs redis server"
recipe "redis::client", "Installs redis client"
supports "debian"
supports "ubuntu"
depends "apt"

10
cookbooks/redis/recipes/client.rb
View File

@ -1,10 +0,0 @@
#
# Cookbook Name:: redis
# Recipe:: client
#
include_recipe "redis::default"
package "redis-tools" do
action node["redis"]["auto_upgrade"] ? :upgrade : :install
end

11
cookbooks/redis/recipes/default.rb
View File

@ -1,11 +0,0 @@
#
# Cookbook Name:: redis
# Recipe:: default
#
apt_repository node["redis"]["apt_repository"] do
uri node["redis"]["apt_uri"]
distribution node["redis"]["apt_distribution"]
components node["redis"]["apt_components"]
keyserver node["redis"]["apt_keyserver"]
key node["redis"]["apt_key"]
end

38
cookbooks/redis/recipes/server.rb
View File

@ -1,38 +0,0 @@
#
# Cookbook Name:: redis
# Recipe:: server
#
include_recipe "redis::default"
package "redis-server" do
action node["redis"]["auto_upgrade"] ? :upgrade : :install
end
directory node["redis"]["dir"] do
owner "redis"
group "redis"
mode "0750"
recursive true
end
service "redis-server" do
supports restart: true
action [:enable, :start]
end
template "/etc/redis/redis.conf" do
source "redis.conf.erb"
owner "root"
group "root"
mode "0644"
notifies :restart, "service[redis-server]"
end
template "/etc/default/redis-server" do
source "default_redis-server.erb"
owner "root"
group "root"
mode "0644"
notifies :restart, "service[redis-server]"
end

27
cookbooks/redis/spec/client_spec.rb
View File

@ -1,27 +0,0 @@
require "spec_helper"
describe "redis::client" do
let(:chef_run) do
ChefSpec::SoloRunner.new.converge(described_recipe)
end
it { expect(chef_run).to include_recipe("redis::default") }
describe "package installation" do
describe "default action" do
it { expect(chef_run).to install_package("redis-tools") }
it { expect(chef_run).to_not upgrade_package("redis-tools") }
end
describe "when `auto_upgrade` is `true`" do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
node.set["redis"]["auto_upgrade"] = true
end.converge(described_recipe)
end
it { expect(chef_run).to_not install_package("redis-tools") }
it { expect(chef_run).to upgrade_package("redis-tools") }
end
end
end

19
cookbooks/redis/spec/default_spec.rb
View File

@ -1,19 +0,0 @@
require "spec_helper"
describe "redis::default" do
let(:chef_run) do
ChefSpec::SoloRunner.new.converge(described_recipe)
end
it { expect(chef_run).to add_apt_repository("chris-lea-redis-server") }
# debian family setup
context "using debian platform" do
let(:chef_run) do
env_options = { platform: "debian", version: "6.0.5" }
ChefSpec::SoloRunner.new(env_options).converge(described_recipe)
end
it { expect(chef_run).to add_apt_repository("dotdeb") }
end
end

69
cookbooks/redis/spec/server_spec.rb
View File

@ -1,69 +0,0 @@
require "spec_helper"
describe "redis::server" do
let(:chef_run) do
ChefSpec::SoloRunner.new.converge(described_recipe)
end
it { expect(chef_run).to include_recipe("redis::default") }
describe "package installation" do
describe "default action" do
it { expect(chef_run).to install_package("redis-server") }
it { expect(chef_run).to_not upgrade_package("redis-server") }
end
describe "when `auto_upgrade` is `true`" do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
node.set["redis"]["auto_upgrade"] = true
end.converge(described_recipe)
end
it { expect(chef_run).to_not install_package("redis-server") }
it { expect(chef_run).to upgrade_package("redis-server") }
end
end
it "creates the data directory" do
expect(chef_run).to create_directory("/var/lib/redis").with(
owner: "redis",
group: "redis",
mode: "0750",
recursive: true
)
end
it { expect(chef_run).to enable_service("redis-server") }
it { expect(chef_run).to start_service("redis-server") }
it "creates `/etc/redis/redis.conf`" do
path = "/etc/redis/redis.conf"
expect(chef_run).to create_template(path).with(
source: "redis.conf.erb",
owner: "root",
group: "root",
mode: "0644"
)
expect(chef_run.template(path)).to(
notify("service[redis-server]").to(:restart)
)
end
it "creates `/etc/default/redis-server`" do
path = "/etc/default/redis-server"
expect(chef_run).to create_template(path).with(
source: "default_redis-server.erb",
owner: "root",
group: "root",
mode: "0644"
)
expect(chef_run.template(path)).to(
notify("service[redis-server]").to(:restart)
)
end
end

20
cookbooks/redis/spec/spec_helper.rb
View File

@ -1,20 +0,0 @@
begin
require "chefspec"
require "chefspec/berkshelf"
rescue LoadError
puts "Unable to run `chefspec`"
exit
end
RSpec.configure do |config|
config.platform = "ubuntu"
config.version = "12.04"
config.log_level = :error
config.raise_errors_for_deprecations!
end
def add_apt_repository(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :add, resource_name)
end
at_exit { ChefSpec::Coverage.report! }

12
cookbooks/redis/templates/default/default_redis-server.erb
View File

@ -1,12 +0,0 @@
# redis-server configure options
# ULIMIT: Call ulimit -n with this argument prior to invoking Redis itself.
# This may be required for high-concurrency environments. Redis itself cannot
# alter its limits as it is not being run as root. (default: do not call
# ulimit)
#
<% if node["redis"]["ulimit"] && !node["redis"]["ulimit"].empty? %>
ULIMIT=<%= node["redis"]["ulimit"] %>
<% else %>
# ULIMIT=65536
<% end %>

556
cookbooks/redis/templates/default/redis.conf.erb
View File

@ -1,556 +0,0 @@
# Redis configuration file example
# Note on units: when memory size is needed, it is possible to specifiy
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize <%= node["redis"]["daemonize"] %>
# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
# default. You can specify a custom pid file location here.
pidfile <%= node["redis"]["pidfile"] %>
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port <%= node["redis"]["port"] %>
# If you want you can bind a single interface, if the bind option is not
# specified all the interfaces will listen for incoming connections.
#
<% unless node["redis"]["bind"].empty? %>
bind <%= node["redis"]["bind"] %>
<% end %>
# Specify the path for the unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
<% unless node["redis"]["unixsocket"].empty? %>
unixsocket <%= node["redis"]["unixsocket"] %>
unixsocketperm <%= node["redis"]["unixsocketperm"] %>
<% end %>
# Close the connection after a client is idle for N seconds (0 to disable)
timeout <%= node["redis"]["timeout"] %>
# Set server verbosity to 'debug'
# it can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel <%= node["redis"]["loglevel"] %>
# Specify the log file name. Also 'stdout' can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile <%= node["redis"]["logfile"] %>
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
syslog-enabled <%= node["redis"]["syslog_enabled"] %>
<% if node["redis"]["syslog_enabled"] == "yes" %>
# Specify the syslog identity.
syslog-ident <%= node["redis"]["syslog_ident"] %>
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
syslog-facility <%= node["redis"]["syslog_facility"] %>
<% end %>
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases <%= node["redis"]["databases"] %>
################################ SNAPSHOTTING #################################
#
# Save the DB on disk:
#
# save <seconds> <changes>
#
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
# In the example below the behaviour will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
#
# Note: you can disable saving at all commenting all the "save" lines.
#
# It is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
#
# save ""
<% node["redis"]["snapshots"].each do |interval, keys| %>
save <%= "#{interval} #{keys}" %>
<% end %>
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in an hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# distater will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usually even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error <%= node["redis"]["stop_writes_on_bgsave_error"] %>
# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression <%= node["redis"]["rdbcompression"] %>
# Since verison 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum <%= node["redis"]["rdbchecksum"] %>
# The filename where to dump the DB
dbfilename <%= node["redis"]["dbfilename"] %>
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# Also the Append Only File will be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir <%= node["redis"]["dir"] %>
################################# REPLICATION #################################
# Master-Slave replication. Use slaveof to make a Redis instance a copy of
# another Redis server. Note that the configuration is local to the slave
# so for example it is possible to configure the slave to save the DB with a
# different interval, or to listen to another port, and so on.
#
# slaveof <masterip> <masterport>
<% if node["redis"]["slaveof"] && !node["redis"]["slaveof"].empty? %>
slaveof <%= node["redis"]["slaveof"] %>
<% end %>
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>
<% if node["redis"]["masterauth"] && !node["redis"]["masterauth"].empty? %>
masterauth <%= node["redis"]["masterauth"] %>
<% end %>
# When a slave lost the connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
# still reply to client requests, possibly with out of data data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale data is set to 'no' the slave will reply with
# an error "SYNC with master in progress" to all the kind of commands
# but to INFO and SLAVEOF.
#
slave-serve-stale-data <%= node["redis"]["slave_serve_stale_data"] %>
# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default slaves are read-only.
#
# Note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only slave exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extend you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only <%= node["redis"]["slave_read_only"] %>
# Slaves send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_slave_period option. The default value is 10
# seconds.
#
repl-ping-slave-period <%= node["redis"]["repl_ping_slave_period"] %>
# The following option sets a timeout for both Bulk transfer I/O timeout and
# master data or ping response timeout. The default value is 60 seconds.
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
repl-timeout <%= node["redis"]["repl_timeout"] %>
# The slave priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# A slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
# pick the one wtih priority 10, that is the lowest.
#
# However a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
slave-priority <%= node["redis"]["slave_priority"] %>
################################## SECURITY ###################################
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
<% if node["redis"]["requirepass"] && !node["redis"]["requirepass"].empty? %>
requirepass <%= node["redis"]["requirepass"] %>
<% end %>
# Command renaming.
#
# It is possilbe to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# of hard to guess so that it will be still available for internal-use
# tools but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possilbe to completely kill a command renaming it into
# an empty string:
#
# rename-command CONFIG ""
<% node["redis"]["rename_commands"].each do |command| %>
rename-command <%= command %>
<% end %>
################################### LIMITS ####################################
# Set the max number of connected clients at the same time. By default there
# is no limit, and it's up to the number of file descriptors the Redis process
# is able to open. The special value '0' means no limits.
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
maxclients <%= node["redis"]["maxclients"] %>
# Don't use more memory than the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# accordingly to the eviction policy selected (see maxmemmory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU cache, or to set
# an hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
maxmemory <%= node["redis"]["maxmemory"] %>
# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached? You can select among five behavior:
#
# volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any key accordingly to the LRU algorithm
# volatile-random -> remove a random key with an expire set
# allkeys->random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
# noeviction -> don't expire at all, just return an error on write operations
#
# Note: with all the kind of policies, Redis will return an error on write
# operations, when there are not suitable keys for eviction.
#
# At the date of writing this commands are: set setnx setex append
# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
# getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy volatile-lru
maxmemory-policy <%= node["redis"]["maxmemory_policy"] %>
# LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can select as well the sample
# size to check. For instance for default Redis will check three keys and
# pick the one that was used less recently, you can change the sample size
# using the following configuration directive.
#
# maxmemory-samples 3
maxmemory-samples <%= node["redis"]["maxmemory_samples"] %>
############################## APPEND ONLY MODE ###############################
# By default Redis asynchronously dumps the dataset on disk. If you can live
# with the idea that the latest records will be lost if something like a crash
# happens this is the preferred way to run Redis. If instead you care a lot
# about your data and don't want to that a single record can get lost you should
# enable the append only mode: when this mode is enabled Redis will append
# every write operation received in the file appendonly.aof. This file will
# be read on startup in order to rebuild the full dataset in memory.
#
# Note that you can have both the async dumps and the append only file if you
# like (you have to comment the "save" statements above to disable the dumps).
# Still if append only mode is enabled Redis will load the data from the
# log file at startup ignoring the dump.rdb file.
#
# IMPORTANT: Check the BGREWRITEAOF to check how to rewrite the append
# log file in background when it gets too big.
appendonly <%= node["redis"]["appendonly"] %>
# The name of the append only file (default: "appendonly.aof")
appendfilename <%= node["redis"]["appendfilename"] %>
# The fsync() call tells the Operating System to actually write data on disk
# instead to wait for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log . Slow, Safest.
# everysec: fsync only if one second passed since the last fsync. Compromise.
#
# The default is "everysec" that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# If unsure, use "everysec".
# appendfsync always
appendfsync <%= node["redis"]["appendfsync"] %>
# appendfsync no
# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving the durability of Redis is
# the same as "appendfsync none", that in pratical terms means that it is
# possible to lost up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite <%= node["redis"]["no_appendfsync_on_rewrite"] %>
# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size will growth by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (or if no rewrite happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a precentage of zero in order to disable the automatic AOF
# rewrite feature.
auto-aof-rewrite-percentage <%= node["redis"]["auto_aof_rewrite_percentage"] %>
auto-aof-rewrite-min-size <%= node["redis"]["auto_aof_rewrite_min_size"] %>
################################ LUA SCRIPTING ###############################
# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceed the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write commands was
# already issue by the script but the user don't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit <%= node["redis"]["lua_time_limit"] %>
################################## SLOW LOG ###################################
# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than <%= node["redis"]["slowlog_log_slower_than"] %>
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len <%= node["redis"]["slowlog_max_len"] %>
############################### ADVANCED CONFIG ###############################
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries <%= node["redis"]["hash_max_ziplist_entries"] %>
hash-max-ziplist-value <%= node["redis"]["hash_max_ziplist_value"] %>
# Similarly to hashes, small lists are also encoded in a special way in order
# to save a lot of space. The special representation is only used when
# you are under the following limits:
list-max-ziplist-entries <%= node["redis"]["list_max_ziplist_entries"] %>
list-max-ziplist-value <%= node["redis"]["list_max_ziplist_value"] %>
# Sets have a special encoding in just one case: when a set is composed
# of just strings that happens to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries <%= node["redis"]["set_max_intset_entries"] %>
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries <%= node["redis"]["zset_max_ziplist_entries"] %>
zset-max-ziplist-value <%= node["redis"]["zset_max_ziplist_value"] %>
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into an hash table
# that is rhashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# active rehashing the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply form time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing <%= node["redis"]["activerehashing"] %>
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients
# slave -> slave clients and MONITOR clients
# pubsub -> clients subcribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled just setting it to zero.
client-output-buffer-limit normal <%= node["redis"]["client_output_buffer_limit"]["normal"] %>
client-output-buffer-limit slave <%= node["redis"]["client_output_buffer_limit"]["slave"] %>
client-output-buffer-limit pubsub <%= node["redis"]["client_output_buffer_limit"]["pubsub"] %>
################################## INCLUDES ###################################
# Include one or more other config files here. This is useful if you
# have a standard template that goes to all redis server but also need
# to customize a few per-server settings. Include files can include
# other files, so use this wisely.
#
# include /path/to/local.conf
# include /path/to/other.conf
<% node["redis"]["include_config_files"].each do |file| %>
include <%= file %>
<% end %>

2
cookbooks/redis/test/.chef/knife.rb
View File

@ -1,2 +0,0 @@
cache_type "BasicFile"
cache_options(path: "#{ENV["HOME"]}/.chef/checksums")

41
cookbooks/redis/test/integration/default/serverspec/default_spec.rb
View File

@ -1,41 +0,0 @@
require "serverspec"
set :backend, :exec
describe "Redis client installation" do
describe package("redis-tools") do
it { should be_installed }
end
end
describe "Redis server installation" do
describe package("redis-server") do
it { should be_installed }
end
describe file("/var/lib/redis") do
it { should be_a_directory }
it { should be_owned_by "redis" }
it { should be_grouped_into "redis" }
it { should be_mode 750 }
end
describe service("redis-server") do
it { should be_enabled }
it { should be_running }
end
describe file("/etc/redis/redis.conf") do
it { should be_a_file }
it { should be_owned_by "root" }
it { should be_grouped_into "root" }
it { should be_mode 644 }
end
describe file("/etc/default/redis-server") do
it { should be_a_file }
it { should be_owned_by "root" }
it { should be_grouped_into "root" }
it { should be_mode 644 }
end
end

17
cookbooks/redis/test/support/keys/README.md
View File

@ -1,17 +0,0 @@
# Insecure Keypair
These keys are the "insecure" public/private keypair we offer to
[base box creators](http://docs.vagrantup.com/v1/docs/base_boxes.html) for use in their base boxes so that
vagrant installations can automatically SSH into the boxes.
If you're working with a team or company or with a custom box and
you want more secure SSH, you should create your own keypair
and configure the private key in the Vagrantfile with
`config.ssh.private_key_path`
# Putty
If you are using Vagrant on windows, the .ppk file contained here, in the keys directory,
has been generated from the private key and should be used to connect Putty to any VMs that
are leveraging the default key pair. See [guide](http://docs.vagrantup.com/v1/docs/getting-started/ssh.html)
in the documentation for more details on using Putty with Vagrant.

