diff --git a/cookbooks/redis/.gitignore b/cookbooks/redis/.gitignore deleted file mode 100644 index bf6420b..0000000 --- a/cookbooks/redis/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -*.tgz -*.tar.gz -vendor/bundle -.bundle -.DS_Store -build/* -tmp/ -*.lock -.kitchen/* diff --git a/cookbooks/redis/.kitchen.yml b/cookbooks/redis/.kitchen.yml deleted file mode 100644 index c69ece7..0000000 --- a/cookbooks/redis/.kitchen.yml +++ /dev/null @@ -1,20 +0,0 @@ -driver: - require_chef_omnibus: <%= ENV.fetch("CHEF_VERSION", "latest") %> - ssh_key: <%= File.expand_path("./test/support/keys/vagrant") %> - name: vagrant - -provisioner: - name: chef_solo - -platforms: - - name: debian-6.0.8 - - name: debian-7.2.0 - - name: ubuntu-12.04 - - name: ubuntu-14.04 - -suites: - - name: default - run_list: - - recipe[redis::server] - - recipe[redis::client] - # - recipe[minitest-handler] diff --git a/cookbooks/redis/.rubocop.yml b/cookbooks/redis/.rubocop.yml deleted file mode 100644 index 9e26e49..0000000 --- a/cookbooks/redis/.rubocop.yml +++ /dev/null @@ -1,18 +0,0 @@ -LineLength: - Max: 80 - Exclude: - - "**/attributes/*.rb" - - "**/metadata.rb" - -StringLiterals: - EnforcedStyle: double_quotes - -PercentLiteralDelimiters: - PreferredDelimiters: - "%w": "[]" # Arrays use brackets - -SingleSpaceBeforeFirstArg: - Enabled: false # too strict about metadata and certain formatting - -inherit_from: test/support/rubocop/enabled.yml -inherit_from: test/support/rubocop/disabled.yml diff --git a/cookbooks/redis/.ruby-gemset b/cookbooks/redis/.ruby-gemset deleted file mode 100644 index 515fa5d..0000000 --- a/cookbooks/redis/.ruby-gemset +++ /dev/null @@ -1 +0,0 @@ -chef-redis diff --git a/cookbooks/redis/.ruby-version b/cookbooks/redis/.ruby-version deleted file mode 100644 index cd57a8b..0000000 --- a/cookbooks/redis/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.1.5 diff --git a/cookbooks/redis/.travis.yml b/cookbooks/redis/.travis.yml deleted file mode 100644 index 852f917..0000000 --- a/cookbooks/redis/.travis.yml +++ /dev/null @@ -1,19 +0,0 @@ -language: ruby -bundler_args: --jobs 3 --without integration -rvm: -- 1.9.3 -- 2.0.0 -- 2.1.5 -before_script: -- "gem install bundler-audit --no-rdoc --no-ri && bundle-audit update" -script: -- bundle-audit -- bundle exec rake rubocop -- bundle exec rake foodcritic -- bundle exec rake chefspec -- bundle exec rake kitchen:all -- bundle exec license_finder --quiet -env: - matrix: - - CHEF_VERSION: "10.30" - - CHEF_VERSION: "11.16" diff --git a/cookbooks/redis/Berksfile b/cookbooks/redis/Berksfile deleted file mode 100644 index 06f8e4f..0000000 --- a/cookbooks/redis/Berksfile +++ /dev/null @@ -1,7 +0,0 @@ -source "http://api.berkshelf.com" - -metadata - -group :integration do - cookbook "minitest-handler" -end diff --git a/cookbooks/redis/Gemfile b/cookbooks/redis/Gemfile deleted file mode 100644 index 88b54de..0000000 --- a/cookbooks/redis/Gemfile +++ /dev/null @@ -1,20 +0,0 @@ -source "https://rubygems.org" - -chef_version = ENV.fetch("CHEF_VERSION", "11.16") - -gem "chef", "~> #{chef_version}" -gem "chefspec", "~> 4.1.1" if chef_version =~ /^11/ - -gem "berkshelf", "~> 3.2.1" -gem "foodcritic", "~> 4.0.0" -gem "license_finder", "~> 1.2.0" -gem "rake" -gem "rubocop", "~> 0.27.1" -gem "serverspec", "~> 2.3.1" - -group :integration do - gem "busser-serverspec", "~> 0.5.3" - gem "guard-rspec", "~> 4.3.1" - gem "kitchen-vagrant", "~> 0.15.0" - gem "test-kitchen", "~> 1.2.1" -end diff --git a/cookbooks/redis/Guardfile b/cookbooks/redis/Guardfile deleted file mode 100644 index e40e264..0000000 --- a/cookbooks/redis/Guardfile +++ /dev/null @@ -1,5 +0,0 @@ -guard :rspec, cmd: "rspec --color", all_on_start: false do - watch(/^spec\/(.+)_spec\.rb$/) - watch(/^recipes\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" } - watch("spec/spec_helper.rb") { "spec" } -end diff --git a/cookbooks/redis/LICENSE.txt b/cookbooks/redis/LICENSE.txt deleted file mode 100644 index 20dac68..0000000 --- a/cookbooks/redis/LICENSE.txt +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) -Copyright © 2012-2014 Phil Cohen - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the “Software”), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/cookbooks/redis/README.md b/cookbooks/redis/README.md deleted file mode 100644 index 30954ef..0000000 --- a/cookbooks/redis/README.md +++ /dev/null @@ -1,155 +0,0 @@ -# chef-redis [![Build Status](https://travis-ci.org/phlipper/chef-redis.svg?branch=master)](https://travis-ci.org/phlipper/chef-redis) - -## Description - -This cookbook installs [Redis](http://redis.io) from Chris Lea's [ppa archive](https://launchpad.net/~chris-lea/+archive/redis-server). - -Redis is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. - - -## Requirements - -### Supported Platforms - -The following platforms are supported by this cookbook, meaning that the recipes run on these platforms without error: - -* Ubuntu 12.04+ -* Debian 6+ - -### Cookbooks - -* [apt](http://community.opscode.com/cookbooks/apt) -* [minitest-handler](http://community.opscode.com/cookbooks/minitest-handler) _(suggested, not required)_ - - -## Recipes - -* `redis` - The default recipe. Setup apt with ppa details. -* `redis::server` - Install the Redis server. -* `redis::client` - Install the Redis client. - -# Usage - -This cookbook installs the Redis components if not present, and pulls updates if they are installed on the system. - - -## Attributes - -```ruby -case node["platform"] -when "debian" - default["redis"]["apt_distribution"] = node["lsb"]["codename"] - default["redis"]["apt_repository"] = "dotdeb" - default["redis"]["apt_uri"] = "http://packages.dotdeb.org" - default["redis"]["apt_components"] = ["all"] - default["redis"]["apt_key"] = "http://www.dotdeb.org/dotdeb.gpg" -when "ubuntu" - default["redis"]["apt_distribution"] = node["lsb"]["codename"] - default["redis"]["apt_repository"] = "chris-lea-redis-server" - default["redis"]["apt_uri"] = "http://ppa.launchpad.net/chris-lea/redis-server/ubuntu" - default["redis"]["apt_components"] = ["main"] - default["redis"]["apt_keyserver"] = "keyserver.ubuntu.com" - default["redis"]["apt_key"] = "C7917B12" -end -default["redis"]["pidfile"] = "/var/run/redis/redis-server.pid" -default["redis"]["daemonize"] = "yes" -default["redis"]["port"] = 6379 -default["redis"]["bind"] = "127.0.0.1" -default["redis"]["unixsocket"] = "/var/run/redis/redis.sock" -default["redis"]["unixsocketperm"] = 755 -default["redis"]["timeout"] = 300 -default["redis"]["loglevel"] = "notice" -default["redis"]["logfile"] = "/var/log/redis/redis-server.log" -default["redis"]["syslog_enabled"] = "no" -default["redis"]["syslog_ident"] = "redis" -default["redis"]["syslog_facility"] = "local0" -default["redis"]["databases"] = 16 -default["redis"]["snapshots"] = { - 900 => 1, - 300 => 10, - 60 => 10000 -} -default["redis"]["stop_writes_on_bgsave_error"] = "yes" -default["redis"]["rdbcompression"] = "yes" -default["redis"]["rdbchecksum"] = "yes" -default["redis"]["dbfilename"] = "dump.rdb" -default["redis"]["dir"] = "/var/lib/redis" -default["redis"]["slaveof"] = "" -default["redis"]["masterauth"] = "" -default["redis"]["slave_serve_stale_data"] = "yes" -default["redis"]["slave_read_only"] = "yes" -default["redis"]["repl_ping_slave_period"] = 10 -default["redis"]["repl_timeout"] = 60 -default["redis"]["slave_priority"] = 100 -default["redis"]["requirepass"] = "" -default["redis"]["rename_commands"] = [] -default["redis"]["maxclients"] = 128 -default["redis"]["maxmemory"] = "64mb" -default["redis"]["maxmemory_policy"] = "volatile-lru" -default["redis"]["maxmemory_samples"] = 3 -default["redis"]["appendonly"] = "no" -default["redis"]["appendfilename"] = "appendonly.aof" -default["redis"]["appendfsync"] = "everysec" -default["redis"]["no_appendfsync_on_rewrite"] = "no" -default["redis"]["auto_aof_rewrite_percentage"] = 100 -default["redis"]["auto_aof_rewrite_min_size"] = "64mb" -default["redis"]["lua_time_limit"] = 5000 -default["redis"]["slowlog_log_slower_than"] = 10000 -default["redis"]["slowlog_max_len"] = 1024 -default["redis"]["hash_max_ziplist_entries"] = 512 -default["redis"]["hash_max_ziplist_value"] = 64 -default["redis"]["list_max_ziplist_entries"] = 512 -default["redis"]["list_max_ziplist_value"] = 64 -default["redis"]["set_max_intset_entries"] = 512 -default["redis"]["zset_max_ziplist_entries"] = 128 -default["redis"]["zset_max_ziplist_value"] = 64 -default["redis"]["activerehashing"] = "yes" -default["redis"]["client_output_buffer_limit"] = { - "normal" => "0 0 0", - "slave" => "256mb 64mb 60", - "pubsub" => "32mb 8mb 60" -} -default["redis"]["include_config_files"] = [] -default["redis"]["ulimit"] = "" -default["redis"]["auto_upgrade"] = false -``` - - -## Basic Settings - -* `node["redis"]["ulimit"]` - Sets the maximum number of file descriptors for the Redis process. If this is unset or empty, the limit is the system default. The default may not be high enough to handle a large number of concurrent connections. See [Redis Clients Handling](http://redis.io/topics/clients). - - -## Contributors - -Many thanks go to the following [contributors](https://github.com/phlipper/chef-redis/graphs/contributors) who have helped to make this cookbook even better: - -* **[@smoil](https://github.com/smoil)** - * `redis.conf` updates for Redis 2.6 -* **[@svend](https://github.com/svend)** - * add attribute to set ulimit -* **[@maciej](https://github.com/maciej)** - * ensure `node["redis"]["dir"]` exists -* **[@dwradcliffe](https://github.com/dwradcliffe)** - * allow bind to all interfaces -* **[@duggan](https://github.com/duggan)** - * allow customizable apt sources - -## Contributing - -This cookbook could have way more personality... Help make it so! - -1. Fork it -2. Create your feature branch (`git checkout -b my-new-feature`) -3. Commit your changes (`git commit -am 'Added some feature'`) -4. Push to the branch (`git push origin my-new-feature`) -5. Create new Pull Request - - -## License - -**chef-redis** - -* Freely distributable and licensed under the [MIT license](http://phlipper.mit-license.org/2012-2014/license.html). -* Copyright (c) 2012-2014 Phil Cohen (github@phlippers.net) [![endorse](http://api.coderwall.com/phlipper/endorsecount.png)](http://coderwall.com/phlipper) [![Gittip](http://img.shields.io/gittip/phlipper.png)](https://www.gittip.com/phlipper/) -* http://phlippers.net/ diff --git a/cookbooks/redis/Rakefile b/cookbooks/redis/Rakefile deleted file mode 100644 index 52903cd..0000000 --- a/cookbooks/redis/Rakefile +++ /dev/null @@ -1,31 +0,0 @@ -task default: "test" - -desc "Run all tests except `kitchen`" -task test: [:rubocop, :foodcritic, :chefspec] - -desc "Run all tests" -task all_tests: [:rubocop, :foodcritic, :chefspec, "kitchen:all"] - -# rubocop style checker -require "rubocop/rake_task" -RuboCop::RakeTask.new - -# foodcritic chef lint -require "foodcritic" -FoodCritic::Rake::LintTask.new do |t| - t.options = { fail_tags: ["any"] } -end - -# chefspec unit tests -require "rspec/core/rake_task" -RSpec::Core::RakeTask.new(:chefspec) do |t| - t.rspec_opts = "--color --format progress" -end - -# test-kitchen integration tests -begin - require "kitchen/rake_tasks" - Kitchen::RakeTasks.new -rescue LoadError - task("kitchen:all") { puts "Unable to run `test-kitchen`" } -end diff --git a/cookbooks/redis/attributes/default.rb b/cookbooks/redis/attributes/default.rb deleted file mode 100644 index 692fe4e..0000000 --- a/cookbooks/redis/attributes/default.rb +++ /dev/null @@ -1,77 +0,0 @@ -case node["platform"] -when "debian" - default["redis"]["apt_distribution"] = node["lsb"]["codename"] - default["redis"]["apt_repository"] = "dotdeb" - default["redis"]["apt_uri"] = "http://packages.dotdeb.org" - default["redis"]["apt_components"] = ["all"] - default["redis"]["apt_key"] = "http://www.dotdeb.org/dotdeb.gpg" -when "ubuntu" - default["redis"]["apt_distribution"] = node["lsb"]["codename"] - default["redis"]["apt_repository"] = "chris-lea-redis-server" - default["redis"]["apt_uri"] = "http://ppa.launchpad.net/chris-lea/redis-server/ubuntu" - default["redis"]["apt_components"] = ["main"] - default["redis"]["apt_keyserver"] = "keyserver.ubuntu.com" - default["redis"]["apt_key"] = "C7917B12" -end - -default["redis"]["pidfile"] = "/var/run/redis/redis-server.pid" -default["redis"]["daemonize"] = "yes" -default["redis"]["port"] = 6379 -default["redis"]["bind"] = "127.0.0.1" -default["redis"]["unixsocket"] = "/var/run/redis/redis.sock" -default["redis"]["unixsocketperm"] = 755 -default["redis"]["timeout"] = 300 -default["redis"]["loglevel"] = "notice" -default["redis"]["logfile"] = "/var/log/redis/redis-server.log" -default["redis"]["syslog_enabled"] = "no" -default["redis"]["syslog_ident"] = "redis" -default["redis"]["syslog_facility"] = "local0" -default["redis"]["databases"] = 16 -default["redis"]["snapshots"] = { - 900 => 1, - 300 => 10, - 60 => 10_000 -} -default["redis"]["stop_writes_on_bgsave_error"] = "yes" -default["redis"]["rdbcompression"] = "yes" -default["redis"]["rdbchecksum"] = "yes" -default["redis"]["dbfilename"] = "dump.rdb" -default["redis"]["dir"] = "/var/lib/redis" -default["redis"]["slaveof"] = "" -default["redis"]["masterauth"] = "" -default["redis"]["slave_serve_stale_data"] = "yes" -default["redis"]["slave_read_only"] = "yes" -default["redis"]["repl_ping_slave_period"] = 10 -default["redis"]["repl_timeout"] = 60 -default["redis"]["slave_priority"] = 100 -default["redis"]["requirepass"] = "" -default["redis"]["rename_commands"] = [] -default["redis"]["maxclients"] = 128 -default["redis"]["maxmemory"] = "64mb" -default["redis"]["maxmemory_policy"] = "volatile-lru" -default["redis"]["maxmemory_samples"] = 3 -default["redis"]["appendonly"] = "no" -default["redis"]["appendfilename"] = "appendonly.aof" -default["redis"]["appendfsync"] = "everysec" -default["redis"]["no_appendfsync_on_rewrite"] = "no" -default["redis"]["auto_aof_rewrite_percentage"] = 100 -default["redis"]["auto_aof_rewrite_min_size"] = "64mb" -default["redis"]["lua_time_limit"] = 5000 -default["redis"]["slowlog_log_slower_than"] = 10_000 -default["redis"]["slowlog_max_len"] = 1024 -default["redis"]["hash_max_ziplist_entries"] = 512 -default["redis"]["hash_max_ziplist_value"] = 64 -default["redis"]["list_max_ziplist_entries"] = 512 -default["redis"]["list_max_ziplist_value"] = 64 -default["redis"]["set_max_intset_entries"] = 512 -default["redis"]["zset_max_ziplist_entries"] = 128 -default["redis"]["zset_max_ziplist_value"] = 64 -default["redis"]["activerehashing"] = "yes" -default["redis"]["client_output_buffer_limit"] = { - "normal" => "0 0 0", - "slave" => "256mb 64mb 60", - "pubsub" => "32mb 8mb 60" -} -default["redis"]["include_config_files"] = [] -default["redis"]["ulimit"] = "" -default["redis"]["auto_upgrade"] = false diff --git a/cookbooks/redis/config/license_finder.yml b/cookbooks/redis/config/license_finder.yml deleted file mode 100644 index 45173be..0000000 --- a/cookbooks/redis/config/license_finder.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -whitelist: -- Apache 2.0 -- Apache v2 -- BSD -- BSD-3 -- ISC -- MIT -- Ruby -dependencies_file_dir: doc/license_finder -project_name: chef-redis diff --git a/cookbooks/redis/doc/license_finder/dependencies.csv b/cookbooks/redis/doc/license_finder/dependencies.csv deleted file mode 100644 index 91da360..0000000 --- a/cookbooks/redis/doc/license_finder/dependencies.csv +++ /dev/null @@ -1,105 +0,0 @@ -addressable, 2.3.6, Apache 2.0 -ast, 2.0.0, MIT -astrolabe, 1.3.0, MIT -berkshelf, 3.2.1, Apache 2.0 -berkshelf-api-client, 1.2.0, Apache 2.0 -buff-config, 1.0.1, Apache 2.0 -buff-extensions, 1.0.0, Apache 2.0 -buff-ignore, 1.1.1, Apache 2.0 -buff-ruby_engine, 0.1.0, Apache 2.0 -buff-shell_out, 0.2.0, Apache 2.0 -bundler, 1.7.6, MIT -busser, 0.6.0, Apache 2.0 -busser-serverspec, 0.5.3, Apache 2.0 -celluloid, 0.16.0, MIT -celluloid-io, 0.16.1, MIT -chef, 11.16.4, Apache 2.0 -chef-zero, 2.2.1, Apache 2.0 -chefspec, 4.1.1, MIT -cleanroom, 1.0.0, Apache 2.0 -coderay, 1.1.0, MIT -dep-selector-libgecode, 1.0.2, MIT, Apache 2.0 -dep_selector, 1.0.3, Apache v2 -diff-lcs, 1.2.5, MIT, Perl Artistic v2, GNU GPL v2 -erubis, 2.7.0, MIT -faraday, 0.9.0, MIT -fauxhai, 2.2.0, MIT -ffi, 1.9.6, BSD -ffi-yajl, 1.3.0, Apache 2.0 -foodcritic, 4.0.0, MIT -formatador, 0.2.5, MIT -gherkin, 2.12.2, MIT -guard, 2.8.2, MIT -guard-rspec, 4.3.1, MIT -hashie, 2.1.2, MIT -highline, 1.6.21, ruby -hitimes, 1.2.2, ISC -httparty, 0.13.3, MIT -ipaddress, 0.8.0, MIT -json, 1.8.1, ruby -kitchen-vagrant, 0.15.0, Apache 2.0 -libyajl2, 1.2.0, Apache 2.0 -license_finder, 1.2, MIT -listen, 2.8.0, MIT -lumberjack, 1.0.9, MIT -method_source, 0.8.2, MIT -mime-types, 1.25.1, MIT, Artistic 2.0, GPL-2 -mini_portile, 0.6.1, MIT -minitar, 0.5.4, ruby -mixlib-authentication, 1.3.0, Apache 2.0 -mixlib-cli, 1.5.0, Apache 2.0 -mixlib-config, 2.1.0, Apache 2.0 -mixlib-log, 1.6.0, Apache 2.0 -mixlib-shellout, 1.6.0, Apache 2.0 -multi_json, 1.10.1, MIT -multi_xml, 0.5.5, MIT -multipart-post, 2.0.0, MIT -net-http-persistent, 2.9.4, MIT -net-scp, 1.2.1, MIT -net-ssh, 2.9.1, MIT -net-ssh-gateway, 1.2.0, MIT -net-ssh-multi, 1.2.0, MIT -nio4r, 1.0.1, MIT -nokogiri, 1.6.4.1, MIT -octokit, 3.5.2, MIT -ohai, 7.4.0, Apache 2.0 -parser, 2.2.0.pre.8, MIT -plist, 3.1.0, MIT -polyglot, 0.3.5, MIT -powerpack, 0.0.9, MIT -pry, 0.10.1, MIT -rack, 1.5.2, MIT -rainbow, 2.0.0, MIT -rake, 10.3.2, MIT -rb-fsevent, 0.9.4, MIT -rb-inotify, 0.9.5, MIT -rest-client, 1.6.7, MIT -retryable, 1.3.6, MIT -ridley, 4.1.0, Apache 2.0 -rspec, 3.1.0, MIT -rspec-core, 3.1.7, MIT -rspec-expectations, 3.1.2, MIT -rspec-its, 1.1.0, MIT -rspec-mocks, 3.1.3, MIT -rspec-support, 3.1.2, MIT -rubocop, 0.27.1, MIT -ruby-progressbar, 1.7.0, MIT -rufus-lru, 1.0.5, MIT -safe_yaml, 1.0.4, MIT -sawyer, 0.5.5, MIT -semverse, 1.2.1, Apache 2.0 -sequel, 4.16.0, MIT -serverspec, 2.3.1, MIT -slop, 3.6.0, MIT -solve, 1.2.1, Apache 2.0 -specinfra, 2.5.0, MIT -sqlite3, 1.3.10, New BSD -systemu, 2.6.4, ruby -test-kitchen, 1.2.1, Apache 2.0 -thor, 0.19.1, MIT -timers, 4.0.1, MIT -treetop, 1.5.3, MIT -varia_model, 0.4.0, Apache 2.0 -wmi-lite, 1.0.0, Apache 2.0 -xml-simple, 1.1.4, ruby -yajl-ruby, 1.2.1, MIT diff --git a/cookbooks/redis/doc/license_finder/dependencies.db b/cookbooks/redis/doc/license_finder/dependencies.db deleted file mode 100644 index 1e1e87a..0000000 Binary files a/cookbooks/redis/doc/license_finder/dependencies.db and /dev/null differ diff --git a/cookbooks/redis/doc/license_finder/dependencies.html b/cookbooks/redis/doc/license_finder/dependencies.html deleted file mode 100644 index 5df7d0d..0000000 --- a/cookbooks/redis/doc/license_finder/dependencies.html +++ /dev/null @@ -1,2509 +0,0 @@ - - - - - - - -
-

chef-redis

-
-
-
-

Dependencies

- -

As of November 22, 2014 9:37pm

- -

105 total

- -
    -
  • 65 MIT
    • -
  • 28 Apache 2.0
    • -
  • 5 ruby
    • -
  • 1 Apache 2.0, MIT
    • -
  • 1 BSD
    • -
  • 1 Apache v2
    • -
  • 1 ISC
    • -
  • 1 Artistic 2.0, GPL-2, MIT
    • -
  • 1 GNU GPL v2, MIT, Perl Artistic v2
    • -
  • 1 New BSD
    • -
-
-
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- addressable - v2.3.6 -

-

URI Implementation

-

Addressable is a replacement for the URI implementation that is part of -Ruby's standard library. It more closely conforms to the relevant RFCs and -adds support for IRIs and URI templates. -

-
-
addressable is required by:
-
sawyer, ridley, berkshelf
-
-
-
addressable relies on:
-
rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- ast - v2.0.0 -

-

A library for working with Abstract Syntax Trees.

-

A library for working with Abstract Syntax Trees.

-
-
ast is required by:
-
parser
-
-
-
ast relies on:
-
rake, mime-types
-
-
-
-
-

- MIT - whitelisted - -

-
-

- astrolabe - v1.3.0 -

-

An object-oriented AST extension for Parser

-

An object-oriented AST extension for Parser

-
-
astrolabe is required by:
-
rubocop
-
-
-
astrolabe relies on:
-
parser, bundler, rake, rspec, rubocop, guard-rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- berkshelf - v3.2.1 (default) -

-

Manages a Cookbook's, or an Application's, Cookbook dependencies

-

Manages a Cookbook's, or an Application's, Cookbook dependencies

-
-
berkshelf relies on:
-
addressable, berkshelf-api-client, buff-config, buff-extensions, buff-shell_out, cleanroom, faraday, minitar, retryable, ridley, solve, thor, octokit, celluloid, celluloid-io, chef-zero, rake, rspec, test-kitchen
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- berkshelf-api-client - v1.2.0 -

-

API Client for communicating with a Berkshelf API server

-

API Client for communicating with a Berkshelf API server

-
-
berkshelf-api-client is required by:
-
berkshelf
-
-
-
berkshelf-api-client relies on:
-
faraday, bundler, rake, rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- buff-config - v1.0.1 -

-

A simple configuration class

-

A simple configuration class

-
-
buff-config is required by:
-
ridley, berkshelf
-
-
-
buff-config relies on:
-
varia_model, buff-extensions, buff-ruby_engine, thor, bundler, rake, rspec, guard, guard-rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- buff-extensions - v1.0.0 -

-

Extensions to Core Ruby classes

-

Extensions to Core Ruby classes

-
-
buff-extensions is required by:
-
varia_model, buff-config, ridley, berkshelf
-
-
-
buff-extensions relies on:
-
buff-ruby_engine, thor, bundler, rake, rspec, guard, guard-rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- buff-ignore - v1.1.1 -

-

A Ruby library for parsing lists of files and applying pattern matching exclusion (such as .gitignore)

-

Parse ignore files with Ruby

-
-
buff-ignore is required by:
-
ridley
-
-
-
buff-ignore relies on:
-
bundler, rake, rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- buff-ruby_engine - v0.1.0 -

-

Buff up your code with a mixin for querying the platform running Ruby

-

A mixin for querying the platform running Ruby

-
-
buff-ruby_engine is required by:
-
buff-extensions, varia_model, buff-config, buff-shell_out, ridley
-
-
-
buff-ruby_engine relies on:
-
thor, bundler, rake, rspec, guard, guard-rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- buff-shell_out - v0.2.0 -

-

Buff up your code with a mixin for issuing shell commands and collecting the output

-

A mixin for issuing shell commands and collecting the output

-
-
buff-shell_out is required by:
-
ridley, berkshelf
-
-
-
buff-shell_out relies on:
-
buff-ruby_engine, thor, bundler, rake, rspec, guard, guard-rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- bundler - v1.7.6 -

-

-

-
-
bundler is required by:
-
parser, astrolabe, faraday, berkshelf-api-client, buff-extensions, varia_model, buff-config, buff-ruby_engine, buff-shell_out, cleanroom, octokit, retryable, buff-ignore, semverse, dep-selector-libgecode, thor, busser, busser-serverspec, libyajl2, wmi-lite, pry, rspec-support, multi_json, gherkin, rb-fsevent, listen, guard-rspec, multi_xml, test-kitchen, license_finder, powerpack, rainbow, rspec-its, rubocop, specinfra, serverspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- busser - v0.6.0 -

-

Kitchen Busser - Runs tests for projects in test-kitchen

-

Kitchen Busser - Runs tests for projects in test-kitchen

-
-
busser is required by:
-
busser-serverspec
-
-
-
busser relies on:
-
thor, chef, bundler, rake
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- busser-serverspec - v0.5.3 (integration) -

-

A Busser runner plugin for Serverspec

-

A Busser runner plugin for Serverspec

-
-
busser-serverspec relies on:
-
busser, serverspec, bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- celluloid - v0.16.0 -

-

Actor-based concurrent object framework for Ruby

-

Celluloid enables people to build concurrent programs out of concurrent objects just as easily as they build sequential programs out of sequential objects

-
-
celluloid is required by:
-
celluloid-io, ridley, berkshelf, listen
-
-
-
celluloid relies on:
-
timers, rake, rspec, guard-rspec, rubocop
-
-
-
-
-

- MIT - whitelisted - -

-
-

- celluloid-io - v0.16.1 -

-

Celluloid::IO allows you to monitor multiple IO objects within a Celluloid actor

-

Evented IO for Celluloid actors

-
-
celluloid-io is required by:
-
ridley, berkshelf, listen
-
-
-
celluloid-io relies on:
-
celluloid, nio4r, rake, rspec, guard-rspec, rb-fsevent
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- chef - v11.16.4 (default) -

-

A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.

-

A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.

-
-
chef is required by:
-
busser, ohai, chefspec
-
-
-
chef relies on:
-
mixlib-config, mixlib-cli, mixlib-log, mixlib-authentication, mixlib-shellout, ohai, rest-client, mime-types, ffi-yajl, net-ssh, net-ssh-multi, highline, erubis, diff-lcs, chef-zero, pry, plist, rack, rake, rspec-core, rspec-expectations, rspec-mocks
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- chef-zero - v2.2.1 -

-

Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes

-

Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes

-
-
chef-zero is required by:
-
berkshelf, chef
-
-
-
chef-zero relies on:
-
mixlib-log, hashie, ffi-yajl, rack, rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- chefspec - v4.1.1 (default) -

-

Write RSpec examples and generate coverage reports for Chef recipes!

-

ChefSpec is a unit testing and resource coverage (code coverage) framework for testing Chef cookbooks ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.

-
-
chefspec relies on:
-
chef, fauxhai, rspec, rake
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- cleanroom - v1.0.0 -

-

(More) safely evaluate Ruby DSLs with cleanroom

-

Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!

-
-
cleanroom is required by:
-
berkshelf
-
-
-
cleanroom relies on:
-
rspec, bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- coderay - v1.1.0 -

-

Fast syntax highlighting for selected languages.

-

Fast and easy syntax highlighting for selected languages, written in Ruby. Comes with RedCloth integration and LOC counter.

-
-
coderay is required by:
-
pry, rspec-core
-
-
-
-
-

- MIT, Apache 2.0 - whitelisted - -

-
-

- dep-selector-libgecode - v1.0.2 -

-

Installs a vendored copy of Gecode suitable for use with dep-selector

-

Installs a vendored copy of Gecode suitable for use with dep-selector

-
-
dep-selector-libgecode is required by:
-
dep_selector
-
-
-
dep-selector-libgecode relies on:
-
bundler, rake
-
-
-
-
-

- Apache v2 - whitelisted - -

-
-

- dep_selector - v1.0.3 -

-

Given packages, versions, and a dependency graph, find a valid assignment of package versions

-

Given packages, versions, and a dependency graph, find a valid assignment of package versions

-
-
dep_selector is required by:
-
solve
-
-
-
dep_selector relies on:
-
ffi, dep-selector-libgecode, rake, rspec, solve
-
-
-
-
-

- MIT, Perl Artistic v2, GNU GPL v2 - whitelisted - -

-
-

- diff-lcs - v1.2.5 -

-

Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm

-

Diff::LCS computes the difference between two Enumerable sequences using the -McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities -to create a simple HTML diff output format and a standard diff-like tool. - -This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did -not properly prune common sequences at the beginning of a comparison set. -Thanks to Paul Kunysch for fixing this issue. - -Coincident with the release of diff-lcs 1.2.3, we reported an issue with -Rubinius in 1.9 mode -({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]). -We are happy to report that this issue has been resolved.

-
-
diff-lcs is required by:
-
chef, rspec-expectations
-
-
-
diff-lcs relies on:
-
rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- erubis - v2.7.0 -

-

a fast and extensible eRuby implementation which supports multi-language

-

Erubis is an implementation of eRuby and has the following features: - - * Very fast, almost three times faster than ERB and about 10% faster than eruby. - * Multi-language support (Ruby/PHP/C/Java/Scheme/Perl/Javascript) - * Auto escaping support - * Auto trimming spaces around '<% %>' - * Embedded pattern changeable (default '<% %>') - * Enable to handle Processing Instructions (PI) as embedded pattern (ex. '') - * Context object available and easy to combine eRuby template with YAML datafile - * Print statement available - * Easy to extend and customize in subclass - * Ruby on Rails support -

-
-
erubis is required by:
-
ridley, chef, foodcritic
-
-
-
-
-

- MIT - whitelisted - -

-
-

- faraday - v0.9.0 -

-

HTTP/REST API client library.

-

-
-
faraday is required by:
-
berkshelf-api-client, sawyer, ridley, berkshelf
-
-
-
faraday relies on:
-
multipart-post, bundler
-
-
-
-
-

- MIT - whitelisted - -

-
-

- fauxhai - v2.2.0 -

-

Fauxhai provides an easy way to mock out your ohai data for testing with chefspec!

-

Easily mock out ohai data

-
-
fauxhai is required by:
-
chefspec
-
-
-
fauxhai relies on:
-
net-ssh, ohai, rake
-
-
-
-
-

- BSD - whitelisted - -

-
-

- ffi - v1.9.6 -

-

Ruby FFI

-

Ruby FFI library

-
-
ffi is required by:
-
dep_selector, libyajl2, ffi-yajl, ohai, rb-inotify
-
-
-
ffi relies on:
-
rake, rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- ffi-yajl - v1.3.0 -

-

Ruby FFI wrapper around YAJL 2.x

-

Ruby FFI wrapper around YAJL 2.x

-
-
ffi-yajl is required by:
-
chef-zero, ohai, chef
-
-
-
ffi-yajl relies on:
-
rake, rspec, pry, mime-types, ffi, libyajl2
-
-
-
-
-

- MIT - whitelisted - -

-
-

- foodcritic - v4.0.0 (default) -

-

foodcritic-4.0.0

-

Lint tool for Opscode Chef cookbooks.

-
-
foodcritic relies on:
-
gherkin, nokogiri, rake, treetop, yajl-ruby, erubis, rufus-lru
-
-
-
-
-

- MIT - whitelisted - -

-
-

- formatador - v0.2.5 -

-

Ruby STDOUT text formatting

-

STDOUT text formatting

-
-
formatador is required by:
-
guard
-
-
-
formatador relies on:
-
rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- gherkin - v2.12.2 -

-

gherkin-2.12.2

-

A fast Gherkin lexer/parser based on the Ragel State Machine Compiler.

-
-
gherkin is required by:
-
foodcritic
-
-
-
gherkin relies on:
-
multi_json, rake, bundler, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- guard - v2.8.2 -

-

Guard keeps an eye on your file modifications

-

Guard is a command line tool to easily handle events on file system modifications.

-
-
guard is required by:
-
buff-extensions, varia_model, buff-config, buff-ruby_engine, buff-shell_out, guard-rspec
-
-
-
guard relies on:
-
thor, listen, pry, lumberjack, formatador
-
-
-
-
-

- MIT - whitelisted - -

-
-

- guard-rspec - v4.3.1 (integration) -

-

Guard gem for RSpec

-

Guard::RSpec automatically run your specs (much like autotest).

