diff --git a/Berksfile b/Berksfile index ae3097c..28ca794 100644 --- a/Berksfile +++ b/Berksfile @@ -4,16 +4,13 @@ source 'https://supermarket.chef.io' cookbook 'mediawiki', git: 'https://github.com/67P/mediawiki-cookbook.git', - ref: 'f8d0f6b19af4381fdc390aaa32c51a54bd73afdc' -cookbook 'wordpress', - git: 'https://github.com/67P/wordpress-cookbook.git', - ref: 'relax_dependencies' + ref: '20fbdf12394d297bc895d457e4b47ede663794cc' cookbook 'redis', git: 'https://github.com/phlipper/chef-redis.git', ref: 'v0.5.6' cookbook 'postfix', '= 5.0.2' -cookbook 'php-fpm', '= 0.7.9' -cookbook 'php', '= 4.2.0' +cookbook 'php-fpm', '~> 0.8.0' +cookbook 'php', '~> 6.1.1' cookbook 'composer', '~> 2.6.1' cookbook 'poise-ruby-build', '~> 1.1.0' cookbook 'application', '~> 5.2.0' @@ -34,12 +31,12 @@ cookbook 'nginx', '= 9.0.0' # Remove when cookbooks stop depending on it, the build_essential resource is # part of Chef 14 (https://docs.chef.io/resource_build_essential.html) cookbook 'build-essential', '~> 8.2.1' -cookbook 'mysql', '= 6.1.3' +cookbook 'mysql', '~> 8.5.1' cookbook 'postgresql', '= 7.1.4' cookbook 'apt', '~> 7.0.0' cookbook 'git', '= 6.0.0' cookbook 'hostsfile', '= 2.4.5' -cookbook 'ohai', '= 5.0.4' +cookbook 'ohai', '~> 5.2.5' cookbook 'nodejs', '~> 5.0.0' # Deprecated, but wordpress and mediawiki depend on it and it would painful # to change it without moving the databases @@ -49,20 +46,13 @@ cookbook 'chef_client_updater', '= 1.1.1' cookbook 'timezone_iii', '= 1.0.4' cookbook 'ark', '= 3.1.0' cookbook 'logrotate', '= 2.2.0' -cookbook 'openssl', '= 7.1.0' +cookbook 'openssl', '~> 8.5.5' cookbook 'ntp', '= 3.4.0' -cookbook 'yum', '= 3.13.0' -cookbook 'yum-epel', '= 0.3.6' -cookbook 'yum-mysql-community', '= 2.1.0' cookbook 'apache2', '= 3.3.0' cookbook 'chef-sugar', '= 3.3.0' cookbook 'compat_resource', '= 12.19.0' -cookbook 'dmg', '= 4.0.0' cookbook 'homebrew', '= 3.0.0' -cookbook 'windows', '= 3.1.1' -cookbook 'iis', '= 6.7.1' cookbook 'mariadb', '= 0.3.1' -cookbook 'mingw', '= 2.0.0' cookbook 'ipfs', git: 'https://github.com/67P/ipfs-cookbook.git', ref: 'v0.1.2' diff --git a/Berksfile.lock b/Berksfile.lock index e2dd896..faa4f7e 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -12,13 +12,11 @@ DEPENDENCIES compat_resource (= 12.19.0) composer (~> 2.6.1) database (= 6.1.1) - dmg (= 4.0.0) firewall (~> 2.6.3) git (= 6.0.0) homebrew (= 3.0.0) hostname (= 0.4.2) hostsfile (= 2.4.5) - iis (= 6.7.1) ipfs git: https://github.com/67P/ipfs-cookbook.git revision: 78d3edfd78c56a25494ac84528e152762f38b3be @@ -27,18 +25,17 @@ DEPENDENCIES mariadb (= 0.3.1) mediawiki git: https://github.com/67P/mediawiki-cookbook.git - revision: f8d0f6b19af4381fdc390aaa32c51a54bd73afdc - ref: f8d0f6b - mingw (= 2.0.0) - mysql (= 6.1.3) + revision: 20fbdf12394d297bc895d457e4b47ede663794cc + ref: 20fbdf1 + mysql (~> 8.5.1) mysql2_chef_gem (= 1.1.0) nginx (= 9.0.0) nodejs (~> 5.0.0) ntp (= 3.4.0) - ohai (= 5.0.4) - openssl (= 7.1.0) - php (= 4.2.0) - php-fpm (= 0.7.9) + ohai (~> 5.2.5) + openssl (~> 8.5.5) + php (= 6.1.1) + php-fpm (~> 0.8.0) poise (~> 2.8.2) poise-archive (~> 1.5.0) poise-javascript (~> 1.2.0) @@ -54,14 +51,6 @@ DEPENDENCIES ref: v0.5.6 timezone_iii (= 1.0.4) users (~> 5.3.1) - windows (= 3.1.1) - wordpress - git: https://github.com/67P/wordpress-cookbook.git - revision: 593ad2c7957fc427da739510de59f36ad648ee5e - ref: relax_d - yum (= 3.13.0) - yum-epel (= 0.3.6) - yum-mysql-community (= 2.1.0) GRAPH apache2 (3.3.0) @@ -100,7 +89,7 @@ GRAPH windows (>= 0.0.0) database (6.1.1) postgresql (>= 1.0.0) - dmg (4.0.0) + dmg (4.1.1) firewall (2.6.3) chef-sugar (>= 0.0.0) git (6.0.0) @@ -111,8 +100,6 @@ GRAPH hostname (0.4.2) hostsfile (>= 0.0.0) hostsfile (2.4.5) - iis (6.7.1) - windows (>= 2.0) ipfs (0.1.2) ark (>= 0.0.0) logrotate (2.2.0) @@ -124,15 +111,12 @@ GRAPH apache2 (>= 0.0.0) database (>= 0.0.0) mysql (>= 0.0.0) - mysql2_chef_gem (>= 0.0.0) nginx (>= 0.0.0) php (>= 0.0.0) php-fpm (>= 0.0.0) - mingw (2.0.0) + mingw (2.1.0) seven_zip (>= 0.0.0) - mysql (6.1.3) - smf (>= 0.0.0) - yum-mysql-community (>= 0.0.0) + mysql (8.5.1) mysql2_chef_gem (1.1.0) build-essential (>= 0.0.0) mariadb (>= 0.0.0) @@ -145,16 +129,12 @@ GRAPH ark (>= 2.0.2) build-essential (>= 0.0.0) ntp (3.4.0) - ohai (5.0.4) - openssl (7.1.0) - php (4.2.0) - build-essential (>= 0.0.0) - mysql (>= 6.0.0) - xml (>= 0.0.0) + ohai (5.2.5) + openssl (8.5.5) + php (6.1.1) + build-essential (>= 5.0) yum-epel (>= 0.0.0) - php-fpm (0.7.9) - apt (>= 0.0.0) - yum (>= 3.0) + php-fpm (0.8.0) poise (2.8.2) poise-archive (1.5.0) poise (~> 2.6) @@ -181,36 +161,12 @@ GRAPH poise (~> 2.0) postfix (5.0.2) postgresql (7.1.4) - rbac (1.0.3) redis (0.5.6) apt (>= 0.0.0) - selinux (0.9.0) seven_zip (2.0.2) windows (>= 1.2.2) - smf (2.2.8) - rbac (>= 1.0.1) - tar (2.2.0) timezone_iii (1.0.4) users (5.3.1) - windows (3.1.1) - ohai (>= 4.0.0) - wordpress (3.1.0) - apache2 (>= 2.0.0) - build-essential (>= 0.0.0) - database (>= 1.6.0) - iis (>= 1.6.2) - mysql (>= 6.0) - mysql2_chef_gem (>= 1.0.1) - nginx (>= 0.0.0) - openssl (>= 0.0.0) - php (>= 0.0.0) - php-fpm (>= 0.0.0) - selinux (~> 0.7) - tar (>= 0.3.1) - xml (3.1.2) - build-essential (>= 0.0.0) - yum (3.13.0) - yum-epel (0.3.6) - yum (~> 3.0) - yum-mysql-community (2.1.0) - compat_resource (>= 12.16.3) + windows (5.3.0) + yum (5.1.0) + yum-epel (3.3.0) diff --git a/cookbooks/dmg/CHANGELOG.md b/cookbooks/dmg/CHANGELOG.md index 0890748..a5f10e0 100644 --- a/cookbooks/dmg/CHANGELOG.md +++ b/cookbooks/dmg/CHANGELOG.md @@ -2,6 +2,18 @@ This file is used to list changes made in each version of the dmg cookbook. +## 4.1.1 (2018-04-06) + +- The dmg_package resource is now included in Chef 14 and this cookbook has been deprecated. We highly recommend updating to Chef 14 so you can use this resource without the need for a cookbook dependency. +- Validate the type field in the resource +- Remove the now autogenerated ChefSpec matchers + +## 4.1.0 (2017-11-15) + +- Adds allow_untrusted property for older packages that aren't signed +- Resolve Chef 14 deprecation warnings +- Minor testing updates and cleanup + ## 4.0.0 (2017-04-27) - Converted the existing LWRP to a custom resource which increases the required chef-client release to 12.5+ diff --git a/cookbooks/dmg/MAINTAINERS.md b/cookbooks/dmg/MAINTAINERS.md deleted file mode 100644 index c8f99e2..0000000 --- a/cookbooks/dmg/MAINTAINERS.md +++ /dev/null @@ -1,18 +0,0 @@ - - -# Maintainers -This file lists how this cookbook project is maintained. When making changes to the system, this -file tells you who needs to review your patch - you need a review from an existing maintainer -for the cookbook to provide a :+1: on your pull request. Additionally, you need -to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) -for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/dmg/README.md b/cookbooks/dmg/README.md index cfe0f85..86f95aa 100644 --- a/cookbooks/dmg/README.md +++ b/cookbooks/dmg/README.md @@ -1,3 +1,5 @@ +The dmg_package resource is now included in Chef 14 and this cookbook has been deprecated. We highly recommend updating to Chef 14 so you can use this resource without the need for a cookbook dependency. + # dmg Cookbook [![Build Status](https://travis-ci.org/chef-cookbooks/dmg.svg?branch=master)](https://travis-ci.org/chef-cookbooks/dmg) [![Cookbook Version](https://img.shields.io/cookbook/v/dmg.svg)](https://supermarket.chef.io/cookbooks/dmg) @@ -49,6 +51,7 @@ Optionally, the LWRP can install an "mpkg" or "pkg" package using installer(8). - `dmg_passphrase` - Specify a passphrase to use to unencrypt the dmg while mounting. - `accept_eula` - Specify whether to accept the EULA. Certain dmgs require acceptance of EULA before mounting. Can be true or false, defaults to false. - `headers` - Allows custom HTTP headers (like cookies) to be set on the remote_file resource. +- `allow_untrusted` - Allows packages with untrusted certs to be installed. #### Examples diff --git a/cookbooks/dmg/libraries/matchers.rb b/cookbooks/dmg/libraries/matchers.rb deleted file mode 100644 index c66a086..0000000 --- a/cookbooks/dmg/libraries/matchers.rb +++ /dev/null @@ -1,24 +0,0 @@ -# -# Cookbook:: dmg -# Library:: matchers -# -# Copyright:: 2014-2017, Fletcher Nichol -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -if defined?(ChefSpec) - def install_dmg_package(app) - ChefSpec::Matchers::ResourceMatcher.new(:dmg_package, :install, app) - end -end diff --git a/cookbooks/dmg/metadata.json b/cookbooks/dmg/metadata.json index 05ee917..7c3f674 100644 --- a/cookbooks/dmg/metadata.json +++ b/cookbooks/dmg/metadata.json @@ -1 +1 @@ -{"name":"dmg","version":"4.0.0","description":"Resource for installing macOS applications from DMGs","long_description":"# dmg Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/dmg.svg?branch=master)](https://travis-ci.org/chef-cookbooks/dmg) [![Cookbook Version](https://img.shields.io/cookbook/v/dmg.svg)](https://supermarket.chef.io/cookbooks/dmg)\n\nResource to install OS X applications (.app) from dmg files.\n\n## Requirements\n\n### Platforms\n\n- macOS\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- none\n\n## Resources/Providers\n\n### dmg_package\n\nThis resource will install a DMG \"Package\". It will retrieve the DMG from a remote URL, mount it using OS X's `hdid`, copy the application (.app directory) to the specified destination (/Applications), and detach the image using `hdiutil`. The dmg file will be stored in the `Chef::Config[:file_cache_path]`. If you want to install an application that has already been downloaded (not using the `source` parameter), copy it to the appropriate location. You can find out what directory this is with the following command on the node to run chef:\n\n```bash\nknife exec -E 'p Chef::Config[:file_cache_path]' -c /etc/chef/client.rb\n```\n\nOptionally, the LWRP can install an \"mpkg\" or \"pkg\" package using installer(8).\n\n#### Actions\n\n- :install - Installs the application.\n\n#### Parameter attributes:\n\n- `app` - This is the name of the application used by default for the /Volumes directory and the .app directory copied to /Applications.\n- `source` - remote URL for the dmg to download if specified. Default is nil.\n- `file` - local dmg full file path. Default is nil.\n- `owner` - owner that should own the package installation.\n- `destination` - directory to copy the .app into. Default is /Applications.\n- `checksum` - sha256 checksum of the dmg to download. Default is nil.\n- `type` - type of package, \"app\", \"pkg\" or \"mpkg\". Default is \"app\". When using \"pkg\" or \"mpkg\", the destination must be /Applications.\n- `volumes_dir` - Directory under /Volumes where the dmg is mounted. Not all dmgs are mounted into a /Volumes location matching the name of the dmg. If not specified, this will use the name attribute.\n- `package_id` - Package id registered with pkgutil when a pkg or mpkg is installed\n- `dmg_name` - Specify the name of the dmg if it is not the same as `app`, or if the name has spaces.\n- `dmg_passphrase` - Specify a passphrase to use to unencrypt the dmg while mounting.\n- `accept_eula` - Specify whether to accept the EULA. Certain dmgs require acceptance of EULA before mounting. Can be true or false, defaults to false.\n- `headers` - Allows custom HTTP headers (like cookies) to be set on the remote_file resource.\n\n#### Examples\n\nInstall `/Applications/Tunnelblick.app` from the primary download site.\n\n```ruby\ndmg_package 'Tunnelblick' do\n source 'https://tunnelblick.net/release/Tunnelblick_3.7.0_build_4790.dmg'\n checksum '5053038aa8caf7dea66dcab11d6d240672216e6546eff4c2622e216c61af85e5'\n action :install\nend\n```\n\nInstall Google Chrome. Uses the `dmg_name` because the application name has spaces. Installs in `/Applications/Google Chrome.app`.\n\n```ruby\ndmg_package 'Google Chrome' do\n dmg_name 'googlechrome'\n source 'https://dl-ssl.google.com/chrome/mac/stable/GGRM/googlechrome.dmg'\n checksum '7daa2dc5c46d9bfb14f1d7ff4b33884325e5e63e694810adc58f14795165c91a'\n action :install\nend\n```\n\nInstall Dropbox. Uses `volumes_dir` because the mounted directory is different than the name of the application directory. Installs in `/Applications/Dropbox.app`.\n\n```ruby\ndmg_package 'Dropbox' do\n volumes_dir 'Dropbox Installer'\n source 'http://www.dropbox.com/download?plat=mac'\n checksum 'b4ea620ca22b0517b75753283ceb82326aca8bc3c86212fbf725de6446a96a13'\n action :install\nend\n```\n\nInstall MacIrssi to `~/Applications` from the local file downloaded to the cache path into an Applications directory in the current user's home directory. Chef should run as a non-root user for this.\n\n```ruby\ndirectory \"#{ENV['HOME']}/Applications\"\n\ndmg_package 'MacIrssi' do\n destination \"#{ENV['HOME']}/Applications\"\n action :install\nend\n```\n\nInstall Virtualbox to `/Applications` from the .mpkg:\n\n```ruby\ndmg_package 'Virtualbox' do\n source 'http://dlc.sun.com.edgesuite.net/virtualbox/4.0.8/VirtualBox-4.0.8-71778-OSX.dmg'\n type 'mpkg'\nend\n```\n\nInstall pgAdmin to `/Applications` and automatically accept the EULA:\n\n```ruby\ndmg_package 'pgAdmin3' do\n source 'http://wwwmaster.postgresql.org/redir/198/h/pgadmin3/release/v1.12.3/osx/pgadmin3-1.12.3.dmg'\n checksum '9435f79d5b52d0febeddfad392adf82db9df159196f496c1ab139a6957242ce9'\n accept_eula true\nend\n```\n\nInstall Silverlight, with idempotence check based on pkgutil:\n\n```ruby\ndmg_package 'Silerlight' do\n source 'http://silverlight.dlservice.microsoft.com/download/D/C/2/DC2D5838-9138-4D25-AA92-52F61F7C51E6/runtime/Silverlight.dmg'\n type 'pkg'\n checksum '6d4a0ad4552d9815531463eb3f467fb8cf4bffcc'\n package_id 'com.microsoft.installSilverlightPlugin'\nend\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2011-2017, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"mac_os_x":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/dmg","issues_url":"https://github.com/chef-cookbooks/dmg/issues","chef_version":[[">= 12.5"]],"ohai_version":[]} \ No newline at end of file +{"name":"dmg","version":"4.1.1","description":"Resource for installing macOS applications from DMGs","long_description":"The dmg_package resource is now included in Chef 14 and this cookbook has been deprecated. We highly recommend updating to Chef 14 so you can use this resource without the need for a cookbook dependency.\n\n# dmg Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/dmg.svg?branch=master)](https://travis-ci.org/chef-cookbooks/dmg) [![Cookbook Version](https://img.shields.io/cookbook/v/dmg.svg)](https://supermarket.chef.io/cookbooks/dmg)\n\nResource to install OS X applications (.app) from dmg files.\n\n## Requirements\n\n### Platforms\n\n- macOS\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- none\n\n## Resources/Providers\n\n### dmg_package\n\nThis resource will install a DMG \"Package\". It will retrieve the DMG from a remote URL, mount it using OS X's `hdid`, copy the application (.app directory) to the specified destination (/Applications), and detach the image using `hdiutil`. The dmg file will be stored in the `Chef::Config[:file_cache_path]`. If you want to install an application that has already been downloaded (not using the `source` parameter), copy it to the appropriate location. You can find out what directory this is with the following command on the node to run chef:\n\n```bash\nknife exec -E 'p Chef::Config[:file_cache_path]' -c /etc/chef/client.rb\n```\n\nOptionally, the LWRP can install an \"mpkg\" or \"pkg\" package using installer(8).\n\n#### Actions\n\n- :install - Installs the application.\n\n#### Parameter attributes:\n\n- `app` - This is the name of the application used by default for the /Volumes directory and the .app directory copied to /Applications.\n- `source` - remote URL for the dmg to download if specified. Default is nil.\n- `file` - local dmg full file path. Default is nil.\n- `owner` - owner that should own the package installation.\n- `destination` - directory to copy the .app into. Default is /Applications.\n- `checksum` - sha256 checksum of the dmg to download. Default is nil.\n- `type` - type of package, \"app\", \"pkg\" or \"mpkg\". Default is \"app\". When using \"pkg\" or \"mpkg\", the destination must be /Applications.\n- `volumes_dir` - Directory under /Volumes where the dmg is mounted. Not all dmgs are mounted into a /Volumes location matching the name of the dmg. If not specified, this will use the name attribute.\n- `package_id` - Package id registered with pkgutil when a pkg or mpkg is installed\n- `dmg_name` - Specify the name of the dmg if it is not the same as `app`, or if the name has spaces.\n- `dmg_passphrase` - Specify a passphrase to use to unencrypt the dmg while mounting.\n- `accept_eula` - Specify whether to accept the EULA. Certain dmgs require acceptance of EULA before mounting. Can be true or false, defaults to false.\n- `headers` - Allows custom HTTP headers (like cookies) to be set on the remote_file resource.\n- `allow_untrusted` - Allows packages with untrusted certs to be installed.\n\n#### Examples\n\nInstall `/Applications/Tunnelblick.app` from the primary download site.\n\n```ruby\ndmg_package 'Tunnelblick' do\n source 'https://tunnelblick.net/release/Tunnelblick_3.7.0_build_4790.dmg'\n checksum '5053038aa8caf7dea66dcab11d6d240672216e6546eff4c2622e216c61af85e5'\n action :install\nend\n```\n\nInstall Google Chrome. Uses the `dmg_name` because the application name has spaces. Installs in `/Applications/Google Chrome.app`.\n\n```ruby\ndmg_package 'Google Chrome' do\n dmg_name 'googlechrome'\n source 'https://dl-ssl.google.com/chrome/mac/stable/GGRM/googlechrome.dmg'\n checksum '7daa2dc5c46d9bfb14f1d7ff4b33884325e5e63e694810adc58f14795165c91a'\n action :install\nend\n```\n\nInstall Dropbox. Uses `volumes_dir` because the mounted directory is different than the name of the application directory. Installs in `/Applications/Dropbox.app`.\n\n```ruby\ndmg_package 'Dropbox' do\n volumes_dir 'Dropbox Installer'\n source 'http://www.dropbox.com/download?plat=mac'\n checksum 'b4ea620ca22b0517b75753283ceb82326aca8bc3c86212fbf725de6446a96a13'\n action :install\nend\n```\n\nInstall MacIrssi to `~/Applications` from the local file downloaded to the cache path into an Applications directory in the current user's home directory. Chef should run as a non-root user for this.\n\n```ruby\ndirectory \"#{ENV['HOME']}/Applications\"\n\ndmg_package 'MacIrssi' do\n destination \"#{ENV['HOME']}/Applications\"\n action :install\nend\n```\n\nInstall Virtualbox to `/Applications` from the .mpkg:\n\n```ruby\ndmg_package 'Virtualbox' do\n source 'http://dlc.sun.com.edgesuite.net/virtualbox/4.0.8/VirtualBox-4.0.8-71778-OSX.dmg'\n type 'mpkg'\nend\n```\n\nInstall pgAdmin to `/Applications` and automatically accept the EULA:\n\n```ruby\ndmg_package 'pgAdmin3' do\n source 'http://wwwmaster.postgresql.org/redir/198/h/pgadmin3/release/v1.12.3/osx/pgadmin3-1.12.3.dmg'\n checksum '9435f79d5b52d0febeddfad392adf82db9df159196f496c1ab139a6957242ce9'\n accept_eula true\nend\n```\n\nInstall Silverlight, with idempotence check based on pkgutil:\n\n```ruby\ndmg_package 'Silerlight' do\n source 'http://silverlight.dlservice.microsoft.com/download/D/C/2/DC2D5838-9138-4D25-AA92-52F61F7C51E6/runtime/Silverlight.dmg'\n type 'pkg'\n checksum '6d4a0ad4552d9815531463eb3f467fb8cf4bffcc'\n package_id 'com.microsoft.installSilverlightPlugin'\nend\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2011-2017, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"mac_os_x":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/dmg","issues_url":"https://github.com/chef-cookbooks/dmg/issues","chef_version":[[">= 12.5"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/dmg/resources/package.rb b/cookbooks/dmg/resources/package.rb index 8a3a089..71b5327 100644 --- a/cookbooks/dmg/resources/package.rb +++ b/cookbooks/dmg/resources/package.rb @@ -26,12 +26,13 @@ property :destination, String, default: '/Applications' property :checksum, String property :volumes_dir, String property :dmg_name, String -property :type, String, default: 'app' +property :type, String, default: 'app', equal_to: %w(app pkg mpkg) property :installed, [true, false], default: false, desired_state: false property :package_id, String property :dmg_passphrase, String property :accept_eula, [true, false], default: false property :headers, [Hash, nil], default: nil +property :allow_untrusted, [true, false], default: false load_current_value do |new_resource| if ::File.directory?("#{new_resource.destination}/#{new_resource.app}.app") @@ -87,7 +88,10 @@ action :install do ignore_failure true end when 'mpkg', 'pkg' - execute "installation_file=$(ls '/Volumes/#{volumes_dir}' | grep '.#{new_resource.type}$') && sudo installer -pkg \"/Volumes/#{volumes_dir}/$installation_file\" -target /" do + install_cmd = "installation_file=$(ls '/Volumes/#{volumes_dir}' | grep '.#{new_resource.type}$') && sudo installer -pkg \"/Volumes/#{volumes_dir}/$installation_file\" -target /" + install_cmd += ' -allowUntrusted' if new_resource.allow_untrusted + + execute install_cmd do # Prevent cfprefsd from holding up hdiutil detach for certain disk images environment('__CFPREFERENCES_AVOID_DAEMON' => '1') end diff --git a/cookbooks/iis/.foodcritic b/cookbooks/iis/.foodcritic deleted file mode 100644 index 66929c6..0000000 --- a/cookbooks/iis/.foodcritic +++ /dev/null @@ -1,2 +0,0 @@ -~FC059 -~FC023 \ No newline at end of file diff --git a/cookbooks/iis/CHANGELOG.md b/cookbooks/iis/CHANGELOG.md deleted file mode 100644 index 0d31b3c..0000000 --- a/cookbooks/iis/CHANGELOG.md +++ /dev/null @@ -1,348 +0,0 @@ -# iis Cookbook CHANGELOG - -This file is used to list changes made in each version of the iis cookbook. - -## 6.7.1 (2017-06-09) -- [Fix issue with guard clause missing on check](https://github.com/chef-cookbooks/iis/pull/378) - -## 6.7.0 (2017-06-09) -- [Fix idempotency in `iis_app`, `iis_root`, and `iis_vdir`](https://github.com/chef-cookbooks/iis/pull/375) - -## 6.6.0 (2017-06-01) -- Convert `iis_module` to a custom resource - -## 6.5.3 (2017-05-17) -- Refactor `iis_vdir` name property to `application_name` -- Resolves a bug in iis_vdir also adds more liberty in config - -## 6.5.2 (2017-05-15) -- [Update iis_vdir name to not require a trailing /](https://github.com/chef-cookbooks/iis/pull/363) -- [Fix iis_pool identity_type issue](https://github.com/chef-cookbooks/iis/pull/362) - -## 6.5.1 (2017-05-12) -- [iis_pool is not Idempotent](https://github.com/chef-cookbooks/iis/issues/354) -- Fix whitespace in `iis_pool` name - -## 6.5.0 (2017-05-10) -- Convert `iis_root` to a custom resource -- [uninitialized constant Chef::Resource::IisRoot](https://github.com/chef-cookbooks/iis/issues/333) -- [mime types are not deleted](https://github.com/chef-cookbooks/iis/issues/321) -- [iis_root errors on 'duplicate collection entry of type 'mimeMap'](https://github.com/chef-cookbooks/iis/issues/199) - -## 6.4.1 (2017-05-05) -- [fix bug with start having ! in front](https://github.com/chef-cookbooks/iis/pull/349) - -## 6.4.0 (2017-05-04) -- Convert `iis_section` to a custom resource -- Resolve issue with `iis_pool` - -## 6.3.1 (2017-04-26) - -- [Fix multiple issues with ~FC023](https://github.com/chef-cookbooks/iis/pull/341) - -## 6.3.0 (2017-04-24) - -- Convert `iis_pool` to a custom resource -- Convert `iis_vdir` to a custom resource -- Bug fix for `log` function change to `Chef::Log` - -## 6.2.0 (2017-04-18) - -- Convert `iis_site` to a custom resource - -## 6.1.0 (2017-04-14) - -- Convert `iis_config` to a custom resource - -## 6.0.1 (2017-04-07) - -- Fix undefined method `site_identifier` with iis_app resource. - -## 6.0.0 (2017-04-06) - -- Rewrite of `iis_app` resource to use custom resources. -- Addition of testing for `iis_app` resource. - -## 5.1.0 (2017-03-20) - -- Require at least windows 2.0 cookbook -- Run integration testing in Appveyer -- Switched testing to Inspec from pester/ServerSpec combo -- Removed the empty iis_test cookbook - -## 5.0.8 (2017-03-13) - -- [iis-root default_documents broke from last fix](#306) - -## 5.0.7 (2017-03-07) - -- [iis-root default_documents deleted every chef run](#306) - -## 5.0.6 (2017-02-24) - -- [iis_version is not evaluated properly on if statement](#308) - -## 5.0.5 (2016-11-21) - -- [Fixed no_managed_code idempotency](#301) - -## 5.0.4 (2016-10-11) - -- fixed adding an app pool to a site - This fixes a bug where adding an app pool to a site causes an error. This was using the 'add app' where we are working with a site and the syntax is slightly different according to this [documentation](https://technet.microsoft.com/en-us/library/cc732992%28v=ws.10%29.aspx). - -## 5.0.3 (2016-10-10) - -- Log event on recycle - This allows you to specify which events you want to log on recycle. This also changes this so that it defaults to the standard nothing, which means you will need to add this attribute if you are depending on it. - -## 5.0.2 (2016-10-07) - -- [Minor over oversight in IIS::mod_aspnet 5.0.1](#296) -- [IIS Pool resource thirty_two_bit false doesn't](#292) - -## 5.0.1 (2016-09-21) - -- Fix mod_management to include dependencies (#293) - -## 5.0.0 (2016-09-06) - -- Adding 2k12 version flag to the windows_feature resource (#291) -- Testing updates -- Avoid deprecation warnings in the specs -- Require Chef 12+ - -## 4.2.0 (2016-08-09) - -- Feature pool recycle virtual memory (#288) - -## v4.1.10 (2016-06-29) - -- Resolves [Issue with error 50 when installing mod_aspnet](https://github.com/chef-cookbooks/iis/issues/285) - -## v4.1.9 (2016-06-26) - -- Resolves [Add deprecation warnings for iis_config in 4.2](https://github.com/chef-cookbooks/iis/issues/284) -- Resolves [iis_pool is not idempotent when recycle_at_time is specified and is not changed](https://github.com/chef-cookbooks/iis/issues/279) - -## v4.1.8 (2016-04-15) - -- Fixed smp_processor_affinity_mask throwing deprecation warnings -- Added additional chefspec tests -- Updated testing dependencies to the latests -- Disabled FC059 rule for now - -## v4.1.7 (2016-03-25) - -- Resolves [smp_processor_affinity_mask is wrong value type](https://github.com/chef-cookbooks/iis/issues/266) -- Resolves [Not a valid unsigned integer](https://github.com/chef-cookbooks/iis/issues/261) -- Resolves [Deprecated features used](https://github.com/chef-cookbooks/iis/issues/259) -- Resolves [Deprecated feature used, fix before chef 13](https://github.com/chef-cookbooks/iis/issues/253) -- Resolves [iis_site :config action not idempotent (Windows 2012 R2/IIS 8.5)](https://github.com/chef-cookbooks/iis/issues/249) -- Resolves [Can't set recycle_at_time to default](https://github.com/chef-cookbooks/iis/issues/247) - -## v4.1.6 (2016-02-01) - -- Resolves issues with [Unable to set app pool to be "No Managed Code"](https://github.com/chef-cookbooks/iis/issues/240) -- Resolves [Add_mime_maps is throwing compile error](https://github.com/chef-cookbooks/iis/issues/238) -- Resolves [FATAL: NameError: iis_root "xxx" had an error: NameError: No resource, method, or local variable named `was _updated' for`LWRP provider iis_root from cookbook iis](https://github.com/chef-cookbooks/iis/issues/236) - -## v4.1.5 (2015-11-18) - -- Resolves issues with `iis_root` [#222](https://github.com/chef-cookbooks/iis/issues/222) - -## v4.1.4 (2015-11-2) - -- Re-added functionality for iis_pool auto_start, this was a breaking change - -## v4.1.3 (2015-10-30) - -- Resolves Robucop issues -- Bug Fix for [#217](https://github.com/chef-cookbooks/iis/issues/217) - -## v4.1.2 (2015-10-21) - -- Bug fixes for application pool provider and site provider -- Added the ability to detect the IIS Version, allowing for some properties to only exist for specific IIS versions -- Fixed issue with Win32 being required on linux -- Added support for mimeTypes and defaultDocuments on iis_sites -- Added iis config set and clear abilities - -## v4.1.1 (2015-05-07) - -- Detects changes in the physical path of apps. -- Adds support for gMSA identity. -- Performing add on a site will now reconfigure it if necessary. -- Lock and unlock commands on configuration sections now use -commit:apphost. -- Fix issue where popeline_mode was ignored during configuration of a pool. - -## v4.1.0 (2015-03-04) - -- Removed iis_pool attribute 'set_profile_environment' incompatible with < IIS-8. -- Added pester test framework. -- Condensed and fixed change-log to show public releases only. -- Fixed bug where bindings were being overwritten by :config. -- Code-cleanup and cosmetic fixes. - -## v4.0.0 (2015-02-12) - -- [#91](https://github.com/chef-cookbooks/iis/pull/91) - bulk addition of new features - - - Virtual Directory Support (allows virtual directories to be added to both websites and to webapplications under sites). - - section unlock and lock support (this is used to allow for the web.config of a site to define the authentication methods). - - fixed issue with :add on pool provider not running all config (this was a known issue and is now resolved). - - fixed issue with :config on all providers causing application pool recycles (every chef-client run). - - moved to better method for XML checking of previous settings to detect changes (changed all check to use xml searching with appcmd instead of the previous method [none]). - -- Improved pool resource with many more apppool properties that can be set. -- Fixed bug with default attribute inheritance. -- New recipe to enable ASP.NET 4.5. -- Skeleton serverspec+test-kitchen framework. -- Added Berksfile, Gemfile and .kitchen.yml to assist developers. -- Fixed issue [#107] function is_new_or_empty was returning reverse results. -- Removed dependency on "chef-client", ">= 3.7.0". -- Changed all files to UTF-8 file format. -- Fixed issue with iis_pool not putting ApplicationPoolIdentity and username/password. -- [#98] Fixed issues with bindings. -- added backwards compatibility for chef-client < 12.x.x Chef::Util::PathHelper. - -## v2.1.6 (2014-11-12) - -- [#78] Adds new_resource.updated_by_last_action calls - -## v2.1.5 (2014-09-15) - -- [#68] Add win_friendly_path to all appcmd.exe /physicalPath arguments - -## v2.1.4 (2014-09-13) - -- [#72] Adds chefspec matchers -- [#57] Fixes site_id not being updated on a :config action - -## v2.1.2 (2014-04-23) - -- [COOK-4559] Remove invalid UTF-8 characters - -## v2.1.0 (2014-03-25) - -[COOK-4426] - feature order correction for proper installation [COOK-4428] - Add IIS FTP Feature Installation - -## v2.0.4 (2014-03-18) - -- [COOK-4420] Corrected incorrect feature names for mod_security - -## v2.0.2 (2014-02-25) - -- [COOK-4108] - Add documentation for the 'bindings' attribute in 'iis_site' LWRP - -## v2.0.0 (2014-01-03) - -Major version bump - -## v1.6.6 - -Adding extra windows platform checks to helper library - -## v1.6.4 - -### Bug - -- **[COOK-4138](https://tickets.chef.io/browse/COOK-4138)** - iis cookbook won't load on non-Windows platforms - -## v1.6.2 - -### Improvement - -- **[COOK-3634](https://tickets.chef.io/browse/COOK-3634)** - provide ability to set app pool managedRuntimeVersion to "No Managed Code" - -## v1.6.0 - -### Improvement - -- **[COOK-3922](https://tickets.chef.io/browse/COOK-3922)** - refactor IIS cookbook to not require WebPI - -## v1.5.6 - -### Improvement - -- **[COOK-3770](https://tickets.chef.io/browse/COOK-3770)** - Add Enabled Protocols to IIS App Recipe - -## v1.5.4 - -### New Feature - -- **[COOK-3675](https://tickets.chef.io/browse/COOK-3675)** - Add recipe for CGI module - -## v1.5.2 - -### Bug - -- **[COOK-3232](https://tickets.chef.io/browse/COOK-3232)** - Allow `iis_app` resource `:config` action with a virtual path - -## v1.5.0 - -### Improvement - -- [COOK-2370]: add MVC2, escape `application_pool` and add options for -- recycling -- [COOK-2694]: update iis documentation to show that Windows 2012 and -- Windows 8 are supported - -### Bug - -- [COOK-2325]: `load_current_resource` does not load state of pool -- correctly, always sets running to false -- [COOK-2526]: Installing IIS after .NET framework will leave -- installation in non-working state -- [COOK-2596]: iis cookbook fails with indecipherable error if EULA -- not accepted - -## v1.4.0 - -- [COOK-2181] -Adding full module support to iis cookbook - -## v1.3.6 - -- [COOK-2084] - Add support for additional options during site creation -- [COOK-2152] - Add recipe for IIS6 metabase compatibility - -## v1.3.4 - -- [COOK-2050] - IIS cookbook does not have returns resource defined - -## v1.3.2 - -- [COOK-1251] - Fix LWRP "NotImplementedError" - -## v1.3.0 - -- [COOK-1301] - Add a recycle action to the iis_pool resource -- [COOK-1665] - app pool identity and new node[iis][component] attribute -- [COOK-1666] - Recipe to remove default site and app pool -- [COOK-1858] - Recipe misspelled - -## v1.2.0 - -- [COOK-1061] - `iis_site` doesn't allow setting the pool -- [COOK-1078] - handle advanced bindings -- [COOK-1283] - typo on pool -- [COOK-1284] - install iis application initialization -- [COOK-1285] - allow multiple host_header, port and protocol -- [COOK-1286] - allow directly setting which app pool on site creation -- [COOK-1449] - iis pool regex returns true if similar site exists -- [COOK-1647] - mod_ApplicationInitialization isn't RC - -## v1.1.0 - -- [COOK-1012] - support adding apps -- [COOK-1028] - support for config command -- [COOK-1041] - fix removal in app pools -- [COOK-835] - add app pool management -- [COOK-950] - documentation correction for version of IIS/OS - -## v1.0.2 - -- Ruby 1.9 compat fixes -- ensure carriage returns are removed before applying regex - -## v1.0.0 - -- [COOK-718] initial release diff --git a/cookbooks/iis/MAINTAINERS.md b/cookbooks/iis/MAINTAINERS.md deleted file mode 100644 index 8a8d7fe..0000000 --- a/cookbooks/iis/MAINTAINERS.md +++ /dev/null @@ -1,21 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Adam Edwards](https://github.com/adamedx) - -# Maintainers -* [Salim Alam](https://github.com/chefsalim) -* [Jennifer Davis](https://github.com/sigje) -* [Adam Edwards](https://github.com/adamedx) -* [Claire McQuin](https://github.com/mcquin) -* [Steven Murawski](https://github.com/smurawski) -* [Kartik Null Cating-Subramanian](https://github.com/ksubrama) -* [Justin Schuhmann](https://github.com/EasyAsABC123) -* [Tim Smith](https://github.com/tas50) -* [Matt Wrock](https://github.com/mwrock) \ No newline at end of file diff --git a/cookbooks/iis/README.md b/cookbooks/iis/README.md deleted file mode 100644 index f7d5362..0000000 --- a/cookbooks/iis/README.md +++ /dev/null @@ -1,613 +0,0 @@ -# iis Cookbook - -[![Build status](https://ci.appveyor.com/api/projects/status/f4gnv54b97rw1pbg/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/iis/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/iis.svg)](https://supermarket.chef.io/cookbooks/iis) - -Installs and configures Microsoft Internet Information Services (IIS) 7.0 and later - -## Contents - -- [Attributes](#attributes) -- [Resource/Provider](#resourceprovider) - - - [iis_root](#iis_root) Allows for easy management of the IIS Root Machine settings - - [iis_site](#iis_site) Allows for easy management of IIS virtual sites (ie vhosts). - - [iis_config](#iis_config) Runs a config command on your IIS instance. - - [iis_pool](#iis_pool) Creates an application pool in IIS. - - [iis_app](#iis_app) Creates an application in IIS. - - [iis_vdir](#iis_vdir) Allows easy management of IIS virtual directories (i.e. vdirs). - - [iis_section](#iis_section) Allows for the locking/unlocking of application web.config sections. - - [iis_module](#iis_module) Manages modules globally or on a per site basis. - -- [Usage](#usage) - - - [default](#default) Default recipe - - [mod_*](#mod_) Recipes for installing individual IIS modules (extensions). - -- [Alternatives](#alternative-cookbooks) - -- [License and Author](#license-and-author) - -## Requirements - -### Platforms - -- Windows Server 2008 (R1, R2) -- Windows Server 2012 (R1, R2) -- Windows Server 2016 - -### Chef - -- Chef 12.5+ - -### Cookbooks - -- windows - -## Attributes - -- `node['iis']['home']` - IIS main home directory. default is `%WINDIR%\System32\inetsrv` -- `node['iis']['conf_dir']` - location where main IIS configs lives. default is `%WINDIR%\System32\inetsrv\config` -- `node['iis']['pubroot']` - . default is `%SYSTEMDRIVE%\inetpub` -- `node['iis']['docroot']` - IIS web site home directory. default is `%SYSTEMDRIVE%\inetpub\wwwroot` -- `node['iis']['log_dir']` - location of IIS logs. default is `%SYSTEMDRIVE%\inetpub\logs\LogFiles` -- `node['iis']['cache_dir']` - location of cached data. default is `%SYSTEMDRIVE%\inetpub\temp` - -## Resource/Provider - -### iis_root - -Allows for easy management of the IIS Root Machine settings - -#### Actions - -`default` = `:config` - -- `:add` - only does addition operations will not delete anything to an Array object -- `:delete` - only does deletion operations will not add anything to an Array object -- `:config` - does both addition and deletion make sure your Array objects contain everything you want - -#### Properties - -- `default_documents_enabled` - Enables or disables default_documents for the root machine, Valid Values: true, false default: `true` -- `default_documents` - The items you want to set as the default document collection, only used during `:config`. Array of strings, default: `['Default.htm', 'Default.asp', 'index.htm', 'index.html', 'iisstart.htm', 'default.aspx']` -- `mime_maps` - The items you want to set as the mime-maps or mime-types collection, only used during `:config`. Array of strings, default: - - ```ruby - ["fileExtension='.323',mimeType='text/h323'", "fileExtension='.3g2',mimeType='video/3gpp2'", "fileExtension='.3gp2',mimeType='video/3gpp2'", "fileExtension='.3gp',mimeType='video/3gpp'", "fileExtension='.3gpp',mimeType='video/3gpp'", "fileExtension='.aaf',mimeType='application/octet-stream'", "fileExtension='.aac',mimeType='audio/aac'", "fileExtension='.aca',mimeType='application/octet-stream'", "fileExtension='.accdb',mimeType='application/msaccess'", "fileExtension='.accde',mimeType='application/msaccess'", "fileExtension='.accdt',mimeType='application/msaccess'", "fileExtension='.acx',mimeType='application/internet-property-stream'", "fileExtension='.adt',mimeType='audio/vnd.dlna.adts'", "fileExtension='.adts',mimeType='audio/vnd.dlna.adts'", "fileExtension='.afm',mimeType='application/octet-stream'", "fileExtension='.ai',mimeType='application/postscript'", "fileExtension='.aif',mimeType='audio/x-aiff'", "fileExtension='.aifc',mimeType='audio/aiff'", "fileExtension='.aiff',mimeType='audio/aiff'", "fileExtension='.application',mimeType='application/x-ms-application'", "fileExtension='.art',mimeType='image/x-jg'", "fileExtension='.asd',mimeType='application/octet-stream'", "fileExtension='.asf',mimeType='video/x-ms-asf'", "fileExtension='.asi',mimeType='application/octet-stream'", "fileExtension='.asm',mimeType='text/plain'", "fileExtension='.asr',mimeType='video/x-ms-asf'", "fileExtension='.asx',mimeType='video/x-ms-asf'", "fileExtension='.atom',mimeType='application/atom+xml'", "fileExtension='.au',mimeType='audio/basic'", "fileExtension='.avi',mimeType='video/avi'", "fileExtension='.axs',mimeType='application/olescript'", "fileExtension='.bas',mimeType='text/plain'", "fileExtension='.bcpio',mimeType='application/x-bcpio'", "fileExtension='.bin',mimeType='application/octet-stream'", "fileExtension='.bmp',mimeType='image/bmp'", "fileExtension='.c',mimeType='text/plain'", "fileExtension='.cab',mimeType='application/vnd.ms-cab-compressed'", "fileExtension='.calx',mimeType='application/vnd.ms-office.calx'", "fileExtension='.cat',mimeType='application/vnd.ms-pki.seccat'", "fileExtension='.cdf',mimeType='application/x-cdf'", "fileExtension='.chm',mimeType='application/octet-stream'", "fileExtension='.class',mimeType='application/x-java-applet'", "fileExtension='.clp',mimeType='application/x-msclip'", "fileExtension='.cmx',mimeType='image/x-cmx'", "fileExtension='.cnf',mimeType='text/plain'", "fileExtension='.cod',mimeType='image/cis-cod'", "fileExtension='.cpio',mimeType='application/x-cpio'", "fileExtension='.cpp',mimeType='text/plain'", "fileExtension='.crd',mimeType='application/x-mscardfile'", "fileExtension='.crl',mimeType='application/pkix-crl'", "fileExtension='.crt',mimeType='application/x-x509-ca-cert'", "fileExtension='.csh',mimeType='application/x-csh'", "fileExtension='.css',mimeType='text/css'", "fileExtension='.csv',mimeType='application/octet-stream'", "fileExtension='.cur',mimeType='application/octet-stream'", "fileExtension='.dcr',mimeType='application/x-director'", "fileExtension='.deploy',mimeType='application/octet-stream'", "fileExtension='.der',mimeType='application/x-x509-ca-cert'", "fileExtension='.dib',mimeType='image/bmp'", "fileExtension='.dir',mimeType='application/x-director'", "fileExtension='.disco',mimeType='text/xml'", "fileExtension='.dll',mimeType='application/x-msdownload'", "fileExtension='.dll.config',mimeType='text/xml'", "fileExtension='.dlm',mimeType='text/dlm'", "fileExtension='.doc',mimeType='application/msword'", "fileExtension='.docm',mimeType='application/vnd.ms-word.document.macroEnabled.12'", "fileExtension='.docx',mimeType='application/vnd.openxmlformats-officedocument.wordprocessingml.document'", "fileExtension='.dot',mimeType='application/msword'", "fileExtension='.dotm',mimeType='application/vnd.ms-word.template.macroEnabled.12'", "fileExtension='.dotx',mimeType='application/vnd.openxmlformats-officedocument.wordprocessingml.template'", "fileExtension='.dsp',mimeType='application/octet-stream'", "fileExtension='.dtd',mimeType='text/xml'", "fileExtension='.dvi',mimeType='application/x-dvi'", "fileExtension='.dvr-ms',mimeType='video/x-ms-dvr'", "fileExtension='.dwf',mimeType='drawing/x-dwf'", "fileExtension='.dwp',mimeType='application/octet-stream'", "fileExtension='.dxr',mimeType='application/x-director'", "fileExtension='.eml',mimeType='message/rfc822'", "fileExtension='.emz',mimeType='application/octet-stream'", "fileExtension='.eot',mimeType='application/vnd.ms-fontobject'", "fileExtension='.eps',mimeType='application/postscript'", "fileExtension='.etx',mimeType='text/x-setext'", "fileExtension='.evy',mimeType='application/envoy'", "fileExtension='.exe',mimeType='application/octet-stream'", "fileExtension='.exe.config',mimeType='text/xml'", "fileExtension='.fdf',mimeType='application/vnd.fdf'", "fileExtension='.fif',mimeType='application/fractals'", "fileExtension='.fla',mimeType='application/octet-stream'", "fileExtension='.flr',mimeType='x-world/x-vrml'", "fileExtension='.flv',mimeType='video/x-flv'", "fileExtension='.gif',mimeType='image/gif'", "fileExtension='.gtar',mimeType='application/x-gtar'", "fileExtension='.gz',mimeType='application/x-gzip'", "fileExtension='.h',mimeType='text/plain'", "fileExtension='.hdf',mimeType='application/x-hdf'", "fileExtension='.hdml',mimeType='text/x-hdml'", "fileExtension='.hhc',mimeType='application/x-oleobject'", "fileExtension='.hhk',mimeType='application/octet-stream'", "fileExtension='.hhp',mimeType='application/octet-stream'", "fileExtension='.hlp',mimeType='application/winhlp'", "fileExtension='.hqx',mimeType='application/mac-binhex40'", "fileExtension='.hta',mimeType='application/hta'", "fileExtension='.htc',mimeType='text/x-component'", "fileExtension='.htm',mimeType='text/html'", "fileExtension='.html',mimeType='text/html'", "fileExtension='.htt',mimeType='text/webviewhtml'", "fileExtension='.hxt',mimeType='text/html'", "fileExtension='.ico',mimeType='image/x-icon'", "fileExtension='.ics',mimeType='text/calendar'", "fileExtension='.ief',mimeType='image/ief'", "fileExtension='.iii',mimeType='application/x-iphone'", "fileExtension='.inf',mimeType='application/octet-stream'", "fileExtension='.ins',mimeType='application/x-internet-signup'", "fileExtension='.isp',mimeType='application/x-internet-signup'", "fileExtension='.IVF',mimeType='video/x-ivf'", "fileExtension='.jar',mimeType='application/java-archive'", "fileExtension='.java',mimeType='application/octet-stream'", "fileExtension='.jck',mimeType='application/liquidmotion'", "fileExtension='.jcz',mimeType='application/liquidmotion'", "fileExtension='.jfif',mimeType='image/pjpeg'", "fileExtension='.jpb',mimeType='application/octet-stream'", "fileExtension='.jpe',mimeType='image/jpeg'", "fileExtension='.jpeg',mimeType='image/jpeg'", "fileExtension='.jpg',mimeType='image/jpeg'", "fileExtension='.js',mimeType='application/javascript'", "fileExtension='.json',mimeType='application/json'", "fileExtension='.jsx',mimeType='text/jscript'", "fileExtension='.latex',mimeType='application/x-latex'", "fileExtension='.lit',mimeType='application/x-ms-reader'", "fileExtension='.lpk',mimeType='application/octet-stream'", "fileExtension='.lsf',mimeType='video/x-la-asf'", "fileExtension='.lsx',mimeType='video/x-la-asf'", "fileExtension='.lzh',mimeType='application/octet-stream'", "fileExtension='.m13',mimeType='application/x-msmediaview'", "fileExtension='.m14',mimeType='application/x-msmediaview'", "fileExtension='.m1v',mimeType='video/mpeg'", "fileExtension='.m2ts',mimeType='video/vnd.dlna.mpeg-tts'", "fileExtension='.m3u',mimeType='audio/x-mpegurl'", "fileExtension='.m4a',mimeType='audio/mp4'", "fileExtension='.m4v',mimeType='video/mp4'", "fileExtension='.man',mimeType='application/x-troff-man'", "fileExtension='.manifest',mimeType='application/x-ms-manifest'", "fileExtension='.map',mimeType='text/plain'", "fileExtension='.mdb',mimeType='application/x-msaccess'", "fileExtension='.mdp',mimeType='application/octet-stream'", "fileExtension='.me',mimeType='application/x-troff-me'", "fileExtension='.mht',mimeType='message/rfc822'", "fileExtension='.mhtml',mimeType='message/rfc822'", "fileExtension='.mid',mimeType='audio/mid'", "fileExtension='.midi',mimeType='audio/mid'", "fileExtension='.mix',mimeType='application/octet-stream'", "fileExtension='.mmf',mimeType='application/x-smaf'", "fileExtension='.mno',mimeType='text/xml'", "fileExtension='.mny',mimeType='application/x-msmoney'", "fileExtension='.mov',mimeType='video/quicktime'", "fileExtension='.movie',mimeType='video/x-sgi-movie'", "fileExtension='.mp2',mimeType='video/mpeg'", "fileExtension='.mp3',mimeType='audio/mpeg'", "fileExtension='.mp4',mimeType='video/mp4'", "fileExtension='.mp4v',mimeType='video/mp4'", "fileExtension='.mpa',mimeType='video/mpeg'", "fileExtension='.mpe',mimeType='video/mpeg'", "fileExtension='.mpeg',mimeType='video/mpeg'", "fileExtension='.mpg',mimeType='video/mpeg'", "fileExtension='.mpp',mimeType='application/vnd.ms-project'", "fileExtension='.mpv2',mimeType='video/mpeg'", "fileExtension='.ms',mimeType='application/x-troff-ms'", "fileExtension='.msi',mimeType='application/octet-stream'", "fileExtension='.mso',mimeType='application/octet-stream'", "fileExtension='.mvb',mimeType='application/x-msmediaview'", "fileExtension='.mvc',mimeType='application/x-miva-compiled'", "fileExtension='.nc',mimeType='application/x-netcdf'", "fileExtension='.nsc',mimeType='video/x-ms-asf'", "fileExtension='.nws',mimeType='message/rfc822'", "fileExtension='.ocx',mimeType='application/octet-stream'", "fileExtension='.oda',mimeType='application/oda'", "fileExtension='.odc',mimeType='text/x-ms-odc'", "fileExtension='.ods',mimeType='application/oleobject'", "fileExtension='.oga',mimeType='audio/ogg'", "fileExtension='.ogg',mimeType='video/ogg'", "fileExtension='.ogv',mimeType='video/ogg'", "fileExtension='.one',mimeType='application/onenote'", "fileExtension='.onea',mimeType='application/onenote'", "fileExtension='.onetoc',mimeType='application/onenote'", "fileExtension='.onetoc2',mimeType='application/onenote'", "fileExtension='.onetmp',mimeType='application/onenote'", "fileExtension='.onepkg',mimeType='application/onenote'", "fileExtension='.osdx',mimeType='application/opensearchdescription+xml'", "fileExtension='.otf',mimeType='font/otf'", "fileExtension='.p10',mimeType='application/pkcs10'", "fileExtension='.p12',mimeType='application/x-pkcs12'", "fileExtension='.p7b',mimeType='application/x-pkcs7-certificates'", "fileExtension='.p7c',mimeType='application/pkcs7-mime'", "fileExtension='.p7m',mimeType='application/pkcs7-mime'", "fileExtension='.p7r',mimeType='application/x-pkcs7-certreqresp'", "fileExtension='.p7s',mimeType='application/pkcs7-signature'", "fileExtension='.pbm',mimeType='image/x-portable-bitmap'", "fileExtension='.pcx',mimeType='application/octet-stream'", "fileExtension='.pcz',mimeType='application/octet-stream'", "fileExtension='.pdf',mimeType='application/pdf'", "fileExtension='.pfb',mimeType='application/octet-stream'", "fileExtension='.pfm',mimeType='application/octet-stream'", "fileExtension='.pfx',mimeType='application/x-pkcs12'", "fileExtension='.pgm',mimeType='image/x-portable-graymap'", "fileExtension='.pko',mimeType='application/vnd.ms-pki.pko'", "fileExtension='.pma',mimeType='application/x-perfmon'", "fileExtension='.pmc',mimeType='application/x-perfmon'", "fileExtension='.pml',mimeType='application/x-perfmon'", "fileExtension='.pmr',mimeType='application/x-perfmon'", "fileExtension='.pmw',mimeType='application/x-perfmon'", "fileExtension='.png',mimeType='image/png'", "fileExtension='.pnm',mimeType='image/x-portable-anymap'", "fileExtension='.pnz',mimeType='image/png'", "fileExtension='.pot',mimeType='application/vnd.ms-powerpoint'", "fileExtension='.potm',mimeType='application/vnd.ms-powerpoint.template.macroEnabled.12'", "fileExtension='.potx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.template'", "fileExtension='.ppam',mimeType='application/vnd.ms-powerpoint.addin.macroEnabled.12'", "fileExtension='.ppm',mimeType='image/x-portable-pixmap'", "fileExtension='.pps',mimeType='application/vnd.ms-powerpoint'", "fileExtension='.ppsm',mimeType='application/vnd.ms-powerpoint.slideshow.macroEnabled.12'", "fileExtension='.ppsx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.slideshow'", "fileExtension='.ppt',mimeType='application/vnd.ms-powerpoint'", "fileExtension='.pptm',mimeType='application/vnd.ms-powerpoint.presentation.macroEnabled.12'", "fileExtension='.pptx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.presentation'", "fileExtension='.prf',mimeType='application/pics-rules'", "fileExtension='.prm',mimeType='application/octet-stream'", "fileExtension='.prx',mimeType='application/octet-stream'", "fileExtension='.ps',mimeType='application/postscript'", "fileExtension='.psd',mimeType='application/octet-stream'", "fileExtension='.psm',mimeType='application/octet-stream'", "fileExtension='.psp',mimeType='application/octet-stream'", "fileExtension='.pub',mimeType='application/x-mspublisher'", "fileExtension='.qt',mimeType='video/quicktime'", "fileExtension='.qtl',mimeType='application/x-quicktimeplayer'", "fileExtension='.qxd',mimeType='application/octet-stream'", "fileExtension='.ra',mimeType='audio/x-pn-realaudio'", "fileExtension='.ram',mimeType='audio/x-pn-realaudio'", "fileExtension='.rar',mimeType='application/octet-stream'", "fileExtension='.ras',mimeType='image/x-cmu-raster'", "fileExtension='.rf',mimeType='image/vnd.rn-realflash'", "fileExtension='.rgb',mimeType='image/x-rgb'", "fileExtension='.rm',mimeType='application/vnd.rn-realmedia'", "fileExtension='.rmi',mimeType='audio/mid'", "fileExtension='.roff',mimeType='application/x-troff'", "fileExtension='.rpm',mimeType='audio/x-pn-realaudio-plugin'", "fileExtension='.rtf',mimeType='application/rtf'", "fileExtension='.rtx',mimeType='text/richtext'", "fileExtension='.scd',mimeType='application/x-msschedule'", "fileExtension='.sct',mimeType='text/scriptlet'", "fileExtension='.sea',mimeType='application/octet-stream'", "fileExtension='.setpay',mimeType='application/set-payment-initiation'", "fileExtension='.setreg',mimeType='application/set-registration-initiation'", "fileExtension='.sgml',mimeType='text/sgml'", "fileExtension='.sh',mimeType='application/x-sh'", "fileExtension='.shar',mimeType='application/x-shar'", "fileExtension='.sit',mimeType='application/x-stuffit'", "fileExtension='.sldm',mimeType='application/vnd.ms-powerpoint.slide.macroEnabled.12'", "fileExtension='.sldx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.slide'", "fileExtension='.smd',mimeType='audio/x-smd'", "fileExtension='.smi',mimeType='application/octet-stream'", "fileExtension='.smx',mimeType='audio/x-smd'", "fileExtension='.smz',mimeType='audio/x-smd'", "fileExtension='.snd',mimeType='audio/basic'", "fileExtension='.snp',mimeType='application/octet-stream'", "fileExtension='.spc',mimeType='application/x-pkcs7-certificates'", "fileExtension='.spl',mimeType='application/futuresplash'", "fileExtension='.spx',mimeType='audio/ogg'", "fileExtension='.src',mimeType='application/x-wais-source'", "fileExtension='.ssm',mimeType='application/streamingmedia'", "fileExtension='.sst',mimeType='application/vnd.ms-pki.certstore'", "fileExtension='.stl',mimeType='application/vnd.ms-pki.stl'", "fileExtension='.sv4cpio',mimeType='application/x-sv4cpio'", "fileExtension='.sv4crc',mimeType='application/x-sv4crc'", "fileExtension='.svg',mimeType='image/svg+xml'", "fileExtension='.svgz',mimeType='image/svg+xml'", "fileExtension='.swf',mimeType='application/x-shockwave-flash'", "fileExtension='.t',mimeType='application/x-troff'", "fileExtension='.tar',mimeType='application/x-tar'", "fileExtension='.tcl',mimeType='application/x-tcl'", "fileExtension='.tex',mimeType='application/x-tex'", "fileExtension='.texi',mimeType='application/x-texinfo'", "fileExtension='.texinfo',mimeType='application/x-texinfo'", "fileExtension='.tgz',mimeType='application/x-compressed'", "fileExtension='.thmx',mimeType='application/vnd.ms-officetheme'", "fileExtension='.thn',mimeType='application/octet-stream'", "fileExtension='.tif',mimeType='image/tiff'", "fileExtension='.tiff',mimeType='image/tiff'", "fileExtension='.toc',mimeType='application/octet-stream'", "fileExtension='.tr',mimeType='application/x-troff'", "fileExtension='.trm',mimeType='application/x-msterminal'", "fileExtension='.ts',mimeType='video/vnd.dlna.mpeg-tts'", "fileExtension='.tsv',mimeType='text/tab-separated-values'", "fileExtension='.ttf',mimeType='application/octet-stream'", "fileExtension='.tts',mimeType='video/vnd.dlna.mpeg-tts'", "fileExtension='.txt',mimeType='text/plain'", "fileExtension='.u32',mimeType='application/octet-stream'", "fileExtension='.uls',mimeType='text/iuls'", "fileExtension='.ustar',mimeType='application/x-ustar'", "fileExtension='.vbs',mimeType='text/vbscript'", "fileExtension='.vcf',mimeType='text/x-vcard'", "fileExtension='.vcs',mimeType='text/plain'", "fileExtension='.vdx',mimeType='application/vnd.ms-visio.viewer'", "fileExtension='.vml',mimeType='text/xml'", "fileExtension='.vsd',mimeType='application/vnd.visio'", "fileExtension='.vss',mimeType='application/vnd.visio'", "fileExtension='.vst',mimeType='application/vnd.visio'", "fileExtension='.vsto',mimeType='application/x-ms-vsto'", "fileExtension='.vsw',mimeType='application/vnd.visio'", "fileExtension='.vsx',mimeType='application/vnd.visio'", "fileExtension='.vtx',mimeType='application/vnd.visio'", "fileExtension='.wav',mimeType='audio/wav'", "fileExtension='.wax',mimeType='audio/x-ms-wax'", "fileExtension='.wbmp',mimeType='image/vnd.wap.wbmp'", "fileExtension='.wcm',mimeType='application/vnd.ms-works'", "fileExtension='.wdb',mimeType='application/vnd.ms-works'", "fileExtension='.webm',mimeType='video/webm'", "fileExtension='.wks',mimeType='application/vnd.ms-works'", "fileExtension='.wm',mimeType='video/x-ms-wm'", "fileExtension='.wma',mimeType='audio/x-ms-wma'", "fileExtension='.wmd',mimeType='application/x-ms-wmd'", "fileExtension='.wmf',mimeType='application/x-msmetafile'", "fileExtension='.wml',mimeType='text/vnd.wap.wml'", "fileExtension='.wmlc',mimeType='application/vnd.wap.wmlc'", "fileExtension='.wmls',mimeType='text/vnd.wap.wmlscript'", "fileExtension='.wmlsc',mimeType='application/vnd.wap.wmlscriptc'", "fileExtension='.wmp',mimeType='video/x-ms-wmp'", "fileExtension='.wmv',mimeType='video/x-ms-wmv'", "fileExtension='.wmx',mimeType='video/x-ms-wmx'", "fileExtension='.wmz',mimeType='application/x-ms-wmz'", "fileExtension='.woff',mimeType='font/x-woff'", "fileExtension='.wps',mimeType='application/vnd.ms-works'", "fileExtension='.wri',mimeType='application/x-mswrite'", "fileExtension='.wrl',mimeType='x-world/x-vrml'", "fileExtension='.wrz',mimeType='x-world/x-vrml'", "fileExtension='.wsdl',mimeType='text/xml'", "fileExtension='.wtv',mimeType='video/x-ms-wtv'", "fileExtension='.wvx',mimeType='video/x-ms-wvx'", "fileExtension='.x',mimeType='application/directx'", "fileExtension='.xaf',mimeType='x-world/x-vrml'", "fileExtension='.xaml',mimeType='application/xaml+xml'", "fileExtension='.xap',mimeType='application/x-silverlight-app'", "fileExtension='.xbap',mimeType='application/x-ms-xbap'", "fileExtension='.xbm',mimeType='image/x-xbitmap'", "fileExtension='.xdr',mimeType='text/plain'", "fileExtension='.xht',mimeType='application/xhtml+xml'", "fileExtension='.xhtml',mimeType='application/xhtml+xml'", "fileExtension='.xla',mimeType='application/vnd.ms-excel'", "fileExtension='.xlam',mimeType='application/vnd.ms-excel.addin.macroEnabled.12'", "fileExtension='.xlc',mimeType='application/vnd.ms-excel'", "fileExtension='.xlm',mimeType='application/vnd.ms-excel'", "fileExtension='.xls',mimeType='application/vnd.ms-excel'", "fileExtension='.xlsb',mimeType='application/vnd.ms-excel.sheet.binary.macroEnabled.12'", "fileExtension='.xlsm',mimeType='application/vnd.ms-excel.sheet.macroEnabled.12'", "fileExtension='.xlsx',mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'", "fileExtension='.xlt',mimeType='application/vnd.ms-excel'", "fileExtension='.xltm',mimeType='application/vnd.ms-excel.template.macroEnabled.12'", "fileExtension='.xltx',mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.template'", "fileExtension='.xlw',mimeType='application/vnd.ms-excel'", "fileExtension='.xml',mimeType='text/xml'", "fileExtension='.xof',mimeType='x-world/x-vrml'", "fileExtension='.xpm',mimeType='image/x-xpixmap'", "fileExtension='.xps',mimeType='application/vnd.ms-xpsdocument'", "fileExtension='.xsd',mimeType='text/xml'", "fileExtension='.xsf',mimeType='text/xml'", "fileExtension='.xsl',mimeType='text/xml'", "fileExtension='.xslt',mimeType='text/xml'", "fileExtension='.xsn',mimeType='application/octet-stream'", "fileExtension='.xtp',mimeType='application/octet-stream'", "fileExtension='.xwd',mimeType='image/x-xwindowdump'", "fileExtension='.z',mimeType='application/x-compress'", "fileExtension='.zip',mimeType='application/x-zip-compressed'"] - ``` - -- `add_default_documents` - The items you want to add to the default document collection, only used during `:add`. Array of strings, default: `[]` - -- `add_mime_maps` - The items you want to add to the mime-map/mime-type collection, only used during `:add`. Array of strings, default: `[]` - -- `delete_default_documents` - The items you want to delete from the default document collection, only used during `:delete`. Array of strings, default: `[]` - -- `delete_mime_maps` - The items you want to delete from the mime-map/mime-type collection, only used during `:delete`. Array of strings, default: `[]` - -#### Examples - -```ruby -# Add foo.html to default documents, and add '.dmg' as mime type extension at root level -iis_root 'add stuff' do - add_default_documents ['foo.html'] - add_mime_maps ["fileExtension='.dmg',mimeType='application/octet-stream'"] - action :add -end -``` - -```ruby -# Remove index.html from default document and .323 as a mime type at root level -iis_root 'delete stuff' do - delete_default_documents ['index.html'] - delete_mime_maps ["fileExtension='.323',mimeType='text/h323'"] - action :delete -end -``` - -### iis_site - -Allows for easy management of IIS virtual sites (ie vhosts). - -#### Actions - -- `:add` - add a new virtual site -- `:config` - apply configuration to an existing virtual site -- `:delete` - delete an existing virtual site -- `:start` - start a virtual site -- `:stop` - stop a virtual site -- `:restart` - restart a virtual site - -#### Properties - -- `site_name` - name attribute. -- `site_id` - if not given IIS generates a unique ID for the site -- `path` - IIS will create a root application and a root virtual directory mapped to this specified local path -- `protocol` - http protocol type the site should respond to. valid values are :http, :https. default is :http -- `port` - port site will listen on. default is 80 -- `host_header` - host header (also known as domains or host names) the site should map to. default is all host headers -- `options` - additional options to configure the site -- `bindings` - Advanced options to configure the information required for requests to communicate with a Web site. See for parameter format. When binding is used, port protocol and host_header should not be used. -- `application_pool` - set the application pool of the site -- `options` - support for additional options -logDir, -limits, -ftpServer, etc... -- `log_directory` - specifies the logging directory, where the log file and logging-related support files are stored. -- `log_period` - specifies how often iis creates a new log file -- `log_truncsize` - specifies the maximum size of the log file (in bytes) after which to create a new log file. - -#### Examples - -```ruby -# stop and delete the default site -iis_site 'Default Web Site' do - action [:stop, :delete] -end -``` - -```ruby -# create and start a new site that maps to -# the physical location C:\inetpub\wwwroot\testfu -# first the physical location must exist -directory "#{node['iis']['docroot']}/testfu" do - action :create -end - -# now create and start the site (note this will use the default application pool which must exist) -iis_site 'Testfu Site' do - protocol :http - port 80 - path "#{node['iis']['docroot']}/testfu" - action [:add,:start] -end -``` - -```ruby -# do the same but map to testfu.chef.io domain -# first the physical location must exist -directory "#{node['iis']['docroot']}/testfu" do - action :create -end - -# now create and start the site (note this will use the default application pool which must exist) -iis_site 'Testfu Site' do - protocol :http - port 80 - path "#{node['iis']['docroot']}/testfu" - host_header "testfu.chef.io" - action [:add,:start] -end -``` - -```ruby -# create and start a new site that maps to -# the physical C:\inetpub\wwwroot\testfu -# first the physical location must exist -directory "#{node['iis']['docroot']}/testfu" do - action :create -end - -# also adds bindings to http and https -# binding http to the ip address 10.12.0.136, -# the port 80, and the host header www.domain.com -# also binding https to any ip address, -# the port 443, and the host header www.domain.com -# now create and start the site (note this will use the default application pool which must exist) -iis_site 'FooBar Site' do - bindings "http/10.12.0.136:80:www.domain.com,https/*:443:www.domain.com - path "#{node['iis']['docroot']}/testfu" - action [:add,:start] -end -``` - -### iis_config - -Runs a config command on your IIS instance. - -#### Actions - -- `:set` - Edit configuration section (appcmd set config) -- `:clear` - Clear the section configuration (appcmd clear config) - -#### Properties - -- `cfg_cmd` - name attribute. What ever command you would pass in after "appcmd.exe set config" - -#### Example - -```ruby -# Sets up logging -iis_config "/section:system.applicationHost/sites /siteDefaults.logfile.directory:\"D:\\logs\"" do - action :set -end -``` - -```ruby -# Increase file upload size for 'MySite' -iis_config "\"MySite\" /section:requestfiltering /requestlimits.maxallowedcontentlength:50000000" do - action :set -end -``` - -```ruby -# Set IUSR username and password authentication -iis_config "\"MyWebsite/aSite\" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:\"True\" /userName:\"IUSR_foobar\" /password:\"p@assword\" /commit:apphost" do - action :set -end -``` - -```ruby -# Authenticate with application pool -iis_config "\"MyWebsite/aSite\" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:\"True\" /userName:\"\" /commit:apphost" do - action :set -end -``` - -```ruby -# Loads an array of commands from the node -cfg_cmds = node['iis']['cfg_cmd'] -cfg_cmds.each do |cmd| - iis_config "#{cmd}" do - action :set - end -end -``` - -```ruby -# Add static machine key at site level -iis_config "MySite /commit:site /section:machineKey /validation:AES /validationKey:AAAAAA /decryptionKey:ZZZZZ" do - action :set -end -``` - -```ruby -# Remove machine key -iis_config "MySite /commit:site /section:machineKey" do - action :clear -end -``` - -### iis_pool - -Creates an application pool in IIS. - -#### Actions - -- `:add` - add a new application pool -- `:config` - apply configuration to an existing application pool -- `:delete` - delete an existing