27
cookbooks/redis/test/support/keys/vagrant
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
+vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
-----END RSA PRIVATE KEY-----

1
cookbooks/redis/test/support/keys/vagrant.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key

25
cookbooks/redis/test/support/rubocop/disabled.yml
View File

@ -1,25 +0,0 @@
Encoding:
Description: 'Use UTF-8 as the source file encoding.'
Enabled: false
SymbolArray:
Description: 'Use %i or %I for arrays of symbols.'
Enabled: false
##################### Rails ##################################
DefaultScope:
Description: 'Checks if the argument passed to default_scope is a block.'
Enabled: false
HasAndBelongsToMany:
Description: 'Prefer has_many :through to has_and_belongs_to_many.'
Enabled: false
Output:
Description: 'Checks for calls to puts, print, etc.'
Enabled: false
Validation:
Description: 'Use sexy validations.'
Enabled: false

652
cookbooks/redis/test/support/rubocop/enabled.yml
View File

@ -1,652 +0,0 @@
# These are all the cops that are enabled in the default configuration.
AccessModifierIndentation:
Description: Check indentation of private/protected visibility modifiers.
Enabled: true
AccessorMethodName:
Description: Check the naming of accessor methods for get_/set_.
Enabled: true
Alias:
Description: 'Use alias_method instead of alias.'
Enabled: true
AlignArray:
Description: >-
Align the elements of an array literal if they span more than
one line.
Enabled: true
AlignHash:
Description: >-
Align the elements of a hash literal if they span more than
one line.
Enabled: true
AlignParameters:
Description: >-
Align the parameters of a method call if they span more
than one line.
Enabled: true
AndOr:
Description: 'Use &&/|| instead of and/or.'
Enabled: true
AsciiComments:
Description: 'Use only ascii symbols in comments.'
Enabled: true
AsciiIdentifiers:
Description: 'Use only ascii symbols in identifiers.'
Enabled: true
Attr:
Description: 'Checks for uses of Module#attr.'
Enabled: true
BeginBlock:
Description: 'Avoid the use of BEGIN blocks.'
Enabled: true
BlockComments:
Description: 'Do not use block comments.'
Enabled: true
BlockNesting:
Description: 'Avoid excessive block nesting'
Enabled: true
Blocks:
Description: >-
Avoid using {...} for multi-line blocks (multiline chaining is
always ugly).
Prefer {...} over do...end for single-line blocks.
Enabled: true
BracesAroundHashParameters:
Description: 'Enforce braces style inside hash parameters.'
Enabled: true
CaseEquality:
Description: 'Avoid explicit use of the case equality operator(===).'
Enabled: true
CaseIndentation:
Description: 'Indentation of when in a case/when/[else/]end.'
Enabled: true
CharacterLiteral:
Description: 'Checks for uses of character literals.'
Enabled: true
ClassAndModuleCamelCase:
Description: 'Use CamelCase for classes and modules.'
Enabled: true
ClassLength:
Description: 'Avoid classes longer than 100 lines of code.'
Enabled: true
ClassMethods:
Description: 'Use self when defining module/class methods.'
Enabled: true
ClassVars:
Description: 'Avoid the use of class variables.'
Enabled: true
CollectionMethods:
Description: 'Preferred collection methods.'
Enabled: true
ColonMethodCall:
Description: 'Do not use :: for method call.'
Enabled: true
CommentAnnotation:
Description: >-
Checks formatting of special comments
(TODO, FIXME, OPTIMIZE, HACK, REVIEW).
Enabled: true
ConstantName:
Description: 'Constants should use SCREAMING_SNAKE_CASE.'
Enabled: true
CyclomaticComplexity:
Description: 'Avoid complex methods.'
Enabled: true
DefWithParentheses:
Description: 'Use def with parentheses when there are arguments.'
Enabled: true
Documentation:
Description: 'Document classes and non-namespace modules.'
Enabled: true
DotPosition:
Description: 'Checks the position of the dot in multi-line method calls.'
Enabled: true
EmptyLineBetweenDefs:
Description: 'Use empty lines between defs.'
Enabled: true
EmptyLines:
Description: "Don't use several empty lines in a row."
Enabled: true
EmptyLinesAroundAccessModifier:
Description: "Keep blank lines around access modifiers."
Enabled: true
EmptyLinesAroundBody:
Description: "Keeps track of empty lines around expression bodies."
Enabled: true
EmptyLiteral:
Description: 'Prefer literals to Array.new/Hash.new/String.new.'
Enabled: true
EndBlock:
Description: 'Avoid the use of END blocks.'
Enabled: true
EndOfLine:
Description: 'Use Unix-style line endings.'
Enabled: true
EvenOdd:
Description: 'Favor the use of Fixnum#even? && Fixnum#odd?'
Enabled: true
FavorJoin:
Description: 'Use Array#join instead of Array#*.'
Enabled: true
FavorUnlessOverNegatedIf:
Description: >-
Favor unless over if for negative conditions
(or control flow or).
Enabled: true
FavorUntilOverNegatedWhile:
Description: 'Favor until over while for negative conditions.'
Enabled: true
FileName:
Description: 'Use snake_case for source file names.'
Enabled: true
FinalNewline:
Description: 'Checks for a final newline in a source file.'
Enabled: true
FlipFlop:
Description: 'Checks for flip flops'
Enabled: true
For:
Description: 'Checks use of for or each in multiline loops.'
Enabled: true
FormatString:
Description: 'Enforce the use of Kernel#sprintf, Kernel#format or String#%.'
Enabled: true
GlobalVars:
Description: 'Do not introduce global variables.'
Enabled: true
HashMethods:
Description: 'Checks for use of deprecated Hash methods.'
Enabled: true
HashSyntax:
Description: >-
Prefer Ruby 1.9 hash syntax { a: 1, b: 2 } over 1.8 syntax
{ :a => 1, :b => 2 }.
Enabled: true
IfUnlessModifier:
Description: >-
Favor modifier if/unless usage when you have a
single-line body.
Enabled: true
IfWithSemicolon:
Description: 'Never use if x; .... Use the ternary operator instead.'
Enabled: true
IndentationConsistency:
Description: 'Keep indentation straight.'
Enabled: true
IndentationWidth:
Description: 'Use 2 spaces for indentation.'
Enabled: true
IndentArray:
Description: >-
Checks the indentation of the first element in an array
literal.
Enabled: true
IndentHash:
Description: 'Checks the indentation of the first key in a hash literal.'
Enabled: true
Lambda:
Description: 'Use the new lambda literal syntax for single-line blocks.'
Enabled: true
LambdaCall:
Description: 'Use lambda.call(...) instead of lambda.(...).'
Enabled: true
LeadingCommentSpace:
Description: 'Comments should start with a space.'
Enabled: true
LineEndConcatenation:
Description: 'Use \\ instead of + to concatenate two string literals at line end.'
Enabled: true
LineLength:
Description: 'Limit lines to 79 characters.'
Enabled: true
MethodCalledOnDoEndBlock:
Description: 'Avoid chaining a method call on a do...end block.'
Enabled: true
MethodCallParentheses:
Description: 'Do not use parentheses for method calls with no arguments.'
Enabled: true
MethodDefParentheses:
Description: >-
Checks if the method definitions have or don't have
parentheses.
Enabled: true
MethodLength:
Description: 'Avoid methods longer than 10 lines of code.'
Enabled: true
MethodName:
Description: 'Use the configured style when naming methods.'
Enabled: true
ModuleFunction:
Description: 'Checks for usage of `extend self` in modules.'
Enabled: true
MultilineBlockChain:
Description: 'Avoid multi-line chains of blocks.'
Enabled: true
MultilineIfThen:
Description: 'Never use then for multi-line if/unless.'
Enabled: true
MultilineTernaryOperator:
Description: >-
Avoid multi-line ?: (the ternary operator);
use if/unless instead.
Enabled: true
NestedTernaryOperator:
Description: 'Use one expression per branch in a ternary operator.'
Enabled: true
NilComparison:
Description: 'Prefer x.nil? to x == nil.'
Enabled: true
Not:
Description: 'Use ! instead of not.'
Enabled: true
NumericLiterals:
Description: >-
Add underscores to large numeric literals to improve their
readability.
Enabled: true
OneLineConditional:
Description: >-
Favor the ternary operator(?:) over
if/then/else/end constructs.
Enabled: true
OpMethod:
Description: 'When defining binary operators, name the argument other.'
Enabled: true
ParameterLists:
Description: 'Avoid parameter lists longer than three or four parameters.'
Enabled: true
ParenthesesAroundCondition:
Description: >-
Don't use parentheses around the condition of an
if/unless/while.
Enabled: true
PerlBackrefs:
Description: 'Avoid Perl-style regex back references.'
Enabled: true
PredicateName:
Description: 'Check the names of predicate methods.'
Enabled: true
Proc:
Description: 'Use proc instead of Proc.new.'
Enabled: true
RaiseArgs:
Description: 'Checks the arguments passed to raise/fail.'
Enabled: true
RedundantBegin:
Description: "Don't use begin blocks when they are not needed."
Enabled: true
RedundantException:
Description: "Checks for an obsolete RuntimeException argument in raise/fail."
Enabled: true
RedundantReturn:
Description: "Don't use return where it's not required."
Enabled: true
RedundantSelf:
Description: "Don't use self where it's not needed."
Enabled: true
RegexpLiteral:
Description: >-
Use %r for regular expressions matching more than
`MaxSlashes` '/' characters.
Use %r only for regular expressions matching more than
`MaxSlashes` '/' character.
Enabled: true
RescueModifier:
Description: 'Avoid using rescue in its modifier form.'
Enabled: true
Semicolon:
Description: "Don't use semicolons to terminate expressions."
Enabled: true
SignalException:
Description: 'Checks for proper usage of fail and raise.'
Enabled: true
SingleLineBlockParams:
Description: 'Enforces the names of some block params.'
Enabled: true
SingleLineMethods:
Description: 'Avoid single-line methods.'
Enabled: true
SpaceAfterColon:
Description: 'Use spaces after colons.'
Enabled: true
SpaceAfterComma:
Description: 'Use spaces after commas.'
Enabled: true
SpaceAfterControlKeyword:
Description: 'Use spaces after if/elsif/unless/while/until/case/when.'
Enabled: true
SpaceAfterMethodName:
Description: >-
Never put a space between a method name and the opening
parenthesis.
Enabled: true
SpaceAfterNot:
Description: Tracks redundant space after the ! operator.
Enabled: true
SpaceAfterSemicolon:
Description: 'Use spaces after semicolons.'
Enabled: true
SpaceAroundBlockBraces:
Description: >-
Checks that block braces have or don't have surrounding space.
For blocks taking parameters, checks that the left brace has
or doesn't have trailing space.
Enabled: true
SpaceAroundEqualsInParameterDefault:
Description: >-
Use spaces around the = operator when assigning default
values in def params.
Enabled: true
SpaceAroundOperators:
Description: 'Use spaces around operators.'
Enabled: true
SpaceBeforeModifierKeyword:
Description: 'Put a space before the modifier keyword.'
Enabled: true
SpaceInsideBrackets:
Description: 'No spaces after [ or before ].'
Enabled: true
SpaceInsideHashLiteralBraces:
Description: "Use spaces inside hash literal braces - or don't."
Enabled: true
SpaceInsideParens:
Description: 'No spaces after ( or before ).'
Enabled: true
SpecialGlobalVars:
Description: 'Avoid Perl-style global variables.'
Enabled: true
StringLiterals:
Description: 'Checks if uses of quotes match the configured preference.'
Enabled: true
Tab:
Description: 'No hard tabs.'
Enabled: true
TrailingBlankLines:
Description: 'Checks for superfluous trailing blank lines.'
Enabled: true
TrailingComma:
Description: 'Checks for trailing comma in parameter lists and literals.'
Enabled: true
TrailingWhitespace:
Description: 'Avoid trailing whitespace.'
Enabled: true
TrivialAccessors:
Description: 'Prefer attr_* methods to trivial readers/writers.'
Enabled: true
UnlessElse:
Description: >-
Never use unless with else. Rewrite these with the positive
case first.
Enabled: true
VariableInterpolation:
Description: >-
Don't interpolate global, instance and class variables
directly in strings.
Enabled: true
VariableName:
Description: 'Use the configured style when naming variables.'
Enabled: true
WhenThen:
Description: 'Use when x then ... for one-line cases.'
Enabled: true
WhileUntilDo:
Description: 'Checks for redundant do after while or until.'
Enabled: true
WhileUntilModifier:
Description: >-
Favor modifier while/until usage when you have a
single-line body.
Enabled: true
WordArray:
Description: 'Use %w or %W for arrays of words.'
Enabled: true
#################### Lint ################################
### Warnings
AmbiguousOperator:
Description: >-
Checks for ambiguous operators in the first argument of a
method invocation without parentheses.
Enabled: true
AmbiguousRegexpLiteral:
Description: >-
Checks for ambiguous regexp literals in the first argument of
a method invocation without parenthesis.
Enabled: true
AssignmentInCondition:
Description: "Don't use assignment in conditions."
Enabled: true
BlockAlignment:
Description: 'Align block ends correctly.'
Enabled: true
ConditionPosition:
Description: 'Checks for condition placed in a confusing position relative to the keyword.'
Enabled: true
Debugger:
Description: 'Check for debugger calls.'
Enabled: true
DeprecatedClassMethods:
Description: 'Check for deprecated class method calls.'
Enabled: true
ElseLayout:
Description: 'Check for odd code arrangement in an else block.'
Enabled: true
EmptyEnsure:
Description: 'Checks for empty ensure block.'
Enabled: true
EndAlignment:
Description: 'Align ends correctly.'
Enabled: true
EndInMethod:
Description: 'END blocks should not be placed inside method definitions.'
Enabled: true
EnsureReturn:
Description: 'Never use return in an ensure block.'
Enabled: true
Eval:
Description: 'The use of eval represents a serious security risk.'
Enabled: true
HandleExceptions:
Description: "Don't suppress exception."
Enabled: true
InvalidCharacterLiteral:
Description: >-
Checks for invalid character literals with a non-escaped
whitespace character.
Enabled: true
LiteralInCondition:
Description: 'Checks of literals used in conditions.'
Enabled: true
LiteralInInterpolation:
Description: 'Checks for literals used in interpolation.'
Enabled: true
Loop:
Description: >-
Use Kernel#loop with break rather than begin/end/until or
begin/end/while for post-loop tests.
Enabled: true
ParenthesesAsGroupedExpression:
Description: >-
Checks for method calls with a space before the opening
parenthesis.
Enabled: true
RequireParentheses:
Description: >-
Use parentheses in the method call to avoid confusion
about precedence.
Enabled: true
RescueException:
Description: 'Avoid rescuing the Exception class.'
Enabled: true
ShadowingOuterLocalVariable:
Description: >-
Do not use the same name as outer local variable
for block arguments or block local variables.
Enabled: true
StringConversionInInterpolation:
Description: 'Checks for Object#to_s usage in string interpolation.'
Enabled: true
UnreachableCode:
Description: 'Unreachable code.'
Enabled: true
UselessAssignment:
Description: 'Checks for useless assignment to a local variable.'
Enabled: true
UselessComparison:
Description: 'Checks for comparison of something with itself.'
Enabled: true
UselessElseWithoutRescue:
Description: 'Checks for useless `else` in `begin..end` without `rescue`.'
Enabled: true
UselessSetterCall:
Description: 'Checks for useless setter call to a local variable.'
Enabled: true
Void:
Description: 'Possible use of operator/literal/variable in void context.'
Enabled: true