-
-
guard-rspec is required by:
-
astrolabe, buff-extensions, varia_model, buff-config, buff-ruby_engine, buff-shell_out, celluloid, celluloid-io, rb-fsevent
-
-
-
guard-rspec relies on:
-
guard, rspec, bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- hashie - v2.1.2 -

-

Your friendly neighborhood hash library.

-

Hashie is a collection of classes and mixins that make hashes more powerful.

-
-
hashie is required by:
-
varia_model, ridley, chef-zero
-
-
-
hashie relies on:
-
rake, rspec
-
-
-
-
-

- ruby - whitelisted - -

-
-

- highline - v1.6.21 -

-

HighLine is a high-level command-line IO library.

-

A high-level IO library that provides validation, type conversion, and more for -command-line interfaces. HighLine also includes a complete menu system that can -crank out anything from simple list selection to complete shells with just -minutes of work. -

-
-
highline is required by:
-
chef
-
-
-
-
-

- ISC - whitelisted - -

-
-

- hitimes - v1.2.2 -

-

Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible.

-

Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. It currently supports any of the following systems: * any system with the POSIX call `clock_gettime()` * Mac OS X * Windows * JRuby Using Hitimes can be faster than using a series of `Time.new` calls, and it will have a much higher granularity. It is definitely faster than using `Process.times`.

-
-
hitimes is required by:
-
timers
-
-
-
hitimes relies on:
-
rake, json
-
-
-
-
-

- MIT - whitelisted - -

-
-

- httparty - v0.13.3 -

-

Makes http fun! Also, makes consuming restful web services dead easy.

-

Makes http fun! Also, makes consuming restful web services dead easy.

-
-
httparty is required by:
-
license_finder
-
-
-
httparty relies on:
-
json, multi_xml
-
-
-
-
-

- MIT - whitelisted - -

-
-

- ipaddress - v0.8.0 -

-

IPv4/IPv6 addresses manipulation library

-

IPAddress is a Ruby library designed to make manipulation - of IPv4 and IPv6 addresses both powerful and simple. It mantains - a layer of compatibility with Ruby's own IPAddr, while - addressing many of its issues. -

-
-
ipaddress is required by:
-
ohai
-
-
-
-
-

- ruby - whitelisted - -

-
-

- json - v1.8.1 -

-

This json is bundled with Ruby

-

-
-
json is required by:
-
hitimes, ridley, yajl-ruby, httparty
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- kitchen-vagrant - v0.15.0 (integration) -

-

Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.

-

Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.

-
-
kitchen-vagrant relies on:
-
test-kitchen
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- libyajl2 - v1.2.0 -

-

Installs a vendored copy of libyajl2 for distributions which lack it

-

Installs a vendored copy of libyajl2 for distributions which lack it

-
-
libyajl2 is required by:
-
ffi-yajl
-
-
-
libyajl2 relies on:
-
bundler, rake, mime-types, rspec, ffi
-
-
-
-
-

- MIT - whitelisted - -

-
-

- license_finder - v1.2 (default) -

-

Audit the OSS licenses of your application's dependencies.

-

LicenseFinder works with your package managers to find - dependencies, detect the licenses of the packages in them, compare - those licenses against a user-defined whitelist, and give you an - actionable exception report. -

-
-
license_finder relies on:
-
bundler, sequel, thor, httparty, xml-simple, sqlite3, rake, rspec-its, pry, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- listen - v2.8.0 -

-

Listen to file modifications

-

The Listen gem listens to file modifications and notifies you about the changes. Works everywhere!

-
-
listen is required by:
-
guard
-
-
-
listen relies on:
-
celluloid, rb-fsevent, rb-inotify, bundler, celluloid-io, rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- lumberjack - v1.0.9 -

-

A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger.

-

A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. Provides support for automatically rolling log files even with multiple processes writing the same log file.

-
-
lumberjack is required by:
-
guard
-
-
-
-
-

- MIT - whitelisted - -

-
-

- method_source - v0.8.2 -

-

retrieve the sourcecode for a method

-

retrieve the sourcecode for a method

-
-
method_source is required by:
-
pry
-
-
-
method_source relies on:
-
rake
-
-
-
-
-

- MIT, Artistic 2.0, GPL-2 - whitelisted - -

-
-

- mime-types - v1.25.1 -

-

This library allows for the identification of a file's likely MIME content type

-

This library allows for the identification of a file's likely MIME content -type. This is release 1.25.1, fixing an issue with priority comparison for -mime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or -later. - -Release 1.25.1 contains all features of 1.25, including the experimental -caching and lazy loading functionality. The caching and lazy loading features -were initially implemented by Greg Brockman (gdb). As these features are -experimental, they are disabled by default and must be enabled through the use -of environment variables. The cache is invalidated on a per-version basis; the -cache for version 1.25 will not be reused for any later version. - -To use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+ -to any value other than 'false'. When using lazy loading, the initial startup -of MIME::Types is around 12–25× faster than normal startup (on my system, -normal startup is about 90 ms; lazy startup is about 4 ms). This isn't -generally useful, however, as the MIME::Types database has not been loaded. -Lazy startup and load is just *slightly* faster—around 1 ms. The real advantage -comes from using the cache. - -To enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a -filename where MIME::Types will have read-write access. The first time a new -version of MIME::Types is run using this file, it will be created, taking a -little longer than normal. Subsequent loads using the same cache file will be -approximately 3½× faster (25 ms) than normal loads. This can be combined with -+RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded -or multiprocess environment where all threads or processes will be using the -same cache file. - -As the caching interface is still experimental, the only values cached are the -default MIME::Types database, not any custom MIME::Types added by users. - -MIME types are used in MIME-compliant communications, as in e-mail or HTTP -traffic, to indicate the type of content which is transmitted. MIME::Types -provides the ability for detailed information about MIME entities (provided as -a set of MIME::Type objects) to be determined and used programmatically. There -are many types defined by RFCs and vendors, so the list is long but not -complete; don't hesitate to ask to add additional information. This library -follows the IANA collection of MIME types (see below for reference). - -MIME::Types for Ruby was originally based on MIME::Types for Perl by Mark -Overmeer, copyright 2001 - 2009. - -MIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It -tracks the {IANA registry}[http://www.iana.org/assignments/media-types/] -({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types -added from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp] -and added by the users of MIME::Types.

-
-
mime-types is required by:
-
ast, parser, libyajl2, ffi-yajl, ohai, rest-client, chef
-
-
-
mime-types relies on:
-
rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- mini_portile - v0.6.1 -

-

Simplistic port-like solution for developers

-

Simplistic port-like solution for developers. It provides a standard and simplified way to compile against dependency libraries without messing up your system.

-
-
mini_portile is required by:
-
nokogiri, sqlite3
-
-
-
-
-

- ruby - whitelisted - -

-
-

- minitar - v0.5.4 -

-

Provides POSIX tarchive management from Ruby programs.

-

Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files. The implementation is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been reorganised to promote reuse in other projects. Antoine Toulme forked the original project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar

-
-
minitar is required by:
-
berkshelf
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- mixlib-authentication - v1.3.0 -

-

Mixes in simple per-request authentication

-

Mixes in simple per-request authentication

-
-
mixlib-authentication is required by:
-
ridley, chef
-
-
-
mixlib-authentication relies on:
-
mixlib-log
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- mixlib-cli - v1.5.0 -

-

A simple mixin for CLI interfaces, including option parsing

-

A simple mixin for CLI interfaces, including option parsing

-
-
mixlib-cli is required by:
-
ohai, chef
-
-
-
mixlib-cli relies on:
-
rake, rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- mixlib-config - v2.1.0 -

-

A class based configuration library

-

A class based configuration library

-
-
mixlib-config is required by:
-
ohai, chef
-
-
-
mixlib-config relies on:
-
rake, rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- mixlib-log - v1.6.0 -

-

A gem that provides a simple mixin for log functionality

-

-
-
mixlib-log is required by:
-
mixlib-authentication, chef-zero, ohai, chef
-
-
-
mixlib-log relies on:
-
rake, rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- mixlib-shellout - v1.6.0 -

-

Run external commands on Unix or Windows

-

Run external commands on Unix or Windows

-
-
mixlib-shellout is required by:
-
ohai, chef, test-kitchen
-
-
-
mixlib-shellout relies on:
-
rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- multi_json - v1.10.1 -

-

A common interface to multiple JSON libraries.

-

A common interface to multiple JSON libraries, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, NSJSONSerialization, gson.rb, JrJackson, and OkJson.

-
-
multi_json is required by:
-
gherkin, serverspec
-
-
-
multi_json relies on:
-
bundler
-
-
-
-
-

- MIT - whitelisted - -

-
-

- multi_xml - v0.5.5 -

-

A generic swappable back-end for XML parsing

-

Provides swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML.

-
-
multi_xml is required by:
-
httparty
-
-
-
multi_xml relies on:
-
bundler
-
-
-
-
-

- MIT - whitelisted - -

-
-

- multipart-post - v2.0.0 -

-

A multipart form post accessory for Net::HTTP.

-

Use with Net::HTTP to do multipart form posts. IO values that have #content_type, #original_filename, and #local_path will be posted as a binary file.

-
-
multipart-post is required by:
-
faraday
-
-
-
-
-

- MIT - whitelisted - -

-
-

- net-http-persistent - v2.9.4 -

-

Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8

-

Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8. -It's thread-safe too! - -Using persistent HTTP connections can dramatically increase the speed of HTTP. -Creating a new HTTP connection for every request involves an extra TCP -round-trip and causes TCP congestion avoidance negotiation to start over. - -Net::HTTP supports persistent connections with some API methods but does not -handle reconnection gracefully. Net::HTTP::Persistent supports reconnection -and retry according to RFC 2616.

-
-
net-http-persistent is required by:
-
ridley
-
-
-
-
-

- MIT - whitelisted - -

-
-

- net-scp - v1.2.1 -

-

A pure Ruby implementation of the SCP client protocol

-

A pure Ruby implementation of the SCP client protocol

-
-
net-scp is required by:
-
test-kitchen, specinfra
-
-
-
net-scp relies on:
-
net-ssh
-
-
-
-
-

- MIT - whitelisted - -

-
-

- net-ssh - v2.9.1 -

-

Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.

-

Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.

-
-
net-ssh is required by:
-
net-ssh-gateway, net-ssh-multi, chef, fauxhai, net-scp, test-kitchen, specinfra
-
-
-
-
-

- MIT - whitelisted - -

-
-

- net-ssh-gateway - v1.2.0 -

-

A simple library to assist in establishing tunneled Net::SSH connections

-

A simple library to assist in establishing tunneled Net::SSH connections

-
-
net-ssh-gateway is required by:
-
net-ssh-multi
-
-
-
net-ssh-gateway relies on:
-
net-ssh
-
-
-
-
-

- MIT - whitelisted - -

-
-

- net-ssh-multi - v1.2.0 -

-

Control multiple Net::SSH connections via a single interface.

-

Control multiple Net::SSH connections via a single interface.

-
-
net-ssh-multi is required by:
-
chef
-
-
-
net-ssh-multi relies on:
-
net-ssh, net-ssh-gateway
-
-
-
-
-

- MIT - whitelisted - -

-
-

- nio4r - v1.0.1 -

-

NIO provides a high performance selector API for monitoring IO objects

-

New IO for Ruby

-
-
nio4r is required by:
-
celluloid-io
-
-
-
nio4r relies on:
-
rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- nokogiri - v1.6.4.1 -

-

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser

-

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's -many features is the ability to search documents via XPath or CSS3 selectors. - -XML is like violence - if it doesn’t solve your problems, you are not using -enough of it.

-
-
nokogiri is required by:
-
rspec-core, foodcritic
-
-
-
nokogiri relies on:
-
mini_portile, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- octokit - v3.5.2 -

-

Ruby toolkit for working with the GitHub API

-

Simple wrapper for the GitHub API

-
-
octokit is required by:
-
berkshelf
-
-
-
octokit relies on:
-
bundler, sawyer
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- ohai - v7.4.0 -

-

Ohai profiles your system and emits JSON

-

Ohai profiles your system and emits JSON

-
-
ohai is required by:
-
chef, fauxhai
-
-
-
ohai relies on:
-
mime-types, systemu, ffi-yajl, mixlib-cli, mixlib-config, mixlib-log, mixlib-shellout, ipaddress, wmi-lite, ffi, rake, rspec-core, rspec-expectations, rspec-mocks, chef
-
-
-
-
-

- MIT - whitelisted - -

-
-

- parser - v2.2.0.pre.8 -

-

A Ruby parser written in pure Ruby.

-

A Ruby parser written in pure Ruby.

-
-
parser is required by:
-
astrolabe, rubocop
-
-
-
parser relies on:
-
ast, slop, bundler, rake, mime-types, rest-client
-
-
-
-
-

- MIT - whitelisted - -

-
-

- plist - v3.1.0 -

-

All-purpose Property List manipulation library.

-

Plist is a library to manipulate Property List files, also known as plists. It can parse plist files into native Ruby data structures as well as generating new plist files from your Ruby objects. -

-
-
plist is required by:
-
chef
-
-
-
-
-

- MIT - whitelisted - -

-
-

- polyglot - v0.3.5 -

-

Augment 'require' to load non-Ruby file types

-

-The Polyglot library allows a Ruby module to register a loader -for the file type associated with a filename extension, and it -augments 'require' to find and load matching files.

-
-
polyglot is required by:
-
treetop
-
-
-
-
-

- MIT - whitelisted - -

-
-

- powerpack - v0.0.9 -

-

A few useful extensions to core Ruby classes.

-

A few useful extensions to core Ruby classes.

-
-
powerpack is required by:
-
rubocop
-
-
-
powerpack relies on:
-
bundler, rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- pry - v0.10.1 -

-

An IRB alternative and runtime developer console

-

An IRB alternative and runtime developer console

-
-
pry is required by:
-
ffi-yajl, wmi-lite, chef, guard, license_finder
-
-
-
pry relies on:
-
coderay, slop, method_source, bundler
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rack - v1.5.2 -

-

a modular Ruby webserver interface

-

Rack provides a minimal, modular and adaptable interface for developing -web applications in Ruby. By wrapping HTTP requests and responses in -the simplest way possible, it unifies and distills the API for web -servers, web frameworks, and software in between (the so-called -middleware) into a single method call. - -Also see http://rack.github.com/. -

-
-
rack is required by:
-
chef-zero, chef
-
-
-
rack relies on:
-
rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rainbow - v2.0.0 -

-

Colorize printed text on ANSI terminals

-

Colorize printed text on ANSI terminals

-
-
rainbow is required by:
-
rubocop
-
-
-
rainbow relies on:
-
bundler, rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rake - v10.3.2 (default) -

-

Rake is a Make-like program implemented in Ruby

-

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are -specified in standard Ruby syntax. - -Rake has the following features: - -* Rakefiles (rake's version of Makefiles) are completely defined in - standard Ruby syntax. No XML files to edit. No quirky Makefile - syntax to worry about (is that a tab or a space?) - -* Users can specify tasks with prerequisites. - -* Rake supports rule patterns to synthesize implicit tasks. - -* Flexible FileLists that act like arrays but know about manipulating - file names and paths. - -* A library of prepackaged tasks to make building rakefiles easier. For example, - tasks for building tarballs and publishing to FTP or SSH sites. (Formerly - tasks for building RDoc and Gems were included in rake but they're now - available in RDoc and RubyGems respectively.) - -* Supports parallel execution of tasks.

-
-
rake is required by:
-
addressable, ast, slop, parser, astrolabe, berkshelf-api-client, buff-extensions, hashie, varia_model, buff-config, buff-ruby_engine, buff-shell_out, hitimes, timers, celluloid, nio4r, celluloid-io, cleanroom, buff-ignore, mixlib-log, semverse, dep-selector-libgecode, ffi, dep_selector, berkshelf, busser, busser-serverspec, libyajl2, ffi-yajl, rack, chef-zero, diff-lcs, mime-types, mixlib-cli, mixlib-config, wmi-lite, ohai, method_source, chef, fauxhai, rspec-support, rspec-core, rspec-expectations, rspec-mocks, chefspec, gherkin, nokogiri, rufus-lru, treetop, foodcritic, formatador, listen, guard-rspec, test-kitchen, license_finder, powerpack, rainbow, rspec-its, rubocop, specinfra, serverspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rb-fsevent - v0.9.4 -

-

Very simple & usable FSEvents API

-

FSEvents API with Signals catching (without RubyCocoa)

-
-
rb-fsevent is required by:
-
celluloid-io, listen
-
-
-
rb-fsevent relies on:
-
bundler, rspec, guard-rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rb-inotify - v0.9.5 -

-

A Ruby wrapper for Linux's inotify, using FFI

-

A Ruby wrapper for Linux's inotify, using FFI

-
-
rb-inotify is required by:
-
listen
-
-
-
rb-inotify relies on:
-
ffi
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rest-client - v1.6.7 -

-

Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.

-

A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete.

-
-
rest-client is required by:
-
parser, chef
-
-
-
rest-client relies on:
-
mime-types, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- retryable - v1.3.6 -

-

Kernel#retryable, allow for retrying of code blocks.

-

Kernel#retryable, allow for retrying of code blocks.

-
-
retryable is required by:
-
ridley, berkshelf
-
-
-
retryable relies on:
-
bundler
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- ridley - v4.1.0 -

-

A reliable Chef API client with a clean syntax

-

A reliable Chef API client with a clean syntax

-
-
ridley is required by:
-
berkshelf
-
-
-
ridley relies on:
-
addressable, varia_model, buff-config, buff-extensions, buff-ignore, buff-shell_out, celluloid, celluloid-io, erubis, faraday, hashie, json, mixlib-authentication, net-http-persistent, retryable, semverse, buff-ruby_engine
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rspec - v3.1.0 -

-

rspec-3.1.0

-

BDD for Ruby

-
-
rspec is required by:
-
addressable, astrolabe, berkshelf-api-client, buff-extensions, hashie, varia_model, buff-config, buff-ruby_engine, buff-shell_out, timers, celluloid, nio4r, celluloid-io, cleanroom, buff-ignore, mixlib-log, ffi, dep_selector, berkshelf, libyajl2, ffi-yajl, chef-zero, diff-lcs, mixlib-cli, mixlib-config, mixlib-shellout, wmi-lite, rest-client, chefspec, gherkin, rufus-lru, treetop, yajl-ruby, rb-fsevent, listen, guard-rspec, license_finder, powerpack, rainbow, ruby-progressbar, rubocop, specinfra, serverspec
-
-
-
rspec relies on:
-
rspec-core, rspec-expectations, rspec-mocks
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rspec-core - v3.1.7 -

-

rspec-core-3.1.7

-

BDD for Ruby. RSpec runner and example groups.

-
-
rspec-core is required by:
-
ohai, chef, rspec, rspec-its
-
-
-
rspec-core relies on:
-
rspec-support, rake, nokogiri, coderay
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rspec-expectations - v3.1.2 -

-

rspec-expectations-3.1.2

-

rspec-expectations provides a simple, readable API to express expected outcomes of a code example.

-
-
rspec-expectations is required by:
-
ohai, chef, rspec, rspec-its
-
-
-
rspec-expectations relies on:
-
rspec-support, diff-lcs, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rspec-its - v1.1.0 -

-

Provides "its" method formally part of rspec-core

-

RSpec extension gem for attribute matching

-
-
rspec-its is required by:
-
license_finder, specinfra, serverspec
-
-
-
rspec-its relies on:
-
rspec-core, rspec-expectations, bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rspec-mocks - v3.1.3 -

-

rspec-mocks-3.1.3

-

RSpec's 'test double' framework, with support for stubbing and mocking

-
-
rspec-mocks is required by:
-
ohai, chef, rspec
-
-
-
rspec-mocks relies on:
-
rspec-support, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rspec-support - v3.1.2 -

-

rspec-support-3.1.2

-

Support utilities for RSpec gems

-
-
rspec-support is required by:
-
rspec-core, rspec-expectations, rspec-mocks
-
-
-
rspec-support relies on:
-
bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rubocop - v0.27.1 (default) -

-

Automatic Ruby code style checking tool.

-

Automatic Ruby code style checking tool. - Aims to enforce the community-driven Ruby Style Guide. -

-
-
rubocop is required by:
-
astrolabe, celluloid
-
-
-
rubocop relies on:
-
rainbow, parser, powerpack, astrolabe, ruby-progressbar, rake, rspec, bundler
-
-
-
-
-

- MIT - whitelisted - -

-
-

- ruby-progressbar - v1.7.0 -

-

Ruby/ProgressBar is a flexible text progress bar library for Ruby.

-

Ruby/ProgressBar is an extremely flexible text progress bar library for Ruby. -The output can be customized with a flexible formatting system including: -percentage, bars of various formats, elapsed time and estimated time remaining. -

-
-
ruby-progressbar is required by:
-
rubocop
-
-
-
ruby-progressbar relies on:
-
rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- rufus-lru - v1.0.5 -

-

A Hash with a max size, controlled by a LRU mechanism

-

LruHash class, a Hash with a max size, controlled by a LRU mechanism

-
-
rufus-lru is required by:
-
foodcritic
-
-
-
rufus-lru relies on:
-
rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- safe_yaml - v1.0.4 -

-

SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.

-

Parse YAML safely

-
-
safe_yaml is required by:
-
test-kitchen
-
-
-
-
-

- MIT - whitelisted - -

-
-

- sawyer - v0.5.5 -

-

Secret User Agent of HTTP

-

-
-
sawyer is required by:
-
octokit
-
-
-
sawyer relies on:
-
faraday, addressable
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- semverse - v1.2.1 -

-

An elegant library for representing and comparing SemVer versions and constraints

-

An elegant library for representing and comparing SemVer versions and constraints

-
-
semverse is required by:
-
ridley, solve
-
-
-
semverse relies on:
-
bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- sequel - v4.16.0 -

-

The Database Toolkit for Ruby

-

The Database Toolkit for Ruby

-
-
sequel is required by:
-
license_finder
-
-
-
-
-

- MIT - whitelisted - -

-
-

- serverspec - v2.3.1 (default) -

-

RSpec tests for your servers configured by Puppet, Chef or anything else

-

RSpec tests for your servers configured by Puppet, Chef or anything else

-
-
serverspec is required by:
-
busser-serverspec
-
-
-
serverspec relies on:
-
rspec, rspec-its, multi_json, specinfra, bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- slop - v3.6.0 -

-

Simple Lightweight Option Parsing

-

A simple DSL for gathering options and parsing the command line

-
-
slop is required by:
-
parser, pry
-
-
-
slop relies on:
-
rake
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- solve - v1.2.1 -

-

A Ruby version constraint solver implementing Semantic Versioning 2.0.0-rc.1

-

A Ruby version constraint solver

-
-
solve is required by:
-
dep_selector, berkshelf
-
-
-
solve relies on:
-
semverse, dep_selector
-
-
-
-
-

- MIT - whitelisted - -

-
-

- specinfra - v2.5.0 -

-

Common layer for serverspec and itamae

-

Common layer for serverspec and itamae

-
-
specinfra is required by:
-
serverspec
-
-
-
specinfra relies on:
-
net-ssh, net-scp, bundler, rake, rspec, rspec-its
-
-
-
-
-

- New BSD - whitelisted - -

-
-

- sqlite3 - v1.3.10 -

-

This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org)

-

This module allows Ruby programs to interface with the SQLite3 -database engine (http://www.sqlite.org). You must have the -SQLite engine installed in order to build this module. - -Note that this module is only compatible with SQLite 3.6.16 or newer.

-
-
sqlite3 is required by:
-
license_finder
-
-
-
sqlite3 relies on:
-
mini_portile
-
-
-
-
-

- ruby - whitelisted - -

-
-

- systemu - v2.6.4 -

-

systemu

-

universal capture of stdout and stderr and handling of child process pid for windows, *nix, etc.

-
-
systemu is required by:
-
ohai
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- test-kitchen - v1.2.1 (integration) -

-

Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.

-

Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.

-
-
test-kitchen is required by:
-
berkshelf, kitchen-vagrant
-
-
-
test-kitchen relies on:
-
mixlib-shellout, net-scp, net-ssh, safe_yaml, thor, bundler, rake
-
-
-
-
-

- MIT - whitelisted - -

-
-

- thor - v0.19.1 -

-

Thor is a toolkit for building powerful command-line interfaces.

-

Thor is a toolkit for building powerful command-line interfaces.

-
-
thor is required by:
-
buff-extensions, varia_model, buff-config, buff-ruby_engine, buff-shell_out, berkshelf, busser, guard, test-kitchen, license_finder
-
-
-
thor relies on:
-
bundler
-
-
-
-
-

- MIT - whitelisted - -

-
-

- timers - v4.0.1 -

-

Schedule procs to run after a certain time, or at periodic intervals, using any API that accepts a timeout

-

Pure Ruby one-shot and periodic timers

-
-
timers is required by:
-
celluloid
-
-
-
timers relies on:
-
hitimes, rake, rspec
-
-
-
-
-

- MIT - whitelisted - -

-
-

- treetop - v1.5.3 -

-

A Ruby-based text parsing and interpretation DSL

-

-
-
treetop is required by:
-
foodcritic
-
-
-
treetop relies on:
-
polyglot, rspec, rake
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- varia_model - v0.4.0 -

-

A mixin to provide objects with magic attribute reading and writing

-

A mixin to provide objects with magic attribute reading and writing

-
-
varia_model is required by:
-
buff-config, ridley
-
-
-
varia_model relies on:
-
hashie, buff-extensions, buff-ruby_engine, thor, bundler, rake, rspec, guard, guard-rspec
-
-
-
-
-

- Apache 2.0 - whitelisted - -

-
-

- wmi-lite - v1.0.0 -

-

A lightweight utility library for accessing basic WMI (Windows Management Instrumentation) functionality on Windows

-

A lightweight utility over win32ole for accessing basic WMI (Windows Management Instrumentation) functionality in the Microsoft Windows operating system. It has no runtime dependencies other than Ruby, so it can be used without concerns around dependency issues.

-
-
wmi-lite is required by:
-
ohai
-
-
-
wmi-lite relies on:
-
bundler, rspec, rake, pry
-
-
-
-
-

- ruby - whitelisted - -

-
-

- xml-simple - v1.1.4 -

-

A simple API for XML processing.

-

-
-
xml-simple is required by:
-
license_finder
-
-
-
-
-

- MIT - whitelisted - -

-
-

- yajl-ruby - v1.2.1 -

-

Ruby C bindings to the excellent Yajl JSON stream-based parser library.