application pool -- `:start` - start a application pool -- `:stop` - stop a application pool -- `:restart` - restart a application pool -- `:recycle` - recycle an application pool - -#### Properties - -##### Root Items - -- `name` - name attribute. Specifies the name of the pool to create. -- `runtime_version` - specifies what .NET version of the runtime to use. -- `pipeline_mode` - specifies what pipeline mode to create the pool with, valid values are :Integrated or :Classic, the default is :Integrated -- `no_managed_code` - allow Unmanaged Code in setting up IIS app pools is shutting down. - default is true - optional - -##### Add Items - -- `start_mode` - Specifies the startup type for the application pool - default :OnDemand (:OnDemand, :AlwaysRunning) - optional -- `auto_start` - When true, indicates to the World Wide Web Publishing Service (W3SVC) that the application pool should be automatically started when it is created or when IIS is started. - boolean: default true - optional -- `queue_length` - Indicates to HTTP.sys how many requests to queue for an application pool before rejecting future requests. - default is 1000 - optional -- `thirty_two_bit` - set the pool to run in 32 bit mode, valid values are true or false, default is false - optional - -##### Process Model Items - -- `max_processes` - specifies the number of worker processes associated with the pool. -- `load_user_profile` - This property is used only when a service starts in a named user account. - Default is false - optional -- `identity_type` - the account identity that they app pool will run as, valid values are :SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity -- `username` - username for the identity for the application pool -- `password` password for the identity for the application pool is started. Default is true - optional -- `logon_type` - Specifies the logon type for the process identity. (For additional information about [logon types](http://msdn.microsoft.com/en-us/library/aa378184%28VS.85%29.aspx), see the LogonUser Function topic on Microsoft's MSDN Web site.) - Available [:LogonBatch, :LogonService] - default is :LogonBatch - optional -- `manual_group_membership` - Specifies whether the IIS_IUSRS group Security Identifier (SID) is added to the worker process token. When false, IIS automatically uses an application pool identity as though it were a member of the built-in IIS_IUSRS group, which has access to necessary file and system resources. When true, an application pool identity must be explicitly added to all resources that a worker process requires at runtime. - default is false - optional -- `idle_timeout` - Specifies how long (in minutes) a worker process should run idle if no new requests are received and the worker process is not processing requests. After the allocated time passes, the worker process should request that it be shut down by the WWW service. - default is '00:20:00' - optional -- `idle_timeout_action` - Specifies the option of suspending an idle worker process rather than terminating it. Valid values are :Terminate and :Suspend - optional -- `shutdown_time_limit` - Specifies the time that the W3SVC service waits after it initiated a recycle. If the worker process does not shut down within the shutdownTimeLimit, it will be terminated by the W3SVC service. - default is '00:01:30' - optional -- `startup_time_limit` - Specifies the time that IIS waits for an application pool to start. If the application pool does not startup within the startupTimeLimit, the worker process is terminated and the rapid-fail protection count is incremented. - default is '00:01:30' - optional -- `pinging_enabled` - Specifies whether pinging is enabled for the worker process. - default is true - optional -- `ping_interval` - Specifies the time between health-monitoring pings that the WWW service sends to a worker process - default is '00:00:30' - optional -- `ping_response_time` - Specifies the time that a worker process is given to respond to a health-monitoring ping. After the time limit is exceeded, the WWW service terminates the worker process - default is '00:01:30' - optional - -##### Recycling Items - -- `disallow_rotation_on_config_change` - The DisallowRotationOnConfigChange property specifies whether or not the World Wide Web Publishing Service (WWW Service) should rotate worker processes in an application pool when the configuration has changed. - Default is false - optional -- `disallow_overlapping_rotation` - Specifies whether the WWW Service should start another worker process to replace the existing worker process while that process -- `log_event_on_recycle` - configure IIS to log an event when one or more of the following configured events cause an application pool to recycle (for additional information about [logging events] (). - default is 'Time, Requests, Schedule, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory' - optional -- `recycle_schedule_clear` - specifies a pool to clear all scheduled recycle times, [true,false] Default is false - optional -- `recycle_after_time` - specifies a pool to recycle at regular time intervals, d.hh:mm:ss, d optional -- `recycle_at_time` - schedule a pool to recycle at a specific time, d.hh:mm:ss, d optional -- `private_memory` - specifies the amount of private memory (in kilobytes) after which you want the pool to recycle -- `virtual_memory` - specifies the amount of virtual memory (in kilobytes) after which you want the pool to recycle - -#### Failure Items - -- `load_balancer_capabilities` - Specifies behavior when a worker process cannot be started, such as when the request queue is full or an application pool is in rapid-fail protection. - default is :HttpLevel - optional -- `orphan_worker_process` - Specifies whether to assign a worker process to an orphan state instead of terminating it when an application pool fails. - default is false - optional -- `orphan_action_exe` - Specifies an executable to run when the WWW service orphans a worker process (if the orphanWorkerProcess attribute is set to true). You can use the orphanActionParams attribute to send parameters to the executable. - optional -- `orphan_action_params` - Indicates command-line parameters for the executable named by the orphanActionExe attribute. To specify the process ID of the orphaned process, use %1%. - optional -- `rapid_fail_protection` - Setting to true instructs the WWW service to remove from service all applications that are in an application pool - default is true - optional -- `rapid_fail_protection_interval` - Specifies the number of minutes before the failure count for a process is reset. - default is '00:05:00' - optional -- `rapid_fail_protection_max_crashes` - Specifies the maximum number of failures that are allowed within the number of minutes specified by the rapidFailProtectionInterval attribute. - default is 5 - optional -- `auto_shutdown_exe` - Specifies an executable to run when the WWW service shuts down an application pool. - optional -- `auto_shutdown_params` - Specifies command-line parameters for the executable that is specified in the autoShutdownExe attribute. - optional - -##### CPU Items - -- `cpu_action` - Configures the action that IIS takes when a worker process exceeds its configured CPU limit. The action attribute is configured on a per-application pool basis. - Available options [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad] - default is :NoAction - optional -- `cpu_limit` - Configures the maximum percentage of CPU time (in 1/1000ths of one percent) that the worker processes in an application pool are allowed to consume over a period of time as indicated by the resetInterval attribute. If the limit set by the limit attribute is exceeded, an event is written to the event log and an optional set of events can be triggered. These optional events are determined by the action attribute. - default is 0 - optional -- `cpu_reset_interval` - Specifies the reset period (in minutes) for CPU monitoring and throttling limits on an application pool. When the number of minutes elapsed since the last process accounting reset equals the number specified by this property, IIS resets the CPU timers for both the logging and limit intervals. - default is '00:05:00' - optional -- `cpu_smp_affinitized` - Specifies whether a particular worker process assigned to an application pool should also be assigned to a given CPU. - default is false - optional -- `smp_processor_affinity_mask` - Specifies the hexadecimal processor mask for multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional -- `smp_processor_affinity_mask_2` - Specifies the high-order DWORD hexadecimal processor mask for 64-bit multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional - -#### Example - -```ruby -# creates a new app pool -iis_pool 'myAppPool_v1_1' do - runtime_version "2.0" - pipeline_mode :Classic - action :add -end -``` - -### iis_app - -Creates an application in IIS. - -#### Actions - -- `:add` - add a new application pool -- `:delete` - delete an existing application pool -- `:config` - configures an existing application pool - -#### Properties - -- `site_name` - name attribute. The name of the site to add this app to -- `path` -The virtual path for this application -- `application_pool` - The pool this application belongs to -- `physical_path` - The physical path where this app resides. -- `enabled_protocols` - The enabled protocols that this app provides (http, https, net.pipe, net.tcp, etc) - -#### Example - -```ruby -# creates a new app -iis_app 'myApp' do - path '/v1_1' - application_pool 'myAppPool_v1_1' - physical_path "#{node['iis']['docroot']}/testfu/v1_1" - enabled_protocols 'http,net.pipe' - action :add -end -``` - -### iis_vdir - -Allows easy management of IIS virtual directories (i.e. vdirs). - -#### Actions - -- :add: - add a new virtual directory -- :delete: - delete an existing virtual directory -- :config: - configure a virtual directory - -#### Attribute Parameters - -- `application_name`: name attribute. This is the name of the website or site + application you are adding it to. -- `path`: The virtual directory path on the site. -- `physical_path`: The physical path of the virtual directory on the disk. -- `username`: (optional) The username required to logon to the physical_path. If set to "" will clear username and password. -- `password`: (optional) The password required to logon to the physical_path -- `logon_method`: (optional, default: :ClearText) The method used to logon (:Interactive, :Batch, :Network, :ClearText). For more information on these types, see "LogonUser Function", Read more at [MSDN](http://msdn2.microsoft.com/en-us/library/aa378184.aspx) -- `allow_sub_dir_config`: (optional, default: true) Boolean that specifies whether or not the Web server will look for configuration files located in the subdirectories of this virtual directory. Setting this to false can improve performance on servers with very large numbers of web.config files, but doing so prevents IIS configuration from being read in subdirectories. - -#### Examples - -```ruby -# add a virtual directory to default application -iis_vdir 'Default Web Site/' do - action :add - path '/Content/Test' - physical_path 'C:\wwwroot\shared\test' -end -``` - -```ruby -# add a virtual directory to an application under a site -iis_vdir 'Default Web Site/my application' do - action :add - path '/Content/Test' - physical_path 'C:\wwwroot\shared\test' -end -``` - -```ruby -# adds a virtual directory to default application which points to a smb share. (Remember to escape the "\"'s) -iis_vdir 'Default Web Site/' do - action :add - path '/Content/Test' - physical_path '\\\\sharename\\sharefolder\\1' -end -``` - -```ruby -# configure a virtual directory to have a username and password -iis_vdir 'Default Web Site/' do - action :config - path '/Content/Test' - username 'domain\myspecialuser' - password 'myspecialpassword' -end -``` - -```ruby -# delete a virtual directory from the default application -iis_vdir 'Default Web Site/' do - action :delete - path '/Content/Test' -end -``` - -### iis_section - -Allows for the locking/unlocking of sections ([listed here](http://www.iis.net/configreference) or via the command `appcmd list config \"\" /config:* /xml`) - -This is valuable to allow the `web.config` of an individual application/website control it's own settings. - -#### Actions - -- `:lock`: - locks the `section` passed -- `:unlock`: - unlocks the `section` passed - -#### Attribute Parameters - -- `section`: The name of the section to lock. -- `site`: The name of the site you want to lock or unlock a section for. -- `application_path`: The path to the application you want to lock or unlock a section for. -- `returns`: The result of the `shell_out` command. -- - -#### Examples - -```ruby -# Sets the IIS global windows authentication to be locked globally -iis_section 'locks global configuration of windows auth' do - section 'system.webServer/security/authentication/windowsAuthentication' - action :lock -end -``` - -```ruby -# Sets the IIS global Basic authentication to be locked globally -iis_section 'locks global configuration of Basic auth' do - section 'system.webServer/security/authentication/basicAuthentication' - action :lock -end -``` - -```ruby -# Sets the IIS global windows authentication to be unlocked globally -iis_section 'unlocked web.config globally for windows auth' do - action :unlock - section 'system.webServer/security/authentication/windowsAuthentication' -end -``` - -```ruby -# Sets the IIS global Basic authentication to be unlocked globally -iis_section 'unlocked web.config globally for Basic auth' do - action :unlock - section 'system.webServer/security/authentication/basicAuthentication' -end -``` - -```ruby -# Sets the static content section for default web site and root to unlocked -iis_section 'unlock staticContent of default web site' do - section 'system.webServer/staticContent' - site 'Default Web Site' - action :unlock -end -``` - -```ruby -# Sets the static content section for test_app under default website and root to be unlocked -iis_section 'unlock staticContent of default web site' do - section 'system.webServer/staticContent' - site 'Default Web Site' - application_path '/test_app' - action :unlock -end -``` - -### iis_module - -Manages modules globally or on a per site basis. - -#### Actions - -- `:add` - add a new module -- `:delete` - delete a module -- `:install` - install a native module from the filesystem (.dll) -- `:uninstall` - uninstall a native module - -#### Attribute Parameters - -- `module_name` - The name of the module to add or delete -- `type` - The type of module -- `precondition` - precondition for module -- `application` - The application or site to add the module to -- `add` - Whether the module you install has to be globally added -- `image` - Location of the DLL of the module to install - -#### Example - -```ruby -# Adds a module called "My 3rd Party Module" to mySite/ -iis_module "My 3rd Party Module" do - application "mySite/" - precondition "bitness64" - action :add -end -``` - -```ruby -# Adds a module called "MyModule" to all IIS sites on the server -iis_module "MyModule" -``` - -## Usage - -### default recipe - -Installs and configures IIS 7.0/7.5/8.0 using the default configuration. - -### mod_* recipes - -This cookbook also contains recipes for installing individual IIS modules (extensions). These recipes can be included in a node's run_list to build the minimal desired custom IIS installation. - -- `mod_aspnet` - installs ASP.NET runtime components -- `mod_aspnet45` - installs ASP.NET 4.5 runtime components -- `mod_auth_basic` - installs Basic Authentication support -- `mod_auth_windows` - installs Windows Authentication (authenticate clients by using NTLM or Kerberos) support -- `mod_compress_dynamic` - installs dynamic content compression support. _PLEASE NOTE_ - enabling dynamic compression always gives you more efficient use of bandwidth, but if your server's processor utilization is already very high, the CPU load imposed by dynamic compression might make your site perform more slowly. -- `mod_compress_static` - installs static content compression support -- `mod_iis6_metabase_compat` - installs IIS 6 Metabase Compatibility component. -- `mod_isapi` - installs ISAPI (Internet Server Application Programming Interface) extension and filter support. -- `mod_logging` - installs and enables HTTP Logging (logging of Web site activity), Logging Tools (logging tools and scripts) and Custom Logging (log any of the HTTP request/response headers, IIS server variables, and client-side fields with simple configuration) support -- `mod_management` - installs Web server Management Console which supports management of local and remote Web servers -- `mod_security` - installs URL Authorization (Authorizes client access to the URLs that comprise a Web application), Request Filtering (configures rules to block selected client requests) and IP Security (allows or denies content access based on IP address or domain name) support. -- `mod_tracing` - installs support for tracing ASP.NET applications and failed requests. - -Note: Not every possible IIS module has a corresponding recipe. The foregoing recipes are included for convenience, but users may also place additional IIS modules that are installable as Windows features into the `node['iis']['components']` array. - -## Alternative Cookbooks - -- [Powershell based IIS Cookbook (Pre-DSC)](https://github.com/ebsco/iisposh) -- DSC Based- [CWebAdministration](https://github.com/PowerShellOrg/cWebAdministration) / [XWebadministration](https://github.com/PowerShell/xWebAdministration) Powershell Module(s) - -## License and Author - -- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io)) -- Author:: Julian Dunn ([jdunn@chef.io](mailto:jdunn@chef.io)) -- Author:: Justin Schuhmann ([jmschu02@gmail.com](mailto:jmschu02@gmail.com)) - -```text -Copyright 2011-2016, Chef Software, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` diff --git a/cookbooks/iis/attributes/default.rb b/cookbooks/iis/attributes/default.rb deleted file mode 100644 index 47db072..0000000 --- a/cookbooks/iis/attributes/default.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Attribute:: default -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -default['iis']['home'] = "#{ENV['WINDIR']}\\System32\\inetsrv" -default['iis']['conf_dir'] = "#{ENV['WINDIR']}\\System32\\inetsrv\\config" -default['iis']['pubroot'] = "#{ENV['SYSTEMDRIVE']}\\inetpub" -default['iis']['docroot'] = "#{ENV['SYSTEMDRIVE']}\\inetpub\\wwwroot" -default['iis']['log_dir'] = "#{ENV['SYSTEMDRIVE']}\\inetpub\\logs\\LogFiles" -default['iis']['cache_dir'] = "#{ENV['SYSTEMDRIVE']}\\inetpub\\temp" -default['iis']['components'] = [] - -default['iis']['source'] = nil - -default['iis']['recycle']['log_events'] = 'Time, Requests, Schedule, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory' diff --git a/cookbooks/iis/libraries/constants.rb b/cookbooks/iis/libraries/constants.rb deleted file mode 100644 index 8d602f9..0000000 --- a/cookbooks/iis/libraries/constants.rb +++ /dev/null @@ -1,412 +0,0 @@ -# -# Cookbook:: iis -# Library:: constants -# -# Copyright:: 2013-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module Opscode - module IIS - # Contains functions that are used throughout this cookbook - module Constants - def self.default_documents - %w( - Default.htm - Default.asp - index.htm - index.html - iisstart.htm - default.aspx - ) - end - - def self.default_mime_types - %w( - fileExtension='.323',mimeType='text/h323' - fileExtension='.3g2',mimeType='video/3gpp2' - fileExtension='.3gp2',mimeType='video/3gpp2' - fileExtension='.3gp',mimeType='video/3gpp' - fileExtension='.3gpp',mimeType='video/3gpp' - fileExtension='.aaf',mimeType='application/octet-stream' - fileExtension='.aac',mimeType='audio/aac' - fileExtension='.aca',mimeType='application/octet-stream' - fileExtension='.accdb',mimeType='application/msaccess' - fileExtension='.accde',mimeType='application/msaccess' - fileExtension='.accdt',mimeType='application/msaccess' - fileExtension='.acx',mimeType='application/internet-property-stream' - fileExtension='.adt',mimeType='audio/vnd.dlna.adts' - fileExtension='.adts',mimeType='audio/vnd.dlna.adts' - fileExtension='.afm',mimeType='application/octet-stream' - fileExtension='.ai',mimeType='application/postscript' - fileExtension='.aif',mimeType='audio/x-aiff' - fileExtension='.aifc',mimeType='audio/aiff' - fileExtension='.aiff',mimeType='audio/aiff' - fileExtension='.application',mimeType='application/x-ms-application' - fileExtension='.art',mimeType='image/x-jg' - fileExtension='.asd',mimeType='application/octet-stream' - fileExtension='.asf',mimeType='video/x-ms-asf' - fileExtension='.asi',mimeType='application/octet-stream' - fileExtension='.asm',mimeType='text/plain' - fileExtension='.asr',mimeType='video/x-ms-asf' - fileExtension='.asx',mimeType='video/x-ms-asf' - fileExtension='.atom',mimeType='application/atom+xml' - fileExtension='.au',mimeType='audio/basic' - fileExtension='.avi',mimeType='video/avi' - fileExtension='.axs',mimeType='application/olescript' - fileExtension='.bas',mimeType='text/plain' - fileExtension='.bcpio',mimeType='application/x-bcpio' - fileExtension='.bin',mimeType='application/octet-stream' - fileExtension='.bmp',mimeType='image/bmp' - fileExtension='.c',mimeType='text/plain' - fileExtension='.cab',mimeType='application/vnd.ms-cab-compressed' - fileExtension='.calx',mimeType='application/vnd.ms-office.calx' - fileExtension='.cat',mimeType='application/vnd.ms-pki.seccat' - fileExtension='.cdf',mimeType='application/x-cdf' - fileExtension='.chm',mimeType='application/octet-stream' - fileExtension='.class',mimeType='application/x-java-applet' - fileExtension='.clp',mimeType='application/x-msclip' - fileExtension='.cmx',mimeType='image/x-cmx' - fileExtension='.cnf',mimeType='text/plain' - fileExtension='.cod',mimeType='image/cis-cod' - fileExtension='.cpio',mimeType='application/x-cpio' - fileExtension='.cpp',mimeType='text/plain' - fileExtension='.crd',mimeType='application/x-mscardfile' - fileExtension='.crl',mimeType='application/pkix-crl' - fileExtension='.crt',mimeType='application/x-x509-ca-cert' - fileExtension='.csh',mimeType='application/x-csh' - fileExtension='.css',mimeType='text/css' - fileExtension='.csv',mimeType='application/octet-stream' - fileExtension='.cur',mimeType='application/octet-stream' - fileExtension='.dcr',mimeType='application/x-director' - fileExtension='.deploy',mimeType='application/octet-stream' - fileExtension='.der',mimeType='application/x-x509-ca-cert' - fileExtension='.dib',mimeType='image/bmp' - fileExtension='.dir',mimeType='application/x-director' - fileExtension='.disco',mimeType='text/xml' - fileExtension='.dll',mimeType='application/x-msdownload' - fileExtension='.dll.config',mimeType='text/xml' - fileExtension='.dlm',mimeType='text/dlm' - fileExtension='.doc',mimeType='application/msword' - fileExtension='.docm',mimeType='application/vnd.ms-word.document.macroEnabled.12' - fileExtension='.docx',mimeType='application/vnd.openxmlformats-officedocument.wordprocessingml.document' - fileExtension='.dot',mimeType='application/msword' - fileExtension='.dotm',mimeType='application/vnd.ms-word.template.macroEnabled.12' - fileExtension='.dotx',mimeType='application/vnd.openxmlformats-officedocument.wordprocessingml.template' - fileExtension='.dsp',mimeType='application/octet-stream' - fileExtension='.dtd',mimeType='text/xml' - fileExtension='.dvi',mimeType='application/x-dvi' - fileExtension='.dvr-ms',mimeType='video/x-ms-dvr' - fileExtension='.dwf',mimeType='drawing/x-dwf' - fileExtension='.dwp',mimeType='application/octet-stream' - fileExtension='.dxr',mimeType='application/x-director' - fileExtension='.eml',mimeType='message/rfc822' - fileExtension='.emz',mimeType='application/octet-stream' - fileExtension='.eot',mimeType='application/vnd.ms-fontobject' - fileExtension='.eps',mimeType='application/postscript' - fileExtension='.etx',mimeType='text/x-setext' - fileExtension='.evy',mimeType='application/envoy' - fileExtension='.exe',mimeType='application/octet-stream' - fileExtension='.exe.config',mimeType='text/xml' - fileExtension='.fdf',mimeType='application/vnd.fdf' - fileExtension='.fif',mimeType='application/fractals' - fileExtension='.fla',mimeType='application/octet-stream' - fileExtension='.flr',mimeType='x-world/x-vrml' - fileExtension='.flv',mimeType='video/x-flv' - fileExtension='.gif',mimeType='image/gif' - fileExtension='.gtar',mimeType='application/x-gtar' - fileExtension='.gz',mimeType='application/x-gzip' - fileExtension='.h',mimeType='text/plain' - fileExtension='.hdf',mimeType='application/x-hdf' - fileExtension='.hdml',mimeType='text/x-hdml' - fileExtension='.hhc',mimeType='application/x-oleobject' - fileExtension='.hhk',mimeType='application/octet-stream' - fileExtension='.hhp',mimeType='application/octet-stream' - fileExtension='.hlp',mimeType='application/winhlp' - fileExtension='.hqx',mimeType='application/mac-binhex40' - fileExtension='.hta',mimeType='application/hta' - fileExtension='.htc',mimeType='text/x-component' - fileExtension='.htm',mimeType='text/html' - fileExtension='.html',mimeType='text/html' - fileExtension='.htt',mimeType='text/webviewhtml' - fileExtension='.hxt',mimeType='text/html' - fileExtension='.ico',mimeType='image/x-icon' - fileExtension='.ics',mimeType='text/calendar' - fileExtension='.ief',mimeType='image/ief' - fileExtension='.iii',mimeType='application/x-iphone' - fileExtension='.inf',mimeType='application/octet-stream' - fileExtension='.ins',mimeType='application/x-internet-signup' - fileExtension='.isp',mimeType='application/x-internet-signup' - fileExtension='.IVF',mimeType='video/x-ivf' - fileExtension='.jar',mimeType='application/java-archive' - fileExtension='.java',mimeType='application/octet-stream' - fileExtension='.jck',mimeType='application/liquidmotion' - fileExtension='.jcz',mimeType='application/liquidmotion' - fileExtension='.jfif',mimeType='image/pjpeg' - fileExtension='.jpb',mimeType='application/octet-stream' - fileExtension='.jpe',mimeType='image/jpeg' - fileExtension='.jpeg',mimeType='image/jpeg' - fileExtension='.jpg',mimeType='image/jpeg' - fileExtension='.js',mimeType='application/javascript' - fileExtension='.json',mimeType='application/json' - fileExtension='.jsx',mimeType='text/jscript' - fileExtension='.latex',mimeType='application/x-latex' - fileExtension='.lit',mimeType='application/x-ms-reader' - fileExtension='.lpk',mimeType='application/octet-stream' - fileExtension='.lsf',mimeType='video/x-la-asf' - fileExtension='.lsx',mimeType='video/x-la-asf' - fileExtension='.lzh',mimeType='application/octet-stream' - fileExtension='.m13',mimeType='application/x-msmediaview' - fileExtension='.m14',mimeType='application/x-msmediaview' - fileExtension='.m1v',mimeType='video/mpeg' - fileExtension='.m2ts',mimeType='video/vnd.dlna.mpeg-tts' - fileExtension='.m3u',mimeType='audio/x-mpegurl' - fileExtension='.m4a',mimeType='audio/mp4' - fileExtension='.m4v',mimeType='video/mp4' - fileExtension='.man',mimeType='application/x-troff-man' - fileExtension='.manifest',mimeType='application/x-ms-manifest' - fileExtension='.map',mimeType='text/plain' - fileExtension='.mdb',mimeType='application/x-msaccess' - fileExtension='.mdp',mimeType='application/octet-stream' - fileExtension='.me',mimeType='application/x-troff-me' - fileExtension='.mht',mimeType='message/rfc822' - fileExtension='.mhtml',mimeType='message/rfc822' - fileExtension='.mid',mimeType='audio/mid' - fileExtension='.midi',mimeType='audio/mid' - fileExtension='.mix',mimeType='application/octet-stream' - fileExtension='.mmf',mimeType='application/x-smaf' - fileExtension='.mno',mimeType='text/xml' - fileExtension='.mny',mimeType='application/x-msmoney' - fileExtension='.mov',mimeType='video/quicktime' - fileExtension='.movie',mimeType='video/x-sgi-movie' - fileExtension='.mp2',mimeType='video/mpeg' - fileExtension='.mp3',mimeType='audio/mpeg' - fileExtension='.mp4',mimeType='video/mp4' - fileExtension='.mp4v',mimeType='video/mp4' - fileExtension='.mpa',mimeType='video/mpeg' - fileExtension='.mpe',mimeType='video/mpeg' - fileExtension='.mpeg',mimeType='video/mpeg' - fileExtension='.mpg',mimeType='video/mpeg' - fileExtension='.mpp',mimeType='application/vnd.ms-project' - fileExtension='.mpv2',mimeType='video/mpeg' - fileExtension='.ms',mimeType='application/x-troff-ms' - fileExtension='.msi',mimeType='application/octet-stream' - fileExtension='.mso',mimeType='application/octet-stream' - fileExtension='.mvb',mimeType='application/x-msmediaview' - fileExtension='.mvc',mimeType='application/x-miva-compiled' - fileExtension='.nc',mimeType='application/x-netcdf' - fileExtension='.nsc',mimeType='video/x-ms-asf' - fileExtension='.nws',mimeType='message/rfc822' - fileExtension='.ocx',mimeType='application/octet-stream' - fileExtension='.oda',mimeType='application/oda' - fileExtension='.odc',mimeType='text/x-ms-odc' - fileExtension='.ods',mimeType='application/oleobject' - fileExtension='.oga',mimeType='audio/ogg' - fileExtension='.ogg',mimeType='video/ogg' - fileExtension='.ogv',mimeType='video/ogg' - fileExtension='.one',mimeType='application/onenote' - fileExtension='.onea',mimeType='application/onenote' - fileExtension='.onetoc',mimeType='application/onenote' - fileExtension='.onetoc2',mimeType='application/onenote' - fileExtension='.onetmp',mimeType='application/onenote' - fileExtension='.onepkg',mimeType='application/onenote' - fileExtension='.osdx',mimeType='application/opensearchdescription+xml' - fileExtension='.otf',mimeType='font/otf' - fileExtension='.p10',mimeType='application/pkcs10' - fileExtension='.p12',mimeType='application/x-pkcs12' - fileExtension='.p7b',mimeType='application/x-pkcs7-certificates' - fileExtension='.p7c',mimeType='application/pkcs7-mime' - fileExtension='.p7m',mimeType='application/pkcs7-mime' - fileExtension='.p7r',mimeType='application/x-pkcs7-certreqresp' - fileExtension='.p7s',mimeType='application/pkcs7-signature' - fileExtension='.pbm',mimeType='image/x-portable-bitmap' - fileExtension='.pcx',mimeType='application/octet-stream' - fileExtension='.pcz',mimeType='application/octet-stream' - fileExtension='.pdf',mimeType='application/pdf' - fileExtension='.pfb',mimeType='application/octet-stream' - fileExtension='.pfm',mimeType='application/octet-stream' - fileExtension='.pfx',mimeType='application/x-pkcs12' - fileExtension='.pgm',mimeType='image/x-portable-graymap' - fileExtension='.pko',mimeType='application/vnd.ms-pki.pko' - fileExtension='.pma',mimeType='application/x-perfmon' - fileExtension='.pmc',mimeType='application/x-perfmon' - fileExtension='.pml',mimeType='application/x-perfmon' - fileExtension='.pmr',mimeType='application/x-perfmon' - fileExtension='.pmw',mimeType='application/x-perfmon' - fileExtension='.png',mimeType='image/png' - fileExtension='.pnm',mimeType='image/x-portable-anymap' - fileExtension='.pnz',mimeType='image/png' - fileExtension='.pot',mimeType='application/vnd.ms-powerpoint' - fileExtension='.potm',mimeType='application/vnd.ms-powerpoint.template.macroEnabled.12' - fileExtension='.potx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.template' - fileExtension='.ppam',mimeType='application/vnd.ms-powerpoint.addin.macroEnabled.12' - fileExtension='.ppm',mimeType='image/x-portable-pixmap' - fileExtension='.pps',mimeType='application/vnd.ms-powerpoint' - fileExtension='.ppsm',mimeType='application/vnd.ms-powerpoint.slideshow.macroEnabled.12' - fileExtension='.ppsx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.slideshow' - fileExtension='.ppt',mimeType='application/vnd.ms-powerpoint' - fileExtension='.pptm',mimeType='application/vnd.ms-powerpoint.presentation.macroEnabled.12' - fileExtension='.pptx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.presentation' - fileExtension='.prf',mimeType='application/pics-rules' - fileExtension='.prm',mimeType='application/octet-stream' - fileExtension='.prx',mimeType='application/octet-stream' - fileExtension='.ps',mimeType='application/postscript' - fileExtension='.psd',mimeType='application/octet-stream' - fileExtension='.psm',mimeType='application/octet-stream' - fileExtension='.psp',mimeType='application/octet-stream' - fileExtension='.pub',mimeType='application/x-mspublisher' - fileExtension='.qt',mimeType='video/quicktime' - fileExtension='.qtl',mimeType='application/x-quicktimeplayer' - fileExtension='.qxd',mimeType='application/octet-stream' - fileExtension='.ra',mimeType='audio/x-pn-realaudio' - fileExtension='.ram',mimeType='audio/x-pn-realaudio' - fileExtension='.rar',mimeType='application/octet-stream' - fileExtension='.ras',mimeType='image/x-cmu-raster' - fileExtension='.rf',mimeType='image/vnd.rn-realflash' - fileExtension='.rgb',mimeType='image/x-rgb' - fileExtension='.rm',mimeType='application/vnd.rn-realmedia' - fileExtension='.rmi',mimeType='audio/mid' - fileExtension='.roff',mimeType='application/x-troff' - fileExtension='.rpm',mimeType='audio/x-pn-realaudio-plugin' - fileExtension='.rtf',mimeType='application/rtf' - fileExtension='.rtx',mimeType='text/richtext' - fileExtension='.scd',mimeType='application/x-msschedule' - fileExtension='.sct',mimeType='text/scriptlet' - fileExtension='.sea',mimeType='application/octet-stream' - fileExtension='.setpay',mimeType='application/set-payment-initiation' - fileExtension='.setreg',mimeType='application/set-registration-initiation' - fileExtension='.sgml',mimeType='text/sgml' - fileExtension='.sh',mimeType='application/x-sh' - fileExtension='.shar',mimeType='application/x-shar' - fileExtension='.sit',mimeType='application/x-stuffit' - fileExtension='.sldm',mimeType='application/vnd.ms-powerpoint.slide.macroEnabled.12' - fileExtension='.sldx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.slide' - fileExtension='.smd',mimeType='audio/x-smd' - fileExtension='.smi',mimeType='application/octet-stream' - fileExtension='.smx',mimeType='audio/x-smd' - fileExtension='.smz',mimeType='audio/x-smd' - fileExtension='.snd',mimeType='audio/basic' - fileExtension='.snp',mimeType='application/octet-stream' - fileExtension='.spc',mimeType='application/x-pkcs7-certificates' - fileExtension='.spl',mimeType='application/futuresplash' - fileExtension='.spx',mimeType='audio/ogg' - fileExtension='.src',mimeType='application/x-wais-source' - fileExtension='.ssm',mimeType='application/streamingmedia' - fileExtension='.sst',mimeType='application/vnd.ms-pki.certstore' - fileExtension='.stl',mimeType='application/vnd.ms-pki.stl' - fileExtension='.sv4cpio',mimeType='application/x-sv4cpio' - fileExtension='.sv4crc',mimeType='application/x-sv4crc' - fileExtension='.svg',mimeType='image/svg+xml' - fileExtension='.svgz',mimeType='image/svg+xml' - fileExtension='.swf',mimeType='application/x-shockwave-flash' - fileExtension='.t',mimeType='application/x-troff' - fileExtension='.tar',mimeType='application/x-tar' - fileExtension='.tcl',mimeType='application/x-tcl' - fileExtension='.tex',mimeType='application/x-tex' - fileExtension='.texi',mimeType='application/x-texinfo' - fileExtension='.texinfo',mimeType='application/x-texinfo' - fileExtension='.tgz',mimeType='application/x-compressed' - fileExtension='.thmx',mimeType='application/vnd.ms-officetheme' - fileExtension='.thn',mimeType='application/octet-stream' - fileExtension='.tif',mimeType='image/tiff' - fileExtension='.tiff',mimeType='image/tiff' - fileExtension='.toc',mimeType='application/octet-stream' - fileExtension='.tr',mimeType='application/x-troff' - fileExtension='.trm',mimeType='application/x-msterminal' - fileExtension='.ts',mimeType='video/vnd.dlna.mpeg-tts' - fileExtension='.tsv',mimeType='text/tab-separated-values' - fileExtension='.ttf',mimeType='application/octet-stream' - fileExtension='.tts',mimeType='video/vnd.dlna.mpeg-tts' - fileExtension='.txt',mimeType='text/plain' - fileExtension='.u32',mimeType='application/octet-stream' - fileExtension='.uls',mimeType='text/iuls' - fileExtension='.ustar',mimeType='application/x-ustar' - fileExtension='.vbs',mimeType='text/vbscript' - fileExtension='.vcf',mimeType='text/x-vcard' - fileExtension='.vcs',mimeType='text/plain' - fileExtension='.vdx',mimeType='application/vnd.ms-visio.viewer' - fileExtension='.vml',mimeType='text/xml' - fileExtension='.vsd',mimeType='application/vnd.visio' - fileExtension='.vss',mimeType='application/vnd.visio' - fileExtension='.vst',mimeType='application/vnd.visio' - fileExtension='.vsto',mimeType='application/x-ms-vsto' - fileExtension='.vsw',mimeType='application/vnd.visio' - fileExtension='.vsx',mimeType='application/vnd.visio' - fileExtension='.vtx',mimeType='application/vnd.visio' - fileExtension='.wav',mimeType='audio/wav' - fileExtension='.wax',mimeType='audio/x-ms-wax' - fileExtension='.wbmp',mimeType='image/vnd.wap.wbmp' - fileExtension='.wcm',mimeType='application/vnd.ms-works' - fileExtension='.wdb',mimeType='application/vnd.ms-works' - fileExtension='.webm',mimeType='video/webm' - fileExtension='.wks',mimeType='application/vnd.ms-works' - fileExtension='.wm',mimeType='video/x-ms-wm' - fileExtension='.wma',mimeType='audio/x-ms-wma' - fileExtension='.wmd',mimeType='application/x-ms-wmd' - fileExtension='.wmf',mimeType='application/x-msmetafile' - fileExtension='.wml',mimeType='text/vnd.wap.wml' - fileExtension='.wmlc',mimeType='application/vnd.wap.wmlc' - fileExtension='.wmls',mimeType='text/vnd.wap.wmlscript' - fileExtension='.wmlsc',mimeType='application/vnd.wap.wmlscriptc' - fileExtension='.wmp',mimeType='video/x-ms-wmp' - fileExtension='.wmv',mimeType='video/x-ms-wmv' - fileExtension='.wmx',mimeType='video/x-ms-wmx' - fileExtension='.wmz',mimeType='application/x-ms-wmz' - fileExtension='.woff',mimeType='font/x-woff' - fileExtension='.wps',mimeType='application/vnd.ms-works' - fileExtension='.wri',mimeType='application/x-mswrite' - fileExtension='.wrl',mimeType='x-world/x-vrml' - fileExtension='.wrz',mimeType='x-world/x-vrml' - fileExtension='.wsdl',mimeType='text/xml' - fileExtension='.wtv',mimeType='video/x-ms-wtv' - fileExtension='.wvx',mimeType='video/x-ms-wvx' - fileExtension='.x',mimeType='application/directx' - fileExtension='.xaf',mimeType='x-world/x-vrml' - fileExtension='.xaml',mimeType='application/xaml+xml' - fileExtension='.xap',mimeType='application/x-silverlight-app' - fileExtension='.xbap',mimeType='application/x-ms-xbap' - fileExtension='.xbm',mimeType='image/x-xbitmap' - fileExtension='.xdr',mimeType='text/plain' - fileExtension='.xht',mimeType='application/xhtml+xml' - fileExtension='.xhtml',mimeType='application/xhtml+xml' - fileExtension='.xla',mimeType='application/vnd.ms-excel' - fileExtension='.xlam',mimeType='application/vnd.ms-excel.addin.macroEnabled.12' - fileExtension='.xlc',mimeType='application/vnd.ms-excel' - fileExtension='.xlm',mimeType='application/vnd.ms-excel' - fileExtension='.xls',mimeType='application/vnd.ms-excel' - fileExtension='.xlsb',mimeType='application/vnd.ms-excel.sheet.binary.macroEnabled.12' - fileExtension='.xlsm',mimeType='application/vnd.ms-excel.sheet.macroEnabled.12' - fileExtension='.xlsx',mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' - fileExtension='.xlt',mimeType='application/vnd.ms-excel' - fileExtension='.xltm',mimeType='application/vnd.ms-excel.template.macroEnabled.12' - fileExtension='.xltx',mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.template' - fileExtension='.xlw',mimeType='application/vnd.ms-excel' - fileExtension='.xml',mimeType='text/xml' - fileExtension='.xof',mimeType='x-world/x-vrml' - fileExtension='.xpm',mimeType='image/x-xpixmap' - fileExtension='.xps',mimeType='application/vnd.ms-xpsdocument' - fileExtension='.xsd',mimeType='text/xml' - fileExtension='.xsf',mimeType='text/xml' - fileExtension='.xsl',mimeType='text/xml' - fileExtension='.xslt',mimeType='text/xml' - fileExtension='.xsn',mimeType='application/octet-stream' - fileExtension='.xtp',mimeType='application/octet-stream' - fileExtension='.xwd',mimeType='image/x-xwindowdump' - fileExtension='.z',mimeType='application/x-compress' - fileExtension='.zip',mimeType='application/x-zip-compressed - ) - end - end - end -end diff --git a/cookbooks/iis/libraries/helper.rb b/cookbooks/iis/libraries/helper.rb deleted file mode 100644 index 883ec4d..0000000 --- a/cookbooks/iis/libraries/helper.rb +++ /dev/null @@ -1,118 +0,0 @@ -# -# Cookbook:: iis -# Library:: helper -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module Opscode - module IIS - # Contains functions that are used throughout this cookbook - module Helper - @iis_version = nil - - if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - require 'chef/win32/version' - require 'win32/registry' - end - - require 'rexml/document' - require 'chef/mixin/shell_out' - - include Chef::Mixin::ShellOut - include REXML - include Windows::Helper - - def self.older_than_windows2008r2? - if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - win_version = Chef::ReservedNames::Win32::Version.new - win_version.windows_server_2008? || - win_version.windows_vista? || - win_version.windows_server_2003_r2? || - win_version.windows_home_server? || - win_version.windows_server_2003? || - win_version.windows_xp? || - win_version.windows_2000? - end - end - - def self.older_than_windows2012? - if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - win_version = Chef::ReservedNames::Win32::Version.new - win_version.windows_7? || - win_version.windows_server_2008_r2? || - win_version.windows_server_2008? || - win_version.windows_vista? || - win_version.windows_server_2003_r2? || - win_version.windows_home_server? || - win_version.windows_server_2003? || - win_version.windows_xp? || - win_version.windows_2000? - end - end - - def windows_cleanpath(path) - path = if defined?(Chef::Util::PathHelper.cleanpath).nil? - win_friendly_path(path) - else - Chef::Util::PathHelper.cleanpath(path) - end - # Remove any trailing slashes to prevent them from accidentally escaping any quotes. - path.tr('/', '\\') - end - - def application_cleanname(application_name) - if application_name.count('/') == 0 - "#{application_name}/" - elsif application_name.count('/') > 1 - application_name.chomp('/') - else - application_name - end - end - - def value(document, xpath) - XPath.first(document, xpath).to_s - end - - def bool(value) - value == 'true' - end - - def new_value?(document, xpath, value_to_check) - XPath.first(document, xpath).to_s != value_to_check.to_s - end - - def new_or_empty_value?(document, xpath, value_to_check) - value_to_check.to_s != '' && new_value?(document, xpath, value_to_check) - end - - def appcmd(node) - @appcmd ||= begin - "#{node['iis']['home']}\\appcmd.exe" - end - end - - def iis_version - if @iis_version.nil? - version_string = Win32::Registry::HKEY_LOCAL_MACHINE.open('SOFTWARE\Microsoft\InetStp').read('VersionString')[1] - version_string.slice! 'Version ' - @iis_version = version_string - end - @iis_version.to_f - end - end - end -end diff --git a/cookbooks/iis/libraries/matcher.rb b/cookbooks/iis/libraries/matcher.rb deleted file mode 100644 index 04c72ed..0000000 --- a/cookbooks/iis/libraries/matcher.rb +++ /dev/null @@ -1,73 +0,0 @@ -if defined?(ChefSpec) - - [:set, :clear, :config].each do |action| - self.class.send(:define_method, "#{action}_iis_config", proc do |config_name| - ChefSpec::Matchers::ResourceMatcher.new(:iis_config, action, config_name) - end - ) - end - - [:config, :add, :delete].each do |action| - self.class.send(:define_method, "#{action}_iis_app", proc do |app_name| - ChefSpec::Matchers::ResourceMatcher.new(:iis_app, action, app_name) - end - ) - end - - [:config].each do |action| - self.class.send(:define_method, "#{action}_iis_lock", proc do |section| - ChefSpec::Matchers::ResourceMatcher.new(:iis_lock, action, section) - end - ) - end - - [:add, :delete, :install, :uninstall].each do |action| - self.class.send(:define_method, "#{action}_iis_module", proc do |module_name| - ChefSpec::Matchers::ResourceMatcher.new(:iis_module, action, module_name) - end - ) - end - - [:add, :config, :delete, :start, :stop, :restart, :recycle].each do |action| - self.class.send(:define_method, "#{action}_iis_pool", proc do |pool_name| - ChefSpec::Matchers::ResourceMatcher.new(:iis_pool, action, pool_name) - end - ) - end - - [:add, :delete, :start, :stop, :restart, :config].each do |action| - self.class.send(:define_method, "#{action}_iis_site", proc do |site_name| - ChefSpec::Matchers::ResourceMatcher.new(:iis_site, action, site_name) - end - ) - end - - [:config].each do |action| - self.class.send(:define_method, "#{action}_iis_unlock", proc do |section| - ChefSpec::Matchers::ResourceMatcher.new(:iis_unlock, action, section) - end - ) - end - - [:add, :config, :delete].each do |action| - self.class.send(:define_method, "#{action}_iis_vdir", proc do |section| - ChefSpec::Matchers::ResourceMatcher.new(:iis_vdir, action, section) - end - ) - end - - define_method = if Gem.loaded_specs['chefspec'].version < Gem::Version.new('4.1.0') - ChefSpec::Runner.method(:define_runner_method) - else - ChefSpec.method(:define_matcher) - end - - define_method.call :iis_app - define_method.call :iis_config - define_method.call :iis_lock - define_method.call :iis_module - define_method.call :iis_pool - define_method.call :iis_site - define_method.call :iis_unlock - define_method.call :iis_vdir -end diff --git a/cookbooks/iis/libraries/processors.rb b/cookbooks/iis/libraries/processors.rb deleted file mode 100644 index 75f1fd0..0000000 --- a/cookbooks/iis/libraries/processors.rb +++ /dev/null @@ -1,120 +0,0 @@ -# -# Cookbook:: iis -# Library:: processors -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module Opscode - module IIS - # Contains functions that are used throughout this cookbook - module Processors - def current_default_documents_config(specifier = '') - cmd = shell_out! get_default_documents_command specifier - return unless cmd.stderr.empty? - xml = cmd.stdout - doc = REXML::Document.new xml - - { - default_documents_enabled: value(doc.root, 'CONFIG/system.webServer-defaultDocument/@enabled'), - default_documents: REXML::XPath.match(doc.root, 'CONFIG/system.webServer-defaultDocument/files/add/@value').map(&:value), - } - end - - def current_mime_maps_config(specifier = '') - # handles mime maps - cmd = shell_out! get_mime_map_command specifier - return unless cmd.stderr.empty? - xml = cmd.stdout - doc = REXML::Document.new xml - - REXML::XPath.match(doc.root, 'CONFIG/system.webServer-staticContent/mimeMap').map { |x| "fileExtension='#{x.attribute 'fileExtension'}',mimeType='#{x.attribute 'mimeType'}'" } - end - - def set_default_documents_enabled(value, specifier = '') - cmd = default_documents_command specifier - cmd << " /enabled:#{value}" - shell_out! cmd - end - - def set_default_documents(desired_default_documents, current_default_documents, add = true, remove = true, specifier = '') - cmd = default_documents_command specifier - Chef::Log.warn("new #{desired_default_documents} --- old #{current_default_documents}") - if add - (desired_default_documents - current_default_documents).each do |document| - cmd << " /+files.[value='#{document}']" - end - end - if remove && !add - (desired_default_documents - current_default_documents).each do |document| - cmd << " /-files.[value='#{document}']" - end - end - if remove && add - (current_default_documents - desired_default_documents).each do |document| - cmd << " /-files.[value='#{document}']" - end - end - - Chef::Log.warn("before cmd -- #{cmd}") - - return unless cmd != default_documents_command(specifier) - Chef::Log.warn("after cmd -- #{cmd}") - shell_out! cmd - end - - def set_mime_maps(desired_mime_maps, current_mime_maps, add = true, remove = true, specifier = '') - cmd = mime_map_command specifier - - if add - (desired_mime_maps - current_mime_maps).each do |mime_map| - cmd << " /+\"[#{mime_map}]\"" - end - end - if remove && !add - (desired_mime_maps - current_mime_maps).each do |mime_map| - cmd << " /-\"[#{mime_map}]\"" - end - end - if remove && add - (current_mime_maps - desired_mime_maps).each do |mime_map| - cmd << " /-\"[#{mime_map}]\"" - end - end - - return unless cmd != mime_map_command(specifier) - shell_out! cmd - end - - private - - def get_default_documents_command(specifier = '') - "#{appcmd(node)} list config #{specifier} /section:defaultDocument /config:* /xml" - end - - def default_documents_command(specifier = '') - "#{appcmd(node)} set config #{specifier} /section:defaultDocument" - end - - def get_mime_map_command(specifier = '') - "#{appcmd(node)} list config #{specifier} /section:staticContent /config:* /xml" - end - - def mime_map_command(specifier = '') - "#{appcmd(node)} set config #{specifier} /section:staticContent" - end - end - end -end diff --git a/cookbooks/iis/libraries/section_helper.rb b/cookbooks/iis/libraries/section_helper.rb deleted file mode 100644 index 8cea5e5..0000000 --- a/cookbooks/iis/libraries/section_helper.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Cookbook:: iis -# Library:: section-helper -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module Opscode - module IIS - # Contains functions that are used throughout this cookbook - module SectionHelper - require 'rexml/document' - include REXML - - def lock(node, section, location = '', returns = [0]) - cmd_list_section node, :lock, section, location, returns - end - - def unlock(node, section, location = '', returns = [0]) - cmd_list_section node, :unlock, section, location, returns - end - - def override_mode(node, action, section, location = '', returns = [0]) - cmd_list_section(node, action, section, location, returns) - end - - def get_current_lock(node, section, location = '') - command_path = 'MACHINE/WEBROOT/APPHOST' - command_path << "/#{location}" if location - cmd = "#{appcmd(node)} list config \"#{command_path}}\"" - cmd << " -section:#{section} -commit:apphost /config:* /xml" - result = shell_out cmd - if result.stderr.empty? - xml = result.stdout - doc = Document.new xml - value(doc.root, 'CONFIG/@overrideMode') - else - Chef::Log.info(result.stderr) - end - - nil - end - - def cmd_section(node, check, section, location, returns) - cmd = "#{appcmd(node)} set config \"MACHINE/WEBROOT/APPHOST/#{location}\"" - cmd << " -section:\"#{section}\" -overrideMode:#{check}" - cmd << ' -commit:apphost' - Chef::Log.debug(cmd) - shell_out!(cmd, returns: returns) - - return unless location - cmd = "#{appcmd(node)} set config \"MACHINE/WEBROOT/APPHOST/#{location}\"" - cmd << " -section:\"#{section}\" -overrideMode:#{check}" - Chef::Log.debug(cmd) - shell_out!(cmd, returns: returns) - end - - def cmd_list_section(node, action, section, location, returns) - current_lock = get_current_lock(node, section, location) - check = action if action == 'Inherit' - check = (action == :lock ? 'Deny' : 'Allow') if action != 'Inherit' - - cmd_section node, check, section, location, returns unless current_lock == check - end - end - end -end diff --git a/cookbooks/iis/metadata.json b/cookbooks/iis/metadata.json deleted file mode 100644 index 8d06047..0000000 --- a/cookbooks/iis/metadata.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"iis","version":"6.7.1","description":"Installs/Configures Microsoft Internet Information Services","long_description":"# iis Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/f4gnv54b97rw1pbg/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/iis/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/iis.svg)](https://supermarket.chef.io/cookbooks/iis)\n\nInstalls and configures Microsoft Internet Information Services (IIS) 7.0 and later\n\n## Contents\n\n- [Attributes](#attributes)\n- [Resource/Provider](#resourceprovider)\n\n - [iis_root](#iis_root) Allows for easy management of the IIS Root Machine settings\n - [iis_site](#iis_site) Allows for easy management of IIS virtual sites (ie vhosts).\n - [iis_config](#iis_config) Runs a config command on your IIS instance.\n - [iis_pool](#iis_pool) Creates an application pool in IIS.\n - [iis_app](#iis_app) Creates an application in IIS.\n - [iis_vdir](#iis_vdir) Allows easy management of IIS virtual directories (i.e. vdirs).\n - [iis_section](#iis_section) Allows for the locking/unlocking of application web.config sections.\n - [iis_module](#iis_module) Manages modules globally or on a per site basis.\n\n- [Usage](#usage)\n\n - [default](#default) Default recipe\n - [mod_*](#mod_) Recipes for installing individual IIS modules (extensions).\n\n- [Alternatives](#alternative-cookbooks)\n\n- [License and Author](#license-and-author)\n\n## Requirements\n\n### Platforms\n\n- Windows Server 2008 (R1, R2)\n- Windows Server 2012 (R1, R2)\n- Windows Server 2016\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- windows\n\n## Attributes\n\n- `node['iis']['home']` - IIS main home directory. default is `%WINDIR%\\System32\\inetsrv`\n- `node['iis']['conf_dir']` - location where main IIS configs lives. default is `%WINDIR%\\System32\\inetsrv\\config`\n- `node['iis']['pubroot']` - . default is `%SYSTEMDRIVE%\\inetpub`\n- `node['iis']['docroot']` - IIS web site home directory. default is `%SYSTEMDRIVE%\\inetpub\\wwwroot`\n- `node['iis']['log_dir']` - location of IIS logs. default is `%SYSTEMDRIVE%\\inetpub\\logs\\LogFiles`\n- `node['iis']['cache_dir']` - location of cached data. default is `%SYSTEMDRIVE%\\inetpub\\temp`\n\n## Resource/Provider\n\n### iis_root\n\nAllows for easy management of the IIS Root Machine settings\n\n#### Actions\n\n`default` = `:config`\n\n- `:add` - only does addition operations will not delete anything to an Array object\n- `:delete` - only does deletion operations will not add anything to an Array object\n- `:config` - does both addition and deletion make sure your Array objects contain everything you want\n\n#### Properties\n\n- `default_documents_enabled` - Enables or disables default_documents for the root machine, Valid Values: true, false default: `true`\n- `default_documents` - The items you want to set as the default document collection, only used during `:config`. Array of strings, default: `['Default.htm', 'Default.asp', 'index.htm', 'index.html', 'iisstart.htm', 'default.aspx']`\n- `mime_maps` - The items you want to set as the mime-maps or mime-types collection, only used during `:config`. Array of strings, default:\n\n ```ruby\n [\"fileExtension='.323',mimeType='text/h323'\", \"fileExtension='.3g2',mimeType='video/3gpp2'\", \"fileExtension='.3gp2',mimeType='video/3gpp2'\", \"fileExtension='.3gp',mimeType='video/3gpp'\", \"fileExtension='.3gpp',mimeType='video/3gpp'\", \"fileExtension='.aaf',mimeType='application/octet-stream'\", \"fileExtension='.aac',mimeType='audio/aac'\", \"fileExtension='.aca',mimeType='application/octet-stream'\", \"fileExtension='.accdb',mimeType='application/msaccess'\", \"fileExtension='.accde',mimeType='application/msaccess'\", \"fileExtension='.accdt',mimeType='application/msaccess'\", \"fileExtension='.acx',mimeType='application/internet-property-stream'\", \"fileExtension='.adt',mimeType='audio/vnd.dlna.adts'\", \"fileExtension='.adts',mimeType='audio/vnd.dlna.adts'\", \"fileExtension='.afm',mimeType='application/octet-stream'\", \"fileExtension='.ai',mimeType='application/postscript'\", \"fileExtension='.aif',mimeType='audio/x-aiff'\", \"fileExtension='.aifc',mimeType='audio/aiff'\", \"fileExtension='.aiff',mimeType='audio/aiff'\", \"fileExtension='.application',mimeType='application/x-ms-application'\", \"fileExtension='.art',mimeType='image/x-jg'\", \"fileExtension='.asd',mimeType='application/octet-stream'\", \"fileExtension='.asf',mimeType='video/x-ms-asf'\", \"fileExtension='.asi',mimeType='application/octet-stream'\", \"fileExtension='.asm',mimeType='text/plain'\", \"fileExtension='.asr',mimeType='video/x-ms-asf'\", \"fileExtension='.asx',mimeType='video/x-ms-asf'\", \"fileExtension='.atom',mimeType='application/atom+xml'\", \"fileExtension='.au',mimeType='audio/basic'\", \"fileExtension='.avi',mimeType='video/avi'\", \"fileExtension='.axs',mimeType='application/olescript'\", \"fileExtension='.bas',mimeType='text/plain'\", \"fileExtension='.bcpio',mimeType='application/x-bcpio'\", \"fileExtension='.bin',mimeType='application/octet-stream'\", \"fileExtension='.bmp',mimeType='image/bmp'\", \"fileExtension='.c',mimeType='text/plain'\", \"fileExtension='.cab',mimeType='application/vnd.ms-cab-compressed'\", \"fileExtension='.calx',mimeType='application/vnd.ms-office.calx'\", \"fileExtension='.cat',mimeType='application/vnd.ms-pki.seccat'\", \"fileExtension='.cdf',mimeType='application/x-cdf'\", \"fileExtension='.chm',mimeType='application/octet-stream'\", \"fileExtension='.class',mimeType='application/x-java-applet'\", \"fileExtension='.clp',mimeType='application/x-msclip'\", \"fileExtension='.cmx',mimeType='image/x-cmx'\", \"fileExtension='.cnf',mimeType='text/plain'\", \"fileExtension='.cod',mimeType='image/cis-cod'\", \"fileExtension='.cpio',mimeType='application/x-cpio'\", \"fileExtension='.cpp',mimeType='text/plain'\", \"fileExtension='.crd',mimeType='application/x-mscardfile'\", \"fileExtension='.crl',mimeType='application/pkix-crl'\", \"fileExtension='.crt',mimeType='application/x-x509-ca-cert'\", \"fileExtension='.csh',mimeType='application/x-csh'\", \"fileExtension='.css',mimeType='text/css'\", \"fileExtension='.csv',mimeType='application/octet-stream'\", \"fileExtension='.cur',mimeType='application/octet-stream'\", \"fileExtension='.dcr',mimeType='application/x-director'\", \"fileExtension='.deploy',mimeType='application/octet-stream'\", \"fileExtension='.der',mimeType='application/x-x509-ca-cert'\", \"fileExtension='.dib',mimeType='image/bmp'\", \"fileExtension='.dir',mimeType='application/x-director'\", \"fileExtension='.disco',mimeType='text/xml'\", \"fileExtension='.dll',mimeType='application/x-msdownload'\", \"fileExtension='.dll.config',mimeType='text/xml'\", \"fileExtension='.dlm',mimeType='text/dlm'\", \"fileExtension='.doc',mimeType='application/msword'\", \"fileExtension='.docm',mimeType='application/vnd.ms-word.document.macroEnabled.12'\", \"fileExtension='.docx',mimeType='application/vnd.openxmlformats-officedocument.wordprocessingml.document'\", \"fileExtension='.dot',mimeType='application/msword'\", \"fileExtension='.dotm',mimeType='application/vnd.ms-word.template.macroEnabled.12'\", \"fileExtension='.dotx',mimeType='application/vnd.openxmlformats-officedocument.wordprocessingml.template'\", \"fileExtension='.dsp',mimeType='application/octet-stream'\", \"fileExtension='.dtd',mimeType='text/xml'\", \"fileExtension='.dvi',mimeType='application/x-dvi'\", \"fileExtension='.dvr-ms',mimeType='video/x-ms-dvr'\", \"fileExtension='.dwf',mimeType='drawing/x-dwf'\", \"fileExtension='.dwp',mimeType='application/octet-stream'\", \"fileExtension='.dxr',mimeType='application/x-director'\", \"fileExtension='.eml',mimeType='message/rfc822'\", \"fileExtension='.emz',mimeType='application/octet-stream'\", \"fileExtension='.eot',mimeType='application/vnd.ms-fontobject'\", \"fileExtension='.eps',mimeType='application/postscript'\", \"fileExtension='.etx',mimeType='text/x-setext'\", \"fileExtension='.evy',mimeType='application/envoy'\", \"fileExtension='.exe',mimeType='application/octet-stream'\", \"fileExtension='.exe.config',mimeType='text/xml'\", \"fileExtension='.fdf',mimeType='application/vnd.fdf'\", \"fileExtension='.fif',mimeType='application/fractals'\", \"fileExtension='.fla',mimeType='application/octet-stream'\", \"fileExtension='.flr',mimeType='x-world/x-vrml'\", \"fileExtension='.flv',mimeType='video/x-flv'\", \"fileExtension='.gif',mimeType='image/gif'\", \"fileExtension='.gtar',mimeType='application/x-gtar'\", \"fileExtension='.gz',mimeType='application/x-gzip'\", \"fileExtension='.h',mimeType='text/plain'\", \"fileExtension='.hdf',mimeType='application/x-hdf'\", \"fileExtension='.hdml',mimeType='text/x-hdml'\", \"fileExtension='.hhc',mimeType='application/x-oleobject'\", \"fileExtension='.hhk',mimeType='application/octet-stream'\", \"fileExtension='.hhp',mimeType='application/octet-stream'\", \"fileExtension='.hlp',mimeType='application/winhlp'\", \"fileExtension='.hqx',mimeType='application/mac-binhex40'\", \"fileExtension='.hta',mimeType='application/hta'\", \"fileExtension='.htc',mimeType='text/x-component'\", \"fileExtension='.htm',mimeType='text/html'\", \"fileExtension='.html',mimeType='text/html'\", \"fileExtension='.htt',mimeType='text/webviewhtml'\", \"fileExtension='.hxt',mimeType='text/html'\", \"fileExtension='.ico',mimeType='image/x-icon'\", \"fileExtension='.ics',mimeType='text/calendar'\", \"fileExtension='.ief',mimeType='image/ief'\", \"fileExtension='.iii',mimeType='application/x-iphone'\", \"fileExtension='.inf',mimeType='application/octet-stream'\", \"fileExtension='.ins',mimeType='application/x-internet-signup'\", \"fileExtension='.isp',mimeType='application/x-internet-signup'\", \"fileExtension='.IVF',mimeType='video/x-ivf'\", \"fileExtension='.jar',mimeType='application/java-archive'\", \"fileExtension='.java',mimeType='application/octet-stream'\", \"fileExtension='.jck',mimeType='application/liquidmotion'\", \"fileExtension='.jcz',mimeType='application/liquidmotion'\", \"fileExtension='.jfif',mimeType='image/pjpeg'\", \"fileExtension='.jpb',mimeType='application/octet-stream'\", \"fileExtension='.jpe',mimeType='image/jpeg'\", \"fileExtension='.jpeg',mimeType='image/jpeg'\", \"fileExtension='.jpg',mimeType='image/jpeg'\", \"fileExtension='.js',mimeType='application/javascript'\", \"fileExtension='.json',mimeType='application/json'\", \"fileExtension='.jsx',mimeType='text/jscript'\", \"fileExtension='.latex',mimeType='application/x-latex'\", \"fileExtension='.lit',mimeType='application/x-ms-reader'\", \"fileExtension='.lpk',mimeType='application/octet-stream'\", \"fileExtension='.lsf',mimeType='video/x-la-asf'\", \"fileExtension='.lsx',mimeType='video/x-la-asf'\", \"fileExtension='.lzh',mimeType='application/octet-stream'\", \"fileExtension='.m13',mimeType='application/x-msmediaview'\", \"fileExtension='.m14',mimeType='application/x-msmediaview'\", \"fileExtension='.m1v',mimeType='video/mpeg'\", \"fileExtension='.m2ts',mimeType='video/vnd.dlna.mpeg-tts'\", \"fileExtension='.m3u',mimeType='audio/x-mpegurl'\", \"fileExtension='.m4a',mimeType='audio/mp4'\", \"fileExtension='.m4v',mimeType='video/mp4'\", \"fileExtension='.man',mimeType='application/x-troff-man'\", \"fileExtension='.manifest',mimeType='application/x-ms-manifest'\", \"fileExtension='.map',mimeType='text/plain'\", \"fileExtension='.mdb',mimeType='application/x-msaccess'\", \"fileExtension='.mdp',mimeType='application/octet-stream'\", \"fileExtension='.me',mimeType='application/x-troff-me'\", \"fileExtension='.mht',mimeType='message/rfc822'\", \"fileExtension='.mhtml',mimeType='message/rfc822'\", \"fileExtension='.mid',mimeType='audio/mid'\", \"fileExtension='.midi',mimeType='audio/mid'\", \"fileExtension='.mix',mimeType='application/octet-stream'\", \"fileExtension='.mmf',mimeType='application/x-smaf'\", \"fileExtension='.mno',mimeType='text/xml'\", \"fileExtension='.mny',mimeType='application/x-msmoney'\", \"fileExtension='.mov',mimeType='video/quicktime'\", \"fileExtension='.movie',mimeType='video/x-sgi-movie'\", \"fileExtension='.mp2',mimeType='video/mpeg'\", \"fileExtension='.mp3',mimeType='audio/mpeg'\", \"fileExtension='.mp4',mimeType='video/mp4'\", \"fileExtension='.mp4v',mimeType='video/mp4'\", \"fileExtension='.mpa',mimeType='video/mpeg'\", \"fileExtension='.mpe',mimeType='video/mpeg'\", \"fileExtension='.mpeg',mimeType='video/mpeg'\", \"fileExtension='.mpg',mimeType='video/mpeg'\", \"fileExtension='.mpp',mimeType='application/vnd.ms-project'\", \"fileExtension='.mpv2',mimeType='video/mpeg'\", \"fileExtension='.ms',mimeType='application/x-troff-ms'\", \"fileExtension='.msi',mimeType='application/octet-stream'\", \"fileExtension='.mso',mimeType='application/octet-stream'\", \"fileExtension='.mvb',mimeType='application/x-msmediaview'\", \"fileExtension='.mvc',mimeType='application/x-miva-compiled'\", \"fileExtension='.nc',mimeType='application/x-netcdf'\", \"fileExtension='.nsc',mimeType='video/x-ms-asf'\", \"fileExtension='.nws',mimeType='message/rfc822'\", \"fileExtension='.ocx',mimeType='application/octet-stream'\", \"fileExtension='.oda',mimeType='application/oda'\", \"fileExtension='.odc',mimeType='text/x-ms-odc'\", \"fileExtension='.ods',mimeType='application/oleobject'\", \"fileExtension='.oga',mimeType='audio/ogg'\", \"fileExtension='.ogg',mimeType='video/ogg'\", \"fileExtension='.ogv',mimeType='video/ogg'\", \"fileExtension='.one',mimeType='application/onenote'\", \"fileExtension='.onea',mimeType='application/onenote'\", \"fileExtension='.onetoc',mimeType='application/onenote'\", \"fileExtension='.onetoc2',mimeType='application/onenote'\", \"fileExtension='.onetmp',mimeType='application/onenote'\", \"fileExtension='.onepkg',mimeType='application/onenote'\", \"fileExtension='.osdx',mimeType='application/opensearchdescription+xml'\", \"fileExtension='.otf',mimeType='font/otf'\", \"fileExtension='.p10',mimeType='application/pkcs10'\", \"fileExtension='.p12',mimeType='application/x-pkcs12'\", \"fileExtension='.p7b',mimeType='application/x-pkcs7-certificates'\", \"fileExtension='.p7c',mimeType='application/pkcs7-mime'\", \"fileExtension='.p7m',mimeType='application/pkcs7-mime'\", \"fileExtension='.p7r',mimeType='application/x-pkcs7-certreqresp'\", \"fileExtension='.p7s',mimeType='application/pkcs7-signature'\", \"fileExtension='.pbm',mimeType='image/x-portable-bitmap'\", \"fileExtension='.pcx',mimeType='application/octet-stream'\", \"fileExtension='.pcz',mimeType='application/octet-stream'\", \"fileExtension='.pdf',mimeType='application/pdf'\", \"fileExtension='.pfb',mimeType='application/octet-stream'\", \"fileExtension='.pfm',mimeType='application/octet-stream'\", \"fileExtension='.pfx',mimeType='application/x-pkcs12'\", \"fileExtension='.pgm',mimeType='image/x-portable-graymap'\", \"fileExtension='.pko',mimeType='application/vnd.ms-pki.pko'\", \"fileExtension='.pma',mimeType='application/x-perfmon'\", \"fileExtension='.pmc',mimeType='application/x-perfmon'\", \"fileExtension='.pml',mimeType='application/x-perfmon'\", \"fileExtension='.pmr',mimeType='application/x-perfmon'\", \"fileExtension='.pmw',mimeType='application/x-perfmon'\", \"fileExtension='.png',mimeType='image/png'\", \"fileExtension='.pnm',mimeType='image/x-portable-anymap'\", \"fileExtension='.pnz',mimeType='image/png'\", \"fileExtension='.pot',mimeType='application/vnd.ms-powerpoint'\", \"fileExtension='.potm',mimeType='application/vnd.ms-powerpoint.template.macroEnabled.12'\", \"fileExtension='.potx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.template'\", \"fileExtension='.ppam',mimeType='application/vnd.ms-powerpoint.addin.macroEnabled.12'\", \"fileExtension='.ppm',mimeType='image/x-portable-pixmap'\", \"fileExtension='.pps',mimeType='application/vnd.ms-powerpoint'\", \"fileExtension='.ppsm',mimeType='application/vnd.ms-powerpoint.slideshow.macroEnabled.12'\", \"fileExtension='.ppsx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.slideshow'\", \"fileExtension='.ppt',mimeType='application/vnd.ms-powerpoint'\", \"fileExtension='.pptm',mimeType='application/vnd.ms-powerpoint.presentation.macroEnabled.12'\", \"fileExtension='.pptx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.presentation'\", \"fileExtension='.prf',mimeType='application/pics-rules'\", \"fileExtension='.prm',mimeType='application/octet-stream'\", \"fileExtension='.prx',mimeType='application/octet-stream'\", \"fileExtension='.ps',mimeType='application/postscript'\", \"fileExtension='.psd',mimeType='application/octet-stream'\", \"fileExtension='.psm',mimeType='application/octet-stream'\", \"fileExtension='.psp',mimeType='application/octet-stream'\", \"fileExtension='.pub',mimeType='application/x-mspublisher'\", \"fileExtension='.qt',mimeType='video/quicktime'\", \"fileExtension='.qtl',mimeType='application/x-quicktimeplayer'\", \"fileExtension='.qxd',mimeType='application/octet-stream'\", \"fileExtension='.ra',mimeType='audio/x-pn-realaudio'\", \"fileExtension='.ram',mimeType='audio/x-pn-realaudio'\", \"fileExtension='.rar',mimeType='application/octet-stream'\", \"fileExtension='.ras',mimeType='image/x-cmu-raster'\", \"fileExtension='.rf',mimeType='image/vnd.rn-realflash'\", \"fileExtension='.rgb',mimeType='image/x-rgb'\", \"fileExtension='.rm',mimeType='application/vnd.rn-realmedia'\", \"fileExtension='.rmi',mimeType='audio/mid'\", \"fileExtension='.roff',mimeType='application/x-troff'\", \"fileExtension='.rpm',mimeType='audio/x-pn-realaudio-plugin'\", \"fileExtension='.rtf',mimeType='application/rtf'\", \"fileExtension='.rtx',mimeType='text/richtext'\", \"fileExtension='.scd',mimeType='application/x-msschedule'\", \"fileExtension='.sct',mimeType='text/scriptlet'\", \"fileExtension='.sea',mimeType='application/octet-stream'\", \"fileExtension='.setpay',mimeType='application/set-payment-initiation'\", \"fileExtension='.setreg',mimeType='application/set-registration-initiation'\", \"fileExtension='.sgml',mimeType='text/sgml'\", \"fileExtension='.sh',mimeType='application/x-sh'\", \"fileExtension='.shar',mimeType='application/x-shar'\", \"fileExtension='.sit',mimeType='application/x-stuffit'\", \"fileExtension='.sldm',mimeType='application/vnd.ms-powerpoint.slide.macroEnabled.12'\", \"fileExtension='.sldx',mimeType='application/vnd.openxmlformats-officedocument.presentationml.slide'\", \"fileExtension='.smd',mimeType='audio/x-smd'\", \"fileExtension='.smi',mimeType='application/octet-stream'\", \"fileExtension='.smx',mimeType='audio/x-smd'\", \"fileExtension='.smz',mimeType='audio/x-smd'\", \"fileExtension='.snd',mimeType='audio/basic'\", \"fileExtension='.snp',mimeType='application/octet-stream'\", \"fileExtension='.spc',mimeType='application/x-pkcs7-certificates'\", \"fileExtension='.spl',mimeType='application/futuresplash'\", \"fileExtension='.spx',mimeType='audio/ogg'\", \"fileExtension='.src',mimeType='application/x-wais-source'\", \"fileExtension='.ssm',mimeType='application/streamingmedia'\", \"fileExtension='.sst',mimeType='application/vnd.ms-pki.certstore'\", \"fileExtension='.stl',mimeType='application/vnd.ms-pki.stl'\", \"fileExtension='.sv4cpio',mimeType='application/x-sv4cpio'\", \"fileExtension='.sv4crc',mimeType='application/x-sv4crc'\", \"fileExtension='.svg',mimeType='image/svg+xml'\", \"fileExtension='.svgz',mimeType='image/svg+xml'\", \"fileExtension='.swf',mimeType='application/x-shockwave-flash'\", \"fileExtension='.t',mimeType='application/x-troff'\", \"fileExtension='.tar',mimeType='application/x-tar'\", \"fileExtension='.tcl',mimeType='application/x-tcl'\", \"fileExtension='.tex',mimeType='application/x-tex'\", \"fileExtension='.texi',mimeType='application/x-texinfo'\", \"fileExtension='.texinfo',mimeType='application/x-texinfo'\", \"fileExtension='.tgz',mimeType='application/x-compressed'\", \"fileExtension='.thmx',mimeType='application/vnd.ms-officetheme'\", \"fileExtension='.thn',mimeType='application/octet-stream'\", \"fileExtension='.tif',mimeType='image/tiff'\", \"fileExtension='.tiff',mimeType='image/tiff'\", \"fileExtension='.toc',mimeType='application/octet-stream'\", \"fileExtension='.tr',mimeType='application/x-troff'\", \"fileExtension='.trm',mimeType='application/x-msterminal'\", \"fileExtension='.ts',mimeType='video/vnd.dlna.mpeg-tts'\", \"fileExtension='.tsv',mimeType='text/tab-separated-values'\", \"fileExtension='.ttf',mimeType='application/octet-stream'\", \"fileExtension='.tts',mimeType='video/vnd.dlna.mpeg-tts'\", \"fileExtension='.txt',mimeType='text/plain'\", \"fileExtension='.u32',mimeType='application/octet-stream'\", \"fileExtension='.uls',mimeType='text/iuls'\", \"fileExtension='.ustar',mimeType='application/x-ustar'\", \"fileExtension='.vbs',mimeType='text/vbscript'\", \"fileExtension='.vcf',mimeType='text/x-vcard'\", \"fileExtension='.vcs',mimeType='text/plain'\", \"fileExtension='.vdx',mimeType='application/vnd.ms-visio.viewer'\", \"fileExtension='.vml',mimeType='text/xml'\", \"fileExtension='.vsd',mimeType='application/vnd.visio'\", \"fileExtension='.vss',mimeType='application/vnd.visio'\", \"fileExtension='.vst',mimeType='application/vnd.visio'\", \"fileExtension='.vsto',mimeType='application/x-ms-vsto'\", \"fileExtension='.vsw',mimeType='application/vnd.visio'\", \"fileExtension='.vsx',mimeType='application/vnd.visio'\", \"fileExtension='.vtx',mimeType='application/vnd.visio'\", \"fileExtension='.wav',mimeType='audio/wav'\", \"fileExtension='.wax',mimeType='audio/x-ms-wax'\", \"fileExtension='.wbmp',mimeType='image/vnd.wap.wbmp'\", \"fileExtension='.wcm',mimeType='application/vnd.ms-works'\", \"fileExtension='.wdb',mimeType='application/vnd.ms-works'\", \"fileExtension='.webm',mimeType='video/webm'\", \"fileExtension='.wks',mimeType='application/vnd.ms-works'\", \"fileExtension='.wm',mimeType='video/x-ms-wm'\", \"fileExtension='.wma',mimeType='audio/x-ms-wma'\", \"fileExtension='.wmd',mimeType='application/x-ms-wmd'\", \"fileExtension='.wmf',mimeType='application/x-msmetafile'\", \"fileExtension='.wml',mimeType='text/vnd.wap.wml'\", \"fileExtension='.wmlc',mimeType='application/vnd.wap.wmlc'\", \"fileExtension='.wmls',mimeType='text/vnd.wap.wmlscript'\", \"fileExtension='.wmlsc',mimeType='application/vnd.wap.wmlscriptc'\", \"fileExtension='.wmp',mimeType='video/x-ms-wmp'\", \"fileExtension='.wmv',mimeType='video/x-ms-wmv'\", \"fileExtension='.wmx',mimeType='video/x-ms-wmx'\", \"fileExtension='.wmz',mimeType='application/x-ms-wmz'\", \"fileExtension='.woff',mimeType='font/x-woff'\", \"fileExtension='.wps',mimeType='application/vnd.ms-works'\", \"fileExtension='.wri',mimeType='application/x-mswrite'\", \"fileExtension='.wrl',mimeType='x-world/x-vrml'\", \"fileExtension='.wrz',mimeType='x-world/x-vrml'\", \"fileExtension='.wsdl',mimeType='text/xml'\", \"fileExtension='.wtv',mimeType='video/x-ms-wtv'\", \"fileExtension='.wvx',mimeType='video/x-ms-wvx'\", \"fileExtension='.x',mimeType='application/directx'\", \"fileExtension='.xaf',mimeType='x-world/x-vrml'\", \"fileExtension='.xaml',mimeType='application/xaml+xml'\", \"fileExtension='.xap',mimeType='application/x-silverlight-app'\", \"fileExtension='.xbap',mimeType='application/x-ms-xbap'\", \"fileExtension='.xbm',mimeType='image/x-xbitmap'\", \"fileExtension='.xdr',mimeType='text/plain'\", \"fileExtension='.xht',mimeType='application/xhtml+xml'\", \"fileExtension='.xhtml',mimeType='application/xhtml+xml'\", \"fileExtension='.xla',mimeType='application/vnd.ms-excel'\", \"fileExtension='.xlam',mimeType='application/vnd.ms-excel.addin.macroEnabled.12'\", \"fileExtension='.xlc',mimeType='application/vnd.ms-excel'\", \"fileExtension='.xlm',mimeType='application/vnd.ms-excel'\", \"fileExtension='.xls',mimeType='application/vnd.ms-excel'\", \"fileExtension='.xlsb',mimeType='application/vnd.ms-excel.sheet.binary.macroEnabled.12'\", \"fileExtension='.xlsm',mimeType='application/vnd.ms-excel.sheet.macroEnabled.12'\", \"fileExtension='.xlsx',mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'\", \"fileExtension='.xlt',mimeType='application/vnd.ms-excel'\", \"fileExtension='.xltm',mimeType='application/vnd.ms-excel.template.macroEnabled.12'\", \"fileExtension='.xltx',mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.template'\", \"fileExtension='.xlw',mimeType='application/vnd.ms-excel'\", \"fileExtension='.xml',mimeType='text/xml'\", \"fileExtension='.xof',mimeType='x-world/x-vrml'\", \"fileExtension='.xpm',mimeType='image/x-xpixmap'\", \"fileExtension='.xps',mimeType='application/vnd.ms-xpsdocument'\", \"fileExtension='.xsd',mimeType='text/xml'\", \"fileExtension='.xsf',mimeType='text/xml'\", \"fileExtension='.xsl',mimeType='text/xml'\", \"fileExtension='.xslt',mimeType='text/xml'\", \"fileExtension='.xsn',mimeType='application/octet-stream'\", \"fileExtension='.xtp',mimeType='application/octet-stream'\", \"fileExtension='.xwd',mimeType='image/x-xwindowdump'\", \"fileExtension='.z',mimeType='application/x-compress'\", \"fileExtension='.zip',mimeType='application/x-zip-compressed'\"]\n ```\n\n- `add_default_documents` - The items you want to add to the default document collection, only used during `:add`. Array of strings, default: `[]`\n\n- `add_mime_maps` - The items you want to add to the mime-map/mime-type collection, only used during `:add`. Array of strings, default: `[]`\n\n- `delete_default_documents` - The items you want to delete from the default document collection, only used during `:delete`. Array of strings, default: `[]`\n\n- `delete_mime_maps` - The items you want to delete from the mime-map/mime-type collection, only used during `:delete`. Array of strings, default: `[]`\n\n#### Examples\n\n```ruby\n# Add foo.html to default documents, and add '.dmg' as mime type extension at root level\niis_root 'add stuff' do\n add_default_documents ['foo.html']\n add_mime_maps [\"fileExtension='.dmg',mimeType='application/octet-stream'\"]\n action :add\nend\n```\n\n```ruby\n# Remove index.html from default document and .323 as a mime type at root level\niis_root 'delete stuff' do\n delete_default_documents ['index.html']\n delete_mime_maps [\"fileExtension='.323',mimeType='text/h323'\"]\n action :delete\nend\n```\n\n### iis_site\n\nAllows for easy management of IIS virtual sites (ie vhosts).\n\n#### Actions\n\n- `:add` - add a new virtual site\n- `:config` - apply configuration to an existing virtual site\n- `:delete` - delete an existing virtual site\n- `:start` - start a virtual site\n- `:stop` - stop a virtual site\n- `:restart` - restart a virtual site\n\n#### Properties\n\n- `site_name` - name attribute.\n- `site_id` - if not given IIS generates a unique ID for the site\n- `path` - IIS will create a root application and a root virtual directory mapped to this specified local path\n- `protocol` - http protocol type the site should respond to. valid values are :http, :https. default is :http\n- `port` - port site will listen on. default is 80\n- `host_header` - host header (also known as domains or host names) the site should map to. default is all host headers\n- `options` - additional options to configure the site\n- `bindings` - Advanced options to configure the information required for requests to communicate with a Web site. See for parameter format. When binding is used, port protocol and host_header should not be used.\n- `application_pool` - set the application pool of the site\n- `options` - support for additional options -logDir, -limits, -ftpServer, etc...\n- `log_directory` - specifies the logging directory, where the log file and logging-related support files are stored.\n- `log_period` - specifies how often iis creates a new log file\n- `log_truncsize` - specifies the maximum size of the log file (in bytes) after which to create a new log file.\n\n#### Examples\n\n```ruby\n# stop and delete the default site\niis_site 'Default Web Site' do\n action [:stop, :delete]\nend\n```\n\n```ruby\n# create and start a new site that maps to\n# the physical location C:\\inetpub\\wwwroot\\testfu\n# first the physical location must exist\ndirectory \"#{node['iis']['docroot']}/testfu\" do\n action :create\nend\n\n# now create and start the site (note this will use the default application pool which must exist)\niis_site 'Testfu Site' do\n protocol :http\n port 80\n path \"#{node['iis']['docroot']}/testfu\"\n action [:add,:start]\nend\n```\n\n```ruby\n# do the same but map to testfu.chef.io domain\n# first the physical location must exist\ndirectory \"#{node['iis']['docroot']}/testfu\" do\n action :create\nend\n\n# now create and start the site (note this will use the default application pool which must exist)\niis_site 'Testfu Site' do\n protocol :http\n port 80\n path \"#{node['iis']['docroot']}/testfu\"\n host_header \"testfu.chef.io\"\n action [:add,:start]\nend\n```\n\n```ruby\n# create and start a new site that maps to\n# the physical C:\\inetpub\\wwwroot\\testfu\n# first the physical location must exist\ndirectory \"#{node['iis']['docroot']}/testfu\" do\n action :create\nend\n\n# also adds bindings to http and https\n# binding http to the ip address 10.12.0.136,\n# the port 80, and the host header www.domain.com\n# also binding https to any ip address,\n# the port 443, and the host header www.domain.com\n# now create and start the site (note this will use the default application pool which must exist)\niis_site 'FooBar Site' do\n bindings \"http/10.12.0.136:80:www.domain.com,https/*:443:www.domain.com\n path \"#{node['iis']['docroot']}/testfu\"\n action [:add,:start]\nend\n```\n\n### iis_config\n\nRuns a config command on your IIS instance.\n\n#### Actions\n\n- `:set` - Edit configuration section (appcmd set config)\n- `:clear` - Clear the section configuration (appcmd clear config)\n\n#### Properties\n\n- `cfg_cmd` - name attribute. What ever command you would pass in after \"appcmd.exe set config\"\n\n#### Example\n\n```ruby\n# Sets up logging\niis_config \"/section:system.applicationHost/sites /siteDefaults.logfile.directory:\\\"D:\\\\logs\\\"\" do\n action :set\nend\n```\n\n```ruby\n# Increase file upload size for 'MySite'\niis_config \"\\\"MySite\\\" /section:requestfiltering /requestlimits.maxallowedcontentlength:50000000\" do\n action :set\nend\n```\n\n```ruby\n# Set IUSR username and password authentication\niis_config \"\\\"MyWebsite/aSite\\\" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:\\\"True\\\" /userName:\\\"IUSR_foobar\\\" /password:\\\"p@assword\\\" /commit:apphost\" do\n action :set\nend\n```\n\n```ruby\n# Authenticate with application pool\niis_config \"\\\"MyWebsite/aSite\\\" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:\\\"True\\\" /userName:\\\"\\\" /commit:apphost\" do\n action :set\nend\n```\n\n```ruby\n# Loads an array of commands from the node\ncfg_cmds = node['iis']['cfg_cmd']\ncfg_cmds.each do |cmd|\n iis_config \"#{cmd}\" do\n action :set\n end\nend\n```\n\n```ruby\n# Add static machine key at site level\niis_config \"MySite /commit:site /section:machineKey /validation:AES /validationKey:AAAAAA /decryptionKey:ZZZZZ\" do\n action :set\nend\n```\n\n```ruby\n# Remove machine key\niis_config \"MySite /commit:site /section:machineKey\" do\n action :clear\nend\n```\n\n### iis_pool\n\nCreates an application pool in IIS.\n\n#### Actions\n\n- `:add` - add a new application pool\n- `:config` - apply configuration to an existing application pool\n- `:delete` - delete an existing application pool\n- `:start` - start a application pool\n- `:stop` - stop a application pool\n- `:restart` - restart a application pool\n- `:recycle` - recycle an application pool\n\n#### Properties\n\n##### Root Items\n\n- `name` - name attribute. Specifies the name of the pool to create.\n- `runtime_version` - specifies what .NET version of the runtime to use.\n- `pipeline_mode` - specifies what pipeline mode to create the pool with, valid values are :Integrated or :Classic, the default is :Integrated\n- `no_managed_code` - allow Unmanaged Code in setting up IIS app pools is shutting down. - default is true - optional\n\n##### Add Items\n\n- `start_mode` - Specifies the startup type for the application pool - default :OnDemand (:OnDemand, :AlwaysRunning) - optional\n- `auto_start` - When true, indicates to the World Wide Web Publishing Service (W3SVC) that the application pool should be automatically started when it is created or when IIS is started. - boolean: default true - optional\n- `queue_length` - Indicates to HTTP.sys how many requests to queue for an application pool before rejecting future requests. - default is 1000 - optional\n- `thirty_two_bit` - set the pool to run in 32 bit mode, valid values are true or false, default is false - optional\n\n##### Process Model Items\n\n- `max_processes` - specifies the number of worker processes associated with the pool.\n- `load_user_profile` - This property is used only when a service starts in a named user account. - Default is false - optional\n- `identity_type` - the account identity that they app pool will run as, valid values are :SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity\n- `username` - username for the identity for the application pool\n- `password` password for the identity for the application pool is started. Default is true - optional\n- `logon_type` - Specifies the logon type for the process identity. (For additional information about [logon types](http://msdn.microsoft.com/en-us/library/aa378184%28VS.85%29.aspx), see the LogonUser Function topic on Microsoft's MSDN Web site.) - Available [:LogonBatch, :LogonService] - default is :LogonBatch - optional\n- `manual_group_membership` - Specifies whether the IIS_IUSRS group Security Identifier (SID) is added to the worker process token. When false, IIS automatically uses an application pool identity as though it were a member of the built-in IIS_IUSRS group, which has access to necessary file and system resources. When true, an application pool identity must be explicitly added to all resources that a worker process requires at runtime. - default is false - optional\n- `idle_timeout` - Specifies how long (in minutes) a worker process should run idle if no new requests are received and the worker process is not processing requests. After the allocated time passes, the worker process should request that it be shut down by the WWW service. - default is '00:20:00' - optional\n- `idle_timeout_action` - Specifies the option of suspending an idle worker process rather than terminating it. Valid values are :Terminate and :Suspend - optional\n- `shutdown_time_limit` - Specifies the time that the W3SVC service waits after it initiated a recycle. If the worker process does not shut down within the shutdownTimeLimit, it will be terminated by the W3SVC service. - default is '00:01:30' - optional\n- `startup_time_limit` - Specifies the time that IIS waits for an application pool to start. If the application pool does not startup within the startupTimeLimit, the worker process is terminated and the rapid-fail protection count is incremented. - default is '00:01:30' - optional\n- `pinging_enabled` - Specifies whether pinging is enabled for the worker process. - default is true - optional\n- `ping_interval` - Specifies the time between health-monitoring pings that the WWW service sends to a worker process - default is '00:00:30' - optional\n- `ping_response_time` - Specifies the time that a worker process is given to respond to a health-monitoring ping. After the time limit is exceeded, the WWW service terminates the worker process - default is '00:01:30' - optional\n\n##### Recycling Items\n\n- `disallow_rotation_on_config_change` - The DisallowRotationOnConfigChange property specifies whether or not the World Wide Web Publishing Service (WWW Service) should rotate worker processes in an application pool when the configuration has changed. - Default is false - optional\n- `disallow_overlapping_rotation` - Specifies whether the WWW Service should start another worker process to replace the existing worker process while that process\n- `log_event_on_recycle` - configure IIS to log an event when one or more of the following configured events cause an application pool to recycle (for additional information about [logging events] (). - default is 'Time, Requests, Schedule, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory' - optional\n- `recycle_schedule_clear` - specifies a pool to clear all scheduled recycle times, [true,false] Default is false - optional\n- `recycle_after_time` - specifies a pool to recycle at regular time intervals, d.hh:mm:ss, d optional\n- `recycle_at_time` - schedule a pool to recycle at a specific time, d.hh:mm:ss, d optional\n- `private_memory` - specifies the amount of private memory (in kilobytes) after which you want the pool to recycle\n- `virtual_memory` - specifies the amount of virtual memory (in kilobytes) after which you want the pool to recycle\n\n#### Failure Items\n\n- `load_balancer_capabilities` - Specifies behavior when a worker process cannot be started, such as when the request queue is full or an application pool is in rapid-fail protection. - default is :HttpLevel - optional\n- `orphan_worker_process` - Specifies whether to assign a worker process to an orphan state instead of terminating it when an application pool fails. - default is false - optional\n- `orphan_action_exe` - Specifies an executable to run when the WWW service orphans a worker process (if the orphanWorkerProcess attribute is set to true). You can use the orphanActionParams attribute to send parameters to the executable. - optional\n- `orphan_action_params` - Indicates command-line parameters for the executable named by the orphanActionExe attribute. To specify the process ID of the orphaned process, use %1%. - optional\n- `rapid_fail_protection` - Setting to true instructs the WWW service to remove from service all applications that are in an application pool - default is true - optional\n- `rapid_fail_protection_interval` - Specifies the number of minutes before the failure count for a process is reset. - default is '00:05:00' - optional\n- `rapid_fail_protection_max_crashes` - Specifies the maximum number of failures that are allowed within the number of minutes specified by the rapidFailProtectionInterval attribute. - default is 5 - optional\n- `auto_shutdown_exe` - Specifies an executable to run when the WWW service shuts down an application pool. - optional\n- `auto_shutdown_params` - Specifies command-line parameters for the executable that is specified in the autoShutdownExe attribute. - optional\n\n##### CPU Items\n\n- `cpu_action` - Configures the action that IIS takes when a worker process exceeds its configured CPU limit. The action attribute is configured on a per-application pool basis. - Available options [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad] - default is :NoAction - optional\n- `cpu_limit` - Configures the maximum percentage of CPU time (in 1/1000ths of one percent) that the worker processes in an application pool are allowed to consume over a period of time as indicated by the resetInterval attribute. If the limit set by the limit attribute is exceeded, an event is written to the event log and an optional set of events can be triggered. These optional events are determined by the action attribute. - default is 0 - optional\n- `cpu_reset_interval` - Specifies the reset period (in minutes) for CPU monitoring and throttling limits on an application pool. When the number of minutes elapsed since the last process accounting reset equals the number specified by this property, IIS resets the CPU timers for both the logging and limit intervals. - default is '00:05:00' - optional\n- `cpu_smp_affinitized` - Specifies whether a particular worker process assigned to an application pool should also be assigned to a given CPU. - default is false - optional\n- `smp_processor_affinity_mask` - Specifies the hexadecimal processor mask for multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional\n- `smp_processor_affinity_mask_2` - Specifies the high-order DWORD hexadecimal processor mask for 64-bit multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional\n\n#### Example\n\n```ruby\n# creates a new app pool\niis_pool 'myAppPool_v1_1' do\n runtime_version \"2.0\"\n pipeline_mode :Classic\n action :add\nend\n```\n\n### iis_app\n\nCreates an application in IIS.\n\n#### Actions\n\n- `:add` - add a new application pool\n- `:delete` - delete an existing application pool\n- `:config` - configures an existing application pool\n\n#### Properties\n\n- `site_name` - name attribute. The name of the site to add this app to\n- `path` -The virtual path for this application\n- `application_pool` - The pool this application belongs to\n- `physical_path` - The physical path where this app resides.\n- `enabled_protocols` - The enabled protocols that this app provides (http, https, net.pipe, net.tcp, etc)\n\n#### Example\n\n```ruby\n# creates a new app\niis_app 'myApp' do\n path '/v1_1'\n application_pool 'myAppPool_v1_1'\n physical_path \"#{node['iis']['docroot']}/testfu/v1_1\"\n enabled_protocols 'http,net.pipe'\n action :add\nend\n```\n\n### iis_vdir\n\nAllows easy management of IIS virtual directories (i.e. vdirs).\n\n#### Actions\n\n- :add: - add a new virtual directory\n- :delete: - delete an existing virtual directory\n- :config: - configure a virtual directory\n\n#### Attribute Parameters\n\n- `application_name`: name attribute. This is the name of the website or site + application you are adding it to.\n- `path`: The virtual directory path on the site.\n- `physical_path`: The physical path of the virtual directory on the disk.\n- `username`: (optional) The username required to logon to the physical_path. If set to \"\" will clear username and password.\n- `password`: (optional) The password required to logon to the physical_path\n- `logon_method`: (optional, default: :ClearText) The method used to logon (:Interactive, :Batch, :Network, :ClearText). For more information on these types, see \"LogonUser Function\", Read more at [MSDN](http://msdn2.microsoft.com/en-us/library/aa378184.aspx)\n- `allow_sub_dir_config`: (optional, default: true) Boolean that specifies whether or not the Web server will look for configuration files located in the subdirectories of this virtual directory. Setting this to false can improve performance on servers with very large numbers of web.config files, but doing so prevents IIS configuration from being read in subdirectories.\n\n#### Examples\n\n```ruby\n# add a virtual directory to default application\niis_vdir 'Default Web Site/' do\n action :add\n path '/Content/Test'\n physical_path 'C:\\wwwroot\\shared\\test'\nend\n```\n\n```ruby\n# add a virtual directory to an application under a site\niis_vdir 'Default Web Site/my application' do\n action :add\n path '/Content/Test'\n physical_path 'C:\\wwwroot\\shared\\test'\nend\n```\n\n```ruby\n# adds a virtual directory to default application which points to a smb share. (Remember to escape the \"\\\"'s)\niis_vdir 'Default Web Site/' do\n action :add\n path '/Content/Test'\n physical_path '\\\\\\\\sharename\\\\sharefolder\\\\1'\nend\n```\n\n```ruby\n# configure a virtual directory to have a username and password\niis_vdir 'Default Web Site/' do\n action :config\n path '/Content/Test'\n username 'domain\\myspecialuser'\n password 'myspecialpassword'\nend\n```\n\n```ruby\n# delete a virtual directory from the default application\niis_vdir 'Default Web Site/' do\n action :delete\n path '/Content/Test'\nend\n```\n\n### iis_section\n\nAllows for the locking/unlocking of sections ([listed here](http://www.iis.net/configreference) or via the command `appcmd list config \\\"\\\" /config:* /xml`)\n\nThis is valuable to allow the `web.config` of an individual application/website control it's own settings.\n\n#### Actions\n\n- `:lock`: - locks the `section` passed\n- `:unlock`: - unlocks the `section` passed\n\n#### Attribute Parameters\n\n- `section`: The name of the section to lock.\n- `site`: The name of the site you want to lock or unlock a section for.\n- `application_path`: The path to the application you want to lock or unlock a section for.\n- `returns`: The result of the `shell_out` command.\n- \n\n#### Examples\n\n```ruby\n# Sets the IIS global windows authentication to be locked globally\niis_section 'locks global configuration of windows auth' do\n section 'system.webServer/security/authentication/windowsAuthentication'\n action :lock\nend\n```\n\n```ruby\n# Sets the IIS global Basic authentication to be locked globally\niis_section 'locks global configuration of Basic auth' do\n section 'system.webServer/security/authentication/basicAuthentication'\n action :lock\nend\n```\n\n```ruby\n# Sets the IIS global windows authentication to be unlocked globally\niis_section 'unlocked web.config globally for windows auth' do\n action :unlock\n section 'system.webServer/security/authentication/windowsAuthentication'\nend\n```\n\n```ruby\n# Sets the IIS global Basic authentication to be unlocked globally\niis_section 'unlocked web.config globally for Basic auth' do\n action :unlock\n section 'system.webServer/security/authentication/basicAuthentication'\nend\n```\n\n```ruby\n# Sets the static content section for default web site and root to unlocked\niis_section 'unlock staticContent of default web site' do\n section 'system.webServer/staticContent'\n site 'Default Web Site'\n action :unlock\nend\n```\n\n```ruby\n# Sets the static content section for test_app under default website and root to be unlocked\niis_section 'unlock staticContent of default web site' do\n section 'system.webServer/staticContent'\n site 'Default Web Site'\n application_path '/test_app'\n action :unlock\nend\n```\n\n### iis_module\n\nManages modules globally or on a per site basis.\n\n#### Actions\n\n- `:add` - add a new module\n- `:delete` - delete a module\n- `:install` - install a native module from the filesystem (.dll)\n- `:uninstall` - uninstall a native module\n\n#### Attribute Parameters\n\n- `module_name` - The name of the module to add or delete\n- `type` - The type of module\n- `precondition` - precondition for module\n- `application` - The application or site to add the module to\n- `add` - Whether the module you install has to be globally added\n- `image` - Location of the DLL of the module to install\n\n#### Example\n\n```ruby\n# Adds a module called \"My 3rd Party Module\" to mySite/\niis_module \"My 3rd Party Module\" do\n application \"mySite/\"\n precondition \"bitness64\"\n action :add\nend\n```\n\n```ruby\n# Adds a module called \"MyModule\" to all IIS sites on the server\niis_module \"MyModule\"\n```\n\n## Usage\n\n### default recipe\n\nInstalls and configures IIS 7.0/7.5/8.0 using the default configuration.\n\n### mod_* recipes\n\nThis cookbook also contains recipes for installing individual IIS modules (extensions). These recipes can be included in a node's run_list to build the minimal desired custom IIS installation.\n\n- `mod_aspnet` - installs ASP.NET runtime components\n- `mod_aspnet45` - installs ASP.NET 4.5 runtime components\n- `mod_auth_basic` - installs Basic Authentication support\n- `mod_auth_windows` - installs Windows Authentication (authenticate clients by using NTLM or Kerberos) support\n- `mod_compress_dynamic` - installs dynamic content compression support. _PLEASE NOTE_ - enabling dynamic compression always gives you more efficient use of bandwidth, but if your server's processor utilization is already very high, the CPU load imposed by dynamic compression might make your site perform more slowly.\n- `mod_compress_static` - installs static content compression support\n- `mod_iis6_metabase_compat` - installs IIS 6 Metabase Compatibility component.\n- `mod_isapi` - installs ISAPI (Internet Server Application Programming Interface) extension and filter support.\n- `mod_logging` - installs and enables HTTP Logging (logging of Web site activity), Logging Tools (logging tools and scripts) and Custom Logging (log any of the HTTP request/response headers, IIS server variables, and client-side fields with simple configuration) support\n- `mod_management` - installs Web server Management Console which supports management of local and remote Web servers\n- `mod_security` - installs URL Authorization (Authorizes client access to the URLs that comprise a Web application), Request Filtering (configures rules to block selected client requests) and IP Security (allows or denies content access based on IP address or domain name) support.\n- `mod_tracing` - installs support for tracing ASP.NET applications and failed requests.\n\nNote: Not every possible IIS module has a corresponding recipe. The foregoing recipes are included for convenience, but users may also place additional IIS modules that are installable as Windows features into the `node['iis']['components']` array.\n\n## Alternative Cookbooks\n\n- [Powershell based IIS Cookbook (Pre-DSC)](https://github.com/ebsco/iisposh)\n- DSC Based- [CWebAdministration](https://github.com/PowerShellOrg/cWebAdministration) / [XWebadministration](https://github.com/PowerShell/xWebAdministration) Powershell Module(s)\n\n## License and Author\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Julian Dunn ([jdunn@chef.io](mailto:jdunn@chef.io))\n- Author:: Justin Schuhmann ([jmschu02@gmail.com](mailto:jmschu02@gmail.com))\n\n```text\nCopyright 2011-2016, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"windows":">= 2.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/iis","issues_url":"https://github.com/chef-cookbooks/iis/issues","chef_version":">= 12.5","ohai_version":{}} \ No newline at end of file diff --git a/cookbooks/iis/recipes/default.rb b/cookbooks/iis/recipes/default.rb deleted file mode 100644 index 839f8c5..0000000 --- a/cookbooks/iis/recipes/default.rb +++ /dev/null @@ -1,35 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: default -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Always add this, so that we don't require this to be added if we want to add other components -default = Opscode::IIS::Helper.older_than_windows2008r2? ? 'Web-Server' : 'IIS-WebServerRole' - -([default] + node['iis']['components']).each do |feature| - windows_feature feature do - action :install - all !Opscode::IIS::Helper.older_than_windows2012? - source node['iis']['source'] unless node['iis']['source'].nil? - end -end - -service 'iis' do - service_name 'W3SVC' - action [:enable, :start] -end diff --git a/cookbooks/iis/recipes/mod_aspnet.rb b/cookbooks/iis/recipes/mod_aspnet.rb deleted file mode 100644 index 06fa308..0000000 --- a/cookbooks/iis/recipes/mod_aspnet.rb +++ /dev/null @@ -1,36 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_aspnet -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' -include_recipe 'iis::mod_isapi' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(NET-Framework) - else - %w(IIS-NetFxExtensibility IIS-ASPNET) - end - -features.each do |feature| - windows_feature feature do - action :install - all !Opscode::IIS::Helper.older_than_windows2012? - source node['iis']['source'] unless node['iis']['source'].nil? - end -end diff --git a/cookbooks/iis/recipes/mod_aspnet45.rb b/cookbooks/iis/recipes/mod_aspnet45.rb deleted file mode 100644 index b12bd77..0000000 --- a/cookbooks/iis/recipes/mod_aspnet45.rb +++ /dev/null @@ -1,34 +0,0 @@ -# -# Author:: Blair Hamilton () -# Cookbook:: iis -# Recipe:: mod_aspnet45 -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' -include_recipe 'iis::mod_isapi' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(NET-Framework) - else - %w(NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45 IIS-ASPNET45) - end - -features.each do |feature| - windows_feature feature do - action :install - end -end diff --git a/cookbooks/iis/recipes/mod_auth_anonymous.rb b/cookbooks/iis/recipes/mod_auth_anonymous.rb deleted file mode 100644 index 55c6657..0000000 --- a/cookbooks/iis/recipes/mod_auth_anonymous.rb +++ /dev/null @@ -1,26 +0,0 @@ -# -# Author:: Justin Schuhmann -# Cookbook:: iis -# Recipe:: mod_auth_basic -# -# Copyright:: 2016, Justin Schuhmann -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -iis_section 'unlocks anonymous authentication control in web.config' do - section 'system.webServer/security/authentication/anonymousAuthentication' - action :unlock -end diff --git a/cookbooks/iis/recipes/mod_auth_basic.rb b/cookbooks/iis/recipes/mod_auth_basic.rb deleted file mode 100644 index 41bb4b8..0000000 --- a/cookbooks/iis/recipes/mod_auth_basic.rb +++ /dev/null @@ -1,36 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_auth_basic -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Basic-Auth' - else - 'IIS-BasicAuthentication' - end - -windows_feature feature do - action :install -end - -iis_section 'unlocks basic authentication control in web.config' do - section 'system.webServer/security/authentication/basicAuthentication' - action :unlock -end diff --git a/cookbooks/iis/recipes/mod_auth_windows.rb b/cookbooks/iis/recipes/mod_auth_windows.rb deleted file mode 100644 index 2f58008..0000000 --- a/cookbooks/iis/recipes/mod_auth_windows.rb +++ /dev/null @@ -1,36 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_auth_windows -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Windows-Auth' - else - 'IIS-WindowsAuthentication' - end - -windows_feature feature do - action :install -end - -iis_section 'unlocks windows authentication control in web.config' do - section 'system.webServer/security/authentication/windowsAuthentication' - action :unlock -end diff --git a/cookbooks/iis/recipes/mod_cgi.rb b/cookbooks/iis/recipes/mod_cgi.rb deleted file mode 100644 index 54d884f..0000000 --- a/cookbooks/iis/recipes/mod_cgi.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Richard Downer () -# Cookbook:: iis -# Recipe:: mod_cgi -# -# Copyright:: 2013-2016, Cloudsoft Corporation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-CGI' - else - 'IIS-CGI' - end - -windows_feature feature do - action :install -end diff --git a/cookbooks/iis/recipes/mod_compress_dynamic.rb b/cookbooks/iis/recipes/mod_compress_dynamic.rb deleted file mode 100644 index 09d41c3..0000000 --- a/cookbooks/iis/recipes/mod_compress_dynamic.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_compress_dynamic -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Dyn-Compression' - else - 'IIS-HttpCompressionDynamic' - end - -windows_feature feature do - action :install -end diff --git a/cookbooks/iis/recipes/mod_compress_static.rb b/cookbooks/iis/recipes/mod_compress_static.rb deleted file mode 100644 index dc02885..0000000 --- a/cookbooks/iis/recipes/mod_compress_static.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_compress_static -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Stat-Compression' - else - 'IIS-HttpCompressionStatic' - end - -windows_feature feature do - action :install -end diff --git a/cookbooks/iis/recipes/mod_ftp.rb b/cookbooks/iis/recipes/mod_ftp.rb deleted file mode 100644 index de88989..0000000 --- a/cookbooks/iis/recipes/mod_ftp.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Author:: Kevin Rivers () -# Cookbook:: iis -# Recipe:: mod_ftp -# -# Copyright:: 2014-2016, Kevin Rivers -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(Web-Ftp-Server Web-Ftp-Service Web-Ftp-Ext) - else - %w(IIS-FTPServer IIS-FTPSvc IIS-FTPExtensibility) - end - -features.each do |f| - windows_feature f do - action :install - end -end diff --git a/cookbooks/iis/recipes/mod_iis6_metabase_compat.rb b/cookbooks/iis/recipes/mod_iis6_metabase_compat.rb deleted file mode 100644 index 459fbe5..0000000 --- a/cookbooks/iis/recipes/mod_iis6_metabase_compat.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Author:: Kristian Vlaardingerbroek () -# Cookbook:: iis -# Recipe:: mod_iis6_metabase_compat -# -# Copyright:: 2013-2016, Schuberg Philis B.V. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(Web-Mgmt-Compat Web-Metabase) - else - %w(IIS-IIS6ManagementCompatibility IIS-Metabase) - end - -features.each do |f| - windows_feature f do - action :install - end -end diff --git a/cookbooks/iis/recipes/mod_isapi.rb b/cookbooks/iis/recipes/mod_isapi.rb deleted file mode 100644 index e95edad..0000000 --- a/cookbooks/iis/recipes/mod_isapi.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_isapi -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(Web-ISAPI-Filter Web-ISAPI-Ext) - else - %w(IIS-ISAPIFilter IIS-ISAPIExtensions) - end - -features.each do |feature| - windows_feature feature do - action :install - end -end diff --git a/cookbooks/iis/recipes/mod_logging.rb b/cookbooks/iis/recipes/mod_logging.rb deleted file mode 100644 index a2cacf7..0000000 --- a/cookbooks/iis/recipes/mod_logging.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_logging -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Http-Logging' - else - 'IIS-CustomLogging' - end - -windows_feature feature do - action :install -end diff --git a/cookbooks/iis/recipes/mod_management.rb b/cookbooks/iis/recipes/mod_management.rb deleted file mode 100644 index 659eda9..0000000 --- a/cookbooks/iis/recipes/mod_management.rb +++ /dev/null @@ -1,34 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_management -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(Web-Mgmt-Console Web-Mgmt-Service) - else - %w(IIS-ManagementConsole IIS-ManagementService) - end - -features.each do |feature| - windows_feature feature do - action :install - all !Opscode::IIS::Helper.older_than_windows2012? - end -end diff --git a/cookbooks/iis/recipes/mod_security.rb b/cookbooks/iis/recipes/mod_security.rb deleted file mode 100644 index 8ed8695..0000000 --- a/cookbooks/iis/recipes/mod_security.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_security -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -features = if Opscode::IIS::Helper.older_than_windows2008r2? - %w(Web-Url-Auth Web-Filtering Web-IP-Security) - else - %w(IIS-URLAuthorization IIS-RequestFiltering IIS-IPSecurity) - end - -features.each do |feature| - windows_feature feature do - action :install - end -end diff --git a/cookbooks/iis/recipes/mod_tracing.rb b/cookbooks/iis/recipes/mod_tracing.rb deleted file mode 100644 index 594c492..0000000 --- a/cookbooks/iis/recipes/mod_tracing.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_diagnostics -# -# Copyright:: 2011-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'iis' - -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Http-Tracing' - else - 'IIS-HTTPTracing' - end - -windows_feature feature do - action :install -end diff --git a/cookbooks/iis/recipes/remove_default_site.rb b/cookbooks/iis/recipes/remove_default_site.rb deleted file mode 100644 index ed8aada..0000000 --- a/cookbooks/iis/recipes/remove_default_site.rb +++ /dev/null @@ -1,27 +0,0 @@ -# -# Author:: Kendrick Martin () -# Cookbook:: iis -# Recipe:: remove_default_site -# -# Copyright:: 2012-2016, Webtrends, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -iis_site 'Default Web Site' do - action [:stop, :delete] -end - -iis_pool 'DefaultAppPool' do - action [:stop, :delete] -end diff --git a/cookbooks/iis/resources/app.rb b/cookbooks/iis/resources/app.rb deleted file mode 100644 index 59f9201..0000000 --- a/cookbooks/iis/resources/app.rb +++ /dev/null @@ -1,146 +0,0 @@ -# -# Cookbook:: iis -# Resource:: app -# -# Copyright:: 2011-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'rexml/document' - -include REXML -include Opscode::IIS::Helper - -property :site_name, String, name_property: true -property :path, String, default: '/' -property :application_pool, String -property :physical_path, String -property :enabled_protocols, String - -default_action :add - -load_current_value do |desired| - site_name desired.site_name - # Sanitize physical path - desired.physical_path = windows_cleanpath(desired.physical_path) if desired.physical_path - cmd = shell_out("#{appcmd(node)} list app \"#{desired.site_name}#{desired.path}\"") - Chef::Log.debug("#{appcmd(node)} list app command output: #{cmd.stdout}") - if cmd.stderr.empty? - Chef::Log.debug('Running regex') - regex = /^APP\s\"#{desired.site_name}#{desired.path}\"/ - result = cmd.stdout.match(regex) - Chef::Log.debug("#{desired} current_resource match output: #{result}") - if !result.nil? - cmd_current_values = "#{appcmd(node)} list app \"#{desired.site_name}#{desired.path}\" /config:* /xml" - Chef::Log.debug(cmd_current_values) - cmd_current_values = shell_out(cmd_current_values) - if cmd_current_values.stderr.empty? - xml = cmd_current_values.stdout - doc = Document.new(xml) - path value doc.root, 'APP/application/@path' - application_pool value doc.root, 'APP/application/@applicationPool' - enabled_protocols value doc.root, 'APP/application/@enabledProtocols' - physical_path windows_cleanpath(value(doc.root, 'APP/application/virtualDirectory/@physicalPath')) - end - else - path '' - end - else - Chef::Log.warn "Failed to run iis_app action :load_current_resource, #{cmd_current_values.stderr}" - end -end - -action :add do - if exists - Chef::Log.debug("#{new_resource.inspect} app already exists - nothing to do") - else - converge_by "Creating the Application - \"#{new_resource}\"" do - cmd = "#{appcmd(node)} add app /site.name:\"#{new_resource.site_name}\"" - cmd << " /path:\"#{new_resource.path}\"" - cmd << " /applicationPool:\"#{new_resource.application_pool}\"" if new_resource.application_pool - cmd << " /physicalPath:\"#{new_resource.physical_path}\"" if new_resource.physical_path - cmd << " /enabledProtocols:\"#{new_resource.enabled_protocols}\"" if new_resource.enabled_protocols - cmd << ' /commit:\"MACHINE/WEBROOT/APPHOST\"' - Chef::Log.debug(cmd) - shell_out!(cmd) - end - end -end - -action :config do - if exists - # only get the beginning of the command if there is something that changes - cmd = cmd_set_app - converge_if_changed :path do - # adds path to the cmd - cmd << " /path:\"#{new_resource.path}\"" if new_resource.path - end - converge_if_changed :application_pool do - # adds applicationPool to the cmd - cmd << " /applicationPool:\"#{new_resource.application_pool}\"" if new_resource.application_pool - end - converge_if_changed :enabled_protocols do - # adds enabledProtocols to the cmd - cmd << " /enabledProtocols:\"#{new_resource.enabled_protocols}\"" if new_resource.enabled_protocols - end - Chef::Log.debug(cmd) - - if cmd == cmd_set_app - Chef::Log.debug("#{new_resource.inspect} application - nothing to do") - else - converge_by "Updating the Application - \"#{new_resource}\"" do - shell_out!(cmd) - end - end - - converge_if_changed :physical_path do - cmd = "#{appcmd(node)} set vdir /vdir.name:\"#{vdir_identifier}\"" - cmd << " /physicalPath:\"#{new_resource.physical_path}\"" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - else - Chef::Log.debug("#{new_resource.inspect} app needs to be added - cannot configure non-existent items") - end -end - -action :delete do - if exists - converge_by "Deleting the Application - \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} delete app \"#{site_identifier}\"") - Chef::Log.info("#{new_resource} deleted") - end - else - Chef::Log.debug("#{new_resource.inspect} app does not exist - nothing to do") - end -end - -action_class.class_eval do - def exists - !current_resource.path.empty? - end - - def cmd_set_app - "#{appcmd(node)} set app \"#{site_identifier}\"" - end - - def site_identifier - "#{new_resource.site_name}#{new_resource.path}" - end - - # Ensure VDIR identifier has a trailing slash - def vdir_identifier - site_identifier.end_with?('/') ? site_identifier : site_identifier + '/' - end -end diff --git a/cookbooks/iis/resources/config.rb b/cookbooks/iis/resources/config.rb deleted file mode 100644 index 40b76f4..0000000 --- a/cookbooks/iis/resources/config.rb +++ /dev/null @@ -1,44 +0,0 @@ -# -# Cookbook:: iis -# Resource:: config -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include Opscode::IIS::Helper -include Opscode::IIS::Processors - -property :cfg_cmd, String, name_attribute: true -property :returns, [Integer, Array], default: 0 - -default_action :set - -action :set do - config -end - -action :clear do - config(:clear) -end - -action_class.class_eval do - def config(action = :set) - converge_by "Executing IIS Config #{action}" do - cmd = "#{appcmd(node)} #{action} config #{new_resource.cfg_cmd}" - Chef::Log.debug(cmd) - shell_out!(cmd, returns: new_resource.returns) - end - end -end diff --git a/cookbooks/iis/resources/module.rb b/cookbooks/iis/resources/module.rb deleted file mode 100644 index 8d97e04..0000000 --- a/cookbooks/iis/resources/module.rb +++ /dev/null @@ -1,135 +0,0 @@ -# -# Cookbook:: iis -# Resource:: module -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include Opscode::IIS::Helper -include Opscode::IIS::Processors -include Opscode::IIS::SectionHelper - -property :module_name, String, name_property: true -property :type, String -property :add, [true, false], default: false -property :image, String -property :precondition, String -property :application, String -property :previous_lock, String - -default_action :add - -load_current_value do |desired| - module_name desired.module_name - application desired.application if desired.application - # Sanitize Image Path (file system path) - desired.image = windows_cleanpath(desired.image) if desired.image - cmd = "#{appcmd(node)} list module /module.name:\"#{desired.module_name}\"" - cmd << " /app.name:\"#{desired.application}\"" if desired.application - - cmd_result = shell_out cmd - # 'MODULE "Module Name" ( type:module.type, preCondition:condition )' - # 'MODULE "Module Name" ( native, preCondition:condition )' - - Chef::Log.debug("#{desired.name} list module command output: #{cmd_result.stdout}") - unless cmd_result.stdout.empty? - previous_lock get_current_lock(node, 'system.webServer/modules', desired.application) - cmd = "#{appcmd(node)} list module /module.name:\"#{desired.module_name}\"" - cmd << " /app.name:\"#{desired.application}\"" if desired.application - cmd << ' /config:* /xml' - cmd_result = shell_out cmd - if cmd_result.stderr.empty? - xml = cmd_result.stdout - doc = Document.new(xml) - type value doc.root, 'MODULE/@type' - precondition value doc.root, 'MODULE/@preCondition' - end - end -end - -# appcmd syntax for adding modules -# appcmd add module /name:string /type:string /preCondition:string -action :add do - if exists - Chef::Log.debug("#{new_resource} module already exists - nothing to do") - else - converge_by("add IIS module #{new_resource.module_name}") do - unlock(node, 'system.webServer/modules', new_resource.application) - cmd = "#{appcmd(node)} add module /module.name:\"#{new_resource.module_name}\"" - cmd << " /app.name:\"#{new_resource.application}\"" if new_resource.application - cmd << " /type:\"#{new_resource.type}\"" if new_resource.type - cmd << " /preCondition:\"#{new_resource.precondition}\"" if new_resource.precondition - - shell_out!(cmd, returns: [0, 42]) - override_mode(node, current_resource.previous_lock, 'system.webServer/modules', new_resource.application) - end - end -end - -action :delete do - if exists - converge_by("delete IIS module #{new_resource.module_name}") do - unlock(node, 'system.webServer/modules', new_resource.application) - cmd = "#{appcmd(node)} delete module /module.name:\"#{new_resource.module_name}\"" - cmd << " /app.name:\"#{new_resource.application}\"" if new_resource.application - - shell_out!(cmd, returns: [0, 42]) - override_mode(node, current_resource.previous_lock, 'system.webServer/modules', new_resource.application) - end - else - Chef::Log.debug("#{new_resource} module does not exist - nothing to do") - end -end - -# appcmd syntax for installing native modules -# appcmd install module /name:string /add:string(true|false) /image:string -action :install do - if exists - Chef::Log.debug("#{new_resource} module already exists - nothing to do") - else - converge_by("install IIS module #{new_resource.module_name}") do - unlock(node, 'system.webServer/modules', new_resource.application) - cmd = "#{appcmd(node)} install module /name:\"#{new_resource.module_name}\"" - cmd << " /add:\"#{new_resource.add}\"" unless new_resource.add.nil? - cmd << " /image:\"#{new_resource.image}\"" if new_resource.image - cmd << " /preCondition:\"#{new_resource.precondition}\"" if new_resource.precondition - - shell_out!(cmd, returns: [0, 42]) - override_mode(node, current_resource.previous_lock, 'system.webServer/modules', new_resource.application) - end - end -end - -# appcmd syntax for uninstalling native modules -# appcmd uninstall module -action :uninstall do - if exists - converge_by("uninstall IIS module #{new_resource.module_name}") do - unlock(node, 'system.webServer/modules', new_resource.application) - cmd = "#{appcmd(node)} uninstall module \"#{new_resource.module_name}\"" - - shell_out!(cmd, returns: [0, 42]) - override_mode(node, current_resource.previous_lock, 'system.webServer/modules', new_resource.application) - end - else - Chef::Log.debug("#{new_resource} module does not exists - nothing to do") - end -end - -action_class.class_eval do - def exists - current_resource.type ? true : false - end -end diff --git a/cookbooks/iis/resources/pool.rb b/cookbooks/iis/resources/pool.rb deleted file mode 100644 index 5f97a57..0000000 --- a/cookbooks/iis/resources/pool.rb +++ /dev/null @@ -1,451 +0,0 @@ -# -# Cookbook:: iis -# Resource:: pool -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'rexml/document' - -include REXML -include Opscode::IIS::Helper -include Opscode::IIS::Processors - -# root -property :name, String, name_property: true -property :no_managed_code, [true, false], default: false -property :pipeline_mode, [Symbol, String], equal_to: [:Integrated, :Classic], coerce: proc { |v| v.to_sym } -property :runtime_version, String - -# add items -property :start_mode, [Symbol, String], equal_to: [:AlwaysRunning, :OnDemand], default: :OnDemand, coerce: proc { |v| v.to_sym } -property :auto_start, [true, false], default: true -property :queue_length, Integer, default: 1000, coerce: proc { |v| v.to_i } -property :thirty_two_bit, [true, false], default: false - -# processModel items -property :max_processes, Integer, coerce: proc { |v| v.to_i } -property :load_user_profile, [true, false], default: false -property :identity_type, [Symbol, String], equal_to: [:SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity], default: :ApplicationPoolIdentity, coerce: proc { |v| v.to_sym } -property :username, String -property :password, String -property :logon_type, [Symbol, String], equal_to: [:LogonBatch, :LogonService], default: :LogonBatch, coerce: proc { |v| v.to_sym } -property :manual_group_membership, [true, false], default: false -property :idle_timeout, String, default: '00:20:00' -property :idle_timeout_action, [Symbol, String], equal_to: [:Terminate, :Suspend], default: :Terminate, coerce: proc { |v| v.to_sym } -property :shutdown_time_limit, String, default: '00:01:30' -property :startup_time_limit, String, default: '00:01:30' -property :pinging_enabled, [true, false], default: true -property :ping_interval, String, default: '00:00:30' -property :ping_response_time, String, default: '00:01:30' - -# recycling items -property :disallow_rotation_on_config_change, [true, false], default: false -property :disallow_overlapping_rotation, [true, false], default: false -property :recycle_schedule_clear, [true, false], default: false -property :log_event_on_recycle, String, default: node['iis']['recycle']['log_events'] -property :recycle_after_time, String -property :recycle_at_time, String -property :private_memory, Integer, coerce: proc { |v| v.to_i } -property :virtual_memory, Integer, coerce: proc { |v| v.to_i } - -# failure items -property :load_balancer_capabilities, [Symbol, String], equal_to: [:HttpLevel, :TcpLevel], default: :HttpLevel, coerce: proc { |v| v.to_sym } -property :orphan_worker_process, [true, false], default: false -property :orphan_action_exe, String -property :orphan_action_params, String -property :rapid_fail_protection, [true, false], default: true -property :rapid_fail_protection_interval, String, default: '00:05:00' -property :rapid_fail_protection_max_crashes, Integer, default: 5, coerce: proc { |v| v.to_i } -property :auto_shutdown_exe, String -property :auto_shutdown_params, String - -# cpu items -property :cpu_action, [Symbol, String], equal_to: [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad], default: :NoAction, coerce: proc { |v| v.to_sym } -property :cpu_limit, Integer, default: 0, coerce: proc { |v| v.to_i } -property :cpu_reset_interval, String, default: '00:05:00' -property :cpu_smp_affinitized, [true, false], default: false -property :smp_processor_affinity_mask, Float, default: 4_294_967_295.0, coerce: proc { |v| v.to_f } -property :smp_processor_affinity_mask_2, Float, default: 4_294_967_295.0, coerce: proc { |v| v.to_f } - -# internally used for the state of the pool [Starting, Started, Stopping, Stopped, Unknown, Undefined value] -property :running, [true, false], desired_state: true - -default_action :add - -load_current_value do |desired| - name desired.name - cmd = shell_out("#{appcmd(node)} list apppool \"#{desired.name}\"") - # APPPOOL "DefaultAppPool" (MgdVersion:v2.0,MgdMode:Integrated,state:Started) - Chef::Log.debug("#{desired} list apppool command output: #{cmd.stdout}") - unless cmd.stderr.empty? - Chef::Log.warn "Failed to run iis_pool action :load_current_resource, #{cmd.stderr}" - return - end - - result = cmd.stdout.gsub(/\r\n?/, "\n") # ensure we have no carriage returns - result = result.match(/^APPPOOL\s\"(#{desired.name})\"\s\(MgdVersion:(.*),MgdMode:(.*),state:(.*)\)$/i) - Chef::Log.debug("#{desired} current_resource match output: #{result}") - unless result - running false - return - end - - running result[4] =~ /Started/ ? true : false - cmd_current_values = "#{appcmd(node)} list apppool \"#{desired.name}\" /config:* /xml" - Chef::Log.debug(cmd_current_values) - cmd_current_values = shell_out(cmd_current_values) - if cmd_current_values.stderr.empty? - xml = cmd_current_values.stdout - doc = Document.new(xml) - - # root items - runtime_version value(doc.root, 'APPPOOL/@RuntimeVersion').gsub(/^v/, '') - pipeline_mode value(doc.root, 'APPPOOL/@PipelineMode').to_sym - - # add items - auto_start bool(value(doc.root, 'APPPOOL/add/@autoStart')) if iis_version >= 7.0 - start_mode value(doc.root, 'APPPOOL/add/@startMode').to_sym if iis_version > 7.0 - queue_length value(doc.root, 'APPPOOL/add/@queueLength').to_i - thirty_two_bit bool(value(doc.root, 'APPPOOL/add/@enable32BitAppOnWin64')) - - # processModel items - max_processes value(doc.root, 'APPPOOL/add/processModel/@maxProcesses').to_i - load_user_profile bool(value(doc.root, 'APPPOOL/add/processModel/@loadUserProfile')) - identity_type value(doc.root, 'APPPOOL/add/processModel/@identityType').to_sym if iis_version > 7.0 - username value doc.root, 'APPPOOL/add/processModel/@userName' - unless username.nil? || desired.username.nil? - Chef::Log.info('username: ' + username + ' -> ' + desired.username) - end - password value doc.root, 'APPPOOL/add/processModel/@password' - logon_type value(doc.root, 'APPPOOL/add/processModel/@logonType').to_sym if iis_version > 7.0 - manual_group_membership bool(value(doc.root, 'APPPOOL/add/processModel/@manualGroupMembership')) - idle_timeout value doc.root, 'APPPOOL/add/processModel/@idleTimeout' - idle_timeout_action value(doc.root, 'APPPOOL/add/processModel/@idleTimeoutAction').to_sym if iis_version >= 8.5 - shutdown_time_limit value doc.root, 'APPPOOL/add/processModel/@shutdownTimeLimit' - startup_time_limit value doc.root, 'APPPOOL/add/processModel/@startupTimeLimit' - pinging_enabled bool(value(doc.root, 'APPPOOL/add/processModel/@pingingEnabled')) - ping_interval value doc.root, 'APPPOOL/add/processModel/@pingInterval' - ping_response_time value doc.root, 'APPPOOL/add/processModel/@pingResponseTime' - - # recycling items - disallow_overlapping_rotation bool(value(doc.root, 'APPPOOL/add/recycling/@disallowOverlappingRotation')) - disallow_rotation_on_config_change bool(value(doc.root, 'APPPOOL/add/recycling/@disallowRotationOnConfigChange')) - recycle_after_time value doc.root, 'APPPOOL/add/recycling/periodicRestart/@time' - recycle_at_time value doc.root, "APPPOOL/add/recycling/periodicRestart/schedule/add[@value='#{desired.recycle_at_time}']/@value" - private_memory value(doc.root, 'APPPOOL/add/recycling/periodicRestart/@privateMemory').to_i - virtual_memory value(doc.root, 'APPPOOL/add/recycling/periodicRestart/@memory').to_i - log_event_on_recycle value doc.root, 'APPPOOL/add/recycling/@logEventOnRecycle' - - # failure items - load_balancer_capabilities value(doc.root, 'APPPOOL/add/failure/@loadBalancerCapabilities').to_sym - orphan_worker_process bool(value(doc.root, 'APPPOOL/add/failure/@orphanWorkerProcess')) - orphan_action_exe value doc.root, 'APPPOOL/add/failure/@orphanActionExe' - orphan_action_params value doc.root, 'APPPOOL/add/failure/@orphanActionParams' - rapid_fail_protection bool(value(doc.root, 'APPPOOL/add/failure/@rapidFailProtection')) - rapid_fail_protection_interval value doc.root, 'APPPOOL/add/failure/@rapidFailProtectionInterval' - rapid_fail_protection_max_crashes value(doc.root, 'APPPOOL/add/failure/@rapidFailProtectionMaxCrashes').to_i - auto_shutdown_exe value doc.root, 'APPPOOL/add/failure/@autoShutdownExe' - auto_shutdown_params value doc.root, 'APPPOOL/add/failure/@autoShutdownParams' - - # cpu items - cpu_action value(doc.root, 'APPPOOL/add/cpu/@action').to_sym - cpu_limit value(doc.root, 'APPPOOL/add/cpu/@limit').to_i - cpu_smp_affinitized bool(value(doc.root, 'APPPOOL/add/cpu/@smpAffinitized')) - cpu_reset_interval value doc.root, 'APPPOOL/add/cpu/@resetInterval' - smp_processor_affinity_mask value(doc.root, 'APPPOOL/add/cpu/@smpProcessorAffinityMask').to_f - smp_processor_affinity_mask_2 value(doc.root, 'APPPOOL/add/cpu/@smpProcessorAffinityMask2').to_f - - @node_array = XPath.match(doc.root, 'APPPOOL/add/recycling/periodicRestart/schedule/add') - end -end - -action :add do - if exists - Chef::Log.debug("#{new_resource} pool already exists - nothing to do") - else - converge_by "Created Application Pool \"#{new_resource}\"" do - cmd = "#{appcmd(node)} add apppool /name:\"#{new_resource.name}\"" - if new_resource.no_managed_code - cmd << ' /managedRuntimeVersion:' - elsif new_resource.runtime_version - cmd << " /managedRuntimeVersion:v#{new_resource.runtime_version}" - end - cmd << " /managedPipelineMode:#{new_resource.pipeline_mode.capitalize}" if new_resource.pipeline_mode - cmd << ' /commit:\"MACHINE/WEBROOT/APPHOST\"' - Chef::Log.debug(cmd) - shell_out!