5
cookbooks/redisio/.markdownlint-cli2.yaml Normal file
View File

@ -0,0 +1,5 @@
config:
ul-indent: false # MD007
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052

97
cookbooks/redisio/CHANGELOG.md
View File

@ -1,9 +1,106 @@
# redisio
This file is used to list changes made in each version of the redisio cookbook.
## 6.4.1 - *2023-05-16*
## 6.4.0 - *2023-04-26*
- Simplify `configure` and `sentinel` resources, making them idempotent
## 6.3.7 - *2023-04-25*
- Standardise files with files in sous-chefs/repo-management
## 6.3.6 - *2023-04-04*
- Standardise files with files in sous-chefs/repo-management
## 6.3.5 - *2023-04-01*
- Update workflows
## 6.3.5 - *2023-04-01*
- Standardise files with files in sous-chefs/repo-management
## 6.3.5 - *2023-04-01*
- Standardise files with files in sous-chefs/repo-management
## 6.3.4 - *2023-03-15*
- Standardise files with files in sous-chefs/repo-management
## 6.3.3 - *2023-02-15*
- Standardise files with files in sous-chefs/repo-management
## 6.3.2 - *2023-02-14*
- Standardise files with files in sous-chefs/repo-management
## 6.3.1 - *2022-12-06*
- Standardise files with files in sous-chefs/repo-management
## 6.3.0 - *2022-09-10*
- Version check fix for some Redis default settings to support Redis v4 and above.
## 6.2.4 - *2022-08-13*
- Fix systemd entry to ensure listening on all network interfaces ([#440](https://github.com/brianbianco/redisio/pull/440))
## 6.2.3 - *2022-08-12*
- Fix grammar in README.md
- Use latest instead of current channel with dokken
## 6.2.2 - *2022-04-25*
- Standardise files with files in sous-chefs/repo-management
## 6.2.1 - *2022-04-25*
- Fixes configdir permissions. Similar to [451](https://github.com/sous-chefs/redisio/pull/451)
- Deprecated `.foodcritic` configfile removed
## 6.2.0 - *2022-02-14*
- Adds support for Rocky Linux
## 6.1.3 - *2022-02-04*
- Remove references to selinux_policy cookbook
## 6.1.2 - *2022-02-03*
- Fixes configdir permissions preventing Sentinel to update the config file
## 6.1.1 - *2022-02-03*
- Remove delivery and move to calling RSpec directly via a reusable workflow
## 6.1.0 - *2021-09-15*
- Add protected mode to sentinel configuration file
## 6.0.0 - *2021-09-09*
- Set unified_mode true for Chef 17+ support
- Require Chef 15.3+ for unified_mode
- Require Chef 16 for user_ulimit resource
- Remove dependency on the ulimit cookbook
- Switch from using the selinux_policy cookbook to the selinux cookbook
- The selinux_policy cookbook is now deprecated. The resources have been moved
to the selinux cookbook
## 5.0.0 - *2021-09-08*
- resolved cookstyle error: attributes/default.rb:74:40 refactor: `Chef/Modernize/UseChefLanguageSystemdHelper`
## 4.3.2 - *2021-08-30*
- Standardise files with files in sous-chefs/repo-management

17
cookbooks/redisio/README.md
View File

@ -49,7 +49,7 @@ Tested on:
The redisio cookbook contains LWRP for installing, configuring and managing redis and redis_sentinel.
The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and setup service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master".
The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and set up service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master".
_NOTE: currently installation from source is not supported for FreeBSD_
The most common use case for the redisio cookbook is to use the default recipe, followed by the enable recipe.
@ -81,7 +81,7 @@ Redis-sentinel will write configuration and state data back into its configurati
### Role File Examples
#### Install redis and setup an instance with default settings on default port, and start the service through a role file
#### Install redis and set up an instance with default settings on default port, and start the service through a role file
```ruby
run_list *%w[
@ -92,7 +92,7 @@ run_list *%w[
default_attributes({})
```
##### Install redis with packages and setup an instance with default settings on default port, and start the service through a role file
##### Install redis with packages and set up an instance with default settings on default port, and start the service through a role file
```ruby
run_list *%w[
@ -151,7 +151,7 @@ default_attributes({
}
```
##### Install redis and setup two instances on the same server, on different ports, with one slaved to the other through a role file
##### Install redis and set up two instances on the same server, on different ports, with one slaved to the other through a role file
```ruby
run_list *%w[
@ -169,7 +169,7 @@ default_attributes({
})
```
##### Install redis and setup two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named
##### Install redis and set up two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named
```ruby
run_list *%w[
@ -185,7 +185,7 @@ default_attributes({
})
```
##### Install redis and setup three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir
##### Install redis and set up three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir
```ruby
run_list *%w[
@ -230,7 +230,7 @@ run_list *%w[
]
```
#### Install redis and setup two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef
#### Install redis and set up two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef
```ruby
run_list *%w[
@ -413,7 +413,8 @@ The sentinel recipe's use their own attribute file.
'logfile' => nil,
'syslogenabled' => 'yes',
'syslogfacility' => 'local0',
'quorum_count' => 2
'quorum_count' => 2,
'protected-mode' => nil,
```
* `redisio['redisio']['sentinel']['manage_config']` - Should the cookbook manage the redis and redis sentinel config files. This is best set to false when using redis_sentinel as it will write state into both configuration files.

13
cookbooks/redisio/attributes/default.rb
View File

@ -2,12 +2,12 @@ package_bin_path = '/usr/bin'
config_dir = '/etc/redis'
default_package_install = false
case node['platform']
when 'ubuntu', 'debian'
case node['platform_family']
when 'debian'
shell = '/bin/false'
homedir = '/var/lib/redis'
package_name = 'redis-server'
when 'centos', 'redhat', 'scientific', 'amazon', 'suse', 'fedora'
when 'rhel', 'fedora'
shell = '/bin/sh'
homedir = '/var/lib/redis'
package_name = 'redis'
@ -162,3 +162,10 @@ default['redisio']['bin_path'] = if node['redisio']['package_install']
else
'/usr/local/bin'
end
# Ulimit
default['ulimit']['pam_su_template_cookbook'] = nil
default['ulimit']['users'] = Mash.new
default['ulimit']['security_limits_directory'] = '/etc/security/limits.d'
default['ulimit']['ulimit_overriding_sudo_file_name'] = 'sudo'
default['ulimit']['ulimit_overriding_sudo_file_cookbook'] = nil

1
cookbooks/redisio/attributes/redis_sentinel.rb
View File

@ -26,6 +26,7 @@ default['redisio']['sentinel_defaults'] = {
'announce-port' => nil,
'notification-script' => nil,
'client-reconfig-script' => nil,
'protected_mode' => nil,
}
# Manage Sentinel Config File

2
cookbooks/redisio/chefignore
View File

@ -61,7 +61,7 @@ Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
kitchen*.yml
mlc_config.json
Procfile
Rakefile

8
cookbooks/redisio/files/sudo Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth required pam_env.so readenv=1 user_readenv=0
auth required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
session required pam_limits.so
@include common-auth
@include common-account
@include common-session-noninteractive

46
cookbooks/redisio/kitchen.dokken.yml
View File

@ -1,46 +0,0 @@
---
driver:
name: dokken
privileged: true
chef_version: current
env: [CHEF_LICENSE=accept]
transport:
name: dokken
provisioner:
name: dokken
deprecations_as_errors: true
verifier:
name: inspec
platforms:
- name: centos-7
driver:
image: dokken/centos-7
pid_one_command: /usr/lib/systemd/systemd
run_list:
- recipe[yum-epel::default]
- recipe[yum-remi::default]
- name: debian-9
driver:
image: dokken/debian-9
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-16.04
driver:
image: dokken/ubuntu-16.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-18.04
driver:
image: dokken/ubuntu-18.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update

9
cookbooks/redisio/metadata.json
View File

@ -6,18 +6,17 @@
"maintainer_email": "help@sous-chefs.org",
"license": "Apache-2.0",
"platforms": {
"amazon": ">= 0.0.0",
"centos": ">= 0.0.0",
"debian": ">= 0.0.0",
"fedora": ">= 0.0.0",
"redhat": ">= 0.0.0",
"rocky": ">= 0.0.0",
"scientific": ">= 0.0.0",
"suse": ">= 0.0.0",
"ubuntu": ">= 0.0.0"
},
"dependencies": {
"ulimit": ">= 0.1.2",
"selinux_policy": ">= 2.2.0"
"selinux": ">= 0.0.0"
},
"providing": {
@ -25,13 +24,13 @@
"recipes": {
},
"version": "5.0.0",
"version": "6.4.1",
"source_url": "https://github.com/sous-chefs/redisio",
"issues_url": "https://github.com/sous-chefs/redisio/issues",
"privacy": false,
"chef_versions": [
[
">= 15.5"
">= 16"
]
],
"ohai_versions": [

28
cookbooks/redisio/metadata.rb
View File

@ -3,23 +3,19 @@ maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Installs and configures redis'
version '5.0.0'
version '6.4.1'
source_url 'https://github.com/sous-chefs/redisio'
issues_url 'https://github.com/sous-chefs/redisio/issues'
chef_version '>= 15.5'
chef_version '>= 16'
%w(
amazon
centos
debian
fedora
redhat
scientific
suse
ubuntu
).each do |os|
supports os
end
suports 'amazon'
supports 'centos'
supports 'debian'
supports 'fedora'
supports 'redhat'
supports 'rocky'
supports 'scientific'
supports 'suse'
supports 'ubuntu'
depends 'ulimit', '>= 0.1.2'
depends 'selinux_policy', '>= 2.2.0'
depends 'selinux'