-

-
-
yajl-ruby is required by:
-
foodcritic
-
-
-
yajl-ruby relies on:
-
rspec, json
-
-
-
-
- - diff --git a/cookbooks/redis/doc/license_finder/dependencies.md b/cookbooks/redis/doc/license_finder/dependencies.md deleted file mode 100644 index 581d441..0000000 --- a/cookbooks/redis/doc/license_finder/dependencies.md +++ /dev/null @@ -1,991 +0,0 @@ -# chef-redis - -As of November 22, 2014 9:37pm. 105 total - -## Summary -* 65 MIT -* 28 Apache 2.0 -* 5 ruby -* 1 Apache 2.0, MIT -* 1 BSD -* 1 Apache v2 -* 1 ISC -* 1 Artistic 2.0, GPL-2, MIT -* 1 GNU GPL v2, MIT, Perl Artistic v2 -* 1 New BSD - - - -## Items - - - -### addressable v2.3.6 -#### URI Implementation - -Apache 2.0 whitelisted - -Addressable is a replacement for the URI implementation that is part of -Ruby's standard library. It more closely conforms to the relevant RFCs and -adds support for IRIs and URI templates. - - - -### ast v2.0.0 -#### A library for working with Abstract Syntax Trees. - -MIT whitelisted - -A library for working with Abstract Syntax Trees. - - -### astrolabe v1.3.0 -#### An object-oriented AST extension for Parser - -MIT whitelisted - -An object-oriented AST extension for Parser - - -### berkshelf v3.2.1 (default) -#### Manages a Cookbook's, or an Application's, Cookbook dependencies - -Apache 2.0 whitelisted - -Manages a Cookbook's, or an Application's, Cookbook dependencies - - -### berkshelf-api-client v1.2.0 -#### API Client for communicating with a Berkshelf API server - -Apache 2.0 whitelisted - -API Client for communicating with a Berkshelf API server - - -### buff-config v1.0.1 -#### A simple configuration class - -Apache 2.0 whitelisted - -A simple configuration class - - -### buff-extensions v1.0.0 -#### Extensions to Core Ruby classes - -Apache 2.0 whitelisted - -Extensions to Core Ruby classes - - -### buff-ignore v1.1.1 -#### A Ruby library for parsing lists of files and applying pattern matching exclusion (such as .gitignore) - -Apache 2.0 whitelisted - -Parse ignore files with Ruby - - -### buff-ruby_engine v0.1.0 -#### Buff up your code with a mixin for querying the platform running Ruby - -Apache 2.0 whitelisted - -A mixin for querying the platform running Ruby - - -### buff-shell_out v0.2.0 -#### Buff up your code with a mixin for issuing shell commands and collecting the output - -Apache 2.0 whitelisted - -A mixin for issuing shell commands and collecting the output - - -### bundler v1.7.6 -#### - -MIT whitelisted - - - -### busser v0.6.0 -#### Kitchen Busser - Runs tests for projects in test-kitchen - -Apache 2.0 whitelisted - -Kitchen Busser - Runs tests for projects in test-kitchen - - -### busser-serverspec v0.5.3 (integration) -#### A Busser runner plugin for Serverspec - -Apache 2.0 whitelisted - -A Busser runner plugin for Serverspec - - -### celluloid v0.16.0 -#### Actor-based concurrent object framework for Ruby - -MIT whitelisted - -Celluloid enables people to build concurrent programs out of concurrent objects just as easily as they build sequential programs out of sequential objects - - -### celluloid-io v0.16.1 -#### Celluloid::IO allows you to monitor multiple IO objects within a Celluloid actor - -MIT whitelisted - -Evented IO for Celluloid actors - - -### chef v11.16.4 (default) -#### A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure. - -Apache 2.0 whitelisted - -A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure. - - -### chef-zero v2.2.1 -#### Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes - -Apache 2.0 whitelisted - -Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes - - -### chefspec v4.1.1 (default) -#### Write RSpec examples and generate coverage reports for Chef recipes! - -MIT whitelisted - -ChefSpec is a unit testing and resource coverage (code coverage) framework for testing Chef cookbooks ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers. - - -### cleanroom v1.0.0 -#### (More) safely evaluate Ruby DSLs with cleanroom - -Apache 2.0 whitelisted - -Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code! - - -### coderay v1.1.0 -#### Fast syntax highlighting for selected languages. - -MIT whitelisted - -Fast and easy syntax highlighting for selected languages, written in Ruby. Comes with RedCloth integration and LOC counter. - - -### dep-selector-libgecode v1.0.2 -#### Installs a vendored copy of Gecode suitable for use with dep-selector - -MIT, Apache 2.0 whitelisted - -Installs a vendored copy of Gecode suitable for use with dep-selector - - -### dep_selector v1.0.3 -#### Given packages, versions, and a dependency graph, find a valid assignment of package versions - -Apache v2 whitelisted - -Given packages, versions, and a dependency graph, find a valid assignment of package versions - - -### diff-lcs v1.2.5 -#### Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm - -MIT, Perl Artistic v2, GNU GPL v2 whitelisted - -Diff::LCS computes the difference between two Enumerable sequences using the -McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities -to create a simple HTML diff output format and a standard diff-like tool. - -This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did -not properly prune common sequences at the beginning of a comparison set. -Thanks to Paul Kunysch for fixing this issue. - -Coincident with the release of diff-lcs 1.2.3, we reported an issue with -Rubinius in 1.9 mode -({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]). -We are happy to report that this issue has been resolved. - - -### erubis v2.7.0 -#### a fast and extensible eRuby implementation which supports multi-language - -MIT whitelisted - - Erubis is an implementation of eRuby and has the following features: - - * Very fast, almost three times faster than ERB and about 10% faster than eruby. - * Multi-language support (Ruby/PHP/C/Java/Scheme/Perl/Javascript) - * Auto escaping support - * Auto trimming spaces around '<% %>' - * Embedded pattern changeable (default '<% %>') - * Enable to handle Processing Instructions (PI) as embedded pattern (ex. '') - * Context object available and easy to combine eRuby template with YAML datafile - * Print statement available - * Easy to extend and customize in subclass - * Ruby on Rails support - - - -### faraday v0.9.0 -#### HTTP/REST API client library. - -MIT whitelisted - - - -### fauxhai v2.2.0 -#### Fauxhai provides an easy way to mock out your ohai data for testing with chefspec! - -MIT whitelisted - -Easily mock out ohai data - - -### ffi v1.9.6 -#### Ruby FFI - -BSD whitelisted - -Ruby FFI library - - -### ffi-yajl v1.3.0 -#### Ruby FFI wrapper around YAJL 2.x - -Apache 2.0 whitelisted - -Ruby FFI wrapper around YAJL 2.x - - -### foodcritic v4.0.0 (default) -#### foodcritic-4.0.0 - -MIT whitelisted - -Lint tool for Opscode Chef cookbooks. - - -### formatador v0.2.5 -#### Ruby STDOUT text formatting - -MIT whitelisted - -STDOUT text formatting - - -### gherkin v2.12.2 -#### gherkin-2.12.2 - -MIT whitelisted - -A fast Gherkin lexer/parser based on the Ragel State Machine Compiler. - - -### guard v2.8.2 -#### Guard keeps an eye on your file modifications - -MIT whitelisted - -Guard is a command line tool to easily handle events on file system modifications. - - -### guard-rspec v4.3.1 (integration) -#### Guard gem for RSpec - -MIT whitelisted - -Guard::RSpec automatically run your specs (much like autotest). - - -### hashie v2.1.2 -#### Your friendly neighborhood hash library. - -MIT whitelisted - -Hashie is a collection of classes and mixins that make hashes more powerful. - - -### highline v1.6.21 -#### HighLine is a high-level command-line IO library. - -ruby whitelisted - -A high-level IO library that provides validation, type conversion, and more for -command-line interfaces. HighLine also includes a complete menu system that can -crank out anything from simple list selection to complete shells with just -minutes of work. - - - -### hitimes v1.2.2 -#### Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. - -ISC whitelisted - -Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. It currently supports any of the following systems: * any system with the POSIX call `clock_gettime()` * Mac OS X * Windows * JRuby Using Hitimes can be faster than using a series of `Time.new` calls, and it will have a much higher granularity. It is definitely faster than using `Process.times`. - - -### httparty v0.13.3 -#### Makes http fun! Also, makes consuming restful web services dead easy. - -MIT whitelisted - -Makes http fun! Also, makes consuming restful web services dead easy. - - -### ipaddress v0.8.0 -#### IPv4/IPv6 addresses manipulation library - -MIT whitelisted - - IPAddress is a Ruby library designed to make manipulation - of IPv4 and IPv6 addresses both powerful and simple. It mantains - a layer of compatibility with Ruby's own IPAddr, while - addressing many of its issues. - - - -### json v1.8.1 -#### This json is bundled with Ruby - -ruby whitelisted - - - -### kitchen-vagrant v0.15.0 (integration) -#### Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen. - -Apache 2.0 whitelisted - -Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen. - - -### libyajl2 v1.2.0 -#### Installs a vendored copy of libyajl2 for distributions which lack it - -Apache 2.0 whitelisted - -Installs a vendored copy of libyajl2 for distributions which lack it - - -### license_finder v1.2 (default) -#### Audit the OSS licenses of your application's dependencies. - -MIT whitelisted - - LicenseFinder works with your package managers to find - dependencies, detect the licenses of the packages in them, compare - those licenses against a user-defined whitelist, and give you an - actionable exception report. - - - -### listen v2.8.0 -#### Listen to file modifications - -MIT whitelisted - -The Listen gem listens to file modifications and notifies you about the changes. Works everywhere! - - -### lumberjack v1.0.9 -#### A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. - -MIT whitelisted - -A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. Provides support for automatically rolling log files even with multiple processes writing the same log file. - - -### method_source v0.8.2 -#### retrieve the sourcecode for a method - -MIT whitelisted - -retrieve the sourcecode for a method - - -### mime-types v1.25.1 -#### This library allows for the identification of a file's likely MIME content type - -MIT, Artistic 2.0, GPL-2 whitelisted - -This library allows for the identification of a file's likely MIME content -type. This is release 1.25.1, fixing an issue with priority comparison for -mime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or -later. - -Release 1.25.1 contains all features of 1.25, including the experimental -caching and lazy loading functionality. The caching and lazy loading features -were initially implemented by Greg Brockman (gdb). As these features are -experimental, they are disabled by default and must be enabled through the use -of environment variables. The cache is invalidated on a per-version basis; the -cache for version 1.25 will not be reused for any later version. - -To use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+ -to any value other than 'false'. When using lazy loading, the initial startup -of MIME::Types is around 12–25× faster than normal startup (on my system, -normal startup is about 90 ms; lazy startup is about 4 ms). This isn't -generally useful, however, as the MIME::Types database has not been loaded. -Lazy startup and load is just *slightly* faster—around 1 ms. The real advantage -comes from using the cache. - -To enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a -filename where MIME::Types will have read-write access. The first time a new -version of MIME::Types is run using this file, it will be created, taking a -little longer than normal. Subsequent loads using the same cache file will be -approximately 3½× faster (25 ms) than normal loads. This can be combined with -+RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded -or multiprocess environment where all threads or processes will be using the -same cache file. - -As the caching interface is still experimental, the only values cached are the -default MIME::Types database, not any custom MIME::Types added by users. - -MIME types are used in MIME-compliant communications, as in e-mail or HTTP -traffic, to indicate the type of content which is transmitted. MIME::Types -provides the ability for detailed information about MIME entities (provided as -a set of MIME::Type objects) to be determined and used programmatically. There -are many types defined by RFCs and vendors, so the list is long but not -complete; don't hesitate to ask to add additional information. This library -follows the IANA collection of MIME types (see below for reference). - -MIME::Types for Ruby was originally based on MIME::Types for Perl by Mark -Overmeer, copyright 2001 - 2009. - -MIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It -tracks the {IANA registry}[http://www.iana.org/assignments/media-types/] -({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types -added from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp] -and added by the users of MIME::Types. - - -### mini_portile v0.6.1 -#### Simplistic port-like solution for developers - -MIT whitelisted - -Simplistic port-like solution for developers. It provides a standard and simplified way to compile against dependency libraries without messing up your system. - - -### minitar v0.5.4 -#### Provides POSIX tarchive management from Ruby programs. - -ruby whitelisted - -Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files. The implementation is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been reorganised to promote reuse in other projects. Antoine Toulme forked the original project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar - - -### mixlib-authentication v1.3.0 -#### Mixes in simple per-request authentication - -Apache 2.0 whitelisted - -Mixes in simple per-request authentication - - -### mixlib-cli v1.5.0 -#### A simple mixin for CLI interfaces, including option parsing - -Apache 2.0 whitelisted - -A simple mixin for CLI interfaces, including option parsing - - -### mixlib-config v2.1.0 -#### A class based configuration library - -Apache 2.0 whitelisted - -A class based configuration library - - -### mixlib-log v1.6.0 -#### A gem that provides a simple mixin for log functionality - -Apache 2.0 whitelisted - - - -### mixlib-shellout v1.6.0 -#### Run external commands on Unix or Windows - -Apache 2.0 whitelisted - -Run external commands on Unix or Windows - - -### multi_json v1.10.1 -#### A common interface to multiple JSON libraries. - -MIT whitelisted - -A common interface to multiple JSON libraries, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, NSJSONSerialization, gson.rb, JrJackson, and OkJson. - - -### multi_xml v0.5.5 -#### A generic swappable back-end for XML parsing - -MIT whitelisted - -Provides swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML. - - -### multipart-post v2.0.0 -#### A multipart form post accessory for Net::HTTP. - -MIT whitelisted - -Use with Net::HTTP to do multipart form posts. IO values that have #content_type, #original_filename, and #local_path will be posted as a binary file. - - -### net-http-persistent v2.9.4 -#### Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8 - -MIT whitelisted - -Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8. -It's thread-safe too! - -Using persistent HTTP connections can dramatically increase the speed of HTTP. -Creating a new HTTP connection for every request involves an extra TCP -round-trip and causes TCP congestion avoidance negotiation to start over. - -Net::HTTP supports persistent connections with some API methods but does not -handle reconnection gracefully. Net::HTTP::Persistent supports reconnection -and retry according to RFC 2616. - - -### net-scp v1.2.1 -#### A pure Ruby implementation of the SCP client protocol - -MIT whitelisted - -A pure Ruby implementation of the SCP client protocol - - -### net-ssh v2.9.1 -#### Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. - -MIT whitelisted - -Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2. - - -### net-ssh-gateway v1.2.0 -#### A simple library to assist in establishing tunneled Net::SSH connections - -MIT whitelisted - -A simple library to assist in establishing tunneled Net::SSH connections - - -### net-ssh-multi v1.2.0 -#### Control multiple Net::SSH connections via a single interface. - -MIT whitelisted - -Control multiple Net::SSH connections via a single interface. - - -### nio4r v1.0.1 -#### NIO provides a high performance selector API for monitoring IO objects - -MIT whitelisted - -New IO for Ruby - - -### nokogiri v1.6.4.1 -#### Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser - -MIT whitelisted - -Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's -many features is the ability to search documents via XPath or CSS3 selectors. - -XML is like violence - if it doesn’t solve your problems, you are not using -enough of it. - - -### octokit v3.5.2 -#### Ruby toolkit for working with the GitHub API - -MIT whitelisted - -Simple wrapper for the GitHub API - - -### ohai v7.4.0 -#### Ohai profiles your system and emits JSON - -Apache 2.0 whitelisted - -Ohai profiles your system and emits JSON - - -### parser v2.2.0.pre.8 -#### A Ruby parser written in pure Ruby. - -MIT whitelisted - -A Ruby parser written in pure Ruby. - - -### plist v3.1.0 -#### All-purpose Property List manipulation library. - -MIT whitelisted - -Plist is a library to manipulate Property List files, also known as plists. It can parse plist files into native Ruby data structures as well as generating new plist files from your Ruby objects. - - - -### polyglot v0.3.5 -#### Augment 'require' to load non-Ruby file types - -MIT whitelisted - - -The Polyglot library allows a Ruby module to register a loader -for the file type associated with a filename extension, and it -augments 'require' to find and load matching files. - - -### powerpack v0.0.9 -#### A few useful extensions to core Ruby classes. - -MIT whitelisted - -A few useful extensions to core Ruby classes. - - -### pry v0.10.1 -#### An IRB alternative and runtime developer console - -MIT whitelisted - -An IRB alternative and runtime developer console - - -### rack v1.5.2 -#### a modular Ruby webserver interface - -MIT whitelisted - -Rack provides a minimal, modular and adaptable interface for developing -web applications in Ruby. By wrapping HTTP requests and responses in -the simplest way possible, it unifies and distills the API for web -servers, web frameworks, and software in between (the so-called -middleware) into a single method call. - -Also see http://rack.github.com/. - - - -### rainbow v2.0.0 -#### Colorize printed text on ANSI terminals - -MIT whitelisted - -Colorize printed text on ANSI terminals - - -### rake v10.3.2 (default) -#### Rake is a Make-like program implemented in Ruby - -MIT whitelisted - -Rake is a Make-like program implemented in Ruby. Tasks and dependencies are -specified in standard Ruby syntax. - -Rake has the following features: - -* Rakefiles (rake's version of Makefiles) are completely defined in - standard Ruby syntax. No XML files to edit. No quirky Makefile - syntax to worry about (is that a tab or a space?) - -* Users can specify tasks with prerequisites. - -* Rake supports rule patterns to synthesize implicit tasks. - -* Flexible FileLists that act like arrays but know about manipulating - file names and paths. - -* A library of prepackaged tasks to make building rakefiles easier. For example, - tasks for building tarballs and publishing to FTP or SSH sites. (Formerly - tasks for building RDoc and Gems were included in rake but they're now - available in RDoc and RubyGems respectively.) - -* Supports parallel execution of tasks. - - -### rb-fsevent v0.9.4 -#### Very simple & usable FSEvents API - -MIT whitelisted - -FSEvents API with Signals catching (without RubyCocoa) - - -### rb-inotify v0.9.5 -#### A Ruby wrapper for Linux's inotify, using FFI - -MIT whitelisted - -A Ruby wrapper for Linux's inotify, using FFI - - -### rest-client v1.6.7 -#### Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions. - -MIT whitelisted - -A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete. - - -### retryable v1.3.6 -#### Kernel#retryable, allow for retrying of code blocks. - -MIT whitelisted - -Kernel#retryable, allow for retrying of code blocks. - - -### ridley v4.1.0 -#### A reliable Chef API client with a clean syntax - -Apache 2.0 whitelisted - -A reliable Chef API client with a clean syntax - - -### rspec v3.1.0 -#### rspec-3.1.0 - -MIT whitelisted - -BDD for Ruby - - -### rspec-core v3.1.7 -#### rspec-core-3.1.7 - -MIT whitelisted - -BDD for Ruby. RSpec runner and example groups. - - -### rspec-expectations v3.1.2 -#### rspec-expectations-3.1.2 - -MIT whitelisted - -rspec-expectations provides a simple, readable API to express expected outcomes of a code example. - - -### rspec-its v1.1.0 -#### Provides "its" method formally part of rspec-core - -MIT whitelisted - -RSpec extension gem for attribute matching - - -### rspec-mocks v3.1.3 -#### rspec-mocks-3.1.3 - -MIT whitelisted - -RSpec's 'test double' framework, with support for stubbing and mocking - - -### rspec-support v3.1.2 -#### rspec-support-3.1.2 - -MIT whitelisted - -Support utilities for RSpec gems - - -### rubocop v0.27.1 (default) -#### Automatic Ruby code style checking tool. - -MIT whitelisted - - Automatic Ruby code style checking tool. - Aims to enforce the community-driven Ruby Style Guide. - - - -### ruby-progressbar v1.7.0 -#### Ruby/ProgressBar is a flexible text progress bar library for Ruby. - -MIT whitelisted - -Ruby/ProgressBar is an extremely flexible text progress bar library for Ruby. -The output can be customized with a flexible formatting system including: -percentage, bars of various formats, elapsed time and estimated time remaining. - - - -### rufus-lru v1.0.5 -#### A Hash with a max size, controlled by a LRU mechanism - -MIT whitelisted - -LruHash class, a Hash with a max size, controlled by a LRU mechanism - - -### safe_yaml v1.0.4 -#### SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications. - -MIT whitelisted - -Parse YAML safely - - -### sawyer v0.5.5 -#### Secret User Agent of HTTP - -MIT whitelisted - - - -### semverse v1.2.1 -#### An elegant library for representing and comparing SemVer versions and constraints - -Apache 2.0 whitelisted - -An elegant library for representing and comparing SemVer versions and constraints - - -### sequel v4.16.0 -#### The Database Toolkit for Ruby - -MIT whitelisted - -The Database Toolkit for Ruby - - -### serverspec v2.3.1 (default) -#### RSpec tests for your servers configured by Puppet, Chef or anything else - -MIT whitelisted - -RSpec tests for your servers configured by Puppet, Chef or anything else - - -### slop v3.6.0 -#### Simple Lightweight Option Parsing - -MIT whitelisted - -A simple DSL for gathering options and parsing the command line - - -### solve v1.2.1 -#### A Ruby version constraint solver implementing Semantic Versioning 2.0.0-rc.1 - -Apache 2.0 whitelisted - -A Ruby version constraint solver - - -### specinfra v2.5.0 -#### Common layer for serverspec and itamae - -MIT whitelisted - -Common layer for serverspec and itamae - - -### sqlite3 v1.3.10 -#### This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org) - -New BSD whitelisted - -This module allows Ruby programs to interface with the SQLite3 -database engine (http://www.sqlite.org). You must have the -SQLite engine installed in order to build this module. - -Note that this module is only compatible with SQLite 3.6.16 or newer. - - -### systemu v2.6.4 -#### systemu - -ruby whitelisted - -universal capture of stdout and stderr and handling of child process pid for windows, *nix, etc. - - -### test-kitchen v1.2.1 (integration) -#### Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms. - -Apache 2.0 whitelisted - -Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms. - - -### thor v0.19.1 -#### Thor is a toolkit for building powerful command-line interfaces. - -MIT whitelisted - -Thor is a toolkit for building powerful command-line interfaces. - - -### timers v4.0.1 -#### Schedule procs to run after a certain time, or at periodic intervals, using any API that accepts a timeout - -MIT whitelisted - -Pure Ruby one-shot and periodic timers - - -### treetop v1.5.3 -#### A Ruby-based text parsing and interpretation DSL - -MIT whitelisted - - - -### varia_model v0.4.0 -#### A mixin to provide objects with magic attribute reading and writing - -Apache 2.0 whitelisted - -A mixin to provide objects with magic attribute reading and writing - - -### wmi-lite v1.0.0 -#### A lightweight utility library for accessing basic WMI (Windows Management Instrumentation) functionality on Windows - -Apache 2.0 whitelisted - -A lightweight utility over win32ole for accessing basic WMI (Windows Management Instrumentation) functionality in the Microsoft Windows operating system. It has no runtime dependencies other than Ruby, so it can be used without concerns around dependency issues. - - -### xml-simple v1.1.4 -#### A simple API for XML processing. - -ruby whitelisted - - - -### yajl-ruby v1.2.1 -#### Ruby C bindings to the excellent Yajl JSON stream-based parser library. - -MIT whitelisted - diff --git a/cookbooks/redis/doc/license_finder/dependencies_detailed.csv b/cookbooks/redis/doc/license_finder/dependencies_detailed.csv deleted file mode 100644 index b529837..0000000 --- a/cookbooks/redis/doc/license_finder/dependencies_detailed.csv +++ /dev/null @@ -1,234 +0,0 @@ -addressable,2.3.6,Apache 2.0,URI Implementation,"Addressable is a replacement for the URI implementation that is part of -Ruby's standard library. It more closely conforms to the relevant RFCs and -adds support for IRIs and URI templates." -ast,2.0.0,MIT,A library for working with Abstract Syntax Trees.,A library for working with Abstract Syntax Trees. -astrolabe,1.3.0,MIT,An object-oriented AST extension for Parser,An object-oriented AST extension for Parser -berkshelf,3.2.1,Apache 2.0,"Manages a Cookbook's, or an Application's, Cookbook dependencies","Manages a Cookbook's, or an Application's, Cookbook dependencies" -berkshelf-api-client,1.2.0,Apache 2.0,API Client for communicating with a Berkshelf API server,API Client for communicating with a Berkshelf API server -buff-config,1.0.1,Apache 2.0,A simple configuration class,A simple configuration class -buff-extensions,1.0.0,Apache 2.0,Extensions to Core Ruby classes,Extensions to Core Ruby classes -buff-ignore,1.1.1,Apache 2.0,A Ruby library for parsing lists of files and applying pattern matching exclusion (such as .gitignore),Parse ignore files with Ruby -buff-ruby_engine,0.1.0,Apache 2.0,Buff up your code with a mixin for querying the platform running Ruby,A mixin for querying the platform running Ruby -buff-shell_out,0.2.0,Apache 2.0,Buff up your code with a mixin for issuing shell commands and collecting the output,A mixin for issuing shell commands and collecting the output -bundler,1.7.6,MIT,"","" -busser,0.6.0,Apache 2.0,Kitchen Busser - Runs tests for projects in test-kitchen,Kitchen Busser - Runs tests for projects in test-kitchen -busser-serverspec,0.5.3,Apache 2.0,A Busser runner plugin for Serverspec,A Busser runner plugin for Serverspec -celluloid,0.16.0,MIT,Actor-based concurrent object framework for Ruby,Celluloid enables people to build concurrent programs out of concurrent objects just as easily as they build sequential programs out of sequential objects -celluloid-io,0.16.1,MIT,Celluloid::IO allows you to monitor multiple IO objects within a Celluloid actor,Evented IO for Celluloid actors -chef,11.16.4,Apache 2.0,"A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.","A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure." -chef-zero,2.2.1,Apache 2.0,"Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes","Self-contained, easy-setup, fast-start in-memory Chef server for testing and solo setup purposes" -chefspec,4.1.1,MIT,Write RSpec examples and generate coverage reports for Chef recipes!,ChefSpec is a unit testing and resource coverage (code coverage) framework for testing Chef cookbooks ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers. -cleanroom,1.0.0,Apache 2.0,(More) safely evaluate Ruby DSLs with cleanroom,"Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!" -coderay,1.1.0,MIT,Fast syntax highlighting for selected languages.,"Fast and easy syntax highlighting for selected languages, written in Ruby. Comes with RedCloth integration and LOC counter." -dep-selector-libgecode,1.0.2,"MIT,Apache 2.0",Installs a vendored copy of Gecode suitable for use with dep-selector,Installs a vendored copy of Gecode suitable for use with dep-selector -dep_selector,1.0.3,Apache v2,"Given packages, versions, and a dependency graph, find a valid assignment of package versions","Given packages, versions, and a dependency graph, find a valid assignment of package versions" -diff-lcs,1.2.5,"MIT,Perl Artistic v2,GNU GPL v2",Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm,"Diff::LCS computes the difference between two Enumerable sequences using the -McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities -to create a simple HTML diff output format and a standard diff-like tool. - -This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did -not properly prune common sequences at the beginning of a comparison set. -Thanks to Paul Kunysch for fixing this issue. - -Coincident with the release of diff-lcs 1.2.3, we reported an issue with -Rubinius in 1.9 mode -({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]). -We are happy to report that this issue has been resolved." -erubis,2.7.0,MIT,a fast and extensible eRuby implementation which supports multi-language,"Erubis is an implementation of eRuby and has the following features: - - * Very fast, almost three times faster than ERB and about 10% faster than eruby. - * Multi-language support (Ruby/PHP/C/Java/Scheme/Perl/Javascript) - * Auto escaping support - * Auto trimming spaces around '<% %>' - * Embedded pattern changeable (default '<% %>') - * Enable to handle Processing Instructions (PI) as embedded pattern (ex. '') - * Context object available and easy to combine eRuby template with YAML datafile - * Print statement available - * Easy to extend and customize in subclass - * Ruby on Rails support" -faraday,0.9.0,MIT,HTTP/REST API client library.,"" -fauxhai,2.2.0,MIT,Fauxhai provides an easy way to mock out your ohai data for testing with chefspec!,Easily mock out ohai data -ffi,1.9.6,BSD,Ruby FFI,Ruby FFI library -ffi-yajl,1.3.0,Apache 2.0,Ruby FFI wrapper around YAJL 2.x,Ruby FFI wrapper around YAJL 2.x -foodcritic,4.0.0,MIT,foodcritic-4.0.0,Lint tool for Opscode Chef cookbooks. -formatador,0.2.5,MIT,Ruby STDOUT text formatting,STDOUT text formatting -gherkin,2.12.2,MIT,gherkin-2.12.2,A fast Gherkin lexer/parser based on the Ragel State Machine Compiler. -guard,2.8.2,MIT,Guard keeps an eye on your file modifications,Guard is a command line tool to easily handle events on file system modifications. -guard-rspec,4.3.1,MIT,Guard gem for RSpec,Guard::RSpec automatically run your specs (much like autotest). -hashie,2.1.2,MIT,Your friendly neighborhood hash library.,Hashie is a collection of classes and mixins that make hashes more powerful. -highline,1.6.21,ruby,HighLine is a high-level command-line IO library.,"A high-level IO library that provides validation, type conversion, and more for -command-line interfaces. HighLine also includes a complete menu system that can -crank out anything from simple list selection to complete shells with just -minutes of work." -hitimes,1.2.2,ISC,"Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible.","Hitimes is a fast, high resolution timer library for recording performance metrics. It uses the appropriate low method calls for each system to get the highest granularity time increments possible. It currently supports any of the following systems: * any system with the POSIX call `clock_gettime()` * Mac OS X * Windows * JRuby Using Hitimes can be faster than using a series of `Time.new` calls, and it will have a much higher granularity. It is definitely faster than using `Process.times`." -httparty,0.13.3,MIT,"Makes http fun! Also, makes consuming restful web services dead easy.","Makes http fun! Also, makes consuming restful web services dead easy." -ipaddress,0.8.0,MIT,IPv4/IPv6 addresses manipulation library,"IPAddress is a Ruby library designed to make manipulation - of IPv4 and IPv6 addresses both powerful and simple. It mantains - a layer of compatibility with Ruby's own IPAddr, while - addressing many of its issues." -json,1.8.1,ruby,This json is bundled with Ruby,"" -kitchen-vagrant,0.15.0,Apache 2.0,Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen.,Kitchen::Driver::Vagrant - A Vagrant Driver for Test Kitchen. -libyajl2,1.2.0,Apache 2.0,Installs a vendored copy of libyajl2 for distributions which lack it,Installs a vendored copy of libyajl2 for distributions which lack it -license_finder,1.2,MIT,Audit the OSS licenses of your application's dependencies.,"LicenseFinder works with your package managers to find - dependencies, detect the licenses of the packages in them, compare - those licenses against a user-defined whitelist, and give you an - actionable exception report." -listen,2.8.0,MIT,Listen to file modifications,The Listen gem listens to file modifications and notifies you about the changes. Works everywhere! -lumberjack,1.0.9,MIT,"A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger.","A simple, powerful, and very fast logging utility that can be a drop in replacement for Logger or ActiveSupport::BufferedLogger. Provides support for automatically rolling log files even with multiple processes writing the same log file." -method_source,0.8.2,MIT,retrieve the sourcecode for a method,retrieve the sourcecode for a method -mime-types,1.25.1,"MIT,Artistic 2.0,GPL-2",This library allows for the identification of a file's likely MIME content type,"This library allows for the identification of a file's likely MIME content -type. This is release 1.25.1, fixing an issue with priority comparison for -mime-types 1.x. The current release is 2.0, which only supports Ruby 1.9 or -later. - -Release 1.25.1 contains all features of 1.25, including the experimental -caching and lazy loading functionality. The caching and lazy loading features -were initially implemented by Greg Brockman (gdb). As these features are -experimental, they are disabled by default and must be enabled through the use -of environment variables. The cache is invalidated on a per-version basis; the -cache for version 1.25 will not be reused for any later version. - -To use lazy loading, set the environment variable +RUBY_MIME_TYPES_LAZY_LOAD+ -to any value other than 'false'. When using lazy loading, the initial startup -of MIME::Types is around 12–25× faster than normal startup (on my system, -normal startup is about 90 ms; lazy startup is about 4 ms). This isn't -generally useful, however, as the MIME::Types database has not been loaded. -Lazy startup and load is just *slightly* faster—around 1 ms. The real advantage -comes from using the cache. - -To enable the cache, set the environment variable +RUBY_MIME_TYPES_CACHE+ to a -filename where MIME::Types will have read-write access. The first time a new -version of MIME::Types is run using this file, it will be created, taking a -little longer than normal. Subsequent loads using the same cache file will be -approximately 3½× faster (25 ms) than normal loads. This can be combined with -+RUBY_MIME_TYPES_LAZY_LOAD+, but this is *not* recommended in a multithreaded -or multiprocess environment where all threads or processes will be using the -same cache file. - -As the caching interface is still experimental, the only values cached are the -default MIME::Types database, not any custom MIME::Types added by users. - -MIME types are used in MIME-compliant communications, as in e-mail or HTTP -traffic, to indicate the type of content which is transmitted. MIME::Types -provides the ability for detailed information about MIME entities (provided as -a set of MIME::Type objects) to be determined and used programmatically. There -are many types defined by RFCs and vendors, so the list is long but not -complete; don't hesitate to ask to add additional information. This library -follows the IANA collection of MIME types (see below for reference). - -MIME::Types for Ruby was originally based on MIME::Types for Perl by Mark -Overmeer, copyright 2001 - 2009. - -MIME::Types is built to conform to the MIME types of RFCs 2045 and 2231. It -tracks the {IANA registry}[http://www.iana.org/assignments/media-types/] -({ftp}[ftp://ftp.iana.org/assignments/media-types]) with some unofficial types -added from the {LTSW collection}[http://www.ltsw.se/knbase/internet/mime.htp] -and added by the users of MIME::Types." -mini_portile,0.6.1,MIT,Simplistic port-like solution for developers,Simplistic port-like solution for developers. It provides a standard and simplified way to compile against dependency libraries without messing up your system. -minitar,0.5.4,ruby,Provides POSIX tarchive management from Ruby programs.,"Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files. The implementation is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been reorganised to promote reuse in other projects. Antoine Toulme forked the original project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar" -mixlib-authentication,1.3.0,Apache 2.0,Mixes in simple per-request authentication,Mixes in simple per-request authentication -mixlib-cli,1.5.0,Apache 2.0,"A simple mixin for CLI interfaces, including option parsing","A simple mixin for CLI interfaces, including option parsing" -mixlib-config,2.1.0,Apache 2.0,A class based configuration library,A class based configuration library -mixlib-log,1.6.0,Apache 2.0,A gem that provides a simple mixin for log functionality,"" -mixlib-shellout,1.6.0,Apache 2.0,Run external commands on Unix or Windows,Run external commands on Unix or Windows -multi_json,1.10.1,MIT,A common interface to multiple JSON libraries.,"A common interface to multiple JSON libraries, including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem, NSJSONSerialization, gson.rb, JrJackson, and OkJson." -multi_xml,0.5.5,MIT,A generic swappable back-end for XML parsing,"Provides swappable XML backends utilizing LibXML, Nokogiri, Ox, or REXML." -multipart-post,2.0.0,MIT,A multipart form post accessory for Net::HTTP.,"Use with Net::HTTP to do multipart form posts. IO values that have #content_type, #original_filename, and #local_path will be posted