(cmd) - configure - end - end -end - -action :config do - configure if exists -end - -action :delete do - if exists - converge_by "Deleted Application Pool \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} delete apppool \"#{new_resource.name}\"") - end - else - Chef::Log.debug("#{new_resource} pool does not exist - nothing to do") - end -end - -action :start do - if exists && !current_resource.running - converge_by "Started Application Pool \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} start apppool \"#{new_resource.name}\"") - end - else - Chef::Log.debug("#{new_resource} already running - nothing to do") - end -end - -action :stop do - if exists && current_resource.running - converge_by "Stopped Application Pool \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} stop apppool \"#{new_resource.name}\"") - end - else - Chef::Log.debug("#{new_resource} already stopped - nothing to do") - end -end - -action :restart do - if exists - converge_by "Restarted Application Pool \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} stop APPPOOL \"#{new_resource.name}\"") if current_resource.running - sleep 2 - shell_out!("#{appcmd(node)} start APPPOOL \"#{new_resource.name}\"") - end - end -end - -action :recycle do - if exists - converge_by "Recycled Application Pool \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} recycle APPPOOL \"#{new_resource.name}\"") if current_resource.running - end - end -end - -action_class.class_eval do - def exists - current_resource.runtime_version ? true : false - end - - def configure - # Application Pool Config - cmd = "#{appcmd(node)} set config /section:applicationPools" - - # root items - if iis_version >= 7.0 - converge_if_changed :auto_start do - cmd << configure_application_pool("autoStart:#{new_resource.auto_start}") - end - end - - if iis_version >= 7.5 - converge_if_changed :start_mode do - cmd << configure_application_pool("startMode:#{new_resource.start_mode}") - end - end - - if new_resource.no_managed_code - converge_if_changed :runtime_version do - cmd << configure_application_pool('managedRuntimeVersion:') - end - else - converge_if_changed :runtime_version do - cmd << configure_application_pool("managedRuntimeVersion:v#{new_resource.runtime_version}") - end - end - - converge_if_changed :pipeline_mode do - cmd << configure_application_pool("managedPipelineMode:#{new_resource.pipeline_mode}") - end - converge_if_changed :thirty_two_bit do - cmd << configure_application_pool("enable32BitAppOnWin64:#{new_resource.thirty_two_bit}") - end - converge_if_changed :queue_length do - cmd << configure_application_pool("queueLength:#{new_resource.queue_length}") - end - - # processModel items - converge_if_changed :max_processes do - cmd << configure_application_pool("processModel.maxProcesses:#{new_resource.max_processes}") - end - converge_if_changed :load_user_profile do - cmd << configure_application_pool("processModel.loadUserProfile:#{new_resource.load_user_profile}") - end - converge_if_changed :logon_type do - cmd << configure_application_pool("processModel.logonType:#{new_resource.logon_type}") - end - converge_if_changed :manual_group_membership do - cmd << configure_application_pool("processModel.manualGroupMembership:#{new_resource.manual_group_membership}") - end - converge_if_changed :idle_timeout do - cmd << configure_application_pool("processModel.idleTimeout:#{new_resource.idle_timeout}") - end - if iis_version >= 8.5 - converge_if_changed :idle_timeout_action do - cmd << configure_application_pool("processModel.idleTimeoutAction:#{new_resource.idle_timeout_action}") - end - end - converge_if_changed :shutdown_time_limit do - cmd << configure_application_pool("processModel.shutdownTimeLimit:#{new_resource.shutdown_time_limit}") - end - converge_if_changed :startup_time_limit do - cmd << configure_application_pool("processModel.startupTimeLimit:#{new_resource.startup_time_limit}") - end - converge_if_changed :pinging_enabled do - cmd << configure_application_pool("processModel.pingingEnabled:#{new_resource.pinging_enabled}") - end - converge_if_changed :ping_interval do - cmd << configure_application_pool("processModel.pingInterval:#{new_resource.ping_interval}") - end - converge_if_changed :ping_response_time do - cmd << configure_application_pool("processModel.pingResponseTime:#{new_resource.ping_response_time}") - end - - should_clear_apppool_schedules = ((new_resource.recycle_at_time != current_resource.recycle_at_time) && !@node_array.nil? && !@node_array.empty?) || (new_resource.recycle_schedule_clear && !@node_array.nil? && !@node_array.empty?) - - # recycling items - ## Special case this collection removal for now. - # TODO: test if this is needed - # is_new_recycle_at_time = true - if !current_resource.runtime_version && should_clear_apppool_schedules - converge_by "Cleared Periodic Restart Schedule #{new_resource} - #{should_clear_apppool_schedules}" do - clear_pool_schedule_cmd = "#{appcmd(node)} set config /section:applicationPools \"/-[name='#{new_resource.name}'].recycling.periodicRestart.schedule\"" - Chef::Log.debug(clear_pool_schedule_cmd) - shell_out!(clear_pool_schedule_cmd) - end - end - - converge_if_changed :recycle_after_time do - cmd << configure_application_pool("recycling.periodicRestart.time:#{new_resource.recycle_after_time}") - end - converge_if_changed :recycle_at_time do - cmd << configure_application_pool("recycling.periodicRestart.schedule.[value='#{new_resource.recycle_at_time}']", '+') - end - converge_if_changed :log_event_on_recycle do - cmd << configure_application_pool("recycling.logEventOnRecycle:#{new_resource.log_event_on_recycle}") - end - converge_if_changed :private_memory do - cmd << configure_application_pool("recycling.periodicRestart.privateMemory:#{new_resource.private_memory}") - end - converge_if_changed :virtual_memory do - cmd << configure_application_pool("recycling.periodicRestart.memory:#{new_resource.virtual_memory}") - end - converge_if_changed :disallow_rotation_on_config_change do - cmd << configure_application_pool("recycling.disallowRotationOnConfigChange:#{new_resource.disallow_rotation_on_config_change}") - end - converge_if_changed :disallow_overlapping_rotation do - cmd << configure_application_pool("recycling.disallowOverlappingRotation:#{new_resource.disallow_overlapping_rotation}") - end - - # failure items - converge_if_changed :load_balancer_capabilities do - cmd << configure_application_pool("failure.loadBalancerCapabilities:#{new_resource.load_balancer_capabilities}") - end - converge_if_changed :orphan_worker_process do - cmd << configure_application_pool("failure.orphanWorkerProcess:#{new_resource.orphan_worker_process}") - end - converge_if_changed :orphan_action_exe do - cmd << configure_application_pool("failure.orphanActionExe:#{new_resource.orphan_action_exe}") - end - converge_if_changed :orphan_action_params do - cmd << configure_application_pool("failure.orphanActionParams:#{new_resource.orphan_action_params}") - end - converge_if_changed :rapid_fail_protection do - cmd << configure_application_pool("failure.rapidFailProtection:#{new_resource.rapid_fail_protection}") - end - converge_if_changed :rapid_fail_protection_interval do - cmd << configure_application_pool("failure.rapidFailProtectionInterval:#{new_resource.rapid_fail_protection_interval}") - end - converge_if_changed :rapid_fail_protection_max_crashes do - cmd << configure_application_pool("failure.rapidFailProtectionMaxCrashes:#{new_resource.rapid_fail_protection_max_crashes}") - end - converge_if_changed :auto_shutdown_exe do - cmd << configure_application_pool("failure.autoShutdownExe:#{new_resource.auto_shutdown_exe}") - end - converge_if_changed :auto_shutdown_params do - cmd << configure_application_pool("failure.autoShutdownParams:#{new_resource.auto_shutdown_params}") - end - - # cpu items - converge_if_changed :cpu_action do - cmd << configure_application_pool("cpu.action:#{new_resource.cpu_action}") - end - converge_if_changed :cpu_limit do - cmd << configure_application_pool("cpu.limit:#{new_resource.cpu_limit}") - end - converge_if_changed :cpu_reset_interval do - cmd << configure_application_pool("cpu.resetInterval:#{new_resource.cpu_reset_interval}") - end - converge_if_changed :cpu_smp_affinitized do - cmd << configure_application_pool("cpu.smpAffinitized:#{new_resource.cpu_smp_affinitized}") - end - converge_if_changed :smp_processor_affinity_mask do - cmd << configure_application_pool("cpu.smpProcessorAffinityMask:#{new_resource.smp_processor_affinity_mask.floor}") - end - converge_if_changed :smp_processor_affinity_mask_2 do - cmd << configure_application_pool("cpu.smpProcessorAffinityMask2:#{new_resource.smp_processor_affinity_mask_2.floor}") - end - - unless current_resource.runtime_version && cmd == "#{appcmd(node)} set config /section:applicationPools" - converge_by "Configured Application Pool \"#{new_resource}\"" do - Chef::Log.debug(cmd) - shell_out!(cmd) - end - end - - # Application Pool Identity Settings - if new_resource.username && new_resource.username != '' - cmd = default_app_pool_user - converge_if_changed :username do - cmd << " \"/[name='#{new_resource.name}'].processModel.userName:#{new_resource.username}\"" - end - converge_if_changed :password do - cmd << " \"/[name='#{new_resource.name}'].processModel.password:#{new_resource.password}\"" - end - if cmd != default_app_pool_user - converge_by "Configured Application Pool Identity Settings \"#{new_resource}\"" do - Chef::Log.debug(cmd) - shell_out!(cmd) - end - end - elsif new_resource.identity_type != 'SpecificUser' - converge_if_changed :identity_type do - cmd = "#{appcmd(node)} set config /section:applicationPools" - cmd << " \"/[name='#{new_resource.name}'].processModel.identityType:#{new_resource.identity_type}\"" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - end - end - - def default_app_pool_user - cmd_default = "#{appcmd(node)} set config /section:applicationPools" - cmd_default << " \"/[name='#{new_resource.name}'].processModel.identityType:SpecificUser\"" - end - - def configure_application_pool(config, add_remove = '') - " \"/#{add_remove}[name='#{new_resource.name}'].#{config}\"" - end -end diff --git a/cookbooks/iis/resources/root.rb b/cookbooks/iis/resources/root.rb deleted file mode 100644 index 821040f..0000000 --- a/cookbooks/iis/resources/root.rb +++ /dev/null @@ -1,88 +0,0 @@ -# -# Cookbook:: iis -# Resource:: root -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include Opscode::IIS::Constants -include Opscode::IIS::Helper -include Opscode::IIS::Processors - -property :default_documents_enabled, [true, false], default: true -property :default_documents, Array, default: Opscode::IIS::Constants.default_documents -property :mime_maps, Array, default: Opscode::IIS::Constants.default_mime_types -property :add_default_documents, Array, default: [] -property :add_mime_maps, Array, default: [] -property :delete_default_documents, Array, default: [] -property :delete_mime_maps, Array, default: [] - -default_action :config - -load_current_value do |desired| - current_default_documents_object = current_default_documents_config - return unless current_default_documents_object - - current_mime_maps = current_mime_maps_config - return unless current_mime_maps_config - - default_documents_enabled bool(current_default_documents_object[:default_documents_enabled]) - default_documents current_default_documents_object[:default_documents] - mime_maps current_mime_maps - - current_add_default_documents = desired.add_default_documents - current_default_documents_object[:default_documents] - add_default_documents desired.add_default_documents - current_add_default_documents - - delete_default_documents desired.delete_default_documents - current_default_documents_object[:default_documents] - - current_add_mime_maps = desired.add_mime_maps - current_mime_maps - add_mime_maps desired.add_mime_maps - current_add_mime_maps - - delete_mime_maps desired.delete_mime_maps - current_mime_maps -end - -action :config do - converge_if_changed :default_documents_enabled do - set_default_documents_enabled(new_resource.default_documents_enabled) - end - - converge_if_changed :default_documents do - set_default_documents(new_resource.default_documents, current_resource.default_documents) - end - - converge_if_changed :mime_maps do - set_mime_maps(new_resource.mime_maps, current_resource.mime_maps) - end -end - -action :add do - converge_if_changed :add_default_documents do - set_default_documents(new_resource.add_default_documents, current_resource.add_default_documents, true, false) - end - - converge_if_changed :add_mime_maps do - set_mime_maps(new_resource.add_mime_maps, current_resource.add_mime_maps, true, false) - end -end - -action :delete do - converge_if_changed :delete_default_documents do - set_default_documents(new_resource.delete_default_documents, current_resource.delete_default_documents, false, true) - end - - converge_if_changed :delete_mime_maps do - set_mime_maps(new_resource.delete_mime_maps, current_resource.delete_mime_maps, false, true) - end -end diff --git a/cookbooks/iis/resources/section.rb b/cookbooks/iis/resources/section.rb deleted file mode 100644 index b7a49c0..0000000 --- a/cookbooks/iis/resources/section.rb +++ /dev/null @@ -1,73 +0,0 @@ -# -# Cookbook:: iis -# Resource:: section -# -# Copyright:: 2016-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'rexml/document' - -include REXML -include Opscode::IIS::Helper -include Opscode::IIS::SectionHelper -include Opscode::IIS::Processors - -property :section, String, name_property: true -property :site, String -property :application_path, String -property :returns, [Integer, Array], default: 0 -property :locked, String - -default_action :unlock - -load_current_value do |desired| - section desired.section - site desired.site - application_path desired.application_path - command_path = 'MACHINE/WEBROOT/APPHOST' - command_path << "/#{site}" if site - command_path << application_path.to_s if application_path - cmd = "#{appcmd(node)} list config \"#{command_path}\"" - cmd << " -section:\"#{section}\" /commit:apphost /config:* /xml" - Chef::Log.debug(cmd) - cmd = shell_out(cmd) - if cmd.stderr.empty? - xml = cmd.stdout - doc = Document.new(xml) - locked value doc.root, 'CONFIG/@overrideMode' - else - Chef::Log.info(cmd.stderr) - end -end - -action :lock do - if current_resource.locked != 'Deny' - converge_by "Locking the section - \"#{new_resource}\"" do - lock node, new_resource.section, "#{new_resource.site}#{new_resource.application_path}", new_resource.returns - end - else - Chef::Log.debug("#{new_resource} already locked - nothing to do") - end -end - -action :unlock do - if current_resource.locked != 'Allow' - converge_by "Unlocking the section - \"#{new_resource}\"" do - unlock node, new_resource.section, "#{new_resource.site}#{new_resource.application_path}", new_resource.returns - end - else - Chef::Log.debug("#{new_resource} already unlocked - nothing to do") - end -end diff --git a/cookbooks/iis/resources/site.rb b/cookbooks/iis/resources/site.rb deleted file mode 100644 index 2a0a654..0000000 --- a/cookbooks/iis/resources/site.rb +++ /dev/null @@ -1,235 +0,0 @@ -# -# Cookbook:: iis -# Resource:: site -# -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'rexml/document' - -include REXML -include Opscode::IIS::Helper -include Opscode::IIS::Processors - -property :site_name, String, name_property: true -property :site_id, Integer -property :port, Integer, default: 80, coerce: proc { |v| v.to_i } -property :path, String -property :protocol, [Symbol, String], equal_to: [:http, :https], default: :http, coerce: proc { |v| v.to_sym } -property :host_header, String -property :bindings, String -property :application_pool, String -property :options, String, default: '' -property :log_directory, String, default: node['iis']['log_dir'] -property :log_period, [Symbol, String], equal_to: [:Daily, :Hourly, :MaxSize, :Monthly, :Weekly], default: :Daily, coerce: proc { |v| v.to_sym } -property :log_truncsize, Integer, default: 1_048_576 -property :running, [true, false], desired_state: true - -default_action :add - -load_current_value do |desired| - site_name desired.site_name - # Sanitize windows file system path - desired.path = windows_cleanpath(desired.path) if desired.path - desired.log_directory = windows_cleanpath(desired.log_directory) if desired.log_directory - cmd = shell_out "#{appcmd(node)} list site \"#{site_name}\"" - Chef::Log.debug(appcmd(node)) - # 'SITE "Default Web Site" (id:1,bindings:http/*:80:,state:Started)' - Chef::Log.debug("#{desired} list site command output: #{cmd.stdout}") - if cmd.stderr.empty? - result = cmd.stdout.gsub(/\r\n?/, "\n") # ensure we have no carriage returns - result = result.match(/^SITE\s\"(?#{desired.site_name})\"\s\(id:(?.*),bindings:(?.*),state:(?.*)\)$/i) - Chef::Log.debug("#{desired} current_resource match output: #{result}") - if result - site_id result[:site_id].to_i - bindings result[:bindings] - running result[:state] =~ /Started/ ? true : false - else - running false - end - - if site_id - values = "#{bindings},".match(%r{(?[^\/]+)\/\*:(?[^:]+):(?[^,]*),}) - # get current values - cmd = "#{appcmd(node)} list site \"#{site_name}\" /config:* /xml" - Chef::Log.debug(cmd) - cmd = shell_out cmd - if cmd.stderr.empty? - xml = cmd.stdout - doc = Document.new(xml) - path windows_cleanpath(value(doc.root, 'SITE/site/application/virtualDirectory/@physicalPath')) - log_directory windows_cleanpath(value(doc.root, 'SITE/site/logFile/@directory')) - log_period value(doc.root, 'SITE/site/logFile/@period').to_sym - log_truncsize value(doc.root, 'SITE/site/logFile/@truncateSize').to_i - application_pool value doc.root, 'SITE/site/application/@applicationPool' - end - - if values - protocol values[:protocol].to_sym - port values[:port].to_i - host_header values[:host_header] - end - else - running false - end - - if values - protocol values[:protocol] - port values[:port].to_i - host_header values[:host_header] - end - else - Chef::Log.warn "Failed to run iis_site action :config, #{cmd.stderr}" - end -end - -action :add do - if exists - Chef::Log.debug("#{new_resource} site already exists - nothing to do") - else - converge_by "Created the Site - \"#{new_resource}\"" do - cmd = "#{appcmd(node)} add site /name:\"#{new_resource.site_name}\"" - cmd << " /id:#{new_resource.site_id}" if new_resource.site_id - cmd << " /physicalPath:\"#{new_resource.path}\"" if new_resource.path - if new_resource.bindings - cmd << " /bindings:\"#{new_resource.bindings}\"" - else - cmd << " /bindings:#{new_resource.protocol}/*" - cmd << ":#{new_resource.port}:" if new_resource.port - cmd << new_resource.host_header if new_resource.host_header - end - - # support for additional options -logDir, -limits, -ftpServer, etc... - cmd << " #{new_resource.options}" if new_resource.options - shell_out!(cmd, returns: [0, 42]) - - configure - - if new_resource.application_pool - shell_out!("#{appcmd(node)} set site /site.name:\"#{new_resource.site_name}\" /[path='/'].applicationPool:\"#{new_resource.application_pool}\"", returns: [0, 42]) - end - Chef::Log.info("#{new_resource} added new site '#{new_resource.site_name}'") - end - end -end - -action :config do - configure if exists -end - -action :delete do - if exists - converge_by "Deleted the Site - \"#{new_resource}\"" do - Chef::Log.info("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"") - shell_out!("#{appcmd(node)} delete site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) - end - else - Chef::Log.debug("#{new_resource} site does not exist - nothing to do") - end -end - -action :start do - if exists && !current_resource.running - converge_by "Started the Site - \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} start site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) - end - else - Chef::Log.debug("#{new_resource} already running - nothing to do") - end -end - -action :stop do - if exists && current_resource.running - converge_by "Stopped the Site - \"#{new_resource}\"" do - Chef::Log.info("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"") - shell_out!("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) - end - else - Chef::Log.debug("#{new_resource} already stopped - nothing to do") - end -end - -action :restart do - converge_by "Restarted the Site - \"#{new_resource}\"" do - shell_out!("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) if running - sleep 2 - shell_out!("#{appcmd(node)} start site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) - end -end - -action_class.class_eval do - def exists - current_resource.site_id ? true : false - end - - def configure - if new_resource.bindings - converge_if_changed :bindings do - cmd = "#{appcmd(node)} set site /site.name:\"#{new_resource.site_name}\"" - cmd << " /bindings:\"#{new_resource.bindings}\"" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - elsif new_resource.port || new_resource.host_header || new_resource.protocol - converge_if_changed :bindings, :host_header, :protocol do - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /bindings:#{new_resource.protocol}/*:#{new_resource.port}:#{new_resource.host_header}" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - end - - converge_if_changed :application_pool do - cmd = "#{appcmd(node)} set app \"#{new_resource.site_name}/\" /applicationPool:\"#{new_resource.application_pool}\"" - Chef::Log.debug(cmd) - shell_out!(cmd, returns: [0, 42]) - end - - converge_if_changed :path do - cmd = "#{appcmd(node)} set vdir \"#{new_resource.site_name}/\"" - cmd << " /physicalPath:\"#{new_resource.path}\"" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - - converge_if_changed :site_id do - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /id:#{new_resource.site_id}" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - - converge_if_changed :log_directory do - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /logFile.directory:#{new_resource.log_directory}" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - - converge_if_changed :log_period do - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /logFile.period:#{new_resource.log_period}" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - - converge_if_changed :log_truncsize do - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /logFile.truncateSize:#{new_resource.log_truncsize}" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - end -end diff --git a/cookbooks/iis/resources/vdir.rb b/cookbooks/iis/resources/vdir.rb deleted file mode 100644 index 594d71c..0000000 --- a/cookbooks/iis/resources/vdir.rb +++ /dev/null @@ -1,144 +0,0 @@ -# -# Cookbook:: iis -# Resource:: vdir -# -# Copyright:: 2016-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'rexml/document' - -include REXML -include Opscode::IIS::Helper -include Opscode::IIS::Processors - -property :application_name, String, name_property: true -property :path, String -property :physical_path, String -property :username, String -property :password, String -property :logon_method, [Symbol, String], default: :ClearText, equal_to: [:Interactive, :Batch, :Network, :ClearText], coerce: proc { |v| v.to_sym } -property :allow_sub_dir_config, [true, false], default: true - -default_action :add - -load_current_value do |desired| - # Sanitize Application Name - desired.application_name = application_cleanname(desired.application_name) - # Sanitize Physical Path - desired.physical_path = windows_cleanpath(desired.physical_path) if desired.physical_path - application_name desired.application_name - path desired.path - cmd = shell_out("#{appcmd(node)} list vdir \"#{application_name.chomp('/') + path}\"") - Chef::Log.debug("#{desired} list vdir command output: #{cmd.stdout}") - - if cmd.stderr.empty? - # VDIR "Testfu Site/Content/Test" - result = cmd.stdout.match(/^VDIR\s\"#{Regexp.escape(application_name.chomp('/') + path)}\"/) - Chef::Log.debug("#{desired} current_resource match output: #{result}") - unless result.nil? - cmd = shell_out("#{appcmd(node)} list vdir \"#{application_name.chomp('/') + path}\" /config:* /xml") - if cmd.stderr.empty? - xml = cmd.stdout - doc = Document.new(xml) - physical_path windows_cleanpath(value(doc.root, 'VDIR/@physicalPath')) - username value doc.root, 'VDIR/virtualDirectory/@userName' - password value doc.root, 'VDIR/virtualDirectory/@password' - logon_method value(doc.root, 'VDIR/virtualDirectory/@logonMethod').to_sym - allow_sub_dir_config bool(value(doc.root, 'VDIR/virtualDirectory/@allowSubDirConfig')) - end - end - else - Chef::Log.warn "Failed to run iis_vdir action :load_current_resource, #{cmd.stderr}" - end -end - -action :add do - if exists - Chef::Log.debug("#{new_resource} virtual directory already exists - nothing to do") - else - converge_by "Created the VDIR - \"#{new_resource}\"" do - cmd = "#{appcmd(node)} add vdir /app.name:\"#{vdir_identifier}\"" - cmd << " /path:\"#{new_resource.path}\"" - cmd << " /physicalPath:\"#{new_resource.physical_path}\"" - cmd << " /userName:\"#{new_resource.username}\"" if new_resource.username - cmd << " /password:\"#{new_resource.password}\"" if new_resource.password - cmd << " /logonMethod:#{new_resource.logon_method}" if new_resource.logon_method - cmd << " /allowSubDirConfig:#{new_resource.allow_sub_dir_config}" if new_resource.allow_sub_dir_config - cmd << ' /commit:\"MACHINE/WEBROOT/APPHOST\"' - - Chef::Log.debug(cmd) - shell_out!(cmd, returns: [0, 42, 183]) - end - end -end - -action :config do - if exists - cmd = "#{appcmd(node)} set vdir \"#{application_identifier}\"" - converge_if_changed :physical_path do - cmd << " /physicalPath:\"#{new_resource.physical_path}\"" - end - - converge_if_changed :username do - cmd << " /userName:\"#{new_resource.username}\"" - end - - converge_if_changed :password do - cmd << " /password:\"#{new_resource.password}\"" - end - - converge_if_changed :logon_method do - cmd << " /logonMethod:#{new_resource.logon_method}" - end - - converge_if_changed :allow_sub_dir_config do - cmd << " /allowSubDirConfig:#{new_resource.allow_sub_dir_config}" - end - - if cmd != "#{appcmd(node)} set vdir \"#{application_identifier}\"" - converge_by "Updated the VDIR - \"#{new_resource}\"" do - Chef::Log.debug(cmd) - shell_out!(cmd) - end - else - Chef::Log.debug("#{new_resource} virtual directory - nothing changed") - end - end -end - -action :delete do - if exists - converge_by "Deleted the VDIR - \"#{new_resource}\"" do - Chef::Log.debug("#{appcmd(node)} delete vdir \"#{application_identifier}\"") - shell_out!("#{appcmd(node)} delete vdir \"#{application_identifier}\"", returns: [0, 42]) - end - else - Chef::Log.debug("#{new_resource} virtual directory does not exist - nothing to do") - end -end - -action_class.class_eval do - def exists - current_resource.physical_path ? true : false - end - - def application_identifier - new_resource.path.start_with?('/') ? vdir_identifier.chomp('/') + new_resource.path : vdir_identifier + new_resource.path - end - - def vdir_identifier - new_resource.application_name.include?('/') ? new_resource.application_name : new_resource.application_name + '/' - end -end diff --git a/cookbooks/mediawiki/metadata.json b/cookbooks/mediawiki/metadata.json index 50110b8..f77f39a 100644 --- a/cookbooks/mediawiki/metadata.json +++ b/cookbooks/mediawiki/metadata.json @@ -15,7 +15,6 @@ "mysql": ">= 0.0.0", "database": ">= 0.0.0", "nginx": ">= 0.0.0", - "mysql2_chef_gem": ">= 0.0.0", "php-fpm": ">= 0.0.0" }, "providing": { diff --git a/cookbooks/mediawiki/metadata.rb b/cookbooks/mediawiki/metadata.rb index 7faebd8..c3b5521 100644 --- a/cookbooks/mediawiki/metadata.rb +++ b/cookbooks/mediawiki/metadata.rb @@ -10,7 +10,6 @@ depends 'php' depends 'mysql' depends 'database' depends 'nginx' -depends 'mysql2_chef_gem' depends 'php-fpm' attribute 'mediawiki/version', diff --git a/cookbooks/mediawiki/recipes/database.rb b/cookbooks/mediawiki/recipes/database.rb index 05e9780..b27ada6 100644 --- a/cookbooks/mediawiki/recipes/database.rb +++ b/cookbooks/mediawiki/recipes/database.rb @@ -1,19 +1,27 @@ ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) -node.set_unless['mediawiki']['db']['pass'] = secure_password +package('libmysqlclient-dev') { action :nothing }.run_action(:install) + +build_essential 'mediawiki' do + compile_time true +end + +chef_gem 'mysql2' do + compile_time true +end + +node.normal['mediawiki']['db']['pass'] = secure_password node.save unless Chef::Config[:solo] db = node["mediawiki"]["db"] mysql_client "default" do + version '5.7' action :create end -mysql2_chef_gem "default" do - action :install -end - mysql_service db["instance_name"] do + version '5.7' port db["port"] initial_root_password db["root_password"] action [:create, :start] diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index fbd63a3..1da9d91 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -11,19 +11,7 @@ include_recipe "apt" include_recipe "php::default" -if node['platform'] == 'ubuntu' and node['platform_version'] >= '16.04' - # APC is now apcu in PHP 7 - include_recipe "php::module_apcu" - # Dependency - package "php7.0-mbstring" -else - if node['platform_version'] == '15.04' - node.override['php']['apc']['package'] = 'php-apc' - node.override['php']['apcu']['package'] = 'php5-apcu' - end - include_recipe "php::module_apc" -end -include_recipe "php::module_mysql" +package %w(php-apcu php-mysql php-mbstring) include_recipe "mediawiki::database" diff --git a/cookbooks/mediawiki/recipes/nginx.rb b/cookbooks/mediawiki/recipes/nginx.rb index 22ff455..2b84995 100644 --- a/cookbooks/mediawiki/recipes/nginx.rb +++ b/cookbooks/mediawiki/recipes/nginx.rb @@ -3,7 +3,12 @@ # Recipe:: nginx # -node.set_unless['php-fpm']['pools'] = [] +node.default['php-fpm']['pools'] = [] +node.override['php-fpm']['package_name'] = "php-fpm" +node.override['php-fpm']['service_name'] = "php7.2-fpm" +node.override['php-fpm']['conf_dir'] = "/etc/php/7.2/fpm/conf.d" +node.override['php-fpm']['pool_conf_dir'] = "/etc/php/7.2/fpm/pool.d" +node.override['php-fpm']['conf_file'] = "/etc/php/7.2/fpm/php-fpm.conf" include_recipe "php-fpm" include_recipe 'php-fpm::repository' unless node['php-fpm']['skip_repository_install'] @@ -24,7 +29,6 @@ php_fpm_pool "mediawiki" do enable true end -include_recipe "php::module_mysql" include_recipe "nginx" directory node["mediawiki"]["docroot_dir"] do diff --git a/cookbooks/mingw/CHANGELOG.md b/cookbooks/mingw/CHANGELOG.md index dd81178..a1671ec 100644 --- a/cookbooks/mingw/CHANGELOG.md +++ b/cookbooks/mingw/CHANGELOG.md @@ -2,6 +2,20 @@ This file is used to list changes made in each version of the mingw cookbook. +## 2.1.0 (2018-07-24) + +- refactor msys2 package source and checksum to attributes + +## 2.0.2 (2018-02-15) + +- Remove kind_of usage in the custom resources (FC117) + +## 2.0.1 (2017-04-26) + +- Test with Local Delivery instead of Rake +- Add chef_version to the metadata +- Use standardize Apache 2 license string + ## 2.0.0 (2017-02-27) - Require Chef 12.5 and remove compat_resource dependency diff --git a/cookbooks/mingw/MAINTAINERS.md b/cookbooks/mingw/MAINTAINERS.md deleted file mode 100644 index 873629f..0000000 --- a/cookbooks/mingw/MAINTAINERS.md +++ /dev/null @@ -1,17 +0,0 @@ - - -# Maintainers -This file lists how this cookbook project is maintained. When making changes to the system, this -file tells you who needs to review your patch - you need a simple majority of maintainers -for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need -to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) -for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Kartik Null Cating-Subramanian](https://github.com/ksubrama) - -# Maintainers -* [Kartik Null Cating-Subramanian](https://github.com/ksubrama) -* [Seth Chisamore](https://github.com/schisamo) diff --git a/cookbooks/mingw/README.md b/cookbooks/mingw/README.md index e111adc..16da102 100644 --- a/cookbooks/mingw/README.md +++ b/cookbooks/mingw/README.md @@ -48,6 +48,11 @@ Of course, to further complicate matters, different versions of different compil All options also automatically attempt to install a 64-bit based msys2 base file system at the root path specified. Note that you probably won't need a "32-bit" msys2 unless you are actually on a 32-bit only platform. You can still install both 32 and 64-bit compilers and libraries in a 64-bit msys2 base file system. +#### Attributes + +- `node['msys2']['url']` - overrides the url from which to download the package. +- `node['msys2']['checksum']` - overrides the checksum used to verify the downloaded package. + #### Parameters - `package` - An msys2 pacman package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute. diff --git a/cookbooks/mingw/attributes/default.rb b/cookbooks/mingw/attributes/default.rb new file mode 100644 index 0000000..9176ec3 --- /dev/null +++ b/cookbooks/mingw/attributes/default.rb @@ -0,0 +1,3 @@ +# override these attributes to pull the msys2 package from a custom url +default['msys2']['url'] = 'http://downloads.sourceforge.net/project/msys2/Base/x86_64/msys2-base-x86_64-20160205.tar.xz' +default['msys2']['checksum'] = '7e97e2af042e1b6f62cf0298fe84839014ef3d4a3e7825cffc6931c66cc0fc20' diff --git a/cookbooks/mingw/metadata.json b/cookbooks/mingw/metadata.json index 594f4fa..b2cccf0 100644 --- a/cookbooks/mingw/metadata.json +++ b/cookbooks/mingw/metadata.json @@ -1 +1 @@ -{"name":"mingw","version":"2.0.0","description":"Installs a mingw/msys based toolchain on windows","long_description":"# mingw Cookbook\n\n[![Cookbook Version](http://img.shields.io/cookbook/v/mingw.svg)][cookbook] [![Build Status](http://img.shields.io/travis/chef-cookbooks/mingw.svg?branch=master)][travis]\n\nInstalls a mingw/msys based compiler tools chain on windows. This is required for compiling C software from source.\n\n## Requirements\n\n### Platforms\n\n- Windows\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- seven_zip\n\n## Usage\n\nAdd this cookbook as a dependency to your cookbook in its `metadata.rb` and include the default recipe in one of your recipes.\n\n```ruby\n# metadata.rb\ndepends 'mingw'\n```\n\n```ruby\n# your recipe.rb\ninclude_recipe 'mingw::default'\n```\n\nUse the `msys2_package` resource in any recipe to fetch msys2 based packages. Use the `mingw_get` resource in any recipe to fetch mingw packages. Use the `mingw_tdm_gcc` resource to fetch a version of the TDM GCC compiler.\n\nBy default, you should prefer the msys2 packages as they are newer and better supported. C/C++ compilers on windows use various different exception formats and you need to pick the right one for your task. In the 32-bit world, you have SJLJ (set-jump/long-jump) based exception handling and DWARF-2 (shortened to DW2) based exception handling. SJLJ produces code that can happily throw exceptions across stack frames of code compiled by MSVC. DW2 involves more extensive metadata but produces code that cannot unwind MSVC generated stack-frames - hence you need to ensure that you don't have any code that throws across a \"system call\". Certain languages and runtimes have specific requirements as to the exception format supported. As an example, if you are building code for Rust, you will probably need a modern gcc from msys2 with DW2 support as that's what the panic/exception formatter in Rust depends on. In a 64-bit world, you may still use SJLJ but compilers all commonly support SEH (structured exception handling).\n\nOf course, to further complicate matters, different versions of different compilers support different exception handling. The default compilers that come with mingw_get are 32-bit only compilers and support DW2\\. The TDM compilers come in 3 flavors: a 32-bit only version with SJLJ support, a 32-bit only version with DW2 support and a \"multilib\" compiler which supports only SJLJ in 32-bit mode but can produce 64-bit SEH code. The standard library support varies drastically between these various compiler flavors (even within the same version). In msys2, you can install a mingw-w64 based compilers for either 32-bit DW2 support or 64-bit SEH support. If all this hurts your brain, I can only apologize.\n\n## Resources\n\n### msys2_package\n\n- ':install' - Installs an msys2 package using pacman.\n- ':remove' - Uninstalls any existing msys2 package.\n- ':upgrade' - Upgrades the specified package using pacman.\n\nAll options also automatically attempt to install a 64-bit based msys2 base file system at the root path specified. Note that you probably won't need a \"32-bit\" msys2 unless you are actually on a 32-bit only platform. You can still install both 32 and 64-bit compilers and libraries in a 64-bit msys2 base file system.\n\n#### Parameters\n\n- `package` - An msys2 pacman package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys2 tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys2 developer tools in `C:\\msys2`\n\n```ruby\nmsys2_package 'base-devel' do\n root 'C:\\msys2'\nend\n```\n\n### mingw_get\n\n#### Actions\n\n- `:install` - Installs a mingw package from sourceforge using mingw-get.exe.\n- `:remove` - Uninstalls a mingw package.\n- `:upgrade` - Upgrades a mingw package (even to a lower version).\n\n#### Parameters\n\n- `package` - A mingw-get package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys and mingw tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys developer tools in `C:\\mingw32`\n\n```ruby\nmingw_get 'msys-base=2013072300-msys-bin.meta' do\n root 'C:\\mingw32'\nend\n```\n\n### mingw_tdm_gcc\n\n#### Actions\n\n- `:install` - Installs the TDM compiler toolchain at the given path. This only gives you a compiler. If you need any support tooling such as make/grep/awk/bash etc., see `mingw_get`.\n\n#### Parameters\n\n- `flavor` - Either `:sjlj_32` or `:seh_sjlj_64`. TDM-64 is a 32/64-bit multi-lib \"cross-compiler\" toolchain that builds 64-bit by default. It uses structured exception handling (SEH) in 64-bit code and setjump-longjump exception handling (SJLJ) in 32-bit code. TDM-32 only builds 32-bit binaries and uses SJLJ.\n- `root` - The root directory where compiler tools and runtime will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n- `version` - The version of the compiler to fetch and install. This is the name attribute. Currently, '5.1.0' is supported.\n\n#### Examples\n\nTo get the 32-bit TDM GCC compiler in `C:\\mingw32`\n\n```ruby\nmingw_tdm_gcc '5.1.0' do\n flavor :sjlj_32\n root 'C:\\mingw32'\nend\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n[cookbook]: https://supermarket.chef.io/cookbooks/mingw\n[travis]: http://travis-ci.org/chef-cookbooks/mingw\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"seven_zip":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file +{"name":"mingw","version":"2.1.0","description":"Installs a mingw/msys based toolchain on windows","long_description":"# mingw Cookbook\n\n[![Cookbook Version](http://img.shields.io/cookbook/v/mingw.svg)][cookbook] [![Build Status](http://img.shields.io/travis/chef-cookbooks/mingw.svg?branch=master)][travis]\n\nInstalls a mingw/msys based compiler tools chain on windows. This is required for compiling C software from source.\n\n## Requirements\n\n### Platforms\n\n- Windows\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- seven_zip\n\n## Usage\n\nAdd this cookbook as a dependency to your cookbook in its `metadata.rb` and include the default recipe in one of your recipes.\n\n```ruby\n# metadata.rb\ndepends 'mingw'\n```\n\n```ruby\n# your recipe.rb\ninclude_recipe 'mingw::default'\n```\n\nUse the `msys2_package` resource in any recipe to fetch msys2 based packages. Use the `mingw_get` resource in any recipe to fetch mingw packages. Use the `mingw_tdm_gcc` resource to fetch a version of the TDM GCC compiler.\n\nBy default, you should prefer the msys2 packages as they are newer and better supported. C/C++ compilers on windows use various different exception formats and you need to pick the right one for your task. In the 32-bit world, you have SJLJ (set-jump/long-jump) based exception handling and DWARF-2 (shortened to DW2) based exception handling. SJLJ produces code that can happily throw exceptions across stack frames of code compiled by MSVC. DW2 involves more extensive metadata but produces code that cannot unwind MSVC generated stack-frames - hence you need to ensure that you don't have any code that throws across a \"system call\". Certain languages and runtimes have specific requirements as to the exception format supported. As an example, if you are building code for Rust, you will probably need a modern gcc from msys2 with DW2 support as that's what the panic/exception formatter in Rust depends on. In a 64-bit world, you may still use SJLJ but compilers all commonly support SEH (structured exception handling).\n\nOf course, to further complicate matters, different versions of different compilers support different exception handling. The default compilers that come with mingw_get are 32-bit only compilers and support DW2\\. The TDM compilers come in 3 flavors: a 32-bit only version with SJLJ support, a 32-bit only version with DW2 support and a \"multilib\" compiler which supports only SJLJ in 32-bit mode but can produce 64-bit SEH code. The standard library support varies drastically between these various compiler flavors (even within the same version). In msys2, you can install a mingw-w64 based compilers for either 32-bit DW2 support or 64-bit SEH support. If all this hurts your brain, I can only apologize.\n\n## Resources\n\n### msys2_package\n\n- ':install' - Installs an msys2 package using pacman.\n- ':remove' - Uninstalls any existing msys2 package.\n- ':upgrade' - Upgrades the specified package using pacman.\n\nAll options also automatically attempt to install a 64-bit based msys2 base file system at the root path specified. Note that you probably won't need a \"32-bit\" msys2 unless you are actually on a 32-bit only platform. You can still install both 32 and 64-bit compilers and libraries in a 64-bit msys2 base file system.\n\n#### Attributes\n\n- `node['msys2']['url']` - overrides the url from which to download the package.\n- `node['msys2']['checksum']` - overrides the checksum used to verify the downloaded package.\n\n#### Parameters\n\n- `package` - An msys2 pacman package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys2 tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys2 developer tools in `C:\\msys2`\n\n```ruby\nmsys2_package 'base-devel' do\n root 'C:\\msys2'\nend\n```\n\n### mingw_get\n\n#### Actions\n\n- `:install` - Installs a mingw package from sourceforge using mingw-get.exe.\n- `:remove` - Uninstalls a mingw package.\n- `:upgrade` - Upgrades a mingw package (even to a lower version).\n\n#### Parameters\n\n- `package` - A mingw-get package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys and mingw tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys developer tools in `C:\\mingw32`\n\n```ruby\nmingw_get 'msys-base=2013072300-msys-bin.meta' do\n root 'C:\\mingw32'\nend\n```\n\n### mingw_tdm_gcc\n\n#### Actions\n\n- `:install` - Installs the TDM compiler toolchain at the given path. This only gives you a compiler. If you need any support tooling such as make/grep/awk/bash etc., see `mingw_get`.\n\n#### Parameters\n\n- `flavor` - Either `:sjlj_32` or `:seh_sjlj_64`. TDM-64 is a 32/64-bit multi-lib \"cross-compiler\" toolchain that builds 64-bit by default. It uses structured exception handling (SEH) in 64-bit code and setjump-longjump exception handling (SJLJ) in 32-bit code. TDM-32 only builds 32-bit binaries and uses SJLJ.\n- `root` - The root directory where compiler tools and runtime will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n- `version` - The version of the compiler to fetch and install. This is the name attribute. Currently, '5.1.0' is supported.\n\n#### Examples\n\nTo get the 32-bit TDM GCC compiler in `C:\\mingw32`\n\n```ruby\nmingw_tdm_gcc '5.1.0' do\n flavor :sjlj_32\n root 'C:\\mingw32'\nend\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n[cookbook]: https://supermarket.chef.io/cookbooks/mingw\n[travis]: http://travis-ci.org/chef-cookbooks/mingw\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"seven_zip":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/mingw","issues_url":"https://github.com/chef-cookbooks/mingw/issues","chef_version":[[">= 12.5"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/mingw/resources/get.rb b/cookbooks/mingw/resources/get.rb index 22cc9d2..bd77efe 100644 --- a/cookbooks/mingw/resources/get.rb +++ b/cookbooks/mingw/resources/get.rb @@ -20,8 +20,8 @@ # Installs the core msys utilities needed for mingw/git/any other posix # based toolchain at a desired location using mingw-get.exe. -property :package, kind_of: String, name_property: true -property :root, kind_of: String, required: true +property :package, String, name_property: true +property :root, String, required: true resource_name :mingw_get diff --git a/cookbooks/mingw/resources/msys2_package.rb b/cookbooks/mingw/resources/msys2_package.rb index a3594dd..ddad055 100644 --- a/cookbooks/mingw/resources/msys2_package.rb +++ b/cookbooks/mingw/resources/msys2_package.rb @@ -25,8 +25,8 @@ # well that's your problem isn't it? And they don't believe in preserving # older versions. Good luck! -property :package, kind_of: String, name_property: true -property :root, kind_of: String, required: true +property :package, String, name_property: true +property :root, String, required: true resource_name :msys2_package @@ -49,8 +49,8 @@ action_class do def msys2_init cache_dir = ::File.join(root, '.cache') f_cache_dir = win_friendly_path(cache_dir) - base_url = 'http://downloads.sourceforge.net/project/msys2/Base/x86_64/msys2-base-x86_64-20160205.tar.xz' - base_checksum = '7e97e2af042e1b6f62cf0298fe84839014ef3d4a3e7825cffc6931c66cc0fc20' + base_url = node['msys2']['url'] + base_checksum = node['msys2']['checksum'] unless ::File.exist?(::File.join(root, 'msys2.exe')) seven_zip_archive "cache msys2 base to #{f_cache_dir}" do diff --git a/cookbooks/mingw/resources/tdm_gcc.rb b/cookbooks/mingw/resources/tdm_gcc.rb index 5c8d63c..085eee3 100644 --- a/cookbooks/mingw/resources/tdm_gcc.rb +++ b/cookbooks/mingw/resources/tdm_gcc.rb @@ -19,9 +19,9 @@ # Installs a gcc based C/C++ compiler and runtime from TDM GCC. -property :flavor, kind_of: Symbol, is: [:sjlj_32, :seh_sjlj_64], default: :seh_sjlj_64 -property :root, kind_of: String, required: true -property :version, kind_of: String, is: ['5.1.0'], name_property: true +property :flavor, Symbol, is: [:sjlj_32, :seh_sjlj_64], default: :seh_sjlj_64 +property :root, String, required: true +property :version, String, is: ['5.1.0'], name_property: true resource_name :mingw_tdm_gcc diff --git a/cookbooks/mysql/CHANGELOG.md b/cookbooks/mysql/CHANGELOG.md index 8fd0aa8..92291b9 100644 --- a/cookbooks/mysql/CHANGELOG.md +++ b/cookbooks/mysql/CHANGELOG.md @@ -2,6 +2,104 @@ This file is used to list changes made in each version of the mysql cookbook. +## 8.5.1 (2017-08-23) + +- Fix the remainder of the namespace collision deprecation warnings +- Remove the class_eval in the action class as this causes issues with some releases of Chef 12 + +## 8.5.0 (2017-08-23) + +- Require Chef 12.7+ since 12.5/12.6 has custom resource action_class issues +- Resolve several Chef 14 deprecation warnings + +## 8.4.0 (2017-05-30) + +- Fix client/server install on Amazon Linux and add testing +- Remove support for Ubuntu Precise since it's EOL +- Add Amazon Linux testing + +## 8.3.1 (2017-04-04) + +- Fix an ignoring of 'cookbook' attribute by 'mysql_config' resource +- Remove unused helper method +- Call out the supported platform versions in the metadata +- Switch to Delivery Local and rename the docked config +- Remove mention of the EOL opensuse 13.x in the readme + +## 8.3.0 (2017-03-20) +- Refactor mysql_service_manager_upstart.rb to eliminate use of cloned resource + +## 8.2.0 (2016-12-03) + +- Include client development packages on RHEL/SUSE platforms + +## 8.1.1 (2016-10-31) +- Fixing CVE-2016-6662 - Reverting execure bit on mysql config + +## 8.1.0 (2016-10-29) + +- Drop hardcoded, specific package version logic that broke many users + +## 8.0.4 (2016-09-26) +- Bump debian version +- Updated packages for 12.04 and 14.04 too +- Add chef_version metadata +- Update platforms in the kitchen file +- Add selinux to the Berksfile for testing +- Make sure yum repos are setup in local Test Kitchen + +## 8.0.3 (2016-09-14) +- [GH-390] Fix #390 incorrect escaping of initial_root_password +- Updated package versions for Ubuntu 16.04 +- Testing updates + +# v8.0.2 (2016-08-25) +- Various bug fixed and updates to package version strings + +# v8.0.1 (2016-07-20) +- Fixed a regression in the mysql_client resource where the action was changed from create to install in the 8.0 release +- Added oracle, opensuse, and opensuseleap as supported platforms in the metadata + +# v8.0.0 (2016-07-11) + +- Converting from LWRP to custom resources +- Removing yum-mysql and other dependencies. +- ^ BREAKING CHANGE: RHELish users are now responsible + for including a recipe from the "yum-mysql" or equivalent + cookbook before utilizing the mysql_* resources. +- More thoughtful ChefSpec +- Renaming "replication" test suite to "smoke" +- Moving to Inspec + +## v7.2.0 (2016-06-30) + +- Support openeSUSE leap +- Support Fedora 24 + +## v7.1.2 (2016-06-30) + +- Avoid deprecation warnings on the upcoming Chef 12.12 release + +## v7.1.1 (2016-06-03) + +- Fix apparmor blocking writes to non-default tmp_dirs +- Updated apparmor config to allow read & write to sock.lock file +- Use cookstyle instead of Rubocop directly + +## v7.1.0 (2016-05-11) + +- Added support for Ubuntu 16.04 + +## v7.0.0 (2016-04-19) + +- Removed support for legacy distros: Ubuntu 10.04/13.04/14.10/15.04, Fedora 20/21, OmniOS r151006, opensuse 11.3/12.0 +- Added support for Fedora 23, suse 13.X, and Ubuntu 16.04 +- Updated the systemd support to create unit files in /etc/systemd and not /usr/lib/systemd +- Adding umask to bash resource that sets root password PR #386 @gziskind +- Cleaned up the Test Kitchen config to test the right platform version + mysql pairings +- Added Travis CI Test Kitchen testing on Fedora 22/23 and removed Fedora 21 +- Updated the platforms used in the specs + ## v6.1.3 (2016-03-14) - Added support for Ubuntu 15.10 @@ -65,7 +163,7 @@ This file is used to list changes made in each version of the mysql cookbook. ## v6.0.21 (2015-04-08) -- Fix to Upstart prestart script when using custom socket +- Fix to Upstart prestart script when using custom socket - Adding --explicit_defaults_for_timestamp mysql_install_db_cmd for - 5.6 and above @@ -186,7 +284,7 @@ This file is used to list changes made in each version of the mysql cookbook. ## v5.5.4 (2014-10-07) -- Adding sensitive flag to execute resources to protect passwords from logs +- Adding sensitive flag to execute resources to protect passwords from logs ## v5.5.3 (2014-09-24) diff --git a/cookbooks/mysql/MAINTAINERS.md b/cookbooks/mysql/MAINTAINERS.md deleted file mode 100644 index c6a51ae..0000000 --- a/cookbooks/mysql/MAINTAINERS.md +++ /dev/null @@ -1,19 +0,0 @@ - - -# Maintainers -This file lists how this cookbook project is maintained. When making changes to the system, this -file tells you who needs to review your patch - you need a simple majority of maintainers -for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need -to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) -for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Sean OMeara](https://github.com/someara) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/mysql/README.md b/cookbooks/mysql/README.md index 3baa1f6..63dba0f 100644 --- a/cookbooks/mysql/README.md +++ b/cookbooks/mysql/README.md @@ -2,16 +2,15 @@ [![Build Status](https://travis-ci.org/chef-cookbooks/mysql.svg?branch=master)](https://travis-ci.org/chef-cookbooks/mysql) [![Cookbook Version](https://img.shields.io/cookbook/v/mysql.svg)](https://supermarket.chef.io/cookbooks/mysql) -The Mysql Cookbook is a library cookbook that provides resource primitives (LWRPs) for use in recipes. It is designed to be a reference example for creating highly reusable cross-platform cookbooks. +The MySQL Cookbook is a library cookbook that provides resource primitives (LWRPs) for use in recipes. It is designed to be a reference example for creating highly reusable cross-platform cookbooks. ## Scope -This cookbook is concerned with the "MySQL Community Server", particularly those shipped with F/OSS Unix and Linux distributions. It does not address forks or value-added repackaged MySQL distributions like Drizzle, MariaDB, or Percona. +This cookbook is concerned with the "MySQL Community Server", particularly those shipped with F/OSS Unix and Linux distributions. It does not address forks or value-added repackaged MySQL distributions like MariaDB or Percona. ## Requirements -- Chef 11 or higher -- Ruby 1.9 or higher (preferably from the Chef full-stack installer) +- Chef 12.7 or higher - Network accessible package repositories - 'recipe[selinux::disabled]' on RHEL platforms @@ -20,42 +19,37 @@ This cookbook is concerned with the "MySQL Community Server", particularly those The following platforms have been tested with Test Kitchen: ``` -|----------------+-----+-----+-----+-----+-----| -| | 5.0 | 5.1 | 5.5 | 5.6 | 5.7 | -|----------------+-----+-----+-----+-----+-----| -| debian-7 | | | X | | | -|----------------+-----+-----+-----+-----+-----| -| ubuntu-12.04 | | | X | | | -|----------------+-----+-----+-----+-----+-----| -| ubuntu-14.04 | | | X | X | | -|----------------+-----+-----+-----+-----+-----| -| ubuntu-15.04 | | | | X | | -|----------------+-----+-----+-----+-----+-----| -| centos-5 | X | X | X | X | X | -|----------------+-----+-----+-----+-----+-----| -| centos-6 | | X | X | X | X | -|----------------+-----+-----+-----+-----+-----| -| centos-7 | | | X | X | X | -|----------------+-----+-----+-----+-----+-----| -| amazon | | | X | X | X | -|----------------+-----+-----+-----+-----+-----| -| fedora-22 | | | X | X | X | -|----------------+-----+-----+-----+-----+-----| -| fedora-23 | | | X | X | X | -|----------------+-----+-----+-----+-----+-----| +|----------------+-----+-----+-----+-----| +| | 5.1 | 5.5 | 5.6 | 5.7 | +|----------------+-----+-----+-----+-----| +| debian-7 | | X | | | +|----------------+-----+-----+-----+-----| +| debian-8 | | X | | | +|----------------+-----+-----+-----+-----| +| ubuntu-14.04 | | X | X | | +|----------------+-----+-----+-----+-----| +| ubuntu-16.04 | | | | X | +|----------------+-----+-----+-----+-----| +| centos-6 | X | X | X | X | +|----------------+-----+-----+-----+-----| +| centos-7 | | X | X | X | +|----------------+-----+-----+-----+-----| +| fedora | | | X | X | +|----------------+-----+-----+-----+-----| +| openSUSE Leap | | | X | | +|----------------+-----+-----+-----+-----| ``` ## Cookbook Dependencies -- yum-mysql-community -- smf +There are no hard coupled dependencies. However, there is a loose dependency on `yum-mysql-community` for RHEL/CentOS platforms. As of the 8.0 version of this cookbook, configuration of the package repos is now the responsibility of the user. ## Usage Place a dependency on the mysql cookbook in your cookbook's metadata.rb ```ruby -depends 'mysql', '~> 6.0' +depends 'mysql', '~> 8.0' ``` Then, in a recipe: @@ -180,7 +174,7 @@ Please note that when using `notifies` or `subscribes`, the resource to referenc - `:create` - Configures everything but the underlying operating system service. - `:delete` - Removes everything but the package and data_dir. - `:start` - Starts the underlying operating system service -- `:stop`- Stops the underlying operating system service +- `:stop`- Stops the underlying operating system service - `:restart` - Restarts the underlying operating system service - `:reload` - Reloads the underlying operating system service @@ -274,7 +268,7 @@ mysql_client 'default' do end ``` -#### Parameters +#### Properties - `package_name` - An array of packages to be installed. Defaults to a value looked up in an internal map. - `package_version` - Specific versions of the package to install, passed onto the underlying package manager. Defaults to `nil`. @@ -401,31 +395,20 @@ Or to connect over the network, use something like this: connect over the networ These network or socket ssettings can also be put in you $HOME/.my.cnf, if preferred. -### What about MariaDB, Percona, Drizzle, WebScaleSQL, etc. +### What about MariaDB, Percona, etc. MySQL forks are purposefully out of scope for this cookbook. This is mostly to reduce the testing matrix to a manageable size. Cookbooks for these technologies can easily be created by copying and adapting this cookbook. However, there will be differences. Package repository locations, package version names, software major version numbers, supported platform matrices, and the availability of software such as XtraDB and Galera are the main reasons that creating multiple cookbooks to make sense. -## Warnings +## Maintainers -## Hacking / Testing / TODO +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) -Please refer to the HACKING.md - -## License & Authors - -- Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io)) -- Author:: AJ Christensen ([aj@chef.io](mailto:aj@chef.io)) -- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io)) -- Author:: Brian Bianco ([brian.bianco@gmail.com](mailto:brian.bianco@gmail.com)) -- Author:: Jesse Howarth ([him@jessehowarth.com](mailto:him@jessehowarth.com)) -- Author:: Andrew Crump ([andrew@kotirisoftware.com](mailto:andrew@kotirisoftware.com)) -- Author:: Christoph Hartmann ([chris@lollyrock.com](mailto:chris@lollyrock.com)) -- Author:: Sean OMeara ([sean@chef.io](mailto:sean@chef.io)) +## License ```text -Copyright:: 2009-2014 Chef Software, Inc +Copyright:: 2009-2017 Chef Software, Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cookbooks/mysql/libraries/helpers.rb b/cookbooks/mysql/libraries/helpers.rb index 8b47559..e60d21d 100644 --- a/cookbooks/mysql/libraries/helpers.rb +++ b/cookbooks/mysql/libraries/helpers.rb @@ -1,67 +1,123 @@ -require 'shellwords' - module MysqlCookbook - module Helpers - include Chef::DSL::IncludeRecipe + module HelpersBase + require 'shellwords' - def base_dir - prefix_dir || '/usr' + def el6? + return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 6 + false end - def configure_package_repositories - # we need to enable the yum-mysql-community repository to get packages - return unless %w(rhel fedora).include? node['platform_family'] - case parsed_version - when '5.5' - # Prefer packages from native repos - return if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 5 - return if node['platform_family'] == 'fedora' - include_recipe('yum-mysql-community::mysql55') - when '5.6' - include_recipe('yum-mysql-community::mysql56') - when '5.7' - include_recipe('yum-mysql-community::mysql57') - end + def el7? + return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7 + false end - def client_package_name - return new_resource.package_name if new_resource.package_name - client_package + def wheezy? + return true if node['platform'] == 'debian' && node['platform_version'].to_i == 7 + false + end + + def jessie? + return true if node['platform'] == 'debian' && node['platform_version'].to_i == 8 + false + end + + def stretch? + return true if node['platform'] == 'debian' && node['platform_version'].to_i == 9 + false + end + + def trusty? + return true if node['platform'] == 'ubuntu' && node['platform_version'] == '14.04' + return true if node['platform'] == 'linuxmint' && node['platform_version'] =~ /^17\.[0-9]$/ + false + end + + def xenial? + return true if node['platform'] == 'ubuntu' && node['platform_version'] == '16.04' + false end def defaults_file "#{etc_dir}/my.cnf" end - def error_log - return new_resource.error_log if new_resource.error_log + def default_data_dir + return "/var/lib/#{mysql_name}" if node['os'] == 'linux' + return "/opt/local/lib/#{mysql_name}" if node['os'] == 'solaris2' + return "/var/db/#{mysql_name}" if node['os'] == 'freebsd' + end + + def default_error_log "#{log_dir}/error.log" end - def etc_dir - return "/opt/mysql#{pkg_ver_string}/etc/#{mysql_name}" if node['platform_family'] == 'omnios' - return "#{prefix_dir}/etc/#{mysql_name}" if node['platform_family'] == 'smartos' - "#{prefix_dir}/etc/#{mysql_name}" + def default_pid_file + "#{run_dir}/mysqld.pid" end - def include_dir - "#{etc_dir}/conf.d" + def default_major_version + # rhelish + return '5.1' if el6? + return '5.6' if el7? + return '5.6' if node['platform'] == 'amazon' + + # debian + return '5.5' if wheezy? + return '5.5' if jessie? + + # ubuntu + return '5.5' if trusty? + return '5.7' if xenial? + + # misc + return '5.6' if node['platform'] == 'freebsd' + return '5.6' if node['platform'] == 'fedora' + return '5.6' if node['platform_family'] == 'suse' end - def lc_messages_dir - end - - def log_dir - return "/var/adm/log/#{mysql_name}" if node['platform_family'] == 'omnios' - "#{prefix_dir}/var/log/#{mysql_name}" + def major_from_full(v) + v.split('.').shift(2).join('.') end def mysql_name - "mysql-#{new_resource.instance}" + "mysql-#{instance}" end - def pkg_ver_string - parsed_version.delete('.') if node['platform_family'] == 'omnios' + def default_socket_file + "#{run_dir}/mysqld.sock" + end + + def default_client_package_name + return ['mysql', 'mysql-devel'] if major_version == '5.1' && el6? + return ['mysql55', 'mysql55-devel.x86_64'] if major_version == '5.5' && node['platform'] == 'amazon' + return ['mysql56', 'mysql56-devel.x86_64'] if major_version == '5.6' && node['platform'] == 'amazon' + return ['mysql-client-5.5', 'libmysqlclient-dev'] if major_version == '5.5' && node['platform_family'] == 'debian' + return ['mysql-client-5.6', 'libmysqlclient-dev'] if major_version == '5.6' && node['platform_family'] == 'debian' + return ['mysql-client-5.7', 'libmysqlclient-dev'] if major_version == '5.7' && node['platform_family'] == 'debian' + return 'mysql-community-server-client' if major_version == '5.6' && node['platform_family'] == 'suse' + ['mysql-community-client', 'mysql-community-devel'] + end + + def default_server_package_name + return 'mysql-server' if major_version == '5.1' && el6? + return 'mysql55-server' if major_version == '5.5' && node['platform'] == 'amazon' + return 'mysql56-server' if major_version == '5.6' && node['platform'] == 'amazon' + return 'mysql-server-5.5' if major_version == '5.5' && node['platform_family'] == 'debian' + return 'mysql-server-5.6' if major_version == '5.6' && node['platform_family'] == 'debian' + return 'mysql-server-5.7' if major_version == '5.7' && node['platform_family'] == 'debian' + return 'mysql-community-server' if major_version == '5.6' && node['platform_family'] == 'suse' + 'mysql-community-server' + end + + def socket_dir + File.dirname(socket) + end + + def run_dir + return "#{prefix_dir}/var/run/#{mysql_name}" if node['platform_family'] == 'rhel' + return "/run/#{mysql_name}" if node['platform_family'] == 'debian' + "/var/run/#{mysql_name}" end def prefix_dir @@ -72,102 +128,70 @@ module MysqlCookbook def scl_name return unless node['platform_family'] == 'rhel' - return 'mysql51' if parsed_version == '5.1' && node['platform_version'].to_i == 5 - return 'mysql55' if parsed_version == '5.5' && node['platform_version'].to_i == 5 + return 'mysql51' if version == '5.1' && node['platform_version'].to_i == 5 + return 'mysql55' if version == '5.5' && node['platform_version'].to_i == 5 end def scl_package? return unless node['platform_family'] == 'rhel' - return true if parsed_version == '5.1' && node['platform_version'].to_i == 5 - return true if parsed_version == '5.5' && node['platform_version'].to_i == 5 + return true if version == '5.1' && node['platform_version'].to_i == 5 + return true if version == '5.5' && node['platform_version'].to_i == 5 false end + def etc_dir + return "/opt/mysql#{pkg_ver_string}/etc/#{mysql_name}" if node['platform_family'] == 'omnios' + return "#{prefix_dir}/etc/#{mysql_name}" if node['platform_family'] == 'smartos' + "#{prefix_dir}/etc/#{mysql_name}" + end + + def base_dir + prefix_dir || '/usr' + end + def system_service_name return 'mysql51-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql51' return 'mysql55-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql55' return 'mysqld' if node['platform_family'] == 'rhel' return 'mysqld' if node['platform_family'] == 'fedora' - return 'mysql' if node['platform_family'] == 'debian' - return 'mysql' if node['platform_family'] == 'suse' - return 'mysql' if node['platform_family'] == 'omnios' - return 'mysql' if node['platform_family'] == 'smartos' + 'mysql' # not one of the above end def v56plus - return false if parsed_version.split('.')