576
cookbooks/redisio/providers/configure.rb
View File

@ -1,9 +1,4 @@
action :run do
configure
new_resource.updated_by_last_action(true)
end
def configure
base_piddir = new_resource.base_piddir
if !new_resource.version
@ -72,318 +67,311 @@ def configure
current['maxclients']
end
recipe_eval do
server_name = current['name'] || current['port']
piddir = "#{base_piddir}/#{server_name}"
aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof"
rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb"
server_name = current['name'] || current['port']
piddir = "#{base_piddir}/#{server_name}"
aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof"
rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb"
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'root'
mode '0755'
recursive true
action :create
end
# Create the instance data directory
directory current['datadir'] do
owner current['user']
group current['group']
mode '0775'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'redis'
mode '0775'
recursive true
action :create
end
# Create the instance data directory
directory current['datadir'] do
owner current['user']
group current['group']
mode '0775'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
end
# Create the log directory if syslog is not being used
if log_directory
directory log_directory do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
end
# Create the log directory if syslog is not being used
end
# Configure SELinux if it is enabled
extend Chef::Util::Selinux
if selinux_enabled?
selinux_install 'install'
selinux_fcontext "#{current['configdir']}(/.*)?" do
secontext 'redis_conf_t'
end
selinux_fcontext "#{current['datadir']}(/.*)?" do
secontext 'redis_var_lib_t'
end
selinux_fcontext "#{piddir}(/.*)?" do
secontext 'redis_var_run_t'
end
if log_directory
directory log_directory do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
selinux_fcontext "#{log_directory}(/.*)?" do
secontext 'redis_log_t'
end
end
# Configure SELinux if it is enabled
extend Chef::Util::Selinux
if selinux_enabled?
selinux_policy_install 'install'
selinux_policy_fcontext "#{current['configdir']}(/.*)?" do
secontext 'redis_conf_t'
end
selinux_policy_fcontext "#{current['datadir']}(/.*)?" do
secontext 'redis_var_lib_t'
end
selinux_policy_fcontext "#{piddir}(/.*)?" do
secontext 'redis_var_run_t'
end
if log_directory
selinux_policy_fcontext "#{log_directory}(/.*)?" do
secontext 'redis_log_t'
end
end
end
# Create the log file if syslog is not being used
if log_file
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
backup false
action :touch
# in version 2.8 or higher the empty string is used instead of stdout
only_if { !log_file.empty? && log_file != 'stdout' }
end
end
# Set proper permissions on the AOF or RDB files
file aof_file do
end
# Create the log file if syslog is not being used
if log_file
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' }
only_if { ::File.exist?(aof_file) }
end
file rdb_file do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' }
only_if { ::File.exist?(rdb_file) }
end
# Setup the redis users descriptor limits
# Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab
# TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD
if current['ulimit'] && !platform_family?('freebsd')
user_ulimit current['user'] do
filehandle_limit descriptors
end
end
computed_save = current['save']
if current['save'] && current['save'].respond_to?(:each_line)
computed_save = current['save'].each_line
Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.")
Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.")
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
current['requirepass'] = bag[current['data_bag_key']]
current['masterauth'] = bag[current['data_bag_key']]
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{server_name}.conf" do
source node['redisio']['redis_config']['template_source']
cookbook node['redisio']['redis_config']['template_cookbook']
owner current['user']
group current['group']
mode current['permissions']
backup false
action :create
# in version 2.8 or higher the empty string is used instead of stdout
only_if { !log_file.empty? && log_file != 'stdout' }
end
end
# Set proper permissions on the AOF or RDB files
file aof_file do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' }
only_if { ::File.exist?(aof_file) }
end
file rdb_file do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' }
only_if { ::File.exist?(rdb_file) }
end
# Setup the redis users descriptor limits
# Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab
# TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD
if current['ulimit'] && !platform_family?('freebsd')
user_ulimit current['user'] do
filehandle_limit descriptors
end
end
computed_save = current['save']
if current['save'] && current['save'].respond_to?(:each_line)
computed_save = current['save'].each_line
Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.")
Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.")
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
current['requirepass'] = bag[current['data_bag_key']]
current['masterauth'] = bag[current['data_bag_key']]
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{server_name}.conf" do
source node['redisio']['redis_config']['template_source']
cookbook node['redisio']['redis_config']['template_cookbook']
owner current['user']
group current['group']
mode current['permissions']
action :create
variables(
version: version_hash,
piddir: piddir,
name: server_name,
job_control: node['redisio']['job_control'],
port: current['port'],
tcpbacklog: current['tcpbacklog'],
address: current['address'],
databases: current['databases'],
backuptype: current['backuptype'],
datadir: current['datadir'],
unixsocket: current['unixsocket'],
unixsocketperm: current['unixsocketperm'],
timeout: current['timeout'],
keepalive: current['keepalive'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
save: computed_save,
stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'],
rdbcompression: current['rdbcompression'],
rdbchecksum: current['rdbchecksum'],
dbfilename: current['dbfilename'],
slaveof: current['slaveof'],
protected_mode: current['protected_mode'],
masterauth: current['masterauth'],
slaveservestaledata: current['slaveservestaledata'],
slavereadonly: current['slavereadonly'],
replpingslaveperiod: current['replpingslaveperiod'],
repltimeout: current['repltimeout'],
repldisabletcpnodelay: current['repldisabletcpnodelay'],
replbacklogsize: current['replbacklogsize'],
replbacklogttl: current['replbacklogttl'],
slavepriority: current['slavepriority'],
requirepass: current['requirepass'],
rename_commands: current['rename_commands'],
maxclients: current['maxclients'],
maxmemory: maxmemory,
maxmemorypolicy: current['maxmemorypolicy'],
maxmemorysamples: current['maxmemorysamples'],
appendfilename: current['appendfilename'],
appendfsync: current['appendfsync'],
noappendfsynconrewrite: current['noappendfsynconrewrite'],
aofrewritepercentage: current['aofrewritepercentage'],
aofrewriteminsize: current['aofrewriteminsize'],
aofloadtruncated: current['aofloadtruncated'],
luatimelimit: current['luatimelimit'],
slowloglogslowerthan: current['slowloglogslowerthan'],
slowlogmaxlen: current['slowlogmaxlen'],
notifykeyspaceevents: current['notifykeyspaceevents'],
hashmaxziplistentries: current['hashmaxziplistentries'],
hashmaxziplistvalue: current['hashmaxziplistvalue'],
listmaxziplistentries: current['listmaxziplistentries'],
listmaxziplistvalue: current['listmaxziplistvalue'],
setmaxintsetentries: current['setmaxintsetentries'],
zsetmaxziplistentries: current['zsetmaxziplistentries'],
zsetmaxziplistvalue: current['zsetmaxziplistvalue'],
hllsparsemaxbytes: current['hllsparsemaxbytes'],
activerehasing: current['activerehasing'],
clientoutputbufferlimit: current['clientoutputbufferlimit'],
hz: current['hz'],
aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'],
clusterenabled: current['clusterenabled'],
clusterconfigfile: current['clusterconfigfile'],
clusternodetimeout: current['clusternodetimeout'],
includes: current['includes'],
minslavestowrite: current['minslavestowrite'],
minslavesmaxlag: current['minslavesmaxlag'],
repldisklesssync: current['repldisklesssync'],
repldisklesssyncdelay: current['repldisklesssyncdelay']
)
not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") }
end
file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the redis config more than once'
action :create_if_missing
only_if { current['breadcrumb'] == true }
end
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
case node['redisio']['job_control']
when 'initd'
template "/etc/init.d/redis#{server_name}" do
source 'redis.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
version: version_hash,
piddir: piddir,
name: server_name,
job_control: node['redisio']['job_control'],
port: current['port'],
tcpbacklog: current['tcpbacklog'],
address: current['address'],
databases: current['databases'],
backuptype: current['backuptype'],
datadir: current['datadir'],
unixsocket: current['unixsocket'],
unixsocketperm: current['unixsocketperm'],
timeout: current['timeout'],
keepalive: current['keepalive'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
save: computed_save,
stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'],
rdbcompression: current['rdbcompression'],
rdbchecksum: current['rdbchecksum'],
dbfilename: current['dbfilename'],
slaveof: current['slaveof'],
protected_mode: current['protected_mode'],
masterauth: current['masterauth'],
slaveservestaledata: current['slaveservestaledata'],
slavereadonly: current['slavereadonly'],
replpingslaveperiod: current['replpingslaveperiod'],
repltimeout: current['repltimeout'],
repldisabletcpnodelay: current['repldisabletcpnodelay'],
replbacklogsize: current['replbacklogsize'],
replbacklogttl: current['replbacklogttl'],
slavepriority: current['slavepriority'],
requirepass: current['requirepass'],
rename_commands: current['rename_commands'],
maxclients: current['maxclients'],
maxmemory: maxmemory,
maxmemorypolicy: current['maxmemorypolicy'],
maxmemorysamples: current['maxmemorysamples'],
appendfilename: current['appendfilename'],
appendfsync: current['appendfsync'],
noappendfsynconrewrite: current['noappendfsynconrewrite'],
aofrewritepercentage: current['aofrewritepercentage'],
aofrewriteminsize: current['aofrewriteminsize'],
aofloadtruncated: current['aofloadtruncated'],
luatimelimit: current['luatimelimit'],
slowloglogslowerthan: current['slowloglogslowerthan'],
slowlogmaxlen: current['slowlogmaxlen'],
notifykeyspaceevents: current['notifykeyspaceevents'],
hashmaxziplistentries: current['hashmaxziplistentries'],
hashmaxziplistvalue: current['hashmaxziplistvalue'],
listmaxziplistentries: current['listmaxziplistentries'],
listmaxziplistvalue: current['listmaxziplistvalue'],
setmaxintsetentries: current['setmaxintsetentries'],
zsetmaxziplistentries: current['zsetmaxziplistentries'],
zsetmaxziplistvalue: current['zsetmaxziplistvalue'],
hllsparsemaxbytes: current['hllsparsemaxbytes'],
activerehasing: current['activerehasing'],
clientoutputbufferlimit: current['clientoutputbufferlimit'],
hz: current['hz'],
aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'],
clusterenabled: current['clusterenabled'],
clusterconfigfile: current['clusterconfigfile'],
clusternodetimeout: current['clusternodetimeout'],
includes: current['includes'],
minslavestowrite: current['minslavestowrite'],
minslavesmaxlag: current['minslavesmaxlag'],
repldisklesssync: current['repldisklesssync'],
repldisklesssyncdelay: current['repldisklesssyncdelay']
name: server_name,
bin_path: bin_path,
port: current['port'],
address: current['address'],
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
requirepass: current['requirepass'],
shutdown_save: current['shutdown_save'],
platform: node['platform'],
unixsocket: current['unixsocket'],
ulimit: descriptors,
required_start: node['redisio']['init.d']['required_start'].join(' '),
required_stop: node['redisio']['init.d']['required_stop'].join(' ')
)
not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") }
end
when 'upstart'
template "/etc/init/redis#{server_name}.conf" do
source 'redis.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: server_name,
bin_path: bin_path,
port: current['port'],
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'rcinit'
template "/usr/local/etc/rc.d/redis#{server_name}" do
source 'redis.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: server_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'systemd'
service_name = "redis@#{server_name}"
reload_name = "#{service_name} systemd reload"
file "/etc/tmpfiles.d/#{service_name}.conf" do
content "d #{piddir} 0755 #{current['user']} #{current['group']}\n"
owner 'root'
group 'root'
mode '0644'
end
file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the redis config more than once'
action :create_if_missing
only_if { current['breadcrumb'] == true }
execute reload_name do
command 'systemctl daemon-reload'
action :nothing
end
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
case node['redisio']['job_control']
when 'initd'
template "/etc/init.d/redis#{server_name}" do
source 'redis.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
name: server_name,
bin_path: bin_path,
port: current['port'],
address: current['address'],
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
requirepass: current['requirepass'],
shutdown_save: current['shutdown_save'],
platform: node['platform'],
unixsocket: current['unixsocket'],
ulimit: descriptors,
required_start: node['redisio']['init.d']['required_start'].join(' '),
required_stop: node['redisio']['init.d']['required_stop'].join(' ')
)
end
when 'upstart'
template "/etc/init/redis#{server_name}.conf" do
source 'redis.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: server_name,
bin_path: bin_path,
port: current['port'],
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'rcinit'
template "/usr/local/etc/rc.d/redis#{server_name}" do
source 'redis.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: server_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'systemd'
service_name = "redis@#{server_name}"
reload_name = "#{service_name} systemd reload"
file "/etc/tmpfiles.d/#{service_name}.conf" do
content "d #{piddir} 0755 #{current['user']} #{current['group']}\n"
owner 'root'
group 'root'
mode '0644'
end
execute reload_name do
command 'systemctl daemon-reload'
action :nothing
end
template "/lib/systemd/system/#{service_name}.service" do
source 'redis@.service.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0644'
variables(
bin_path: bin_path,
user: current['user'],
group: current['group'],
limit_nofile: descriptors
)
notifies :run, "execute[#{reload_name}]", :immediately
end
template "/lib/systemd/system/#{service_name}.service" do
source 'redis@.service.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0644'
variables(
bin_path: bin_path,
user: current['user'],
group: current['group'],
limit_nofile: descriptors
)
notifies :run, "execute[#{reload_name}]", :immediately
end
end
end
# servers each loop
end
def load_current_resource
@current_resource = Chef::Resource.resource_for_node(:redisio_configure, node).new(new_resource.name)
@current_resource
end

360
cookbooks/redisio/providers/sentinel.rb
View File

@ -1,9 +1,4 @@
action :run do
configure
new_resource.updated_by_last_action(true)
end
def configure
base_piddir = new_resource.base_piddir
current_version = if new_resource.version.nil?
@ -23,200 +18,199 @@ def configure
# Merge the configuration defaults with the provided array of configurations provided
current = current_defaults_hash.merge(current_instance_hash)
recipe_eval do
sentinel_name = current['name'] || current['port']
sentinel_name = "sentinel_#{sentinel_name}"
piddir = "#{base_piddir}/#{sentinel_name}"
sentinel_name = current['name'] || current['port']
sentinel_name = "sentinel_#{sentinel_name}"
piddir = "#{base_piddir}/#{sentinel_name}"
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'root'
mode '0755'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'redis'
mode '0775'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
end
unless current['logfile'].nil?
# Create the log directory if syslog is not being used
directory ::File.dirname(current['logfile']) do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' }
end
unless current['logfile'].nil?
# Create the log directory if syslog is not being used
directory ::File.dirname(current['logfile']) do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' }
end
# Create the log file is syslog is not being used
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
backup false
action :touch
only_if { current['logfile'] && current['logfile'] != 'stdout' }
end
end
# <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %>
# <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %>
# sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%>
# sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%>
# sentinel failover-timeout <%=@name%> <%=@failovertimeout%>
# convert from old format (preserve compat)
if !current['masters'] && current['master_ip']
Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.')
# use old key names if newer key names aren't present (e.g. 'foo' || :foo)
masters = [
{
master_name: current['master_name'] || current[:mastername],
master_ip: current['master_ip'] || current[:masterip],
master_port: current['master_port'] || current[:masterport],
quorum_count: current['quorum_count'] || current[:quorum_count],
auth_pass: current['auth-pass'] || current[:authpass],
down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil],
parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs],
failover_timeout: current['failover-timeout'] || current[:failovertimeout],
},
]
else
masters = [current['masters']].flatten
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
masters.each do |master|
master['auth_pass'] = bag[current['data_bag_key']]
end
end
# merge in default values to each sentinel hash
masters_with_defaults = []
masters.each do |current_sentinel_master|
default_sentinel_master = new_resource.sentinel_defaults.to_hash
sentinel_master = default_sentinel_master.merge(current_sentinel_master || {})
masters_with_defaults << sentinel_master
end
# Don't render a template if we're missing these from any sentinel,
# as these are the minimal settings required to be passed in
masters_with_defaults.each do |sentinel_instance|
%w(master_ip master_port quorum_count).each do |param|
raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param]
end
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{sentinel_name}.conf" do
source 'sentinel.conf.erb'
cookbook 'redisio'
# Create the log file is syslog is not being used
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
action :create
variables(
name: current['name'],
piddir: piddir,
version: version_hash,
job_control: node['redisio']['job_control'],
sentinel_bind: current['sentinel_bind'],
sentinel_port: current['sentinel_port'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
masters: masters_with_defaults,
announce_ip: current['announce-ip'],
announce_port: current['announce-port'],
notification_script: current['notification-script'],
client_reconfig_script: current['client-reconfig-script']
)
not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") }
backup false
action :touch
only_if { current['logfile'] && current['logfile'] != 'stdout' }
end
end
file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the sentinel config more than once'
action :create_if_missing
end
# <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %>
# <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %>
# sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%>
# sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%>
# sentinel failover-timeout <%=@name%> <%=@failovertimeout%>
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
template "/etc/init.d/redis_#{sentinel_name}" do
source 'sentinel.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
platform: node['platform']
)
only_if { node['redisio']['job_control'] == 'initd' }
end
# convert from old format (preserve compat)
if !current['masters'] && current['master_ip']
Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.')
template "/etc/init/redis_#{sentinel_name}.conf" do
source 'sentinel.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'upstart' }
# use old key names if newer key names aren't present (e.g. 'foo' || :foo)
masters = [
{
master_name: current['master_name'] || current[:mastername],
master_ip: current['master_ip'] || current[:masterip],
master_port: current['master_port'] || current[:masterport],
quorum_count: current['quorum_count'] || current[:quorum_count],
auth_pass: current['auth-pass'] || current[:authpass],
down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil],
parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs],
failover_timeout: current['failover-timeout'] || current[:failovertimeout],
},
]
else
masters = [current['masters']].flatten
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
masters.each do |master|
master['auth_pass'] = bag[current['data_bag_key']]
end
# TODO: fix for freebsd
template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do
source 'sentinel.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'rcinit' }
end
# merge in default values to each sentinel hash
masters_with_defaults = []
masters.each do |current_sentinel_master|
default_sentinel_master = new_resource.sentinel_defaults.to_hash
sentinel_master = default_sentinel_master.merge(current_sentinel_master || {})
masters_with_defaults << sentinel_master
end
# Don't render a template if we're missing these from any sentinel,
# as these are the minimal settings required to be passed in
masters_with_defaults.each do |sentinel_instance|
%w(master_ip master_port quorum_count).each do |param|
raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param]
end
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{sentinel_name}.conf" do
source 'sentinel.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
action :create
variables(
name: current['name'],
piddir: piddir,
version: version_hash,
job_control: node['redisio']['job_control'],
sentinel_bind: current['sentinel_bind'],
sentinel_port: current['sentinel_port'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
masters: masters_with_defaults,
announce_ip: current['announce-ip'],
announce_port: current['announce-port'],
notification_script: current['notification-script'],
client_reconfig_script: current['client-reconfig-script'],
protected_mode: current['protected_mode']
)
not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") }
end
file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the sentinel config more than once'
action :create_if_missing
end
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
template "/etc/init.d/redis_#{sentinel_name}" do
source 'sentinel.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
platform: node['platform']
)
only_if { node['redisio']['job_control'] == 'initd' }
end
template "/etc/init/redis_#{sentinel_name}.conf" do
source 'sentinel.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'upstart' }
end
# TODO: fix for freebsd
template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do
source 'sentinel.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'rcinit' }
end
end
# servers each loop
end
@ -247,9 +241,3 @@ def version
end
nil
end
def load_current_resource
@current_resource = Chef::Resource.resource_for_node(:redisio_sentinel, node).new(new_resource.name)
@current_resource.version(version)
@current_resource
end