as a binary file." -net-http-persistent,2.9.4,MIT,Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8,"Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8. -It's thread-safe too! - -Using persistent HTTP connections can dramatically increase the speed of HTTP. -Creating a new HTTP connection for every request involves an extra TCP -round-trip and causes TCP congestion avoidance negotiation to start over. - -Net::HTTP supports persistent connections with some API methods but does not -handle reconnection gracefully. Net::HTTP::Persistent supports reconnection -and retry according to RFC 2616." -net-scp,1.2.1,MIT,A pure Ruby implementation of the SCP client protocol,A pure Ruby implementation of the SCP client protocol -net-ssh,2.9.1,MIT,Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.,"Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2." -net-ssh-gateway,1.2.0,MIT,A simple library to assist in establishing tunneled Net::SSH connections,A simple library to assist in establishing tunneled Net::SSH connections -net-ssh-multi,1.2.0,MIT,Control multiple Net::SSH connections via a single interface.,Control multiple Net::SSH connections via a single interface. -nio4r,1.0.1,MIT,NIO provides a high performance selector API for monitoring IO objects,New IO for Ruby -nokogiri,1.6.4.1,MIT,"Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser","Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's -many features is the ability to search documents via XPath or CSS3 selectors. - -XML is like violence - if it doesn’t solve your problems, you are not using -enough of it." -octokit,3.5.2,MIT,Ruby toolkit for working with the GitHub API,Simple wrapper for the GitHub API -ohai,7.4.0,Apache 2.0,Ohai profiles your system and emits JSON,Ohai profiles your system and emits JSON -parser,2.2.0.pre.8,MIT,A Ruby parser written in pure Ruby.,A Ruby parser written in pure Ruby. -plist,3.1.0,MIT,All-purpose Property List manipulation library.,"Plist is a library to manipulate Property List files, also known as plists. It can parse plist files into native Ruby data structures as well as generating new plist files from your Ruby objects." -polyglot,0.3.5,MIT,Augment 'require' to load non-Ruby file types,"The Polyglot library allows a Ruby module to register a loader -for the file type associated with a filename extension, and it -augments 'require' to find and load matching files." -powerpack,0.0.9,MIT,A few useful extensions to core Ruby classes.,A few useful extensions to core Ruby classes. -pry,0.10.1,MIT,An IRB alternative and runtime developer console,An IRB alternative and runtime developer console -rack,1.5.2,MIT,a modular Ruby webserver interface,"Rack provides a minimal, modular and adaptable interface for developing -web applications in Ruby. By wrapping HTTP requests and responses in -the simplest way possible, it unifies and distills the API for web -servers, web frameworks, and software in between (the so-called -middleware) into a single method call. - -Also see http://rack.github.com/." -rainbow,2.0.0,MIT,Colorize printed text on ANSI terminals,Colorize printed text on ANSI terminals -rake,10.3.2,MIT,Rake is a Make-like program implemented in Ruby,"Rake is a Make-like program implemented in Ruby. Tasks and dependencies are -specified in standard Ruby syntax. - -Rake has the following features: - -* Rakefiles (rake's version of Makefiles) are completely defined in - standard Ruby syntax. No XML files to edit. No quirky Makefile - syntax to worry about (is that a tab or a space?) - -* Users can specify tasks with prerequisites. - -* Rake supports rule patterns to synthesize implicit tasks. - -* Flexible FileLists that act like arrays but know about manipulating - file names and paths. - -* A library of prepackaged tasks to make building rakefiles easier. For example, - tasks for building tarballs and publishing to FTP or SSH sites. (Formerly - tasks for building RDoc and Gems were included in rake but they're now - available in RDoc and RubyGems respectively.) - -* Supports parallel execution of tasks." -rb-fsevent,0.9.4,MIT,Very simple & usable FSEvents API,FSEvents API with Signals catching (without RubyCocoa) -rb-inotify,0.9.5,MIT,"A Ruby wrapper for Linux's inotify, using FFI","A Ruby wrapper for Linux's inotify, using FFI" -rest-client,1.6.7,MIT,"Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.","A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete." -retryable,1.3.6,MIT,"Kernel#retryable, allow for retrying of code blocks.","Kernel#retryable, allow for retrying of code blocks." -ridley,4.1.0,Apache 2.0,A reliable Chef API client with a clean syntax,A reliable Chef API client with a clean syntax -rspec,3.1.0,MIT,rspec-3.1.0,BDD for Ruby -rspec-core,3.1.7,MIT,rspec-core-3.1.7,BDD for Ruby. RSpec runner and example groups. -rspec-expectations,3.1.2,MIT,rspec-expectations-3.1.2,"rspec-expectations provides a simple, readable API to express expected outcomes of a code example." -rspec-its,1.1.0,MIT,"Provides ""its"" method formally part of rspec-core",RSpec extension gem for attribute matching -rspec-mocks,3.1.3,MIT,rspec-mocks-3.1.3,"RSpec's 'test double' framework, with support for stubbing and mocking" -rspec-support,3.1.2,MIT,rspec-support-3.1.2,Support utilities for RSpec gems -rubocop,0.27.1,MIT,Automatic Ruby code style checking tool.,"Automatic Ruby code style checking tool. - Aims to enforce the community-driven Ruby Style Guide." -ruby-progressbar,1.7.0,MIT,Ruby/ProgressBar is a flexible text progress bar library for Ruby.,"Ruby/ProgressBar is an extremely flexible text progress bar library for Ruby. -The output can be customized with a flexible formatting system including: -percentage, bars of various formats, elapsed time and estimated time remaining." -rufus-lru,1.0.5,MIT,"A Hash with a max size, controlled by a LRU mechanism","LruHash class, a Hash with a max size, controlled by a LRU mechanism" -safe_yaml,1.0.4,MIT,SameYAML provides an alternative implementation of YAML.load suitable for accepting user input in Ruby applications.,Parse YAML safely -sawyer,0.5.5,MIT,Secret User Agent of HTTP,"" -semverse,1.2.1,Apache 2.0,An elegant library for representing and comparing SemVer versions and constraints,An elegant library for representing and comparing SemVer versions and constraints -sequel,4.16.0,MIT,The Database Toolkit for Ruby,The Database Toolkit for Ruby -serverspec,2.3.1,MIT,"RSpec tests for your servers configured by Puppet, Chef or anything else","RSpec tests for your servers configured by Puppet, Chef or anything else" -slop,3.6.0,MIT,Simple Lightweight Option Parsing,A simple DSL for gathering options and parsing the command line -solve,1.2.1,Apache 2.0,A Ruby version constraint solver implementing Semantic Versioning 2.0.0-rc.1,A Ruby version constraint solver -specinfra,2.5.0,MIT,Common layer for serverspec and itamae,Common layer for serverspec and itamae -sqlite3,1.3.10,New BSD,This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org),"This module allows Ruby programs to interface with the SQLite3 -database engine (http://www.sqlite.org). You must have the -SQLite engine installed in order to build this module. - -Note that this module is only compatible with SQLite 3.6.16 or newer." -systemu,2.6.4,ruby,systemu,"universal capture of stdout and stderr and handling of child process pid for windows, *nix, etc." -test-kitchen,1.2.1,Apache 2.0,Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.,Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms. -thor,0.19.1,MIT,Thor is a toolkit for building powerful command-line interfaces.,Thor is a toolkit for building powerful command-line interfaces. -timers,4.0.1,MIT,"Schedule procs to run after a certain time, or at periodic intervals, using any API that accepts a timeout",Pure Ruby one-shot and periodic timers -treetop,1.5.3,MIT,A Ruby-based text parsing and interpretation DSL,"" -varia_model,0.4.0,Apache 2.0,A mixin to provide objects with magic attribute reading and writing,A mixin to provide objects with magic attribute reading and writing -wmi-lite,1.0.0,Apache 2.0,A lightweight utility library for accessing basic WMI (Windows Management Instrumentation) functionality on Windows,"A lightweight utility over win32ole for accessing basic WMI (Windows Management Instrumentation) functionality in the Microsoft Windows operating system. It has no runtime dependencies other than Ruby, so it can be used without concerns around dependency issues." -xml-simple,1.1.4,ruby,A simple API for XML processing.,"" -yajl-ruby,1.2.1,MIT,Ruby C bindings to the excellent Yajl JSON stream-based parser library.,"" diff --git a/cookbooks/redis/files/default/tests/minitest/client_test.rb b/cookbooks/redis/files/default/tests/minitest/client_test.rb deleted file mode 100644 index 8295e75..0000000 --- a/cookbooks/redis/files/default/tests/minitest/client_test.rb +++ /dev/null @@ -1,7 +0,0 @@ -require_relative "test_helper" - -describe_recipe "redis::client" do - it "installed the `redis-tools` package" do - package("redis-tools").must_be_installed - end -end diff --git a/cookbooks/redis/files/default/tests/minitest/default_test.rb b/cookbooks/redis/files/default/tests/minitest/default_test.rb deleted file mode 100644 index 7a8d743..0000000 --- a/cookbooks/redis/files/default/tests/minitest/default_test.rb +++ /dev/null @@ -1,19 +0,0 @@ -require_relative "test_helper" - -describe_recipe "redis::default" do - let(:apt_path) do - "/etc/apt/sources.list.d" - end - - it "set up an apt repository" do - repo = { - "debian" => { name: "dotdeb", content: "dotdeb" }, - "ubuntu" => { name: "chris-lea-redis-server", content: "chris-lea" } - }[node["platform"]] - - apt_file = "#{apt_path}/#{repo[:name]}.list" - - file(apt_file).must_exist - file(apt_file).must_include repo[:content] - end -end diff --git a/cookbooks/redis/files/default/tests/minitest/server_test.rb b/cookbooks/redis/files/default/tests/minitest/server_test.rb deleted file mode 100644 index d6a085b..0000000 --- a/cookbooks/redis/files/default/tests/minitest/server_test.rb +++ /dev/null @@ -1,48 +0,0 @@ -require_relative "test_helper" - -describe_recipe "redis::server" do - it "installed the `redis-server` package" do - package("redis-server").must_be_installed - end - - it "enabled the `redis-server` service" do - service("redis-server").must_be_enabled - end - - it "started the `redis-server` service" do - service("redis-server").must_be_running - end - - describe "data directory" do - let(:dir) do - directory node["redis"]["dir"] - end - - it { dir.must_exist } - it { dir.must_have :owner, "redis" } - it { dir.must_have :group, "redis" } - it { dir.must_have :mode, "750" } - end - - describe "redis.conf" do - let(:conf) do - file "/etc/redis/redis.conf" - end - - it { conf.must_exist } - it { conf.must_have :owner, "root" } - it { conf.must_have :group, "root" } - it { conf.must_have :mode, "644" } - end - - describe "`default` file" do - let(:default) do - file "/etc/default/redis-server" - end - - it { default.must_exist } - it { default.must_have :owner, "root" } - it { default.must_have :group, "root" } - it { default.must_have :mode, "644" } - end -end diff --git a/cookbooks/redis/files/default/tests/minitest/test_helper.rb b/cookbooks/redis/files/default/tests/minitest/test_helper.rb deleted file mode 100644 index 2b82ba7..0000000 --- a/cookbooks/redis/files/default/tests/minitest/test_helper.rb +++ /dev/null @@ -1,5 +0,0 @@ -require "minitest/spec" - -include MiniTest::Chef::Assertions -include MiniTest::Chef::Context -include MiniTest::Chef::Resources diff --git a/cookbooks/redis/metadata.json b/cookbooks/redis/metadata.json deleted file mode 100644 index 52f0342..0000000 --- a/cookbooks/redis/metadata.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "name": "redis", - "description": "Installs and configures Redis", - "long_description": "", - "maintainer": "Phil Cohen", - "maintainer_email": "github@phlippers.net", - "license": "MIT", - "platforms": { - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0" - }, - "dependencies": { - "apt": ">= 0.0.0" - }, - "providing": { - - }, - "recipes": { - "redis::default": "Sets up ppa apt repository", - "redis::server": "Installs redis server", - "redis::client": "Installs redis client" - }, - "version": "0.5.6", - "source_url": "", - "issues_url": "", - "privacy": false, - "chef_versions": [ - - ], - "ohai_versions": [ - - ], - "gems": [ - - ], - "eager_load_libraries": true -} diff --git a/cookbooks/redis/metadata.rb b/cookbooks/redis/metadata.rb deleted file mode 100644 index d67a2c7..0000000 --- a/cookbooks/redis/metadata.rb +++ /dev/null @@ -1,15 +0,0 @@ -name "redis" -maintainer "Phil Cohen" -maintainer_email "github@phlippers.net" -license "MIT" -description "Installs and configures Redis" -version "0.5.6" - -recipe "redis::default", "Sets up ppa apt repository" -recipe "redis::server", "Installs redis server" -recipe "redis::client", "Installs redis client" - -supports "debian" -supports "ubuntu" - -depends "apt" diff --git a/cookbooks/redis/recipes/client.rb b/cookbooks/redis/recipes/client.rb deleted file mode 100644 index f80ac1e..0000000 --- a/cookbooks/redis/recipes/client.rb +++ /dev/null @@ -1,10 +0,0 @@ -# -# Cookbook Name:: redis -# Recipe:: client -# - -include_recipe "redis::default" - -package "redis-tools" do - action node["redis"]["auto_upgrade"] ? :upgrade : :install -end diff --git a/cookbooks/redis/recipes/default.rb b/cookbooks/redis/recipes/default.rb deleted file mode 100644 index 496ec29..0000000 --- a/cookbooks/redis/recipes/default.rb +++ /dev/null @@ -1,11 +0,0 @@ -# -# Cookbook Name:: redis -# Recipe:: default -# -apt_repository node["redis"]["apt_repository"] do - uri node["redis"]["apt_uri"] - distribution node["redis"]["apt_distribution"] - components node["redis"]["apt_components"] - keyserver node["redis"]["apt_keyserver"] - key node["redis"]["apt_key"] -end diff --git a/cookbooks/redis/recipes/server.rb b/cookbooks/redis/recipes/server.rb deleted file mode 100644 index 7d22d4b..0000000 --- a/cookbooks/redis/recipes/server.rb +++ /dev/null @@ -1,38 +0,0 @@ -# -# Cookbook Name:: redis -# Recipe:: server -# - -include_recipe "redis::default" - -package "redis-server" do - action node["redis"]["auto_upgrade"] ? :upgrade : :install -end - -directory node["redis"]["dir"] do - owner "redis" - group "redis" - mode "0750" - recursive true -end - -service "redis-server" do - supports restart: true - action [:enable, :start] -end - -template "/etc/redis/redis.conf" do - source "redis.conf.erb" - owner "root" - group "root" - mode "0644" - notifies :restart, "service[redis-server]" -end - -template "/etc/default/redis-server" do - source "default_redis-server.erb" - owner "root" - group "root" - mode "0644" - notifies :restart, "service[redis-server]" -end diff --git a/cookbooks/redis/spec/client_spec.rb b/cookbooks/redis/spec/client_spec.rb deleted file mode 100644 index fda98a4..0000000 --- a/cookbooks/redis/spec/client_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -require "spec_helper" - -describe "redis::client" do - let(:chef_run) do - ChefSpec::SoloRunner.new.converge(described_recipe) - end - - it { expect(chef_run).to include_recipe("redis::default") } - - describe "package installation" do - describe "default action" do - it { expect(chef_run).to install_package("redis-tools") } - it { expect(chef_run).to_not upgrade_package("redis-tools") } - end - - describe "when `auto_upgrade` is `true`" do - let(:chef_run) do - ChefSpec::SoloRunner.new do |node| - node.set["redis"]["auto_upgrade"] = true - end.converge(described_recipe) - end - - it { expect(chef_run).to_not install_package("redis-tools") } - it { expect(chef_run).to upgrade_package("redis-tools") } - end - end -end diff --git a/cookbooks/redis/spec/default_spec.rb b/cookbooks/redis/spec/default_spec.rb deleted file mode 100644 index e228887..0000000 --- a/cookbooks/redis/spec/default_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -require "spec_helper" - -describe "redis::default" do - let(:chef_run) do - ChefSpec::SoloRunner.new.converge(described_recipe) - end - - it { expect(chef_run).to add_apt_repository("chris-lea-redis-server") } - - # debian family setup - context "using debian platform" do - let(:chef_run) do - env_options = { platform: "debian", version: "6.0.5" } - ChefSpec::SoloRunner.new(env_options).converge(described_recipe) - end - - it { expect(chef_run).to add_apt_repository("dotdeb") } - end -end diff --git a/cookbooks/redis/spec/server_spec.rb b/cookbooks/redis/spec/server_spec.rb deleted file mode 100644 index 7e0dfd3..0000000 --- a/cookbooks/redis/spec/server_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -require "spec_helper" - -describe "redis::server" do - let(:chef_run) do - ChefSpec::SoloRunner.new.converge(described_recipe) - end - - it { expect(chef_run).to include_recipe("redis::default") } - - describe "package installation" do - describe "default action" do - it { expect(chef_run).to install_package("redis-server") } - it { expect(chef_run).to_not upgrade_package("redis-server") } - end - - describe "when `auto_upgrade` is `true`" do - let(:chef_run) do - ChefSpec::SoloRunner.new do |node| - node.set["redis"]["auto_upgrade"] = true - end.converge(described_recipe) - end - - it { expect(chef_run).to_not install_package("redis-server") } - it { expect(chef_run).to upgrade_package("redis-server") } - end - end - - it "creates the data directory" do - expect(chef_run).to create_directory("/var/lib/redis").with( - owner: "redis", - group: "redis", - mode: "0750", - recursive: true - ) - end - - it { expect(chef_run).to enable_service("redis-server") } - it { expect(chef_run).to start_service("redis-server") } - - it "creates `/etc/redis/redis.conf`" do - path = "/etc/redis/redis.conf" - - expect(chef_run).to create_template(path).with( - source: "redis.conf.erb", - owner: "root", - group: "root", - mode: "0644" - ) - - expect(chef_run.template(path)).to( - notify("service[redis-server]").to(:restart) - ) - end - - it "creates `/etc/default/redis-server`" do - path = "/etc/default/redis-server" - - expect(chef_run).to create_template(path).with( - source: "default_redis-server.erb", - owner: "root", - group: "root", - mode: "0644" - ) - - expect(chef_run.template(path)).to( - notify("service[redis-server]").to(:restart) - ) - end -end diff --git a/cookbooks/redis/spec/spec_helper.rb b/cookbooks/redis/spec/spec_helper.rb deleted file mode 100644 index 75a73c8..0000000 --- a/cookbooks/redis/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -begin - require "chefspec" - require "chefspec/berkshelf" -rescue LoadError - puts "Unable to run `chefspec`" - exit -end - -RSpec.configure do |config| - config.platform = "ubuntu" - config.version = "12.04" - config.log_level = :error - config.raise_errors_for_deprecations! -end - -def add_apt_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :add, resource_name) -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/redis/templates/default/default_redis-server.erb b/cookbooks/redis/templates/default/default_redis-server.erb deleted file mode 100644 index 9a24ec7..0000000 --- a/cookbooks/redis/templates/default/default_redis-server.erb +++ /dev/null @@ -1,12 +0,0 @@ -# redis-server configure options - -# ULIMIT: Call ulimit -n with this argument prior to invoking Redis itself. -# This may be required for high-concurrency environments. Redis itself cannot -# alter its limits as it is not being run as root. (default: do not call -# ulimit) -# -<% if node["redis"]["ulimit"] && !node["redis"]["ulimit"].empty? %> -ULIMIT=<%= node["redis"]["ulimit"] %> -<% else %> -# ULIMIT=65536 -<% end %> diff --git a/cookbooks/redis/templates/default/redis.conf.erb b/cookbooks/redis/templates/default/redis.conf.erb deleted file mode 100644 index 474e881..0000000 --- a/cookbooks/redis/templates/default/redis.conf.erb +++ /dev/null @@ -1,556 +0,0 @@ -# Redis configuration file example - -# Note on units: when memory size is needed, it is possible to specifiy -# it in the usual form of 1k 5GB 4M and so forth: -# -# 1k => 1000 bytes -# 1kb => 1024 bytes -# 1m => 1000000 bytes -# 1mb => 1024*1024 bytes -# 1g => 1000000000 bytes -# 1gb => 1024*1024*1024 bytes -# -# units are case insensitive so 1GB 1Gb 1gB are all the same. - -# By default Redis does not run as a daemon. Use 'yes' if you need it. -# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. -daemonize <%= node["redis"]["daemonize"] %> - -# When running daemonized, Redis writes a pid file in /var/run/redis.pid by -# default. You can specify a custom pid file location here. -pidfile <%= node["redis"]["pidfile"] %> - -# Accept connections on the specified port, default is 6379. -# If port 0 is specified Redis will not listen on a TCP socket. -port <%= node["redis"]["port"] %> - -# If you want you can bind a single interface, if the bind option is not -# specified all the interfaces will listen for incoming connections. -# -<% unless node["redis"]["bind"].empty? %> -bind <%= node["redis"]["bind"] %> -<% end %> - -# Specify the path for the unix socket that will be used to listen for -# incoming connections. There is no default, so Redis will not listen -# on a unix socket when not specified. -# -<% unless node["redis"]["unixsocket"].empty? %> -unixsocket <%= node["redis"]["unixsocket"] %> -unixsocketperm <%= node["redis"]["unixsocketperm"] %> -<% end %> - -# Close the connection after a client is idle for N seconds (0 to disable) -timeout <%= node["redis"]["timeout"] %> - -# Set server verbosity to 'debug' -# it can be one of: -# debug (a lot of information, useful for development/testing) -# verbose (many rarely useful info, but not a mess like the debug level) -# notice (moderately verbose, what you want in production probably) -# warning (only very important / critical messages are logged) -loglevel <%= node["redis"]["loglevel"] %> - -# Specify the log file name. Also 'stdout' can be used to force -# Redis to log on the standard output. Note that if you use standard -# output for logging but daemonize, logs will be sent to /dev/null -logfile <%= node["redis"]["logfile"] %> - -# To enable logging to the system logger, just set 'syslog-enabled' to yes, -# and optionally update the other syslog parameters to suit your needs. -syslog-enabled <%= node["redis"]["syslog_enabled"] %> - -<% if node["redis"]["syslog_enabled"] == "yes" %> -# Specify the syslog identity. -syslog-ident <%= node["redis"]["syslog_ident"] %> - -# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. -syslog-facility <%= node["redis"]["syslog_facility"] %> -<% end %> - -# Set the number of databases. The default database is DB 0, you can select -# a different one on a per-connection basis using SELECT where -# dbid is a number between 0 and 'databases'-1 -databases <%= node["redis"]["databases"] %> - -################################ SNAPSHOTTING ################################# -# -# Save the DB on disk: -# -# save -# -# Will save the DB if both the given number of seconds and the given -# number of write operations against the DB occurred. -# -# In the example below the behaviour will be to save: -# after 900 sec (15 min) if at least 1 key changed -# after 300 sec (5 min) if at least 10 keys changed -# after 60 sec if at least 10000 keys changed -# -# Note: you can disable saving at all commenting all the "save" lines. -# -# It is also possible to remove all the previously configured save -# points by adding a save directive with a single empty string argument -# like in the following example: -# -# save "" - -<% node["redis"]["snapshots"].each do |interval, keys| %> -save <%= "#{interval} #{keys}" %> -<% end %> - -# By default Redis will stop accepting writes if RDB snapshots are enabled -# (at least one save point) and the latest background save failed. -# This will make the user aware (in an hard way) that data is not persisting -# on disk properly, otherwise chances are that no one will notice and some -# distater will happen. -# -# If the background saving process will start working again Redis will -# automatically allow writes again. -# -# However if you have setup your proper monitoring of the Redis server -# and persistence, you may want to disable this feature so that Redis will -# continue to work as usually even if there are problems with disk, -# permissions, and so forth. -stop-writes-on-bgsave-error <%= node["redis"]["stop_writes_on_bgsave_error"] %> - -# Compress string objects using LZF when dump .rdb databases? -# For default that's set to 'yes' as it's almost always a win. -# If you want to save some CPU in the saving child set it to 'no' but -# the dataset will likely be bigger if you have compressible values or keys. -rdbcompression <%= node["redis"]["rdbcompression"] %> - -# Since verison 5 of RDB a CRC64 checksum is placed at the end of the file. -# This makes the format more resistant to corruption but there is a performance -# hit to pay (around 10%) when saving and loading RDB files, so you can disable it -# for maximum performances. -# -# RDB files created with checksum disabled have a checksum of zero that will -# tell the loading code to skip the check. -rdbchecksum <%= node["redis"]["rdbchecksum"] %> - -# The filename where to dump the DB -dbfilename <%= node["redis"]["dbfilename"] %> - -# The working directory. -# -# The DB will be written inside this directory, with the filename specified -# above using the 'dbfilename' configuration directive. -# -# Also the Append Only File will be created inside this directory. -# -# Note that you must specify a directory here, not a file name. -dir <%= node["redis"]["dir"] %> - -################################# REPLICATION ################################# - -# Master-Slave replication. Use slaveof to make a Redis instance a copy of -# another Redis server. Note that the configuration is local to the slave -# so for example it is possible to configure the slave to save the DB with a -# different interval, or to listen to another port, and so on. -# -# slaveof -<% if node["redis"]["slaveof"] && !node["redis"]["slaveof"].empty? %> -slaveof <%= node["redis"]["slaveof"] %> -<% end %> - -# If the master is password protected (using the "requirepass" configuration -# directive below) it is possible to tell the slave to authenticate before -# starting the replication synchronization process, otherwise the master will -# refuse the slave request. -# -# masterauth -<% if node["redis"]["masterauth"] && !node["redis"]["masterauth"].empty? %> -masterauth <%= node["redis"]["masterauth"] %> -<% end %> - -# When a slave lost the connection with the master, or when the replication -# is still in progress, the slave can act in two different ways: -# -# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will -# still reply to client requests, possibly with out of data data, or the -# data set may just be empty if this is the first synchronization. -# -# 2) if slave-serve-stale data is set to 'no' the slave will reply with -# an error "SYNC with master in progress" to all the kind of commands -# but to INFO and SLAVEOF. -# -slave-serve-stale-data <%= node["redis"]["slave_serve_stale_data"] %> - -# You can configure a slave instance to accept writes or not. Writing against -# a slave instance may be useful to store some ephemeral data (because data -# written on a slave will be easily deleted after resync with the master) but -# may also cause problems if clients are writing to it because of a -# misconfiguration. -# -# Since Redis 2.6 by default slaves are read-only. -# -# Note: read only slaves are not designed to be exposed to untrusted clients -# on the internet. It's just a protection layer against misuse of the instance. -# Still a read only slave exports by default all the administrative commands -# such as CONFIG, DEBUG, and so forth. To a limited extend you can improve -# security of read only slaves using 'rename-command' to shadow all the -# administrative / dangerous commands. -slave-read-only <%= node["redis"]["slave_read_only"] %> - -# Slaves send PINGs to server in a predefined interval. It's possible to change -# this interval with the repl_ping_slave_period option. The default value is 10 -# seconds. -# -repl-ping-slave-period <%= node["redis"]["repl_ping_slave_period"] %> - -# The following option sets a timeout for both Bulk transfer I/O timeout and -# master data or ping response timeout. The default value is 60 seconds. -# -# It is important to make sure that this value is greater than the value -# specified for repl-ping-slave-period otherwise a timeout will be detected -# every time there is low traffic between the master and the slave. -# -repl-timeout <%= node["redis"]["repl_timeout"] %> - -# The slave priority is an integer number published by Redis in the INFO output. -# It is used by Redis Sentinel in order to select a slave to promote into a -# master if the master is no longer working correctly. -# -# A slave with a low priority number is considered better for promotion, so -# for instance if there are three slaves with priority 10, 100, 25 Sentinel will -# pick the one wtih priority 10, that is the lowest. -# -# However a special priority of 0 marks the slave as not able to perform the -# role of master, so a slave with priority of 0 will never be selected by -# Redis Sentinel for promotion. -# -# By default the priority is 100. -slave-priority <%= node["redis"]["slave_priority"] %> - -################################## SECURITY ################################### - -# Require clients to issue AUTH before processing any other -# commands. This might be useful in environments in which you do not trust -# others with access to the host running redis-server. -# -# This should stay commented out for backward compatibility and because most -# people do not need auth (e.g. they run their own servers). -# -# Warning: since Redis is pretty fast an outside user can try up to -# 150k passwords per second against a good box. This means that you should -# use a very strong password otherwise it will be very easy to break. -# -# requirepass foobared -<% if node["redis"]["requirepass"] && !node["redis"]["requirepass"].empty? %> -requirepass <%= node["redis"]["requirepass"] %> -<% end %> - -# Command renaming. -# -# It is possilbe to change the name of dangerous commands in a shared -# environment. For instance the CONFIG command may be renamed into something -# of hard to guess so that it will be still available for internal-use -# tools but not available for general clients. -# -# Example: -# -# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 -# -# It is also possilbe to completely kill a command renaming it into -# an empty string: -# -# rename-command CONFIG "" -<% node["redis"]["rename_commands"].each do |command| %> -rename-command <%= command %> -<% end %> - -################################### LIMITS #################################### - -# Set the max number of connected clients at the same time. By default there -# is no limit, and it's up to the number of file descriptors the Redis process -# is able to open. The special value '0' means no limits. -# Once the limit is reached Redis will close all the new connections sending -# an error 'max number of clients reached'. -# -maxclients <%= node["redis"]["maxclients"] %> - -# Don't use more memory than the specified amount of bytes. -# When the memory limit is reached Redis will try to remove keys -# accordingly to the eviction policy selected (see maxmemmory-policy). -# -# If Redis can't remove keys according to the policy, or if the policy is -# set to 'noeviction', Redis will start to reply with errors to commands -# that would use more memory, like SET, LPUSH, and so on, and will continue -# to reply to read-only commands like GET. -# -# This option is usually useful when using Redis as an LRU cache, or to set -# an hard memory limit for an instance (using the 'noeviction' policy). -# -# WARNING: If you have slaves attached to an instance with maxmemory on, -# the size of the output buffers needed to feed the slaves are subtracted -# from the used memory count, so that network problems / resyncs will -# not trigger a loop where keys are evicted, and in turn the output -# buffer of slaves is full with DELs of keys evicted triggering the deletion -# of more keys, and so forth until the database is completely emptied. -# -# In short... if you have slaves attached it is suggested that you set a lower -# limit for maxmemory so that there is some free RAM on the system for slave -# output buffers (but this is not needed if the policy is 'noeviction'). -# -maxmemory <%= node["redis"]["maxmemory"] %> - -# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory -# is reached? You can select among five behavior: -# -# volatile-lru -> remove the key with an expire set using an LRU algorithm -# allkeys-lru -> remove any key accordingly to the LRU algorithm -# volatile-random -> remove a random key with an expire set -# allkeys->random -> remove a random key, any key -# volatile-ttl -> remove the key with the nearest expire time (minor TTL) -# noeviction -> don't expire at all, just return an error on write operations -# -# Note: with all the kind of policies, Redis will return an error on write -# operations, when there are not suitable keys for eviction. -# -# At the date of writing this commands are: set setnx setex append -# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd -# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby -# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby -# getset mset msetnx exec sort -# -# The default is: -# -# maxmemory-policy volatile-lru -maxmemory-policy <%= node["redis"]["maxmemory_policy"] %> - -# LRU and minimal TTL algorithms are not precise algorithms but approximated -# algorithms (in order to save memory), so you can select as well the sample -# size to check. For instance for default Redis will check three keys and -# pick the one that was used less recently, you can change the sample size -# using the following configuration directive. -# -# maxmemory-samples 3 -maxmemory-samples <%= node["redis"]["maxmemory_samples"] %> - -############################## APPEND ONLY MODE ############################### - -# By default Redis asynchronously dumps the dataset on disk. If you can live -# with the idea that the latest records will be lost if something like a crash -# happens this is the preferred way to run Redis. If instead you care a lot -# about your data and don't want to that a single record can get lost you should -# enable the append only mode: when this mode is enabled Redis will append -# every write operation received in the file appendonly.aof. This file will -# be read on startup in order to rebuild the full dataset in memory. -# -# Note that you can have both the async dumps and the append only file if you -# like (you have to comment the "save" statements above to disable the dumps). -# Still if append only mode is enabled Redis will load the data from the -# log file at startup ignoring the dump.rdb file. -# -# IMPORTANT: Check the BGREWRITEAOF to check how to rewrite the append -# log file in background when it gets too big. - -appendonly <%= node["redis"]["appendonly"] %> - -# The name of the append only file (default: "appendonly.aof") -appendfilename <%= node["redis"]["appendfilename"] %> - -# The fsync() call tells the Operating System to actually write data on disk -# instead to wait for more data in the output buffer. Some OS will really flush -# data on disk, some other OS will just try to do it ASAP. -# -# Redis supports three different modes: -# -# no: don't fsync, just let the OS flush the data when it wants. Faster. -# always: fsync after every write to the append only log . Slow, Safest. -# everysec: fsync only if one second passed since the last fsync. Compromise. -# -# The default is "everysec" that's usually the right compromise between -# speed and data safety. It's up to you to understand if you can relax this to -# "no" that will will let the operating system flush the output buffer when -# it wants, for better performances (but if you can live with the idea of -# some data loss consider the default persistence mode that's snapshotting), -# or on the contrary, use "always" that's very slow but a bit safer than -# everysec. -# -# If unsure, use "everysec". - -# appendfsync always -appendfsync <%= node["redis"]["appendfsync"] %> -# appendfsync no - -# When the AOF fsync policy is set to always or everysec, and a background -# saving process (a background save or AOF log background rewriting) is -# performing a lot of I/O against the disk, in some Linux configurations -# Redis may block too long on the fsync() call. Note that there is no fix for -# this currently, as even performing fsync in a different thread will block -# our synchronous write(2) call. -# -# In order to mitigate this problem it's possible to use the following option -# that will prevent fsync() from being called in the main process while a -# BGSAVE or BGREWRITEAOF is in progress. -# -# This means that while another child is saving the durability of Redis is -# the same as "appendfsync none", that in pratical terms means that it is -# possible to lost up to 30 seconds of log in the worst scenario (with the -# default Linux settings). -# -# If you have latency problems turn this to "yes". Otherwise leave it as -# "no" that is the safest pick from the point of view of durability. -no-appendfsync-on-rewrite <%= node["redis"]["no_appendfsync_on_rewrite"] %> - -# Automatic rewrite of the append only file. -# Redis is able to automatically rewrite the log file implicitly calling -# BGREWRITEAOF when the AOF log size will growth by the specified percentage. -# -# This is how it works: Redis remembers the size of the AOF file after the -# latest rewrite (or if no rewrite happened since the restart, the size of -# the AOF at startup is used). -# -# This base size is compared to the current size. If the current size is -# bigger than the specified percentage, the rewrite is triggered. Also -# you need to specify a minimal size for the AOF file to be rewritten, this -# is useful to avoid rewriting the AOF file even if the percentage increase -# is reached but it is still pretty small. -# -# Specify a precentage of zero in order to disable the automatic AOF -# rewrite feature. - -auto-aof-rewrite-percentage <%= node["redis"]["auto_aof_rewrite_percentage"] %> -auto-aof-rewrite-min-size <%= node["redis"]["auto_aof_rewrite_min_size"] %> - -################################ LUA SCRIPTING ############################### - -# Max execution time of a Lua script in milliseconds. -# -# If the maximum execution time is reached Redis will log that a script is -# still in execution after the maximum allowed time and will start to -# reply to queries with an error. -# -# When