[0].to_i < 5 - return false if parsed_version.split('.')[1].to_i < 6 + return false if version.split('.')[0].to_i < 5 + return false if version.split('.')[1].to_i < 6 true end def v57plus - return false if parsed_version.split('.')[0].to_i < 5 - return false if parsed_version.split('.')[1].to_i < 7 + return false if version.split('.')[0].to_i < 5 + return false if version.split('.')[1].to_i < 7 true end - def password_column_name - return 'authentication_string' if v57plus - 'password' + def default_include_dir + "#{etc_dir}/conf.d" end - def password_expired - return ", password_expired='N'" if v57plus - '' + def log_dir + return "/var/adm/log/#{mysql_name}" if node['platform_family'] == 'omnios' + "#{prefix_dir}/var/log/#{mysql_name}" end - def root_password - if new_resource.initial_root_password == '' - Chef::Log.info('Root password is empty') - return '' - end - Shellwords.escape(new_resource.initial_root_password) - end - - # database and initial records - # initialization commands - - def mysqld_initialize_cmd - cmd = mysqld_bin - cmd << " --defaults-file=#{etc_dir}/my.cnf" - cmd << ' --initialize' - cmd << ' --explicit_defaults_for_timestamp' if v56plus - return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? - cmd - end - - def mysql_install_db_cmd - cmd = mysql_install_db_bin - cmd << " --defaults-file=#{etc_dir}/my.cnf" - cmd << " --datadir=#{parsed_data_dir}" - cmd << ' --explicit_defaults_for_timestamp' if v56plus - return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? - cmd - end - - def record_init - cmd = v56plus ? mysqld_bin : mysqld_safe_bin - cmd << " --defaults-file=#{etc_dir}/my.cnf" - cmd << " --init-file=/tmp/#{mysql_name}/my.sql" - cmd << ' --explicit_defaults_for_timestamp' if v56plus - cmd << ' &' - return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? - cmd - end - - def db_init - return mysqld_initialize_cmd if v57plus - mysql_install_db_cmd - end + def lc_messages_dir; end def init_records_script + # Note: shell-escaping passwords in a SQL file may cause corruption - eg + # mysql will read \& as &, but \% as \%. Just escape bare-minimum \ and ' + sql_escaped_password = root_password.gsub('\\') { '\\\\' }.gsub("'") { '\\\'' } + <<-EOS set -e rm -rf /tmp/#{mysql_name} mkdir /tmp/#{mysql_name} - cat > /tmp/#{mysql_name}/my.sql <<-EOSQL -UPDATE mysql.user SET #{password_column_name}=PASSWORD('#{root_password}')#{password_expired} WHERE user = 'root'; + cat > /tmp/#{mysql_name}/my.sql <<-'EOSQL' +UPDATE mysql.user SET #{password_column_name}=PASSWORD('#{sql_escaped_password}')#{password_expired} WHERE user = 'root'; DELETE FROM mysql.user WHERE USER LIKE ''; DELETE FROM mysql.user WHERE user = 'root' and host NOT IN ('127.0.0.1', 'localhost'); FLUSH PRIVILEGES; @@ -185,10 +209,27 @@ EOSQL EOS end - def mysql_bin - return "#{prefix_dir}/bin/mysql" if node['platform_family'] == 'smartos' - return "#{base_dir}/bin/mysql" if node['platform_family'] == 'omnios' - "#{prefix_dir}/usr/bin/mysql" + def password_column_name + return 'authentication_string' if v57plus + 'password' + end + + def root_password + if initial_root_password == '' + Chef::Log.info('Root password is empty') + return '' + end + initial_root_password + end + + def password_expired + return ", password_expired='N'" if v57plus + '' + end + + def db_init + return mysqld_initialize_cmd if v57plus + mysql_install_db_cmd end def mysql_install_db_bin @@ -197,8 +238,13 @@ EOSQL 'mysql_install_db' end - def mysql_version - new_resource.version + def mysql_install_db_cmd + cmd = mysql_install_db_bin + cmd << " --defaults-file=#{etc_dir}/my.cnf" + cmd << " --datadir=#{data_dir}" + cmd << ' --explicit_defaults_for_timestamp' if v56plus && !v57plus + return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? + cmd end def mysqladmin_bin @@ -216,6 +262,15 @@ EOSQL "#{prefix_dir}/usr/sbin/mysqld" end + def mysqld_initialize_cmd + cmd = mysqld_bin + cmd << " --defaults-file=#{etc_dir}/my.cnf" + cmd << ' --initialize' + cmd << ' --explicit_defaults_for_timestamp' if v56plus + return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? + cmd + end + def mysqld_safe_bin return "#{prefix_dir}/bin/mysqld_safe" if node['platform_family'] == 'smartos' return "#{base_dir}/bin/mysqld_safe" if node['platform_family'] == 'omnios' @@ -223,248 +278,14 @@ EOSQL "#{prefix_dir}/usr/bin/mysqld_safe" end - def pid_file - return new_resource.pid_file if new_resource.pid_file - "#{run_dir}/mysqld.pid" - end - - def run_dir - return "#{prefix_dir}/var/run/#{mysql_name}" if node['platform_family'] == 'rhel' - return "/run/#{mysql_name}" if node['platform_family'] == 'debian' - "/var/run/#{mysql_name}" - end - - def sensitive_supported? - Gem::Version.new(Chef::VERSION) >= Gem::Version.new('11.14.0') - end - - def socket_file - return new_resource.socket if new_resource.socket - "#{run_dir}/mysqld.sock" - end - - def socket_dir - return File.dirname(new_resource.socket) if new_resource.socket - run_dir - end - - def tmp_dir - return new_resource.tmp_dir if new_resource.tmp_dir - '/tmp' - end - - ####### - # FIXME: There is a LOT of duplication here.. - # There has to be a less gnarly way to look up this information. Refactor for great good! - ####### - class Pkginfo - def self.pkginfo - # Autovivification is Perl. - @pkginfo = Chef::Node.new - - @pkginfo.set['debian']['10.04']['5.1']['client_package'] = %w(mysql-client-5.1 libmysqlclient-dev) - @pkginfo.set['debian']['10.04']['5.1']['server_package'] = 'mysql-server-5.1' - @pkginfo.set['debian']['12.04']['5.5']['client_package'] = %w(mysql-client-5.5 libmysqlclient-dev) - @pkginfo.set['debian']['12.04']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['13.04']['5.5']['client_package'] = %w(mysql-client-5.5 libmysqlclient-dev) - @pkginfo.set['debian']['13.04']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['13.10']['5.5']['client_package'] = %w(mysql-client-5.5 libmysqlclient-dev) - @pkginfo.set['debian']['13.10']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['14.04']['5.5']['client_package'] = %w(mysql-client-5.5 libmysqlclient-dev) - @pkginfo.set['debian']['14.04']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['14.04']['5.6']['client_package'] = %w(mysql-client-5.6 libmysqlclient-dev) - @pkginfo.set['debian']['14.04']['5.6']['server_package'] = 'mysql-server-5.6' - @pkginfo.set['debian']['14.10']['5.5']['client_package'] = %w(mysql-client-5.5 libmysqlclient-dev) - @pkginfo.set['debian']['14.10']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['14.10']['5.6']['client_package'] = %w(mysql-client-5.6 libmysqlclient-dev) - @pkginfo.set['debian']['14.10']['5.6']['server_package'] = 'mysql-server-5.6' - @pkginfo.set['debian']['15.04']['5.6']['client_package'] = %w(mysql-client-5.6 libmysqlclient-dev) - @pkginfo.set['debian']['15.04']['5.6']['server_package'] = 'mysql-server-5.6' - @pkginfo.set['debian']['15.10']['5.6']['client_package'] = %w(mysql-client-5.6 libmysqlclient-dev) - @pkginfo.set['debian']['15.10']['5.6']['server_package'] = 'mysql-server-5.6' - @pkginfo.set['debian']['6']['5.1']['client_package'] = %w(mysql-client libmysqlclient-dev) - @pkginfo.set['debian']['6']['5.1']['server_package'] = 'mysql-server-5.1' - @pkginfo.set['debian']['7']['5.5']['client_package'] = %w(mysql-client libmysqlclient-dev) - @pkginfo.set['debian']['7']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['7']['5.6']['client_package'] = %w(mysql-client libmysqlclient-dev) # apt-repo from dotdeb - @pkginfo.set['debian']['7']['5.6']['server_package'] = 'mysql-server-5.6' - @pkginfo.set['debian']['7']['5.7']['client_package'] = %w(mysql-client libmysqlclient-dev) # apt-repo from dotdeb - @pkginfo.set['debian']['7']['5.7']['server_package'] = 'mysql-server-5.7' - @pkginfo.set['debian']['8']['5.5']['client_package'] = %w(mysql-client libmysqlclient-dev) - @pkginfo.set['debian']['8']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['fedora']['20']['5.5']['client_package'] = %w(community-mysql community-mysql-devel) - @pkginfo.set['fedora']['20']['5.5']['server_package'] = 'community-mysql-server' - @pkginfo.set['fedora']['20']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['fedora']['20']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['fedora']['20']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['fedora']['20']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['fedora']['21']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['fedora']['21']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['fedora']['21']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['fedora']['21']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['fedora']['22']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['fedora']['22']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['fedora']['22']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['fedora']['22']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['freebsd']['10']['5.5']['client_package'] = %w(mysql55-client) - @pkginfo.set['freebsd']['10']['5.5']['server_package'] = 'mysql55-server' - @pkginfo.set['freebsd']['9']['5.5']['client_package'] = %w(mysql55-client) - @pkginfo.set['freebsd']['9']['5.5']['server_package'] = 'mysql55-server' - @pkginfo.set['omnios']['151006']['5.5']['client_package'] = %w(database/mysql-55/library) - @pkginfo.set['omnios']['151006']['5.5']['server_package'] = 'database/mysql-55' - @pkginfo.set['omnios']['151006']['5.6']['client_package'] = %w(database/mysql-56) - @pkginfo.set['omnios']['151006']['5.6']['server_package'] = 'database/mysql-56' - @pkginfo.set['rhel']['2014.09']['5.1']['server_package'] = %w(mysql51 mysql51-devel) - @pkginfo.set['rhel']['2014.09']['5.1']['server_package'] = 'mysql51-server' - @pkginfo.set['rhel']['2014.09']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2014.09']['5.5']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2014.09']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2014.09']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2014.09']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2014.09']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2015.03']['5.1']['server_package'] = %w(mysql51 mysql51-devel) - @pkginfo.set['rhel']['2015.03']['5.1']['server_package'] = 'mysql51-server' - @pkginfo.set['rhel']['2015.03']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2015.03']['5.5']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2015.03']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2015.03']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2015.03']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2015.03']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2015.09']['5.1']['server_package'] = %w(mysql51 mysql51-devel) - @pkginfo.set['rhel']['2015.09']['5.1']['server_package'] = 'mysql51-server' - @pkginfo.set['rhel']['2015.09']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2015.09']['5.5']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2015.09']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2015.09']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2015.09']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2015.09']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2016.03']['5.1']['server_package'] = %w(mysql51 mysql51-devel) - @pkginfo.set['rhel']['2016.03']['5.1']['server_package'] = 'mysql51-server' - @pkginfo.set['rhel']['2016.03']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2016.03']['5.5']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2016.03']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2016.03']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['2016.03']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['2016.03']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['5']['5.0']['client_package'] = %w(mysql mysql-devel) - @pkginfo.set['rhel']['5']['5.0']['server_package'] = 'mysql-server' - @pkginfo.set['rhel']['5']['5.1']['client_package'] = %w(mysql51-mysql) - @pkginfo.set['rhel']['5']['5.1']['server_package'] = 'mysql51-mysql-server' - @pkginfo.set['rhel']['5']['5.5']['client_package'] = %w(mysql55-mysql mysql55-mysql-devel) - @pkginfo.set['rhel']['5']['5.5']['server_package'] = 'mysql55-mysql-server' - @pkginfo.set['rhel']['5']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['5']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['5']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['5']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['6']['5.1']['client_package'] = %w(mysql mysql-devel) - @pkginfo.set['rhel']['6']['5.1']['server_package'] = 'mysql-server' - @pkginfo.set['rhel']['6']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['6']['5.5']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['6']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['6']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['6']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['6']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['7']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['7']['5.5']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['7']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['7']['5.6']['server_package'] = 'mysql-community-server' - @pkginfo.set['rhel']['7']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) - @pkginfo.set['rhel']['7']['5.7']['server_package'] = 'mysql-community-server' - @pkginfo.set['smartos']['5.11']['5.5']['client_package'] = %w(mysql-client) - @pkginfo.set['smartos']['5.11']['5.5']['server_package'] = 'mysql-server' - @pkginfo.set['smartos']['5.11']['5.6']['client_package'] = %w(mysql-client) - @pkginfo.set['smartos']['5.11']['5.6']['server_package'] = 'mysql-server' - @pkginfo.set['suse']['11.3']['5.5']['client_package'] = %w(mysql-client) - @pkginfo.set['suse']['11.3']['5.5']['server_package'] = 'mysql' - @pkginfo.set['suse']['12.0']['5.5']['client_package'] = %w(mysql-client) - @pkginfo.set['suse']['12.0']['5.5']['server_package'] = 'mysql' - - @pkginfo - end - end - - def package_name_for(platform, platform_family, platform_version, version, type) - keyname = keyname_for(platform, platform_family, platform_version) - info = Pkginfo.pkginfo[platform_family.to_sym][keyname] - type_label = type.to_s.gsub('_package', '').capitalize - unless info[version] - # Show availabe versions if the requested is not available on the current platform - Chef::Log.error("Unsupported Version: You requested to install a Mysql #{type_label} version that is not supported by your platform") - Chef::Log.error("Platform: #{platform_family} #{platform_version} - Request Mysql #{type_label} version: #{version}") - Chef::Log.error("Availabe versions for your platform are: #{info.map { |k, _v| k }.join(' - ')}") - raise "Unsupported Mysql #{type_label} Version" - end - info[version][type] - end - - def keyname_for(platform, platform_family, platform_version) - return platform_version if platform_family == 'debian' && platform == 'ubuntu' - return platform_version if platform_family == 'fedora' - return platform_version if platform_family == 'omnios' - return platform_version if platform_family == 'rhel' && platform == 'amazon' - return platform_version if platform_family == 'smartos' - return platform_version if platform_family == 'suse' - return platform_version.to_i.to_s if platform_family == 'debian' - return platform_version.to_i.to_s if platform_family == 'rhel' - return platform_version.to_s if platform_family == 'debian' && platform_version =~ /sid$/ - return platform_version.to_s if platform_family == 'freebsd' - end - - def parsed_data_dir - return new_resource.data_dir if new_resource.data_dir - return "/opt/local/lib/#{mysql_name}" if node['os'] == 'solaris2' - return "/var/lib/#{mysql_name}" if node['os'] == 'linux' - return "/var/db/#{mysql_name}" if node['os'] == 'freebsd' - end - - def client_package - package_name_for( - node['platform'], - node['platform_family'], - node['platform_version'], - parsed_version, - :client_package - ) - end - - def server_package - package_name_for( - node['platform'], - node['platform_family'], - node['platform_version'], - parsed_version, - :server_package - ) - end - - def server_package_name - return new_resource.package_name if new_resource.package_name - server_package - end - - def parsed_version - return new_resource.version if new_resource.version - return '5.0' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 5 - return '5.1' if node['platform_family'] == 'debian' && node['platform_version'] == '10.04' - return '5.1' if node['platform_family'] == 'debian' && node['platform_version'].to_i == 6 - return '5.1' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 6 - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '12.04' - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '13.04' - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '13.10' - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '14.04' - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '14.10' - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'].to_i == 7 - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'].to_i == 8 - return '5.5' if node['platform_family'] == 'freebsd' - return '5.5' if node['platform_family'] == 'omnios' - return '5.5' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 2014 - return '5.5' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 2015 - return '5.5' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7 - return '5.5' if node['platform_family'] == 'smartos' - return '5.5' if node['platform_family'] == 'suse' - return '5.6' if node['platform_family'] == 'fedora' - return '5.6' if node['platform_family'] == 'debian' && node['platform_version'] == '15.04' - return '5.6' if node['platform_family'] == 'debian' && node['platform_version'] == '15.10' + def record_init + cmd = v56plus ? mysqld_bin : mysqld_safe_bin + cmd << " --defaults-file=#{etc_dir}/my.cnf" + cmd << " --init-file=/tmp/#{mysql_name}/my.sql" + cmd << ' --explicit_defaults_for_timestamp' if v56plus + cmd << ' &' + return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? + cmd end end end diff --git a/cookbooks/mysql/libraries/matchers.rb b/cookbooks/mysql/libraries/matchers.rb index 373e3cb..adf5e73 100644 --- a/cookbooks/mysql/libraries/matchers.rb +++ b/cookbooks/mysql/libraries/matchers.rb @@ -1,18 +1,40 @@ if defined?(ChefSpec) - if ChefSpec.respond_to?(:define_matcher) - # ChefSpec >= 4.1 - ChefSpec.define_matcher :mysql_config - ChefSpec.define_matcher :mysql_service - ChefSpec.define_matcher :mysql_client - elsif defined?(ChefSpec::Runner) && - ChefSpec::Runner.respond_to?(:define_runner_method) - # ChefSpec < 4.1 - ChefSpec::Runner.define_runner_method :mysql_config - ChefSpec::Runner.define_runner_method :mysql_service - ChefSpec::Runner.define_runner_method :mysql_client + ChefSpec.define_matcher :mysql_config + ChefSpec.define_matcher :mysql_service + ChefSpec.define_matcher :mysql_client + + # mysql_client_client_installation_package + def install_mysql_client_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client_installation_package, :create, resource_name) end - # config + def remove_mysql_client_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client_installation_package, :remove, resource_name) + end + + # mysql_server_server_installation_package + def install_mysql_server_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_server_installation_package, :install, resource_name) + end + + def remove_mysql_server_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_server_installation_package, :remove, resource_name) + end + + ##### + # old + ##### + + # client + def create_mysql_client(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :create, resource_name) + end + + def delete_mysql_client(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :delete, resource_name) + end + + # mysql_config def create_mysql_config(resource_name) ChefSpec::Matchers::ResourceMatcher.new(:mysql_config, :create, resource_name) end @@ -46,12 +68,4 @@ if defined?(ChefSpec) ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :reload, resource_name) end - # client - def create_mysql_client(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :create, resource_name) - end - - def delete_mysql_client(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :delete, resource_name) - end end diff --git a/cookbooks/mysql/libraries/mysql_base.rb b/cookbooks/mysql/libraries/mysql_base.rb new file mode 100644 index 0000000..2db0c16 --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_base.rb @@ -0,0 +1,30 @@ +module MysqlCookbook + class MysqlBase < Chef::Resource + require_relative 'helpers' + + # All resources are composites + def whyrun_supported? + true + end + + ################ + # Type Constants + ################ + + Boolean = property_type( + is: [true, false], + default: false + ) unless defined?(Boolean) + + ################### + # Common Properties + ################### + property :run_group, String, default: 'mysql', desired_state: false + property :run_user, String, default: 'mysql', desired_state: false + property :version, String, default: lazy { default_major_version }, desired_state: false + property :include_dir, String, default: lazy { default_include_dir }, desired_state: false + property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false + + action_class + end +end diff --git a/cookbooks/mysql/libraries/mysql_client_installation_package.rb b/cookbooks/mysql/libraries/mysql_client_installation_package.rb new file mode 100644 index 0000000..1dc87f5 --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_client_installation_package.rb @@ -0,0 +1,31 @@ +module MysqlCookbook + class MysqlClientInstallationPackage < MysqlBase + # helper methods + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + # Resource properties + resource_name :mysql_client_installation_package + provides :mysql_client_installation, os: 'linux' + provides :mysql_client, os: 'linux' + + property :package_name, [String, Array], default: lazy { default_client_package_name }, desired_state: false + property :package_options, [String, nil], desired_state: false + property :package_version, [String, nil], default: nil, desired_state: false + + # Actions + action :create do + package new_resource.package_name do + version new_resource.package_version if new_resource.package_version + options new_resource.package_options if new_resource.package_options + action :install + end + end + + action :delete do + package new_resource.package_name do + action :remove + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_config.rb b/cookbooks/mysql/libraries/mysql_config.rb new file mode 100644 index 0000000..d4a52c9 --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_config.rb @@ -0,0 +1,56 @@ +module MysqlCookbook + class MysqlConfig < MysqlBase + resource_name :mysql_config + + property :config_name, String, name_property: true, desired_state: false + property :cookbook, String, desired_state: false + property :group, String, default: 'mysql', desired_state: false + property :instance, String, default: 'default', desired_state: false + property :owner, String, default: 'mysql', desired_state: false + property :source, String, desired_state: false + property :variables, [Hash], desired_state: false + property :version, String, default: lazy { default_major_version }, desired_state: false + + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + provides :mysql_config + + action :create do + # hax because group property + g = Chef::Resource::Group.new(new_resource.group, run_context) + g.system true if new_resource.name == 'mysql' + resource_collection.insert g + + user new_resource.owner do + gid new_resource.owner + system true if new_resource.name == 'mysql' + action :create + end + + directory new_resource.include_dir do + owner new_resource.owner + group new_resource.group + mode '0750' + recursive true + action :create + end + + template "#{new_resource.include_dir}/#{new_resource.config_name}.cnf" do + owner new_resource.owner + group new_resource.group + mode '0640' + variables(new_resource.variables) + source new_resource.source + cookbook new_resource.cookbook + action :create + end + end + + action :delete do + file "#{new_resource.include_dir}/#{new_resource.config_name}.cnf" do + action :delete + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_server_installation_package.rb b/cookbooks/mysql/libraries/mysql_server_installation_package.rb new file mode 100644 index 0000000..bf46c8d --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_server_installation_package.rb @@ -0,0 +1,42 @@ +module MysqlCookbook + class MysqlServerInstallationPackage < MysqlBase + # Resource properties + resource_name :mysql_server_installation_package + provides :mysql_server_installation, os: 'linux' + + property :package_name, String, default: lazy { default_server_package_name }, desired_state: false + property :package_options, [String, nil], desired_state: false + property :package_version, [String, nil], default: nil, desired_state: false + + # helper methods + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + # Actions + action :install do + package new_resource.package_name do + version new_resource.package_version if new_resource.package_version + options new_resource.package_options if new_resource.package_options + notifies :install, 'package[perl-Sys-Hostname-Long]', :immediately if platform_family?('suse') + notifies :run, 'execute[Initial DB setup script]', :immediately if platform_family?('suse') + action :install + end + + package 'perl-Sys-Hostname-Long' do + action :nothing + end + + execute 'Initial DB setup script' do + environment 'INSTANCE' => new_resource.name + command '/usr/lib/mysql/mysql-systemd-helper install' + action :nothing + end + end + + action :delete do + package new_resource.package_name do + action :remove + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_service.rb b/cookbooks/mysql/libraries/mysql_service.rb new file mode 100644 index 0000000..aa969bd --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_service.rb @@ -0,0 +1,105 @@ +module MysqlCookbook + require_relative 'mysql_service_base' + class MysqlService < MysqlServiceBase + resource_name :mysql_service + + # installation type and service_manager + property :install_method, %w(package auto), default: 'auto', desired_state: false + property :service_manager, %w(sysvinit upstart systemd auto), default: 'auto', desired_state: false + + # mysql_server_installation + property :version, String, default: lazy { default_major_version }, desired_state: false + property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false + property :package_name, String, default: lazy { default_package_name }, desired_state: false + property :package_options, [String, nil], desired_state: false + property :package_version, [String, nil], default: nil, desired_state: false + + ################ + # Helper Methods + ################ + + def copy_properties_to(to, *properties) + properties = self.class.properties.keys if properties.empty? + properties.each do |p| + # If the property is set on from, and exists on to, set the + # property on to + if to.class.properties.include?(p) && property_is_set?(p) + to.send(p, send(p)) + end + end + end + + action_class do + def installation(&block) + case new_resource.install_method + when 'auto' + install = mysql_server_installation(new_resource.name, &block) + when 'package' + install = mysql_server_installation_package(new_resource.name, &block) + when 'none' + Chef::Log.info('Skipping MySQL installation. Assuming it was handled previously.') + return + end + copy_properties_to(install) + install + end + + def svc_manager(&block) + case new_resource.service_manager + when 'auto' + svc = mysql_service_manager(new_resource.name, &block) + when 'sysvinit' + svc = mysql_service_manager_sysvinit(new_resource.name, &block) + when 'upstart' + svc = mysql_service_manager_upstart(new_resource.name, &block) + when 'systemd' + svc = mysql_service_manager_systemd(new_resource.name, &block) + end + copy_properties_to(svc) + svc + end + end + + ######### + # Actions + ######### + + action :create do + installation do + action :install + end + + svc_manager do + action :create + end + end + + action :start do + svc_manager do + action :start + end + end + + action :delete do + svc_manager do + action :delete + end + + installation do + action :delete + end + end + + action :restart do + svc_manager do + action :restart + end + end + + action :stop do + svc_manager do + action :stop + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_service_base.rb b/cookbooks/mysql/libraries/mysql_service_base.rb new file mode 100644 index 0000000..a03b5aa --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_service_base.rb @@ -0,0 +1,203 @@ +module MysqlCookbook + class MysqlServiceBase < MysqlBase + property :bind_address, String, desired_state: false + property :charset, String, default: 'utf8', desired_state: false + property :data_dir, String, default: lazy { default_data_dir }, desired_state: false + property :error_log, String, default: lazy { default_error_log }, desired_state: false + property :initial_root_password, String, default: 'ilikerandompasswords', desired_state: false + property :instance, String, name_property: true, desired_state: false + property :mysqld_options, Hash, default: {}, desired_state: false + property :pid_file, String, default: lazy { default_pid_file }, desired_state: false + property :port, [String, Integer], default: '3306', desired_state: false + property :socket, String, default: lazy { default_socket_file }, desired_state: false + property :tmp_dir, String, desired_state: false + + alias socket_file socket + + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + # action class methods are available within the actions and work as if the coded + # was inline the action. No messing with classes or passing in the new_resource + action_class do + def create_system_user + group 'mysql' do + action :create + end + + user 'mysql' do + gid 'mysql' + action :create + end + end + + def create_config + # require 'pry' ; binding.pry + + # Yak shaving secion. Account for random errata. + # + # Turns out that mysqld is hard coded to try and read + # /etc/mysql/my.cnf, and its presence causes problems when + # setting up multiple services. + file "#{prefix_dir}/etc/mysql/my.cnf" do + action :delete + end + + file "#{prefix_dir}/etc/my.cnf" do + action :delete + end + + # mysql_install_db is broken on 5.6.13 + link "#{prefix_dir}/usr/share/my-default.cnf" do + to "#{etc_dir}/my.cnf" + not_if { ::File.exist? "#{prefix_dir}/usr/share/my-default.cnf" } # FIXME: Chef bug? + action :create + end + + # Support directories + directory etc_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + directory new_resource.include_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + directory run_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0755' + recursive true + action :create + end + + directory log_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + directory new_resource.data_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + # Main configuration file + template "#{etc_dir}/my.cnf" do + source 'my.cnf.erb' + cookbook 'mysql' + owner new_resource.run_user + group new_resource.run_group + mode '0600' + variables(config: new_resource) + action :create + end + end + + def initialize_database + # initialize database and create initial records + bash "#{new_resource.name} initial records" do + code init_records_script + umask '022' + returns [0, 1, 2] # facepalm + not_if "/usr/bin/test -f #{new_resource.data_dir}/mysql/user.frm" + action :run + end + end + + def delete_support_directories + # Stop the service before removing support directories + delete_stop_service + + directory etc_dir do + recursive true + action :delete + end + + directory run_dir do + recursive true + action :delete + end + + directory log_dir do + recursive true + action :delete + end + end + + # + # Platform specific bits + # + def configure_apparmor + # Do not add these resource if inside a container + # Only valid on Ubuntu + return if ::File.exist?('/.dockerenv') || ::File.exist?('/.dockerinit') || node['platform'] != 'ubuntu' + + # Apparmor + package 'apparmor' do + action :install + end + + directory '/etc/apparmor.d/local/mysql' do + owner 'root' + group 'root' + mode '0755' + recursive true + action :create + end + + template '/etc/apparmor.d/local/usr.sbin.mysqld' do + cookbook 'mysql' + source 'apparmor/usr.sbin.mysqld-local.erb' + owner 'root' + group 'root' + mode '0644' + action :create + notifies :restart, "service[#{new_resource.instance} apparmor]", :immediately + end + + template '/etc/apparmor.d/usr.sbin.mysqld' do + cookbook 'mysql' + source 'apparmor/usr.sbin.mysqld.erb' + owner 'root' + group 'root' + mode '0644' + action :create + notifies :restart, "service[#{new_resource.instance} apparmor]", :immediately + end + + template "/etc/apparmor.d/local/mysql/#{new_resource.instance}" do + cookbook 'mysql' + source 'apparmor/usr.sbin.mysqld-instance.erb' + owner 'root' + group 'root' + mode '0644' + variables( + config: new_resource, + mysql_name: mysql_name + ) + action :create + notifies :restart, "service[#{new_resource.instance} apparmor]", :immediately + end + + service "#{new_resource.instance} apparmor" do + service_name 'apparmor' + action :nothing + end + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_service_manager_systemd.rb b/cookbooks/mysql/libraries/mysql_service_manager_systemd.rb new file mode 100644 index 0000000..5c6880a --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_service_manager_systemd.rb @@ -0,0 +1,142 @@ +module MysqlCookbook + class MysqlServiceManagerSystemd < MysqlServiceBase + resource_name :mysql_service_manager_systemd + + provides :mysql_service_manager, os: 'linux' do |_node| + Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) + end + + action :create do + # from base + create_system_user + stop_system_service + create_config + configure_apparmor + initialize_database + end + + action :start do + # Needed for Debian / Ubuntu + directory '/usr/libexec' do + owner 'root' + group 'root' + mode '0755' + action :create + end + + # this script is called by the main systemd unit file, and + # spins around until the service is actually up and running. + template "/usr/libexec/#{mysql_name}-wait-ready" do + path "/usr/libexec/#{mysql_name}-wait-ready" + source 'systemd/mysqld-wait-ready.erb' + owner 'root' + group 'root' + mode '0755' + variables(socket_file: socket_file) + cookbook 'mysql' + action :create + end + + # this is the main systemd unit file + template "/etc/systemd/system/#{mysql_name}.service" do + path "/etc/systemd/system/#{mysql_name}.service" + source 'systemd/mysqld.service.erb' + owner 'root' + group 'root' + mode '0644' + variables( + config: new_resource, + etc_dir: etc_dir, + base_dir: base_dir, + mysqld_bin: mysqld_bin + ) + cookbook 'mysql' + notifies :run, "execute[#{new_resource.instance} systemctl daemon-reload]", :immediately + action :create + end + + # avoid 'Unit file changed on disk' warning + execute "#{new_resource.instance} systemctl daemon-reload" do + command '/bin/systemctl daemon-reload' + action :nothing + end + + # tmpfiles.d config so the service survives reboot + template "/usr/lib/tmpfiles.d/#{mysql_name}.conf" do + path "/usr/lib/tmpfiles.d/#{mysql_name}.conf" + source 'tmpfiles.d.conf.erb' + owner 'root' + group 'root' + mode '0644' + variables( + run_dir: run_dir, + run_user: new_resource.run_user, + run_group: new_resource.run_group + ) + cookbook 'mysql' + action :create + end + + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports restart: true, status: true + action [:enable, :start] + end + end + + action :stop do + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } + end + end + + action :restart do + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports restart: true + action :restart + end + end + + action :reload do + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + action :reload + end + end + + action_class do + def stop_system_service + # service management resource + service 'mysql' do + service_name system_service_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:stop, :disable] + end + end + + def delete_stop_service + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } + end + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_service_manager_sysvinit.rb b/cookbooks/mysql/libraries/mysql_service_manager_sysvinit.rb new file mode 100644 index 0000000..5608dec --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_service_manager_sysvinit.rb @@ -0,0 +1,79 @@ +module MysqlCookbook + class MysqlServiceManagerSysvinit < MysqlServiceBase + resource_name :mysql_service_manager_sysvinit + + provides :mysql_service_manager, os: 'linux' + + action :create do + # from base + create_system_user + stop_system_service + create_config + initialize_database + configure_apparmor + end + + action :start do + template "/etc/init.d/#{mysql_name}" do + source 'sysvinit/mysqld.erb' + owner 'root' + group 'root' + mode '0755' + variables( + config: new_resource, + defaults_file: defaults_file, + error_log: new_resource.error_log, + mysql_name: mysql_name, + mysqladmin_bin: mysqladmin_bin, + mysqld_safe_bin: mysqld_safe_bin, + pid_file: new_resource.pid_file, + scl_name: scl_name + ) + cookbook 'mysql' + action :create + end + + service mysql_name do + supports restart: true, status: true + action [:enable, :start] + end + end + + action :stop do + service mysql_name do + supports restart: true, status: true + action [:stop] + end + end + + action :restart do + service mysql_name do + supports restart: true + action :restart + end + end + + action :reload do + service mysql_name do + action :reload + end + end + + action_class do + def stop_system_service + service system_service_name do + supports status: true + action [:stop, :disable] + end + end + + def delete_stop_service + service mysql_name do + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("#{etc_dir}/init.d/#{mysql_name}") } + end + end + end + end +end diff --git a/cookbooks/mysql/libraries/mysql_service_manager_upstart.rb b/cookbooks/mysql/libraries/mysql_service_manager_upstart.rb new file mode 100644 index 0000000..f8f28c2 --- /dev/null +++ b/cookbooks/mysql/libraries/mysql_service_manager_upstart.rb @@ -0,0 +1,103 @@ +module MysqlCookbook + class MysqlServiceManagerUpstart < MysqlServiceBase + resource_name :mysql_service_manager_upstart + + provides :mysql_service_manager, platform_family: 'debian' do |_node| + Chef::Platform::ServiceHelpers.service_resource_providers.include?(:upstart) && + !Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) && + !Chef::Platform::ServiceHelpers.service_resource_providers.include?(:redhat) && + ::File.exist?('/sbin/status') # Fix for Docker, in 7 and 8 images /sbin/status doesn't exists and Upstart provider doesn't work + end + + action :create do + # from base + create_system_user + stop_system_service + create_config + configure_apparmor + initialize_database + end + + action :start do + template "/usr/sbin/#{mysql_name}-wait-ready" do + source 'upstart/mysqld-wait-ready.erb' + owner 'root' + group 'root' + mode '0755' + variables(socket_file: socket_file) + cookbook 'mysql' + action :create + end + + template "/etc/init/#{mysql_name}.conf" do + source 'upstart/mysqld.erb' + owner 'root' + group 'root' + mode '0644' + variables( + defaults_file: defaults_file, + mysql_name: mysql_name, + run_group: new_resource.run_group, + run_user: new_resource.run_user, + socket_dir: new_resource.socket_dir + ) + cookbook 'mysql' + action :create + end + + service mysql_name do + provider Chef::Provider::Service::Upstart + supports status: true + action [:start] + end + end + + action :stop do + service mysql_name do + provider Chef::Provider::Service::Upstart + supports restart: true, status: true + action [:stop] + end + end + + action :restart do + # With Upstart, restarting the service doesn't behave "as expected". + # We want the post-start stanzas, which wait until the + # service is available before returning + # + # http://upstart.ubuntu.com/cookbook/#restart + service mysql_name do + provider Chef::Provider::Service::Upstart + action [:stop, :start] + end + end + + action :reload do + # With Upstart, reload just sends a HUP signal to the process. + # As far as I can tell, this doesn't work the way it's + # supposed to, so we need to actually restart the service. + service mysql_name do + provider Chef::Provider::Service::Upstart + action [:stop, :start] + end + end + + action_class do + def stop_system_service + service system_service_name do + provider Chef::Provider::Service::Upstart + supports status: true + action [:stop, :disable] + end + end + + def delete_stop_service + service mysql_name do + provider Chef::Provider::Service::Upstart + action [:disable, :stop] + only_if { ::File.exist?("#{etc_dir}/init/#{mysql_name}") } + end + end + end + end +end diff --git a/cookbooks/mysql/libraries/provider_mysql_client.rb b/cookbooks/mysql/libraries/provider_mysql_client.rb deleted file mode 100644 index c796d11..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_client.rb +++ /dev/null @@ -1,39 +0,0 @@ -require 'chef/provider/lwrp_base' -require_relative 'helpers' - -class Chef - class Provider - class MysqlClient < Chef::Provider::LWRPBase - include MysqlCookbook::Helpers - provides :mysql_client if defined?(provides) - - use_inline_resources if defined?(use_inline_resources) - - def whyrun_supported? - true - end - - action :create do - # From helpers.rb - configure_package_repositories - - client_package_name.each do |p| - package "#{new_resource.name} :create #{p}" do - package_name p - version new_resource.version if node['platform'] == 'smartos' - version new_resource.package_version - action :install - end - end - end - - action :delete do - parsed_package_name.each do |p| - package "#{new_resource.name} :delete #{p}" do - action :remove - end - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_mysql_config.rb b/cookbooks/mysql/libraries/provider_mysql_config.rb deleted file mode 100644 index 3732c1c..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_config.rb +++ /dev/null @@ -1,59 +0,0 @@ -require 'chef/provider/lwrp_base' -require_relative 'helpers' - -class Chef - class Provider - class MysqlConfig < Chef::Provider::LWRPBase - include MysqlCookbook::Helpers - provides :mysql_config if defined?(provides) - - use_inline_resources if defined?(use_inline_resources) - - def whyrun_supported? - true - end - - action :create do - group "#{new_resource.name} :create #{new_resource.group}" do - group_name new_resource.group - system true if new_resource.name == 'mysql' - action :create - end - - user "#{new_resource.name} :create #{new_resource.owner}" do - username new_resource.owner - gid new_resource.owner - system true if new_resource.name == 'mysql' - action :create - end - - directory "#{new_resource.name} :create #{include_dir}" do - path include_dir - owner new_resource.owner - group new_resource.group - mode '0750' - recursive true - action :create - end - - template "#{new_resource.name} :create #{include_dir}/#{new_resource.config_name}.cnf" do - path "#{include_dir}/#{new_resource.config_name}.cnf" - owner new_resource.owner - group new_resource.group - mode '0640' - variables(new_resource.variables) - source new_resource.source - cookbook new_resource.cookbook - action :create - end - end - - action :delete do - file "#{new_resource.name} :delete #{include_dir}/#{new_resource.config_name}.conf" do - path "#{include_dir}/#{new_resource.config_name}.conf" - action :delete - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_mysql_service_base.rb b/cookbooks/mysql/libraries/provider_mysql_service_base.rb deleted file mode 100644 index 5f19a45..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_service_base.rb +++ /dev/null @@ -1,250 +0,0 @@ -require 'chef/provider/lwrp_base' -require_relative 'helpers' - -class Chef - class Provider - class MysqlServiceBase < Chef::Provider::LWRPBase - use_inline_resources if defined?(use_inline_resources) - - def whyrun_supported? - true - end - - # Mix in helpers from libraries/helpers.rb - include MysqlCookbook::Helpers - - # Service related methods referred to in the :create and :delete - # actions need to be implemented in the init system subclasses. - # - # create_stop_system_service - # delete_stop_service - - # All other methods are found in libraries/helpers.rb - # - # etc_dir, run_dir, log_dir, etc - - action :create do - # Yum, Apt, etc. From helpers.rb - configure_package_repositories - - # Software installation - package "#{new_resource.name} :create #{server_package_name}" do - package_name server_package_name - version parsed_version if node['platform'] == 'smartos' - version new_resource.package_version - action new_resource.package_action - end - - create_stop_system_service - - # Apparmor - configure_apparmor - - # System users - group "#{new_resource.name} :create mysql" do - group_name 'mysql' - action :create - end - - user "#{new_resource.name} :create mysql" do - username 'mysql' - gid 'mysql' - action :create - end - - # Yak shaving secion. Account for random errata. - # - # Turns out that mysqld is hard coded to try and read - # /etc/mysql/my.cnf, and its presence causes problems when - # setting up multiple services. - file "#{new_resource.name} :create #{prefix_dir}/etc/mysql/my.cnf" do - path "#{prefix_dir}/etc/mysql/my.cnf" - action :delete - end - - file "#{new_resource.name} :create #{prefix_dir}/etc/my.cnf" do - path "#{prefix_dir}/etc/my.cnf" - action :delete - end - - # mysql_install_db is broken on 5.6.13 - link "#{new_resource.name} :create #{prefix_dir}/usr/share/my-default.cnf" do - target_file "#{prefix_dir}/usr/share/my-default.cnf" - to "#{etc_dir}/my.cnf" - action :create - end - - # Support directories - directory "#{new_resource.name} :create #{etc_dir}" do - path etc_dir - owner new_resource.run_user - group new_resource.run_group - mode '0750' - recursive true - action :create - end - - directory "#{new_resource.name} :create #{include_dir}" do - path include_dir - owner new_resource.run_user - group new_resource.run_group - mode '0750' - recursive true - action :create - end - - directory "#{new_resource.name} :create #{run_dir}" do - path run_dir - owner new_resource.run_user - group new_resource.run_group - mode '0755' - recursive true - action :create - end - - directory "#{new_resource.name} :create #{log_dir}" do - path log_dir - owner new_resource.run_user - group new_resource.run_group - mode '0750' - recursive true - action :create - end - - directory "#{new_resource.name} :create #{parsed_data_dir}" do - path parsed_data_dir - owner new_resource.run_user - group new_resource.run_group - mode '0750' - recursive true - action :create - end - - # Main configuration file - template "#{new_resource.name} :create #{etc_dir}/my.cnf" do - path "#{etc_dir}/my.cnf" - source 'my.cnf.erb' - cookbook 'mysql' - owner new_resource.run_user - group new_resource.run_group - mode '0600' - variables( - config: new_resource, - error_log: error_log, - include_dir: include_dir, - lc_messages_dir: lc_messages_dir, - pid_file: pid_file, - socket_file: socket_file, - tmp_dir: tmp_dir, - data_dir: parsed_data_dir - ) - action :create - end - - # initialize database and create initial records - bash "#{new_resource.name} :create initial records" do - code init_records_script - returns [0, 1, 2] # facepalm - not_if "/usr/bin/test -f #{parsed_data_dir}/mysql/user.frm" - action :run - end - end - - action :delete do - # Stop the service before removing support directories - delete_stop_service - - directory "#{new_resource.name} :delete #{etc_dir}" do - path etc_dir - recursive true - action :delete - end - - directory "#{new_resource.name} :delete #{run_dir}" do - path run_dir - recursive true - action :delete - end - - directory "#{new_resource.name} :delete #{log_dir}" do - path log_dir - recursive true - action :delete - end - end - - # - # Platform specific bits - # - def configure_apparmor - # Do not add these resource if inside a container - # Only valid on Ubuntu - - unless ::File.exist?('/.dockerenv') || ::File.exist?('/.dockerinit') - if node['platform'] == 'ubuntu' - # Apparmor - package "#{new_resource.name} :create apparmor" do - package_name 'apparmor' - action :install - end - - directory "#{new_resource.name} :create /etc/apparmor.d/local/mysql" do - path '/etc/apparmor.d/local/mysql' - owner 'root' - group 'root' - mode '0755' - recursive true - action :create - end - - template "#{new_resource.name} :create /etc/apparmor.d/local/usr.sbin.mysqld" do - path '/etc/apparmor.d/local/usr.sbin.mysqld' - cookbook 'mysql' - source 'apparmor/usr.sbin.mysqld-local.erb' - owner 'root' - group 'root' - mode '0644' - action :create - notifies :restart, "service[#{new_resource.name} :create apparmor]", :immediately - end - - template "#{new_resource.name} :create /etc/apparmor.d/usr.sbin.mysqld" do - path '/etc/apparmor.d/usr.sbin.mysqld' - cookbook 'mysql' - source 'apparmor/usr.sbin.mysqld.erb' - owner 'root' - group 'root' - mode '0644' - action :create - notifies :restart, "service[#{new_resource.name} :create apparmor]", :immediately - end - - template "#{new_resource.name} :create /etc/apparmor.d/local/mysql/#{new_resource.instance}" do - path "/etc/apparmor.d/local/mysql/#{new_resource.instance}" - cookbook 'mysql' - source 'apparmor/usr.sbin.mysqld-instance.erb' - owner 'root' - group 'root' - mode '0644' - variables( - data_dir: parsed_data_dir, - mysql_name: mysql_name, - log_dir: log_dir, - run_dir: run_dir, - pid_file: pid_file, - socket_file: socket_file - ) - action :create - notifies :restart, "service[#{new_resource.name} :create apparmor]", :immediately - end - - service "#{new_resource.name} :create apparmor" do - service_name 'apparmor' - action :nothing - end - end - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_mysql_service_smf.rb b/cookbooks/mysql/libraries/provider_mysql_service_smf.rb deleted file mode 100644 index cc208c1..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_service_smf.rb +++ /dev/null @@ -1,91 +0,0 @@ -class Chef - class Provider - class MysqlServiceSmf < Chef::Provider::MysqlServiceBase - # FIXME: we should have a service_helper to determine if the platform supports SMF similarly - # to how we handle systemd on linux - if defined?(provides) # foodcritic ~FC023 - provides :mysql_service, os: %w(solaris2 omnios smartos openindiana opensolaris nexentacore) do - File.exist?('/usr/sbin/svccfg') - end - end - - action :start do - method_script_path = "/lib/svc/method/#{mysql_name}" if node['platform'] == 'omnios' - method_script_path = "/opt/local/lib/svc/method/#{mysql_name}" if node['platform'] == 'smartos' - - template "#{new_resource.name} :start #{method_script_path}" do - path method_script_path - cookbook 'mysql' - source 'smf/svc.method.mysqld.erb' - owner 'root' - group 'root' - mode '0555' - variables( - base_dir: base_dir, - data_dir: parsed_data_dir, - defaults_file: defaults_file, - error_log: error_log, - mysql_name: mysql_name, - mysqld_bin: mysqld_bin, - pid_file: pid_file - ) - action :create - end - - smf "#{new_resource.name} :start #{mysql_name}" do - name mysql_name - user new_resource.run_user - group new_resource.run_group - start_command "#{method_script_path} start" - end - - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action [:enable] - end - end - - action :stop do - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action :stop - end - end - - action :restart do - service "#{new_resource.name} :restart #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action :restart - end - end - - action :reload do - service "#{new_resource.name} :reload #{mysql_name}" do - provider Chef::Provider::Service::Solaris - service_name mysql_name - supports reload: true - action :reload - end - end - - def create_stop_system_service - # nothing to do here - end - - def delete_stop_service - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action :stop - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_mysql_service_systemd.rb b/cookbooks/mysql/libraries/provider_mysql_service_systemd.rb deleted file mode 100644 index 7ef415b..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_service_systemd.rb +++ /dev/null @@ -1,135 +0,0 @@ -require_relative 'provider_mysql_service_base' - -class Chef - class Provider - class MysqlServiceSystemd < Chef::Provider::MysqlServiceBase - if defined?(provides) # foodcritic ~FC023 - provides :mysql_service, os: 'linux' do - Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) - end - end - - action :start do - # Needed for Debian / Ubuntu - directory '/usr/libexec' do - owner 'root' - group 'root' - mode '0755' - action :create - end - - # this script is called by the main systemd unit file, and - # spins around until the service is actually up and running. - template "#{new_resource.name} :start /usr/libexec/#{mysql_name}-wait-ready" do - path "/usr/libexec/#{mysql_name}-wait-ready" - source 'systemd/mysqld-wait-ready.erb' - owner 'root' - group 'root' - mode '0755' - variables(socket_file: socket_file) - cookbook 'mysql' - action :create - end - - # this is the main systemd unit file - template "#{new_resource.name} :start /lib/systemd/system/#{mysql_name}.service" do - path "/lib/systemd/system/#{mysql_name}.service" - source 'systemd/mysqld.service.erb' - owner 'root' - group 'root' - mode '0644' - variables( - config: new_resource, - etc_dir: etc_dir, - base_dir: base_dir, - mysqld_bin: mysqld_bin - ) - cookbook 'mysql' - notifies :run, "execute[#{new_resource.name} :start systemctl daemon-reload]", :immediately - action :create - end - - # avoid 'Unit file changed on disk' warning - execute "#{new_resource.name} :start systemctl daemon-reload" do - command '/bin/systemctl daemon-reload' - action :nothing - end - - # tmpfiles.d config so the service survives reboot - template "#{new_resource.name} :start /usr/lib/tmpfiles.d/#{mysql_name}.conf" do - path "/usr/lib/tmpfiles.d/#{mysql_name}.conf" - source 'tmpfiles.d.conf.erb' - owner 'root' - group 'root' - mode '0644' - variables( - run_dir: run_dir, - run_user: new_resource.run_user, - run_group: new_resource.run_group - ) - cookbook 'mysql' - action :create - end - - # service management resource - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports restart: true, status: true - action [:enable, :start] - end - end - - action :stop do - # service management resource - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports status: true - action [:disable, :stop] - only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } - end - end - - action :restart do - # service management resource - service "#{new_resource.name} :restart #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports restart: true - action :restart - end - end - - action :reload do - # service management resource - service "#{new_resource.name} :reload #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - action :reload - end - end - - def create_stop_system_service - # service management resource - service "#{new_resource.name} :create mysql" do - service_name system_service_name - provider Chef::Provider::Service::Systemd - supports status: true - action [:stop, :disable] - end - end - - def delete_stop_service - # service management resource - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports status: true - action [:disable, :stop] - only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb b/cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb deleted file mode 100644 index b3f2259..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb +++ /dev/null @@ -1,89 +0,0 @@ -require_relative 'provider_mysql_service_base' - -class Chef - class Provider - class MysqlServiceSysvinit < Chef::Provider::MysqlServiceBase - provides :mysql_service, os: '!windows' if defined?(provides) - - action :start do - template "#{new_resource.name} :start /etc/init.d/#{mysql_name}" do - path "/etc/init.d/#{mysql_name}" - source 'sysvinit/mysqld.erb' - owner 'root' - group 'root' - mode '0755' - variables( - config: new_resource, - defaults_file: defaults_file, - error_log: error_log, - mysql_name: mysql_name, - mysqladmin_bin: mysqladmin_bin, - mysqld_safe_bin: mysqld_safe_bin, - pid_file: pid_file, - scl_name: scl_name - ) - cookbook 'mysql' - action :create - end - - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports restart: true, status: true - action [:enable, :start] - end - end - - action :stop do - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports restart: true, status: true - action [:stop] - end - end - - action :restart do - service "#{new_resource.name} :restart #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports restart: true - action :restart - end - end - - action :reload do - service "#{new_resource.name} :reload #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - action :reload - end - end - - def create_stop_system_service - service "#{new_resource.name} :create #{system_service_name}" do - service_name system_service_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports status: true - action [:stop, :disable] - end - end - - def delete_stop_service - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports status: true - action [:disable, :stop] - only_if { ::File.exist?("#{etc_dir}/init.d/#{mysql_name}") } - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_mysql_service_upstart.rb b/cookbooks/mysql/libraries/provider_mysql_service_upstart.rb deleted file mode 100644 index 3a328b6..0000000 --- a/cookbooks/mysql/libraries/provider_mysql_service_upstart.rb +++ /dev/null @@ -1,114 +0,0 @@ -require_relative 'provider_mysql_service_base' - -class Chef - class Provider - class MysqlServiceUpstart < Chef::Provider::MysqlServiceBase - if defined?(provides) # foodcritic ~FC023 - provides :mysql_service, os: 'linux' do - Chef::Platform::ServiceHelpers.service_resource_providers.include?(:upstart) && - !Chef::Platform::ServiceHelpers.service_resource_providers.include?(:redhat) - end - end - - action :start do - template "#{new_resource.name} :start /usr/sbin/#{mysql_name}-wait-ready" do - path "/usr/sbin/#{mysql_name}-wait-ready" - source 'upstart/mysqld-wait-ready.erb' - owner 'root' - group 'root' - mode '0755' - variables(socket_file: socket_file) - cookbook 'mysql' - action :create - end - - template "#{new_resource.name} :start /etc/init/#{mysql_name}.conf" do - path "/etc/init/#{mysql_name}.conf" - source 'upstart/mysqld.erb' - owner 'root' - group 'root' - mode '0644' - variables( - defaults_file: defaults_file, - mysql_name: mysql_name, - run_group: new_resource.run_group, - run_user: new_resource.run_user, - socket_dir: socket_dir - ) - cookbook 'mysql' - action :create - end - - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - supports status: true - action [:start] - end - end - - action :stop do - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - supports restart: true, status: true - action [:stop] - end - end - - action :restart do - # With Upstart, restarting the service doesn't behave "as expected". - # We want the post-start stanzas, which wait until the - # service is available before returning - # - # http://upstart.ubuntu.com/cookbook/#restart - service "#{new_resource.name} :restart stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :stop - end - - service "#{new_resource.name} :restart start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :start - end - end - - action :reload do - # With Upstart, reload just sends a HUP signal to the process. - # As far as I can tell, this doesn't work the way it's - # supposed to, so we need to actually restart the service. - service "#{new_resource.name} :reload stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :stop - end - - service "#{new_resource.name} :reload start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :start - end - end - - def create_stop_system_service - service "#{new_resource.name} :create #{system_service_name}" do - service_name system_service_name - provider Chef::Provider::Service::Upstart - supports status: true - action [:stop, :disable] - end - end - - def delete_stop_service - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action [:disable, :stop] - only_if { ::File.exist?("#{etc_dir}/init/#{mysql_name}") } - end - end - end - end -end diff --git a/cookbooks/mysql/libraries/provider_priority_linux.rb b/cookbooks/mysql/libraries/provider_priority_linux.rb deleted file mode 100644 index cea5b11..0000000 --- a/cookbooks/mysql/libraries/provider_priority_linux.rb +++ /dev/null @@ -1,45 +0,0 @@ - -begin - require 'chef/platform/provider_priority_map' -rescue LoadError # rubocop: disable Lint/HandleExceptions -end - -require_relative 'provider_mysql_service_smf' -require_relative 'provider_mysql_service_systemd' -require_relative 'provider_mysql_service_sysvinit' -require_relative 'provider_mysql_service_upstart' -require_relative 'provider_mysql_config' -require_relative 'provider_mysql_client' - -if defined? Chef::Platform::ProviderPriorityMap - Chef::Platform::ProviderPriorityMap.instance.priority( - :mysql_service, - [Chef::Provider::MysqlServiceSystemd, Chef::Provider::MysqlServiceUpstart, Chef::Provider::MysqlServiceSysvinit], - os: 'linux' - ) -else - # provider mappings for Chef 11 - - # systemd service - Chef::Platform.set platform: :fedora, version: '>= 19', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd - Chef::Platform.set platform: :redhat, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd - Chef::Platform.set platform: :centos, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd - Chef::Platform.set platform: :scientific, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd - Chef::Platform.set platform: :oracle, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd - - # smf service - Chef::Platform.set platform: :omnios, resource: :mysql_service, provider: Chef::Provider::MysqlServiceSmf - Chef::Platform.set platform: :smartos, resource: :mysql_service, provider: Chef::Provider::MysqlServiceSmf - - # upstart service - Chef::Platform.set platform: :ubuntu, resource: :mysql_service, provider: Chef::Provider::MysqlServiceUpstart - - # default service - Chef::Platform.set resource: :mysql_service, provider: Chef::Provider::MysqlServiceSysvinit - - # config - Chef::Platform.set resource: :mysql_config, provider: Chef::Provider::MysqlConfig - - # client - Chef::Platform.set resource: :mysql_client, provider: Chef::Provider::MysqlClient -end diff --git a/cookbooks/mysql/libraries/resource_mysql_client.rb b/cookbooks/mysql/libraries/resource_mysql_client.rb deleted file mode 100644 index 8585dbe..0000000 --- a/cookbooks/mysql/libraries/resource_mysql_client.