6
cookbooks/redisio/recipes/_install_prereqs.rb
View File

@ -1,9 +1,9 @@
packages_to_install = case node['platform']
when 'debian', 'ubuntu'
packages_to_install = case node['platform_family']
when 'debian'
%w(
tar
)
when 'redhat', 'centos', 'fedora', 'scientific', 'suse', 'amazon'
when 'rhel', 'fedora'
%w(
tar
)

2
cookbooks/redisio/recipes/configure.rb
View File

@ -1,5 +1,5 @@
include_recipe 'redisio::default'
include_recipe 'ulimit::default'
include_recipe 'redisio::ulimit'
redis = node['redisio']

12
cookbooks/redisio/recipes/default.rb
View File

@ -1,14 +1,4 @@
# debian 6.0.x fails the build_essential recipe without an apt-get update prior to run
if platform?('debian', 'ubuntu')
execute 'apt-get-update-periodic' do
command 'apt-get update'
ignore_failure true
only_if do
!File.exist?('/var/lib/apt/periodic/update-success-stamp') ||
File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400
end
end
end
apt_update
unless node['redisio']['package_install']
include_recipe 'redisio::_install_prereqs'

6
cookbooks/redisio/recipes/disable_os_default.rb
View File

@ -1,8 +1,8 @@
# disable the default OS redis init script
service_name = case node['platform']
when 'debian', 'ubuntu'
service_name = case node['platform_family']
when 'debian'
'redis-server'
when 'redhat', 'centos', 'fedora', 'scientific', 'suse', 'amazon'
when 'rhel', 'fedora'
'redis'
end

2
cookbooks/redisio/recipes/install.rb
View File

@ -19,4 +19,4 @@ else
end
end
include_recipe 'ulimit::default'
include_recipe 'redisio::ulimit'

2
cookbooks/redisio/recipes/sentinel.rb
View File

@ -1,6 +1,6 @@
include_recipe 'redisio::_install_prereqs'
include_recipe 'redisio::install'
include_recipe 'ulimit::default'
include_recipe 'redisio::ulimit'
redis = node['redisio']

25
cookbooks/redisio/recipes/ulimit.rb Normal file
View File

@ -0,0 +1,25 @@
# Pulled from the now replaced ulimit cookbook
# TODO: find a more tidy way to do this
ulimit = node['ulimit']
if platform_family?('debian')
template '/etc/pam.d/su' do
cookbook ulimit['pam_su_template_cookbook']
end
cookbook_file '/etc/pam.d/sudo' do
cookbook node['ulimit']['ulimit_overriding_sudo_file_cookbook']
source node['ulimit']['ulimit_overriding_sudo_file_name']
mode '0644'
end
end
if ulimit.key?('users')
ulimit['users'].each do |user, attributes|
user_ulimit user do
attributes.each do |a, v|
send(a.to_sym, v)
end
end
end
end

17
cookbooks/redisio/renovate.json Normal file
View File

@ -0,0 +1,17 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [{
"groupName": "Actions",
"matchUpdateTypes": ["patch", "pin", "digest"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
{
"groupName": "Actions",
"matchUpdateTypes": ["major"],
"automerge": false,
"addLabels": ["Release: Patch", "Skip: Announcements"]
}
]
}

2
cookbooks/redisio/resources/configure.rb
View File

@ -1,5 +1,5 @@
actions :run
unified_mode true
default_action :run
# Configuration attributes

2
cookbooks/redisio/resources/install.rb
View File

@ -1,5 +1,5 @@
actions :run
unified_mode true
default_action :run
# Installation attributes

2
cookbooks/redisio/resources/sentinel.rb
View File

@ -1,5 +1,5 @@
actions :run
unified_mode true
default_action :run
# Configuration attributes

9
cookbooks/redisio/templates/default/domain.erb Normal file
View File

@ -0,0 +1,9 @@
<%
node.run_state[:ulimit][@domain].each do |item, entries|
entries.each do |type, value|
-%>
<%= @domain %> <%= type %> <%= item %> <%= value %>
<%
end
end
-%>

10
cookbooks/redisio/templates/default/redis.conf.erb
View File

@ -26,7 +26,7 @@ pidfile <%= @piddir %>/redis_<%=@name%>.pid
# If port 0 is specified Redis will not listen on a TCP socket.
port <%=@port%>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 5 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 5 || @version[:major].to_i >= 3 %>
# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
@ -185,7 +185,7 @@ stop-writes-on-bgsave-error <%= @stopwritesonbgsaveerror %>
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression <%= @rdbcompression %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %>
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
@ -320,7 +320,7 @@ repl-diskless-sync <%=@repldisklesssync%>
repl-diskless-sync-delay <%=@repldisklesssyncdelay%>
<% end %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %>
# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
@ -353,7 +353,7 @@ repl-ping-slave-period <%=@replpingslaveperiod%>
#
repl-timeout <%=@repltimeout%>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %>
# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
@ -906,7 +906,7 @@ set-max-intset-entries <%= @setmaxintsetentries %>
zset-max-ziplist-entries <%= @zsetmaxziplistentries %>
zset-max-ziplist-value <%= @zsetmaxziplistvalue %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 9 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 9 || @version[:major].to_i >= 3 %>
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.

3
cookbooks/redisio/templates/default/redis@.service.erb
View File

@ -1,6 +1,7 @@
[Unit]
Description=Redis (%i) persistent key-value database
After=network.target
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=<%= @bin_path %>/redis-server /etc/redis/%i.conf --daemonize no

6
cookbooks/redisio/templates/default/sentinel.conf.erb
View File

@ -11,10 +11,14 @@ syslog-ident redis-<%= @name %>
syslog-facility <%= @syslogfacility %>
<%= "logfile #{@logfile}" unless @logfile.nil? %>
# bind sentinel IP
<% if @sentinel_bind %>
bind <%=@sentinel_bind%>
<% end %>
<% if @protected_mode %>
<%= "protected-mode #{@protected_mode}" %>
<% end %>
# port <sentinel-port>
# The port that this sentinel instance will run on
port <%=@sentinel_port%>

62
cookbooks/redisio/templates/default/su.erb Normal file
View File

@ -0,0 +1,62 @@
#
# The PAM configuration file for the Shadow `su' service
#
# This file modified by Chef to enable ulimit switching with `su`
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session

32
cookbooks/redisio/templates/default/ulimit.erb Normal file
View File

@ -0,0 +1,32 @@
# Limits settings for <%= @ulimit_user %>
<% unless @filehandle_limit.nil? -%>
<%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%>
<% end -%>
<% unless @process_limit.nil? -%>
<%= @ulimit_user -%> - nproc <%= @process_limit %>
<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%>
<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
<% end -%>
<% unless @memory_limit.nil? -%>
<%= @ulimit_user -%> - memlock <%= @memory_limit %>
<% end -%>
<% unless @core_limit.nil? -%>
<%= @ulimit_user -%> - core <%= @core_limit %>
<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
<% end -%>
<% unless @stack_limit.nil? -%>
<%= @ulimit_user -%> - stack <%= @stack_limit %>
<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
<% end -%>
<% unless @rtprio_limit.nil? -%>
<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%>
<% end -%>
<% unless @virt_limit.nil? -%>
<%= @ulimit_user -%> - as <%= @virt_limit %>
<% end -%>

5
cookbooks/selinux/.markdownlint-cli2.yaml Normal file
View File

@ -0,0 +1,5 @@
config:
ul-indent: false # MD007
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052

263
cookbooks/selinux/CHANGELOG.md Normal file
View File

@ -0,0 +1,263 @@
# selinux Cookbook CHANGELOG
This file is used to list changes made in each version of the selinux cookbook.
## 6.1.12 - *2023-05-17*
## 6.1.11 - *2023-04-17*
## 6.1.10 - *2023-04-07*
Standardise files with files in sous-chefs/repo-management
## 6.1.9 - *2023-04-01*
## 6.1.8 - *2023-04-01*
## 6.1.7 - *2023-04-01*
Standardise files with files in sous-chefs/repo-management
## 6.1.6 - *2023-03-20*
Standardise files with files in sous-chefs/repo-management
## 6.1.5 - *2023-03-15*
Standardise files with files in sous-chefs/repo-management
## 6.1.4 - *2023-02-23*
Standardise files with files in sous-chefs/repo-management
## 6.1.3 - *2023-02-15*
## 6.1.2 - *2023-02-14*
Standardise files with files in sous-chefs/repo-management
## 6.1.1 - *2023-02-03*
- Updated selinux_port documentation
## 6.1.0 - *2023-01-18*
- resolved cookstyle error: resources/install.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat`
- resolved cookstyle error: resources/module.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat`
- resolved cookstyle error: resources/state.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat`
- Standardise files with files in sous-chefs/repo-management
- Add `selinux_login` resource
- Add `selinux_user` resource
## 6.0.7 - *2022-11-01*
- Fix CentOS 6 package requirements
- Fix Chef 18 compatibility
## 6.0.6 - *2022-09-28*
- Add missing `policycoreutils-python` package
- Include additional platforms and suites for testing
- Run `apt_update` in `selinux_install` on Debian-based systems
- Fix SELinux enablement on Ubuntu 18.04
## 6.0.5 - *2022-09-18*
- Standardise files with files in sous-chefs/repo-management
- Add testing for Debian 11, Alma Linux and Rocky Linux
- Remove testing for CentOS 8 (prefer Stream instead)
- Update Github CI config
## 6.0.4 - *2022-02-17*
- Standardise files with files in sous-chefs/repo-management
## 6.0.3 - *2022-02-08*
- Remove delivery folder
## 6.0.2 - *2022-01-01*
- resolved cookstyle error: resources/install.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat`
- resolved cookstyle error: resources/module.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat`
- resolved cookstyle error: resources/state.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat`
## 6.0.1 - *2021-11-03*
- Correctly parse ports with multple contexts
## 6.0.0 - *2021-09-02*
- Import `selinux_policy` resources into this cookbook (`_fcontext`, `_permissive`, and `_port`)
- `selinux_policy_module` not imported since it is a duplicate of `selinux_module`
### Deprecations
- `selinux_fcontext` action `addormodify` renamed to `manage`
- `selinux_port` action `addormodify` renamed to `manage`
## 5.1.1 - *2021-08-30*
- Standardise files with files in sous-chefs/repo-management
## 5.1.0 - *2021-08-21*
- Fix `selinux_install` on Alma Linux / Oracle Linux
## 5.0.0 - *2021-08-10*
### Note: With version 5.0.0 the default recipe has been removed
- Major refactoring
- Restore support for Debian based distros
- All resources now use unified_mode
- Added selinux_boolean resource
- Remove attributes and default recipe
- Replaced with a set of bare recipes for the three selinux states
- Add automatic restart function to `selinux_state` resource
## 4.0.0 - *2021-07-21*
- Sous Chefs adoption
- Enable `unified_mode` for Chef 17 compatibility
- Update test platforms
## 3.1.1 (2020-09-29)
- Move `default['selinux']['status']` attribute to `default['selinux']['state']` to avoid conflicts with Ohai in Chef Infra Client 16 - [@shoekstra](https://github.com/shoekstra)
## 3.1.0 (2020-09-29)
- Cookstyle Bot Auto Corrections with Cookstyle 6.16.8 - [@cookstyle](https://github.com/cookstyle)
- Add a new `node['selinux']['install_mcstrans_package']` attribute to control installation of the mcdtrans package. This default to true to maintain existing functionality. - [@kapilchouhan99](https://github.com/kapilchouhan99)
## 3.0.2 (2020-08-25)
- Fix failures in CI- [@shoekstra](https://github.com/shoekstra)
- Specify platform to SoloRunner - [@shoekstra](https://github.com/shoekstra)
- Remove unnecessary Foodcritic comments - [@tas50](https://github.com/tas50)
- Notify :immediately not :immediate - [@tas50](https://github.com/tas50)
- Add Github actions testing of style/unit - [@tas50](https://github.com/tas50)
- [GH-67] - Do not try to modify frozen checksum - [@vzDevelopment](https://github.com/vzDevelopment)
- Standardise files with files in chef-cookbooks/repo-management - [@xorimabot](https://github.com/xorimabot)
## 3.0.1 (2019-11-14)
- Remove the deprecated ChefSpec report - [@tas50](https://github.com/tas50)
- Allow "-" and "_" for module names - [@ramereth](https://github.com/ramereth)
- Update Fedora versions we test on - [@tas50](https://github.com/tas50)
## 3.0.0 (2019-06-06)
- Support for SELinux Modules, via new resource `selinux_module`, able to compile `.te` files, install and remove modules;
- Improving test coverage for all resources
- Remove support for Ubuntu/Debian
- Require Chef 13+
## 2.1.1 (2018-06-07)
- Do not execute setenforce 1 always
- Remove chefspec matchers that are autogenerated now
- Chef 13 Fixes
## 2.1.0 (2017-09-15)
- Simplify Travis config and fix ChefDK 2.0 failures
- Use bento slugs in Kitchen
- Remove maintainer files
- More cleanup of the maintainer files
- Speed up install with multi-package install
## 2.0.3 (2017-06-13)
- Fix boolean check within default recipe
## 2.0.2 (2017-06-05)
- Permissive guard should grep for permissive not just disabled
## 2.0.1 (2017-05-30)
- Remove class_eval usage
## 2.0.0 (2017-05-15)
- Deprecate debian family support
- Make default for rhel family use setenforce regardless of whether a temporary change or not. Eliminates the requirement for a required reboot to effect change in the running system.
## 1.0.4 (2017-04-17)
- Switch to local delivery for testing
- Use the standard apache license string
- Updates for early Chef 12 and Chef 13 compatibility
- Update and add copyright blocks to the various files
## 1.0.3 (2017-03-14)
- Fix requirement in metadata to reflect need for Chef 12.7 as using action_class in state resource.
## 1.0.2 (2017-03-01)
- Remove setools* packages from install resource (utility to analyze and query policies, monitor and report audit logs, and manage file context). Future versions of this cookbook that might use this need to handle package install on Oracle Linux as not available in default repo.
## 1.0.1 (2017-02-26)
- Fix logic error in the permissive state change
## 1.0.0 (2017-02-26)
- **BREAKING CHANGE** `node['selinux']['state']` is now `node['selinux']['status']` to meet Chef 13 requirements.
- Update to current cookbook engineering standards
- Rewrite LWRP to 12.5 resources
- Resolved cookstyle errors
- Update package information for debian based on <https://debian-handbook.info/browse/stable/sect.selinux.html>
- selinux-activate looks like it's required to ACTUALLY activate selinux on non-RHEL systems. This seems like it could be destructive if unexpected.
- Add property temporary to allow for switching between permissive and enabled
- Add install resource
## v0.9.0 (2015-02-22)
- Initial Debian / Ubuntu support
- Various bug fixes
## v0.8.0 (2014-04-23)
- [COOK-4528] - Fix selinux directory permissions
- [COOK-4562] - Basic support for Ubuntu/Debian
## v0.7.2 (2014-03-24)
handling minimal installs
## v0.7.0 (2014-02-27)
[COOK-4218] Support setting SELinux boolean values
## v0.6.2
- Fixing bug introduced in 0.6.0
- adding basic test-kitchen coverage
## v0.6.0
- [COOK-760] - selinux enforce/permit/disable based on attribute
## v0.5.6
- [COOK-2124] - enforcing recipe fails if selinux is disabled
## v0.5.4
- [COOK-1277] - disabled recipe fails on systems w/o selinux installed
## v0.5.2
- [COOK-789] - fix dangling commas causing syntax error on some rubies
## v0.5.0
- [COOK-678] - add the selinux cookbook to the repository
- Use main selinux config file (/etc/selinux/config)
- Use getenforce instead of selinuxenabled for enforcing and permissive