a long running script exceed the maximum execution time only the -# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be -# used to stop a script that did not yet called write commands. The second -# is the only way to shut down the server in the case a write commands was -# already issue by the script but the user don't want to wait for the natural -# termination of the script. -# -# Set it to 0 or a negative value for unlimited execution without warnings. -lua-time-limit <%= node["redis"]["lua_time_limit"] %> - -################################## SLOW LOG ################################### - -# The Redis Slow Log is a system to log queries that exceeded a specified -# execution time. The execution time does not include the I/O operations -# like talking with the client, sending the reply and so forth, -# but just the time needed to actually execute the command (this is the only -# stage of command execution where the thread is blocked and can not serve -# other requests in the meantime). -# -# You can configure the slow log with two parameters: one tells Redis -# what is the execution time, in microseconds, to exceed in order for the -# command to get logged, and the other parameter is the length of the -# slow log. When a new command is logged the oldest one is removed from the -# queue of logged commands. - -# The following time is expressed in microseconds, so 1000000 is equivalent -# to one second. Note that a negative number disables the slow log, while -# a value of zero forces the logging of every command. -slowlog-log-slower-than <%= node["redis"]["slowlog_log_slower_than"] %> - -# There is no limit to this length. Just be aware that it will consume memory. -# You can reclaim memory used by the slow log with SLOWLOG RESET. -slowlog-max-len <%= node["redis"]["slowlog_max_len"] %> - - -############################### ADVANCED CONFIG ############################### - -# Hashes are encoded using a memory efficient data structure when they have a -# small number of entries, and the biggest entry does not exceed a given -# threshold. These thresholds can be configured using the following directives. -hash-max-ziplist-entries <%= node["redis"]["hash_max_ziplist_entries"] %> -hash-max-ziplist-value <%= node["redis"]["hash_max_ziplist_value"] %> - -# Similarly to hashes, small lists are also encoded in a special way in order -# to save a lot of space. The special representation is only used when -# you are under the following limits: -list-max-ziplist-entries <%= node["redis"]["list_max_ziplist_entries"] %> -list-max-ziplist-value <%= node["redis"]["list_max_ziplist_value"] %> - -# Sets have a special encoding in just one case: when a set is composed -# of just strings that happens to be integers in radix 10 in the range -# of 64 bit signed integers. -# The following configuration setting sets the limit in the size of the -# set in order to use this special memory saving encoding. -set-max-intset-entries <%= node["redis"]["set_max_intset_entries"] %> - -# Similarly to hashes and lists, sorted sets are also specially encoded in -# order to save a lot of space. This encoding is only used when the length and -# elements of a sorted set are below the following limits: -zset-max-ziplist-entries <%= node["redis"]["zset_max_ziplist_entries"] %> -zset-max-ziplist-value <%= node["redis"]["zset_max_ziplist_value"] %> - -# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in -# order to help rehashing the main Redis hash table (the one mapping top-level -# keys to values). The hash table implementation redis uses (see dict.c) -# performs a lazy rehashing: the more operation you run into an hash table -# that is rhashing, the more rehashing "steps" are performed, so if the -# server is idle the rehashing is never complete and some more memory is used -# by the hash table. -# -# The default is to use this millisecond 10 times every second in order to -# active rehashing the main dictionaries, freeing memory when possible. -# -# If unsure: -# use "activerehashing no" if you have hard latency requirements and it is -# not a good thing in your environment that Redis can reply form time to time -# to queries with 2 milliseconds delay. -# -# use "activerehashing yes" if you don't have such hard requirements but -# want to free memory asap when possible. -activerehashing <%= node["redis"]["activerehashing"] %> - -# The client output buffer limits can be used to force disconnection of clients -# that are not reading data from the server fast enough for some reason (a -# common reason is that a Pub/Sub client can't consume messages as fast as the -# publisher can produce them). -# -# The limit can be set differently for the three different classes of clients: -# -# normal -> normal clients -# slave -> slave clients and MONITOR clients -# pubsub -> clients subcribed to at least one pubsub channel or pattern -# -# The syntax of every client-output-buffer-limit directive is the following: -# -# client-output-buffer-limit -# -# A client is immediately disconnected once the hard limit is reached, or if -# the soft limit is reached and remains reached for the specified number of -# seconds (continuously). -# So for instance if the hard limit is 32 megabytes and the soft limit is -# 16 megabytes / 10 seconds, the client will get disconnected immediately -# if the size of the output buffers reach 32 megabytes, but will also get -# disconnected if the client reaches 16 megabytes and continuously overcomes -# the limit for 10 seconds. -# -# By default normal clients are not limited because they don't receive data -# without asking (in a push way), but just after a request, so only -# asynchronous clients may create a scenario where data is requested faster -# than it can read. -# -# Instead there is a default limit for pubsub and slave clients, since -# subscribers and slaves receive data in a push fashion. -# -# Both the hard or the soft limit can be disabled just setting it to zero. -client-output-buffer-limit normal <%= node["redis"]["client_output_buffer_limit"]["normal"] %> -client-output-buffer-limit slave <%= node["redis"]["client_output_buffer_limit"]["slave"] %> -client-output-buffer-limit pubsub <%= node["redis"]["client_output_buffer_limit"]["pubsub"] %> - -################################## INCLUDES ################################### - -# Include one or more other config files here. This is useful if you -# have a standard template that goes to all redis server but also need -# to customize a few per-server settings. Include files can include -# other files, so use this wisely. -# -# include /path/to/local.conf -# include /path/to/other.conf -<% node["redis"]["include_config_files"].each do |file| %> -include <%= file %> -<% end %> diff --git a/cookbooks/redis/test/.chef/knife.rb b/cookbooks/redis/test/.chef/knife.rb deleted file mode 100644 index a0fd5a0..0000000 --- a/cookbooks/redis/test/.chef/knife.rb +++ /dev/null @@ -1,2 +0,0 @@ -cache_type "BasicFile" -cache_options(path: "#{ENV["HOME"]}/.chef/checksums") diff --git a/cookbooks/redis/test/integration/default/serverspec/default_spec.rb b/cookbooks/redis/test/integration/default/serverspec/default_spec.rb deleted file mode 100644 index 395eddf..0000000 --- a/cookbooks/redis/test/integration/default/serverspec/default_spec.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "serverspec" - -set :backend, :exec - -describe "Redis client installation" do - describe package("redis-tools") do - it { should be_installed } - end -end - -describe "Redis server installation" do - describe package("redis-server") do - it { should be_installed } - end - - describe file("/var/lib/redis") do - it { should be_a_directory } - it { should be_owned_by "redis" } - it { should be_grouped_into "redis" } - it { should be_mode 750 } - end - - describe service("redis-server") do - it { should be_enabled } - it { should be_running } - end - - describe file("/etc/redis/redis.conf") do - it { should be_a_file } - it { should be_owned_by "root" } - it { should be_grouped_into "root" } - it { should be_mode 644 } - end - - describe file("/etc/default/redis-server") do - it { should be_a_file } - it { should be_owned_by "root" } - it { should be_grouped_into "root" } - it { should be_mode 644 } - end -end diff --git a/cookbooks/redis/test/support/keys/README.md b/cookbooks/redis/test/support/keys/README.md deleted file mode 100644 index 47c0ccf..0000000 --- a/cookbooks/redis/test/support/keys/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# Insecure Keypair - -These keys are the "insecure" public/private keypair we offer to -[base box creators](http://docs.vagrantup.com/v1/docs/base_boxes.html) for use in their base boxes so that -vagrant installations can automatically SSH into the boxes. - -If you're working with a team or company or with a custom box and -you want more secure SSH, you should create your own keypair -and configure the private key in the Vagrantfile with -`config.ssh.private_key_path` - -# Putty - -If you are using Vagrant on windows, the .ppk file contained here, in the keys directory, -has been generated from the private key and should be used to connect Putty to any VMs that -are leveraging the default key pair. See [guide](http://docs.vagrantup.com/v1/docs/getting-started/ssh.html) -in the documentation for more details on using Putty with Vagrant. diff --git a/cookbooks/redis/test/support/keys/vagrant b/cookbooks/redis/test/support/keys/vagrant deleted file mode 100644 index 7d6a083..0000000 --- a/cookbooks/redis/test/support/keys/vagrant +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI -w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP -kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 -hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO -Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW -yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd -ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 -Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf -TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK -iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A -sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf -4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP -cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk -EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN -CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX -3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG -YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj -3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ -dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz -6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC -P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF -llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ -kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH -+vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ -NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= ------END RSA PRIVATE KEY----- diff --git a/cookbooks/redis/test/support/keys/vagrant.pub b/cookbooks/redis/test/support/keys/vagrant.pub deleted file mode 100644 index 18a9c00..0000000 --- a/cookbooks/redis/test/support/keys/vagrant.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key diff --git a/cookbooks/redis/test/support/rubocop/disabled.yml b/cookbooks/redis/test/support/rubocop/disabled.yml deleted file mode 100644 index b4fd70a..0000000 --- a/cookbooks/redis/test/support/rubocop/disabled.yml +++ /dev/null @@ -1,25 +0,0 @@ -Encoding: - Description: 'Use UTF-8 as the source file encoding.' - Enabled: false - -SymbolArray: - Description: 'Use %i or %I for arrays of symbols.' - Enabled: false - -##################### Rails ################################## - -DefaultScope: - Description: 'Checks if the argument passed to default_scope is a block.' - Enabled: false - -HasAndBelongsToMany: - Description: 'Prefer has_many :through to has_and_belongs_to_many.' - Enabled: false - -Output: - Description: 'Checks for calls to puts, print, etc.' - Enabled: false - -Validation: - Description: 'Use sexy validations.' - Enabled: false diff --git a/cookbooks/redis/test/support/rubocop/enabled.yml b/cookbooks/redis/test/support/rubocop/enabled.yml deleted file mode 100644 index df712be..0000000 --- a/cookbooks/redis/test/support/rubocop/enabled.yml +++ /dev/null @@ -1,652 +0,0 @@ -# These are all the cops that are enabled in the default configuration. - -AccessModifierIndentation: - Description: Check indentation of private/protected visibility modifiers. - Enabled: true - -AccessorMethodName: - Description: Check the naming of accessor methods for get_/set_. - Enabled: true - -Alias: - Description: 'Use alias_method instead of alias.' - Enabled: true - -AlignArray: - Description: >- - Align the elements of an array literal if they span more than - one line. - Enabled: true - -AlignHash: - Description: >- - Align the elements of a hash literal if they span more than - one line. - Enabled: true - -AlignParameters: - Description: >- - Align the parameters of a method call if they span more - than one line. - Enabled: true - -AndOr: - Description: 'Use &&/|| instead of and/or.' - Enabled: true - -AsciiComments: - Description: 'Use only ascii symbols in comments.' - Enabled: true - -AsciiIdentifiers: - Description: 'Use only ascii symbols in identifiers.' - Enabled: true - -Attr: - Description: 'Checks for uses of Module#attr.' - Enabled: true - -BeginBlock: - Description: 'Avoid the use of BEGIN blocks.' - Enabled: true - -BlockComments: - Description: 'Do not use block comments.' - Enabled: true - -BlockNesting: - Description: 'Avoid excessive block nesting' - Enabled: true - -Blocks: - Description: >- - Avoid using {...} for multi-line blocks (multiline chaining is - always ugly). - Prefer {...} over do...end for single-line blocks. - Enabled: true - -BracesAroundHashParameters: - Description: 'Enforce braces style inside hash parameters.' - Enabled: true - -CaseEquality: - Description: 'Avoid explicit use of the case equality operator(===).' - Enabled: true - -CaseIndentation: - Description: 'Indentation of when in a case/when/[else/]end.' - Enabled: true - -CharacterLiteral: - Description: 'Checks for uses of character literals.' - Enabled: true - -ClassAndModuleCamelCase: - Description: 'Use CamelCase for classes and modules.' - Enabled: true - -ClassLength: - Description: 'Avoid classes longer than 100 lines of code.' - Enabled: true - -ClassMethods: - Description: 'Use self when defining module/class methods.' - Enabled: true - -ClassVars: - Description: 'Avoid the use of class variables.' - Enabled: true - -CollectionMethods: - Description: 'Preferred collection methods.' - Enabled: true - -ColonMethodCall: - Description: 'Do not use :: for method call.' - Enabled: true - -CommentAnnotation: - Description: >- - Checks formatting of special comments - (TODO, FIXME, OPTIMIZE, HACK, REVIEW). - Enabled: true - -ConstantName: - Description: 'Constants should use SCREAMING_SNAKE_CASE.' - Enabled: true - -CyclomaticComplexity: - Description: 'Avoid complex methods.' - Enabled: true - -DefWithParentheses: - Description: 'Use def with parentheses when there are arguments.' - Enabled: true - -Documentation: - Description: 'Document classes and non-namespace modules.' - Enabled: true - -DotPosition: - Description: 'Checks the position of the dot in multi-line method calls.' - Enabled: true - -EmptyLineBetweenDefs: - Description: 'Use empty lines between defs.' - Enabled: true - -EmptyLines: - Description: "Don't use several empty lines in a row." - Enabled: true - -EmptyLinesAroundAccessModifier: - Description: "Keep blank lines around access modifiers." - Enabled: true - -EmptyLinesAroundBody: - Description: "Keeps track of empty lines around expression bodies." - Enabled: true - -EmptyLiteral: - Description: 'Prefer literals to Array.new/Hash.new/String.new.' - Enabled: true - -EndBlock: - Description: 'Avoid the use of END blocks.' - Enabled: true - -EndOfLine: - Description: 'Use Unix-style line endings.' - Enabled: true - -EvenOdd: - Description: 'Favor the use of Fixnum#even? && Fixnum#odd?' - Enabled: true - -FavorJoin: - Description: 'Use Array#join instead of Array#*.' - Enabled: true - -FavorUnlessOverNegatedIf: - Description: >- - Favor unless over if for negative conditions - (or control flow or). - Enabled: true - -FavorUntilOverNegatedWhile: - Description: 'Favor until over while for negative conditions.' - Enabled: true - -FileName: - Description: 'Use snake_case for source file names.' - Enabled: true - -FinalNewline: - Description: 'Checks for a final newline in a source file.' - Enabled: true - -FlipFlop: - Description: 'Checks for flip flops' - Enabled: true - -For: - Description: 'Checks use of for or each in multiline loops.' - Enabled: true - -FormatString: - Description: 'Enforce the use of Kernel#sprintf, Kernel#format or String#%.' - Enabled: true - -GlobalVars: - Description: 'Do not introduce global variables.' - Enabled: true - -HashMethods: - Description: 'Checks for use of deprecated Hash methods.' - Enabled: true - -HashSyntax: - Description: >- - Prefer Ruby 1.9 hash syntax { a: 1, b: 2 } over 1.8 syntax - { :a => 1, :b => 2 }. - Enabled: true - -IfUnlessModifier: - Description: >- - Favor modifier if/unless usage when you have a - single-line body. - Enabled: true - -IfWithSemicolon: - Description: 'Never use if x; .... Use the ternary operator instead.' - Enabled: true - -IndentationConsistency: - Description: 'Keep indentation straight.' - Enabled: true - -IndentationWidth: - Description: 'Use 2 spaces for indentation.' - Enabled: true - -IndentArray: - Description: >- - Checks the indentation of the first element in an array - literal. - Enabled: true - -IndentHash: - Description: 'Checks the indentation of the first key in a hash literal.' - Enabled: true - -Lambda: - Description: 'Use the new lambda literal syntax for single-line blocks.' - Enabled: true - -LambdaCall: - Description: 'Use lambda.call(...) instead of lambda.(...).' - Enabled: true - -LeadingCommentSpace: - Description: 'Comments should start with a space.' - Enabled: true - -LineEndConcatenation: - Description: 'Use \\ instead of + to concatenate two string literals at line end.' - Enabled: true - -LineLength: - Description: 'Limit lines to 79 characters.' - Enabled: true - -MethodCalledOnDoEndBlock: - Description: 'Avoid chaining a method call on a do...end block.' - Enabled: true - -MethodCallParentheses: - Description: 'Do not use parentheses for method calls with no arguments.' - Enabled: true - -MethodDefParentheses: - Description: >- - Checks if the method definitions have or don't have - parentheses. - Enabled: true - -MethodLength: - Description: 'Avoid methods longer than 10 lines of code.' - Enabled: true - -MethodName: - Description: 'Use the configured style when naming methods.' - Enabled: true - -ModuleFunction: - Description: 'Checks for usage of `extend self` in modules.' - Enabled: true - -MultilineBlockChain: - Description: 'Avoid multi-line chains of blocks.' - Enabled: true - -MultilineIfThen: - Description: 'Never use then for multi-line if/unless.' - Enabled: true - -MultilineTernaryOperator: - Description: >- - Avoid multi-line ?: (the ternary operator); - use if/unless instead. - Enabled: true - -NestedTernaryOperator: - Description: 'Use one expression per branch in a ternary operator.' - Enabled: true - -NilComparison: - Description: 'Prefer x.nil? to x == nil.' - Enabled: true - -Not: - Description: 'Use ! instead of not.' - Enabled: true - -NumericLiterals: - Description: >- - Add underscores to large numeric literals to improve their - readability. - Enabled: true - -OneLineConditional: - Description: >- - Favor the ternary operator(?:) over - if/then/else/end constructs. - Enabled: true - -OpMethod: - Description: 'When defining binary operators, name the argument other.' - Enabled: true - -ParameterLists: - Description: 'Avoid parameter lists longer than three or four parameters.' - Enabled: true - -ParenthesesAroundCondition: - Description: >- - Don't use parentheses around the condition of an - if/unless/while. - Enabled: true - -PerlBackrefs: - Description: 'Avoid Perl-style regex back references.' - Enabled: true - -PredicateName: - Description: 'Check the names of predicate methods.' - Enabled: true - -Proc: - Description: 'Use proc instead of Proc.new.' - Enabled: true - -RaiseArgs: - Description: 'Checks the arguments passed to raise/fail.' - Enabled: true - -RedundantBegin: - Description: "Don't use begin blocks when they are not needed." - Enabled: true - -RedundantException: - Description: "Checks for an obsolete RuntimeException argument in raise/fail." - Enabled: true - -RedundantReturn: - Description: "Don't use return where it's not required." - Enabled: true - -RedundantSelf: - Description: "Don't use self where it's not needed." - Enabled: true - -RegexpLiteral: - Description: >- - Use %r for regular expressions matching more than - `MaxSlashes` '/' characters. - Use %r only for regular expressions matching more than - `MaxSlashes` '/' character. - Enabled: true - -RescueModifier: - Description: 'Avoid using rescue in its modifier form.' - Enabled: true - -Semicolon: - Description: "Don't use semicolons to terminate expressions." - Enabled: true - -SignalException: - Description: 'Checks for proper usage of fail and raise.' - Enabled: true - -SingleLineBlockParams: - Description: 'Enforces the names of some block params.' - Enabled: true - -SingleLineMethods: - Description: 'Avoid single-line methods.' - Enabled: true - -SpaceAfterColon: - Description: 'Use spaces after colons.' - Enabled: true - -SpaceAfterComma: - Description: 'Use spaces after commas.' - Enabled: true - -SpaceAfterControlKeyword: - Description: 'Use spaces after if/elsif/unless/while/until/case/when.' - Enabled: true - -SpaceAfterMethodName: - Description: >- - Never put a space between a method name and the opening - parenthesis. - Enabled: true - -SpaceAfterNot: - Description: Tracks redundant space after the ! operator. - Enabled: true - -SpaceAfterSemicolon: - Description: 'Use spaces after semicolons.' - Enabled: true - -SpaceAroundBlockBraces: - Description: >- - Checks that block braces have or don't have surrounding space. - For blocks taking parameters, checks that the left brace has - or doesn't have trailing space. - Enabled: true - -SpaceAroundEqualsInParameterDefault: - Description: >- - Use spaces around the = operator when assigning default - values in def params. - Enabled: true - -SpaceAroundOperators: - Description: 'Use spaces around operators.' - Enabled: true - -SpaceBeforeModifierKeyword: - Description: 'Put a space before the modifier keyword.' - Enabled: true - -SpaceInsideBrackets: - Description: 'No spaces after [ or before ].' - Enabled: true - -SpaceInsideHashLiteralBraces: - Description: "Use spaces inside hash literal braces - or don't." - Enabled: true - -SpaceInsideParens: - Description: 'No spaces after ( or before ).' - Enabled: true - -SpecialGlobalVars: - Description: 'Avoid Perl-style global variables.' - Enabled: true - -StringLiterals: - Description: 'Checks if uses of quotes match the configured preference.' - Enabled: true - -Tab: - Description: 'No hard tabs.' - Enabled: true - -TrailingBlankLines: - Description: 'Checks for superfluous trailing blank lines.' - Enabled: true - -TrailingComma: - Description: 'Checks for trailing comma in parameter lists and literals.' - Enabled: true - -TrailingWhitespace: - Description: 'Avoid trailing whitespace.' - Enabled: true - -TrivialAccessors: - Description: 'Prefer attr_* methods to trivial readers/writers.' - Enabled: true - -UnlessElse: - Description: >- - Never use unless with else. Rewrite these with the positive - case first. - Enabled: true - -VariableInterpolation: - Description: >- - Don't interpolate global, instance and class variables - directly in strings. - Enabled: true - -VariableName: - Description: 'Use the configured style when naming variables.' - Enabled: true - -WhenThen: - Description: 'Use when x then ... for one-line cases.' - Enabled: true - -WhileUntilDo: - Description: 'Checks for redundant do after while or until.' - Enabled: true - -WhileUntilModifier: - Description: >- - Favor modifier while/until usage when you have a - single-line body. - Enabled: true - -WordArray: - Description: 'Use %w or %W for arrays of words.' - Enabled: true - -#################### Lint ################################ -### Warnings - -AmbiguousOperator: - Description: >- - Checks for ambiguous operators in the first argument of a - method invocation without parentheses. - Enabled: true - -AmbiguousRegexpLiteral: - Description: >- - Checks for ambiguous regexp literals in the first argument of - a method invocation without parenthesis. - Enabled: true - -AssignmentInCondition: - Description: "Don't use assignment in conditions." - Enabled: true - -BlockAlignment: - Description: 'Align block ends correctly.' - Enabled: true - -ConditionPosition: - Description: 'Checks for condition placed in a confusing position relative to the keyword.' - Enabled: true - -Debugger: - Description: 'Check for debugger calls.' - Enabled: true - -DeprecatedClassMethods: - Description: 'Check for deprecated class method calls.' - Enabled: true - -ElseLayout: - Description: 'Check for odd code arrangement in an else block.' - Enabled: true - -EmptyEnsure: - Description: 'Checks for empty ensure block.' - Enabled: true - -EndAlignment: - Description: 'Align ends correctly.' - Enabled: true - -EndInMethod: - Description: 'END blocks should not be placed inside method definitions.' - Enabled: true - -EnsureReturn: - Description: 'Never use return in an ensure block.' - Enabled: true - -Eval: - Description: 'The use of eval represents a serious security risk.' - Enabled: true - -HandleExceptions: - Description: "Don't suppress exception." - Enabled: true - -InvalidCharacterLiteral: - Description: >- - Checks for invalid character literals with a non-escaped - whitespace character. - Enabled: true - -LiteralInCondition: - Description: 'Checks of literals used in conditions.' - Enabled: true - -LiteralInInterpolation: - Description: 'Checks for literals used in interpolation.' - Enabled: true - -Loop: - Description: >- - Use Kernel#loop with break rather than begin/end/until or - begin/end/while for post-loop tests. - Enabled: true - -ParenthesesAsGroupedExpression: - Description: >- - Checks for method calls with a space before the opening - parenthesis. - Enabled: true - -RequireParentheses: - Description: >- - Use parentheses in the method call to avoid confusion - about precedence. - Enabled: true - -RescueException: - Description: 'Avoid rescuing the Exception class.' - Enabled: true - -ShadowingOuterLocalVariable: - Description: >- - Do not use the same name as outer local variable - for block arguments or block local variables. - Enabled: true - -StringConversionInInterpolation: - Description: 'Checks for Object#to_s usage in string interpolation.' - Enabled: true - -UnreachableCode: - Description: 'Unreachable code.' - Enabled: true - -UselessAssignment: - Description: 'Checks for useless assignment to a local variable.' - Enabled: true - -UselessComparison: - Description: 'Checks for comparison of something with itself.' - Enabled: true - -UselessElseWithoutRescue: - Description: 'Checks for useless `else` in `begin..end` without `rescue`.' - Enabled: true - -UselessSetterCall: - Description: 'Checks for useless setter call to a local variable.' - Enabled: true - -Void: - Description: 'Possible use of operator/literal/variable in void context.' - Enabled: true diff --git a/cookbooks/redisio/.markdownlint-cli2.yaml b/cookbooks/redisio/.markdownlint-cli2.yaml new file mode 100644 index 0000000..6fa8e77 --- /dev/null +++ b/cookbooks/redisio/.markdownlint-cli2.yaml @@ -0,0 +1,5 @@ +config: + ul-indent: false # MD007 + line-length: false # MD013 + no-duplicate-heading: false # MD024 + reference-links-images: false # MD052 diff --git a/cookbooks/redisio/CHANGELOG.md b/cookbooks/redisio/CHANGELOG.md index 1f520e7..0ff092a 100644 --- a/cookbooks/redisio/CHANGELOG.md +++ b/cookbooks/redisio/CHANGELOG.md @@ -1,9 +1,106 @@ # redisio +This file is used to list changes made in each version of the redisio cookbook. + +## 6.4.1 - *2023-05-16* + +## 6.4.0 - *2023-04-26* + +- Simplify `configure` and `sentinel` resources, making them idempotent + +## 6.3.7 - *2023-04-25* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.6 - *2023-04-04* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.5 - *2023-04-01* + +- Update workflows + +## 6.3.5 - *2023-04-01* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.5 - *2023-04-01* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.4 - *2023-03-15* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.3 - *2023-02-15* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.2 - *2023-02-14* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.1 - *2022-12-06* + +- Standardise files with files in sous-chefs/repo-management + +## 6.3.0 - *2022-09-10* + +- Version check fix for some Redis default settings to support Redis v4 and above. + +## 6.2.4 - *2022-08-13* + +- Fix systemd entry to ensure listening on all network interfaces ([#440](https://github.com/brianbianco/redisio/pull/440)) + +## 6.2.3 - *2022-08-12* + +- Fix grammar in README.md +- Use latest instead of current channel with dokken + +## 6.2.2 - *2022-04-25* + +- Standardise files with files in sous-chefs/repo-management + +## 6.2.1 - *2022-04-25* + +- Fixes configdir permissions. Similar to [451](https://github.com/sous-chefs/redisio/pull/451) +- Deprecated `.foodcritic` configfile removed + +## 6.2.0 - *2022-02-14* + +- Adds support for Rocky Linux + +## 6.1.3 - *2022-02-04* + +- Remove references to selinux_policy cookbook + +## 6.1.2 - *2022-02-03* + +- Fixes configdir permissions preventing Sentinel to update the config file + +## 6.1.1 - *2022-02-03* + +- Remove delivery and move to calling RSpec directly via a reusable workflow + +## 6.1.0 - *2021-09-15* + +- Add protected mode to sentinel configuration file + +## 6.0.0 - *2021-09-09* + +- Set unified_mode true for Chef 17+ support +- Require Chef 15.3+ for unified_mode +- Require Chef 16 for user_ulimit resource +- Remove dependency on the ulimit cookbook +- Switch from using the selinux_policy cookbook to the selinux cookbook + - The selinux_policy cookbook is now deprecated. The resources have been moved + to the selinux cookbook + ## 5.0.0 - *2021-09-08* - resolved cookstyle error: attributes/default.rb:74:40 refactor: `Chef/Modernize/UseChefLanguageSystemdHelper` + ## 4.3.2 - *2021-08-30* - Standardise files with files in sous-chefs/repo-management diff --git a/cookbooks/redisio/README.md b/cookbooks/redisio/README.md index 9b75a76..ebf4739 100644 --- a/cookbooks/redisio/README.md +++ b/cookbooks/redisio/README.md @@ -49,7 +49,7 @@ Tested on: The redisio cookbook contains LWRP for installing, configuring and managing redis and redis_sentinel. -The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and setup service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master". +The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and set up service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master". _NOTE: currently installation from source is not supported for FreeBSD_ The most common use case for the redisio cookbook is to use the default recipe, followed by the enable recipe. @@ -81,7 +81,7 @@ Redis-sentinel will write configuration and state data back into its configurati ### Role File Examples -#### Install redis and setup an instance with default settings on default port, and start the service through a role file +#### Install redis and set up an instance with default settings on default port, and start the service through a role file ```ruby run_list *%w[ @@ -92,7 +92,7 @@ run_list *%w[ default_attributes({}) ``` -##### Install redis with packages and setup an instance with default settings on default port, and start the service through a role file +##### Install redis with packages and set up an instance with default settings on default port, and start the service through a role file ```ruby run_list *%w[ @@ -151,7 +151,7 @@ default_attributes({ } ``` -##### Install redis and setup two instances on the same server, on different ports, with one slaved to the other through a role file +##### Install redis and set up two instances on the same server, on different ports, with one slaved to the other through a role file ```ruby run_list *%w[ @@ -169,7 +169,7 @@ default_attributes({ }) ``` -##### Install redis and setup two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named +##### Install redis and set up two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named ```ruby run_list *%w[ @@ -185,7 +185,7 @@ default_attributes({ }) ``` -##### Install redis and setup three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir +##### Install redis and set up three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir ```ruby run_list *%w[ @@ -230,7 +230,7 @@ run_list *%w[ ] ``` -#### Install redis and setup two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef +#### Install redis and set up two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef ```ruby run_list *%w[ @@ -413,7 +413,8 @@ The sentinel recipe's use their own attribute file. 'logfile' => nil, 'syslogenabled' => 'yes', 'syslogfacility' => 'local0', -'quorum_count' => 2 +'quorum_count' => 2, +'protected-mode' => nil, ``` * `redisio['redisio']['sentinel']['manage_config']` - Should the cookbook manage the redis and redis sentinel config files. This is best set to false when using redis_sentinel as it will write state into both configuration files. diff --git a/cookbooks/redisio/attributes/default.rb b/cookbooks/redisio/attributes/default.rb index 65c1158..8c11c8e 100644 --- a/cookbooks/redisio/attributes/default.rb +++ b/cookbooks/redisio/attributes/default.rb @@ -2,12 +2,12 @@ package_bin_path = '/usr/bin' config_dir = '/etc/redis' default_package_install = false -case node['platform'] -when 'ubuntu', 'debian' +case node['platform_family'] +when 'debian' shell = '/bin/false' homedir = '/var/lib/redis' package_name = 'redis-server' -when 'centos', 'redhat', 'scientific', 'amazon', 'suse', 'fedora' +when 'rhel', 'fedora' shell = '/bin/sh' homedir = '/var/lib/redis' package_name = 'redis' @@ -162,3 +162,10 @@ default['redisio']['bin_path'] = if node['redisio']['package_install'] else '/usr/local/bin' end + +# Ulimit +default['ulimit']['pam_su_template_cookbook'] = nil +default['ulimit']['users'] = Mash.new +default['ulimit']['security_limits_directory'] = '/etc/security/limits.d' +default['ulimit']['ulimit_overriding_sudo_file_name'] = 'sudo' +default['ulimit']['ulimit_overriding_sudo_file_cookbook'] = nil diff --git a/cookbooks/redisio/attributes/redis_sentinel.rb b/cookbooks/redisio/attributes/redis_sentinel.rb index b515554..3d8469e 100644 --- a/cookbooks/redisio/attributes/redis_sentinel.rb +++ b/cookbooks/redisio/attributes/redis_sentinel.rb @@ -26,6 +26,7 @@ default['redisio']['sentinel_defaults'] = { 'announce-port' => nil, 'notification-script' => nil, 'client-reconfig-script' => nil, + 'protected_mode' => nil, } # Manage Sentinel Config File diff --git a/cookbooks/redisio/chefignore b/cookbooks/redisio/chefignore index cc170ea..a27b0b2 100644 --- a/cookbooks/redisio/chefignore +++ b/cookbooks/redisio/chefignore @@ -61,7 +61,7 @@ Dangerfile examples/* features/* Guardfile -kitchen.yml* +kitchen*.yml mlc_config.json Procfile Rakefile diff --git a/cookbooks/redisio/files/sudo b/cookbooks/redisio/files/sudo new file mode 100644 index 0000000..5e97689 --- /dev/null +++ b/cookbooks/redisio/files/sudo @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth required pam_env.so readenv=1 user_readenv=0 +auth required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +session required pam_limits.so +@include common-auth +@include common-account +@include common-session-noninteractive diff --git a/cookbooks/redisio/kitchen.dokken.yml b/cookbooks/redisio/kitchen.dokken.yml deleted file mode 100644 index 913c591..0000000 --- a/cookbooks/redisio/kitchen.dokken.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -driver: - name: dokken - privileged: true - chef_version: current - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - deprecations_as_errors: true - -verifier: - name: inspec - -platforms: - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - run_list: - - recipe[yum-epel::default] - - recipe[yum-remi::default] - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-16.04 - driver: - image: dokken/ubuntu-16.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update diff --git a/cookbooks/redisio/metadata.json b/cookbooks/redisio/metadata.json index 330492c..00675ac 100644 --- a/cookbooks/redisio/metadata.json +++ b/cookbooks/redisio/metadata.json @@ -6,18 +6,17 @@ "maintainer_email": "help@sous-chefs.org", "license": "Apache-2.0", "platforms": { - "amazon": ">= 0.0.0", "centos": ">= 0.0.0", "debian": ">= 0.0.0", "fedora": ">= 0.0.0", "redhat": ">= 0.0.0", + "rocky": ">= 0.0.0", "scientific": ">= 0.0.0", "suse": ">= 0.0.0", "ubuntu": ">= 0.0.0" }, "dependencies": { - "ulimit": ">= 0.1.2", - "selinux_policy": ">= 2.2.0" + "selinux": ">= 0.0.0" }, "providing": { @@ -25,13 +24,13 @@ "recipes": { }, - "version": "5.0.0", + "version": "6.4.1", "source_url": "https://github.com/sous-chefs/redisio", "issues_url": "https://github.com/sous-chefs/redisio/issues", "privacy": false, "chef_versions": [ [ - ">= 15.5" + ">= 16" ] ], "ohai_versions": [ diff --git a/cookbooks/redisio/metadata.rb b/cookbooks/redisio/metadata.rb index 5c0fbad..5b7cc21 100644 --- a/cookbooks/redisio/metadata.rb +++ b/cookbooks/redisio/metadata.rb @@ -3,23 +3,19 @@ maintainer 'Sous Chefs' maintainer_email 'help@sous-chefs.org' license 'Apache-2.0' description 'Installs and configures redis' -version '5.0.0' +version '6.4.1' source_url 'https://github.com/sous-chefs/redisio' issues_url 'https://github.com/sous-chefs/redisio/issues' -chef_version '>= 15.5' +chef_version '>= 16' -%w( - amazon - centos - debian - fedora - redhat - scientific - suse - ubuntu -).each do |os| - supports os -end +suports 'amazon' +supports 'centos' +supports 'debian' +supports 'fedora' +supports 'redhat' +supports 'rocky' +supports 'scientific' +supports 'suse' +supports 'ubuntu' -depends 'ulimit', '>= 0.1.2' -depends 'selinux_policy', '>= 2.2.0' +depends 'selinux' diff --git a/cookbooks/redisio/providers/configure.rb b/cookbooks/redisio/providers/configure.rb index f3f19e6..d01a495 100644 --- a/cookbooks/redisio/providers/configure.rb +++ b/cookbooks/redisio/providers/configure.rb @@ -1,9 +1,4 @@ action :run do - configure - new_resource.updated_by_last_action(true) -end - -def configure base_piddir = new_resource.base_piddir if !new_resource.version @@ -72,318 +67,311 @@ def configure current['maxclients'] end - recipe_eval do - server_name = current['name'] || current['port'] - piddir = "#{base_piddir}/#{server_name}" - aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof" - rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb" + server_name = current['name'] || current['port'] + piddir = "#{base_piddir}/#{server_name}" + aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof" + rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb" - # Create the owner of the redis data directory - user current['user'] do - comment 'Redis service account' - manage_home true - home current['homedir'] - shell current['shell'] - system current['systemuser'] - uid current['uid'] unless current['uid'].nil? - end + # Create the owner of the redis data directory + user current['user'] do + comment 'Redis service account' + manage_home true + home current['homedir'] + shell current['shell'] + system current['systemuser'] + uid current['uid'] unless current['uid'].nil? + end - # Create the redis configuration directory - directory current['configdir'] do - owner 'root' - group platform_family?