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'chef/resource/lwrp_base' - -class Chef - class Resource - class MysqlClient < Chef::Resource::LWRPBase - provides :mysql_client - - self.resource_name = :mysql_client - actions :create, :delete - default_action :create - - attribute :client_name, kind_of: String, name_attribute: true, required: true - attribute :package_name, kind_of: Array, default: nil - attribute :package_version, kind_of: String, default: nil - attribute :version, kind_of: String, default: nil # mysql_version - end - end -end diff --git a/cookbooks/mysql/libraries/resource_mysql_config.rb b/cookbooks/mysql/libraries/resource_mysql_config.rb deleted file mode 100644 index a8767ce..0000000 --- a/cookbooks/mysql/libraries/resource_mysql_config.rb +++ /dev/null @@ -1,22 +0,0 @@ -require 'chef/resource/lwrp_base' - -class Chef - class Resource - class MysqlConfig < Chef::Resource::LWRPBase - provides :mysql_config - - self.resource_name = :mysql_config - actions :create, :delete - default_action :create - - attribute :config_name, kind_of: String, name_attribute: true, required: true - attribute :cookbook, kind_of: String, default: nil - attribute :group, kind_of: String, default: 'mysql' - attribute :instance, kind_of: String, default: 'default' - attribute :owner, kind_of: String, default: 'mysql' - attribute :source, kind_of: String, default: nil - attribute :variables, kind_of: [Hash], default: nil - attribute :version, kind_of: String, default: nil - end - end -end diff --git a/cookbooks/mysql/libraries/resource_mysql_service.rb b/cookbooks/mysql/libraries/resource_mysql_service.rb deleted file mode 100644 index 8d4f5d3..0000000 --- a/cookbooks/mysql/libraries/resource_mysql_service.rb +++ /dev/null @@ -1,31 +0,0 @@ -require 'chef/resource/lwrp_base' - -class Chef - class Resource - class MysqlService < Chef::Resource::LWRPBase - provides :mysql_service - - self.resource_name = :mysql_service - actions :create, :delete, :start, :stop, :restart, :reload - default_action :create - - attribute :charset, kind_of: String, default: 'utf8' - attribute :data_dir, kind_of: String, default: nil - attribute :initial_root_password, kind_of: String, default: 'ilikerandompasswords' - attribute :instance, kind_of: String, name_attribute: true - attribute :package_action, kind_of: Symbol, default: :install - attribute :package_name, kind_of: String, default: nil - attribute :package_version, kind_of: String, default: nil - attribute :bind_address, kind_of: String, default: nil - attribute :port, kind_of: [String, Integer], default: '3306' - attribute :run_group, kind_of: String, default: 'mysql' - attribute :run_user, kind_of: String, default: 'mysql' - attribute :socket, kind_of: String, default: nil - attribute :mysqld_options, kind_of: Hash, default: {} - attribute :version, kind_of: String, default: nil - attribute :error_log, kind_of: String, default: nil - attribute :tmp_dir, kind_of: String, default: nil - attribute :pid_file, kind_of: String, default: nil - end - end -end diff --git a/cookbooks/mysql/metadata.json b/cookbooks/mysql/metadata.json index 54c8e71..f847f3b 100644 --- a/cookbooks/mysql/metadata.json +++ b/cookbooks/mysql/metadata.json @@ -1 +1 @@ -{"name":"mysql","version":"6.1.3","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"# MySQL Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/mysql.svg?branch=master)](https://travis-ci.org/chef-cookbooks/mysql) [![Cookbook Version](https://img.shields.io/cookbook/v/mysql.svg)](https://supermarket.chef.io/cookbooks/mysql)\n\nThe Mysql Cookbook is a library cookbook that provides resource primitives (LWRPs) for use in recipes. It is designed to be a reference example for creating highly reusable cross-platform cookbooks.\n\n## Scope\n\nThis cookbook is concerned with the \"MySQL Community Server\", particularly those shipped with F/OSS Unix and Linux distributions. It does not address forks or value-added repackaged MySQL distributions like Drizzle, MariaDB, or Percona.\n\n## Requirements\n\n- Chef 11 or higher\n- Ruby 1.9 or higher (preferably from the Chef full-stack installer)\n- Network accessible package repositories\n- 'recipe[selinux::disabled]' on RHEL platforms\n\n## Platform Support\n\nThe following platforms have been tested with Test Kitchen:\n\n```\n|----------------+-----+-----+-----+-----+-----|\n| | 5.0 | 5.1 | 5.5 | 5.6 | 5.7 |\n|----------------+-----+-----+-----+-----+-----|\n| debian-7 | | | X | | |\n|----------------+-----+-----+-----+-----+-----|\n| ubuntu-12.04 | | | X | | |\n|----------------+-----+-----+-----+-----+-----|\n| ubuntu-14.04 | | | X | X | |\n|----------------+-----+-----+-----+-----+-----|\n| ubuntu-15.04 | | | | X | |\n|----------------+-----+-----+-----+-----+-----|\n| centos-5 | X | X | X | X | X |\n|----------------+-----+-----+-----+-----+-----|\n| centos-6 | | X | X | X | X |\n|----------------+-----+-----+-----+-----+-----|\n| centos-7 | | | X | X | X |\n|----------------+-----+-----+-----+-----+-----|\n| amazon | | | X | X | X |\n|----------------+-----+-----+-----+-----+-----|\n| fedora-22 | | | X | X | X |\n|----------------+-----+-----+-----+-----+-----|\n| fedora-23 | | | X | X | X |\n|----------------+-----+-----+-----+-----+-----|\n```\n\n## Cookbook Dependencies\n\n- yum-mysql-community\n- smf\n\n## Usage\n\nPlace a dependency on the mysql cookbook in your cookbook's metadata.rb\n\n```ruby\ndepends 'mysql', '~> 6.0'\n```\n\nThen, in a recipe:\n\n```ruby\nmysql_service 'foo' do\n port '3306'\n version '5.5'\n initial_root_password 'change me'\n action [:create, :start]\nend\n```\n\nThe service name on the OS is `mysql-foo`. You can manually start and stop it with `service mysql-foo start` and `service mysql-foo stop`.\n\nThe configuration file is at `/etc/mysql-foo/my.cnf`. It contains the minimum options to get the service running. It looks like this.\n\n```\n# Chef generated my.cnf for instance mysql-foo\n\n[client]\ndefault-character-set = utf8\nport = 3306\nsocket = /var/run/mysql-foo/mysqld.sock\n\n[mysql]\ndefault-character-set = utf8\n\n[mysqld]\nuser = mysql\npid-file = /var/run/mysql-foo/mysqld.pid\nsocket = /var/run/mysql-foo/mysqld.sock\nport = 3306\ndatadir = /var/lib/mysql-foo\ntmpdir = /tmp\nlog-error = /var/log/mysql-foo/error.log\n!includedir /etc/mysql-foo/conf.d\n\n[mysqld_safe]\nsocket = /var/run/mysql-foo/mysqld.sock\n```\n\nYou can put extra configuration into the conf.d directory by using the `mysql_config` resource, like this:\n\n```ruby\nmysql_service 'foo' do\n port '3306'\n version '5.5'\n initial_root_password 'change me'\n action [:create, :start]\nend\n\nmysql_config 'foo' do\n source 'my_extra_settings.erb'\n notifies :restart, 'mysql_service[foo]'\n action :create\nend\n```\n\nYou are responsible for providing `my_extra_settings.erb` in your own cookbook's templates folder.\n\n## Connecting with the mysql CLI command\n\nLogging into the machine and typing `mysql` with no extra arguments will fail. You need to explicitly connect over the socket with `mysql -S /var/run/mysql-foo/mysqld.sock`, or over the network with `mysql -h 127.0.0.1`\n\n## Upgrading from older version of the mysql cookbook\n\n- It is strongly recommended that you rebuild the machine from scratch. This is easy if you have your `data_dir` on a dedicated mount point. If you _must_ upgrade in-place, follow the instructions below.\n- The 6.x series supports multiple service instances on a single machine. It dynamically names the support directories and service names. `/etc/mysql becomes /etc/mysql-instance_name`. Other support directories in `/var` `/run` etc work the same way. Make sure to specify the `data_dir` property on the `mysql_service` resource to point to the old `/var/lib/mysql` directory.\n\n## Resources Overview\n\n### mysql_service\n\nThe `mysql_service` resource manages the basic plumbing needed to get a MySQL server instance running with minimal configuration.\n\nThe `:create` action handles package installation, support directories, socket files, and other operating system level concerns. The internal configuration file contains just enough to get the service up and running, then loads extra configuration from a conf.d directory. Further configurations are managed with the `mysql_config` resource.\n\n- If the `data_dir` is empty, a database will be initialized, and a\n- root user will be set up with `initial_root_password`. If this\n- directory already contains database files, no action will be taken.\n\nThe `:start` action starts the service on the machine using the appropriate provider for the platform. The `:start` action should be omitted when used in recipes designed to build containers.\n\n#### Example\n\n```ruby\nmysql_service 'default' do\n version '5.7'\n bind_address '0.0.0.0'\n port '3306'\n data_dir '/data'\n initial_root_password 'Ch4ng3me'\n action [:create, :start]\nend\n```\n\nPlease note that when using `notifies` or `subscribes`, the resource to reference is `mysql_service[name]`, not `service[mysql]`.\n\n#### Parameters\n\n- `charset` - specifies the default character set. Defaults to `utf8`.\n- `data_dir` - determines where the actual data files are kept on the machine. This is useful when mounting external storage. When omitted, it will default to the platform's native location.\n- `error_log` - Tunable location of the error_log\n- `initial_root_password` - allows the user to specify the initial root password for mysql when initializing new databases. This can be set explicitly in a recipe, driven from a node attribute, or from data_bags. When omitted, it defaults to `ilikerandompasswords`. Please be sure to change it.\n- `instance` - A string to identify the MySQL service. By convention, to allow for multiple instances of the `mysql_service`, directories and files on disk are named `mysql-`. Defaults to the resource name.\n- `package_action` - Defaults to `:install`.\n- `package_name` - Defaults to a value looked up in an internal map.\n- `package_version` - Specific version of the package to install,passed onto the underlying package manager. Defaults to `nil`.\n- `bind_address` - determines the listen IP address for the mysqld service. When omitted, it will be determined by MySQL. If the address is \"regular\" IPv4/IPv6address (e.g 127.0.0.1 or ::1), the server accepts TCP/IP connections only for that particular address. If the address is \"0.0.0.0\" (IPv4) or \"::\" (IPv6), the server accepts TCP/IP connections on all IPv4 or IPv6 interfaces.\n- `mysqld_options` - A key value hash of options to be rendered into the main my.cnf. WARNING - It is highly recommended that you use the `mysql_config` resource instead of sending extra config into a `mysql_service` resource. This will allow you to set up notifications and subscriptions between the service and its configuration. That being said, this can be useful for adding extra options needed for database initialization at first run.\n- `port` - determines the listen port for the mysqld service. When omitted, it will default to '3306'.\n- `run_group` - The name of the system group the `mysql_service` should run as. Defaults to 'mysql'.\n- `run_user` - The name of the system user the `mysql_service` should run as. Defaults to 'mysql'.\n- `pid_file` - Tunable location of the pid file.\n- `socket` - determines where to write the socket file for the `mysql_service` instance. Useful when configuring clients on the same machine to talk over socket and skip the networking stack. Defaults to a calculated value based on platform and instance name.\n- `tmp_dir` - Tunable location of the tmp_dir\n- `version` - allows the user to select from the versions available for the platform, where applicable. When omitted, it will install the default MySQL version for the target platform. Available version numbers are `5.0`, `5.1`, `5.5`, `5.6`, and `5.7`, depending on platform.\n\n#### Actions\n\n- `:create` - Configures everything but the underlying operating system service.\n- `:delete` - Removes everything but the package and data_dir.\n- `:start` - Starts the underlying operating system service\n- `:stop`- Stops the underlying operating system service\n- `:restart` - Restarts the underlying operating system service\n- `:reload` - Reloads the underlying operating system service\n\n#### Providers\n\nChef selects the appropriate provider based on platform and version, but you can specify one if your platform support it.\n\n```ruby\nmysql_service[instance-1] do\n port '1234'\n data_dir '/mnt/lottadisk'\n provider Chef::Provider::MysqlServiceSysvinit\n action [:create, :start]\nend\n```\n\n- `Chef::Provider::MysqlServiceBase` - Configures everything needed to run a MySQL service except the platform service facility. This provider should never be used directly. The `:start`, `:stop`, `:restart`, and `:reload` actions are stubs meant to be overridden by the providers below.\n- `Chef::Provider::MysqlServiceSmf` - Starts a `mysql_service` using the Service Management Facility, used by Solaris and Illumos. Manages the FMRI and method script.\n- `Chef::Provider::MysqlServiceSystemd` - Starts a `mysql_service` using SystemD. Manages the unit file and activation state\n- `Chef::Provider::MysqlServiceSysvinit` - Starts a `mysql_service` using SysVinit. Manages the init script and status.\n- `Chef::Provider::MysqlServiceUpstart` - Starts a `mysql_service` using Upstart. Manages job definitions and status.\n\n### mysql_config\n\nThe `mysql_config` resource is a wrapper around the core Chef `template` resource. Instead of a `path` parameter, it uses the `instance` parameter to calculate the path on the filesystem where file is rendered.\n\n#### Example\n\n```ruby\nmysql_config[default] do\n source 'site.cnf.erb'\n action :create\nend\n```\n\n#### Parameters\n\n- `config_name` - The base name of the configuration file to be rendered into the conf.d directory on disk. Defaults to the resource name.\n- `cookbook` - The name of the cookbook to look for the template source. Defaults to nil\n- `group` - System group for file ownership. Defaults to 'mysql'.\n- `instance` - Name of the `mysql_service` instance the config is meant for. Defaults to 'default'.\n- `owner` - System user for file ownership. Defaults to 'mysql'.\n- `source` - Template in cookbook to be rendered.\n- `variables` - Variables to be passed to the underlying `template` resource.\n- `version` - Version of the `mysql_service` instance the config is meant for. Used to calculate path. Only necessary when using packages with unique configuration paths, such as RHEL Software Collections or OmniOS. Defaults to 'nil'\n\n#### Actions\n\n- `:create` - Renders the template to disk at a path calculated using the instance parameter.\n- `:delete` - Deletes the file from the conf.d directory calculated using the instance parameter.\n\n#### More Examples\n\n```ruby\nmysql_service 'instance-1' do\n action [:create, :start]\nend\n\nmysql_service 'instance-2' do\n action [:create, :start]\nend\n\nmysql_config 'logging' do\n instance 'instance-1'\n source 'logging.cnf.erb'\n action :create\n notifies :restart, 'mysql_service[instance-1]'\nend\n\nmysql_config 'security settings for instance-2' do\n config_name 'security'\n instance 'instance-2'\n source 'security_stuff.cnf.erb'\n variables(:foo => 'bar')\n action :create\n notifies :restart, 'mysql_service[instance-2]'\nend\n```\n\n### mysql_client\n\nThe `mysql_client` resource manages the MySQL client binaries and development libraries.\n\nIt is an example of a \"singleton\" resource. Declaring two `mysql_client` resources on a machine usually won't yield two separate copies of the client binaries, except for platforms that support multiple versions (RHEL SCL, OmniOS).\n\n#### Example\n\n```ruby\nmysql_client 'default' do\n action :create\nend\n```\n\n#### Parameters\n\n- `package_name` - An array of packages to be installed. Defaults to a value looked up in an internal map.\n- `package_version` - Specific versions of the package to install, passed onto the underlying package manager. Defaults to `nil`.\n- `version` - Major MySQL version number of client packages. Only valid on for platforms that support multiple versions, such as RHEL via Software Collections and OmniOS.\n\n#### Actions\n\n- `:create` - Installs the client software\n- `:delete` - Removes the client software\n\n## Advanced Usage Examples\n\nThere are a number of configuration scenarios supported by the use of resource primitives in recipes. For example, you might want to run multiple MySQL services, as different users, and mount block devices that contain pre-existing databases.\n\n### Multiple Instances as Different Users\n\n```ruby\n# instance-1\nuser 'alice' do\n action :create\nend\n\ndirectory '/mnt/data/mysql/instance-1' do\n owner 'alice'\n action :create\nend\n\nmount '/mnt/data/mysql/instance-1' do\n device '/dev/sdb1'\n fstype 'ext4'\n action [:mount, :enable]\nend\n\nmysql_service 'instance-1' do\n port '3307'\n run_user 'alice'\n data_dir '/mnt/data/mysql/instance-1'\n action [:create, :start]\nend\n\nmysql_config 'site config for instance-1' do\n instance 'instance-1'\n source 'instance-1.cnf.erb'\n notifies :restart, 'mysql_service[instance-1]'\nend\n\n# instance-2\nuser 'bob' do\n action :create\nend\n\ndirectory '/mnt/data/mysql/instance-2' do\n owner 'bob'\n action :create\nend\n\nmount '/mnt/data/mysql/instance-2' do\n device '/dev/sdc1'\n fstype 'ext3'\n action [:mount, :enable]\nend\n\nmysql_service 'instance-2' do\n port '3308'\n run_user 'bob'\n data_dir '/mnt/data/mysql/instance-2'\n action [:create, :start]\nend\n\nmysql_config 'site config for instance-2' do\n instance 'instance-2'\n source 'instance-2.cnf.erb'\n notifies :restart, 'mysql_service[instance-2]'\nend\n```\n\n### Replication Testing\n\nUse multiple `mysql_service` instances to test a replication setup. This particular example serves as a smoke test in Test Kitchen because it exercises different resources and requires service restarts.\n\n\n\n## Frequently Asked Questions\n\n### How do I run this behind my firewall?\n\nOn Linux, the `mysql_service` resource uses the platform's underlying package manager to install software. For this to work behind firewalls, you'll need to either:\n\n- Configure the system yum/apt utilities to use a proxy server that\n- can reach the Internet\n- Host a package repository on a network that the machine can talk to\n\nOn the RHEL platform_family, applying the `yum::default` recipe will allow you to drive the `yum_globalconfig` resource with attributes to change the global yum proxy settings.\n\nIf hosting repository mirrors, applying one of the following recipes and adjust the settings with node attributes.\n\n- `recipe[yum-centos::default]` from the Supermarket\n\n \n\n \n\n- `recipe[yum-mysql-community::default]` from the Supermarket\n\n \n\n \n\n### The mysql command line doesn't work\n\nIf you log into the machine and type `mysql`, you may see an error like this one:\n\n`Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'`\n\nThis is because MySQL is hardcoded to read the defined default my.cnf file, typically at /etc/my.cnf, and this LWRP deletes it to prevent overlap among multiple MySQL configurations.\n\nTo connect to the socket from the command line, check the socket in the relevant my.cnf file and use something like this:\n\n`mysql -S /var/run/mysql-foo/mysqld.sock -Pwhatever`\n\nOr to connect over the network, use something like this: connect over the network..\n\n`mysql -h 127.0.0.1 -Pwhatever`\n\nThese network or socket ssettings can also be put in you $HOME/.my.cnf, if preferred.\n\n### What about MariaDB, Percona, Drizzle, WebScaleSQL, etc.\n\nMySQL forks are purposefully out of scope for this cookbook. This is mostly to reduce the testing matrix to a manageable size. Cookbooks for these technologies can easily be created by copying and adapting this cookbook. However, there will be differences.\n\nPackage repository locations, package version names, software major version numbers, supported platform matrices, and the availability of software such as XtraDB and Galera are the main reasons that creating multiple cookbooks to make sense.\n\n## Warnings\n\n## Hacking / Testing / TODO\n\nPlease refer to the HACKING.md\n\n## License & Authors\n\n- Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io))\n- Author:: AJ Christensen ([aj@chef.io](mailto:aj@chef.io))\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Brian Bianco ([brian.bianco@gmail.com](mailto:brian.bianco@gmail.com))\n- Author:: Jesse Howarth ([him@jessehowarth.com](mailto:him@jessehowarth.com))\n- Author:: Andrew Crump ([andrew@kotirisoftware.com](mailto:andrew@kotirisoftware.com))\n- Author:: Christoph Hartmann ([chris@lollyrock.com](mailto:chris@lollyrock.com))\n- Author:: Sean OMeara ([sean@chef.io](mailto:sean@chef.io))\n\n```text\nCopyright:: 2009-2014 Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","scientific":">= 0.0.0","fedora":">= 0.0.0","debian":">= 0.0.0","ubuntu":">= 0.0.0","smartos":">= 0.0.0","omnios":">= 0.0.0","suse":">= 0.0.0"},"dependencies":{"yum-mysql-community":">= 0.0.0","smf":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file +{"name":"mysql","version":"8.5.1","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"redhat":">= 6.0","centos":">= 6.0","scientific":">= 6.0","oracle":">= 6.0","amazon":">= 0.0.0","fedora":">= 0.0.0","debian":">= 7.0","ubuntu":">= 12.04","opensuse":">= 13.0","opensuseleap":">= 0.0.0","suse":">= 12.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/mysql","issues_url":"https://github.com/chef-cookbooks/mysql/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb b/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb index 430a311..130beb7 100644 --- a/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb +++ b/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb @@ -2,12 +2,13 @@ /etc/<%= @mysql_name %>/conf.d/ r, /etc/<%= @mysql_name %>/conf.d/* r, /etc/<%= @mysql_name %>/my.cnf r, -<%= @log_dir %>/ r, -<%= @log_dir %>/* rw, -<%= @data_dir %>/ r, -<%= @data_dir %>/** rwk, -<%= @run_dir %>/** rw, -<%= @pid_file %> rw, -<%= @socket_file %> rw, +<%= @config.log_dir %>/ r, +<%= @config.log_dir %>/* rw, +<%= @config.data_dir %>/ r, +<%= @config.data_dir %>/** rwk, +<%= @config.run_dir %>/** rw, +<%= @config.pid_file %> rw, +<%= @config.socket_file %> rw, /tmp/<%= @mysql_name %>/ r, /tmp/<%= @mysql_name %>/my.sql r, +<%= @config.tmp_dir %>/* rw, diff --git a/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld.erb b/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld.erb index 3e1f1b0..19ddbf5 100644 --- a/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld.erb +++ b/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld.erb @@ -35,8 +35,10 @@ /var/log/mysql/* rw, /var/run/mysqld/mysqld.pid rw, /var/run/mysqld/mysqld.sock w, + /var/run/mysqld/mysqld.sock.lock rw, /run/mysqld/mysqld.pid rw, /run/mysqld/mysqld.sock w, + /run/mysqld/mysqld.sock.lock rw, /sys/devices/system/cpu/ r, diff --git a/cookbooks/mysql/templates/default/my.cnf.erb b/cookbooks/mysql/templates/default/my.cnf.erb index faa8d3e..ff10156 100644 --- a/cookbooks/mysql/templates/default/my.cnf.erb +++ b/cookbooks/mysql/templates/default/my.cnf.erb @@ -7,8 +7,8 @@ default-character-set = <%= @config.charset %> <% if @config.port %> port = <%= @config.port %> <% end %> -<% if @socket_file %> -socket = <%= @socket_file %> +<% if @config.socket_file %> +socket = <%= @config.socket_file %> <% end %> [mysql] @@ -20,11 +20,11 @@ default-character-set = <%= @config.charset %> <% if @config.run_user %> user = <%= @config.run_user %> <% end %> -<% if @pid_file %> -pid-file = <%= @pid_file %> +<% if @config.pid_file %> +pid-file = <%= @config.pid_file %> <% end %> -<% if @socket_file %> -socket = <%= @socket_file %> +<% if @config.socket_file %> +socket = <%= @config.socket_file %> <% end %> <% if @config.bind_address %> bind-address = <%= @config.bind_address %> @@ -32,26 +32,26 @@ bind-address = <%= @config.bind_address %> <% if @config.port %> port = <%= @config.port %> <% end %> -<% if @data_dir %> -datadir = <%= @data_dir %> +<% if @config.data_dir %> +datadir = <%= @config.data_dir %> <% end %> -<% if @tmp_dir %> -tmpdir = <%= @tmp_dir %> +<% if @config.tmp_dir %> +tmpdir = <%= @config.tmp_dir %> <% end %> <% @config.mysqld_options.each do |option,value| %> <%= option %> = <%= value %> <% end %> -<% if @lc_messages_dir %> -lc-messages-dir = <%= @lc_messages_dir %> +<% if @config.lc_messages_dir %> +lc-messages-dir = <%= @config.lc_messages_dir %> <% end %> -<% if @error_log %> -log-error = <%= @error_log %> +<% if @config.error_log %> +log-error = <%= @config.error_log %> <% end %> -<% if @include_dir %> -!includedir <%= @include_dir %> +<% if @config.include_dir %> +!includedir <%= @config.include_dir %> <% end %> [mysqld_safe] -<% if @socket_file %> -socket = <%= @socket_file %> +<% if @config.socket_file %> +socket = <%= @config.socket_file %> <% end %> diff --git a/cookbooks/ohai/.foodcritic b/cookbooks/ohai/.foodcritic deleted file mode 100644 index 0480ab5..0000000 --- a/cookbooks/ohai/.foodcritic +++ /dev/null @@ -1,2 +0,0 @@ -~FC016 -~FC009 diff --git a/cookbooks/ohai/CHANGELOG.md b/cookbooks/ohai/CHANGELOG.md index d79cc1a..8d3c45d 100644 --- a/cookbooks/ohai/CHANGELOG.md +++ b/cookbooks/ohai/CHANGELOG.md @@ -2,6 +2,39 @@ This file is used to list changes made in each version of the ohai cookbook. +## 5.2.5 (2018-09-04) + +- Add note that ohai_hint will be removed April 2019 when Chef 13 goes EOL as this resource now ships in Chef 14+ + +## 5.2.4 (2018-08-28) + +- Avoid deprecation warnings in Chef 14.3+ by not loading resources already in Chef + +## 5.2.3 (2018-06-08) + +- Make sure we properly compare a provided plugin path to the path on disk by stripping trailing slashes from the provided directory +- Don't reload ohai when the plugin exists in a subdirectory of the config's set plugin path + +## 5.2.2 (2018-02-15) + +- Remove ChefSpec matchers we no longer need since they're auto generated + +## 5.2.1 (2018-01-25) + +- Switch from a .foodcritic file to an inline comments which resolve Supermarket warnings +- Remove unused helper method + +## 5.2.0 (2017-08-17) + +- Resolve multiple issues with Windows paths that caused the cookbook to converge on every run or fail +- Move maintainer information to the readme +- Add testing on Chef 12.7 in Travis +- Move helpers to their own modules and add testing framework + +## 5.1.0 (2017-05-06) + +- Workaround action_class bug by requiring Chef 12.7+ + ## 5.0.4 (2017-04-25) - Fix lack of .rb extension when deleting plugins. diff --git a/cookbooks/ohai/MAINTAINERS.md b/cookbooks/ohai/MAINTAINERS.md deleted file mode 100644 index 645ed14..0000000 --- a/cookbooks/ohai/MAINTAINERS.md +++ /dev/null @@ -1,15 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/ohai/README.md b/cookbooks/ohai/README.md index fdb7180..84c0113 100644 --- a/cookbooks/ohai/README.md +++ b/cookbooks/ohai/README.md @@ -4,6 +4,8 @@ Contains custom resources for adding Ohai hints and installing custom Ohai plugins. Handles path creation as well as the reloading of Ohai so that new data will be available during the same run. +NOTE: The ohai_hint resource shipped in Chef 14.0 (April 2018). When Chef 15.0 is released (April 2019) and Chef 13 goes EOL the ohai_hint resource will be removed from this cookbook. + ## Requirements ### Platforms @@ -16,7 +18,7 @@ Contains custom resources for adding Ohai hints and installing custom Ohai plugi ### Chef -- Chef 12.5+ +- Chef 12.7+ ### Cookbooks @@ -113,9 +115,11 @@ You can check for the creation or deletion of ohai plugins with chefspec using t - create_ohai_plugin - delete_ohai_plugin -## License & Authors +## Maintainers -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) + +## License **Copyright:** 2011-2016, Chef Software, Inc. diff --git a/cookbooks/iis/recipes/mod_application_initialization.rb b/cookbooks/ohai/libraries/hint_helpers.rb similarity index 54% rename from cookbooks/iis/recipes/mod_application_initialization.rb rename to cookbooks/ohai/libraries/hint_helpers.rb index 24b392e..a0e58ba 100644 --- a/cookbooks/iis/recipes/mod_application_initialization.rb +++ b/cookbooks/ohai/libraries/hint_helpers.rb @@ -1,9 +1,10 @@ # -# Author:: Seth Chisamore () -# Cookbook:: iis -# Recipe:: mod_application_initialization +# Cookbook:: ohai +# Library:: hint_helpers # -# Copyright:: 2011-2016, Chef Software, Inc. +# Author:: Tim Smith () +# +# Copyright:: 2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,12 +19,17 @@ # limitations under the License. # -include_recipe 'iis' +module OhaiCookbook + module HintHelpers + def ohai_hint_file_path(filename) + path = ::File.join(::Ohai::Config.ohai.hints_path.first, filename) + path << '.json' unless path.end_with?('.json') + path + end -if Opscode::IIS::Helper.older_than_windows2008r2? - log 'Application Initialization module is not supported on Windows 2008 or lower, ignoring' -else - windows_feature 'IIS-ApplicationInit' do - action :install + def format_content(content) + return '' if content.nil? || content.empty? + JSON.pretty_generate(content) + end end end diff --git a/cookbooks/ohai/libraries/matchers.rb b/cookbooks/ohai/libraries/matchers.rb deleted file mode 100644 index a888dd5..0000000 --- a/cookbooks/ohai/libraries/matchers.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Cookbook:: ohai -# Library:: matchers -# -# Author:: Tim Smith () -# -# Copyright:: 2016-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -if defined?(ChefSpec) - ChefSpec.define_matcher :ohai_hint - ChefSpec.define_matcher :ohai_plugin - - def create_ohai_hint(resource) - ChefSpec::Matchers::ResourceMatcher.new(:ohai_hint, :create, resource) - end - - def delete_ohai_hint(resource) - ChefSpec::Matchers::ResourceMatcher.new(:ohai_hint, :delete, resource) - end - - def create_ohai_plugin(resource) - ChefSpec::Matchers::ResourceMatcher.new(:ohai_plugin, :create, resource) - end - - def delete_ohai_plugin(resource) - ChefSpec::Matchers::ResourceMatcher.new(:ohai_plugin, :delete, resource) - end -end diff --git a/cookbooks/ohai/libraries/plugin_helpers.rb b/cookbooks/ohai/libraries/plugin_helpers.rb new file mode 100644 index 0000000..218d550 --- /dev/null +++ b/cookbooks/ohai/libraries/plugin_helpers.rb @@ -0,0 +1,77 @@ +# +# Cookbook:: ohai +# Library:: plugin_helpers +# +# Author:: Tim Smith () +# +# Copyright:: 2017-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module OhaiCookbook + module PluginHelpers + # return the path property if specified or + # CHEF_CONFIG_PATH/ohai/plugins if a path isn't specified + def desired_plugin_path + if new_resource.path + new_resource.path.chomp('/') # if the user gave us /foo/bar/ we need /foo/bar for later comparison + else + ::File.join(chef_config_path, 'ohai', 'plugins') + end + end + + # return the chef config files dir or fail hard + def chef_config_path + if Chef::Config['config_file'] + ::File.dirname(Chef::Config['config_file']) + else + Chef::Application.fatal!("No chef config file defined. Are you running \ + chef-solo? If so you will need to define a path for the ohai_plugin as the \ + path cannot be determined") + end + end + + # is the desired plugin dir in the ohai config plugin dir array? + def in_plugin_path?(path) + normalized_path = normalize_path(path) + # get the directory where we plan to stick the plugin (not the actual file path) + desired_dir = ::File.directory?(normalized_path) ? normalized_path : ::File.dirname(normalized_path) + ::Ohai::Config.ohai['plugin_path'].map { |x| normalize_path(x) }.any? do |d| + desired_dir.start_with?(d) + end + end + + # return path to lower and with forward slashes so we can compare it + # this works around the 3 different way we can represent windows paths + def normalize_path(path) + path.downcase.gsub(/\\+/, '/') + end + + def add_to_plugin_path(path) + ::Ohai::Config.ohai['plugin_path'] << path # new format + end + + # we need to warn the user that unless the path for this plugin is in Ohai's + # plugin path already we're going to have to reload Ohai on every Chef run. + # Ideally in future versions of Ohai /etc/chef/ohai/plugins is in the path. + def plugin_path_warning + Chef::Log.warn("The Ohai plugin_path does not include #{desired_plugin_path}. \ +Ohai will reload on each chef-client run in order to add this directory to the \ +path unless you modify your client.rb configuration to add this directory to \ +plugin_path. The plugin_path can be set via the chef-client::config recipe. \ +See 'Ohai Settings' at https://docs.chef.io/config_rb_client.html#ohai-settings \ +for more details.") + end + end +end diff --git a/cookbooks/ohai/metadata.json b/cookbooks/ohai/metadata.json index e457c14..61cb9db 100644 --- a/cookbooks/ohai/metadata.json +++ b/cookbooks/ohai/metadata.json @@ -1 +1 @@ -{"name":"ohai","version":"5.0.4","description":"Provides custom resources for installing Ohai hints and plugins","long_description":"# ohai Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/ohai.svg?branch=master)](https://travis-ci.org/chef-cookbooks/ohai) [![Build status](https://ci.appveyor.com/api/projects/status/lgok2kr6l007s8hf/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/ohai/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/ohai.svg)](https://supermarket.chef.io/cookbooks/ohai)\n\nContains custom resources for adding Ohai hints and installing custom Ohai plugins. Handles path creation as well as the reloading of Ohai so that new data will be available during the same run.\n\n## Requirements\n\n### Platforms\n\n- Debian/Ubuntu\n- RHEL/CentOS/Scientific/Amazon/Oracle\n- openSUSE / SUSE Enterprise Linux\n- FreeBSD\n- Windows\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- none\n\n## Custom Resources\n\n### `ohai_hint`\n\nCreates Ohai hint files, which are consumed by Ohai plugins in order to determine if they should run or not.\n\n#### Resource Attributes\n\n- `hint_name` - The name of hints file and key. Should be string, default is name of resource.\n- `content` - Values of hints. It will be used as automatic attributes. Should be Hash, default is empty Hash\n- `compile_time` - Should the resource run at compile time. This defaults to true\n\n#### Examples\n\nHint file installed to the default directory:\n\n```ruby\nohai_hint 'ec2'\n```\n\nHint file not installed at compile time:\n\n```ruby\nohai_hint 'ec2' do\n compile_time false\nend\n```\n\nHint file installed with content:\n\n```ruby\nohai_hint 'raid_present' do\n content Hash[:a, 'test_content']\nend\n```\n\n#### ChefSpec Matchers\n\nYou can check for the creation or deletion of ohai hints with chefspec using these custom matches:\n\n- create_ohai_hint\n- delete_ohai_hint\n\n### `ohai_plugin`\n\nInstalls custom Ohai plugins.\n\n#### Resource Attributes\n\n- `plugin_name` - The name to give the plugin on the filesystem. Should be string, default is name of resource.\n- `path` - The path to your custom plugin directory. Defaults to a directory named 'plugins' under the directory 'ohai' in the Chef config dir.\n- `source_file` - The source file for the plugin in your cookbook if not NAME.rb.\n- `cookbook` - The cookbook where the source file exists if not the cookbook where the ohai_plugin resource is running from.\n- `resource` - The resource type for the plugin file. Either `:cookbook_file` or `:template`. Defaults to `:cookbook_file`.\n- `variables` - Usable only if `resource` is `:template`. Defines the template's variables.\n- `compile_time` - Should the resource run at compile time. This defaults to `true`.\n\n#### examples\n\nSimple Ohai plugin installation:\n\n```ruby\nohai_plugin 'my_custom_plugin'\n```\n\nInstallation where the resource doesn't match the filename and you install to a custom plugins dir:\n\n```ruby\nohai_plugin 'My Ohai Plugin' do\n name 'my_custom_plugin'\n path '/my/custom/path/'\nend\n```\n\nInstallation using a template:\n\n```ruby\nohai_plugin 'My Templated Plugin' do\n name 'templated_plugin'\n resource :template\n variables node_type: :web_server\nend\n```\n\n#### ChefSpec Matchers\n\nYou can check for the creation or deletion of ohai plugins with chefspec using these custom matches:\n\n- create_ohai_plugin\n- delete_ohai_plugin\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2011-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","centos":">= 0.0.0","redhat":">= 0.0.0","amazon":">= 0.0.0","scientific":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","freebsd":">= 0.0.0","windows":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/ohai","issues_url":"https://github.com/chef-cookbooks/ohai/issues","chef_version":[[">= 12.5"]],"ohai_version":[]} \ No newline at end of file +{"name":"ohai","version":"5.2.5","description":"Provides custom resources for installing Ohai hints and plugins","long_description":"# ohai Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/ohai.svg?branch=master)](https://travis-ci.org/chef-cookbooks/ohai) [![Build status](https://ci.appveyor.com/api/projects/status/lgok2kr6l007s8hf/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/ohai/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/ohai.svg)](https://supermarket.chef.io/cookbooks/ohai)\n\nContains custom resources for adding Ohai hints and installing custom Ohai plugins. Handles path creation as well as the reloading of Ohai so that new data will be available during the same run.\n\nNOTE: The ohai_hint resource shipped in Chef 14.0 (April 2018). When Chef 15.0 is released (April 2019) and Chef 13 goes EOL the ohai_hint resource will be removed from this cookbook.\n\n## Requirements\n\n### Platforms\n\n- Debian/Ubuntu\n- RHEL/CentOS/Scientific/Amazon/Oracle\n- openSUSE / SUSE Enterprise Linux\n- FreeBSD\n- Windows\n\n### Chef\n\n- Chef 12.7+\n\n### Cookbooks\n\n- none\n\n## Custom Resources\n\n### `ohai_hint`\n\nCreates Ohai hint files, which are consumed by Ohai plugins in order to determine if they should run or not.\n\n#### Resource Attributes\n\n- `hint_name` - The name of hints file and key. Should be string, default is name of resource.\n- `content` - Values of hints. It will be used as automatic attributes. Should be Hash, default is empty Hash\n- `compile_time` - Should the resource run at compile time. This defaults to true\n\n#### Examples\n\nHint file installed to the default directory:\n\n```ruby\nohai_hint 'ec2'\n```\n\nHint file not installed at compile time:\n\n```ruby\nohai_hint 'ec2' do\n compile_time false\nend\n```\n\nHint file installed with content:\n\n```ruby\nohai_hint 'raid_present' do\n content Hash[:a, 'test_content']\nend\n```\n\n#### ChefSpec Matchers\n\nYou can check for the creation or deletion of ohai hints with chefspec using these custom matches:\n\n- create_ohai_hint\n- delete_ohai_hint\n\n### `ohai_plugin`\n\nInstalls custom Ohai plugins.\n\n#### Resource Attributes\n\n- `plugin_name` - The name to give the plugin on the filesystem. Should be string, default is name of resource.\n- `path` - The path to your custom plugin directory. Defaults to a directory named 'plugins' under the directory 'ohai' in the Chef config dir.\n- `source_file` - The source file for the plugin in your cookbook if not NAME.rb.\n- `cookbook` - The cookbook where the source file exists if not the cookbook where the ohai_plugin resource is running from.\n- `resource` - The resource type for the plugin file. Either `:cookbook_file` or `:template`. Defaults to `:cookbook_file`.\n- `variables` - Usable only if `resource` is `:template`. Defines the template's variables.\n- `compile_time` - Should the resource run at compile time. This defaults to `true`.\n\n#### examples\n\nSimple Ohai plugin installation:\n\n```ruby\nohai_plugin 'my_custom_plugin'\n```\n\nInstallation where the resource doesn't match the filename and you install to a custom plugins dir:\n\n```ruby\nohai_plugin 'My Ohai Plugin' do\n name 'my_custom_plugin'\n path '/my/custom/path/'\nend\n```\n\nInstallation using a template:\n\n```ruby\nohai_plugin 'My Templated Plugin' do\n name 'templated_plugin'\n resource :template\n variables node_type: :web_server\nend\n```\n\n#### ChefSpec Matchers\n\nYou can check for the creation or deletion of ohai plugins with chefspec using these custom matches:\n\n- create_ohai_plugin\n- delete_ohai_plugin\n\n## Maintainers\n\nThis cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)\n\n## License\n\n**Copyright:** 2011-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","centos":">= 0.0.0","redhat":">= 0.0.0","amazon":">= 0.0.0","scientific":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","freebsd":">= 0.0.0","windows":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/ohai","issues_url":"https://github.com/chef-cookbooks/ohai/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/ohai/resources/hint.rb b/cookbooks/ohai/resources/hint.rb index 02b43c9..b257b9b 100644 --- a/cookbooks/ohai/resources/hint.rb +++ b/cookbooks/ohai/resources/hint.rb @@ -1,3 +1,7 @@ + +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :ohai_hint + property :hint_name, String, name_property: true property :content, Hash property :compile_time, [true, false], default: true @@ -8,14 +12,14 @@ action :create do recursive true end - file ohai_hint_path do + file ohai_hint_file_path(new_resource.hint_name) do action :create - content build_content + content format_content(new_resource.content) end end action :delete do - file ohai_hint_path do + file ohai_hint_file_path(new_resource.hint_name) do # ~FC009 action :delete notifies :reload, ohai[reload ohai post hint removal] end @@ -25,25 +29,8 @@ action :delete do end end -action_class.class_eval do - def ohai_hint_path - path = ::File.join(::Ohai::Config.ohai.hints_path.first, new_resource.hint_name) - path << '.json' unless path.end_with?('.json') - path - end - - def build_content - # passing nil to file produces deprecation warnings so pass an empty string - return nil if new_resource.content.nil? || new_resource.content.empty? - JSON.pretty_generate(new_resource.content) - end - - def file_content(path) - return JSON.parse(::File.read(path)) - rescue JSON::ParserError - Chef::Log.debug("Could not parse JSON in ohai hint at #{ohai_hint_path}. It's probably an empty hint file") - return nil - end +action_class do + include OhaiCookbook::HintHelpers end # this resource forces itself to run at compile_time diff --git a/cookbooks/ohai/resources/plugin.rb b/cookbooks/ohai/resources/plugin.rb index 734a220..cf6b754 100644 --- a/cookbooks/ohai/resources/plugin.rb +++ b/cookbooks/ohai/resources/plugin.rb @@ -56,56 +56,8 @@ action :delete do end end -action_class.class_eval do - # return the path property if specified or - # CHEF_CONFIG_PATH/ohai/plugins if a path isn't specified - def desired_plugin_path - if new_resource.path - new_resource.path - else - ::File.join(chef_config_path, 'ohai', 'plugins') - end - end - - # return the chef config files dir or fail hard - def chef_config_path - if Chef::Config['config_file'] - ::File.dirname(Chef::Config['config_file']) - else - Chef::Application.fatal!("No chef config file defined. Are you running \ -chef-solo? If so you will need to define a path for the ohai_plugin as the \ -path cannot be determined") - end - end - - # is the desired plugin dir in the ohai config plugin dir array? - def in_plugin_path?(path) - # get the directory where we plan to stick the plugin (not the actual file path) - desired_dir = ::File.directory?(path) ? path : ::File.dirname(path) - - case node['platform'] - when 'windows' - ::Ohai::Config.ohai['plugin_path'].map(&:downcase).include?(desired_dir.downcase) - else - ::Ohai::Config.ohai['plugin_path'].include?(desired_dir) - end - end - - def add_to_plugin_path(path) - ::Ohai::Config.ohai['plugin_path'] << path # new format - end - - # we need to warn the user that unless the path for this plugin is in Ohai's - # plugin path already we're going to have to reload Ohai on every Chef run. - # Ideally in future versions of Ohai /etc/chef/ohai/plugins is in the path. - def plugin_path_warning - Chef::Log.warn("The Ohai plugin_path does not include #{desired_plugin_path}. \ -Ohai will reload on each chef-client run in order to add this directory to the \ -path unless you modify your client.rb configuration to add this directory to \ -plugin_path. The plugin_path can be set via the chef-client::config recipe. \ -See 'Ohai Settings' at https://docs.chef.io/config_rb_client.html#ohai-settings \ -for more details.") - end +action_class do + include OhaiCookbook::PluginHelpers end # this resource forces itself to run at compile_time diff --git a/cookbooks/openssl/.foodcritic b/cookbooks/openssl/.foodcritic deleted file mode 100644 index b9f8767..0000000 --- a/cookbooks/openssl/.foodcritic +++ /dev/null @@ -1 +0,0 @@ -~FC016 diff --git a/cookbooks/openssl/CHANGELOG.md b/cookbooks/openssl/CHANGELOG.md index d323a3b..9b72498 100644 --- a/cookbooks/openssl/CHANGELOG.md +++ b/cookbooks/openssl/CHANGELOG.md @@ -2,6 +2,100 @@ This file is used to list changes made in each version of the openssl cookbook. +## 8.5.5 (2018-09-04) + +All resources in this cookbook are now built into Chef 14.4+. When Chef 15.4 is released (April 2019) the resources will be removed from this cookbook as all users should be running Chef 14.4 or later at that point. + +## 8.5.4 (2018-08-29) + +- Add missing email documentation for the request property +- Fix x509_crl to work on non-Linux platforms +- Attribute -> Property in the readme +- revokation -> revocation in the readme +- Update group/owner documentation +- Avoid deprecation warnings on Chef 14.3+ + +## 8.5.3 (2018-08-15) + +- Call ::OpenSSL not OpenSSL to be more defensive in the helpers + +## 8.5.2 (2018-08-14) + +- Back out mode change in ec_private_key + +## 8.5.1 (2018-08-14) + +- Add license headers to the resources +- Remove default_action setup from the resources since this is done automatically in custom resources now +- Make sure to use the path name_property when creating the ec public key file +- Make sure we're using openssl and not Chef's Openssl class +- Simplify how we handle user/group properties + +## 8.5.0 (2018-08-02) + +- Use the system provided owner/group defaults in resources +- Added new openssl_x509_crl resource +- Fix openssl_ec_public_key with documentation & tests +- Few corrections in the documentation +- Fix backward compatibility with chef client 12 + +## 8.4.0 (2018-07-30) + +This release is brought to you by Institut National de l'Audiovisuel, which contributed the following changes: + +- openssl_x509 is renamed to openssl_x509_certificate with backwards compatibility for the old name +- openssl_x509_certificate can now generate a signed certificate with a provided CA cert & key +- openssl_x509_certificate now support x509 extensions +- openssl_x509_certificate now support x509 csr +- openssl_x509_certificate now generate a random serial for the certificate +- openssl_x509_certificate expires has now a default value : 365 +- country field is now mandatory in x509_request +- the private key file is not rewrited in x509_request if it already exist + +## 8.3.0 (2018-07-25) + +- Add resource x509_request + +## 8.2.0 (2018-07-23) + +- Add ec_private_key & ec_public_key resources + +## 8.1.2 (2018-02-09) + +- Fix typo in resources that caused failures on Windows. +- Properly reference key_cipher in the readme + +## 8.1.1 (2018-01-05) + +- Add YARD comments to all the helpers +- Move valid ciphers directly into the equal_to check +- Remove the Chefspec matchers since modern ChefSpec does this automatically +- Fix failures on Windows nodes + +## 8.1.0 (2017-12-28) + +- Adding x509 support for /ST and /L +- Allow passing private key content to rsa_public_key resource via property +- Fix openssl_rsa_public_key converging on every run +- Fix undefied method "cipher" error in openssl_rsa_private_key resource + +## 8.0.0 (2017-12-11) + +- Added a new openssl_rsa_public_key resource which generates a public key from a private key +- Rename openssl_rsa_key to openssl_rsa_private_key, while still allowing the old name to function. This resource actually generates private keys, but the previous name didn't make that clear +- Added owner, group, and mode properties to all of the resources so you could control who owned the files you generated +- Set the default modes of generated files to 640 instead of 644 +- Set the files to generate using node['root_group'] not 'root' for compatibility on other *nix systems such as FreeBSD and macOS +- Added a new property to openssl_rsa_private_key for specifying the cipher to use +- Converted integration tests to InSpec and moved all resources to a single Kitchen suite for quicker testing +- Added a force property to allow overwriting any existing key that may exist +- Fixed upgrade recipe failures on Debian 9 +- Added a new path property which allows you to set the path there instead of in the resource's name +- Improved input validation in some of the helpers +- Added a deprecation message in Opscode::OpenSSL::Password helper "secure_password" and removed readme documentation +- Added a warning in the upgrade recipe if we're on an unsupported platform +- Switched the upgrade recipe to a multipackage upgrade to speed up Chef runs + ## 7.1.0 (2017-05-30) - Add supported platforms to the metdata diff --git a/cookbooks/openssl/MAINTAINERS.md b/cookbooks/openssl/MAINTAINERS.md deleted file mode 100644 index 645ed14..0000000 --- a/cookbooks/openssl/MAINTAINERS.md +++ /dev/null @@ -1,15 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/openssl/README.md b/cookbooks/openssl/README.md index 64c56ad..f279d10 100644 --- a/cookbooks/openssl/README.md +++ b/cookbooks/openssl/README.md @@ -6,22 +6,26 @@ This cookbook provides tools for working with the Ruby OpenSSL library. It inclu - A library method to generate secure random passwords in recipes, using the Ruby SecureRandom library. - A resource for generating RSA private keys. +- A resource for generating RSA public keys. +- A resource for generating EC private keys. +- A resource for generating EC public keys. - A resource for generating x509 certificates. +- A resource for generating x509 requests. +- A resource for generating x509 crl. - A resource for generating dhparam.pem files. - An attribute-driven recipe for upgrading OpenSSL packages. +NOTE: All resources in this cookbook are now built-into Chef 14.4 and later so this cookbook is no longer necessary to use those resources. When Chef 15.4 is released (Aug 2019) the resources will be removed from this cookbook as all users should be running Chef 14.4 or later. + ## Platforms -The `random_password` mixin works on any platform with the Ruby SecureRandom module. This module is already included with Chef. - -The `openssl_x509`, `openssl_rsa_key` and `openssl_dhparam` resources work on any platform with the OpenSSL Ruby bindings installed. These bindings are already included with Chef. - -The `upgrade` recipe has been tested on the following platforms: - - Debian / Ubuntu derivatives -- RHEL and derivatives - Fedora +- FreeBSD +- macOS - openSUSE / SUSE Linux Enterprises +- RHEL/CentOS/Scientific/Amazon/Oracle +- Solaris ## Chef @@ -37,10 +41,6 @@ The `upgrade` recipe has been tested on the following platforms: ## Recipes -### default - -An empty placeholder recipe. Takes no action. - ### upgrade The upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute, and manages them with the `:upgrade` action. Each package will send a `:restart` notification to service resources named in the `node['openssl']['restart_services']` attribute. @@ -62,7 +62,7 @@ include_recipe 'openssl::upgrade' When executed, this recipe will ensure that openssl is upgraded to the latest version, and that the `stats_collector` service is restarted to pick up the latest security fixes released in the openssl package. -## Libraries & Resources +## Libraries There are two mixins packaged with this cookbook. @@ -83,39 +83,41 @@ node.normal['my_secure_attribute'] = random_password(length: 50, mode: :base64, Note that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk. -### ~~secure_password (`Opscode::OpenSSL::Password`)~~ +## Resources -This library should be considered deprecated and will be removed in a future version. Please use `OpenSSLCookbook::RandomPassword` instead. The documentation is kept here for historical reasons. +### openssl_x509_certificate -#### ~~Example Usage~~ +This resource generates signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. -```ruby -::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) -node.normal_unless['my_password'] = secure_password -``` +Note: This resource was renamed from openssl_x509 to openssl_x509_certificate. The legacy name will continue to function, but cookbook code should be updated for the new resource name. -~~Note that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.~~ +#### Properties -### openssl_x509 - -This resource generates self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. - -#### Attributes - -Name | Type | Description ------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -`common_name` | String (Required) | Value for the `CN` certificate field. -`org` | String (Required) | Value for the `O` certificate field. -`org_unit` | String (Required) | Value for the `OU` certificate field. -`country` | String (Required) | Value for the `C` ssl field. -`expire` | Fixnum (Optional) | Value representing the number of days from _now_ through which the issued certificate cert will remain valid. The certificate will expire after this period. -`subject_alt_name` | Array (Optional) | Array of _Subject Alternative Name_ entries, in format `DNS:example.com` or `IP:1.2.3.4` _Default: empty_ -`key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` attribute is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` attribute is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate. -`key_pass` | String (Optional) | The passphrase for an existing key's passphrase -`key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ -`owner` | String (optional) | The owner of all files created by the resource. _Default: "root"_ -`group` | String (optional) | The group of all files created by the resource. _Default: "root"_ -`mode` | String or Fixnum (Optional) | The permission mode of all files created by the resource. _Default: "0400"_ +Name | Type | Description +------------------ | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`common_name` | String (Optional) | Value for the `CN` certificate field. +`org` | String (Optional) | Value for the `O` certificate field. +`org_unit` | String (Optional) | Value for the `OU` certificate field. +`city` | String (Optional) | Value for the `L` certificate field. +`state` | String (Optional) | Value for the `ST` certificate field. +`country` | String (Optional) | Value for the `C` ssl field. +`email` | String (Optional) | Value for the `email` ssl field. +`expire` | Integer (Optional) | Value representing the number of days from _now_ through which the issued certificate cert will remain valid. The certificate will expire after this period. _Default: 365 +`extensions` | Hash (Optional) | Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }` _Default: empty_ +`subject_alt_name` | Array (Optional) | Array of _Subject Alternative Name_ entries, in format `DNS:example.com` or `IP:1.2.3.4` _Default: empty_ +`key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate. +`key_pass` | String (Optional) | The passphrase for an existing key's passphrase +`key_type` | String (Optional) | The desired type of the generated key (rsa or ec). _Default: rsa_ +`key_length` | Integer (Optional) | The desired Bit Length of the generated key (if key_type is equal to 'rsa'). _Default: 2048_ +`key_curve` | String (Optional) | The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options. _Default: prime256v1_ +`csr_file` | String (Optional) | The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last). +`ca_cert_file` | String (Optional) | The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them. +`ca_key_file` | String (Optional) | The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file' property must also be specified, the certificate will be signed with them. +`ca_key_pass` | String (Optional) | The passphrase for CA private key's passphrase +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. #### Example Usage @@ -132,19 +134,131 @@ end When executed, this recipe will generate a key certificate at `/etc/httpd/ssl/mycert.key`. It will then use that key to generate a new certificate file at `/etc/httpd/ssl/mycert.pem`. +In this example, an administrator wishes to create a x509 certificate signed with a CA certificate and key. In order to create the certificate, the administrator crafts this recipe: + +```ruby +openssl_x509_certificate '/etc/ssl_test/my_signed_cert.crt' do + common_name 'www.f00bar.com' + ca_key_file '/etc/ssl_test/my_ca.key' + ca_cert_file '/etc/ssl_test/my_ca.crt' + expire 365 + extensions( + 'keyUsage' => { + 'values' => %w( + keyEncipherment + digitalSignature), + 'critical' => true, + }, + 'extendedKeyUsage' => { + 'values' => %w(serverAuth), + 'critical' => false, + } + ) + subject_alt_name ['IP:127.0.0.1', 'DNS:localhost.localdomain'] +end +``` + +When executed, this recipe will generate a key certificate at `/etc/ssl_test/my_signed_cert.key`. It will then use that key to generate a CSR and signed it with `my_ca.key/my_ca.crt`. A new certificate file at `/etc/ssl_test/my_signed_cert.cert` will be created as a result. + + +### openssl_x509_request + +This resource generates PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. + +#### Properties + +Name | Type | Description +--------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`common_name` | String (Required) | Value for the `CN` certificate field. +`org` | String (Optional) | Value for the `O` certificate field. +`org_unit` | String (Optional) | Value for the `OU` certificate field. +`city` | String (Optional) | Value for the `L` certificate field. +`state` | String (Optional) | Value for the `ST` certificate field. +`country` | String (Optional) | Value for the `C` ssl field. +`email` | String (Optional) | Value for the `email` ssl field. +`key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate. +`key_pass` | String (Optional) | The passphrase for an existing key's passphrase +`key_type` | String (Optional) | The desired type of the generated key (rsa or ec). _Default: ec_ +`key_length` | Integer (Optional) | The desired Bit Length of the generated key (if key_type is equal to 'rsa'). _Default: 2048_ +`key_curve` | String (Optional) | The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options. _Default: prime256v1 +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. + +#### Example Usage + +In this example, an administrator wishes to create a x509 CRL. In order to create the CRL, the administrator crafts this recipe: + +```ruby +openssl_x509_request '/etc/ssl_test/my_ec_request.csr' do + common_name 'myecrequest.example.com' + org 'Test Kitchen Example' + org_unit 'Kitchens' + country 'UK' +end +``` + +When executed, this recipe will generate a key certificate at `/etc/httpd/ssl/my_ec_request.key`. It will then use that key to generate a new csr file at `/etc/ssl_test/my_ec_request.csr`. + +### openssl_x509_crl + +This resource generates PEM-formatted x509 CRL. + +#### Properties + +Name | Type | Description +--------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`serial_to_revoke` | String or Integer(Optional) | Serial of the X509 Certificate to revoke +`revocation_reason` | String or Integer(Optional) | [Reason of the revocation]((https://en.wikipedia.org/wiki/Certificate_revocation_list#Reasons_for_revocation)) _Default: 0_ +`expire` | Integer (Optional) | Value representing the number of days from _now_ through which the issued CRL will remain valid. The CRL will expire after this period. _Default: 8_ +`renewal_threshold` | Integer (Optional) | Number of days before the expiration. It this threshold is reached, the CRL will be renewed _Default: 1_ +`ca_cert_file` | String (Required) | The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the CRL will be signed with them. +`ca_key_file` | String (Required) | The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file' property must also be specified, the CRL will be signed with them. +`ca_key_pass` | String (Optional) | The passphrase for CA private key's passphrase +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. + + +#### Example Usage + +In this example, an administrator wishes to create an empty X509 CRL. In order to create the CRL, the administrator crafts this recipe: + +```ruby +openssl_x509_crl '/etc/ssl_test/my_ca.crl' do + ca_cert_file '/etc/ssl_test/my_ca.crt' + ca_key_file '/etc/ssl_test/my_ca.key' +end +``` + +When executed, this recipe will generate a new CRL file at `/etc/ssl_test/my_ca.crl`. + +In this example, an administrator wishes to revoke a certificate in an existing X509 CRL. + +```ruby +openssl_x509_crl '/etc/ssl_test/my_ca.crl' do + ca_cert_file '/etc/ssl_test/my_ca.crt' + ca_key_file '/etc/ssl_test/my_ca.key' + serial_to_revoke C7BCB6602A2E4251EF4E2827A228CB52BC0CEA2F +end +``` + ### openssl_dhparam This resource generates dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten. -#### Attributes +#### Properties -Name | Type | Description ------------- | --------------------------- | --------------------------------------------------------------------------- -`key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ -`generator` | Fixnum (Optional) | The desired Diffie-Hellmann generator. Can be _2_ or _5_. -`owner` | String (optional) | The owner of all files created by the resource. _Default: "root"_ -`group` | String (optional) | The group of all files created by the resource. _Default: "root"_ -`mode` | String or Fixnum (Optional) | The permission mode of all files created by the resource. _Default: "0644"_ +Name | Type | Description +------------ | ---------------------------- | --------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`key_length` | Integer (Optional) | The desired Bit Length of the generated key. _Default: 2048_ +`generator` | Integer (Optional) | The desired Diffie-Hellmann generator. Can be _2_ or _5_. +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: "0640"_ #### Example Usage @@ -159,42 +273,135 @@ end When executed, this recipe will generate a dhparam file at `/etc/httpd/ssl/dhparam.pem`. -### openssl_rsa_key +### openssl_rsa_private_key -This resource generates rsa key files. If a valid rsa key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten. +This resource generates rsa private key files. If a valid rsa key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten. -#### Attributes +Note: This resource was renamed from openssl_rsa_key to openssl_rsa_private_key. The legacy name will continue to function, but cookbook code should be updated for the new resource name. -Name | Type | Description ------------- | --------------------------- | --------------------------------------------------------------------------- -`key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ -`key_pass` | String (Optional) | The desired passphrase for the key. -`owner` | String (optional) | The owner of all files created by the resource. _Default: "root"_ -`group` | String (optional) | The group of all files created by the resource. _Default: "root"_ -`mode` | String or Fixnum (Optional) | The permission mode of all files created by the resource. _Default: "0644"_ +#### Properties + +Name | Type | Description +------------ | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`key_length` | Integer (Optional) | The desired Bit Length of the generated key. _Default: 2048_ +`key_cipher` | String (Optional) | The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options. _Default: des3_ +`key_pass` | String (Optional) | The desired passphrase for the key. +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: "0640"_ +`force` | true/false (Optional) | Force creating the key even if the existing key exists. _Default: false_ #### Example Usage In this example, an administrator wishes to create a new RSA private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe: ```ruby -openssl_rsa_key '/etc/httpd/ssl/server.key' do +openssl_rsa_private_key '/etc/httpd/ssl/server.key' do key_length 2048 end ``` When executed, this recipe will generate a passwordless RSA key file at `/etc/httpd/ssl/server.key`. -## License and Author +### openssl_rsa_public_key -Author:: Jesse Nelson ([spheromak@gmail.com](mailto:spheromak@gmail.com))
-Author:: Seth Vargo ([sethvargo@gmail.com](mailto:sethvargo@gmail.com))
-Author:: Charles Johnson ([charles@chef.io](mailto:charles@chef.io))
-Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io)) +This resource generates rsa public key files given a private key. -```text -Copyright:: 2009-2016, Chef Software, Inc +#### Properties +Name | Type | Description +--------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`private_key_path` | String (Required unless private_key_content used) | The path to the private key to generate the public key from +`private_key_content` | String (Required unless private_key_path used) | The content of the private key including new lines. Used if you don't want to write a private key to disk and use `private_key_path`. +`private_key_pass` | String (Optional) | The passphrase of the provided private key +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: "0640"_ + +**Note**: To use `private_key_content` the private key string must be properly formatted including new lines. The easiest way to get the right string is to run the following from irb (/opt/chefdk/embedded/bin/irb from ChefDK) + +```ruby +File.read('/foo/bar/private.pem') +``` + +#### Example Usage + +```ruby +openssl_rsa_public_key '/etc/foo/something.pub' do + priv_key_path '/etc/foo/something.pem' +end +``` + +### openssl_ec_private_key + +This resource generates ec private key files. If a valid ec key file can be opened at the specified location, no new file will be created. If the EC key file cannot be opened, either because it does not exist or because the password to the EC key file does not match the password in the recipe, it will be overwritten. + +#### Properties + +Name | Type | Description +------------ | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`key_curve` | String (Optional) | The desired curve of the generated key. Run `openssl ecparam -list_curves` to see available options. _Default: prime256v1 +`key_cipher` | String (Optional) | The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options. _Default: des3_ +`key_pass` | String (Optional) | The desired passphrase for the key. +`owner` | String (optional) | The owner of all files created by the resource. +`group` | String (optional) | The group of all files created by the resource. +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: "0640"_ +`force` | true/false (Optional) | Force creating the key even if the existing key exists. _Default: false_ + +#### Example Usage + +In this example, an administrator wishes to create a new EC private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe: + +```ruby +openssl_ec_private_key '/etc/httpd/ssl/server.key' do + key_curve "prime256v1' +end +``` + +When executed, this recipe will generate a passwordless EC key file at `/etc/httpd/ssl/server.key`. + +### openssl_ec_public_key + +This resource generates ec public key files given a private key. + +#### Properties + +Name | Type | Description +--------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- +`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name +`private_key_path` | String (Required unless private_key_content used) | The path to the private key to generate the public key from +`private_key_content` | String (Required unless private_key_path used) | The content of the private key including new lines. Used if you don't want to write a private key to disk and use `private_key_path`. +`private_key_pass` | String (Optional) | The passphrase of the provided private key +`owner` | String (optional) | The owner of all files created by the resource. _Default: "root"_ +`group` | String (optional) | The group of all files created by the resource. _Default: "root or wheel depending on platform"_ +`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: "0640"_ + +**Note**: To use `private_key_content` the private key string must be properly formatted including new lines. The easiest way to get the right string is to run the following from irb (/opt/chefdk/embedded/bin/irb from ChefDK) + +```ruby +File.read('/foo/bar/private.pem') +``` + +#### Example Usage + +```ruby +openssl_ec_public_key '/etc/foo/something.pub' do + priv_key_path '/etc/foo/something.pem' +end +``` + +## Maintainers + +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) + +## License + +**Copyright:** 2009-2018, Chef Software, Inc. + +``` Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/cookbooks/openssl/libraries/helpers.rb b/cookbooks/openssl/libraries/helpers.rb index 4bb17d3..e6386d3 100644 --- a/cookbooks/openssl/libraries/helpers.rb +++ b/cookbooks/openssl/libraries/helpers.rb @@ -1,60 +1,399 @@ +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + module OpenSSLCookbook # Helper functions for the OpenSSL cookbook. module Helpers def self.included(_base) - require 'openssl' unless defined?(OpenSSL) + require 'openssl' unless defined?(::OpenSSL) end - # Path helpers + # determine the key filename from the cert filename + # @param [String] cert_filename the path to the certfile + # @return [String] the path to the keyfile def get_key_filename(cert_filename) cert_file_path, cert_filename = ::File.split(cert_filename) cert_filename = ::File.basename(cert_filename, ::File.extname(cert_filename)) cert_file_path + ::File::SEPARATOR + cert_filename + '.key' end - # Validation helpers + # is the key length a valid key length + # @param [Integer] number + # @return [Boolean] is length valid def key_length_valid?(number) - number >= 1024 && number & (number - 1) == 0 + number >= 1024 && (number & (number - 1) == 0) end + # validate a dhparam file from path + # @param [String] dhparam_pem_path the path to the pem file + # @return [Boolean] is the key valid def dhparam_pem_valid?(dhparam_pem_path) # Check if the dhparam.pem file exists # Verify the dhparam.pem file contains a key return false unless ::File.exist?(dhparam_pem_path) - dhparam = OpenSSL::PKey::DH.new File.read(dhparam_pem_path) + dhparam = ::OpenSSL::PKey::DH.new File.read(dhparam_pem_path) dhparam.params_ok? end - def key_file_valid?(key_file_path, key_password = nil) - # Check if the key file exists - # Verify the key file contains a private key - return false unless ::File.exist?(key_file_path) - key = OpenSSL::PKey::RSA.new File.read(key_file_path), key_password - key.private? + # given either a key file path or key file content see if it's actually + # a private key + # @param [String] key_file the path to the keyfile or the key contents + # @param [String] key_password optional password to the keyfile + # @return [Boolean] is the key valid? + def priv_key_file_valid?(key_file, key_password = nil) + # if the file exists try to read the content + # if not assume we were passed the key and set the string to the content + key_content = ::File.exist?(key_file) ? File.read(key_file) : key_file + + begin + key = ::OpenSSL::PKey.read key_content, key_password + rescue ::OpenSSL::PKey::PKeyError, ArgumentError + return false + end + + if key.is_a?(::OpenSSL::PKey::EC) + key.private_key? + else + key.private? + end end - # Generators + # given a crl file path see if it's actually a crl + # @param [String] crl_file the path to the crlfile + # @return [Boolean] is the key valid? + def crl_file_valid?(crl_file) + begin + ::OpenSSL::X509::CRL.new ::File.read(crl_file) + rescue ::OpenSSL::X509::CRLError, Errno::ENOENT + return false + end + true + end + + # check is a serial given is revoked in a crl given + # @param [OpenSSL::X509::CRL] crl X509 CRL to check + # @param [String, Integer] serial X509 Certificate Serial Number + # @return [true, false] + def serial_revoked?(crl, serial) + raise TypeError, 'crl must be a Ruby OpenSSL::X509::CRL object' unless crl.is_a?(::OpenSSL::X509::CRL) + raise TypeError, 'serial must be a Ruby String or Integer object' unless serial.is_a?(String) || serial.is_a?(Integer) + + serial_to_verify = if serial.is_a?(String) + serial.to_i(16) + else + serial + end + status = false + crl.revoked.each do |revoked| + status = true if revoked.serial == serial_to_verify + end + status + end + + # generate a dhparam file + # @param [String] key_length the length of the key + # @param [Integer] generator the dhparam generator to use + # @return [OpenSSL::PKey::DH] def gen_dhparam(key_length, generator) raise ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length) raise TypeError, 'Generator must be an integer' unless generator.is_a?(Integer) - OpenSSL::PKey::DH.new(key_length, generator) + ::OpenSSL::PKey::DH.new(key_length, generator) end - def gen_rsa_key(key_length) + # generate an RSA private key given key length + # @param [Integer] key_length the key length of the private key + # @return [OpenSSL::PKey::DH] + def gen_rsa_priv_key(key_length) raise ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length) - OpenSSL::PKey::RSA.new(key_length) + ::OpenSSL::PKey::RSA.new(key_length) end - # Key manipulation helpers - # Returns a pem string - def encrypt_rsa_key(rsa_key, key_password) - raise TypeError, 'rsa_key must be a Ruby OpenSSL::PKey::RSA object' unless rsa_key.is_a?(OpenSSL::PKey::RSA) - raise TypeError, 'RSA key password must be a string' unless key_password.is_a?(String) + # generate pem format of the public key given a private key + # @param [String] priv_key either the contents of the private key or the path to the file + # @param [String] priv_key_password optional password for the private key + # @return [String] pem format of the public key + def gen_rsa_pub_key(priv_key, priv_key_password = nil) + # if the file exists try to read the content + # if not assume we were passed the key and set the string to the content + key_content = ::File.exist?(priv_key) ? File.read(priv_key) : priv_key + key = ::OpenSSL::PKey::RSA.new key_content, priv_key_password + key.public_key.to_pem + end - cipher = OpenSSL::Cipher::Cipher.new('des3') + # generate a pem file given a cipher, key, an optional key_password + # @param [OpenSSL::PKey::RSA] rsa_key the private key object + # @param [String] key_password the password for the private key + # @param [String] key_cipher the cipher to use + # @return [String] pem contents + def encrypt_rsa_key(rsa_key, key_password, key_cipher) + raise TypeError, 'rsa_key must be a Ruby OpenSSL::PKey::RSA object' unless rsa_key.is_a?(::OpenSSL::PKey::RSA) + raise TypeError, 'key_password must be a string' unless key_password.is_a?(String) + raise TypeError, 'key_cipher must be a string' unless key_cipher.is_a?(String) + raise ArgumentError, 'Specified key_cipher is not available on this system' unless ::OpenSSL::Cipher.ciphers.include?(key_cipher) + + cipher = ::OpenSSL::Cipher.new(key_cipher) rsa_key.to_pem(cipher, key_password) end + + # generate an ec private key given curve type + # @param [String] curve the kind of curve to use + # @return [OpenSSL::PKey::DH] + def gen_ec_priv_key(curve) + raise TypeError, 'curve must be a string' unless curve.is_a?(String) + raise ArgumentError, 'Specified curve is not available on this system' unless curve == 'prime256v1' || curve == 'secp384r1' || curve == 'secp521r1' + ::OpenSSL::PKey::EC.new(curve).generate_key + end + + # generate pem format of the public key given a private key + # @param [String] priv_key either the contents of the private key or the path to the file + # @param [String] priv_key_password optional password for the private key + # @return [String] pem format of the public key + def gen_ec_pub_key(priv_key, priv_key_password = nil) + # if the file exists try to read the content + # if not assume we were passed the key and set the string to the content + key_content = ::File.exist?(priv_key) ? File.read(priv_key) : priv_key + key = ::OpenSSL::PKey::EC.new key_content, priv_key_password + + # Get curve type (prime256v1...) + group = ::OpenSSL::PKey::EC::Group.new(key.group.curve_name) + # Get Generator point & public point (priv * generator) + generator = group.generator + pub_point = generator.mul(key.private_key) + key.public_key = pub_point + + # Public Key in pem + public_key = ::OpenSSL::PKey::EC.new + public_key.group = group + public_key.public_key = pub_point + public_key.to_pem + end + + # generate a pem file given a cipher, key, an optional key_password + # @param [OpenSSL::PKey::EC] ec_key the private key object + # @param [String] key_password the password for the private key + # @param [String] key_cipher the cipher to use + # @return [String] pem contents + def encrypt_ec_key(ec_key, key_password, key_cipher) + raise TypeError, 'ec_key must be a Ruby OpenSSL::PKey::EC object' unless ec_key.is_a?(::OpenSSL::PKey::EC) + raise TypeError, 'key_password must be a string' unless key_password.is_a?(String) + raise TypeError, 'key_cipher must be a string' unless key_cipher.is_a?(String) + raise ArgumentError, 'Specified key_cipher is not available on this system' unless ::OpenSSL::Cipher.ciphers.include?(key_cipher) + + cipher = ::OpenSSL::Cipher.new(key_cipher) + ec_key.to_pem(cipher, key_password) + end + + # generate a csr pem file given a subject and a private key + # @param [OpenSSL::X509::Name] subject the x509 subject object + # @param [OpenSSL::PKey::EC, OpenSSL::PKey::RSA] key the private key object + # @return [OpenSSL::X509::Request] + def gen_x509_request(subject, key) + raise TypeError, 'subject must be a Ruby OpenSSL::X509::Name object' unless subject.is_a?(::OpenSSL::X509::Name) + raise TypeError, 'key must be a Ruby OpenSSL::PKey::EC or a Ruby OpenSSL::PKey::RSA object' unless key.is_a?(::OpenSSL::PKey::EC) || key.is_a?(::OpenSSL::PKey::RSA) + + request = ::OpenSSL::X509::Request.new + request.version = 0 + request.subject = subject + request.public_key = key + + # Chef 12 backward compatibility + ::OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?) + + request.sign(key, ::OpenSSL::Digest::SHA256.new) + request + end + + # generate an array of X509 Extensions given a hash of extensions + # @param [Hash] extensions hash of extensions + # @return [Array] + def gen_x509_extensions(extensions) + raise TypeError, 'extensions must be a Ruby Hash object' unless extensions.is_a?(Hash) + + exts = [] + extensions.each do |ext_name, ext_prop| + raise TypeError, "#{ext_name} must contain a Ruby Hash" unless ext_prop.is_a?(Hash) + raise ArgumentError, "keys in #{ext_name} must be 'values' and 'critical'" unless ext_prop.key?('values') && ext_prop.key?('critical') + raise TypeError, "the key 'values' must contain a Ruby Arrays" unless ext_prop['values'].is_a?(Array) + raise TypeError, "the key 'critical' must be a Ruby Boolean true/false" unless ext_prop['critical'].is_a?(TrueClass) || ext_prop['critical'].is_a?(FalseClass) + + exts << ::OpenSSL::X509::ExtensionFactory.new.create_extension(ext_name, ext_prop['values'].join(','), ext_prop['critical']) + end + exts + end + + # generate a random Serial + # @return [Integer] + def gen_serial + ::OpenSSL::BN.generate_prime(160) + end + + # generate a Certificate given a X509 request + # @param [OpenSSL::X509::Request] request X509 Certificate Request + # @param [Array] extension Array of X509 Certificate Extension + # @param [Hash] info issuer & validity + # @param [OpenSSL::PKey::EC, OpenSSL::PKey::RSA] key private key to sign with + # @return [OpenSSL::X509::Certificate] + def gen_x509_cert(request, extension, info, key) + raise TypeError, 'request must be a Ruby OpenSSL::X509::Request' unless request.is_a?(::OpenSSL::X509::Request) + raise TypeError, 'extension must be a Ruby Array' unless extension.is_a?(Array) + raise TypeError, 'info must be a Ruby Hash' unless info.is_a?(Hash) + raise TypeError, 'key must be a Ruby OpenSSL::PKey::EC object or a Ruby OpenSSL::PKey::RSA object' unless key.is_a?(::OpenSSL::PKey::EC) || key.is_a?(::OpenSSL::PKey::RSA) + + raise ArgumentError, 'info must contain a validity' unless info.key?('validity') + raise TypeError, 'info[\'validity\'] must be a Ruby Integer object' unless info['validity'].is_a?(Integer) + + cert = ::OpenSSL::X509::Certificate.new + ef = ::OpenSSL::X509::ExtensionFactory.new + + cert.serial = gen_serial() + cert.version = 2 + cert.subject = request.subject + cert.public_key = request.public_key + cert.not_before = Time.now + cert.not_after = cert.not_before + info['validity'] * 24 * 60 * 60 + + if info['issuer'].nil? + cert.issuer = request.subject + ef.issuer_certificate = cert + extension << ef.create_extension('basicConstraints', 'CA:TRUE', true) + else + raise TypeError, 'info[\'issuer\'] must be a Ruby OpenSSL::X509::Certificate object' unless info['issuer'].is_a?(::OpenSSL::X509::Certificate) + cert.issuer = info['issuer'].subject + ef.issuer_certificate = info['issuer'] + end + ef.subject_certificate = cert + ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE) + + cert.extensions = extension + cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash') + cert.add_extension ef.create_extension('authorityKeyIdentifier', + 'keyid:always,issuer:always') + + cert.sign(key, ::OpenSSL::Digest::SHA256.new) + cert + end + + # generate a X509 CRL given a CA + # @param [OpenSSL::PKey::EC, OpenSSL::PKey::RSA] ca_private_key private key from the CA + # @param [Hash] info issuer & validity + # @return [OpenSSL::X509::CRL] + def gen_x509_crl(ca_private_key, info) + raise TypeError, 'ca_private_key must be a Ruby OpenSSL::PKey::EC object or a Ruby OpenSSL::PKey::RSA object' unless ca_private_key.is_a?(::OpenSSL::PKey::EC) || ca_private_key.is_a?(::OpenSSL::PKey::RSA) + raise TypeError, 'info must be a Ruby Hash' unless info.is_a?(Hash) + + raise ArgumentError, 'info must contain a issuer and a validity' unless info.key?('issuer') && info.key?('validity') + raise TypeError, 'info[\'issuer\'] must be a Ruby OpenSSL::X509::Certificate object' unless info['issuer'].is_a?(::OpenSSL::X509::Certificate) + raise TypeError, 'info[\'validity\'] must be a Ruby Integer object' unless info['validity'].is_a?(Integer) + + crl = ::OpenSSL::X509::CRL.new + ef = ::OpenSSL::X509::ExtensionFactory.new + + crl.version = 1 + crl.issuer = info['issuer'].subject + crl.last_update = Time.now + crl.next_update = Time.now + 3600 * 24 * info['validity'] + + ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE) + ef.issuer_certificate = info['issuer'] + + crl.add_extension ::OpenSSL::X509::Extension.new('crlNumber', ::OpenSSL::ASN1::Integer(1)) + crl.add_extension ef.create_extension('authorityKeyIdentifier', + 'keyid:always,issuer:always') + crl.sign(ca_private_key, ::OpenSSL::Digest::SHA256.new) + crl + end + + # generate the next CRL number available for a X509 CRL given + # @param [OpenSSL::X509::CRL] crl x509 CRL + # @return [Integer] + def get_next_crl_number(crl) + raise TypeError, 'crl must be a Ruby OpenSSL::X509::CRL object' unless crl.is_a?(::OpenSSL::X509::CRL) + crlnum = 1 + crl.extensions.each do |e| + crlnum = e.value if e.oid == 'crlNumber' + end + crlnum.to_i + 1 + end + + # add a serial given in the crl given + # @param [Hash] revoke_info serial to revoke & revokation reason + # @param [OpenSSL::X509::CRL] crl X509 CRL + # @param [OpenSSL::PKey::EC, OpenSSL::PKey::RSA] ca_private_key private key from the CA + # @param [Hash] info issuer & validity + # @return [OpenSSL::X509::CRL] + def revoke_x509_crl(revoke_info, crl, ca_private_key, info) + raise TypeError, 'revoke_info must be a Ruby Hash oject' unless revoke_info.is_a?(Hash) + raise TypeError, 'crl must be a Ruby OpenSSL::X509::CRL object' unless crl.is_a?(::OpenSSL::X509::CRL) + raise TypeError, 'ca_private_key must be a Ruby OpenSSL::PKey::EC object or a Ruby OpenSSL::PKey::RSA object' unless ca_private_key.is_a?(::OpenSSL::PKey::EC) || ca_private_key.is_a?(::OpenSSL::PKey::RSA) + raise TypeError, 'info must be a Ruby Hash' unless info.is_a?(Hash) + + raise ArgumentError, 'revoke_info must contain a serial and a reason' unless revoke_info.key?('serial') && revoke_info.key?('reason') + raise TypeError, 'revoke_info[\'serial\'] must be a Ruby String or Integer object' unless revoke_info['serial'].is_a?(String) || revoke_info['serial'].is_a?(Integer) + raise TypeError, 'revoke_info[\'reason\'] must be a Ruby Integer object' unless revoke_info['reason'].is_a?(Integer) + + raise ArgumentError, 'info must contain a issuer and a validity' unless info.key?('issuer') && info.key?('validity') + raise TypeError, 'info[\'issuer\'] must be a Ruby OpenSSL::X509::Certificate object' unless info['issuer'].is_a?(::OpenSSL::X509::Certificate) + raise TypeError, 'info[\'validity\'] must be a Ruby Integer object' unless info['validity'].is_a?(Integer) + + revoked = ::OpenSSL::X509::Revoked.new + revoked.serial = if revoke_info['serial'].is_a?(String) + revoke_info['serial'].to_i(16) + else + revoke_info['serial'] + end + revoked.time = Time.now + + ext = ::OpenSSL::X509::Extension.new('CRLReason', + ::OpenSSL::ASN1::Enumerated(revoke_info['reason'])) + revoked.add_extension(ext) + crl.add_revoked(revoked) + + crl = renew_x509_crl(crl, ca_private_key, info) + crl + end + + # renew a X509 crl given + # @param [OpenSSL::X509::CRL] crl CRL to renew + # @param [OpenSSL::PKey::EC, OpenSSL::PKey::RSA] ca_private_key private key from the CA + # @param [Hash] info issuer & validity + # @return [OpenSSL::X509::CRL] + def renew_x509_crl(crl, ca_private_key, info) + raise TypeError, 'crl must be a Ruby OpenSSL::X509::CRL object' unless crl.is_a?(::OpenSSL::X509::CRL) + raise TypeError, 'ca_private_key must be a Ruby OpenSSL::PKey::EC object or a Ruby OpenSSL::PKey::RSA object' unless ca_private_key.is_a?(::OpenSSL::PKey::EC) || ca_private_key.is_a?(::OpenSSL::PKey::RSA) + raise TypeError, 'info must be a Ruby Hash' unless info.is_a?(Hash) + + raise ArgumentError, 'info must contain a issuer and a validity' unless info.key?('issuer') && info.key?('validity') + raise TypeError, 'info[\'issuer\'] must be a Ruby OpenSSL::X509::Certificate object' unless info['issuer'].is_a?(::OpenSSL::X509::Certificate) + raise TypeError, 'info[\'validity\'] must be a Ruby Integer object' unless info['validity'].is_a?(Integer) + + crl.last_update = Time.now + crl.next_update = crl.last_update + 3600 * 24 * info['validity'] + + ef = ::OpenSSL::X509::ExtensionFactory.new + ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE) + ef.issuer_certificate = info['issuer'] + + crl.extensions = [ ::OpenSSL::X509::Extension.new('crlNumber', + ::OpenSSL::ASN1::Integer(get_next_crl_number(crl)))] + crl.add_extension ef.create_extension('authorityKeyIdentifier', + 'keyid:always,issuer:always') + crl.sign(ca_private_key, ::OpenSSL::Digest::SHA256.new) + crl + end end end diff --git a/cookbooks/openssl/libraries/matchers.rb b/cookbooks/openssl/libraries/matchers.rb deleted file mode 100644 index 59ee84c..0000000 --- a/cookbooks/openssl/libraries/matchers.rb +++ /dev/null @@ -1,13 +0,0 @@ -if defined?(ChefSpec) - def create_x509_certificate(name) - ChefSpec::Matchers::ResourceMatcher.new(:openssl_x509, :create, name) - end - - def create_dhparam_pem(name) - ChefSpec::Matchers::ResourceMatcher.new(:openssl_dhparam, :create, name) - end - - def create_rsa_key(name) - ChefSpec::Matchers::ResourceMatcher.new(:openssl_rsa_key, :create, name) - end -end diff --git a/cookbooks/openssl/libraries/secure_password.rb b/cookbooks/openssl/libraries/secure_password.rb index 90051da..acc7809 100644 --- a/cookbooks/openssl/libraries/secure_password.rb +++ b/cookbooks/openssl/libraries/secure_password.rb @@ -25,6 +25,8 @@ module Opscode # Generate secure passwords with OpenSSL module Password def secure_password(length = 20) + Chef::Log.warn('The Opscode::OpenSSL::Password helper "secure_password" has been deprecated. Use the random_password method in OpenSSLCookbook::RandomPassword instead.') + pw = '' while pw.length < length diff --git a/cookbooks/openssl/metadata.json b/cookbooks/openssl/metadata.json index b8ba6b8..0e11c2b 100644 --- a/cookbooks/openssl/metadata.json +++ b/cookbooks/openssl/metadata.json @@ -1 +1 @@ -{"name":"openssl","version":"7.1.0","description":"Provides a library with a method for generating secure random passwords.","long_description":"# OpenSSL Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/openssl.svg?branch=master)](http://travis-ci.org/chef-cookbooks/openssl) [![Cookbook Version](https://img.shields.io/cookbook/v/openssl.svg)](https://supermarket.chef.io/cookbooks/openssl)\n\nThis cookbook provides tools for working with the Ruby OpenSSL library. It includes:\n\n- A library method to generate secure random passwords in recipes, using the Ruby SecureRandom library.\n- A resource for generating RSA private keys.\n- A resource for generating x509 certificates.\n- A resource for generating dhparam.pem files.\n- An attribute-driven recipe for upgrading OpenSSL packages.\n\n## Platforms\n\nThe `random_password` mixin works on any platform with the Ruby SecureRandom module. This module is already included with Chef.\n\nThe `openssl_x509`, `openssl_rsa_key` and `openssl_dhparam` resources work on any platform with the OpenSSL Ruby bindings installed. These bindings are already included with Chef.\n\nThe `upgrade` recipe has been tested on the following platforms:\n\n- Debian / Ubuntu derivatives\n- RHEL and derivatives\n- Fedora\n- openSUSE / SUSE Linux Enterprises\n\n## Chef\n\n- Chef 12.7+\n\n## Cookbooks\n\n- none\n\n## Attributes\n\n- `node['openssl']['restart_services']` - An array of service resources that depend on the openssl packages. This array is empty by default, as Chef has no reasonable way to detect which applications or services are compiled against these packages. _Note_ Each service listed in this array should represent a \"`service`\" resource specified in the recipes of the node's run list.\n\n## Recipes\n\n### default\n\nAn empty placeholder recipe. Takes no action.\n\n### upgrade\n\nThe upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute, and manages them with the `:upgrade` action. Each package will send a `:restart` notification to service resources named in the `node['openssl']['restart_services']` attribute.\n\n#### Example Usage\n\nIn this example, assume the node is running the `stats_collector` daemon, which depends on the openssl library. Imagine that a new openssl vulnerability has been disclosed, and the operating system vendor has released an update to openssl to address this vulnerability. In order to protect the node, an administrator crafts this recipe:\n\n```ruby\nnode.default['openssl']['restart_services'] = ['stats_collector']\n\n# other recipe code here...\nservice 'stats_collector' do\n action [:enable, :start]\nend\n\ninclude_recipe 'openssl::upgrade'\n```\n\nWhen executed, this recipe will ensure that openssl is upgraded to the latest version, and that the `stats_collector` service is restarted to pick up the latest security fixes released in the openssl package.\n\n## Libraries & Resources\n\nThere are two mixins packaged with this cookbook.\n\n### random_password (`OpenSSLCookbook::RandomPassword`)\n\nThe `RandomPassword` mixin can be used to generate secure random passwords in Chef cookbooks, usually for assignment to a variable or an attribute. `random_password` uses Ruby's SecureRandom library and is customizable.\n\n#### Example Usage\n\n```ruby\nChef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)\nnode.normal['my_secure_attribute'] = random_password\nnode.normal_unless['my_secure_attribute'] = random_password\nnode.normal['my_secure_attribute'] = random_password(length: 50)\nnode.normal['my_secure_attribute'] = random_password(length: 50, mode: :base64)\nnode.normal['my_secure_attribute'] = random_password(length: 50, mode: :base64, encoding: 'ASCII')\n```\n\nNote that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.\n\n### ~~secure_password (`Opscode::OpenSSL::Password`)~~\n\nThis library should be considered deprecated and will be removed in a future version. Please use `OpenSSLCookbook::RandomPassword` instead. The documentation is kept here for historical reasons.\n\n#### ~~Example Usage~~\n\n```ruby\n::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)\nnode.normal_unless['my_password'] = secure_password\n```\n\n~~Note that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.~~\n\n### openssl_x509\n\nThis resource generates self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate.\n\n#### Attributes\n\nName | Type | Description\n------------------ | --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\n`common_name` | String (Required) | Value for the `CN` certificate field.\n`org` | String (Required) | Value for the `O` certificate field.\n`org_unit` | String (Required) | Value for the `OU` certificate field.\n`country` | String (Required) | Value for the `C` ssl field.\n`expire` | Fixnum (Optional) | Value representing the number of days from _now_ through which the issued certificate cert will remain valid. The certificate will expire after this period.\n`subject_alt_name` | Array (Optional) | Array of _Subject Alternative Name_ entries, in format `DNS:example.com` or `IP:1.2.3.4` _Default: empty_\n`key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` attribute is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` attribute is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate.\n`key_pass` | String (Optional) | The passphrase for an existing key's passphrase\n`key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_\n`owner` | String (optional) | The owner of all files created by the resource. _Default: \"root\"_\n`group` | String (optional) | The group of all files created by the resource. _Default: \"root\"_\n`mode` | String or Fixnum (Optional) | The permission mode of all files created by the resource. _Default: \"0400\"_\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a self-signed x509 certificate for use with a web server. In order to create the certificate, the administrator crafts this recipe:\n\n```ruby\nopenssl_x509 '/etc/httpd/ssl/mycert.pem' do\n common_name 'www.f00bar.com'\n org 'Foo Bar'\n org_unit 'Lab'\n country 'US'\nend\n```\n\nWhen executed, this recipe will generate a key certificate at `/etc/httpd/ssl/mycert.key`. It will then use that key to generate a new certificate file at `/etc/httpd/ssl/mycert.pem`.\n\n### openssl_dhparam\n\nThis resource generates dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten.\n\n#### Attributes\n\nName | Type | Description\n------------ | --------------------------- | ---------------------------------------------------------------------------\n`key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_\n`generator` | Fixnum (Optional) | The desired Diffie-Hellmann generator. Can be _2_ or _5_.\n`owner` | String (optional) | The owner of all files created by the resource. _Default: \"root\"_\n`group` | String (optional) | The group of all files created by the resource. _Default: \"root\"_\n`mode` | String or Fixnum (Optional) | The permission mode of all files created by the resource. _Default: \"0644\"_\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a dhparam.pem file for use with a web server. In order to create the .pem file, the administrator crafts this recipe:\n\n```ruby\nopenssl_dhparam '/etc/httpd/ssl/dhparam.pem' do\n key_length 2048\n generator 2\nend\n```\n\nWhen executed, this recipe will generate a dhparam file at `/etc/httpd/ssl/dhparam.pem`.\n\n### openssl_rsa_key\n\nThis resource generates rsa key files. If a valid rsa key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten.\n\n#### Attributes\n\nName | Type | Description\n------------ | --------------------------- | ---------------------------------------------------------------------------\n`key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_\n`key_pass` | String (Optional) | The desired passphrase for the key.\n`owner` | String (optional) | The owner of all files created by the resource. _Default: \"root\"_\n`group` | String (optional) | The group of all files created by the resource. _Default: \"root\"_\n`mode` | String or Fixnum (Optional) | The permission mode of all files created by the resource. _Default: \"0644\"_\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a new RSA private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe:\n\n```ruby\nopenssl_rsa_key '/etc/httpd/ssl/server.key' do\n key_length 2048\nend\n```\n\nWhen executed, this recipe will generate a passwordless RSA key file at `/etc/httpd/ssl/server.key`.\n\n## License and Author\n\nAuthor:: Jesse Nelson ([spheromak@gmail.com](mailto:spheromak@gmail.com))
\nAuthor:: Seth Vargo ([sethvargo@gmail.com](mailto:sethvargo@gmail.com))
\nAuthor:: Charles Johnson ([charles@chef.io](mailto:charles@chef.io))
\nAuthor:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io))\n\n```text\nCopyright:: 2009-2016, Chef Software, Inc \n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","amazon":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"openssl":"Empty, this cookbook provides a library, see README.md","upgrade":"Upgrade OpenSSL library and restart dependent services"},"source_url":"https://github.com/chef-cookbooks/openssl","issues_url":"https://github.com/chef-cookbooks/openssl/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file +{"name":"openssl","version":"8.5.5","description":"Resources and libraries for interacting with certificates, keys, passwords, and dhparam files.","long_description":"# OpenSSL Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/openssl.svg?branch=master)](http://travis-ci.org/chef-cookbooks/openssl) [![Cookbook Version](https://img.shields.io/cookbook/v/openssl.svg)](https://supermarket.chef.io/cookbooks/openssl)\n\nThis cookbook provides tools for working with the Ruby OpenSSL library. It includes:\n\n- A library method to generate secure random passwords in recipes, using the Ruby SecureRandom library.\n- A resource for generating RSA private keys.\n- A resource for generating RSA public keys.\n- A resource for generating EC private keys.\n- A resource for generating EC public keys.\n- A resource for generating x509 certificates.\n- A resource for generating x509 requests.\n- A resource for generating x509 crl.\n- A resource for generating dhparam.pem files.\n- An attribute-driven recipe for upgrading OpenSSL packages.\n\nNOTE: All resources in this cookbook are now built-into Chef 14.4 and later so this cookbook is no longer necessary to use those resources. When Chef 15.4 is released (Aug 2019) the resources will be removed from this cookbook as all users should be running Chef 14.4 or later.\n\n## Platforms\n\n- Debian / Ubuntu derivatives\n- Fedora\n- FreeBSD\n- macOS\n- openSUSE / SUSE Linux Enterprises\n- RHEL/CentOS/Scientific/Amazon/Oracle\n- Solaris\n\n## Chef\n\n- Chef 12.7+\n\n## Cookbooks\n\n- none\n\n## Attributes\n\n- `node['openssl']['restart_services']` - An array of service resources that depend on the openssl packages. This array is empty by default, as Chef has no reasonable way to detect which applications or services are compiled against these packages. _Note_ Each service listed in this array should represent a \"`service`\" resource specified in the recipes of the node's run list.\n\n## Recipes\n\n### upgrade\n\nThe upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute, and manages them with the `:upgrade` action. Each package will send a `:restart` notification to service resources named in the `node['openssl']['restart_services']` attribute.\n\n#### Example Usage\n\nIn this example, assume the node is running the `stats_collector` daemon, which depends on the openssl library. Imagine that a new openssl vulnerability has been disclosed, and the operating system vendor has released an update to openssl to address this vulnerability. In order to protect the node, an administrator crafts this recipe:\n\n```ruby\nnode.default['openssl']['restart_services'] = ['stats_collector']\n\n# other recipe code here...\nservice 'stats_collector' do\n action [:enable, :start]\nend\n\ninclude_recipe 'openssl::upgrade'\n```\n\nWhen executed, this recipe will ensure that openssl is upgraded to the latest version, and that the `stats_collector` service is restarted to pick up the latest security fixes released in the openssl package.\n\n## Libraries\n\nThere are two mixins packaged with this cookbook.\n\n### random_password (`OpenSSLCookbook::RandomPassword`)\n\nThe `RandomPassword` mixin can be used to generate secure random passwords in Chef cookbooks, usually for assignment to a variable or an attribute. `random_password` uses Ruby's SecureRandom library and is customizable.\n\n#### Example Usage\n\n```ruby\nChef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)\nnode.normal['my_secure_attribute'] = random_password\nnode.normal_unless['my_secure_attribute'] = random_password\nnode.normal['my_secure_attribute'] = random_password(length: 50)\nnode.normal['my_secure_attribute'] = random_password(length: 50, mode: :base64)\nnode.normal['my_secure_attribute'] = random_password(length: 50, mode: :base64, encoding: 'ASCII')\n```\n\nNote that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.\n\n## Resources\n\n### openssl_x509_certificate\n\nThis resource generates signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them.\n\nNote: This resource was renamed from openssl_x509 to openssl_x509_certificate. The legacy name will continue to function, but cookbook code should be updated for the new resource name.\n\n#### Properties\n\nName | Type | Description\n------------------ | ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`common_name` | String (Optional) | Value for the `CN` certificate field.\n`org` | String (Optional) | Value for the `O` certificate field.\n`org_unit` | String (Optional) | Value for the `OU` certificate field.\n`city` | String (Optional) | Value for the `L` certificate field.\n`state` | String (Optional) | Value for the `ST` certificate field.\n`country` | String (Optional) | Value for the `C` ssl field.\n`email` | String (Optional) | Value for the `email` ssl field.\n`expire` | Integer (Optional) | Value representing the number of days from _now_ through which the issued certificate cert will remain valid. The certificate will expire after this period. _Default: 365\n`extensions` | Hash (Optional) | Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }` _Default: empty_\n`subject_alt_name` | Array (Optional) | Array of _Subject Alternative Name_ entries, in format `DNS:example.com` or `IP:1.2.3.4` _Default: empty_\n`key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate.\n`key_pass` | String (Optional) | The passphrase for an existing key's passphrase\n`key_type` | String (Optional) | The desired type of the generated key (rsa or ec). _Default: rsa_\n`key_length` | Integer (Optional) | The desired Bit Length of the generated key (if key_type is equal to 'rsa'). _Default: 2048_\n`key_curve` | String (Optional) | The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options. _Default: prime256v1_\n`csr_file` | String (Optional) | The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last).\n`ca_cert_file` | String (Optional) | The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them.\n`ca_key_file` | String (Optional) | The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file' property must also be specified, the certificate will be signed with them.\n`ca_key_pass` | String (Optional) | The passphrase for CA private key's passphrase\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource.\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a self-signed x509 certificate for use with a web server. In order to create the certificate, the administrator crafts this recipe:\n\n```ruby\nopenssl_x509 '/etc/httpd/ssl/mycert.pem' do\n common_name 'www.f00bar.com'\n org 'Foo Bar'\n org_unit 'Lab'\n country 'US'\nend\n```\n\nWhen executed, this recipe will generate a key certificate at `/etc/httpd/ssl/mycert.key`. It will then use that key to generate a new certificate file at `/etc/httpd/ssl/mycert.pem`.\n\nIn this example, an administrator wishes to create a x509 certificate signed with a CA certificate and key. In order to create the certificate, the administrator crafts this recipe:\n\n```ruby\nopenssl_x509_certificate '/etc/ssl_test/my_signed_cert.crt' do\n common_name 'www.f00bar.com'\n ca_key_file '/etc/ssl_test/my_ca.key'\n ca_cert_file '/etc/ssl_test/my_ca.crt'\n expire 365\n extensions(\n 'keyUsage' => {\n 'values' => %w(\n keyEncipherment\n digitalSignature),\n 'critical' => true,\n },\n 'extendedKeyUsage' => {\n 'values' => %w(serverAuth),\n 'critical' => false,\n }\n )\n subject_alt_name ['IP:127.0.0.1', 'DNS:localhost.localdomain']\nend\n```\n\nWhen executed, this recipe will generate a key certificate at `/etc/ssl_test/my_signed_cert.key`. It will then use that key to generate a CSR and signed it with `my_ca.key/my_ca.crt`. A new certificate file at `/etc/ssl_test/my_signed_cert.cert` will be created as a result.\n\n\n### openssl_x509_request\n\nThis resource generates PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate.\n\n#### Properties\n\nName | Type | Description\n--------------------- | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`common_name` | String (Required) | Value for the `CN` certificate field.\n`org` | String (Optional) | Value for the `O` certificate field.\n`org_unit` | String (Optional) | Value for the `OU` certificate field.\n`city` | String (Optional) | Value for the `L` certificate field.\n`state` | String (Optional) | Value for the `ST` certificate field.\n`country` | String (Optional) | Value for the `C` ssl field.\n`email` | String (Optional) | Value for the `email` ssl field.\n`key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate.\n`key_pass` | String (Optional) | The passphrase for an existing key's passphrase\n`key_type` | String (Optional) | The desired type of the generated key (rsa or ec). _Default: ec_\n`key_length` | Integer (Optional) | The desired Bit Length of the generated key (if key_type is equal to 'rsa'). _Default: 2048_\n`key_curve` | String (Optional) | The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options. _Default: prime256v1\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource.\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a x509 CRL. In order to create the CRL, the administrator crafts this recipe:\n\n```ruby\nopenssl_x509_request '/etc/ssl_test/my_ec_request.csr' do\n common_name 'myecrequest.example.com'\n org 'Test Kitchen Example'\n org_unit 'Kitchens'\n country 'UK'\nend\n```\n\nWhen executed, this recipe will generate a key certificate at `/etc/httpd/ssl/my_ec_request.key`. It will then use that key to generate a new csr file at `/etc/ssl_test/my_ec_request.csr`.\n\n### openssl_x509_crl\n\nThis resource generates PEM-formatted x509 CRL.\n\n#### Properties\n\nName | Type | Description\n--------------------- | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`serial_to_revoke` | String or Integer(Optional) | Serial of the X509 Certificate to revoke\n`revocation_reason` | String or Integer(Optional) | [Reason of the revocation]((https://en.wikipedia.org/wiki/Certificate_revocation_list#Reasons_for_revocation)) _Default: 0_\n`expire` | Integer (Optional) | Value representing the number of days from _now_ through which the issued CRL will remain valid. The CRL will expire after this period. _Default: 8_\n`renewal_threshold` | Integer (Optional) | Number of days before the expiration. It this threshold is reached, the CRL will be renewed _Default: 1_\n`ca_cert_file` | String (Required) | The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the CRL will be signed with them.\n`ca_key_file` | String (Required) | The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file' property must also be specified, the CRL will be signed with them.\n`ca_key_pass` | String (Optional) | The passphrase for CA private key's passphrase\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource.\n\n\n#### Example Usage\n\nIn this example, an administrator wishes to create an empty X509 CRL. In order to create the CRL, the administrator crafts this recipe:\n\n```ruby\nopenssl_x509_crl '/etc/ssl_test/my_ca.crl' do\n ca_cert_file '/etc/ssl_test/my_ca.crt'\n ca_key_file '/etc/ssl_test/my_ca.key'\nend\n```\n\nWhen executed, this recipe will generate a new CRL file at `/etc/ssl_test/my_ca.crl`.\n\nIn this example, an administrator wishes to revoke a certificate in an existing X509 CRL.\n\n```ruby\nopenssl_x509_crl '/etc/ssl_test/my_ca.crl' do\n ca_cert_file '/etc/ssl_test/my_ca.crt'\n ca_key_file '/etc/ssl_test/my_ca.key'\n serial_to_revoke C7BCB6602A2E4251EF4E2827A228CB52BC0CEA2F\nend\n```\n\n### openssl_dhparam\n\nThis resource generates dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten.\n\n#### Properties\n\nName | Type | Description\n------------ | ---------------------------- | ---------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`key_length` | Integer (Optional) | The desired Bit Length of the generated key. _Default: 2048_\n`generator` | Integer (Optional) | The desired Diffie-Hellmann generator. Can be _2_ or _5_.\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: \"0640\"_\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a dhparam.pem file for use with a web server. In order to create the .pem file, the administrator crafts this recipe:\n\n```ruby\nopenssl_dhparam '/etc/httpd/ssl/dhparam.pem' do\n key_length 2048\n generator 2\nend\n```\n\nWhen executed, this recipe will generate a dhparam file at `/etc/httpd/ssl/dhparam.pem`.\n\n### openssl_rsa_private_key\n\nThis resource generates rsa private key files. If a valid rsa key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten.\n\nNote: This resource was renamed from openssl_rsa_key to openssl_rsa_private_key. The legacy name will continue to function, but cookbook code should be updated for the new resource name.\n\n#### Properties\n\nName | Type | Description\n------------ | ---------------------------- | -----------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`key_length` | Integer (Optional) | The desired Bit Length of the generated key. _Default: 2048_\n`key_cipher` | String (Optional) | The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options. _Default: des3_\n`key_pass` | String (Optional) | The desired passphrase for the key.\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: \"0640\"_\n`force` | true/false (Optional) | Force creating the key even if the existing key exists. _Default: false_\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a new RSA private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe:\n\n```ruby\nopenssl_rsa_private_key '/etc/httpd/ssl/server.key' do\n key_length 2048\nend\n```\n\nWhen executed, this recipe will generate a passwordless RSA key file at `/etc/httpd/ssl/server.key`.\n\n### openssl_rsa_public_key\n\nThis resource generates rsa public key files given a private key.\n\n#### Properties\n\nName | Type | Description\n--------------------- | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`private_key_path` | String (Required unless private_key_content used) | The path to the private key to generate the public key from\n`private_key_content` | String (Required unless private_key_path used) | The content of the private key including new lines. Used if you don't want to write a private key to disk and use `private_key_path`.\n`private_key_pass` | String (Optional) | The passphrase of the provided private key\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: \"0640\"_\n\n**Note**: To use `private_key_content` the private key string must be properly formatted including new lines. The easiest way to get the right string is to run the following from irb (/opt/chefdk/embedded/bin/irb from ChefDK)\n\n```ruby\nFile.read('/foo/bar/private.pem')\n```\n\n#### Example Usage\n\n```ruby\nopenssl_rsa_public_key '/etc/foo/something.pub' do\n priv_key_path '/etc/foo/something.pem'\nend\n```\n\n### openssl_ec_private_key\n\nThis resource generates ec private key files. If a valid ec key file can be opened at the specified location, no new file will be created. If the EC key file cannot be opened, either because it does not exist or because the password to the EC key file does not match the password in the recipe, it will be overwritten.\n\n#### Properties\n\nName | Type | Description\n------------ | ---------------------------- | -----------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`key_curve` | String (Optional) | The desired curve of the generated key. Run `openssl ecparam -list_curves` to see available options. _Default: prime256v1\n`key_cipher` | String (Optional) | The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options. _Default: des3_\n`key_pass` | String (Optional) | The desired passphrase for the key.\n`owner` | String (optional) | The owner of all files created by the resource.\n`group` | String (optional) | The group of all files created by the resource.\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: \"0640\"_\n`force` | true/false (Optional) | Force creating the key even if the existing key exists. _Default: false_\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a new EC private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe:\n\n```ruby\nopenssl_ec_private_key '/etc/httpd/ssl/server.key' do\n key_curve \"prime256v1'\nend\n```\n\nWhen executed, this recipe will generate a passwordless EC key file at `/etc/httpd/ssl/server.key`.\n\n### openssl_ec_public_key\n\nThis resource generates ec public key files given a private key.\n\n#### Properties\n\nName | Type | Description\n--------------------- | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------\n`path` | String (Optional) | Optional path to write the file to if you'd like to specify it here instead of in the resource name\n`private_key_path` | String (Required unless private_key_content used) | The path to the private key to generate the public key from\n`private_key_content` | String (Required unless private_key_path used) | The content of the private key including new lines. Used if you don't want to write a private key to disk and use `private_key_path`.\n`private_key_pass` | String (Optional) | The passphrase of the provided private key\n`owner` | String (optional) | The owner of all files created by the resource. _Default: \"root\"_\n`group` | String (optional) | The group of all files created by the resource. _Default: \"root or wheel depending on platform\"_\n`mode` | String or Integer (Optional) | The permission mode of all files created by the resource. _Default: \"0640\"_\n\n**Note**: To use `private_key_content` the private key string must be properly formatted including new lines. The easiest way to get the right string is to run the following from irb (/opt/chefdk/embedded/bin/irb from ChefDK)\n\n```ruby\nFile.read('/foo/bar/private.pem')\n```\n\n#### Example Usage\n\n```ruby\nopenssl_ec_public_key '/etc/foo/something.pub' do\n priv_key_path '/etc/foo/something.pem'\nend\n```\n\n## Maintainers\n\nThis cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)\n\n## License\n\n**Copyright:** 2009-2018, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","freebsd":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","solaris2":">= 0.0.0","suse":">= 0.0.0","ubuntu":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"openssl::upgrade":"Upgrade OpenSSL library and restart dependent services"},"source_url":"https://github.com/chef-cookbooks/openssl","issues_url":"https://github.com/chef-cookbooks/openssl/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/openssl/recipes/upgrade.rb b/cookbooks/openssl/recipes/upgrade.rb index 7577d79..cd05c97 100644 --- a/cookbooks/openssl/recipes/upgrade.rb +++ b/cookbooks/openssl/recipes/upgrade.rb @@ -19,15 +19,21 @@ case node['platform_family'] when 'debian', 'ubuntu' - packages = %w(libssl1.0.0 openssl) + packages = if platform?('debian') && node['platform_version'].to_i >= 9 + %w(libssl1.0.2 openssl) + else + %w(libssl1.0.0 openssl) + end when 'rhel', 'fedora', 'suse', 'amazon' packages = %w(openssl) else packages = [] end -packages.each do |ssl_pkg| - package ssl_pkg do +if packages.empty? + Chef::Log.warn("The openssl::upgrade recipe does not currently support #{node['platform']}. If you believe it could please open a PR at https://github.com/chef-cookbooks/openssl") +else + package packages do action :upgrade node['openssl']['restart_services'].each do |ssl_svc| notifies :restart, "service[#{ssl_svc}]" diff --git a/cookbooks/openssl/resources/dhparam.rb b/cookbooks/openssl/resources/dhparam.rb index c3d4d97..f06e6ad 100644 --- a/cookbooks/openssl/resources/dhparam.rb +++ b/cookbooks/openssl/resources/dhparam.rb @@ -1,24 +1,44 @@ +# +# Copyright:: Copyright 2009-2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :openssl_dhparam + include OpenSSLCookbook::Helpers -property :name, String, name_property: true +property :path, String, name_property: true property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 property :generator, equal_to: [2, 5], default: 2 property :owner, String property :group, String -property :mode, [Integer, String] +property :mode, [Integer, String], default: '0640' action :create do - unless dhparam_pem_valid?(new_resource.name) # ~FC023 - converge_by("Create a dhparam file #{@new_resource}") do + unless dhparam_pem_valid?(new_resource.path) + converge_by("Create a dhparam file #{new_resource.path}") do dhparam_content = gen_dhparam(new_resource.key_length, new_resource.generator).to_pem log "Generating #{new_resource.key_length} bit "\ - "dhparam file at #{new_resource.name}, this may take some time" + "dhparam file at #{new_resource.path}, this may take some time" - file new_resource.name do + file new_resource.path do action :create - owner new_resource.owner - group new_resource.group + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? mode new_resource.mode sensitive true content dhparam_content diff --git a/cookbooks/openssl/resources/ec_private_key.rb b/cookbooks/openssl/resources/ec_private_key.rb new file mode 100644 index 0000000..6d214f3 --- /dev/null +++ b/cookbooks/openssl/resources/ec_private_key.rb @@ -0,0 +1,55 @@ +# +# Copyright:: Copyright 2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides) +resource_name :openssl_ec_private_key + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :key_curve, equal_to: %w(secp384r1 secp521r1 prime256v1 secp224r1 secp256k1), default: 'prime256v1' +property :key_pass, String +property :key_cipher, String, default: 'des3', equal_to: ::OpenSSL::Cipher.ciphers +property :owner, String +property :group, String +property :mode, [Integer, String], default: '0640' +property :force, [true, false], default: false + +action :create do + unless new_resource.force || priv_key_file_valid?(new_resource.path, new_resource.key_pass) + converge_by("Create an EC private key #{new_resource.path}") do + log "Generating an #{new_resource.key_curve} "\ + "EC key file at #{new_resource.name}, this may take some time" + + if new_resource.key_pass + unencrypted_ec_key = gen_ec_priv_key(new_resource.key_curve) + ec_key_content = encrypt_ec_key(unencrypted_ec_key, new_resource.key_pass, new_resource.key_cipher) + else + ec_key_content = gen_ec_priv_key(new_resource.key_curve).to_pem + end + + file new_resource.path do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + sensitive true + content ec_key_content + end + end + end +end diff --git a/cookbooks/openssl/resources/ec_public_key.rb b/cookbooks/openssl/resources/ec_public_key.rb new file mode 100644 index 0000000..3e8d4b3 --- /dev/null +++ b/cookbooks/openssl/resources/ec_public_key.rb @@ -0,0 +1,45 @@ +# +# Copyright:: Copyright 2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides) +resource_name :openssl_ec_public_key + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :private_key_path, String +property :private_key_content, String +property :private_key_pass, String +property :owner, String +property :group, String +property :mode, [Integer, String], default: '0640' + +action :create do + raise ArgumentError, "You cannot specify both 'private_key_path' and 'private_key_content' properties at the same time." if new_resource.private_key_path && new_resource.private_key_content + raise ArgumentError, "You must specify the private key with either 'private_key_path' or 'private_key_content' properties." unless new_resource.private_key_path || new_resource.private_key_content + raise "#{new_resource.private_key_path} not a valid private EC key or password is invalid" unless priv_key_file_valid?((new_resource.private_key_path || new_resource.private_key_content), new_resource.private_key_pass) + + ec_key_content = gen_ec_pub_key((new_resource.private_key_path || new_resource.private_key_content), new_resource.private_key_pass) + + file new_resource.path do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + content ec_key_content + end +end diff --git a/cookbooks/openssl/resources/rsa_key.rb b/cookbooks/openssl/resources/rsa_key.rb deleted file mode 100644 index 5b2b170..0000000 --- a/cookbooks/openssl/resources/rsa_key.rb +++ /dev/null @@ -1,33 +0,0 @@ -include OpenSSLCookbook::Helpers - -property :name, String, name_property: true -property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 -property :key_pass, String -property :owner, String -property :group, String -property :mode, [Integer, String] - -action :create do - unless key_file_valid?(new_resource.name, new_resource.key_pass) - converge_by("Create an RSA key #{@new_resource}") do - log "Generating #{new_resource.key_length} bit "\ - "RSA key file at #{new_resource.name}, this may take some time" - - if new_resource.key_pass - unencrypted_rsa_key = gen_rsa_key(new_resource.key_length) - rsa_key_content = encrypt_rsa_key(unencrypted_rsa_key, new_resource.key_pass) - else - rsa_key_content = gen_rsa_key(new_resource.key_length).to_pem - end - - file new_resource.name do - action :create - owner new_resource.owner - group new_resource.group - mode new_resource.mode - sensitive true - content rsa_key_content - end - end - end -end diff --git a/cookbooks/openssl/resources/rsa_private_key.rb b/cookbooks/openssl/resources/rsa_private_key.rb new file mode 100644 index 0000000..b72c267 --- /dev/null +++ b/cookbooks/openssl/resources/rsa_private_key.rb @@ -0,0 +1,55 @@ +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :openssl_rsa_private_key +provides :openssl_rsa_key # legacy name + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 +property :key_pass, String +property :key_cipher, String, default: 'des3', equal_to: ::OpenSSL::Cipher.ciphers +property :owner, String +property :group, String +property :mode, [Integer, String], default: '0640' +property :force, [true, false], default: false + +action :create do + unless new_resource.force || priv_key_file_valid?(new_resource.path, new_resource.key_pass) + converge_by("Create an RSA private key #{new_resource.path}") do + log "Generating #{new_resource.key_length} bit "\ + "RSA key file at #{new_resource.path}, this may take some time" + + if new_resource.key_pass + unencrypted_rsa_key = gen_rsa_priv_key(new_resource.key_length) + rsa_key_content = encrypt_rsa_key(unencrypted_rsa_key, new_resource.key_pass, new_resource.key_cipher) + else + rsa_key_content = gen_rsa_priv_key(new_resource.key_length).to_pem + end + + file new_resource.path do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + sensitive true + content rsa_key_content + end + end + end +end diff --git a/cookbooks/openssl/resources/rsa_public_key.rb b/cookbooks/openssl/resources/rsa_public_key.rb new file mode 100644 index 0000000..83552ef --- /dev/null +++ b/cookbooks/openssl/resources/rsa_public_key.rb @@ -0,0 +1,45 @@ +# +# Copyright:: Copyright 2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :openssl_rsa_public_key + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :private_key_path, String +property :private_key_content, String +property :private_key_pass, String +property :owner, String +property :group, String +property :mode, [Integer, String], default: '0640' + +action :create do + raise ArgumentError, "You cannot specify both 'private_key_path' and 'private_key_content' properties at the same time." if new_resource.private_key_path && new_resource.private_key_content + raise ArgumentError, "You must specify the private key with either 'private_key_path' or 'private_key_content' properties." unless new_resource.private_key_path || new_resource.private_key_content + raise "#{new_resource.private_key_path} not a valid private RSA key or password is invalid" unless priv_key_file_valid?((new_resource.private_key_path || new_resource.private_key_content), new_resource.private_key_pass) + + rsa_key_content = gen_rsa_pub_key((new_resource.private_key_path || new_resource.private_key_content), new_resource.private_key_pass) + + file new_resource.path do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + content rsa_key_content + end +end diff --git a/cookbooks/openssl/resources/x509.rb b/cookbooks/openssl/resources/x509.rb deleted file mode 100644 index 9801835..0000000 --- a/cookbooks/openssl/resources/x509.rb +++ /dev/null @@ -1,118 +0,0 @@ -include OpenSSLCookbook::Helpers - -property :name, String, name_property: true -property :owner, String -property :group, String -property :expire, Integer -property :mode, [Integer, String] -property :org, String, required: true -property :org_unit, String, required: true -property :country, String, required: true -property :common_name, String, required: true -property :subject_alt_name, Array, default: [] -property :key_file, String -property :key_pass, String -property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 - -action :create do - unless ::File.exist? new_resource.name - converge_by("Create #{@new_resource}") do - create_keys - cert_content = cert.to_pem - key_content = key.to_pem - - file new_resource.name do - action :create_if_missing - mode new_resource.mode - owner new_resource.owner - group new_resource.group - sensitive true - content cert_content - end - - file new_resource.key_file do - action :create_if_missing - mode new_resource.mode - owner new_resource.owner - group new_resource.group - sensitive true - content key_content - end - end - end -end - -action_class do - def generate_key_file - unless new_resource.key_file - path, file = ::File.split(new_resource.name) - filename = ::File.basename(file, ::File.extname(file)) - new_resource.key_file path + '/' + filename + '.key' - end - new_resource.key_file - end - - def key - @key ||= if key_file_valid?(generate_key_file, new_resource.key_pass) - OpenSSL::PKey::RSA.new ::File.read(generate_key_file), new_resource.key_pass - else - OpenSSL::PKey::RSA.new(new_resource.key_length) - end - @key - end - - def cert - @cert ||= OpenSSL::X509::Certificate.new - end - - def gen_cert - cert - cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject) - cert.not_before = Time.now - cert.not_after = Time.now + (new_resource.expire.to_i * 24 * 60 * 60) - cert.public_key = key.public_key - cert.serial = 0x0 - cert.version = 2 - end - - def subject - @subject ||= '/C=' + new_resource.country + - '/O=' + new_resource.org + - '/OU=' + new_resource.org_unit + - '/CN=' + new_resource.common_name - end - - def extensions - exts = [] - exts << @ef.create_extension('basicConstraints', 'CA:TRUE', true) - exts << @ef.create_extension('subjectKeyIdentifier', 'hash') - - unless new_resource.subject_alt_name.empty? - san = {} - counters = {} - new_resource.subject_alt_name.each do |an| - kind, value = an.split(':', 2) - counters[kind] ||= 0 - counters[kind] += 1 - san["#{kind}.#{counters[kind]}"] = value - end - @ef.config['alt_names'] = san - exts << @ef.create_extension('subjectAltName', '@alt_names') - end - - exts - end - - def create_keys - gen_cert - @ef ||= OpenSSL::X509::ExtensionFactory.new - @ef.subject_certificate = cert - @ef.issuer_certificate = cert - @ef.config = OpenSSL::Config.load(OpenSSL::Config::DEFAULT_CONFIG_FILE) - - cert.extensions = extensions - cert.add_extension @ef.create_extension('authorityKeyIdentifier', - 'keyid:always,issuer:always') - cert.sign key, OpenSSL::Digest::SHA256.new - end -end diff --git a/cookbooks/openssl/resources/x509_certificate.rb b/cookbooks/openssl/resources/x509_certificate.rb new file mode 100644 index 0000000..71bb91f --- /dev/null +++ b/cookbooks/openssl/resources/x509_certificate.rb @@ -0,0 +1,151 @@ +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides) +resource_name :openssl_x509_certificate + +provides :openssl_x509 # legacy_name + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :owner, String +property :group, String +property :expire, Integer, default: 365 +property :mode, [Integer, String], default: '0644' +property :country, String +property :state, String +property :city, String +property :org, String +property :org_unit, String +property :common_name, String +property :email, String +property :extensions, Hash, default: {} +property :subject_alt_name, Array, default: [] +property :key_file, String +property :key_pass, String +property :key_type, equal_to: %w(rsa ec), default: 'rsa' +property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 +property :key_curve, equal_to: %w(secp384r1 secp521r1 prime256v1), default: 'prime256v1' +property :csr_file, String +property :ca_cert_file, String +property :ca_key_file, String +property :ca_key_pass, String + +action :create do + unless ::File.exist? new_resource.path + converge_by("Create #{@new_resource}") do + file new_resource.path do + action :create_if_missing + mode new_resource.mode + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + sensitive true + content cert.to_pem + end + + if new_resource.csr_file.nil? + file new_resource.key_file do + action :create_if_missing + mode new_resource.mode + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + sensitive true + content key.to_pem + end + end + end + end +end + +action_class do + def generate_key_file + unless new_resource.key_file + path, file = ::File.split(new_resource.path) + filename = ::File.basename(file, ::File.extname(file)) + new_resource.key_file path + '/' + filename + '.key' + end + new_resource.key_file + end + + def key + @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass) + ::OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass + elsif new_resource.key_type == 'rsa' + gen_rsa_priv_key(new_resource.key_length) + else + gen_ec_priv_key(new_resource.key_curve) + end + @key + end + + def request + request = if new_resource.csr_file.nil? + gen_x509_request(subject, key) + else + ::OpenSSL::X509::Request.new ::File.read(new_resource.csr_file) + end + request + end + + def subject + subject = ::OpenSSL::X509::Name.new() + subject.add_entry('C', new_resource.country) unless new_resource.country.nil? + subject.add_entry('ST', new_resource.state) unless new_resource.state.nil? + subject.add_entry('L', new_resource.city) unless new_resource.city.nil? + subject.add_entry('O', new_resource.org) unless new_resource.org.nil? + subject.add_entry('OU', new_resource.org_unit) unless new_resource.org_unit.nil? + subject.add_entry('CN', new_resource.common_name) + subject.add_entry('emailAddress', new_resource.email) unless new_resource.email.nil? + subject + end + + def ca_private_key + ca_private_key = if new_resource.csr_file.nil? + key + else + ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass + end + ca_private_key + end + + def ca_info + # Will contain issuer (if any) & expiration + ca_info = {} + + unless new_resource.ca_cert_file.nil? + ca_info['issuer'] = ::OpenSSL::X509::Certificate.new ::File.read(new_resource.ca_cert_file) + end + ca_info['validity'] = new_resource.expire + + ca_info + end + + def extensions + extensions = gen_x509_extensions(new_resource.extensions) + + unless new_resource.subject_alt_name.empty? + extensions += gen_x509_extensions('subjectAltName' => { 'values' => new_resource.subject_alt_name, 'critical' => false }) + end + + extensions + end + + def cert + cert = gen_x509_cert(request, extensions, ca_info, ca_private_key) + cert + end +end diff --git a/cookbooks/openssl/resources/x509_crl.rb b/cookbooks/openssl/resources/x509_crl.rb new file mode 100644 index 0000000..50ad7d9 --- /dev/null +++ b/cookbooks/openssl/resources/x509_crl.rb @@ -0,0 +1,88 @@ +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides) +resource_name :openssl_x509_crl + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :serial_to_revoke, [Integer, String] +property :revocation_reason, Integer, default: 0 +property :expire, Integer, default: 8 +property :renewal_threshold, Integer, default: 1 +property :ca_cert_file, String, required: true +property :ca_key_file, String, required: true +property :ca_key_pass, String +property :owner, String +property :group, String +property :mode, String + +action :create do + file new_resource.path do + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + content crl.to_pem + action :create + end +end + +action_class do + def crl_info + # Will contain issuer & expiration + crl_info = {} + + crl_info['issuer'] = ::OpenSSL::X509::Certificate.new ::File.read(new_resource.ca_cert_file) + crl_info['validity'] = new_resource.expire + + crl_info + end + + def revoke_info + # Will contain Serial to revoke & reason + revoke_info = {} + + revoke_info['serial'] = new_resource.serial_to_revoke + revoke_info['reason'] = new_resource.revocation_reason + + revoke_info + end + + def ca_private_key + ca_private_key = ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass + ca_private_key + end + + def crl + if crl_file_valid?