201
cookbooks/selinux/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

83
cookbooks/selinux/README.md Normal file
View File

@ -0,0 +1,83 @@
# SELinux Cookbook
[![Cookbook Version](https://img.shields.io/cookbook/v/selnux.svg)](https://supermarket.chef.io/cookbooks/selinux)
[![CI State](https://github.com/sous-chefs/selinux/workflows/ci/badge.svg)](https://github.com/sous-chefs/selinux/actions?query=workflow%3Aci)
[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers)
[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
## Description
The SELinux (Security Enhanced Linux) cookbook provides recipes for manipulating SELinux policy enforcement state.
SELinux can have one of three settings:
`Enforcing`
- Watches all system access checks, stops all 'Denied access'
- Default mode on RHEL systems
`Permissive`
- Allows access but reports violations
`Disabled`
- Disables SELinux from the system but is only read at boot time. If you set this flag, you must reboot.
Disable SELinux only if you plan to not use it. Use `Permissive` mode if you just need to debug your system.
## Requirements
- Chef 15.3 or higher
## Platform
- RHEL 7+
- CentOS 7+
- Fedora
- Ubuntu
- Debian
## Resources
The following resources are provided:
- [selinux_boolean](documentation/selinux_boolean.md)
- [selinux_fcontext](documentation/selinux_fcontext.md)
- [selinux_install](documentation/selinux_install.md)
- [selinux_login](documentation/selinux_login.md)
- [selinux_module](documentation/selinux_module.md)
- [selinux_permissive](documentation/selinux_permissive.md)
- [selinux_port](documentation/selinux_port.md)
- [selinux_state](documentation/selinux_state.md)
- [selinux_user](documentation/selinux_user.md)
## Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If youd like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
## Contributors
This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
### Backers
Thank you to all our backers!
![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40)
### Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100)

115
cookbooks/selinux/chefignore Normal file
View File

@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen*.yml
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

17
cookbooks/selinux/libraries/boolean.rb Normal file
View File

@ -0,0 +1,17 @@
module SELinux
module Cookbook
module BooleanHelpers
def selinux_bool(bool)
if ['on', 'true', '1', true, 1].include?(bool)
'on'
elsif ['off', 'false', '0', false, 0].include?(bool)
'off'
else
raise ArgumentError, "selinux_bool: Invalid selinux boolean value #{bool}"
end
end
module_function :selinux_bool
end
end
end

33
cookbooks/selinux/libraries/install.rb Normal file
View File

@ -0,0 +1,33 @@
module SELinux
module Cookbook
module InstallHelpers
def default_install_packages
case node['platform_family']
when 'rhel'
case node['platform_version'].to_i
when 6
%w(make policycoreutils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
when 7
%w(make policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
else
%w(make policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
end
when 'amazon'
%w(make policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
when 'fedora'
%w(make policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
when 'debian'
if node['platform'] == 'ubuntu'
if node['platform_version'].to_f == 18.04
%w(make policycoreutils selinux selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
else
%w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
end
else
%w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
end
end
end
end
end
end

60
cookbooks/selinux/libraries/state.rb Normal file
View File

@ -0,0 +1,60 @@
module SELinux
module Cookbook
module StateHelpers
def selinux_disabled?
selinux_state.eql?(:disabled)
end
def selinux_enforcing?
selinux_state.eql?(:enforcing)
end
def selinux_permissive?
selinux_state.eql?(:permissive)
end
def state_change_reboot_required?
(selinux_disabled? && %i(enforcing permissive).include?(action)) ||
((selinux_enforcing? || selinux_permissive?) && action == :disabled) ||
(selinux_activate_required? && %i(enforcing permissive).include?(action))
end
def selinux_state
state = shell_out!('getenforce').stdout.strip.downcase.to_sym
raise "Got unknown SELinux state #{state}" unless %i(disabled enforcing permissive).include?(state)
state
end
def selinux_activate_required?
return false unless platform_family?('debian')
sestatus = shell_out!('sestatus -v').stdout.strip
# Ensure we're booted up to a system which has selinux activated and filesystem is properly labeled
if File.read('/proc/cmdline').match?('security=selinux') && sestatus.match?(%r{/usr/sbin/sshd.*sshd_exec_t})
false
else
true
end
end
def selinux_activate_cmd
# selinux-activate is semi-broken on Ubuntu 18.04 however this method does work
if platform?('ubuntu') && node['platform_version'] == '18.04'
'touch /.autorelabel'
else
'/usr/sbin/selinux-activate'
end
end
def default_policy_platform
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
'targeted'
when 'debian'
'default'
end
end
end
end
end

43
cookbooks/selinux/metadata.json Normal file
View File

@ -0,0 +1,43 @@
{
"name": "selinux",
"description": "Manages SELinux policy state and rules.",
"long_description": "",
"maintainer": "Sous Chefs",
"maintainer_email": "help@sous-chefs.org",
"license": "Apache-2.0",
"platforms": {
"redhat": ">= 0.0.0",
"centos": ">= 0.0.0",
"scientific": ">= 0.0.0",
"oracle": ">= 0.0.0",
"amazon": ">= 0.0.0",
"fedora": ">= 0.0.0",
"debian": ">= 0.0.0",
"ubuntu": ">= 0.0.0"
},
"dependencies": {
},
"providing": {
},
"recipes": {
},
"version": "6.1.12",
"source_url": "https://github.com/sous-chefs/selinux",
"issues_url": "https://github.com/sous-chefs/selinux/issues",
"privacy": false,
"chef_versions": [
[
">= 15.3"
]
],
"ohai_versions": [
],
"gems": [
],
"eager_load_libraries": true
}

13
cookbooks/selinux/metadata.rb Normal file
View File

@ -0,0 +1,13 @@
name 'selinux'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Manages SELinux policy state and rules.'
version '6.1.12'
source_url 'https://github.com/sous-chefs/selinux'
issues_url 'https://github.com/sous-chefs/selinux/issues'
chef_version '>= 15.3'
%w(redhat centos scientific oracle amazon fedora debian ubuntu).each do |os|
supports os
end

23
cookbooks/selinux/recipes/disabled.rb Normal file
View File

@ -0,0 +1,23 @@
#
# Cookbook:: selinux
# Recipe:: disabled
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
selinux_install 'selinux'
selinux_state 'disabled' do
automatic_reboot true
action :disabled
end

24
cookbooks/selinux/recipes/enforcing.rb Normal file
View File

@ -0,0 +1,24 @@
#
# Cookbook:: selinux
# Recipe:: enforcing
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
selinux_install 'selinux'
selinux_state 'enforcing' do
automatic_reboot true
action :enforcing
end

23
cookbooks/selinux/recipes/permissive.rb Normal file
View File

@ -0,0 +1,23 @@
#
# Cookbook:: selinux
# Recipe:: permissive
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
selinux_install 'selinux'
selinux_state 'permissive' do
automatic_reboot true
action :permissive
end

17
cookbooks/selinux/renovate.json Normal file
View File

@ -0,0 +1,17 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [{
"groupName": "Actions",
"matchUpdateTypes": ["patch", "pin", "digest"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
{
"groupName": "Actions",
"matchUpdateTypes": ["major"],
"automerge": false,
"addLabels": ["Release: Patch", "Skip: Announcements"]
}
]
}

56
cookbooks/selinux/resources/boolean.rb Normal file
View File

@ -0,0 +1,56 @@
#
# Cookbook:: selinux
# Resource:: boolean
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
property :boolean, String,
name_property: true,
description: 'SELinux boolean to set'
property :value, [Integer, String, true, false],
required: true,
equal_to: %w(on off),
coerce: proc { |p| ::SELinux::Cookbook::BooleanHelpers.selinux_bool(p) },
description: 'SELinux boolean value'
property :persistent, [true, false],
default: true,
desired_state: false,
description: 'Set to true for value setting to survive reboot'
load_current_value do |new_resource|
value shell_out!("getsebool #{new_resource.boolean}").stdout.split('-->').map(&:strip).last
end
action_class do
include ::SELinux::Cookbook::StateHelpers
end
action :set do
if selinux_disabled?
Chef::Log.warn("Unable to set SELinux boolean #{new_resource.name} as SELinux is disabled")
return
end
converge_if_changed do
cmd = 'setsebool'
cmd += ' -P' if new_resource.persistent
cmd += " #{new_resource.boolean} #{new_resource.value}"
shell_out!(cmd)
end
end

132
cookbooks/selinux/resources/fcontext.rb Normal file
View File

@ -0,0 +1,132 @@
#
# Cookbook:: selinux
# Resource:: fcontext
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
property :file_spec, String,
name_property: true,
description: 'Path to or regex matching the files or directoriesto label'
property :secontext, String,
required: %i(add modify manage),
description: 'SELinux context to assign'
property :file_type, String,
default: 'a',
equal_to: %w(a f d c b s l p),
description: 'The type of the file being labeled'
action_class do
include ::SELinux::Cookbook::StateHelpers
def current_file_context
file_hash = {
'a' => 'all files',
'f' => 'regular file',
'd' => 'directory',
'c' => 'character device',
'b' => 'block device',
's' => 'socket',
'l' => 'symbolic link',
'p' => 'named pipe',
}
contexts = shell_out!('semanage fcontext -l').stdout.split("\n")
# pull out file label from user:role:type:level context string
contexts.grep(/^#{Regexp.escape(new_resource.file_spec)}\s+#{file_hash[new_resource.file_type]}/) do |c|
c.match(/.+ (?<user>.+):(?<role>.+):(?<type>.+):(?<level>.+)$/)[:type]
# match returns ['foo'] or [], shift converts that to 'foo' or nil
end.shift
end
# Run restorecon to fix label
# https://github.com/sous-chefs/selinux_policy/pull/72#issuecomment-338718721
def relabel_files
spec = new_resource.file_spec
escaped = Regexp.escape spec
# find common path between regex and string
common = if spec == escaped
spec
else
index = spec.size.times { |i| break i if spec[i] != escaped[i] }
::File.dirname spec[0...index]
end
# if path is not absolute, ignore it and search everything
common = '/' if common[0] != '/'
if ::File.exist? common
shell_out!("find #{common.shellescape} -ignore_readdir_race -regextype posix-egrep -regex #{spec.shellescape} -prune -print0 | xargs -0 restorecon -iRv")
end
end
end
action :manage do
run_action(:add)
run_action(:modify)
end
action :addormodify do
Chef::Log.warn('The :addormodify action for selinux_fcontext is deprecated and will be removed in a future release. Use the :manage action instead.')
run_action(:manage)
end
# Create if doesn't exist, do not touch if fcontext is already registered
action :add do
if selinux_disabled?
Chef::Log.warn("Unable to add SELinux fcontext #{new_resource.name} as SELinux is disabled")
return
end
unless current_file_context
converge_by "adding label #{new_resource.secontext} to #{new_resource.file_spec}" do
shell_out!("semanage fcontext -a -f #{new_resource.file_type} -t #{new_resource.secontext} '#{new_resource.file_spec}'")
relabel_files
end
end
end
# Only modify if fcontext exists & doesn't have the correct label already
action :modify do
if selinux_disabled?
Chef::Log.warn("Unable to modify SELinux fcontext #{new_resource.name} as SELinux is disabled")
return
end
if current_file_context && current_file_context != new_resource.secontext
converge_by "modifying label #{new_resource.secontext} to #{new_resource.file_spec}" do
shell_out!("semanage fcontext -m -f #{new_resource.file_type} -t #{new_resource.secontext} '#{new_resource.file_spec}'")
relabel_files
end
end
end
# Delete if exists
action :delete do
if selinux_disabled?
Chef::Log.warn("Unable to delete SELinux fcontext #{new_resource.name} as SELinux is disabled")
return
end
if current_file_context
converge_by "deleting label for #{new_resource.file_spec}" do
shell_out!("semanage fcontext -d -f #{new_resource.file_type} '#{new_resource.file_spec}'")
relabel_files
end
end
end

56
cookbooks/selinux/resources/install.rb Normal file
View File

@ -0,0 +1,56 @@
#
# Cookbook:: selinux
# Resource:: install
#
# Copyright:: 2016-2023, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
unified_mode true
include ::SELinux::Cookbook::InstallHelpers
property :packages, [String, Array],
default: lazy { default_install_packages },
description: 'SELinux packages for system'
action_class do
def do_package_action(action)
# friendly message for unsupported platforms
raise "The platform #{node['platform']} is not currently supported by the `selinux_install` resource. Please file an issue at https://github.com/sous-chefs/selinux/issues/new with details on the platform this cookbook is running on." if new_resource.packages.nil?
apt_update 'selinux' if platform_family?('debian')
package 'selinux' do
package_name new_resource.packages
action action
end
end
end
action :install do
do_package_action(action)
directory '/etc/selinux' do
owner 'root'
group 'root'
mode '0755'
action :create
end
end
%i(upgrade remove).each do |a|
action a do
do_package_action(a)
end
end

88
cookbooks/selinux/resources/login.rb Normal file
View File

@ -0,0 +1,88 @@
#
# Cookbook:: selinux
# Resource:: login
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
property :login, String,
name_property: true,
description: 'OS user login'
property :user, String,
description: 'SELinux user'
property :range, String,
description: 'MLS/MCS security range for the login'
load_current_value do |new_resource|
logins = shell_out!('semanage login -l').stdout.split("\n")
current_login = logins.grep(/^#{Regexp.escape(new_resource.login)}\s+/) do |l|
l.match(/^(?<login>[^\s]+)\s+(?<user>[^\s]+)\s+(?<range>[^\s]+)/)
# match returns [<Match 'data'>] or [], shift converts that to <Match 'data'> or nil
end.shift
current_value_does_not_exist! unless current_login
# Existing resources should maintain their current configuration unless otherwise specified
new_resource.user ||= current_login[:user]
new_resource.range ||= current_login[:range]
user current_login[:user]
range current_login[:range]
end
action_class do
def semanage_login_args
args = ''
args += " -s #{new_resource.user}" if new_resource.user
args += " -r #{new_resource.range}" if new_resource.range
args
end
end
action :manage do
run_action(:add)
run_action(:modify)
end
action :add do
raise 'The user property must be populated to create a new SELinux login' unless new_resource.user
unless current_resource
converge_if_changed do
shell_out!("semanage login -a#{semanage_login_args} #{new_resource.login}")
end
end
end
action :modify do
if current_resource
converge_if_changed do
shell_out!("semanage login -m#{semanage_login_args} #{new_resource.login}")
end
end
end
action :delete do
if current_resource
converge_by "deleting SELinux login #{new_resource.login}" do
shell_out!("semanage login -d #{new_resource.login}")
end
end
end