('freebsd') ? 'wheel' : 'root' - mode '0755' - recursive true - action :create - end - # Create the instance data directory - directory current['datadir'] do - owner current['user'] - group current['group'] - mode '0775' - recursive true - action :create - end - # Create the pid file directory - directory piddir do + # Create the redis configuration directory + directory current['configdir'] do + owner 'root' + group platform_family?('freebsd') ? 'wheel' : 'redis' + mode '0775' + recursive true + action :create + end + # Create the instance data directory + directory current['datadir'] do + owner current['user'] + group current['group'] + mode '0775' + recursive true + action :create + end + # Create the pid file directory + directory piddir do + owner current['user'] + group current['group'] + mode '0755' + recursive true + action :create + end + # Create the log directory if syslog is not being used + if log_directory + directory log_directory do owner current['user'] group current['group'] mode '0755' recursive true action :create end - # Create the log directory if syslog is not being used + end + # Configure SELinux if it is enabled + extend Chef::Util::Selinux + + if selinux_enabled? + selinux_install 'install' + + selinux_fcontext "#{current['configdir']}(/.*)?" do + secontext 'redis_conf_t' + end + selinux_fcontext "#{current['datadir']}(/.*)?" do + secontext 'redis_var_lib_t' + end + selinux_fcontext "#{piddir}(/.*)?" do + secontext 'redis_var_run_t' + end if log_directory - directory log_directory do - owner current['user'] - group current['group'] - mode '0755' - recursive true - action :create + selinux_fcontext "#{log_directory}(/.*)?" do + secontext 'redis_log_t' end end - # Configure SELinux if it is enabled - extend Chef::Util::Selinux - - if selinux_enabled? - selinux_policy_install 'install' - - selinux_policy_fcontext "#{current['configdir']}(/.*)?" do - secontext 'redis_conf_t' - end - selinux_policy_fcontext "#{current['datadir']}(/.*)?" do - secontext 'redis_var_lib_t' - end - selinux_policy_fcontext "#{piddir}(/.*)?" do - secontext 'redis_var_run_t' - end - if log_directory - selinux_policy_fcontext "#{log_directory}(/.*)?" do - secontext 'redis_log_t' - end - end - end - # Create the log file if syslog is not being used - if log_file - file current['logfile'] do - owner current['user'] - group current['group'] - mode '0644' - backup false - action :touch - # in version 2.8 or higher the empty string is used instead of stdout - only_if { !log_file.empty? && log_file != 'stdout' } - end - end - # Set proper permissions on the AOF or RDB files - file aof_file do + end + # Create the log file if syslog is not being used + if log_file + file current['logfile'] do owner current['user'] group current['group'] mode '0644' - only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' } - only_if { ::File.exist?(aof_file) } - end - file rdb_file do - owner current['user'] - group current['group'] - mode '0644' - only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' } - only_if { ::File.exist?(rdb_file) } - end - - # Setup the redis users descriptor limits - # Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab - # TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD - if current['ulimit'] && !platform_family?('freebsd') - user_ulimit current['user'] do - filehandle_limit descriptors - end - end - - computed_save = current['save'] - if current['save'] && current['save'].respond_to?(:each_line) - computed_save = current['save'].each_line - Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.") - Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.") - end - - # Load password for use with requirepass from data bag if needed - if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key'] - bag = data_bag_item(current['data_bag_name'], current['data_bag_item']) - current['requirepass'] = bag[current['data_bag_key']] - current['masterauth'] = bag[current['data_bag_key']] - end - - # Lay down the configuration files for the current instance - template "#{current['configdir']}/#{server_name}.conf" do - source node['redisio']['redis_config']['template_source'] - cookbook node['redisio']['redis_config']['template_cookbook'] - owner current['user'] - group current['group'] - mode current['permissions'] + backup false action :create + # in version 2.8 or higher the empty string is used instead of stdout + only_if { !log_file.empty? && log_file != 'stdout' } + end + end + # Set proper permissions on the AOF or RDB files + file aof_file do + owner current['user'] + group current['group'] + mode '0644' + only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' } + only_if { ::File.exist?(aof_file) } + end + file rdb_file do + owner current['user'] + group current['group'] + mode '0644' + only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' } + only_if { ::File.exist?(rdb_file) } + end + + # Setup the redis users descriptor limits + # Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab + # TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD + if current['ulimit'] && !platform_family?('freebsd') + user_ulimit current['user'] do + filehandle_limit descriptors + end + end + + computed_save = current['save'] + if current['save'] && current['save'].respond_to?(:each_line) + computed_save = current['save'].each_line + Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.") + Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.") + end + + # Load password for use with requirepass from data bag if needed + if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key'] + bag = data_bag_item(current['data_bag_name'], current['data_bag_item']) + current['requirepass'] = bag[current['data_bag_key']] + current['masterauth'] = bag[current['data_bag_key']] + end + + # Lay down the configuration files for the current instance + template "#{current['configdir']}/#{server_name}.conf" do + source node['redisio']['redis_config']['template_source'] + cookbook node['redisio']['redis_config']['template_cookbook'] + owner current['user'] + group current['group'] + mode current['permissions'] + action :create + variables( + version: version_hash, + piddir: piddir, + name: server_name, + job_control: node['redisio']['job_control'], + port: current['port'], + tcpbacklog: current['tcpbacklog'], + address: current['address'], + databases: current['databases'], + backuptype: current['backuptype'], + datadir: current['datadir'], + unixsocket: current['unixsocket'], + unixsocketperm: current['unixsocketperm'], + timeout: current['timeout'], + keepalive: current['keepalive'], + loglevel: current['loglevel'], + logfile: current['logfile'], + syslogenabled: current['syslogenabled'], + syslogfacility: current['syslogfacility'], + save: computed_save, + stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'], + rdbcompression: current['rdbcompression'], + rdbchecksum: current['rdbchecksum'], + dbfilename: current['dbfilename'], + slaveof: current['slaveof'], + protected_mode: current['protected_mode'], + masterauth: current['masterauth'], + slaveservestaledata: current['slaveservestaledata'], + slavereadonly: current['slavereadonly'], + replpingslaveperiod: current['replpingslaveperiod'], + repltimeout: current['repltimeout'], + repldisabletcpnodelay: current['repldisabletcpnodelay'], + replbacklogsize: current['replbacklogsize'], + replbacklogttl: current['replbacklogttl'], + slavepriority: current['slavepriority'], + requirepass: current['requirepass'], + rename_commands: current['rename_commands'], + maxclients: current['maxclients'], + maxmemory: maxmemory, + maxmemorypolicy: current['maxmemorypolicy'], + maxmemorysamples: current['maxmemorysamples'], + appendfilename: current['appendfilename'], + appendfsync: current['appendfsync'], + noappendfsynconrewrite: current['noappendfsynconrewrite'], + aofrewritepercentage: current['aofrewritepercentage'], + aofrewriteminsize: current['aofrewriteminsize'], + aofloadtruncated: current['aofloadtruncated'], + luatimelimit: current['luatimelimit'], + slowloglogslowerthan: current['slowloglogslowerthan'], + slowlogmaxlen: current['slowlogmaxlen'], + notifykeyspaceevents: current['notifykeyspaceevents'], + hashmaxziplistentries: current['hashmaxziplistentries'], + hashmaxziplistvalue: current['hashmaxziplistvalue'], + listmaxziplistentries: current['listmaxziplistentries'], + listmaxziplistvalue: current['listmaxziplistvalue'], + setmaxintsetentries: current['setmaxintsetentries'], + zsetmaxziplistentries: current['zsetmaxziplistentries'], + zsetmaxziplistvalue: current['zsetmaxziplistvalue'], + hllsparsemaxbytes: current['hllsparsemaxbytes'], + activerehasing: current['activerehasing'], + clientoutputbufferlimit: current['clientoutputbufferlimit'], + hz: current['hz'], + aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'], + clusterenabled: current['clusterenabled'], + clusterconfigfile: current['clusterconfigfile'], + clusternodetimeout: current['clusternodetimeout'], + includes: current['includes'], + minslavestowrite: current['minslavestowrite'], + minslavesmaxlag: current['minslavesmaxlag'], + repldisklesssync: current['repldisklesssync'], + repldisklesssyncdelay: current['repldisklesssyncdelay'] + ) + not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") } + end + + file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do + content 'This file prevents the chef cookbook from overwritting the redis config more than once' + action :create_if_missing + only_if { current['breadcrumb'] == true } + end + + # Setup init.d file + bin_path = if node['redisio']['install_dir'] + ::File.join(node['redisio']['install_dir'], 'bin') + else + node['redisio']['bin_path'] + end + + case node['redisio']['job_control'] + when 'initd' + template "/etc/init.d/redis#{server_name}" do + source 'redis.init.erb' + cookbook 'redisio' + owner 'root' + group 'root' + mode '0755' variables( - version: version_hash, - piddir: piddir, - name: server_name, - job_control: node['redisio']['job_control'], - port: current['port'], - tcpbacklog: current['tcpbacklog'], - address: current['address'], - databases: current['databases'], - backuptype: current['backuptype'], - datadir: current['datadir'], - unixsocket: current['unixsocket'], - unixsocketperm: current['unixsocketperm'], - timeout: current['timeout'], - keepalive: current['keepalive'], - loglevel: current['loglevel'], - logfile: current['logfile'], - syslogenabled: current['syslogenabled'], - syslogfacility: current['syslogfacility'], - save: computed_save, - stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'], - rdbcompression: current['rdbcompression'], - rdbchecksum: current['rdbchecksum'], - dbfilename: current['dbfilename'], - slaveof: current['slaveof'], - protected_mode: current['protected_mode'], - masterauth: current['masterauth'], - slaveservestaledata: current['slaveservestaledata'], - slavereadonly: current['slavereadonly'], - replpingslaveperiod: current['replpingslaveperiod'], - repltimeout: current['repltimeout'], - repldisabletcpnodelay: current['repldisabletcpnodelay'], - replbacklogsize: current['replbacklogsize'], - replbacklogttl: current['replbacklogttl'], - slavepriority: current['slavepriority'], - requirepass: current['requirepass'], - rename_commands: current['rename_commands'], - maxclients: current['maxclients'], - maxmemory: maxmemory, - maxmemorypolicy: current['maxmemorypolicy'], - maxmemorysamples: current['maxmemorysamples'], - appendfilename: current['appendfilename'], - appendfsync: current['appendfsync'], - noappendfsynconrewrite: current['noappendfsynconrewrite'], - aofrewritepercentage: current['aofrewritepercentage'], - aofrewriteminsize: current['aofrewriteminsize'], - aofloadtruncated: current['aofloadtruncated'], - luatimelimit: current['luatimelimit'], - slowloglogslowerthan: current['slowloglogslowerthan'], - slowlogmaxlen: current['slowlogmaxlen'], - notifykeyspaceevents: current['notifykeyspaceevents'], - hashmaxziplistentries: current['hashmaxziplistentries'], - hashmaxziplistvalue: current['hashmaxziplistvalue'], - listmaxziplistentries: current['listmaxziplistentries'], - listmaxziplistvalue: current['listmaxziplistvalue'], - setmaxintsetentries: current['setmaxintsetentries'], - zsetmaxziplistentries: current['zsetmaxziplistentries'], - zsetmaxziplistvalue: current['zsetmaxziplistvalue'], - hllsparsemaxbytes: current['hllsparsemaxbytes'], - activerehasing: current['activerehasing'], - clientoutputbufferlimit: current['clientoutputbufferlimit'], - hz: current['hz'], - aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'], - clusterenabled: current['clusterenabled'], - clusterconfigfile: current['clusterconfigfile'], - clusternodetimeout: current['clusternodetimeout'], - includes: current['includes'], - minslavestowrite: current['minslavestowrite'], - minslavesmaxlag: current['minslavesmaxlag'], - repldisklesssync: current['repldisklesssync'], - repldisklesssyncdelay: current['repldisklesssyncdelay'] + name: server_name, + bin_path: bin_path, + port: current['port'], + address: current['address'], + user: current['user'], + configdir: current['configdir'], + piddir: piddir, + requirepass: current['requirepass'], + shutdown_save: current['shutdown_save'], + platform: node['platform'], + unixsocket: current['unixsocket'], + ulimit: descriptors, + required_start: node['redisio']['init.d']['required_start'].join(' '), + required_stop: node['redisio']['init.d']['required_stop'].join(' ') ) - not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") } + end + when 'upstart' + template "/etc/init/redis#{server_name}.conf" do + source 'redis.upstart.conf.erb' + cookbook 'redisio' + owner current['user'] + group current['group'] + mode '0644' + variables( + name: server_name, + bin_path: bin_path, + port: current['port'], + user: current['user'], + group: current['group'], + configdir: current['configdir'], + piddir: piddir + ) + end + when 'rcinit' + template "/usr/local/etc/rc.d/redis#{server_name}" do + source 'redis.rcinit.erb' + cookbook 'redisio' + owner current['user'] + group current['group'] + mode '0755' + variables( + name: server_name, + bin_path: bin_path, + user: current['user'], + configdir: current['configdir'], + piddir: piddir + ) + end + when 'systemd' + service_name = "redis@#{server_name}" + reload_name = "#{service_name} systemd reload" + + file "/etc/tmpfiles.d/#{service_name}.conf" do + content "d #{piddir} 0755 #{current['user']} #{current['group']}\n" + owner 'root' + group 'root' + mode '0644' end - file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do - content 'This file prevents the chef cookbook from overwritting the redis config more than once' - action :create_if_missing - only_if { current['breadcrumb'] == true } + execute reload_name do + command 'systemctl daemon-reload' + action :nothing end - # Setup init.d file - bin_path = if node['redisio']['install_dir'] - ::File.join(node['redisio']['install_dir'], 'bin') - else - node['redisio']['bin_path'] - end - - case node['redisio']['job_control'] - when 'initd' - template "/etc/init.d/redis#{server_name}" do - source 'redis.init.erb' - cookbook 'redisio' - owner 'root' - group 'root' - mode '0755' - variables( - name: server_name, - bin_path: bin_path, - port: current['port'], - address: current['address'], - user: current['user'], - configdir: current['configdir'], - piddir: piddir, - requirepass: current['requirepass'], - shutdown_save: current['shutdown_save'], - platform: node['platform'], - unixsocket: current['unixsocket'], - ulimit: descriptors, - required_start: node['redisio']['init.d']['required_start'].join(' '), - required_stop: node['redisio']['init.d']['required_stop'].join(' ') - ) - end - when 'upstart' - template "/etc/init/redis#{server_name}.conf" do - source 'redis.upstart.conf.erb' - cookbook 'redisio' - owner current['user'] - group current['group'] - mode '0644' - variables( - name: server_name, - bin_path: bin_path, - port: current['port'], - user: current['user'], - group: current['group'], - configdir: current['configdir'], - piddir: piddir - ) - end - when 'rcinit' - template "/usr/local/etc/rc.d/redis#{server_name}" do - source 'redis.rcinit.erb' - cookbook 'redisio' - owner current['user'] - group current['group'] - mode '0755' - variables( - name: server_name, - bin_path: bin_path, - user: current['user'], - configdir: current['configdir'], - piddir: piddir - ) - end - when 'systemd' - service_name = "redis@#{server_name}" - reload_name = "#{service_name} systemd reload" - - file "/etc/tmpfiles.d/#{service_name}.conf" do - content "d #{piddir} 0755 #{current['user']} #{current['group']}\n" - owner 'root' - group 'root' - mode '0644' - end - - execute reload_name do - command 'systemctl daemon-reload' - action :nothing - end - - template "/lib/systemd/system/#{service_name}.service" do - source 'redis@.service.erb' - cookbook 'redisio' - owner 'root' - group 'root' - mode '0644' - variables( - bin_path: bin_path, - user: current['user'], - group: current['group'], - limit_nofile: descriptors - ) - notifies :run, "execute[#{reload_name}]", :immediately - end + template "/lib/systemd/system/#{service_name}.service" do + source 'redis@.service.erb' + cookbook 'redisio' + owner 'root' + group 'root' + mode '0644' + variables( + bin_path: bin_path, + user: current['user'], + group: current['group'], + limit_nofile: descriptors + ) + notifies :run, "execute[#{reload_name}]", :immediately end end end # servers each loop end - -def load_current_resource - @current_resource = Chef::Resource.resource_for_node(:redisio_configure, node).new(new_resource.name) - @current_resource -end diff --git a/cookbooks/redisio/providers/sentinel.rb b/cookbooks/redisio/providers/sentinel.rb index cfb2d7d..b6b74e1 100644 --- a/cookbooks/redisio/providers/sentinel.rb +++ b/cookbooks/redisio/providers/sentinel.rb @@ -1,9 +1,4 @@ action :run do - configure - new_resource.updated_by_last_action(true) -end - -def configure base_piddir = new_resource.base_piddir current_version = if new_resource.version.nil? @@ -23,200 +18,199 @@ def configure # Merge the configuration defaults with the provided array of configurations provided current = current_defaults_hash.merge(current_instance_hash) - recipe_eval do - sentinel_name = current['name'] || current['port'] - sentinel_name = "sentinel_#{sentinel_name}" - piddir = "#{base_piddir}/#{sentinel_name}" + sentinel_name = current['name'] || current['port'] + sentinel_name = "sentinel_#{sentinel_name}" + piddir = "#{base_piddir}/#{sentinel_name}" - # Create the owner of the redis data directory - user current['user'] do - comment 'Redis service account' - manage_home true - home current['homedir'] - shell current['shell'] - system current['systemuser'] - uid current['uid'] unless current['uid'].nil? - end + # Create the owner of the redis data directory + user current['user'] do + comment 'Redis service account' + manage_home true + home current['homedir'] + shell current['shell'] + system current['systemuser'] + uid current['uid'] unless current['uid'].nil? + end - # Create the redis configuration directory - directory current['configdir'] do - owner 'root' - group platform_family?('freebsd') ? 'wheel' : 'root' - mode '0755' - recursive true - action :create - end - # Create the pid file directory - directory piddir do + # Create the redis configuration directory + directory current['configdir'] do + owner 'root' + group platform_family?('freebsd') ? 'wheel' : 'redis' + mode '0775' + recursive true + action :create + end + # Create the pid file directory + directory piddir do + owner current['user'] + group current['group'] + mode '0755' + recursive true + action :create + end + + unless current['logfile'].nil? + # Create the log directory if syslog is not being used + directory ::File.dirname(current['logfile']) do owner current['user'] group current['group'] mode '0755' recursive true action :create + only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' } end - unless current['logfile'].nil? - # Create the log directory if syslog is not being used - directory ::File.dirname(current['logfile']) do - owner current['user'] - group current['group'] - mode '0755' - recursive true - action :create - only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' } - end - - # Create the log file is syslog is not being used - file current['logfile'] do - owner current['user'] - group current['group'] - mode '0644' - backup false - action :touch - only_if { current['logfile'] && current['logfile'] != 'stdout' } - end - end - - # <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %> - # <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %> - # sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%> - # sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%> - # sentinel failover-timeout <%=@name%> <%=@failovertimeout%> - - # convert from old format (preserve compat) - if !current['masters'] && current['master_ip'] - Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.') - - # use old key names if newer key names aren't present (e.g. 'foo' || :foo) - masters = [ - { - master_name: current['master_name'] || current[:mastername], - master_ip: current['master_ip'] || current[:masterip], - master_port: current['master_port'] || current[:masterport], - quorum_count: current['quorum_count'] || current[:quorum_count], - auth_pass: current['auth-pass'] || current[:authpass], - down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil], - parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs], - failover_timeout: current['failover-timeout'] || current[:failovertimeout], - }, - ] - else - masters = [current['masters']].flatten - end - - # Load password for use with requirepass from data bag if needed - if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key'] - bag = data_bag_item(current['data_bag_name'], current['data_bag_item']) - masters.each do |master| - master['auth_pass'] = bag[current['data_bag_key']] - end - end - - # merge in default values to each sentinel hash - masters_with_defaults = [] - masters.each do |current_sentinel_master| - default_sentinel_master = new_resource.sentinel_defaults.to_hash - sentinel_master = default_sentinel_master.merge(current_sentinel_master || {}) - masters_with_defaults << sentinel_master - end - - # Don't render a template if we're missing these from any sentinel, - # as these are the minimal settings required to be passed in - masters_with_defaults.each do |sentinel_instance| - %w(master_ip master_port quorum_count).each do |param| - raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param] - end - end - - # Lay down the configuration files for the current instance - template "#{current['configdir']}/#{sentinel_name}.conf" do - source 'sentinel.conf.erb' - cookbook 'redisio' + # Create the log file is syslog is not being used + file current['logfile'] do owner current['user'] group current['group'] mode '0644' - action :create - variables( - name: current['name'], - piddir: piddir, - version: version_hash, - job_control: node['redisio']['job_control'], - sentinel_bind: current['sentinel_bind'], - sentinel_port: current['sentinel_port'], - loglevel: current['loglevel'], - logfile: current['logfile'], - syslogenabled: current['syslogenabled'], - syslogfacility: current['syslogfacility'], - masters: masters_with_defaults, - announce_ip: current['announce-ip'], - announce_port: current['announce-port'], - notification_script: current['notification-script'], - client_reconfig_script: current['client-reconfig-script'] - ) - not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") } + backup false + action :touch + only_if { current['logfile'] && current['logfile'] != 'stdout' } end + end - file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do - content 'This file prevents the chef cookbook from overwritting the sentinel config more than once' - action :create_if_missing - end + # <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %> + # <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %> + # sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%> + # sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%> + # sentinel failover-timeout <%=@name%> <%=@failovertimeout%> - # Setup init.d file - bin_path = if node['redisio']['install_dir'] - ::File.join(node['redisio']['install_dir'], 'bin') - else - node['redisio']['bin_path'] - end - template "/etc/init.d/redis_#{sentinel_name}" do - source 'sentinel.init.erb' - cookbook 'redisio' - owner 'root' - group 'root' - mode '0755' - variables( - name: sentinel_name, - bin_path: bin_path, - user: current['user'], - configdir: current['configdir'], - piddir: piddir, - platform: node['platform'] - ) - only_if { node['redisio']['job_control'] == 'initd' } - end + # convert from old format (preserve compat) + if !current['masters'] && current['master_ip'] + Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.') - template "/etc/init/redis_#{sentinel_name}.conf" do - source 'sentinel.upstart.conf.erb' - cookbook 'redisio' - owner current['user'] - group current['group'] - mode '0644' - variables( - name: sentinel_name, - bin_path: bin_path, - user: current['user'], - group: current['group'], - configdir: current['configdir'], - piddir: piddir - ) - only_if { node['redisio']['job_control'] == 'upstart' } + # use old key names if newer key names aren't present (e.g. 'foo' || :foo) + masters = [ + { + master_name: current['master_name'] || current[:mastername], + master_ip: current['master_ip'] || current[:masterip], + master_port: current['master_port'] || current[:masterport], + quorum_count: current['quorum_count'] || current[:quorum_count], + auth_pass: current['auth-pass'] || current[:authpass], + down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil], + parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs], + failover_timeout: current['failover-timeout'] || current[:failovertimeout], + }, + ] + else + masters = [current['masters']].flatten + end + + # Load password for use with requirepass from data bag if needed + if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key'] + bag = data_bag_item(current['data_bag_name'], current['data_bag_item']) + masters.each do |master| + master['auth_pass'] = bag[current['data_bag_key']] end - # TODO: fix for freebsd - template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do - source 'sentinel.rcinit.erb' - cookbook 'redisio' - owner current['user'] - group current['group'] - mode '0755' - variables( - name: sentinel_name, - bin_path: bin_path, - user: current['user'], - configdir: current['configdir'], - piddir: piddir - ) - only_if { node['redisio']['job_control'] == 'rcinit' } + end + + # merge in default values to each sentinel hash + masters_with_defaults = [] + masters.each do |current_sentinel_master| + default_sentinel_master = new_resource.sentinel_defaults.to_hash + sentinel_master = default_sentinel_master.merge(current_sentinel_master || {}) + masters_with_defaults << sentinel_master + end + + # Don't render a template if we're missing these from any sentinel, + # as these are the minimal settings required to be passed in + masters_with_defaults.each do |sentinel_instance| + %w(master_ip master_port quorum_count).each do |param| + raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param] end end + + # Lay down the configuration files for the current instance + template "#{current['configdir']}/#{sentinel_name}.conf" do + source 'sentinel.conf.erb' + cookbook 'redisio' + owner current['user'] + group current['group'] + mode '0644' + action :create + variables( + name: current['name'], + piddir: piddir, + version: version_hash, + job_control: node['redisio']['job_control'], + sentinel_bind: current['sentinel_bind'], + sentinel_port: current['sentinel_port'], + loglevel: current['loglevel'], + logfile: current['logfile'], + syslogenabled: current['syslogenabled'], + syslogfacility: current['syslogfacility'], + masters: masters_with_defaults, + announce_ip: current['announce-ip'], + announce_port: current['announce-port'], + notification_script: current['notification-script'], + client_reconfig_script: current['client-reconfig-script'], + protected_mode: current['protected_mode'] + ) + not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") } + end + + file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do + content 'This file prevents the chef cookbook from overwritting the sentinel config more than once' + action :create_if_missing + end + + # Setup init.d file + bin_path = if node['redisio']['install_dir'] + ::File.join(node['redisio']['install_dir'], 'bin') + else + node['redisio']['bin_path'] + end + template "/etc/init.d/redis_#{sentinel_name}" do + source 'sentinel.init.erb' + cookbook 'redisio' + owner 'root' + group 'root' + mode '0755' + variables( + name: sentinel_name, + bin_path: bin_path, + user: current['user'], + configdir: current['configdir'], + piddir: piddir, + platform: node['platform'] + ) + only_if { node['redisio']['job_control'] == 'initd' } + end + + template "/etc/init/redis_#{sentinel_name}.conf" do + source 'sentinel.upstart.conf.erb' + cookbook 'redisio' + owner current['user'] + group current['group'] + mode '0644' + variables( + name: sentinel_name, + bin_path: bin_path, + user: current['user'], + group: current['group'], + configdir: current['configdir'], + piddir: piddir + ) + only_if { node['redisio']['job_control'] == 'upstart' } + end + # TODO: fix for freebsd + template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do + source 'sentinel.rcinit.erb' + cookbook 'redisio' + owner current['user'] + group current['group'] + mode '0755' + variables( + name: sentinel_name, + bin_path: bin_path, + user: current['user'], + configdir: current['configdir'], + piddir: piddir + ) + only_if { node['redisio']['job_control'] == 'rcinit' } + end end # servers each loop end @@ -247,9 +241,3 @@ def version end nil end - -def load_current_resource - @current_resource = Chef::Resource.resource_for_node(:redisio_sentinel, node).new(new_resource.name) - @current_resource.version(version) - @current_resource -end diff --git a/cookbooks/redisio/recipes/_install_prereqs.rb b/cookbooks/redisio/recipes/_install_prereqs.rb index ae35774..dda5a38 100644 --- a/cookbooks/redisio/recipes/_install_prereqs.rb +++ b/cookbooks/redisio/recipes/_install_prereqs.rb @@ -1,9 +1,9 @@ -packages_to_install = case node['platform'] - when 'debian', 'ubuntu' +packages_to_install = case node['platform_family'] + when 'debian' %w( tar ) - when 'redhat', 'centos', 'fedora', 'scientific', 'suse', 'amazon' + when 'rhel', 'fedora' %w( tar ) diff --git a/cookbooks/redisio/recipes/configure.rb b/cookbooks/redisio/recipes/configure.rb index 1a5673d..dc1ad43 100644 --- a/cookbooks/redisio/recipes/configure.rb +++ b/cookbooks/redisio/recipes/configure.rb @@ -1,5 +1,5 @@ include_recipe 'redisio::default' -include_recipe 'ulimit::default' +include_recipe 'redisio::ulimit' redis = node['redisio'] diff --git a/cookbooks/redisio/recipes/default.rb b/cookbooks/redisio/recipes/default.rb index 5e3269f..ed51ac4 100644 --- a/cookbooks/redisio/recipes/default.rb +++ b/cookbooks/redisio/recipes/default.rb @@ -1,14 +1,4 @@ -# debian 6.0.x fails the build_essential recipe without an apt-get update prior to run -if platform?('debian', 'ubuntu') - execute 'apt-get-update-periodic' do - command 'apt-get update' - ignore_failure true - only_if do - !File.exist?('/var/lib/apt/periodic/update-success-stamp') || - File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400 - end - end -end +apt_update unless node['redisio']['package_install'] include_recipe 'redisio::_install_prereqs' diff --git a/cookbooks/redisio/recipes/disable_os_default.rb b/cookbooks/redisio/recipes/disable_os_default.rb index e755ed6..7fd76e4 100644 --- a/cookbooks/redisio/recipes/disable_os_default.rb +++ b/cookbooks/redisio/recipes/disable_os_default.rb @@ -1,8 +1,8 @@ # disable the default OS redis init script -service_name = case node['platform'] - when 'debian', 'ubuntu' +service_name = case node['platform_family'] + when 'debian' 'redis-server' - when 'redhat', 'centos', 'fedora', 'scientific', 'suse', 'amazon' + when 'rhel', 'fedora' 'redis' end diff --git a/cookbooks/redisio/recipes/install.rb b/cookbooks/redisio/recipes/install.rb index fb54ecd..bb7064f 100644 --- a/cookbooks/redisio/recipes/install.rb +++ b/cookbooks/redisio/recipes/install.rb @@ -19,4 +19,4 @@ else end end -include_recipe 'ulimit::default' +include_recipe 'redisio::ulimit' diff --git a/cookbooks/redisio/recipes/sentinel.rb b/cookbooks/redisio/recipes/sentinel.rb index fde9995..84a49d0 100644 --- a/cookbooks/redisio/recipes/sentinel.rb +++ b/cookbooks/redisio/recipes/sentinel.rb @@ -1,6 +1,6 @@ include_recipe 'redisio::_install_prereqs' include_recipe 'redisio::install' -include_recipe 'ulimit::default' +include_recipe 'redisio::ulimit' redis = node['redisio'] diff --git a/cookbooks/redisio/recipes/ulimit.rb b/cookbooks/redisio/recipes/ulimit.rb new file mode 100644 index 0000000..fbe4bfb --- /dev/null +++ b/cookbooks/redisio/recipes/ulimit.rb @@ -0,0 +1,25 @@ +# Pulled from the now replaced ulimit cookbook +# TODO: find a more tidy way to do this +ulimit = node['ulimit'] + +if platform_family?('debian') + template '/etc/pam.d/su' do + cookbook ulimit['pam_su_template_cookbook'] + end + + cookbook_file '/etc/pam.d/sudo' do + cookbook node['ulimit']['ulimit_overriding_sudo_file_cookbook'] + source node['ulimit']['ulimit_overriding_sudo_file_name'] + mode '0644' + end +end + +if ulimit.key?('users') + ulimit['users'].each do |user, attributes| + user_ulimit user do + attributes.each do |a, v| + send(a.to_sym, v) + end + end + end +end diff --git a/cookbooks/redisio/renovate.json b/cookbooks/redisio/renovate.json new file mode 100644 index 0000000..7e7a8ba --- /dev/null +++ b/cookbooks/redisio/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base"], + "packageRules": [{ + "groupName": "Actions", + "matchUpdateTypes": ["patch", "pin", "digest"], + "automerge": true, + "addLabels": ["Release: Patch", "Skip: Announcements"] + }, + { + "groupName": "Actions", + "matchUpdateTypes": ["major"], + "automerge": false, + "addLabels": ["Release: Patch", "Skip: Announcements"] + } + ] +} diff --git a/cookbooks/redisio/resources/configure.rb b/cookbooks/redisio/resources/configure.rb index d8d10bd..328e07c 100644 --- a/cookbooks/redisio/resources/configure.rb +++ b/cookbooks/redisio/resources/configure.rb @@ -1,5 +1,5 @@ actions :run - +unified_mode true default_action :run # Configuration attributes diff --git a/cookbooks/redisio/resources/install.rb b/cookbooks/redisio/resources/install.rb index 9314e9c..c299dcb 100644 --- a/cookbooks/redisio/resources/install.rb +++ b/cookbooks/redisio/resources/install.rb @@ -1,5 +1,5 @@ actions :run - +unified_mode true default_action :run # Installation attributes diff --git a/cookbooks/redisio/resources/sentinel.rb b/cookbooks/redisio/resources/sentinel.rb index 175956e..1c07599 100644 --- a/cookbooks/redisio/resources/sentinel.rb +++ b/cookbooks/redisio/resources/sentinel.rb @@ -1,5 +1,5 @@ actions :run - +unified_mode true default_action :run # Configuration attributes diff --git a/cookbooks/redisio/templates/default/domain.erb b/cookbooks/redisio/templates/default/domain.erb new file mode 100644 index 0000000..219080c --- /dev/null +++ b/cookbooks/redisio/templates/default/domain.erb @@ -0,0 +1,9 @@ +<% + node.run_state[:ulimit][@domain].each do |item, entries| + entries.each do |type, value| +-%> +<%= @domain %> <%= type %> <%= item %> <%= value %> +<% + end + end +-%> diff --git a/cookbooks/redisio/templates/default/redis.conf.erb b/cookbooks/redisio/templates/default/redis.conf.erb index 6e28d19..5320578 100644 --- a/cookbooks/redisio/templates/default/redis.conf.erb +++ b/cookbooks/redisio/templates/default/redis.conf.erb @@ -26,7 +26,7 @@ pidfile <%= @piddir %>/redis_<%=@name%>.pid # If port 0 is specified Redis will not listen on a TCP socket. port <%=@port%> -<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 5 || @version[:major].to_i == 3 %> +<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 5 || @version[:major].to_i >= 3 %> # TCP listen() backlog. # # In high requests-per-second environments you need an high backlog in order @@ -185,7 +185,7 @@ stop-writes-on-bgsave-error <%= @stopwritesonbgsaveerror %> # the dataset will likely be bigger if you have compressible values or keys. rdbcompression <%= @rdbcompression %> -<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %> +<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %> # Since version 5 of RDB a CRC64 checksum is placed at the end of the file. # This makes the format more resistant to corruption but there is a performance # hit to pay (around 10%) when saving and loading RDB files, so you can disable it @@ -320,7 +320,7 @@ repl-diskless-sync <%=@repldisklesssync%> repl-diskless-sync-delay <%=@repldisklesssyncdelay%> <% end %> -<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %> +<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %> # You can configure a slave instance to accept writes or not. Writing against # a slave instance may be useful to store some ephemeral data (because data # written on a slave will be easily deleted after resync with the master) but @@ -353,7 +353,7 @@ repl-ping-slave-period <%=@replpingslaveperiod%> # repl-timeout <%=@repltimeout%> -<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %> +<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %> # Disable TCP_NODELAY on the slave socket after SYNC? # # If you select "yes" Redis will use a smaller number of TCP packets and @@ -906,7 +906,7 @@ set-max-intset-entries <%= @setmaxintsetentries %> zset-max-ziplist-entries <%= @zsetmaxziplistentries %> zset-max-ziplist-value <%= @zsetmaxziplistvalue %> -<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 9 || @version[:major].to_i == 3 %> +<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 9 || @version[:major].to_i >= 3 %> # HyperLogLog sparse representation bytes limit. The limit includes the # 16 bytes header. When an HyperLogLog using the sparse representation crosses # this limit, it is converted into the dense representation. diff --git a/cookbooks/redisio/templates/default/redis@.service.erb b/cookbooks/redisio/templates/default/redis@.service.erb index c5cd645..dc2b006 100644 --- a/cookbooks/redisio/templates/default/redis@.service.erb +++ b/cookbooks/redisio/templates/default/redis@.service.erb @@ -1,6 +1,7 @@ [Unit] Description=Redis (%i) persistent key-value database -After=network.target +Wants=network-online.target +After=network-online.target [Service] ExecStart=<%= @bin_path %>/redis-server /etc/redis/%i.conf --daemonize no diff --git a/cookbooks/redisio/templates/default/sentinel.conf.erb b/cookbooks/redisio/templates/default/sentinel.conf.erb index 83ae4e2..278e854 100644 --- a/cookbooks/redisio/templates/default/sentinel.conf.erb +++ b/cookbooks/redisio/templates/default/sentinel.conf.erb @@ -11,10 +11,14 @@ syslog-ident redis-<%= @name %> syslog-facility <%= @syslogfacility %> <%= "logfile #{@logfile}" unless @logfile.nil? %> -# bind sentinel IP <% if @sentinel_bind %> bind <%=@sentinel_bind%> <% end %> + + <% if @protected_mode %> +<%= "protected-mode #{@protected_mode}" %> +<% end %> + # port # The port that this sentinel instance will run on port <%=@sentinel_port%> diff --git a/cookbooks/redisio/templates/default/su.erb b/cookbooks/redisio/templates/default/su.erb new file mode 100644 index 0000000..882fbd6 --- /dev/null +++ b/cookbooks/redisio/templates/default/su.erb @@ -0,0 +1,62 @@ +# +# The PAM configuration file for the Shadow `su' service +# +# This file modified by Chef to enable ulimit switching with `su` +# + +# This allows root to su without passwords (normal operation) +auth sufficient pam_rootok.so + +# Uncomment this to force users to be a member of group root +# before they can use `su'. You can also add "group=foo" +# to the end of this line if you want to use a group other +# than the default "root" (but this may have side effect of +# denying "root" user, unless she's a member of "foo" or explicitly +# permitted earlier by e.g. "sufficient pam_rootok.so"). +# (Replaces the `SU_WHEEL_ONLY' option from login.defs) +# auth required pam_wheel.so + +# Uncomment this if you want wheel members to be able to +# su without a password. +# auth sufficient pam_wheel.so trust + +# Uncomment this if you want members of a specific group to not +# be allowed to use su at all. +# auth required pam_wheel.so deny group=nosu + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on su usage. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +# +# "nopen" stands to avoid reporting new mail when su'ing to another user +session optional pam_mail.so nopen + +# Sets up user limits, please uncomment and read /etc/security/limits.conf +# to enable this functionality. +# (Replaces the use of /etc/limits in old login) +session required pam_limits.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +@include common-auth +@include common-account +@include common-session diff --git a/cookbooks/redisio/templates/default/ulimit.erb b/cookbooks/redisio/templates/default/ulimit.erb new file mode 100644 index 0000000..46065e9 --- /dev/null +++ b/cookbooks/redisio/templates/default/ulimit.erb @@ -0,0 +1,32 @@ +# Limits settings for <%= @ulimit_user %> +<% unless @filehandle_limit.nil? -%> +<%= @ulimit_user -%> - nofile <%= @filehandle_limit %> +<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%> +<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%> +<% end -%> +<% unless @process_limit.nil? -%> +<%= @ulimit_user -%> - nproc <%= @process_limit %> +<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%> +<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%> +<% end -%> +<% unless @memory_limit.nil? -%> +<%= @ulimit_user -%> - memlock <%= @memory_limit %> +<% end -%> +<% unless @core_limit.nil? -%> +<%= @ulimit_user -%> - core <%= @core_limit %> +<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%> +<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%> +<% end -%> +<% unless @stack_limit.nil? -%> +<%= @ulimit_user -%> - stack <%= @stack_limit %> +<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%> +<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%> +<% end -%> +<% unless @rtprio_limit.nil? -%> +<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %> +<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%> +<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%> +<% end -%> +<% unless @virt_limit.nil? -%> + <%= @ulimit_user -%> - as <%= @virt_limit %> +<% end -%> diff --git a/cookbooks/selinux/.markdownlint-cli2.yaml b/cookbooks/selinux/.markdownlint-cli2.yaml new file mode 100644 index 0000000..6fa8e77 --- /dev/null +++ b/cookbooks/selinux/.markdownlint-cli2.yaml @@ -0,0 +1,5 @@ +config: + ul-indent: false # MD007 + line-length: false # MD013 + no-duplicate-heading: false # MD024 + reference-links-images: false # MD052 diff --git a/cookbooks/selinux/CHANGELOG.md b/cookbooks/selinux/CHANGELOG.md new file mode 100644 index 0000000..26ae15e --- /dev/null +++ b/cookbooks/selinux/CHANGELOG.md @@ -0,0 +1,263 @@ +# selinux Cookbook CHANGELOG + +This file is used to list changes made in each version of the selinux cookbook. + +## 6.1.12 - *2023-05-17* + +## 6.1.11 - *2023-04-17* + +## 6.1.10 - *2023-04-07* + +Standardise files with files in sous-chefs/repo-management + +## 6.1.9 - *2023-04-01* + +## 6.1.8 - *2023-04-01* + +## 6.1.7 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.1.6 - *2023-03-20* + +Standardise files with files in sous-chefs/repo-management + +## 6.1.5 - *2023-03-15* + +Standardise files with files in sous-chefs/repo-management + +## 6.1.4 - *2023-02-23* + +Standardise files with files in sous-chefs/repo-management + +## 6.1.3 - *2023-02-15* + +## 6.1.2 - *2023-02-14* + +Standardise files with files in sous-chefs/repo-management + +## 6.1.1 - *2023-02-03* + +- Updated selinux_port documentation + +## 6.1.0 - *2023-01-18* + +- resolved cookstyle error: resources/install.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat` +- resolved cookstyle error: resources/module.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat` +- resolved cookstyle error: resources/state.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat` +- Standardise files with files in sous-chefs/repo-management +- Add `selinux_login` resource +- Add `selinux_user` resource + +## 6.0.7 - *2022-11-01* + +- Fix CentOS 6 package requirements +- Fix Chef 18 compatibility + +## 6.0.6 - *2022-09-28* + +- Add missing `policycoreutils-python` package +- Include additional platforms and suites for testing +- Run `apt_update` in `selinux_install` on Debian-based systems +- Fix SELinux enablement on Ubuntu 18.04 + +## 6.0.5 - *2022-09-18* + +- Standardise files with files in sous-chefs/repo-management +- Add testing for Debian 11, Alma Linux and Rocky Linux +- Remove testing for CentOS 8 (prefer Stream instead) +- Update Github CI config + +## 6.0.4 - *2022-02-17* + +- Standardise files with files in sous-chefs/repo-management + +## 6.0.3 - *2022-02-08* + +- Remove delivery folder + +## 6.0.2 - *2022-01-01* + +- resolved cookstyle error: resources/install.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat` +- resolved cookstyle error: resources/module.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat` +- resolved cookstyle error: resources/state.rb:5:1 refactor: `Chef/Style/CopyrightCommentFormat` + +## 6.0.1 - *2021-11-03* + +- Correctly parse ports with multple contexts + +## 6.0.0 - *2021-09-02* + +- Import `selinux_policy` resources into this cookbook (`_fcontext`, `_permissive`, and `_port`) +- `selinux_policy_module` not imported since it is a duplicate of `selinux_module` + +### Deprecations + +- `selinux_fcontext` action `addormodify` renamed to `manage` +- `selinux_port` action `addormodify` renamed to `manage` + +## 5.1.1 - *2021-08-30* + +- Standardise files with files in sous-chefs/repo-management + +## 5.1.0 - *2021-08-21* + +- Fix `selinux_install` on Alma Linux / Oracle Linux + +## 5.0.0 - *2021-08-10* + +### Note: With version 5.0.0 the default recipe has been removed + +- Major refactoring +- Restore support for Debian based distros +- All resources now use unified_mode +- Added selinux_boolean resource +- Remove attributes and default recipe +- Replaced with a set of bare recipes for the three selinux states +- Add automatic restart function to `selinux_state` resource + +## 4.0.0 - *2021-07-21* + +- Sous Chefs adoption +- Enable `unified_mode` for Chef 17 compatibility +- Update test platforms + +## 3.1.1 (2020-09-29) + +- Move `default['selinux']['status']` attribute to `default['selinux']['state']` to avoid conflicts with Ohai in Chef Infra Client 16 - [@shoekstra](https://github.com/shoekstra) + +## 3.1.0 (2020-09-29) + +- Cookstyle Bot Auto Corrections with Cookstyle 6.16.8 - [@cookstyle](https://github.com/cookstyle) +- Add a new `node['selinux']['install_mcstrans_package']` attribute to control installation of the mcdtrans package. This default to true to maintain existing functionality. - [@kapilchouhan99](https://github.com/kapilchouhan99) + +## 3.0.2 (2020-08-25) + +- Fix failures in CI- [@shoekstra](https://github.com/shoekstra) +- Specify platform to SoloRunner - [@shoekstra](https://github.com/shoekstra) +- Remove unnecessary Foodcritic comments - [@tas50](https://github.com/tas50) +- Notify :immediately not :immediate - [@tas50](https://github.com/tas50) +- Add Github actions testing of style/unit - [@tas50](https://github.com/tas50) +- [GH-67] - Do not try to modify frozen checksum - [@vzDevelopment](https://github.com/vzDevelopment) +- Standardise files with files in chef-cookbooks/repo-management - [@xorimabot](https://github.com/xorimabot) + +## 3.0.1 (2019-11-14) + +- Remove the deprecated ChefSpec report - [@tas50](https://github.com/tas50) +- Allow "-" and "_" for module names - [@ramereth](https://github.com/ramereth) +- Update Fedora versions we test on - [@tas50](https://github.com/tas50) + +## 3.0.0 (2019-06-06) + +- Support for SELinux Modules, via new resource `selinux_module`, able to compile `.te` files, install and remove modules; +- Improving test coverage for all resources +- Remove support for Ubuntu/Debian +- Require Chef 13+ + +## 2.1.1 (2018-06-07) + +- Do not execute setenforce 1 always +- Remove chefspec matchers that are autogenerated now +- Chef 13 Fixes + +## 2.1.0 (2017-09-15) + +- Simplify Travis config and fix ChefDK 2.0 failures +- Use bento slugs in Kitchen +- Remove maintainer files +- More cleanup of the maintainer files +- Speed up install with multi-package install + +## 2.0.3 (2017-06-13) + +- Fix boolean check within default recipe + +## 2.0.2 (2017-06-05) + +- Permissive guard should grep for permissive not just disabled + +## 2.0.1 (2017-05-30) + +- Remove class_eval usage + +## 2.0.0 (2017-05-15) + +- Deprecate debian family support +- Make default for rhel family use setenforce regardless of whether a temporary change or not. Eliminates the requirement for a required reboot to effect change in the running system. + +## 1.0.4 (2017-04-17) + +- Switch to local delivery for testing +- Use the standard apache license string +- Updates for early Chef 12 and Chef 13 compatibility +- Update and add copyright blocks to the various files + +## 1.0.3 (2017-03-14) + +- Fix requirement in metadata to reflect need for Chef 12.7 as using action_class in state resource. + +## 1.0.2 (2017-03-01) + +- Remove setools* packages from install resource (utility to analyze and query policies, monitor and report audit logs, and manage file context). Future versions of this cookbook that might use this need to handle package install on Oracle Linux as not available in default repo. + +## 1.0.1 (2017-02-26) + +- Fix logic error in the permissive state change + +## 1.0.0 (2017-02-26) + +- **BREAKING CHANGE** `node['selinux']['state']` is now `node['selinux']['status']` to meet Chef 13 requirements. +- Update to current cookbook engineering standards +- Rewrite LWRP to 12.5 resources +- Resolved cookstyle errors +- Update package information for debian based on +- selinux-activate looks like it's required to ACTUALLY activate selinux on non-RHEL systems. This seems like it could be destructive if unexpected. + +- Add property temporary to allow for switching between permissive and enabled + +- Add install resource + +## v0.9.0 (2015-02-22) + +- Initial Debian / Ubuntu support +- Various bug fixes + +## v0.8.0 (2014-04-23) + +- [COOK-4528] - Fix selinux directory permissions +- [COOK-4562] - Basic support for Ubuntu/Debian + +## v0.7.2 (2014-03-24) + +handling minimal installs + +## v0.7.0 (2014-02-27) + +[COOK-4218] Support setting SELinux boolean values + +## v0.6.2 + +- Fixing bug introduced in 0.6.0 +- adding basic test-kitchen coverage + +## v0.6.0 + +- [COOK-760] - selinux enforce/permit/disable based on attribute + +## v0.5.6 + +- [COOK-2124] - enforcing recipe fails if selinux is disabled + +## v0.5.4 + +- [COOK-1277] - disabled recipe fails on systems w/o selinux installed + +## v0.5.2 + +- [COOK-789] - fix dangling commas causing syntax error on some rubies + +## v0.5.0 + +- [COOK-678] - add the selinux cookbook to the repository +- Use main selinux config file (/etc/selinux/config) +- Use getenforce instead of selinuxenabled for enforcing and permissive diff --git a/cookbooks/selinux/LICENSE b/cookbooks/selinux/LICENSE new file mode 100644 index 0000000..8dada3e --- /dev/null +++ b/cookbooks/selinux/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/cookbooks/selinux/README.md b/cookbooks/selinux/README.md new file mode 100644 index 0000000..e4d6b63 --- /dev/null +++ b/cookbooks/selinux/README.md @@ -0,0 +1,83 @@ +# SELinux Cookbook + +[![Cookbook Version](https://img.shields.io/cookbook/v/selnux.svg)](https://supermarket.chef.io/cookbooks/selinux) +[![CI State](https://github.com/sous-chefs/selinux/workflows/ci/badge.svg)](https://github.com/sous-chefs/selinux/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) + +## Description + +The SELinux (Security Enhanced Linux) cookbook provides recipes for manipulating SELinux policy enforcement state. + +SELinux can have one of three settings: + +`Enforcing` + +- Watches all system access checks, stops all 'Denied access' +- Default mode on RHEL systems + +`Permissive` + +- Allows access but reports violations + +`Disabled` + +- Disables SELinux from the system but is only read at boot time. If you set this flag, you must reboot. + +Disable SELinux only if you plan to not use it. Use `Permissive` mode if you just need to debug your system. + +## Requirements + +- Chef 15.3 or higher + +## Platform + +- RHEL 7+ +- CentOS 7+ +- Fedora +- Ubuntu +- Debian + +## Resources + +The following resources are provided: + +- [selinux_boolean](documentation/selinux_boolean.md) +- [selinux_fcontext](documentation/selinux_fcontext.md) +- [selinux_install](documentation/selinux_install.md) +- [selinux_login](documentation/selinux_login.md) +- [selinux_module](documentation/selinux_module.md) +- [selinux_permissive](documentation/selinux_permissive.md) +- [selinux_port](documentation/selinux_port.md) +- [selinux_state](documentation/selinux_state.md) +- [selinux_user](documentation/selinux_user.md) + +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + +## Contributors + +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) + +### Backers + +Thank you to all our backers! + +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) + +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/selinux/chefignore b/cookbooks/selinux/chefignore new file mode 100644 index 0000000..a27b0b2 --- /dev/null +++ b/cookbooks/selinux/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen*.yml +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/selinux/libraries/boolean.rb b/cookbooks/selinux/libraries/boolean.rb new file mode 100644 index 0000000..c64d07c --- /dev/null +++ b/cookbooks/selinux/libraries/boolean.rb @@ -0,0 +1,17 @@ +module SELinux + module Cookbook + module BooleanHelpers + def selinux_bool(bool) + if ['on', 'true', '1', true, 1].include?(bool) + 'on' + elsif ['off', 'false', '0', false, 0].include?(bool) + 'off' + else + raise ArgumentError, "selinux_bool: Invalid selinux boolean value #{bool}" + end + end + + module_function :selinux_bool + end + end +end diff --git a/cookbooks/selinux/libraries/install.rb b/cookbooks/selinux/libraries/install.rb new file mode 100644 index 0000000..0de1789 --- /dev/null +++ b/cookbooks/selinux/libraries/install.rb @@ -0,0 +1,33 @@ +module SELinux + module Cookbook + module InstallHelpers + def default_install_packages + case node['platform_family'] + when 'rhel' + case node['platform_version'].to_i + when 6 + %w(make policycoreutils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console) + when 7 + %w(make policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console) + else + %w(make policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console) + end + when 'amazon' + %w(make policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console) + when 'fedora' + %w(make policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console) + when 'debian' + if node['platform'] == 'ubuntu' + if node['platform_version'].to_f == 18.04 + %w(make policycoreutils selinux selinux-basics selinux-policy-default selinux-policy-dev auditd setools) + else + %w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools) + end + else + %w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools) + end + end + end + end + end +end diff --git a/cookbooks/selinux/libraries/state.rb b/cookbooks/selinux/libraries/state.rb new file mode 100644 index 0000000..81421df --- /dev/null +++ b/cookbooks/selinux/libraries/state.rb @@ -0,0 +1,60 @@ +module SELinux + module Cookbook + module StateHelpers + def selinux_disabled? + selinux_state.eql?(:disabled) + end + + def selinux_enforcing? + selinux_state.eql?(:enforcing) + end + + def selinux_permissive? + selinux_state.eql?(:permissive) + end + + def state_change_reboot_required? + (selinux_disabled? && %i(enforcing permissive).include?(action)) || + ((selinux_enforcing? || selinux_permissive?) && action == :disabled) || + (selinux_activate_required? && %i(enforcing permissive).include?(action)) + end + + def selinux_state + state = shell_out!('getenforce').stdout.strip.downcase.to_sym + raise "Got unknown SELinux state #{state}" unless %i(disabled enforcing permissive).include?(state) + + state + end + + def selinux_activate_required? + return false unless platform_family?('debian') + sestatus = shell_out!('sestatus -v').stdout.strip + + # Ensure we're booted up to a system which has selinux activated and filesystem is properly labeled + if File.read('/proc/cmdline').match?('security=selinux') && sestatus.match?(%r{/usr/sbin/sshd.*sshd_exec_t}) + false + else + true + end + end + + def selinux_activate_cmd + # selinux-activate is semi-broken on Ubuntu 18.04 however this method does work + if platform?('ubuntu') && node['platform_version'] == '18.04' + 'touch /.autorelabel' + else + '/usr/sbin/selinux-activate' + end + end + + def default_policy_platform + case node['platform_family'] + when 'rhel', 'fedora', 'amazon' + 'targeted' + when 'debian' + 'default' + end + end + end + end +end diff --git a/cookbooks/selinux/metadata.json b/cookbooks/selinux/metadata.json new file mode 100644 index 0000000..dae3c66 --- /dev/null +++ b/cookbooks/selinux/metadata.json @@ -0,0 +1,43 @@ +{ + "name": "selinux", + "description": "Manages SELinux policy state and rules.", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "scientific": ">= 0.0.0", + "oracle": ">= 0.0.0", + "amazon": ">= 0.0.0", + "fedora": ">= 0.0.0", + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0" + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "6.1.12", + "source_url": "https://github.com/sous-chefs/selinux", + "issues_url": "https://github.com/sous-chefs/selinux/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 15.3" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/selinux/metadata.rb b/cookbooks/selinux/metadata.rb new file mode 100644 index 0000000..85c8109 --- /dev/null +++ b/cookbooks/selinux/metadata.rb @@ -0,0 +1,13 @@ +name 'selinux' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Manages SELinux policy state and rules.' +version '6.1.12' +source_url 'https://github.com/sous-chefs/selinux' +issues_url 'https://github.com/sous-chefs/selinux/issues' +chef_version '>= 15.3' + +%w(redhat centos scientific oracle amazon fedora debian ubuntu).each do |os| + supports os +end diff --git a/cookbooks/selinux/recipes/disabled.rb b/cookbooks/selinux/recipes/disabled.rb new file mode 100644 index 0000000..35cedbb --- /dev/null +++ b/cookbooks/selinux/recipes/disabled.rb @@ -0,0 +1,23 @@ +# +# Cookbook:: selinux +# Recipe:: disabled +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +selinux_install 'selinux' + +selinux_state 'disabled' do + automatic_reboot true + action :disabled +end diff --git a/cookbooks/selinux/recipes/enforcing.rb b/cookbooks/selinux/recipes/enforcing.rb new file mode 100644 index 0000000..ae003d3 --- /dev/null +++ b/cookbooks/selinux/recipes/enforcing.rb @@ -0,0 +1,24 @@ + +# +# Cookbook:: selinux +# Recipe:: enforcing +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +selinux_install 'selinux' + +selinux_state 'enforcing' do + automatic_reboot true + action :enforcing +end diff --git a/cookbooks/selinux/recipes/permissive.rb b/cookbooks/selinux/recipes/permissive.rb new file mode 100644 index 0000000..3edba4a --- /dev/null +++ b/cookbooks/selinux/recipes/permissive.rb @@ -0,0 +1,23 @@ +# +# Cookbook:: selinux +# Recipe:: permissive +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +selinux_install 'selinux' + +selinux_state 'permissive' do + automatic_reboot true + action :permissive +end diff --git a/cookbooks/selinux/renovate.json b/cookbooks/selinux/renovate.json new file mode 100644 index 0000000..7e7a8ba --- /dev/null +++ b/cookbooks/selinux/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base"], + "packageRules": [{ + "groupName": "Actions", + "matchUpdateTypes": ["patch", "pin", "digest"], + "automerge": true, + "addLabels": ["Release: Patch", "Skip: Announcements"] + }, + { + "groupName": "Actions", + "matchUpdateTypes": ["major"], + "automerge": false, + "addLabels": ["Release: Patch", "Skip: Announcements"] + } + ] +} diff --git a/cookbooks/selinux/resources/boolean.rb b/cookbooks/selinux/resources/boolean.rb new file mode 100644 index 0000000..b55cff1 --- /dev/null +++ b/cookbooks/selinux/resources/boolean.rb @@ -0,0 +1,56 @@ +# +# Cookbook:: selinux +# Resource:: boolean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :boolean, String, + name_property: true, + description: 'SELinux boolean to set' + +property :value, [Integer, String, true, false], + required: true, + equal_to: %w(on off), + coerce: proc { |p| ::SELinux::Cookbook::BooleanHelpers.selinux_bool(p) }, + description: 'SELinux boolean value' + +property :persistent, [true, false], + default: true, + desired_state: false, + description: 'Set to true for value setting to survive reboot' + +load_current_value do |new_resource| + value shell_out!("getsebool #{new_resource.boolean}").stdout.split('-->').map(&:strip).last +end + +action_class do + include ::SELinux::Cookbook::StateHelpers +end + +action :set do + if selinux_disabled? + Chef::Log.warn("Unable to set SELinux boolean #{new_resource.name} as SELinux is disabled") + return + end + + converge_if_changed do + cmd = 'setsebool' + cmd += ' -P' if new_resource.persistent + cmd += " #{new_resource.boolean} #{new_resource.value}" + + shell_out!(cmd) + end +end diff --git a/cookbooks/selinux/resources/fcontext.rb b/cookbooks/selinux/resources/fcontext.rb new file mode 100644 index 0000000..9efbbbb --- /dev/null +++ b/cookbooks/selinux/resources/fcontext.rb @@ -0,0 +1,132 @@ +# +# Cookbook:: selinux +# Resource:: fcontext +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :file_spec, String, + name_property: true, + description: 'Path to or regex matching the files or directoriesto label' + +property :secontext, String, + required: %i(add modify manage), + description: 'SELinux context to assign' + +property :file_type, String, + default: 'a', + equal_to: %w(a f d c b s l p), + description: 'The type of the file being labeled' + +action_class do + include ::SELinux::Cookbook::StateHelpers + + def current_file_context + file_hash = { + 'a' => 'all files', + 'f' => 'regular file', + 'd' => 'directory', + 'c' => 'character device', + 'b' => 'block device', + 's' => 'socket', + 'l' => 'symbolic link', + 'p' => 'named pipe', + } + + contexts = shell_out!('semanage fcontext -l').stdout.split("\n") + # pull out file label from user:role:type:level context string + contexts.grep(/^#{Regexp.escape(new_resource.file_spec)}\s+#{file_hash[new_resource.file_type]}/) do |c| + c.match(/.+ (?.+):(?.+):(?.+):(?.+)$/)[:type] + # match returns ['foo'] or [], shift converts that to 'foo' or nil + end.shift + end + + # Run restorecon to fix label + # https://github.com/sous-chefs/selinux_policy/pull/72#issuecomment-338718721 + def relabel_files + spec = new_resource.file_spec + escaped = Regexp.escape spec + + # find common path between regex and string + common = if spec == escaped + spec + else + index = spec.size.times { |i| break i if spec[i] != escaped[i] } + ::File.dirname spec[0...index] + end + + # if path is not absolute, ignore it and search everything + common = '/' if common[0] != '/' + + if ::File.exist? common + shell_out!("find #{common.shellescape} -ignore_readdir_race -regextype posix-egrep -regex #{spec.shellescape} -prune -print0 | xargs -0 restorecon -iRv") + end + end +end + +action :manage do + run_action(:add) + run_action(:modify) +end + +action :addormodify do + Chef::Log.warn('The :addormodify action for selinux_fcontext is deprecated and will be removed in a future release. Use the :manage action instead.') + run_action(:manage) +end + +# Create if doesn't exist, do not touch if fcontext is already registered +action :add do + if selinux_disabled? + Chef::Log.warn("Unable to add SELinux fcontext #{new_resource.name} as SELinux is disabled") + return + end + + unless current_file_context + converge_by "adding label #{new_resource.secontext} to #{new_resource.file_spec}" do + shell_out!("semanage fcontext -a -f #{new_resource.file_type} -t #{new_resource.secontext} '#{new_resource.file_spec}'") + relabel_files + end + end +end + +# Only modify if fcontext exists & doesn't have the correct label already +action :modify do + if selinux_disabled? + Chef::Log.warn("Unable to modify SELinux fcontext #{new_resource.name} as SELinux is disabled") + return + end + + if current_file_context && current_file_context != new_resource.secontext + converge_by "modifying label #{new_resource.secontext} to #{new_resource.file_spec}" do + shell_out!("semanage fcontext -m -f #{new_resource.file_type} -t #{new_resource.secontext} '#{new_resource.file_spec}'") + relabel_files + end + end +end + +# Delete if exists +action :delete do + if selinux_disabled? + Chef::Log.warn("Unable to delete SELinux fcontext #{new_resource.name} as SELinux is disabled") + return + end + + if current_file_context + converge_by "deleting label for #{new_resource.file_spec}" do + shell_out!("semanage fcontext -d -f #{new_resource.file_type} '#{new_resource.file_spec}'") + relabel_files + end + end +end diff --git a/cookbooks/selinux/resources/install.rb b/cookbooks/selinux/resources/install.rb new file mode 100644 index 0000000..9bb195c --- /dev/null +++ b/cookbooks/selinux/resources/install.rb @@ -0,0 +1,56 @@ +# +# Cookbook:: selinux +# Resource:: install +# +# Copyright:: 2016-2023, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +unified_mode true + +include ::SELinux::Cookbook::InstallHelpers + +property :packages, [String, Array], + default: lazy { default_install_packages }, + description: 'SELinux packages for system' + +action_class do + def do_package_action(action) + # friendly message for unsupported platforms + raise "The platform #{node['platform']} is not currently supported by the `selinux_install` resource. Please file an issue at https://github.com/sous-chefs/selinux/issues/new with details on the platform this cookbook is running on." if new_resource.packages.nil? + + apt_update 'selinux' if platform_family?('debian') + + package 'selinux' do + package_name new_resource.packages + action action + end + end +end + +action :install do + do_package_action(action) + + directory '/etc/selinux' do + owner 'root' + group 'root' + mode '0755' + action :create + end +end + +%i(upgrade remove).each do |a| + action a do + do_package_action(a) + end +end diff --git a/cookbooks/selinux/resources/login.rb b/cookbooks/selinux/resources/login.rb new file mode 100644 index 0000000..52b160b --- /dev/null +++ b/cookbooks/selinux/resources/login.rb @@ -0,0 +1,88 @@ +# +# Cookbook:: selinux +# Resource:: login +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :login, String, + name_property: true, + description: 'OS user login' + +property :user, String, + description: 'SELinux user' + +property :range, String, + description: 'MLS/MCS security range for the login' + +load_current_value do |new_resource| + logins = shell_out!('semanage login -l').stdout.split("\n") + + current_login = logins.grep(/^#{Regexp.escape(new_resource.login)}\s+/) do |l| + l.match(/^(?[^\s]+)\s+(?[^\s]+)\s+(?[^\s]+)/) + # match returns [] or [], shift converts that to or nil + end.shift + + current_value_does_not_exist! unless current_login + + # Existing resources should maintain their current configuration unless otherwise specified + new_resource.user ||= current_login[:user] + new_resource.range ||= current_login[:range] + + user current_login[:user] + range current_login[:range] +end + +action_class do + def semanage_login_args + args = '' + + args += " -s #{new_resource.user}" if new_resource.user + args += " -r #{new_resource.range}" if new_resource.range + + args + end +end + +action :manage do + run_action(:add) + run_action(:modify) +end + +action :add do + raise 'The user property must be populated to create a new SELinux login' unless new_resource.user + + unless current_resource + converge_if_changed do + shell_out!("semanage login -a#{semanage_login_args} #{new_resource.login}") + end + end +end + +action :modify do + if current_resource + converge_if_changed do + shell_out!("semanage login -m#{semanage_login_args} #{new_resource.login}") + end + end +end + +action :delete do + if current_resource + converge_by "deleting SELinux login #{new_resource.login}" do + shell_out!("semanage login -d #{new_resource.login}") + end + end +end diff --git a/cookbooks/selinux/resources/module.rb b/cookbooks/selinux/resources/module.rb new file mode 100644 index 0000000..3ac55ef --- /dev/null +++ b/cookbooks/selinux/resources/module.rb @@ -0,0 +1,125 @@ +# +# Cookbook:: selinux +# Resource:: module +# +# Copyright:: 2016-2023, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +unified_mode true + +property :module_name, String, + name_property: true, + description: 'Override the module name' + +property :source, String, + description: 'Module source file name' + +property :content, String, + description: 'Module source as String' + +property :cookbook, String, + default: lazy { cookbook_name }, + description: 'Cookbook to source from module source file from' + +property :base_dir, String, + default: '/etc/selinux/local', + description: 'Directory to create module source file in' + +action_class do + def selinux_module_filepath(type) + path = ::File.join(new_resource.base_dir, "#{new_resource.module_name}") + path.concat(".#{type}") if type + end + + def list_installed_modules + shell_out!('semodule --list-modules').stdout.split("\n").map { |x| x.split(/\s/).first } + end +end + +action :create do + directory new_resource.base_dir + + if property_is_set?(:content) + file selinux_module_filepath('te') do + content new_resource.content + + mode '0600' + owner 'root' + group 'root' + + action :create + + notifies :run, "execute[Compiling SELinux modules at '#{new_resource.base_dir}']", :immediately + end + else + cookbook_file selinux_module_filepath('te') do + cookbook new_resource.cookbook + source new_resource.source + + mode '0600' + owner 'root' + group 'root' + + action :create + + notifies :run, "execute[Compiling SELinux modules at '#{new_resource.base_dir}']", :immediately + end + end + + execute "Compiling SELinux modules at '#{new_resource.base_dir}'" do + cwd new_resource.base_dir + command "make -C #{new_resource.base_dir} -f /usr/share/selinux/devel/Makefile" + timeout 120 + user 'root' + + action :nothing + + notifies :run, "execute[Install SELinux module '#{selinux_module_filepath('pp')}']", :immediately + end + + raise "Compilation must have failed, no 'pp' file found at: '#{selinux_module_filepath('pp')}'" unless ::File.exist?(selinux_module_filepath('pp')) + + execute "Install SELinux module '#{selinux_module_filepath('pp')}'" do + command "semodule --install '#{selinux_module_filepath('pp')}'" + action :nothing + end +end + +action :delete do + %w(fc if pp te).each do |type| + next unless ::File.exist?(selinux_module_filepath(type)) + + file selinux_module_filepath(type) do + action :delete + end + end +end + +action :install do + raise "Module must be compiled before it can be installed, no 'pp' file found at: '#{selinux_module_filepath('pp')}'" unless ::File.exist?(selinux_module_filepath('pp')) + + unless list_installed_modules.include? new_resource.module_name + converge_by "Install SELinux module #{selinux_module_filepath('pp')}" do + shell_out!("semodule --install '#{selinux_module_filepath('pp')}'") + end + end +end + +action :remove do + if list_installed_modules.include? new_resource.module_name + converge_by "Remove SELinux module #{new_resource.module_name}" do + shell_out!("semodule --remove '#{new_resource.module_name}'") + end + end +end diff --git a/cookbooks/selinux/resources/permissive.rb b/cookbooks/selinux/resources/permissive.rb new file mode 100644 index 0000000..161b02c --- /dev/null +++ b/cookbooks/selinux/resources/permissive.rb @@ -0,0 +1,46 @@ +# +# Cookbook:: selinux +# Resource:: permissive +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :context, String, + name_property: true, + description: 'The SELinux context to permit' + +action_class do + def current_permissives + shell_out!('semanage permissive -ln').stdout.split("\n") + end +end + +# Create if doesn't exist, do not touch if permissive is already registered (even under different type) +action :add do + unless current_permissives.include? new_resource.context + converge_by "adding permissive context #{new_resource.context}" do + shell_out!("semanage permissive -a '#{new_resource.context}'") + end + end +end + +# Delete if exists +action :delete do + if current_permissives.include? new_resource.context + converge_by "deleting permissive context #{new_resource.context}" do + shell_out!("semanage permissive -d '#{new_resource.context}'") + end + end +end diff --git a/cookbooks/selinux/resources/port.rb b/cookbooks/selinux/resources/port.rb new file mode 100644 index 0000000..987c081 --- /dev/null +++ b/cookbooks/selinux/resources/port.rb @@ -0,0 +1,98 @@ +# +# Cookbook:: selinux +# Resource:: port +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :port, [Integer, String], + name_property: true, + regex: /^\d+$/, + description: 'Port to modify' + +property :protocol, String, + equal_to: %w(tcp udp), + required: %i(manage add modify), + description: 'Protocol to modify' + +property :secontext, String, + required: %i(manage add modify), + description: 'SELinux context to assign to the port' + +action_class do + include ::SELinux::Cookbook::StateHelpers + + def current_port_context + # use awk to see if the given port is within a reported port range + shell_out!( + <<~CMD + seinfo --portcon=#{new_resource.port} | grep 'portcon #{new_resource.protocol}' | \ + awk -F: '$(NF-1) !~ /reserved_port_t$/ && $(NF-3) !~ /[0-9]*-[0-9]*/ {print $(NF-1)}' + CMD + ).stdout.split + end +end + +action :manage do + run_action(:add) + run_action(:modify) +end + +action :addormodify do + Chef::Log.warn('The :addormodify action for selinux_port is deprecated and will be removed in a future release. Use the :manage action instead.') + run_action(:manage) +end + +# Create if doesn't exist, do not touch if port is already registered (even under different type) +action :add do + if selinux_disabled? + Chef::Log.warn("Unable to add SELinux port #{new_resource.name} as SELinux is disabled") + return + end + + if current_port_context.empty? + converge_by "Adding context #{new_resource.secontext} to port #{new_resource.port}/#{new_resource.protocol}" do + shell_out!("semanage port -a -t '#{new_resource.secontext}' -p #{new_resource.protocol} #{new_resource.port}") + end + end +end + +# Only modify port if it exists & doesn't have the correct context already +action :modify do + if selinux_disabled? + Chef::Log.warn("Unable to modify SELinux port #{new_resource.name} as SELinux is disabled") + return + end + + if !current_port_context.empty? && !current_port_context.include?(new_resource.secontext) + converge_by "Modifying context #{new_resource.secontext} to port #{new_resource.port}/#{new_resource.protocol}" do + shell_out!("semanage port -m -t '#{new_resource.secontext}' -p #{new_resource.protocol} #{new_resource.port}") + end + end +end + +# Delete if exists +action :delete do + if selinux_disabled? + Chef::Log.warn("Unable to delete SELinux port #{new_resource.name} as SELinux is disabled") + return + end + + unless current_port_context.empty? + converge_by "Deleting context from port #{new_resource.port}/#{new_resource.protocol}" do + shell_out!