125
cookbooks/selinux/resources/module.rb Normal file
View File

@ -0,0 +1,125 @@
#
# Cookbook:: selinux
# Resource:: module
#
# Copyright:: 2016-2023, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
unified_mode true
property :module_name, String,
name_property: true,
description: 'Override the module name'
property :source, String,
description: 'Module source file name'
property :content, String,
description: 'Module source as String'
property :cookbook, String,
default: lazy { cookbook_name },
description: 'Cookbook to source from module source file from'
property :base_dir, String,
default: '/etc/selinux/local',
description: 'Directory to create module source file in'
action_class do
def selinux_module_filepath(type)
path = ::File.join(new_resource.base_dir, "#{new_resource.module_name}")
path.concat(".#{type}") if type
end
def list_installed_modules
shell_out!('semodule --list-modules').stdout.split("\n").map { |x| x.split(/\s/).first }
end
end
action :create do
directory new_resource.base_dir
if property_is_set?(:content)
file selinux_module_filepath('te') do
content new_resource.content
mode '0600'
owner 'root'
group 'root'
action :create
notifies :run, "execute[Compiling SELinux modules at '#{new_resource.base_dir}']", :immediately
end
else
cookbook_file selinux_module_filepath('te') do
cookbook new_resource.cookbook
source new_resource.source
mode '0600'
owner 'root'
group 'root'
action :create
notifies :run, "execute[Compiling SELinux modules at '#{new_resource.base_dir}']", :immediately
end
end
execute "Compiling SELinux modules at '#{new_resource.base_dir}'" do
cwd new_resource.base_dir
command "make -C #{new_resource.base_dir} -f /usr/share/selinux/devel/Makefile"
timeout 120
user 'root'
action :nothing
notifies :run, "execute[Install SELinux module '#{selinux_module_filepath('pp')}']", :immediately
end
raise "Compilation must have failed, no 'pp' file found at: '#{selinux_module_filepath('pp')}'" unless ::File.exist?(selinux_module_filepath('pp'))
execute "Install SELinux module '#{selinux_module_filepath('pp')}'" do
command "semodule --install '#{selinux_module_filepath('pp')}'"
action :nothing
end
end
action :delete do
%w(fc if pp te).each do |type|
next unless ::File.exist?(selinux_module_filepath(type))
file selinux_module_filepath(type) do
action :delete
end
end
end
action :install do
raise "Module must be compiled before it can be installed, no 'pp' file found at: '#{selinux_module_filepath('pp')}'" unless ::File.exist?(selinux_module_filepath('pp'))
unless list_installed_modules.include? new_resource.module_name
converge_by "Install SELinux module #{selinux_module_filepath('pp')}" do
shell_out!("semodule --install '#{selinux_module_filepath('pp')}'")
end
end
end
action :remove do
if list_installed_modules.include? new_resource.module_name
converge_by "Remove SELinux module #{new_resource.module_name}" do
shell_out!("semodule --remove '#{new_resource.module_name}'")
end
end
end

46
cookbooks/selinux/resources/permissive.rb Normal file
View File

@ -0,0 +1,46 @@
#
# Cookbook:: selinux
# Resource:: permissive
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
property :context, String,
name_property: true,
description: 'The SELinux context to permit'
action_class do
def current_permissives
shell_out!('semanage permissive -ln').stdout.split("\n")
end
end
# Create if doesn't exist, do not touch if permissive is already registered (even under different type)
action :add do
unless current_permissives.include? new_resource.context
converge_by "adding permissive context #{new_resource.context}" do
shell_out!("semanage permissive -a '#{new_resource.context}'")
end
end
end
# Delete if exists
action :delete do
if current_permissives.include? new_resource.context
converge_by "deleting permissive context #{new_resource.context}" do
shell_out!("semanage permissive -d '#{new_resource.context}'")
end
end
end

98
cookbooks/selinux/resources/port.rb Normal file
View File

@ -0,0 +1,98 @@
#
# Cookbook:: selinux
# Resource:: port
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
property :port, [Integer, String],
name_property: true,
regex: /^\d+$/,
description: 'Port to modify'
property :protocol, String,
equal_to: %w(tcp udp),
required: %i(manage add modify),
description: 'Protocol to modify'
property :secontext, String,
required: %i(manage add modify),
description: 'SELinux context to assign to the port'
action_class do
include ::SELinux::Cookbook::StateHelpers
def current_port_context
# use awk to see if the given port is within a reported port range
shell_out!(
<<~CMD
seinfo --portcon=#{new_resource.port} | grep 'portcon #{new_resource.protocol}' | \
awk -F: '$(NF-1) !~ /reserved_port_t$/ && $(NF-3) !~ /[0-9]*-[0-9]*/ {print $(NF-1)}'
CMD
).stdout.split
end
end
action :manage do
run_action(:add)
run_action(:modify)
end
action :addormodify do
Chef::Log.warn('The :addormodify action for selinux_port is deprecated and will be removed in a future release. Use the :manage action instead.')
run_action(:manage)
end
# Create if doesn't exist, do not touch if port is already registered (even under different type)
action :add do
if selinux_disabled?
Chef::Log.warn("Unable to add SELinux port #{new_resource.name} as SELinux is disabled")
return
end
if current_port_context.empty?
converge_by "Adding context #{new_resource.secontext} to port #{new_resource.port}/#{new_resource.protocol}" do
shell_out!("semanage port -a -t '#{new_resource.secontext}' -p #{new_resource.protocol} #{new_resource.port}")
end
end
end
# Only modify port if it exists & doesn't have the correct context already
action :modify do
if selinux_disabled?
Chef::Log.warn("Unable to modify SELinux port #{new_resource.name} as SELinux is disabled")
return
end
if !current_port_context.empty? && !current_port_context.include?(new_resource.secontext)
converge_by "Modifying context #{new_resource.secontext} to port #{new_resource.port}/#{new_resource.protocol}" do
shell_out!("semanage port -m -t '#{new_resource.secontext}' -p #{new_resource.protocol} #{new_resource.port}")
end
end
end
# Delete if exists
action :delete do
if selinux_disabled?
Chef::Log.warn("Unable to delete SELinux port #{new_resource.name} as SELinux is disabled")
return
end
unless current_port_context.empty?
converge_by "Deleting context from port #{new_resource.port}/#{new_resource.protocol}" do
shell_out!("semanage port -d -p #{new_resource.protocol} #{new_resource.port}")
end
end
end

114
cookbooks/selinux/resources/state.rb Normal file
View File

@ -0,0 +1,114 @@
#
# Cookbook:: selinux
# Resource:: state
#
# Copyright:: 2016-2023, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
unified_mode true
include ::SELinux::Cookbook::StateHelpers
default_action :nothing
property :config_file, String,
default: '/etc/selinux/config'
property :persistent, [true, false],
default: true,
description: 'Persist status update to the selinux configuration file'
property :policy, String,
default: lazy { default_policy_platform },
equal_to: %w(default minimum mls src strict targeted),
description: 'SELinux policy type'
property :automatic_reboot, [true, false, Symbol],
default: false,
description: 'Perform an automatic node reboot if required for state change'
deprecated_property_alias 'temporary', 'persistent', 'The temporary property was renamed persistent in the 4.0 release of this cookbook. Please update your cookbooks to use the new property name.'
action_class do
include ::SELinux::Cookbook::StateHelpers
def render_selinux_template(action)
Chef::Log.warn(
'It is advised to set the configuration first to permissive to relabel the filesystem prior to enforcing.'
) if selinux_disabled? && action == :enforcing
unless new_resource.automatic_reboot
Chef::Log.warn('Changes from disabled require a reboot.') if selinux_disabled? && %i(enforcing permissive).include?(action)
Chef::Log.warn('Disabling selinux requires a reboot.') if (selinux_enforcing? || selinux_permissive?) && action == :disabled
end
template "#{action} selinux config" do
path new_resource.config_file
source 'selinux.erb'
cookbook 'selinux'
variables(
selinux: action.to_s,
selinuxtype: new_resource.policy
)
end
end
def node_selinux_restart
unless new_resource.automatic_reboot
Chef::Log.warn("SELinux state change to #{action} requires a manual reboot as SELinux is currently #{selinux_state} and automatic reboots are disabled.")
return
end
outer_action = action
reboot 'selinux_state_change' do
delay_mins 1
reason "SELinux state change to #{outer_action} from #{selinux_state}"
action new_resource.automatic_reboot.is_a?(Symbol) ? new_resource.automatic_reboot : :reboot_now
end
end
end
action :enforcing do
execute 'selinux-setenforce-enforcing' do
command '/usr/sbin/setenforce 1'
end unless selinux_disabled? || selinux_enforcing?
execute 'debian-selinux-activate' do
command selinux_activate_cmd
end if selinux_activate_required?
render_selinux_template(action) if new_resource.persistent
node_selinux_restart if state_change_reboot_required?
end
action :permissive do
execute 'selinux-setenforce-permissive' do
command '/usr/sbin/setenforce 0'
end unless selinux_disabled? || selinux_permissive?
execute 'debian-selinux-activate' do
command selinux_activate_cmd
end if selinux_activate_required?
render_selinux_template(action) if new_resource.persistent
node_selinux_restart if state_change_reboot_required?
end
action :disabled do
raise 'A non-persistent change to the disabled SELinux status is not possible.' unless new_resource.persistent
render_selinux_template(action)
node_selinux_restart if state_change_reboot_required?
end

95
cookbooks/selinux/resources/user.rb Normal file
View File

@ -0,0 +1,95 @@
#
# Cookbook:: selinux
# Resource:: user
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
property :user, String,
name_property: true,
description: 'SELinux user'
property :level, String,
description: 'MLS/MCS security level for the user'
property :range, String,
description: 'MLS/MCS security range for the user'
property :roles, Array,
description: 'SELinux roles for the user'
load_current_value do |new_resource|
users = shell_out!('semanage user -l').stdout.split("\n")
current_user = users.grep(/^#{Regexp.escape(new_resource.user)}\s+/) do |u|
u.match(/^(?<user>[^\s]+)\s+(?<prefix>[^\s]+)\s+(?<level>[^\s]+)\s+(?<range>[^\s]+)\s+(?<roles>.*)$/)
# match returns [<Match 'data'>] or [], shift converts that to <Match 'data'> or nil
end.shift
current_value_does_not_exist! unless current_user
# Existing resources should maintain their current configuration unless otherwise specified
new_resource.level ||= current_user[:level]
new_resource.range ||= current_user[:range]
new_resource.roles ||= current_user[:roles].to_s.split
new_resource.roles = new_resource.roles.sort
level current_user[:level]
range current_user[:range]
roles current_user[:roles].to_s.split.sort
end
action_class do
def semanage_user_args
args = ''
args += " -L #{new_resource.level}" if new_resource.level
args += " -r #{new_resource.range}" if new_resource.range
args += " -R '#{new_resource.roles.join(' ')}'" unless new_resource.roles.to_a.empty?
args
end
end
action :manage do
run_action(:add)
run_action(:modify)
end
action :add do
raise 'The roles property must be populated to create a new SELinux user' if new_resource.roles.to_a.empty?
unless current_resource
converge_if_changed do
shell_out!("semanage user -a#{semanage_user_args} #{new_resource.user}")
end
end
end
action :modify do
if current_resource
converge_if_changed do
shell_out!("semanage user -m#{semanage_user_args} #{new_resource.user}")
end
end
end
action :delete do
if current_resource
converge_by "deleting SELinux user #{new_resource.user}" do
shell_out!("semanage user -d #{new_resource.user}")
end
end
end

18
cookbooks/selinux/templates/debian/selinux.erb Normal file
View File

@ -0,0 +1,18 @@
# Generated by Chef for <%= node['fqdn'] %>
# Do NOT modify this file by hand.
#
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=<%= @selinux %>
# SELINUXTYPE= can take one of these three values:
# default - equivalent to the old strict and targeted policies
# mls - Multi-Level Security (for military and educational use)
# src - Custom policy built from source
SELINUXTYPE=<%= @selinuxtype %>
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

15
cookbooks/selinux/templates/default/selinux.erb Normal file
View File

@ -0,0 +1,15 @@
# Generated by Chef for <%= node['fqdn'] %>
# Do NOT modify this file by hand.
#
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=<%= @selinux %>
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=<%= @selinuxtype %>