("semanage port -d -p #{new_resource.protocol} #{new_resource.port}") + end + end +end diff --git a/cookbooks/selinux/resources/state.rb b/cookbooks/selinux/resources/state.rb new file mode 100644 index 0000000..36dee12 --- /dev/null +++ b/cookbooks/selinux/resources/state.rb @@ -0,0 +1,114 @@ +# +# Cookbook:: selinux +# Resource:: state +# +# Copyright:: 2016-2023, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +unified_mode true + +include ::SELinux::Cookbook::StateHelpers + +default_action :nothing + +property :config_file, String, + default: '/etc/selinux/config' + +property :persistent, [true, false], + default: true, + description: 'Persist status update to the selinux configuration file' + +property :policy, String, + default: lazy { default_policy_platform }, + equal_to: %w(default minimum mls src strict targeted), + description: 'SELinux policy type' + +property :automatic_reboot, [true, false, Symbol], + default: false, + description: 'Perform an automatic node reboot if required for state change' + +deprecated_property_alias 'temporary', 'persistent', 'The temporary property was renamed persistent in the 4.0 release of this cookbook. Please update your cookbooks to use the new property name.' + +action_class do + include ::SELinux::Cookbook::StateHelpers + + def render_selinux_template(action) + Chef::Log.warn( + 'It is advised to set the configuration first to permissive to relabel the filesystem prior to enforcing.' + ) if selinux_disabled? && action == :enforcing + + unless new_resource.automatic_reboot + Chef::Log.warn('Changes from disabled require a reboot.') if selinux_disabled? && %i(enforcing permissive).include?(action) + Chef::Log.warn('Disabling selinux requires a reboot.') if (selinux_enforcing? || selinux_permissive?) && action == :disabled + end + + template "#{action} selinux config" do + path new_resource.config_file + source 'selinux.erb' + cookbook 'selinux' + variables( + selinux: action.to_s, + selinuxtype: new_resource.policy + ) + end + end + + def node_selinux_restart + unless new_resource.automatic_reboot + Chef::Log.warn("SELinux state change to #{action} requires a manual reboot as SELinux is currently #{selinux_state} and automatic reboots are disabled.") + return + end + + outer_action = action + reboot 'selinux_state_change' do + delay_mins 1 + reason "SELinux state change to #{outer_action} from #{selinux_state}" + + action new_resource.automatic_reboot.is_a?(Symbol) ? new_resource.automatic_reboot : :reboot_now + end + end +end + +action :enforcing do + execute 'selinux-setenforce-enforcing' do + command '/usr/sbin/setenforce 1' + end unless selinux_disabled? || selinux_enforcing? + + execute 'debian-selinux-activate' do + command selinux_activate_cmd + end if selinux_activate_required? + + render_selinux_template(action) if new_resource.persistent + node_selinux_restart if state_change_reboot_required? +end + +action :permissive do + execute 'selinux-setenforce-permissive' do + command '/usr/sbin/setenforce 0' + end unless selinux_disabled? || selinux_permissive? + + execute 'debian-selinux-activate' do + command selinux_activate_cmd + end if selinux_activate_required? + + render_selinux_template(action) if new_resource.persistent + node_selinux_restart if state_change_reboot_required? +end + +action :disabled do + raise 'A non-persistent change to the disabled SELinux status is not possible.' unless new_resource.persistent + + render_selinux_template(action) + node_selinux_restart if state_change_reboot_required? +end diff --git a/cookbooks/selinux/resources/user.rb b/cookbooks/selinux/resources/user.rb new file mode 100644 index 0000000..03e5ee0 --- /dev/null +++ b/cookbooks/selinux/resources/user.rb @@ -0,0 +1,95 @@ +# +# Cookbook:: selinux +# Resource:: user +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :user, String, + name_property: true, + description: 'SELinux user' + +property :level, String, + description: 'MLS/MCS security level for the user' + +property :range, String, + description: 'MLS/MCS security range for the user' + +property :roles, Array, + description: 'SELinux roles for the user' + +load_current_value do |new_resource| + users = shell_out!('semanage user -l').stdout.split("\n") + + current_user = users.grep(/^#{Regexp.escape(new_resource.user)}\s+/) do |u| + u.match(/^(?[^\s]+)\s+(?[^\s]+)\s+(?[^\s]+)\s+(?[^\s]+)\s+(?.*)$/) + # match returns [] or [], shift converts that to or nil + end.shift + + current_value_does_not_exist! unless current_user + + # Existing resources should maintain their current configuration unless otherwise specified + new_resource.level ||= current_user[:level] + new_resource.range ||= current_user[:range] + new_resource.roles ||= current_user[:roles].to_s.split + new_resource.roles = new_resource.roles.sort + + level current_user[:level] + range current_user[:range] + roles current_user[:roles].to_s.split.sort +end + +action_class do + def semanage_user_args + args = '' + + args += " -L #{new_resource.level}" if new_resource.level + args += " -r #{new_resource.range}" if new_resource.range + args += " -R '#{new_resource.roles.join(' ')}'" unless new_resource.roles.to_a.empty? + + args + end +end + +action :manage do + run_action(:add) + run_action(:modify) +end + +action :add do + raise 'The roles property must be populated to create a new SELinux user' if new_resource.roles.to_a.empty? + + unless current_resource + converge_if_changed do + shell_out!("semanage user -a#{semanage_user_args} #{new_resource.user}") + end + end +end + +action :modify do + if current_resource + converge_if_changed do + shell_out!("semanage user -m#{semanage_user_args} #{new_resource.user}") + end + end +end + +action :delete do + if current_resource + converge_by "deleting SELinux user #{new_resource.user}" do + shell_out!("semanage user -d #{new_resource.user}") + end + end +end diff --git a/cookbooks/selinux/templates/debian/selinux.erb b/cookbooks/selinux/templates/debian/selinux.erb new file mode 100644 index 0000000..7a403b6 --- /dev/null +++ b/cookbooks/selinux/templates/debian/selinux.erb @@ -0,0 +1,18 @@ +# Generated by Chef for <%= node['fqdn'] %> +# Do NOT modify this file by hand. +# + +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=<%= @selinux %> +# SELINUXTYPE= can take one of these three values: +# default - equivalent to the old strict and targeted policies +# mls - Multi-Level Security (for military and educational use) +# src - Custom policy built from source +SELINUXTYPE=<%= @selinuxtype %> + +# SETLOCALDEFS= Check local definition changes +SETLOCALDEFS=0 diff --git a/cookbooks/selinux/templates/default/selinux.erb b/cookbooks/selinux/templates/default/selinux.erb new file mode 100644 index 0000000..e1c84d8 --- /dev/null +++ b/cookbooks/selinux/templates/default/selinux.erb @@ -0,0 +1,15 @@ +# Generated by Chef for <%= node['fqdn'] %> +# Do NOT modify this file by hand. +# + +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=<%= @selinux %> +# SELINUXTYPE= can take one of these three values: +# targeted - Targeted processes are protected, +# minimum - Modification of targeted policy. Only selected processes are protected. +# mls - Multi Level Security protection. +SELINUXTYPE=<%= @selinuxtype %> diff --git a/cookbooks/selinux_policy/CHANGELOG.md b/cookbooks/selinux_policy/CHANGELOG.md deleted file mode 100644 index 08a5048..0000000 --- a/cookbooks/selinux_policy/CHANGELOG.md +++ /dev/null @@ -1,221 +0,0 @@ -# selinux_policy CHANGELOG - -This file is used to changes made in each version of the selinux_policy cookbook. - -## 2.4.3 (2020-08-07) - -- Ship the correct license file since this cookbook was relicensed - [@tas50](https://github.com/tas50) -- Update testing configs - [@tas50](https://github.com/tas50) -- Update the maintainer to be Chef Software - [@tas50](https://github.com/tas50) - -## 2.4.2 (2020-08-07) - -- Make sure the `setpersist` action runs by default not `set` to match the docs. - -## 2.4.1 - 2020-05-14 - -- resolved cookstyle error: resources/module.rb:26:35 convention: `Layout/TrailingWhitespace` -- resolved cookstyle error: resources/module.rb:26:36 refactor: `ChefModernize/FoodcriticComments` - -## [2.4.0] - 2020-02-13 - -- Fix port_defined helper function for Centos 8 compatibility -- Test fixes - -## [2.3.6] - 2020-01-26 - -- Fix issue on use_selinux function -- Migrate to github actions -- Resolved ChefStyle/ImmediateNotificationTiming: Use :immediately instead of :immediate for resource notification timing notifies - -## [2.3.5] - 2019-02-15 - -- Fix resource failure in permissive.rb Caused by [#96](https://github.com/sous-chefs/selinux_policy/pull/96) -- Migrated testing to circleci - -## [2.3.4] - 2019-02-07 - -- Fix `shell_out` to use an actual shell. Caused by [#88](https://github.com/sous-chefs/selinux_policy/issues/88) - -## [2.3.3] - 2019-02-06 - -- Perform relabel (restorecon) using xargs while still supporting regexes. Fixes [#88](https://github.com/sous-chefs/selinux_policy/issues/88) - -## [2.3.2] - 2018-11-29 - -- Cache which helper method calls - -## [2.3.1] - 2018-11-29 - -- Use `chef/mixin/which` to locate selinux binaries. Fixes [#85](https://github.com/sous-chefs/selinux_policy/issues/85) & [#93](https://github.com/sous-chefs/selinux_policy/issues/93) - -## [2.3.0] - 2018-11-27 - -- Further fixes for the earlier refactoring -- Repair CI jobs - -## [2.2.0] - 2018-11-21 - -- Large refactoring to helpers and resources -- Add RHEL-8 packages - -## [2.1.0] - 2018-04-12 - -- Port definition methods to check for already defined ports -- Cleanup resource cloning -- Deprecate support for Chef 12.x now it's EOL -- Fix Foodcritic warnings & update test platforms - -## 2.0.1 - 2017-04-21 - -- Perform relabel (restorecon) using find to support regexes - -## 2.0.0 - 2017-02-23 - -- This cookbook has been moved to the Sous Chefs org. See sous-chefs.org for more information -- Require Chef 12.1 or later -- Use compat_resource instead of requiring yum -- Don't install yum::dnf_yum_compat on Fedora since Chef has DNF support now -- Don't define attributes in the metadata as these aren't used -- Remove the Vagrantfile -- Add chef_version requirements to the metadata -- Test with ChefDK / Rake in Travis instead of gems -- Resolve Foodcritic, Cookstyle, and Chefspec warnings - -## 1.1.1 - -- [7307850] (Adam Ward) Silence fcontext guard output -- [ad71437] (nitz) Restorecon is now done via shell_out -- [fa30813] (James Le Cuirot) Change yum dependency to ~> 4.0 -- [cd9a8da] (nitz) Removed selinux enforcing from kitchen, unified runlists - -## 1.1.0 - -- [daften] Added `file_type` for fcontext - -## 1.0.1 - -- [backslasher] - Foodcritic and rubocop improvements - -## 1.0.0 - -- [equick] - Validating ports better -- [backslasher] - FContext relabling for flies is now immediate. (Possibly breaking) -- [backslasher] - testing made slightly more elegant - -## 0.9.6 - -- [jhmartin] - Updated README -- [backslasher] - Major revision of testing - -## 0.9.5 - -- [backslasher] - Modified yum dependency - -## 0.9.4 - -- [mhorbul] - Fixed state detection in boolean resource - -## 0.9.3 - -- [backlsasher] - Fixed testing & kitchen -- [jbartko] - Added Fedora support - -## 0.9.2 - -- [backslasher] - Ignoring nonexisting files in restorecon - -## 0.9.1 - -- [backslasher] - Fixed issue with module being partially executed on machines with SELinux disabled - -## 0.9.0 - -- [backslasher] - module overhaul: code refactoring, supporting new input, testing, new actions -- [backslasher] - fcontext overhaul: code refactoring, testing, new action - -**Note**: I don't think I have any breaking changes here. If there are, I apologise and request that you create an issue with a test recipe that fails on the problem (so I can reproduce) - -## 0.8.1 - -- [backslasher] - Added Travis CI harness -- [backslasher] - Fixed typo in README - -## 0.8.0 - -- [backslasher] - Test overhaul. Now testing is somewhat reliable when using ports -- [backslasher] - Port search is a function -- [backslasher] - Port detection now supports ranges. No possibility to add ranges (yet) - -## 0.7.2 - -- [shortdudey123] - ChefSpec matchers, helps testing - -## 0.7.1 - -- [backslasher] - Forgot contributor - -## 0.7.0 - -- [chewi] - Fixed prereq packages -- [backslasher] - Modified misleading comment -- [chewi] - Move helpers into a cookbook-specific module -- [chewi] - Prevent use_selinux from blowing up on systems without getenforce - -## 0.6.5 - -- [backslasher] - Ubuntu installation warning - -## 0.6.4 - -- [sauraus] - CentOS 7 support -- [sauraus] - Typos - -## 0.6.3 - -- [backslasher] - Readme updates -- [kevans] - Added kitchen testing - -## 0.6.2 - -- [kevans] - Support Chef 11.8.0 running shellout!() -- [backslasher] - Simplified support info -- [backslasher] - ASCIIed files - -## 0.6.1 - -- [backslasher] - Migrated to `only_if` instead of if -- [backslasher] - README typos - -## 0.6.0 - -- [joerg] - Added fcontext resource for managing file contexts under SELinux - -## 0.5.0 - -- [backslasher] - Added RHEL5/derivatives support. Thanks to @knightorc. -- **Cookbook will break on RHEL7\. If anyone experiences this, please check required packages and create an issue/PR** -- [backslasher] - Machines without SELinux are (opionally) supported. Thanks to @knightroc. - -## 0.4.0 - -- [backlasher] - Fixed foodcritic errors - -## 0.3.0 - -- [backlasher] - Fixed `install.rb` syntax. Now it actually works - -## 0.2.0 - -- [backlasher] - Added module resource. Currently supports deployment and removal (because that's what I need) -- [backlasher] - Added permissive resource - -## 0.1.0 - -- [backlasher] - Initial release of selinuxpolicy - -[2.3.2]: https://github.com/sous-chefs/selinux_policy/compare/v2.3.1...v2.3.2 -[2.3.1]: https://github.com/sous-chefs/selinux_policy/compare/v2.3.0...v2.3.1 -[2.3.0]: https://github.com/sous-chefs/selinux_policy/compare/v2.2.0...v2.3.0 -[2.2.0]: https://github.com/sous-chefs/selinux_policy/compare/v2.1.0...v2.2.0 -[2.1.0]: https://github.com/sous-chefs/selinux_policy/compare/v2.0.1...v2.1.0 diff --git a/cookbooks/selinux_policy/CONTRIBUTING.md b/cookbooks/selinux_policy/CONTRIBUTING.md deleted file mode 100644 index a946aea..0000000 --- a/cookbooks/selinux_policy/CONTRIBUTING.md +++ /dev/null @@ -1,4 +0,0 @@ -# Contributing - -Please refer to -[https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) diff --git a/cookbooks/selinux_policy/README.md b/cookbooks/selinux_policy/README.md deleted file mode 100644 index 73587db..0000000 --- a/cookbooks/selinux_policy/README.md +++ /dev/null @@ -1,209 +0,0 @@ -# selinux_policy Cookbook - -[![Cookbook Version](https://img.shields.io/cookbook/v/selinux_policy.svg)](https://supermarket.chef.io/cookbooks/selinux_policy) -[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) - -This cookbook can be used to manage SELinux policies and components (rather than just enable / disable enforcing). I made it because I needed some SELinux settings done, and the `execute`s started to look annoying. - -## Requirements - -Needs an SELinux policy active (so its values can be managed). Can work with a disabled SELinux system (see attribute `allow_disabled`), which will generate warnings and do nothing (but won't break the run). Also requires SELinux's management tools, namely `semanage`, `setsebool` and `getsebool`. Tools are installed by the `selinux_policy::install` recipe (for RHEL/Debian and the like). - -### Chef Infra Client - -- 13 or later - -### Platforms - -- rhel -- fedora - -## Attributes - -These attributes affect the way all of the resource behave. - -- `node['selinux_policy']['allow_disabled']` - Whether to allow runs when SELinux is disabled. Will generate warnings, but the run won't fail. Defaults to `true`, set to `false` if you don't have any machines with disabled SELinux. - -## Usage - -- `selinux_policy::install` - Installs SELinux policy management tools - -This cookbook's functionality is exposed via resources, so it should be called from a wrapper cookbook. Remember to add `depends 'selinux_policy'` to your `metadata.rb`. - -### boolean - -Represents an SELinux [boolean](http://wiki.gentoo.org/wiki/SELinux/Tutorials/Using_SELinux_booleans). You can either `set` it, meaning it will be changed without persistence (it will revert to default in the next reboot), or `setpersist` it (default action), so it'll keep it value after rebooting. Using `setpersist` requires an active policy (so that the new value can be saved somewhere). - -Properties: - -- `name`: boolean's name. Defaults to resource name. -- `value`: Its new value (`true`/`false`). -- `force`: Use `setsebool` even if the current value agrees with the requested one. - -Example usage: - -```ruby -include_recipe 'selinux_policy::install' - -selinux_policy_boolean 'httpd_can_network_connect' do - value true - # Make sure nginx is started if this value was modified - notifies :start,'service[nginx]', :immediate -end -``` - -**Note**: Due to ruby interperting `0` as `true`, using `value 0` is unwise. - -### port - -Allows assigning a network port to a certain SELinux context. As explained [here](http://wiki.centos.org/HowTos/SELinux#head-ad837f60830442ae77a81aedd10c20305a811388), it can be useful for running Apache on a non-standard port. - -Actions: - -- `addormodify` (default): Assigns the port to the right context, whether it's already listed another context or not at all. -- `add`: Assigns the port to the right context it's if not listed (only uses `-a`). -- `modify`: Changes the port's context if it's already listed (only uses `-m`). -- `delete`: Removes the port's context if it's listed (uses `-d`). - -Properties: - -- `port`: The port in question, defaults to resource name. -- `protocol`: `tcp`/`udp`. -- `secontext`: The SELinux context to assign the port to. Unnecessary when using `delete`. - -Example usage: - -```ruby -include_recipe 'selinux_policy::install' - -# Allow nginx to bind to port 5678, by giving it the http_port_t context -selinux_policy_port '5678' do - protocol 'tcp' - secontext 'http_port_t' -end -``` - -### module - -Manages SEModules - -Actions: - -- `fetch`: Prepares the module's files for compilation. Allow `remote_directory`-like behavior -- `compile`: Translates a module source directory into a `NAME.pp` file. Uses `make` logic for idempotence. -- `install`: Adds a compiled module (`pp`) to the current policy. Only installs if the module was modified this run, `force` is enabled or it's missing from the current policy. **Note:** I wish I could compare the existing module to the one generated, but the `extract` capability was only added in [Aug 15](https://github.com/SELinuxProject/selinux/commit/65c6325271b54d3de9c17352a57d469dfbd12729). I'll be happy to see a better idea. -- `deploy` (default): Runs `fetch`, `compile`, `install` in that order. -- `remove`: Removes a module. - -Properties: - -- `name`: The module name. Defaults to resource name. -- `directory`: Directory where module is stored. Defaults to a directory inside the Chef cache. -- `content`: The module content, can be extracted from `audit2allow -m NAME`. This can be used to create simple modules without using external files. -- `directory_source`: Copies files cookbook to the module directory (uses `remote_directory`). Allows keeping all of the module's source files in the cookbook. **Note:** You can pre-create the module directory and populate it in any other way you'd choose. -- `cookbook`: Modifies the source cookbook for the `remote_directory`. -- `force`: Installs the module even if it seems fine. Ruins idempotence but should help solve some weird cases. - -Example usage: - -```ruby -include_recipe 'selinux_policy::install' - -# Allow openvpn to write/delete in '/etc/openvpn' -selinux_policy_module 'openvpn-googleauthenticator' do - content <<-eos - module dy-openvpn-googleauthenticator 1.0; - - require { - type openvpn_t; - type openvpn_etc_t; - class file { write unlink }; - } - - - #============= openvpn_t ============== - allow openvpn_t openvpn_etc_t:file { write unlink }; - eos - action :deploy -end -``` - -### fcontext - -Allows managing the SELinux context of files. This can be used to grant SELinux-protected daemons access to additional / moved files. - -Actions: - -- `addormodify` (default): Assigns the file regexp to the right context, whether it's already listed another context or not at all. -- `add`: Assigns the file regexp to the right context it's if not listed (only uses -a). -- `modify`: Changes the file regexp context if it's already listed (only uses -m). -- `delete`: Removes the file regexp context if it's listed (uses -d). - -Properties: - -- `file_spec`: This is the file regexp in question, defaults to resource name. -- `secontext`: The SELinux context to assign the file regexp to. Not required for `:delete` -- `file_type`: Restrict the fcontext to specific file types. See the table below for an overview. See also for more info -- **a** All files -- **f** Regular files -- **d** Directory -- **c** Character device -- **b** Block device -- **s** Socket -- **l** Symbolic link -- **p** Namedpipe - -Example usage (see mysql cookbook for example daemons ): - -```ruby -include_recipe 'selinux_policy::install' - -# Allow http servers (nginx/apache) to modify moodle files -selinux_policy_fcontext '/var/www/moodle(/.*)?' do - secontext 'httpd_sys_rw_content_t' -end - -# Allow a custom mysql daemon to access its files. -{'mysqld_etc_t' => "/etc/mysql-#{service_name}(/.*)?", -'mysqld_etc_t' => "/etc/mysql-#{service_name}/my\.cnf", -'mysqld_log_t' => "/var/log/mysql-#{service_name}(/.*)?", -'mysqld_db_t' => "/opt/mysql_data_#{service_name}(/.*)?", -'mysqld_var_run_t' => "/var/run/mysql-#{service_name}(/.*)?", -'mysqld_initrc_exec_t' => "/etc/rc\.d/init\.d/mysql-#{service_name}"}.each do |sc, f| - selinux_policy_fcontext f do - secontext sc - end -end - -# Adapt a symbolic link -selinux_policy_fcontext '/var/www/symlink_to_webroot' do - secontext 'httpd_sys_rw_content_t' - filetype 'l' -end -``` - -### permissive - -Allows some types to misbehave without stopping them. Not as good as specific policies, but better than disabling SELinux entirely. - -Actions: - -- `add`: Adds a permissive, unless it's already added -- `delete`: Deletes a permissive if it's listed - -Example usage: - -```ruby -include_recipe 'selinux_policy::install' - -# Disable enforcement on Nginx -# As described on http://nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/ - -selinux_policy_permissive 'nginx' do - notifies :restart, 'service[nginx]' -end -``` - -## Original Author - -[Nitzan Raz](https://github.com/BackSlasher) ([backslasher](http://backslasher.net)) \ No newline at end of file diff --git a/cookbooks/selinux_policy/libraries/helpers.rb b/cookbooks/selinux_policy/libraries/helpers.rb deleted file mode 100644 index cf163c5..0000000 --- a/cookbooks/selinux_policy/libraries/helpers.rb +++ /dev/null @@ -1,108 +0,0 @@ -class Chef - module SELinuxPolicy - module Helpers - require 'chef/mixin/shell_out' - include Chef::Mixin::ShellOut - # Checks if SELinux is disabled or otherwise unavailable and - # whether we're allowed to run when disabled - def use_selinux(allow_disabled) - begin - getenforce = shell_out!(getenforce_cmd) - rescue - selinux_disabled = true - else - selinux_disabled = getenforce.stdout =~ /disabled/i - end - - # return false only when SELinux is disabled and it's allowed - return_val = !selinux_disabled || !(selinux_disabled && allow_disabled) - Chef::Log.warn('SELinux is disabled / unreachable, skipping') unless return_val - return_val - end - - def sebool(new_resource, persist = false) - persist_string = persist ? '-P ' : '' - new_value = new_resource.value ? 'on' : 'off' - execute "selinux-setbool-#{new_resource.name}-#{new_value}" do - command "#{setsebool_cmd} #{persist_string} #{new_resource.name} #{new_value}" - not_if "#{getsebool_cmd} #{new_resource.name} | grep '#{new_value}$' >/dev/null" unless new_resource.force - only_if { use_selinux(new_resource.allow_disabled) } - end - end - - def module_defined(name) - "#{semodule_cmd} -l | grep -w '^#{name}'" - end - - def shell_boolean(expression) - expression ? 'true' : 'false' - end - - def port_defined(protocol, port, label = nil) - base_command = "seinfo --portcon=#{port} | grep 'portcon #{protocol}' | awk -F: '$(NF-1) !~ /reserved_port_t$/ && $(NF-3) !~ /[0-9]*-[0-9]*/ {print $(NF-1)}'" - grep = if label - "grep -P '#{Regexp.escape(label)}'" - else - 'grep -q ^' - end - "#{base_command} | #{grep}" - end - - def validate_port(port) - raise ArgumentError, "port value: #{port} is invalid." unless port.to_s =~ /^\d+$/ - end - - def fcontext_defined(file_spec, file_type, label = nil) - file_hash = { - 'a' => 'all files', - 'f' => 'regular file', - 'd' => 'directory', - 'c' => 'character device', - 'b' => 'block device', - 's' => 'socket', - 'l' => 'symbolic link', - 'p' => 'named pipe', - } - - label_matcher = label ? "system_u:object_r:#{Regexp.escape(label)}:s0\\s*$" : '' - "#{semanage_cmd} fcontext -l | grep -qP '^#{Regexp.escape(file_spec)}\\s+#{Regexp.escape(file_hash[file_type])}\\s+#{label_matcher}'" - end - - def semanage_options(file_type) - # Set options for file_type - if node['platform_family'].include?('rhel') && Chef::VersionConstraint.new('< 7.0').include?(node['platform_version']) - case file_type - when 'a' then '-f ""' - when 'f' then '-f --' - else; "-f -#{file_type}" - end - else - "-f #{file_type}" - end - end - - require 'chef/mixin/which' - include Chef::Mixin::Which - - def setsebool_cmd - @setsebool_cmd ||= which('setsebool') - end - - def getsebool_cmd - @getsebool_cmd ||= which('getsebool') - end - - def getenforce_cmd - @getenforce_cmd ||= which('getenforce') - end - - def semanage_cmd - @semanage_cmd ||= which('semanage') - end - - def semodule_cmd - @semodule_cmd ||= which('semodule') - end - end - end -end diff --git a/cookbooks/selinux_policy/metadata.json b/cookbooks/selinux_policy/metadata.json deleted file mode 100644 index e13875a..0000000 --- a/cookbooks/selinux_policy/metadata.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"selinux_policy","version":"2.4.3","description":"Manages SELinux policy components","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"redhat":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","ubuntu":">= 0.0.0","debian":">= 0.0.0","amazon":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/selinux_policy","issues_url":"https://github.com/sous-chefs/selinux_policy/issues","chef_version":[[">= 13.0"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/selinux_policy/metadata.rb b/cookbooks/selinux_policy/metadata.rb deleted file mode 100644 index b715015..0000000 --- a/cookbooks/selinux_policy/metadata.rb +++ /dev/null @@ -1,16 +0,0 @@ -name 'selinux_policy' -maintainer 'Chef Software, Inc.' -maintainer_email 'cookbooks@chef.io' -license 'Apache-2.0' -description 'Manages SELinux policy components' -source_url 'https://github.com/sous-chefs/selinux_policy' -issues_url 'https://github.com/sous-chefs/selinux_policy/issues' -chef_version '>= 13.0' -version '2.4.3' - -supports 'redhat' -supports 'centos' -supports 'fedora' -supports 'ubuntu' -supports 'debian' -supports 'amazon' diff --git a/cookbooks/selinux_policy/recipes/default.rb b/cookbooks/selinux_policy/recipes/default.rb deleted file mode 100644 index d7a17d2..0000000 --- a/cookbooks/selinux_policy/recipes/default.rb +++ /dev/null @@ -1 +0,0 @@ -# Nothing here diff --git a/cookbooks/selinux_policy/recipes/install.rb b/cookbooks/selinux_policy/recipes/install.rb deleted file mode 100644 index a88347d..0000000 --- a/cookbooks/selinux_policy/recipes/install.rb +++ /dev/null @@ -1 +0,0 @@ -selinux_policy_install 'install' diff --git a/cookbooks/selinux_policy/resources/boolean.rb b/cookbooks/selinux_policy/resources/boolean.rb deleted file mode 100644 index 3fd359c..0000000 --- a/cookbooks/selinux_policy/resources/boolean.rb +++ /dev/null @@ -1,19 +0,0 @@ -# A resource for managing SELinux Booleans - -property :value, [true, false] -property :force, [true, false], default: false -property :allow_disabled, [true, false], default: true - -# Set and persist -action :setpersist do - sebool(new_resource, true) -end - -# Set for now, without persisting -action :set do - sebool(new_resource, false) -end - -action_class do - include Chef::SELinuxPolicy::Helpers -end diff --git a/cookbooks/selinux_policy/resources/fcontext.rb b/cookbooks/selinux_policy/resources/fcontext.rb deleted file mode 100644 index 596dc18..0000000 --- a/cookbooks/selinux_policy/resources/fcontext.rb +++ /dev/null @@ -1,71 +0,0 @@ -# Manages file specs in SELinux -# See http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3715134 - -property :file_spec, String, name_property: true -property :secontext, String -property :file_type, String, default: 'a', equal_to: %w(a f d c b s l p) -property :allow_disabled, [true, false], default: true - -action :addormodify do - run_action(:add) - run_action(:modify) -end - -# Run restorecon to fix label -# https://github.com/sous-chefs/selinux_policy/pull/72#issuecomment-338718721 -action :relabel do - converge_by 'relabel' do - spec = new_resource.file_spec - escaped = Regexp.escape spec - - common = - if spec == escaped - spec - else - index = spec.size.times { |i| break i if spec[i] != escaped[i] } - ::File.dirname spec[0...index] - end - - # Just in case the spec is very weird... - common = '/' if common[0] != '/' - - if ::File.exist? common - shell_out!("find #{common.shellescape} -ignore_readdir_race -regextype posix-egrep -regex #{spec.shellescape} -prune -print0 2>/dev/null | xargs -0 restorecon -iRv") - end - end -end - -# Create if doesn't exist, do not touch if fcontext is already registered -action :add do - execute "selinux-fcontext-#{new_resource.secontext}-add" do - command "#{semanage_cmd} fcontext -a #{semanage_options(new_resource.file_type)} -t #{new_resource.secontext} '#{new_resource.file_spec}'" - not_if fcontext_defined(new_resource.file_spec, new_resource.file_type) - only_if { use_selinux(new_resource.allow_disabled) } - notifies :relabel, new_resource, :immediately - end -end - -# Delete if exists -action :delete do - execute "selinux-fcontext-#{new_resource.secontext}-delete" do - command "#{semanage_cmd} fcontext #{semanage_options(new_resource.file_type)} -d '#{new_resource.file_spec}'" - only_if fcontext_defined(new_resource.file_spec, new_resource.file_type, new_resource.secontext) - only_if { use_selinux(new_resource.allow_disabled) } - notifies :relabel, new_resource, :immediately - end -end - -action :modify do - execute "selinux-fcontext-#{new_resource.secontext}-modify" do - command "#{semanage_cmd} fcontext -m #{semanage_options(new_resource.file_type)} -t #{new_resource.secontext} '#{new_resource.file_spec}'" - only_if { use_selinux(new_resource.allow_disabled) } - only_if fcontext_defined(new_resource.file_spec, new_resource.file_type) - not_if fcontext_defined(new_resource.file_spec, new_resource.file_type, new_resource.secontext) - notifies :relabel, new_resource, :immediately - end -end - -action_class do - include Chef::SELinuxPolicy::Helpers - include Chef::Mixin::Which -end diff --git a/cookbooks/selinux_policy/resources/install.rb b/cookbooks/selinux_policy/resources/install.rb deleted file mode 100644 index 2d4a181..0000000 --- a/cookbooks/selinux_policy/resources/install.rb +++ /dev/null @@ -1,32 +0,0 @@ -property :allow_disabled, [true, false], default: true - -action :install do - case node['platform_family'] - when 'debian' - raise 'Install SELinux manually on Ubuntu. See https://wiki.ubuntu.com/SELinux' if platform?('ubuntu') - - execute 'selinux-activate' do - action :nothing - end - - package %w(selinux-policy-default selinux-basics auditd) do - notifies :run, 'execute[selinux-activate]', :immediately - end - - when 'rhel' - case node['platform_version'].to_i - when 6 - package %w(policycoreutils-python selinux-policy setools-console make) - when 7 - package %w(policycoreutils-python selinux-policy-devel setools-console make) - when 8 - package %w(policycoreutils-python-utils selinux-policy-devel setools-console make) - else - raise 'Unknown version of RHEL/derivative, cannot determine required package names' - end - when 'fedora' - package %w(policycoreutils-python selinux-policy-devel setools-console make) - else - raise 'Unknown distro, cannot determine required package names' - end -end diff --git a/cookbooks/selinux_policy/resources/module.rb b/cookbooks/selinux_policy/resources/module.rb deleted file mode 100644 index 532f12d..0000000 --- a/cookbooks/selinux_policy/resources/module.rb +++ /dev/null @@ -1,75 +0,0 @@ -# A resource for managing SE modules - -property :module_name, String, name_property: true -property :force, [true, false], default: false -property :directory, String, default: lazy { "#{Chef::Config[:file_cache_path]}/#{module_name}" } # content to work with. Defaults to autogenerated name in the Chef cache. Can be provided and pre-populated -# Content options: -property :content, String # provide a 'te' file directly. Optional -property :directory_source, String # Source directory for module source code. If specified, will use "remote_directory" on the directory specified as `directory` -property :cookbook, String # Related to directory -property :allow_disabled, [true, false], default: true - -action :deploy do - run_action(:fetch) - run_action(:compile) - run_action(:install) -end - -# Get all the components in the right place -action :fetch do - directory new_resource.directory do - only_if { use_selinux(new_resource.allow_disabled) } - end - - raise 'dont specify both directory_source and content' if new_resource.directory_source && new_resource.content - - if new_resource.directory_source - remote_directory new_resource.directory do - source new_resource.directory_source - cookbook new_resource.cookbook - only_if { use_selinux(new_resource.allow_disabled) } - end - end - - if new_resource.content - file "#{new_resource.directory}/#{new_resource.module_name}.te" do - content new_resource.content - only_if { use_selinux(new_resource.allow_disabled) } - end - end -end - -action :compile do - make_command = "/usr/bin/make -f /usr/share/selinux/devel/Makefile #{new_resource.module_name}.pp" - execute "semodule-compile-#{new_resource.module_name}" do - command make_command - not_if "#{make_command} -q", cwd: new_resource.directory # $? = 1 means make wants to execute http://www.gnu.org/software/make/manual/html_node/Running.html - only_if { use_selinux(new_resource.allow_disabled) } - cwd new_resource.directory - end -end - -# deploy / upgrade module -# XXX this looks ugly because CentOS 6.X doesn't support extracting -# SELinux modules from the current policy, which I planned on comparing -# to my compiled file. I'll be happy to see anything else (that works). -action :install do - filename = "#{new_resource.directory}/#{new_resource.module_name}.pp" - execute "semodule-install-#{new_resource.module_name}" do - command "#{semodule_cmd} -i #{filename}" - only_if "#{shell_boolean(new_resource.updated_by_last_action? || new_resource.force)} || ! (#{module_defined(new_resource.module_name)}) " - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -action :remove do - execute "semodule-remove-#{new_resource.module_name}" do - command "#{semodule_cmd} -r #{new_resource.module_name}" - only_if module_defined(new_resource.module_name) - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -action_class do - include Chef::SELinuxPolicy::Helpers -end diff --git a/cookbooks/selinux_policy/resources/permissive.rb b/cookbooks/selinux_policy/resources/permissive.rb deleted file mode 100644 index d6bf92d..0000000 --- a/cookbooks/selinux_policy/resources/permissive.rb +++ /dev/null @@ -1,25 +0,0 @@ -# a resource for managing selinux permissive contexts - -property :allow_disabled, [true, false], default: true - -# Create if doesn't exist, do not touch if port is already registered (even under different type) -action :add do - execute "selinux-permissive-#{new_resource.name}-add" do - command "#{semanage_cmd} permissive -a '#{new_resource.name}'" - not_if "#{semanage_cmd} permissive -l | grep '^#{new_resource.name}$'" - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -# Delete if exists -action :delete do - execute "selinux-port-#{new_resource.name}-delete" do - command "#{semanage_cmd} permissive -d '#{new_resource.name}'" - not_if "#{semanage_cmd} permissive -l | grep '^#{new_resource.name}$'" - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -action_class do - include Chef::SELinuxPolicy::Helpers -end diff --git a/cookbooks/selinux_policy/resources/port.rb b/cookbooks/selinux_policy/resources/port.rb deleted file mode 100644 index 87b76fb..0000000 --- a/cookbooks/selinux_policy/resources/port.rb +++ /dev/null @@ -1,50 +0,0 @@ -# Manages a port assignment in SELinux -# See http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3715134 - -property :port, [Integer, String], name_property: true -property :protocol, String, equal_to: %w(tcp udp) -property :secontext, String -property :allow_disabled, [true, false], default: true - -action :addormodify do - # TODO: We can be a bit more clever here, and try to detect if it's already - # there then modify - # Try to add new port - run_action(:add) - # Try to modify existing port - run_action(:modify) -end - -# Create if doesn't exist, do not touch if port is already registered (even under different type) -action :add do - validate_port(new_resource.port) - execute "selinux-port-#{new_resource.port}-add" do - command "#{semanage_cmd} port -a -t #{new_resource.secontext} -p #{new_resource.protocol} #{new_resource.port}" - not_if port_defined(new_resource.protocol, new_resource.port, new_resource.secontext) - not_if port_defined(new_resource.protocol, new_resource.port) - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -# Delete if exists -action :delete do - validate_port(new_resource.port) - execute "selinux-port-#{new_resource.port}-delete" do - command "#{semanage_cmd} port -d -p #{new_resource.protocol} #{new_resource.port}" - only_if port_defined(new_resource.protocol, new_resource.port) - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -action :modify do - execute "selinux-port-#{new_resource.port}-modify" do - command "#{semanage_cmd} port -m -t #{new_resource.secontext} -p #{new_resource.protocol} #{new_resource.port}" - only_if port_defined(new_resource.protocol, new_resource.port) - not_if port_defined(new_resource.protocol, new_resource.port, new_resource.secontext) - only_if { use_selinux(new_resource.allow_disabled) } - end -end - -action_class do - include Chef::SELinuxPolicy::Helpers -end diff --git a/roles/redis_local.rb b/roles/redis_local.rb deleted file mode 100644 index 4b1ee2d..0000000 --- a/roles/redis_local.rb +++ /dev/null @@ -1,8 +0,0 @@ -name "redis_local" - -run_list %w( - redisio::default - redisio::enable -) - -default_attributes({}) diff --git a/roles/redis_server.rb b/roles/redis_server.rb new file mode 100644 index 0000000..fa44105 --- /dev/null +++ b/roles/redis_server.rb @@ -0,0 +1,7 @@ +name "redis_server" + +run_list %w( + kosmos_redis::default +) + +default_attributes({}) diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index b0997e9..b1a49e5 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -14,5 +14,3 @@ node.default['akkounts']['smtp']['from_address'] = 'Kosmos Accounts