221
cookbooks/selinux_policy/CHANGELOG.md
View File

@ -1,221 +0,0 @@
# selinux_policy CHANGELOG
This file is used to changes made in each version of the selinux_policy cookbook.
## 2.4.3 (2020-08-07)
- Ship the correct license file since this cookbook was relicensed - [@tas50](https://github.com/tas50)
- Update testing configs - [@tas50](https://github.com/tas50)
- Update the maintainer to be Chef Software - [@tas50](https://github.com/tas50)
## 2.4.2 (2020-08-07)
- Make sure the `setpersist` action runs by default not `set` to match the docs.
## 2.4.1 - 2020-05-14
- resolved cookstyle error: resources/module.rb:26:35 convention: `Layout/TrailingWhitespace`
- resolved cookstyle error: resources/module.rb:26:36 refactor: `ChefModernize/FoodcriticComments`
## [2.4.0] - 2020-02-13
- Fix port_defined helper function for Centos 8 compatibility
- Test fixes
## [2.3.6] - 2020-01-26
- Fix issue on use_selinux function
- Migrate to github actions
- Resolved ChefStyle/ImmediateNotificationTiming: Use :immediately instead of :immediate for resource notification timing notifies
## [2.3.5] - 2019-02-15
- Fix resource failure in permissive.rb Caused by [#96](https://github.com/sous-chefs/selinux_policy/pull/96)
- Migrated testing to circleci
## [2.3.4] - 2019-02-07
- Fix `shell_out` to use an actual shell. Caused by [#88](https://github.com/sous-chefs/selinux_policy/issues/88)
## [2.3.3] - 2019-02-06
- Perform relabel (restorecon) using xargs while still supporting regexes. Fixes [#88](https://github.com/sous-chefs/selinux_policy/issues/88)
## [2.3.2] - 2018-11-29
- Cache which helper method calls
## [2.3.1] - 2018-11-29
- Use `chef/mixin/which` to locate selinux binaries. Fixes [#85](https://github.com/sous-chefs/selinux_policy/issues/85) & [#93](https://github.com/sous-chefs/selinux_policy/issues/93)
## [2.3.0] - 2018-11-27
- Further fixes for the earlier refactoring
- Repair CI jobs
## [2.2.0] - 2018-11-21
- Large refactoring to helpers and resources
- Add RHEL-8 packages
## [2.1.0] - 2018-04-12
- Port definition methods to check for already defined ports
- Cleanup resource cloning
- Deprecate support for Chef 12.x now it's EOL
- Fix Foodcritic warnings & update test platforms
## 2.0.1 - 2017-04-21
- Perform relabel (restorecon) using find to support regexes
## 2.0.0 - 2017-02-23
- This cookbook has been moved to the Sous Chefs org. See sous-chefs.org for more information
- Require Chef 12.1 or later
- Use compat_resource instead of requiring yum
- Don't install yum::dnf_yum_compat on Fedora since Chef has DNF support now
- Don't define attributes in the metadata as these aren't used
- Remove the Vagrantfile
- Add chef_version requirements to the metadata
- Test with ChefDK / Rake in Travis instead of gems
- Resolve Foodcritic, Cookstyle, and Chefspec warnings
## 1.1.1
- [7307850] (Adam Ward) Silence fcontext guard output
- [ad71437] (nitz) Restorecon is now done via shell_out
- [fa30813] (James Le Cuirot) Change yum dependency to ~> 4.0
- [cd9a8da] (nitz) Removed selinux enforcing from kitchen, unified runlists
## 1.1.0
- [daften] Added `file_type` for fcontext
## 1.0.1
- [backslasher] - Foodcritic and rubocop improvements
## 1.0.0
- [equick] - Validating ports better
- [backslasher] - FContext relabling for flies is now immediate. (Possibly breaking)
- [backslasher] - testing made slightly more elegant
## 0.9.6
- [jhmartin] - Updated README
- [backslasher] - Major revision of testing
## 0.9.5
- [backslasher] - Modified yum dependency
## 0.9.4
- [mhorbul] - Fixed state detection in boolean resource
## 0.9.3
- [backlsasher] - Fixed testing & kitchen
- [jbartko] - Added Fedora support
## 0.9.2
- [backslasher] - Ignoring nonexisting files in restorecon
## 0.9.1
- [backslasher] - Fixed issue with module being partially executed on machines with SELinux disabled
## 0.9.0
- [backslasher] - module overhaul: code refactoring, supporting new input, testing, new actions
- [backslasher] - fcontext overhaul: code refactoring, testing, new action
**Note**: I don't think I have any breaking changes here. If there are, I apologise and request that you create an issue with a test recipe that fails on the problem (so I can reproduce)
## 0.8.1
- [backslasher] - Added Travis CI harness
- [backslasher] - Fixed typo in README
## 0.8.0
- [backslasher] - Test overhaul. Now testing is somewhat reliable when using ports
- [backslasher] - Port search is a function
- [backslasher] - Port detection now supports ranges. No possibility to add ranges (yet)
## 0.7.2
- [shortdudey123] - ChefSpec matchers, helps testing
## 0.7.1
- [backslasher] - Forgot contributor
## 0.7.0
- [chewi] - Fixed prereq packages
- [backslasher] - Modified misleading comment
- [chewi] - Move helpers into a cookbook-specific module
- [chewi] - Prevent use_selinux from blowing up on systems without getenforce
## 0.6.5
- [backslasher] - Ubuntu installation warning
## 0.6.4
- [sauraus] - CentOS 7 support
- [sauraus] - Typos
## 0.6.3
- [backslasher] - Readme updates
- [kevans] - Added kitchen testing
## 0.6.2
- [kevans] - Support Chef 11.8.0 running shellout!()
- [backslasher] - Simplified support info
- [backslasher] - ASCIIed files
## 0.6.1
- [backslasher] - Migrated to `only_if` instead of if
- [backslasher] - README typos
## 0.6.0
- [joerg] - Added fcontext resource for managing file contexts under SELinux
## 0.5.0
- [backslasher] - Added RHEL5/derivatives support. Thanks to @knightorc.
- **Cookbook will break on RHEL7\. If anyone experiences this, please check required packages and create an issue/PR**
- [backslasher] - Machines without SELinux are (opionally) supported. Thanks to @knightroc.
## 0.4.0
- [backlasher] - Fixed foodcritic errors
## 0.3.0
- [backlasher] - Fixed `install.rb` syntax. Now it actually works
## 0.2.0
- [backlasher] - Added module resource. Currently supports deployment and removal (because that's what I need)
- [backlasher] - Added permissive resource
## 0.1.0
- [backlasher] - Initial release of selinuxpolicy
[2.3.2]: https://github.com/sous-chefs/selinux_policy/compare/v2.3.1...v2.3.2
[2.3.1]: https://github.com/sous-chefs/selinux_policy/compare/v2.3.0...v2.3.1
[2.3.0]: https://github.com/sous-chefs/selinux_policy/compare/v2.2.0...v2.3.0
[2.2.0]: https://github.com/sous-chefs/selinux_policy/compare/v2.1.0...v2.2.0
[2.1.0]: https://github.com/sous-chefs/selinux_policy/compare/v2.0.1...v2.1.0

4
cookbooks/selinux_policy/CONTRIBUTING.md
View File

@ -1,4 +0,0 @@
# Contributing
Please refer to
[https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD)

209
cookbooks/selinux_policy/README.md
View File

@ -1,209 +0,0 @@
# selinux_policy Cookbook
[![Cookbook Version](https://img.shields.io/cookbook/v/selinux_policy.svg)](https://supermarket.chef.io/cookbooks/selinux_policy)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
This cookbook can be used to manage SELinux policies and components (rather than just enable / disable enforcing). I made it because I needed some SELinux settings done, and the `execute`s started to look annoying.
## Requirements
Needs an SELinux policy active (so its values can be managed). Can work with a disabled SELinux system (see attribute `allow_disabled`), which will generate warnings and do nothing (but won't break the run). Also requires SELinux's management tools, namely `semanage`, `setsebool` and `getsebool`. Tools are installed by the `selinux_policy::install` recipe (for RHEL/Debian and the like).
### Chef Infra Client
- 13 or later
### Platforms
- rhel
- fedora
## Attributes
These attributes affect the way all of the resource behave.
- `node['selinux_policy']['allow_disabled']` - Whether to allow runs when SELinux is disabled. Will generate warnings, but the run won't fail. Defaults to `true`, set to `false` if you don't have any machines with disabled SELinux.
## Usage
- `selinux_policy::install` - Installs SELinux policy management tools
This cookbook's functionality is exposed via resources, so it should be called from a wrapper cookbook. Remember to add `depends 'selinux_policy'` to your `metadata.rb`.
### boolean
Represents an SELinux [boolean](http://wiki.gentoo.org/wiki/SELinux/Tutorials/Using_SELinux_booleans). You can either `set` it, meaning it will be changed without persistence (it will revert to default in the next reboot), or `setpersist` it (default action), so it'll keep it value after rebooting. Using `setpersist` requires an active policy (so that the new value can be saved somewhere).
Properties:
- `name`: boolean's name. Defaults to resource name.
- `value`: Its new value (`true`/`false`).
- `force`: Use `setsebool` even if the current value agrees with the requested one.
Example usage:
```ruby
include_recipe 'selinux_policy::install'
selinux_policy_boolean 'httpd_can_network_connect' do
value true
# Make sure nginx is started if this value was modified
notifies :start,'service[nginx]', :immediate
end
```
**Note**: Due to ruby interperting `0` as `true`, using `value 0` is unwise.
### port
Allows assigning a network port to a certain SELinux context. As explained [here](http://wiki.centos.org/HowTos/SELinux#head-ad837f60830442ae77a81aedd10c20305a811388), it can be useful for running Apache on a non-standard port.
Actions:
- `addormodify` (default): Assigns the port to the right context, whether it's already listed another context or not at all.
- `add`: Assigns the port to the right context it's if not listed (only uses `-a`).
- `modify`: Changes the port's context if it's already listed (only uses `-m`).
- `delete`: Removes the port's context if it's listed (uses `-d`).
Properties:
- `port`: The port in question, defaults to resource name.
- `protocol`: `tcp`/`udp`.
- `secontext`: The SELinux context to assign the port to. Unnecessary when using `delete`.
Example usage:
```ruby
include_recipe 'selinux_policy::install'
# Allow nginx to bind to port 5678, by giving it the http_port_t context
selinux_policy_port '5678' do
protocol 'tcp'
secontext 'http_port_t'
end
```
### module
Manages SEModules
Actions:
- `fetch`: Prepares the module's files for compilation. Allow `remote_directory`-like behavior
- `compile`: Translates a module source directory into a `NAME.pp` file. Uses `make` logic for idempotence.
- `install`: Adds a compiled module (`pp`) to the current policy. Only installs if the module was modified this run, `force` is enabled or it's missing from the current policy. **Note:** I wish I could compare the existing module to the one generated, but the `extract` capability was only added in [Aug 15](https://github.com/SELinuxProject/selinux/commit/65c6325271b54d3de9c17352a57d469dfbd12729). I'll be happy to see a better idea.
- `deploy` (default): Runs `fetch`, `compile`, `install` in that order.
- `remove`: Removes a module.
Properties:
- `name`: The module name. Defaults to resource name.
- `directory`: Directory where module is stored. Defaults to a directory inside the Chef cache.
- `content`: The module content, can be extracted from `audit2allow -m NAME`. This can be used to create simple modules without using external files.
- `directory_source`: Copies files cookbook to the module directory (uses `remote_directory`). Allows keeping all of the module's source files in the cookbook. **Note:** You can pre-create the module directory and populate it in any other way you'd choose.
- `cookbook`: Modifies the source cookbook for the `remote_directory`.
- `force`: Installs the module even if it seems fine. Ruins idempotence but should help solve some weird cases.
Example usage:
```ruby
include_recipe 'selinux_policy::install'
# Allow openvpn to write/delete in '/etc/openvpn'
selinux_policy_module 'openvpn-googleauthenticator' do
content <<-eos
module dy-openvpn-googleauthenticator 1.0;
require {
type openvpn_t;
type openvpn_etc_t;
class file { write unlink };
}
#============= openvpn_t ==============
allow openvpn_t openvpn_etc_t:file { write unlink };
eos
action :deploy
end
```
### fcontext
Allows managing the SELinux context of files. This can be used to grant SELinux-protected daemons access to additional / moved files.
Actions:
- `addormodify` (default): Assigns the file regexp to the right context, whether it's already listed another context or not at all.
- `add`: Assigns the file regexp to the right context it's if not listed (only uses -a).
- `modify`: Changes the file regexp context if it's already listed (only uses -m).
- `delete`: Removes the file regexp context if it's listed (uses -d).
Properties:
- `file_spec`: This is the file regexp in question, defaults to resource name.
- `secontext`: The SELinux context to assign the file regexp to. Not required for `:delete`
- `file_type`: Restrict the fcontext to specific file types. See the table below for an overview. See also <https://en.wikipedia.org/wiki/Unix_file_types> for more info
- **a** All files
- **f** Regular files
- **d** Directory
- **c** Character device
- **b** Block device
- **s** Socket
- **l** Symbolic link
- **p** Namedpipe
Example usage (see mysql cookbook for example daemons ):
```ruby
include_recipe 'selinux_policy::install'
# Allow http servers (nginx/apache) to modify moodle files
selinux_policy_fcontext '/var/www/moodle(/.*)?' do
secontext 'httpd_sys_rw_content_t'
end
# Allow a custom mysql daemon to access its files.
{'mysqld_etc_t' => "/etc/mysql-#{service_name}(/.*)?",
'mysqld_etc_t' => "/etc/mysql-#{service_name}/my\.cnf",
'mysqld_log_t' => "/var/log/mysql-#{service_name}(/.*)?",
'mysqld_db_t' => "/opt/mysql_data_#{service_name}(/.*)?",
'mysqld_var_run_t' => "/var/run/mysql-#{service_name}(/.*)?",
'mysqld_initrc_exec_t' => "/etc/rc\.d/init\.d/mysql-#{service_name}"}.each do |sc, f|
selinux_policy_fcontext f do
secontext sc
end
end
# Adapt a symbolic link
selinux_policy_fcontext '/var/www/symlink_to_webroot' do
secontext 'httpd_sys_rw_content_t'
filetype 'l'
end
```
### permissive
Allows some types to misbehave without stopping them. Not as good as specific policies, but better than disabling SELinux entirely.
Actions:
- `add`: Adds a permissive, unless it's already added
- `delete`: Deletes a permissive if it's listed
Example usage:
```ruby
include_recipe 'selinux_policy::install'
# Disable enforcement on Nginx
# As described on http://nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
selinux_policy_permissive 'nginx' do
notifies :restart, 'service[nginx]'
end
```
## Original Author
[Nitzan Raz](https://github.com/BackSlasher) ([backslasher](http://backslasher.net))

108
cookbooks/selinux_policy/libraries/helpers.rb
View File

@ -1,108 +0,0 @@
class Chef
module SELinuxPolicy
module Helpers
require 'chef/mixin/shell_out'
include Chef::Mixin::ShellOut
# Checks if SELinux is disabled or otherwise unavailable and
# whether we're allowed to run when disabled
def use_selinux(allow_disabled)
begin
getenforce = shell_out!(getenforce_cmd)
rescue
selinux_disabled = true
else
selinux_disabled = getenforce.stdout =~ /disabled/i
end
# return false only when SELinux is disabled and it's allowed
return_val = !selinux_disabled || !(selinux_disabled && allow_disabled)
Chef::Log.warn('SELinux is disabled / unreachable, skipping') unless return_val
return_val
end
def sebool(new_resource, persist = false)
persist_string = persist ? '-P ' : ''
new_value = new_resource.value ? 'on' : 'off'
execute "selinux-setbool-#{new_resource.name}-#{new_value}" do
command "#{setsebool_cmd} #{persist_string} #{new_resource.name} #{new_value}"
not_if "#{getsebool_cmd} #{new_resource.name} | grep '#{new_value}$' >/dev/null" unless new_resource.force
only_if { use_selinux(new_resource.allow_disabled) }
end
end
def module_defined(name)
"#{semodule_cmd} -l | grep -w '^#{name}'"
end
def shell_boolean(expression)
expression ? 'true' : 'false'
end
def port_defined(protocol, port, label = nil)
base_command = "seinfo --portcon=#{port} | grep 'portcon #{protocol}' | awk -F: '$(NF-1) !~ /reserved_port_t$/ && $(NF-3) !~ /[0-9]*-[0-9]*/ {print $(NF-1)}'"
grep = if label
"grep -P '#{Regexp.escape(label)}'"
else
'grep -q ^'
end
"#{base_command} | #{grep}"
end
def validate_port(port)
raise ArgumentError, "port value: #{port} is invalid." unless port.to_s =~ /^\d+$/
end
def fcontext_defined(file_spec, file_type, label = nil)
file_hash = {
'a' => 'all files',
'f' => 'regular file',
'd' => 'directory',
'c' => 'character device',
'b' => 'block device',
's' => 'socket',
'l' => 'symbolic link',
'p' => 'named pipe',
}
label_matcher = label ? "system_u:object_r:#{Regexp.escape(label)}:s0\\s*$" : ''
"#{semanage_cmd} fcontext -l | grep -qP '^#{Regexp.escape(file_spec)}\\s+#{Regexp.escape(file_hash[file_type])}\\s+#{label_matcher}'"
end
def semanage_options(file_type)
# Set options for file_type
if node['platform_family'].include?('rhel') && Chef::VersionConstraint.new('< 7.0').include?(node['platform_version'])
case file_type
when 'a' then '-f ""'
when 'f' then '-f --'
else; "-f -#{file_type}"
end
else
"-f #{file_type}"
end
end
require 'chef/mixin/which'
include Chef::Mixin::Which
def setsebool_cmd
@setsebool_cmd ||= which('setsebool')
end
def getsebool_cmd
@getsebool_cmd ||= which('getsebool')
end
def getenforce_cmd
@getenforce_cmd ||= which('getenforce')
end
def semanage_cmd
@semanage_cmd ||= which('semanage')
end
def semodule_cmd
@semodule_cmd ||= which('semodule')
end
end
end
end

1
cookbooks/selinux_policy/metadata.json
View File

@ -1 +0,0 @@
{"name":"selinux_policy","version":"2.4.3","description":"Manages SELinux policy components","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"redhat":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","ubuntu":">= 0.0.0","debian":">= 0.0.0","amazon":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/selinux_policy","issues_url":"https://github.com/sous-chefs/selinux_policy/issues","chef_version":[[">= 13.0"]],"ohai_version":[]}

Some files were not shown because too many files have changed in this diff Show More