(new_resource.path) + crl = ::OpenSSL::X509::CRL.new ::File.read(new_resource.path) + else + log "Creating a CRL #{new_resource.path} for CA #{new_resource.ca_cert_file}" + crl = gen_x509_crl(ca_private_key, crl_info) + end + + if !new_resource.serial_to_revoke.nil? && serial_revoked?(crl, new_resource.serial_to_revoke) == false + log "Revoking serial #{new_resource.serial_to_revoke} in CRL #{new_resource.path}" + crl = revoke_x509_crl(revoke_info, crl, ca_private_key, crl_info) + elsif crl.next_update <= Time.now + 3600 * 24 * new_resource.renewal_threshold + log "Renewing CRL for CA #{new_resource.ca_cert_file}" + crl = renew_x509_crl(crl, ca_private_key, crl_info) + end + + crl + end +end diff --git a/cookbooks/openssl/resources/x509_request.rb b/cookbooks/openssl/resources/x509_request.rb new file mode 100644 index 0000000..12ca083 --- /dev/null +++ b/cookbooks/openssl/resources/x509_request.rb @@ -0,0 +1,98 @@ +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides) +resource_name :openssl_x509_request + +include OpenSSLCookbook::Helpers + +property :path, String, name_property: true +property :owner, String +property :group, String +property :mode, [Integer, String], default: '0644' +property :country, String +property :state, String +property :city, String +property :org, String +property :org_unit, String +property :common_name, String, required: true +property :email, String +property :key_file, String +property :key_pass, String +property :key_type, equal_to: %w(rsa ec), default: 'ec' +property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 +property :key_curve, equal_to: %w(secp384r1 secp521r1 prime256v1), default: 'prime256v1' + +action :create do + unless ::File.exist? new_resource.path + converge_by("Create CSR #{@new_resource}") do + file new_resource.name do + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + content csr.to_pem + action :create + end + + file new_resource.key_file do + mode new_resource.mode + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + content key.to_pem + sensitive true + action :create_if_missing + end + end + end +end + +action_class do + def generate_key_file + unless new_resource.key_file + path, file = ::File.split(new_resource.path) + filename = ::File.basename(file, ::File.extname(file)) + new_resource.key_file path + '/' + filename + '.key' + end + new_resource.key_file + end + + def key + @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass) + ::OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass + elsif new_resource.key_type == 'rsa' + gen_rsa_priv_key(new_resource.key_length) + else + gen_ec_priv_key(new_resource.key_curve) + end + @key + end + + def subject + csr_subject = ::OpenSSL::X509::Name.new() + csr_subject.add_entry('C', new_resource.country) unless new_resource.country.nil? + csr_subject.add_entry('ST', new_resource.state) unless new_resource.state.nil? + csr_subject.add_entry('L', new_resource.city) unless new_resource.city.nil? + csr_subject.add_entry('O', new_resource.org) unless new_resource.org.nil? + csr_subject.add_entry('OU', new_resource.org_unit) unless new_resource.org_unit.nil? + csr_subject.add_entry('CN', new_resource.common_name) + csr_subject.add_entry('emailAddress', new_resource.email) unless new_resource.email.nil? + csr_subject + end + + def csr + gen_x509_request(subject, key) + end +end diff --git a/cookbooks/php-fpm/.foodcritic b/cookbooks/php-fpm/.foodcritic new file mode 100644 index 0000000..55a27da --- /dev/null +++ b/cookbooks/php-fpm/.foodcritic @@ -0,0 +1 @@ +~FC015 diff --git a/cookbooks/php-fpm/README.md b/cookbooks/php-fpm/README.md index 0bd779d..a503473 100644 --- a/cookbooks/php-fpm/README.md +++ b/cookbooks/php-fpm/README.md @@ -1,68 +1,67 @@ [![Build Status](https://travis-ci.org/yevgenko/cookbook-php-fpm.svg?branch=master)](https://travis-ci.org/yevgenko/cookbook-php-fpm) -Description -=========== +# Description -Installs and configures PHP-FPM (FastCGI Process Manager), an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. It's like the `unicorn` of the PHP world dawg. +Installs and configures PHP-FPM (FastCGI Process Manager), an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. It's like the `unicorn` of the PHP world dawg. -Requirements -============ +# Requirements -Platform --------- +## Platform -* Debian, Ubuntu -* CentOS, Red Hat, Fedora -* Amazon Linux +- Debian, Ubuntu +- CentOS, Red Hat, Fedora +- Amazon Linux -Cookbooks ---------- +## Cookbooks -* apt (leverages apt_repository LWRP) -* yum (leverages yum_repository LWRP) +- none -The `apt_repository` and `yum_repository` LWRPs are used from these cookbooks to create the proper repository entries so the php-fpm package downloaded and installed. +## Chef -Description -========== +- 12.14 or later -Creates a PHP-FPM configuration file at the path specified. Meant to be deployed with a service init scheme/supervisor such as runit. Please see the `application::php-fpm` recipe for a complete working example. In depth information about PHP-FPM's configuration values can be [found in the PHP-FPM documentation](http://php.net/manual/en/install.fpm.configuration.php). +# Description -Usage -===== -Simply include the recipe where you want PHP-FPM installed. Default pool __www__ will be created. To disable pool creation set default['php-fpm']['pools'] to false. +Creates a PHP-FPM configuration file at the path specified. Meant to be deployed with a service init scheme/supervisor such as runit. Please see the `application::php-fpm` recipe for a complete working example. In depth information about PHP-FPM's configuration values can be [found in the PHP-FPM documentation](http://php.net/manual/en/install.fpm.configuration.php). + +# Usage + +Simply include the recipe where you want PHP-FPM installed. Default pool **www** will be created. To disable pool creation set default['php-fpm']['pools'] to false. To customize settings and pools you can override default attributes. -### Usage in roles: +## Usage in roles: + ```ruby name "php-fpm" description "php fpm role" run_list "recipe[php-fpm]" override_attributes "php-fpm" => { - "pools" => { - "default" => { - :enable => true - }, - "www" => { - :enable => "true", - :cookbook => "another-cookbook", - :process_manager => "dynamic", - :max_requests => 5000, - :php_options => { 'php_admin_flag[log_errors]' => 'on', 'php_admin_value[memory_limit]' => '32M' } - } - } + "pools" => { + "default" => { + :enable => true + }, + "www" => { + :enable => "true", + :cookbook => "another-cookbook", + :process_manager => "dynamic", + :max_requests => 5000, + :php_options => { 'php_admin_flag[log_errors]' => 'on', 'php_admin_value[memory_limit]' => '32M' } + } + } } ``` -Creating pools in recipes -========================= -### Create PHP-FPM pool named 'www' with default settings: +# Creating pools in recipes + +## Create PHP-FPM pool named 'www' with default settings: + ```ruby php_fpm_pool "www" ``` -### Create PHP-FPM pool named 'www' with custom settings: +## Create PHP-FPM pool named 'www' with custom settings: + ```ruby php_fpm_pool "www" do cookbook "another-cookbook" # get template from another cookbook @@ -72,21 +71,21 @@ php_fpm_pool "www" do end ``` -### Delete PHP-FPM pool named 'www': +## Delete PHP-FPM pool named 'www': + ```ruby php_fpm_pool "www" do enable false end ``` -Development -=========== +# Development -### Requirements +## Requirements -* [Docker](https://www.docker.com/) +- [Docker](https://www.docker.com/) -### Setup +## Setup To get all dependencies: @@ -94,7 +93,7 @@ To get all dependencies: bundle install ``` -### Test +## Test To see available platforms: @@ -114,7 +113,7 @@ To test all platforms: bundle exec rake kitchen:all ``` -### Publishing (maintainers only!) +## Publishing (maintainers only!) Bump version in metadata.rb, commit and push to master! @@ -122,29 +121,22 @@ Bump version in metadata.rb, commit and push to master! bundle exec rake publish ``` -as a result new tag will be created and pushed to github as well as new version -will be published on https://supermarket.chef.io +as a result new tag will be created and pushed to github as well as new version will be published on -Contributing -=========== +# Contributing Please do not bump version when proposing a change, no other rules ;) -License and Author -================== +# License and Author -Author:: Seth Chisamore () +Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io)) -Copyright:: 2011, Opscode, Inc +Copyright:: 2011-2017, Chef Software, Inc -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 +``` +http://www.apache.org/licenses/LICENSE-2.0 +``` -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. diff --git a/cookbooks/php-fpm/attributes/default.rb b/cookbooks/php-fpm/attributes/default.rb index 2f5d088..e77c7ed 100644 --- a/cookbooks/php-fpm/attributes/default.rb +++ b/cookbooks/php-fpm/attributes/default.rb @@ -1,29 +1,25 @@ -case node["platform_family"] -when "rhel", "fedora" - user = "apache" - group = "apache" - conf_dir = "/etc/php.d" - pool_conf_dir = "/etc/php-fpm.d" - conf_file = "/etc/php-fpm.conf" - error_log = "/var/log/php-fpm/error.log" - pid = "/var/run/php-fpm/php-fpm.pid" +case node['platform_family'] +when 'rhel', 'fedora' + user = 'apache' + group = 'apache' + conf_dir = '/etc/php.d' + pool_conf_dir = '/etc/php-fpm.d' + conf_file = '/etc/php-fpm.conf' + error_log = '/var/log/php-fpm/error.log' + pid = '/var/run/php-fpm/php-fpm.pid' else - user = "www-data" - group = "www-data" - if platform?('ubuntu') and node['platform_version'].to_f >= 16.04 - php_conf_dir = "/etc/php/7.0" - php_fpm_name = "php7.0-fpm" + user = 'www-data' + group = 'www-data' + if platform?('ubuntu') && node['platform_version'].to_f >= 16.04 + php_conf_dir = '/etc/php/7.0' + php_fpm_name = 'php7.0-fpm' else - php_conf_dir = "/etc/php5" - php_fpm_name = "php5-fpm" + php_conf_dir = '/etc/php5' + php_fpm_name = 'php5-fpm' end conf_dir = "#{php_conf_dir}/fpm/conf.d" pool_conf_dir = "#{php_conf_dir}/fpm/pool.d" - if node['platform'] == "ubuntu" and node['platform_version'].to_f <= 10.04 - conf_file = "#{php_conf_dir}/fpm/php5-fpm.conf" - else - conf_file = "#{php_conf_dir}/fpm/php-fpm.conf" - end + conf_file = "#{php_conf_dir}/fpm/php-fpm.conf" error_log = "/var/log/#{php_fpm_name}.log" pid = "/var/run/#{php_fpm_name}.pid" end @@ -36,7 +32,7 @@ default['php-fpm']['conf_file'] = conf_file default['php-fpm']['pid'] = pid default['php-fpm']['log_dir'] = '/var/log/php-fpm' default['php-fpm']['error_log'] = error_log -default['php-fpm']['log_level'] = "notice" +default['php-fpm']['log_level'] = 'notice' default['php-fpm']['emergency_restart_threshold'] = 0 default['php-fpm']['emergency_restart_interval'] = 0 default['php-fpm']['process_control_timeout'] = 0 @@ -50,26 +46,26 @@ default['php-fpm']['request_terminate_timeout'] = 0 default['php-fpm']['catch_workers_output'] = 'no' default['php-fpm']['security_limit_extensions'] = '.php' default['php-fpm']['listen_mode'] = '0660' -default['php-fpm']['listen'] = "/var/run/php-fpm-%{pool_name}.sock" +default['php-fpm']['listen'] = '/var/run/php-fpm-%{pool_name}.sock' default['php-fpm']['pools'] = { - "www" => { - :enable => true - } + 'www' => { + enable: true, + }, } default['php-fpm']['skip_repository_install'] = false default['php-fpm']['installation_action'] = :install default['php-fpm']['version'] = nil -case node["platform_family"] -when "rhel" - default['php-fpm']['yum_url'] = "http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/" - default['php-fpm']['yum_mirrorlist'] = "http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror" -when "fedora" +case node['platform_family'] +when 'rhel' + default['php-fpm']['yum_url'] = 'http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/' + default['php-fpm']['yum_mirrorlist'] = 'http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror' +when 'fedora' default['php-fpm']['skip_repository_install'] = true end -default['php-fpm']['dotdeb_repository']['uri'] = "http://packages.dotdeb.org" -default['php-fpm']['dotdeb_repository']['key'] = "http://www.dotdeb.org/dotdeb.gpg" -default['php-fpm']['dotdeb-php53_repository']['uri'] = "http://php53.dotdeb.org" +default['php-fpm']['dotdeb_repository']['uri'] = 'http://packages.dotdeb.org' +default['php-fpm']['dotdeb_repository']['key'] = 'http://www.dotdeb.org/dotdeb.gpg' +default['php-fpm']['dotdeb-php53_repository']['uri'] = 'http://php53.dotdeb.org' diff --git a/cookbooks/php-fpm/definitions/php_fpm_pool.rb b/cookbooks/php-fpm/definitions/php_fpm_pool.rb index edd1b0e..12fc383 100644 --- a/cookbooks/php-fpm/definitions/php_fpm_pool.rb +++ b/cookbooks/php-fpm/definitions/php_fpm_pool.rb @@ -2,7 +2,7 @@ # Cookbook Name:: php-fpm # Definition:: php_fpm_pool # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,7 @@ # limitations under the License. # -define :php_fpm_pool, :template => "pool.conf.erb", :enable => true do - +define :php_fpm_pool, template: 'pool.conf.erb', enable: true do pool_name = params[:name] conf_file = "#{node['php-fpm']['pool_conf_dir']}/#{pool_name}.conf" @@ -27,40 +26,40 @@ define :php_fpm_pool, :template => "pool.conf.erb", :enable => true do template conf_file do only_if "test -d #{node['php-fpm']['pool_conf_dir']} || mkdir -p #{node['php-fpm']['pool_conf_dir']}" source params[:template] - owner "root" - group "root" - mode 00644 - cookbook params[:cookbook] || "php-fpm" + owner 'root' + group 'root' + mode '0644' + cookbook params[:cookbook] || 'php-fpm' variables( - :pool_name => pool_name, - :listen => params[:listen] || node['php-fpm']['listen'].gsub(%r[%{pool_name}], pool_name), - :listen_owner => params[:listen_owner] || node['php-fpm']['listen_owner'] || node['php-fpm']['user'], - :listen_group => params[:listen_group] || node['php-fpm']['listen_group'] || node['php-fpm']['group'], - :listen_mode => params[:listen_mode] || node['php-fpm']['listen_mode'], - :allowed_clients => params[:allowed_clients], - :user => params[:user] || node['php-fpm']['user'], - :group => params[:group] || node['php-fpm']['group'], - :process_manager => params[:process_manager] || node['php-fpm']['process_manager'], - :max_children => params[:max_children] || node['php-fpm']['max_children'], - :start_servers => params[:start_servers] || node['php-fpm']['start_servers'], - :min_spare_servers => params[:min_spare_servers] || node['php-fpm']['min_spare_servers'], - :max_spare_servers => params[:max_spare_servers] || node['php-fpm']['max_spare_servers'], - :max_requests => params[:max_requests] || node['php-fpm']['max_requests'], - :catch_workers_output => params[:catch_workers_output] || node['php-fpm']['catch_workers_output'], - :security_limit_extensions => params[:security_limit_extensions] || node['php-fpm']['security_limit_extensions'], - :access_log => params[:access_log] || false, - :slowlog => params[:slowlog] || false, - :request_slowlog_timeout => params[:request_slowlog_timeout] || false, - :php_options => params[:php_options] || {}, - :request_terminate_timeout => params[:request_terminate_timeout] || node['php-fpm']['request_terminate_timeout'], - :params => params + pool_name: pool_name, + listen: params[:listen] || node['php-fpm']['listen'].gsub(/%{pool_name}/, pool_name), + listen_owner: params[:listen_owner] || node['php-fpm']['listen_owner'] || node['php-fpm']['user'], + listen_group: params[:listen_group] || node['php-fpm']['listen_group'] || node['php-fpm']['group'], + listen_mode: params[:listen_mode] || node['php-fpm']['listen_mode'], + allowed_clients: params[:allowed_clients], + user: params[:user] || node['php-fpm']['user'], + group: params[:group] || node['php-fpm']['group'], + process_manager: params[:process_manager] || node['php-fpm']['process_manager'], + max_children: params[:max_children] || node['php-fpm']['max_children'], + start_servers: params[:start_servers] || node['php-fpm']['start_servers'], + min_spare_servers: params[:min_spare_servers] || node['php-fpm']['min_spare_servers'], + max_spare_servers: params[:max_spare_servers] || node['php-fpm']['max_spare_servers'], + max_requests: params[:max_requests] || node['php-fpm']['max_requests'], + catch_workers_output: params[:catch_workers_output] || node['php-fpm']['catch_workers_output'], + security_limit_extensions: params[:security_limit_extensions] || node['php-fpm']['security_limit_extensions'], + access_log: params[:access_log] || false, + slowlog: params[:slowlog] || false, + request_slowlog_timeout: params[:request_slowlog_timeout] || false, + php_options: params[:php_options] || {}, + request_terminate_timeout: params[:request_terminate_timeout] || node['php-fpm']['request_terminate_timeout'], + params: params ) - notifies :restart, "service[php-fpm]" + notifies :restart, 'service[php-fpm]' end else cookbook_file conf_file do action :delete - notifies :restart, "service[php-fpm]" + notifies :restart, 'service[php-fpm]' end end end diff --git a/cookbooks/php-fpm/metadata.json b/cookbooks/php-fpm/metadata.json index bd15377..5fc4dbe 100644 --- a/cookbooks/php-fpm/metadata.json +++ b/cookbooks/php-fpm/metadata.json @@ -1,37 +1 @@ -{ - "name": "php-fpm", - "version": "0.7.9", - "description": "Installs/Configures php-fpm", - "long_description": "[![Build Status](https://travis-ci.org/yevgenko/cookbook-php-fpm.svg?branch=master)](https://travis-ci.org/yevgenko/cookbook-php-fpm)\n\nDescription\n===========\n\nInstalls and configures PHP-FPM (FastCGI Process Manager), an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. It's like the `unicorn` of the PHP world dawg.\n\nRequirements\n============\n\nPlatform\n--------\n\n* Debian, Ubuntu\n* CentOS, Red Hat, Fedora\n* Amazon Linux\n\nCookbooks\n---------\n\n* apt (leverages apt_repository LWRP)\n* yum (leverages yum_repository LWRP)\n\nThe `apt_repository` and `yum_repository` LWRPs are used from these cookbooks to create the proper repository entries so the php-fpm package downloaded and installed.\n\nDescription\n==========\n\nCreates a PHP-FPM configuration file at the path specified. Meant to be deployed with a service init scheme/supervisor such as runit. Please see the `application::php-fpm` recipe for a complete working example. In depth information about PHP-FPM's configuration values can be [found in the PHP-FPM documentation](http://php.net/manual/en/install.fpm.configuration.php).\n\nUsage\n=====\nSimply include the recipe where you want PHP-FPM installed. Default pool __www__ will be created. To disable pool creation set default['php-fpm']['pools'] to false.\n\nTo customize settings and pools you can override default attributes.\n\n### Usage in roles:\n```ruby\nname \"php-fpm\"\ndescription \"php fpm role\"\nrun_list \"recipe[php-fpm]\"\noverride_attributes \"php-fpm\" => {\n\t\"pools\" => {\n\t\t\"default\" => {\n\t\t\t:enable => true\n\t\t},\n\t\t\"www\" => {\n\t\t\t:enable => \"true\",\n\t\t\t:cookbook => \"another-cookbook\",\n\t\t\t:process_manager => \"dynamic\",\n\t\t\t:max_requests => 5000,\n\t\t\t:php_options => { 'php_admin_flag[log_errors]' => 'on', 'php_admin_value[memory_limit]' => '32M' }\n\t\t}\n\t}\n}\n```\n\nCreating pools in recipes\n=========================\n### Create PHP-FPM pool named 'www' with default settings:\n```ruby\nphp_fpm_pool \"www\"\n```\n\n### Create PHP-FPM pool named 'www' with custom settings:\n```ruby\nphp_fpm_pool \"www\" do\n cookbook \"another-cookbook\" # get template from another cookbook\n process_manager \"dynamic\"\n max_requests 5000\n php_options 'php_admin_flag[log_errors]' => 'on', 'php_admin_value[memory_limit]' => '32M'\nend\n```\n\n### Delete PHP-FPM pool named 'www':\n```ruby\nphp_fpm_pool \"www\" do\n enable false\nend\n```\n\nDevelopment\n===========\n\n### Requirements\n\n* [Docker](https://www.docker.com/)\n\n### Setup\n\nTo get all dependencies:\n\n```\nbundle install\n```\n\n### Test\n\nTo see available platforms:\n\n```\nbundle exec rake -T\n```\n\nTo test particular platform:\n\n```\nbundle exec rake kitchen:default-ubuntu-1604\n```\n\nTo test all platforms:\n\n```\nbundle exec rake kitchen:all\n```\n\n### Publishing (maintainers only!)\n\nBump version in metadata.rb, commit and push to master!\n\n```\nbundle exec rake publish\n```\n\nas a result new tag will be created and pushed to github as well as new version\nwill be published on https://supermarket.chef.io\n\nContributing\n===========\n\nPlease do not bump version when proposing a change, no other rules ;)\n\nLicense and Author\n==================\n\nAuthor:: Seth Chisamore ()\n\nCopyright:: 2011, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Opscode, Inc.", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "centos": ">= 0.0.0", - "redhat": ">= 0.0.0", - "fedora": ">= 0.0.0", - "amazon": ">= 0.0.0" - }, - "dependencies": { - "apt": ">= 0.0.0", - "yum": ">= 3.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"php-fpm","version":"0.8.0","description":"Installs/Configures php-fpm","long_description":"[![Build Status](https://travis-ci.org/yevgenko/cookbook-php-fpm.svg?branch=master)](https://travis-ci.org/yevgenko/cookbook-php-fpm)\n\n# Description\n\nInstalls and configures PHP-FPM (FastCGI Process Manager), an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. It's like the `unicorn` of the PHP world dawg.\n\n# Requirements\n\n## Platform\n\n- Debian, Ubuntu\n- CentOS, Red Hat, Fedora\n- Amazon Linux\n\n## Cookbooks\n\n- none\n\n## Chef\n\n- 12.14 or later\n\n# Description\n\nCreates a PHP-FPM configuration file at the path specified. Meant to be deployed with a service init scheme/supervisor such as runit. Please see the `application::php-fpm` recipe for a complete working example. In depth information about PHP-FPM's configuration values can be [found in the PHP-FPM documentation](http://php.net/manual/en/install.fpm.configuration.php).\n\n# Usage\n\nSimply include the recipe where you want PHP-FPM installed. Default pool **www** will be created. To disable pool creation set default['php-fpm']['pools'] to false.\n\nTo customize settings and pools you can override default attributes.\n\n## Usage in roles:\n\n```ruby\nname \"php-fpm\"\ndescription \"php fpm role\"\nrun_list \"recipe[php-fpm]\"\noverride_attributes \"php-fpm\" => {\n \"pools\" => {\n \"default\" => {\n :enable => true\n },\n \"www\" => {\n :enable => \"true\",\n :cookbook => \"another-cookbook\",\n :process_manager => \"dynamic\",\n :max_requests => 5000,\n :php_options => { 'php_admin_flag[log_errors]' => 'on', 'php_admin_value[memory_limit]' => '32M' }\n }\n }\n}\n```\n\n# Creating pools in recipes\n\n## Create PHP-FPM pool named 'www' with default settings:\n\n```ruby\nphp_fpm_pool \"www\"\n```\n\n## Create PHP-FPM pool named 'www' with custom settings:\n\n```ruby\nphp_fpm_pool \"www\" do\n cookbook \"another-cookbook\" # get template from another cookbook\n process_manager \"dynamic\"\n max_requests 5000\n php_options 'php_admin_flag[log_errors]' => 'on', 'php_admin_value[memory_limit]' => '32M'\nend\n```\n\n## Delete PHP-FPM pool named 'www':\n\n```ruby\nphp_fpm_pool \"www\" do\n enable false\nend\n```\n\n# Development\n\n## Requirements\n\n- [Docker](https://www.docker.com/)\n\n## Setup\n\nTo get all dependencies:\n\n```\nbundle install\n```\n\n## Test\n\nTo see available platforms:\n\n```\nbundle exec rake -T\n```\n\nTo test particular platform:\n\n```\nbundle exec rake kitchen:default-ubuntu-1604\n```\n\nTo test all platforms:\n\n```\nbundle exec rake kitchen:all\n```\n\n## Publishing (maintainers only!)\n\nBump version in metadata.rb, commit and push to master!\n\n```\nbundle exec rake publish\n```\n\nas a result new tag will be created and pushed to github as well as new version will be published on \n\n# Contributing\n\nPlease do not bump version when proposing a change, no other rules ;)\n\n# License and Author\n\nAuthor:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n\nCopyright:: 2011-2017, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in compliance with the License. You may obtain a copy of the License at\n\n```\nhttp://www.apache.org/licenses/LICENSE-2.0\n```\n\nUnless required by applicable law or agreed to in writing, software distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"debian":">= 0.0.0","ubuntu":">= 0.0.0","centos":">= 0.0.0","redhat":">= 0.0.0","fedora":">= 0.0.0","amazon":">= 0.0.0","oracle":">= 0.0.0","scientific":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/yevgenko/cookbook-php-fpm","issues_url":"https://github.com/yevgenko/cookbook-php-fpm/issues","chef_version":[[">= 12.14"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/php-fpm/recipes/configure.rb b/cookbooks/php-fpm/recipes/configure.rb index 85435fe..26bfb8d 100644 --- a/cookbooks/php-fpm/recipes/configure.rb +++ b/cookbooks/php-fpm/recipes/configure.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore () +# Author:: Seth Chisamore () # Cookbook Name:: php-fpm # Recipe:: package # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,11 +19,11 @@ # template node['php-fpm']['conf_file'] do - source "php-fpm.conf.erb" + source 'php-fpm.conf.erb' mode 00644 - owner "root" - group "root" - notifies :restart, "service[php-fpm]" + owner 'root' + group 'root' + notifies :restart, 'service[php-fpm]' end if node['php-fpm']['pools'] @@ -36,7 +36,7 @@ if node['php-fpm']['pools'] end php_fpm_pool pool_name do pool.each do |k, v| - self.params[k.to_sym] = v + params[k.to_sym] = v end end end diff --git a/cookbooks/php-fpm/recipes/default.rb b/cookbooks/php-fpm/recipes/default.rb index 80e91d7..652298a 100644 --- a/cookbooks/php-fpm/recipes/default.rb +++ b/cookbooks/php-fpm/recipes/default.rb @@ -3,7 +3,7 @@ # Cookbook Name:: php-fpm # Recipe:: default # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/php-fpm/recipes/install.rb b/cookbooks/php-fpm/recipes/install.rb index 922590e..5249919 100644 --- a/cookbooks/php-fpm/recipes/install.rb +++ b/cookbooks/php-fpm/recipes/install.rb @@ -3,7 +3,7 @@ # Cookbook Name:: php-fpm # Recipe:: package # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,42 +19,41 @@ # include_recipe 'php-fpm::repository' unless node['php-fpm']['skip_repository_install'] -include_recipe 'apt::default' if node['platform_family'] == 'debian' -if node['php-fpm']['package_name'].nil? - if platform_family?("rhel", "fedora") - php_fpm_package_name = "php-fpm" - elsif platform?('ubuntu') and node['platform_version'].to_f >= 16.04 - php_fpm_package_name = "php7.0-fpm" - else - php_fpm_package_name = "php5-fpm" - end -else - php_fpm_package_name = node['php-fpm']['package_name'] -end +php_fpm_package_name = if node['php-fpm']['package_name'].nil? + if platform_family?('rhel', 'fedora') + 'php-fpm' + elsif platform?('ubuntu') && node['platform_version'].to_f >= 16.04 + 'php7.0-fpm' + else + 'php5-fpm' + end + else + node['php-fpm']['package_name'] + end package php_fpm_package_name do action node['php-fpm']['installation_action'] version node['php-fpm']['version'] if node['php-fpm']['version'] end -if node['php-fpm']['service_name'].nil? - php_fpm_service_name = php_fpm_package_name -else - php_fpm_service_name = node['php-fpm']['service_name'] -end +php_fpm_service_name = if node['php-fpm']['service_name'].nil? + php_fpm_package_name + else + node['php-fpm']['service_name'] + end service_provider = nil # this is actually already done in chef, but is kept here for older chef releases -if platform?('ubuntu') and node['platform_version'].to_f.between?(13.10, 14.10) +if platform?('ubuntu') && node['platform_version'].to_f.between?(13.10, 14.10) service_provider = ::Chef::Provider::Service::Upstart end directory node['php-fpm']['log_dir'] -service "php-fpm" do +service 'php-fpm' do provider service_provider if service_provider service_name php_fpm_service_name - supports :start => true, :stop => true, :restart => true, :reload => true - action [ :enable, :start ] + supports start: true, stop: true, restart: true, reload: true + action [:enable, :start] end diff --git a/cookbooks/php-fpm/recipes/repository.rb b/cookbooks/php-fpm/recipes/repository.rb index 3d253f0..a0a6c0c 100644 --- a/cookbooks/php-fpm/recipes/repository.rb +++ b/cookbooks/php-fpm/recipes/repository.rb @@ -3,7 +3,7 @@ # Cookbook Name:: php-fpm # Recipe:: package # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,68 +19,30 @@ # case node['platform'] -when 'ubuntu' - if node['platform_version'].to_f <= 10.04 - # Configure Brian's PPA - # We'll install php5-fpm from the Brian's PPA backports - apt_repository "brianmercer-php" do - uri "http://ppa.launchpad.net/brianmercer/php/ubuntu" - distribution node['lsb']['codename'] - components ["main"] - keyserver "keyserver.ubuntu.com" - key "8D0DC64F" - action :add - end - # FIXME: apt-get update didn't trigger in above - execute "apt-get update" - end when 'debian' # Configure Dotdeb repos # TODO: move this to it's own 'dotdeb' cookbook? # http://www.dotdeb.org/instructions/ if node['platform_version'].to_f >= 8.0 - apt_repository "dotdeb" do + apt_repository 'dotdeb' do uri node['php-fpm']['dotdeb_repository']['uri'] - distribution "jessie" + distribution 'jessie' components ['all'] key node['php-fpm']['dotdeb_repository']['key'] action :add end elsif node['platform_version'].to_f >= 7.0 - apt_repository "dotdeb" do + apt_repository 'dotdeb' do uri node['php-fpm']['dotdeb_repository']['uri'] - distribution "wheezy" - components ['all'] - key node['php-fpm']['dotdeb_repository']['key'] - action :add - end - elsif node['platform_version'].to_f >= 6.0 - apt_repository "dotdeb" do - uri node['php-fpm']['dotdeb_repository']['uri'] - distribution "squeeze" - components ['all'] - key node['php-fpm']['dotdeb_repository']['key'] - action :add - end - else - apt_repository "dotdeb" do - uri node['php-fpm']['dotdeb_repository']['uri'] - distribution "oldstable" - components ['all'] - key node['php-fpm']['dotdeb_repository']['key'] - action :add - end - apt_repository "dotdeb-php53" do - uri node['php-fpm']['dotdeb-php53_repository']['uri'] - distribution "oldstable" + distribution 'wheezy' components ['all'] key node['php-fpm']['dotdeb_repository']['key'] action :add end end -when 'amazon', 'fedora', 'centos', 'redhat' - unless platform?('centos', 'redhat') && node['platform_version'].to_f >= 6.4 +when 'amazon', 'fedora', 'centos', 'redhat', 'scientific', 'oracle' + unless platform?('centos', 'redhat') && node['platform_version'].to_f >= 6.4 # ~FC024 yum_repository 'remi' do description 'Remi' url node['php-fpm']['yum_url'] diff --git a/cookbooks/php-fpm/templates/default/php-fpm.conf.erb b/cookbooks/php-fpm/templates/php-fpm.conf.erb similarity index 100% rename from cookbooks/php-fpm/templates/default/php-fpm.conf.erb rename to cookbooks/php-fpm/templates/php-fpm.conf.erb diff --git a/cookbooks/php-fpm/templates/default/pool.conf.erb b/cookbooks/php-fpm/templates/pool.conf.erb similarity index 100% rename from cookbooks/php-fpm/templates/default/pool.conf.erb rename to cookbooks/php-fpm/templates/pool.conf.erb diff --git a/cookbooks/php/CHANGELOG.md b/cookbooks/php/CHANGELOG.md index 3cbd9c0..ae0c697 100644 --- a/cookbooks/php/CHANGELOG.md +++ b/cookbooks/php/CHANGELOG.md @@ -2,6 +2,71 @@ This file is used to list changes made in each version of the php cookbook. +## 6.1.1 (2018-08-07) + +- Pass in missing argument to manage_pecl_ini method when trying to remove a module + +## 6.1.0 (2018-07-24) + +- Allow default recipe to skip pear channel configuration + +## 6.0.0 (2018-04-16) + +### Breaking Change + +This release removes the previous recipes in this cookbook for setting up various PEAR extensions. These should now be setup using the php_pear module directly and not done by adding various recipes / manipulating attributes + +### Other Changes + +- Use the build_essential resource directly so we can call this from Chef itself on Chef 14 +- Add specs for additional platforms +- Move the helpers back into the resources which makes them easier to ship in Chef later +- Break out logic in the channel resource into a helper +- Add support for Amazon Linux 2 + +## 5.1.0 (2018-04-05) + +- Don't eval the action_class +- use php pear binary property in all recipes +- Remove incorrect not_if in the php_pear resource +- More testing updates +- Initial support for Ubuntu 18.04 + +## 5.0.0 (2018-02-15) + +- Simplify this cookbook to remove the dependency on mysql cookbook, and remove the database dependencies in the recipes and attributes. This will allow folks who are using the mysql cookbook to be able to upgrade as needed (or pin to earlier versions). As this is a big change, pin to an earlier version if you need the mysql support that was previously available in this cookbook. Future versions may contain a resource that allows for recompiling php with the necessary extensions. +- Usage of `node['php']['pear']` in the php_pear resource has been replaced with a new 'binary' property for specifying the path to the binary +- Added a new `priority` property to the php_pear resource + +## 4.6.0 (2018-02-07) + +- Converted the php_pear resource to a custom resource +- Moved all helper logic out of the resource and into its own helper library file +- Fix source install on Ubuntu by making sure we have xml2-config package +- Remove options that are no longer recognised by the php installer when installing from source +- Remove matchers as we no longer require them with a modern ChefDK + +## 4.5.0 (2017-07-11) + +- Add reinstall chefspec matcher +- Switch from maintainers files to a simple readme section +- Remove allow_call_time_pass_reference and y2k_compliance config on Debian/Ubuntu as no supported PHP version supports it +- Initial Debian 9 support + +## 4.4.0 (2017-06-27) + +- Add a reinstall action to php_pear +- Added additional specs for package installs on different platforms + +## 4.3.0 (2017-06-27) + +- Remove fallback default php attributes that were used if we were on an unsupported platform. If we don't know the platform we don't support it and we should fail until we add proper support +- Add a few attributes needed for fpm support on opensuse. This is a work in progress to get full PHP support on opensuse +- Install xml deps and avoid using xml cookbook since it's been deprecated +- Expand the php_pear testing +- Remove double logging and log the correct package name in php_pear resource +- Cleanup readme example codes, improve formatting and remove references to LWRPs as they are just resources now + ## 4.2.0 (2017-05-30) - Make sure package intalls, php-fpm, and source installs work on Amazon linux diff --git a/cookbooks/php/MAINTAINERS.md b/cookbooks/php/MAINTAINERS.md deleted file mode 100644 index 645ed14..0000000 --- a/cookbooks/php/MAINTAINERS.md +++ /dev/null @@ -1,15 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/php/README.md b/cookbooks/php/README.md index 8227d55..6bd2873 100644 --- a/cookbooks/php/README.md +++ b/cookbooks/php/README.md @@ -19,23 +19,22 @@ It installs and configures PHP and the PEAR package management system. Also incl ### Cookbooks - build-essential -- xml -- mysql ## Attributes - `node['php']['install_method']` = method to install php with, default `package`. - `node['php']['directives']` = Hash of directives and values to append to `php.ini`, default `{}`. -- `node['php']['pear']` = Name of the pear executable to use, default `pear`. +- `node['php']['pear_setup']` = Boolean value to determine whether to set up pear repositories. Default: `true` +- `node['php']['pear_channels']` = List of external pear channels to add if `node['php']['pear_setup]` is true. Default: `['pear.php.net', 'pecl.php.net']` The file also contains the following attribute types: - platform specific locations and settings. - source installation settings -## Resource/Provider +## Resources -This cookbook includes LWRPs for managing: +This cookbook includes resources for managing: - PEAR channels - PEAR/PECL packages @@ -46,16 +45,16 @@ This cookbook includes LWRPs for managing: #### Actions -- :discover: Initialize a channel from its server. -- :add: Add a channel to the channel list, usually only used to add private channels. Public channels are usually added using the `:discover` action -- :update: Update an existing channel -- :remove: Remove a channel from the List +- `:discover`: Initialize a channel from its server. +- `:add`: Add a channel to the channel list, usually only used to add private channels. Public channels are usually added using the `:discover` action +- `:update`: Update an existing channel +- `:remove`: Remove a channel from the List -#### Attribute Parameters +#### Properties -- channel_name: name attribute. The name of the channel to discover -- channel_xml: the channel.xml file of the channel you are adding -- pear: pear binary, default: pear +- `channel_name`: name attribute. The name of the channel to discover +- `channel_xml`: the channel.xml file of the channel you are adding +- `binary`: pear binary, default: pear #### Examples @@ -67,10 +66,10 @@ end # download xml then add the symfony channel remote_file "#{Chef::Config[:file_cache_path]}/symfony-channel.xml" do - source "http://pear.symfony-project.com/channel.xml" - mode 0644 + source 'http://pear.symfony-project.com/channel.xml' + mode '0644' end -php_pear_channel "symfony" do +php_pear_channel 'symfony' do channel_xml "#{Chef::Config[:file_cache_path]}/symfony-channel.xml" action :add end @@ -88,77 +87,84 @@ end ### `php_pear` -[PEAR](http://pear.php.net/) is a framework and distribution system for reusable PHP components. [PECL](http://pecl.php.net/) is a repository for PHP Extensions. PECL contains C extensions for compiling into PHP. As C programs, PECL extensions run more efficiently than PEAR packages. PEARs and PECLs use the same packaging and distribution system. As such this LWRP is clever enough to abstract away the small differences and can be used for managing either. This LWRP also creates the proper module .ini file for each PECL extension at the correct location for each supported platform. +[PEAR](http://pear.php.net/) is a framework and distribution system for reusable PHP components. [PECL](http://pecl.php.net/) is a repository for PHP Extensions. PECL contains C extensions for compiling into PHP. As C programs, PECL extensions run more efficiently than PEAR packages. PEARs and PECLs use the same packaging and distribution system. As such this resource is clever enough to abstract away the small differences and can be used for managing either. This resource also creates the proper module .ini file for each PECL extension at the correct location for each supported platform. #### Actions - `:install`: Install a pear package - if version is provided, install that specific version - `:upgrade`: Upgrade a pear package - if version is provided, upgrade to that specific version - `:remove`: Remove a pear package -- `:purge`: Purge a pear package (this usually entails removing configuration files as well as the package itself). With pear packages this behaves the same as `:remove` +- `:reinstall`: Force install of the package even if the same version is already installed. Note: This will converge on every Chef run and is probably not what you want. +- `:purge`: An alias for remove as the two behave the same in pear -#### Attribute Parameters +#### Properties - `package_name`: name attribute. The name of the pear package to install -- version: the version of the pear package to install/upgrade. If no version is given latest is assumed. -- `preferred_state`: PEAR by default installs stable packages only, this allows you to install pear packages in a devel, alpha or beta state +- `version`: the version of the pear package to install/upgrade. If no version is given latest is assumed. +- `channel`: +- `options`: Add additional options to the underlying pear package command - `directives`: extra extension directives (settings) for a pecl. on most platforms these usually get rendered into the extension's .ini file - `zend_extensions`: extension filenames which should be loaded with zend_extension. -- o`ptions`: Add additional options to the underlying pear package command +- `preferred_state`: PEAR by default installs stable packages only, this allows you to install pear packages in a devel, alpha or beta state +- `binary`: The pear binary to use, by default pear, can be overridden if the binary is not called pear, e.g. pear7 #### Examples ```ruby # upgrade a pear -php_pear "XML_RPC" do +php_pear 'XML_RPC' do action :upgrade end - # install a specific version -php_pear "XML_RPC" do - version "1.5.4" +php_pear 'XML_RPC' do + version '1.5.4' action :install end - # install the mongodb pecl -php_pear "mongo" do +php_pear 'Install mongo but use a different resource name' do + package_name 'mongo' action :install end # install the xdebug pecl -php_pear "xdebug" do +php_pear 'xdebug' do # Specify that xdebug.so must be loaded as a zend extension zend_extensions ['xdebug.so'] action :install end - # install apc pecl with directives -php_pear "apc" do +php_pear 'apc' do action :install - directives(:shm_size => 128, :enable_cli => 1) + directives(shm_size: 128, enable_cli: 1) end +# install using the pear-7 binary +php_pear 'apc' do + action :install + binary 'pear7' +end # install the beta version of Horde_Url # from the horde channel -hc = php_pear_channel "pear.horde.org" do +hc = php_pear_channel 'pear.horde.org' do action :discover end -php_pear "Horde_Url" do - preferred_state "beta" + +php_pear 'Horde_Url' do + preferred_state 'beta' channel hc.channel_name action :install end - # install the YAML pear from the symfony project -sc = php_pear_channel "pear.symfony-project.com" do +sc = php_pear_channel 'pear.symfony-project.com' do action :discover end -php_pear "YAML" do + +php_pear 'YAML' do channel sc.channel_name action :install end @@ -195,7 +201,7 @@ More info: ```ruby # Install a FPM pool named "default" -php_fpm_pool "default" do +php_fpm_pool 'default' do action :install end ``` @@ -214,37 +220,6 @@ This recipe installs PHP from packages. This recipe installs PHP from source. -## Deprecated Recipes - -The following recipes are deprecated and will be removed from a future version of this cookbook. - -- `module_apc` -- `module_apcu` -- `module_curl` -- `module_fileinfo` -- `module_fpdf` -- `module_gd` -- `module_imap` -- `module_ldap` -- `module_memcache` -- `module_mysql` -- `module_pgsql` -- `module_sqlite3` - -The installation of the php modules in these recipes can now be accomplished by installing from a native package or via the new php_pear LWRP. For example, the functionality of the `module_memcache` recipe can be enabled in the following ways: - -```ruby -# using apt -package "php5-memcache" do - action :install -end - -# using pear LWRP -php_pear "memcache" do - action :install -end -``` - ## Usage Simply include the `php` recipe where ever you would like php installed. To install from source override the `node['php']['install_method']` attribute with in a role or wrapper cookbook: @@ -252,23 +227,26 @@ Simply include the `php` recipe where ever you would like php installed. To inst ### Role example: ```ruby -name "php" -description "Install php from source" +name 'php' +description 'Install php from source' override_attributes( - "php" => { - "install_method" => "source" + 'php' => { + 'install_method' => 'source', } ) run_list( - "recipe[php]" + 'recipe[php]' ) ``` -## License & Authors +## Maintainers -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) -**Copyright:** 2008-2017, Chef Software, Inc. +## License + +**Copyright:** 2011-2018, Chef Software, Inc. +**Copyright:** 2018, Oracle and/or its affiliates. All rights reserved ``` Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/cookbooks/php/attributes/default.rb b/cookbooks/php/attributes/default.rb index 58a2dc6..f12383d 100644 --- a/cookbooks/php/attributes/default.rb +++ b/cookbooks/php/attributes/default.rb @@ -2,7 +2,7 @@ # Cookbook:: php # Attributes:: default # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,11 +22,17 @@ default['php']['install_method'] = 'package' default['php']['directives'] = {} default['php']['bin'] = 'php' -default['php']['pear'] = 'pear' default['php']['pecl'] = 'pecl' default['php']['version'] = '5.6.30' +default['php']['pear'] = '/usr/bin/pear' +default['php']['pear_setup'] = true +default['php']['pear_channels'] = [ + 'pear.php.net', + 'pecl.php.net', +] + default['php']['url'] = 'http://us1.php.net/get' default['php']['checksum'] = '8bc7d93e4c840df11e3d9855dcad15c1b7134e8acf0cf3b90b932baea2d0bde2' default['php']['prefix_dir'] = '/usr/local' @@ -36,14 +42,7 @@ default['php']['disable_mod'] = '/usr/sbin/php5dismod' default['php']['ini']['template'] = 'php.ini.erb' default['php']['ini']['cookbook'] = 'php' -default['php']['fpm_socket'] = '/var/run/php5-fpm.sock' -default['php']['curl']['package'] = 'php5-curl' -default['php']['apc']['package'] = 'php5-apc' -default['php']['apcu']['package'] = 'php5-apcu' -default['php']['gd']['package'] = 'php5-gd' -default['php']['ldap']['package'] = 'php5-ldap' -default['php']['pgsql']['package'] = 'php5-pgsql' -default['php']['sqlite']['package'] = 'php5-sqlite3' +default['php']['fpm_socket'] = '/var/run/php5-fpm.sock' case node['platform_family'] when 'rhel', 'fedora', 'amazon' @@ -55,16 +54,21 @@ when 'rhel', 'fedora', 'amazon' default['php']['fpm_listen_user'] = 'nobody' default['php']['fpm_listen_group'] = 'nobody' default['php']['ext_dir'] = "/usr/#{lib_dir}/php/modules" - if node['platform'] == 'amazon' # amazon names their packages with versions - default['php']['src_deps'] = %w(bzip2-devel libc-client-devel curl-devel freetype-devel gmp-devel libjpeg-devel krb5-devel libmcrypt-devel libpng-devel openssl-devel t1lib-devel) - default['php']['packages'] = %w(php56 php56-devel php-pear) - default['php']['fpm_package'] = 'php56-fpm' + if node['platform'] == 'amazon' # amazon names their packages with versions on 201X amazon + default['php']['src_deps'] = %w(bzip2-devel libc-client-devel curl-devel freetype-devel gmp-devel libjpeg-devel krb5-devel libmcrypt-devel libpng-devel openssl-devel t1lib-devel libxml2-devel libxslt-devel zlib-devel) + + if node['platform_version'].to_i == 2 + default['php']['packages'] = %w(php php-devel php-pear) + default['php']['fpm_package'] = 'php-fpm' + else + default['php']['packages'] = %w(php56 php56-devel php-pear) + default['php']['fpm_package'] = 'php56-fpm' + end else # redhat does not name their packages with version on RHEL 6+ - default['php']['src_deps'] = %w(bzip2-devel libc-client-devel curl-devel freetype-devel gmp-devel libjpeg-devel krb5-devel libmcrypt-devel libpng-devel openssl-devel t1lib-devel mhash-devel) + default['php']['src_deps'] = %w(bzip2-devel libc-client-devel curl-devel freetype-devel gmp-devel libjpeg-devel krb5-devel libmcrypt-devel libpng-devel openssl-devel t1lib-devel libxml2-devel libxslt-devel zlib-devel mhash-devel) default['php']['packages'] = %w(php php-devel php-cli php-pear) default['php']['fpm_package'] = 'php-fpm' end - default['php']['mysql']['package'] = 'php-mysql' default['php']['fpm_pooldir'] = '/etc/php-fpm.d' default['php']['fpm_default_conf'] = '/etc/php-fpm.d/www.conf' default['php']['fpm_service'] = 'php-fpm' @@ -77,9 +81,8 @@ when 'rhel', 'fedora', 'amazon' when 'debian' default['php']['conf_dir'] = '/etc/php5/cli' default['php']['ext_conf_dir'] = '/etc/php5/conf.d' - default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev libxml2-dev libxslt-dev zlib1g-dev) default['php']['packages'] = %w(php5-cgi php5 php5-dev php5-cli php-pear) - default['php']['mysql']['package'] = 'php5-mysql' default['php']['fpm_package'] = 'php5-fpm' default['php']['fpm_pooldir'] = '/etc/php5/fpm/pool.d' default['php']['fpm_user'] = 'www-data' @@ -88,31 +91,41 @@ when 'debian' default['php']['fpm_listen_group'] = 'www-data' default['php']['fpm_service'] = 'php5-fpm' default['php']['fpm_default_conf'] = '/etc/php5/fpm/pool.d/www.conf' + + if (platform?('debian') && node['platform_version'].to_i >= 9) || + (platform?('ubuntu') && node['platform_version'].to_f == 16.04) + default['php']['version'] = '7.0.4' + default['php']['checksum'] = 'f6cdac2fd37da0ac0bbcee0187d74b3719c2f83973dfe883d5cde81c356fe0a8' + default['php']['conf_dir'] = '/etc/php/7.0/cli' + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev pkg-config libxml2-dev) + default['php']['packages'] = %w(php7.0-cgi php7.0 php7.0-dev php7.0-cli php-pear) + default['php']['fpm_package'] = 'php7.0-fpm' + default['php']['fpm_pooldir'] = '/etc/php/7.0/fpm/pool.d' + default['php']['fpm_service'] = 'php7.0-fpm' + default['php']['fpm_socket'] = '/var/run/php/php7.0-fpm.sock' + default['php']['fpm_default_conf'] = '/etc/php/7.0/fpm/pool.d/www.conf' + default['php']['enable_mod'] = '/usr/sbin/phpenmod' + default['php']['disable_mod'] = '/usr/sbin/phpdismod' + default['php']['ext_conf_dir'] = '/etc/php/7.0/mods-available' + elsif platform?('ubuntu') && node['platform_version'].to_f >= 18.04 + default['php']['version'] = '7.0.4' + default['php']['checksum'] = 'f6cdac2fd37da0ac0bbcee0187d74b3719c2f83973dfe883d5cde81c356fe0a8' + default['php']['conf_dir'] = '/etc/php/7.2/cli' + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev pkg-config libxml2-dev) + default['php']['packages'] = %w(php7.2-cgi php7.2 php7.2-dev php7.2-cli php-pear) + default['php']['fpm_package'] = 'php7.2-fpm' + default['php']['fpm_pooldir'] = '/etc/php/7.2/fpm/pool.d' + default['php']['fpm_service'] = 'php7.2-fpm' + default['php']['fpm_socket'] = '/var/run/php/php7.2-fpm.sock' + default['php']['fpm_default_conf'] = '/etc/php/7.2/fpm/pool.d/www.conf' + default['php']['enable_mod'] = '/usr/sbin/phpenmod' + default['php']['disable_mod'] = '/usr/sbin/phpdismod' + default['php']['ext_conf_dir'] = '/etc/php/7.2/mods-available' + end + case node['platform'] when 'ubuntu' case node['platform_version'].to_f - when 16.04 - default['php']['version'] = '7.0.4' - default['php']['checksum'] = 'f6cdac2fd37da0ac0bbcee0187d74b3719c2f83973dfe883d5cde81c356fe0a8' - default['php']['conf_dir'] = '/etc/php/7.0/cli' - default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev pkg-config) - default['php']['packages'] = %w(php7.0-cgi php7.0 php7.0-dev php7.0-cli php-pear) - default['php']['mysql']['package'] = 'php7.0-mysql' - default['php']['curl']['package'] = 'php7.0-curl' - default['php']['apc']['package'] = 'php-apc' - default['php']['apcu']['package'] = 'php-apcu' - default['php']['gd']['package'] = 'php7.0-gd' - default['php']['ldap']['package'] = 'php7.0-ldap' - default['php']['pgsql']['package'] = 'php7.0-pgsql' - default['php']['sqlite']['package'] = 'php7.0-sqlite3' - default['php']['fpm_package'] = 'php7.0-fpm' - default['php']['fpm_pooldir'] = '/etc/php/7.0/fpm/pool.d' - default['php']['fpm_service'] = 'php7.0-fpm' - default['php']['fpm_socket'] = '/var/run/php/php7.0-fpm.sock' - default['php']['fpm_default_conf'] = '/etc/php/7.0/fpm/pool.d/www.conf' - default['php']['enable_mod'] = '/usr/sbin/phpenmod' - default['php']['disable_mod'] = '/usr/sbin/phpdismod' - default['php']['ext_conf_dir'] = '/etc/php/7.0/mods-available' when 13.04..15.10 default['php']['ext_conf_dir'] = '/etc/php5/mods-available' end @@ -124,13 +137,16 @@ when 'debian' when 'suse' default['php']['conf_dir'] = '/etc/php5/cli' default['php']['ext_conf_dir'] = '/etc/php5/conf.d' - default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev libxml2-devel libxslt-devel zlib-devel) + default['php']['fpm_default_conf'] = '/etc/php-fpm.d/www.conf' + default['php']['fpm_pooldir'] = '/etc/php5/fpm' + default['php']['fpm_service'] = 'php-fpm' + default['php']['fpm_package'] = 'php5-fpm' default['php']['fpm_user'] = 'wwwrun' default['php']['fpm_group'] = 'www' default['php']['fpm_listen_user'] = 'wwwrun' default['php']['fpm_listen_group'] = 'www' default['php']['packages'] = %w(apache2-mod_php5 php5-pear) - default['php']['mysql']['package'] = 'php5-mysql' lib_dir = node['kernel']['machine'] =~ /x86_64/ ? 'lib64' : 'lib' when 'freebsd' default['php']['conf_dir'] = '/usr/local/etc' @@ -141,15 +157,6 @@ when 'freebsd' default['php']['fpm_listen_user'] = 'www' default['php']['fpm_listen_group'] = 'www' default['php']['packages'] = %w( php56 pear ) - default['php']['mysql']['package'] = 'php56-mysqli' -else - default['php']['conf_dir'] = '/etc/php5/cli' - default['php']['ext_conf_dir'] = '/etc/php5/conf.d' - default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) - default['php']['fpm_user'] = 'www-data' - default['php']['fpm_group'] = 'www-data' - default['php']['packages'] = %w(php5-cgi php5 php5-dev php5-cli php-pear) - default['php']['mysql']['package'] = 'php5-mysql' end default['php']['configure_options'] = %W(--prefix=#{node['php']['prefix_dir']} @@ -179,13 +186,5 @@ default['php']['configure_options'] = %W(--prefix=#{node['php']['prefix_dir']} --enable-sockets --enable-soap --with-xmlrpc - --with-libevent-dir --with-mcrypt - --enable-mbstring - --with-t1lib - --with-mysql - --with-mysqli=/usr/bin/mysql_config - --with-mysql-sock - --with-sqlite3 - --with-pdo-mysql - --with-pdo-sqlite) + --enable-mbstring) diff --git a/cookbooks/php/libraries/matchers.rb b/cookbooks/php/libraries/matchers.rb deleted file mode 100644 index f79863c..0000000 --- a/cookbooks/php/libraries/matchers.rb +++ /dev/null @@ -1,48 +0,0 @@ -if defined?(ChefSpec) - ChefSpec.define_matcher :php_pear - def install_php_pear(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :install, resource_name) - end - - def remove_php_pear(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :remove, resource_name) - end - - def upgrade_php_pear(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :upgrade, resource_name) - end - - def purge_php_pear(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :purge, resource_name) - end - - def purge_php_pear(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :option, resource_name) - end - - ChefSpec.define_matcher :php_pear_channel - def discover_php_pear_channel(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :discover, resource_name) - end - - def remove_php_pear_channel(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :remove, resource_name) - end - - def update_php_pear_channel(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :update, resource_name) - end - - def add_php_pear_channel(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :add, resource_name) - end - - ChefSpec.define_matcher :php_fpm_pool - def install_php_fpm_pool(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_fpm_pool, :install, resource_name) - end - - def uninstall_php_fpm_pool(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:php_fpm_pool, :uninstall, resource_name) - end -end diff --git a/cookbooks/php/metadata.json b/cookbooks/php/metadata.json index 734dcbe..5f11b3d 100644 --- a/cookbooks/php/metadata.json +++ b/cookbooks/php/metadata.json @@ -1 +1 @@ -{"name":"php","version":"4.2.0","description":"Installs and maintains php and php modules","long_description":"# php Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/php.svg?branch=master)](http://travis-ci.org/chef-cookbooks/php) [![Cookbook Version](https://img.shields.io/cookbook/v/php.svg)](https://supermarket.chef.io/cookbooks/php)\n\nIt installs and configures PHP and the PEAR package management system. Also includes resources for managing PEAR (and PECL) packages, PECL channels, and PHP-FPM pools.\n\n## Requirements\n\n### Platforms\n\n- Debian, Ubuntu\n- CentOS, Red Hat, Oracle, Scientific, Amazon Linux\n- Fedora\n\n### Chef\n\n- Chef 12.7+\n\n### Cookbooks\n\n- build-essential\n- xml\n- mysql\n\n## Attributes\n\n- `node['php']['install_method']` = method to install php with, default `package`.\n- `node['php']['directives']` = Hash of directives and values to append to `php.ini`, default `{}`.\n- `node['php']['pear']` = Name of the pear executable to use, default `pear`.\n\nThe file also contains the following attribute types:\n\n- platform specific locations and settings.\n- source installation settings\n\n## Resource/Provider\n\nThis cookbook includes LWRPs for managing:\n\n- PEAR channels\n- PEAR/PECL packages\n\n### `php_pear_channel`\n\n[PEAR Channels](http://pear.php.net/manual/en/guide.users.commandline.channels.php) are alternative sources for PEAR packages. This resource provides and easy way to manage these channels.\n\n#### Actions\n\n- :discover: Initialize a channel from its server.\n- :add: Add a channel to the channel list, usually only used to add private channels. Public channels are usually added using the `:discover` action\n- :update: Update an existing channel\n- :remove: Remove a channel from the List\n\n#### Attribute Parameters\n\n- channel_name: name attribute. The name of the channel to discover\n- channel_xml: the channel.xml file of the channel you are adding\n- pear: pear binary, default: pear\n\n#### Examples\n\n```ruby\n# discover the horde channel\nphp_pear_channel \"pear.horde.org\" do\n action :discover\nend\n\n# download xml then add the symfony channel\nremote_file \"#{Chef::Config[:file_cache_path]}/symfony-channel.xml\" do\n source \"http://pear.symfony-project.com/channel.xml\"\n mode 0644\nend\nphp_pear_channel \"symfony\" do\n channel_xml \"#{Chef::Config[:file_cache_path]}/symfony-channel.xml\"\n action :add\nend\n\n# update the main pear channel\nphp_pear_channel 'pear.php.net' do\n action :update\nend\n\n# update the main pecl channel\nphp_pear_channel 'pecl.php.net' do\n action :update\nend\n```\n\n### `php_pear`\n\n[PEAR](http://pear.php.net/) is a framework and distribution system for reusable PHP components. [PECL](http://pecl.php.net/) is a repository for PHP Extensions. PECL contains C extensions for compiling into PHP. As C programs, PECL extensions run more efficiently than PEAR packages. PEARs and PECLs use the same packaging and distribution system. As such this LWRP is clever enough to abstract away the small differences and can be used for managing either. This LWRP also creates the proper module .ini file for each PECL extension at the correct location for each supported platform.\n\n#### Actions\n\n- `:install`: Install a pear package - if version is provided, install that specific version\n- `:upgrade`: Upgrade a pear package - if version is provided, upgrade to that specific version\n- `:remove`: Remove a pear package\n- `:purge`: Purge a pear package (this usually entails removing configuration files as well as the package itself). With pear packages this behaves the same as `:remove`\n\n#### Attribute Parameters\n\n- `package_name`: name attribute. The name of the pear package to install\n- version: the version of the pear package to install/upgrade. If no version is given latest is assumed.\n- `preferred_state`: PEAR by default installs stable packages only, this allows you to install pear packages in a devel, alpha or beta state\n- `directives`: extra extension directives (settings) for a pecl. on most platforms these usually get rendered into the extension's .ini file\n- `zend_extensions`: extension filenames which should be loaded with zend_extension.\n- o`ptions`: Add additional options to the underlying pear package command\n\n#### Examples\n\n```ruby\n# upgrade a pear\nphp_pear \"XML_RPC\" do\n action :upgrade\nend\n\n\n# install a specific version\nphp_pear \"XML_RPC\" do\n version \"1.5.4\"\n action :install\nend\n\n\n# install the mongodb pecl\nphp_pear \"mongo\" do\n action :install\nend\n\n# install the xdebug pecl\nphp_pear \"xdebug\" do\n # Specify that xdebug.so must be loaded as a zend extension\n zend_extensions ['xdebug.so']\n action :install\nend\n\n\n# install apc pecl with directives\nphp_pear \"apc\" do\n action :install\n directives(:shm_size => 128, :enable_cli => 1)\nend\n\n\n# install the beta version of Horde_Url\n# from the horde channel\nhc = php_pear_channel \"pear.horde.org\" do\n action :discover\nend\nphp_pear \"Horde_Url\" do\n preferred_state \"beta\"\n channel hc.channel_name\n action :install\nend\n\n\n# install the YAML pear from the symfony project\nsc = php_pear_channel \"pear.symfony-project.com\" do\n action :discover\nend\nphp_pear \"YAML\" do\n channel sc.channel_name\n action :install\nend\n```\n\n### `php_fpm_pool`\n\nInstalls the `php-fpm` package appropriate for your distro (if using packages) and configures a FPM pool for you. Currently only supported in Debian-family operating systems and CentOS 7 (or at least tested with such, YMMV if you are using source).\n\nPlease consider FPM functionally pre-release, and test it thoroughly in your environment before using it in production\n\nMore info: \n\n#### Actions\n\n- `:install`: Installs the FPM pool (default).\n- `:uninstall`: Removes the FPM pool.\n\n#### Attribute Parameters\n\n- `pool_name`: name attribute. The name of the FPM pool.\n- `listen`: The listen address. Default: `/var/run/php5-fpm.sock`\n- `user`: The user to run the FPM under. Default should be the webserver user for your distro.\n- `group`: The group to run the FPM under. Default should be the webserver group for your distro.\n- `process_manager`: Process manager to use - see . Default: `dynamic`\n- `max_children`: Max children to scale to. Default: 5\n- `start_servers`: Number of servers to start the pool with. Default: 2\n- `min_spare_servers`: Minimum number of servers to have as spares. Default: 1\n- `max_spare_servers`: Maximum number of servers to have as spares. Default: 3\n- `chdir`: The startup working directory of the pool. Default: `/`\n- `additional_config`: Additional parameters in JSON. Default: {}\n\n#### Examples\n\n```ruby\n# Install a FPM pool named \"default\"\nphp_fpm_pool \"default\" do\n action :install\nend\n```\n\n## Recipes\n\n### default\n\nInclude the default recipe in a run list, to get `php`. By default `php` is installed from packages but this can be changed by using the `install_method` attribute.\n\n### package\n\nThis recipe installs PHP from packages.\n\n### source\n\nThis recipe installs PHP from source.\n\n## Deprecated Recipes\n\nThe following recipes are deprecated and will be removed from a future version of this cookbook.\n\n- `module_apc`\n- `module_apcu`\n- `module_curl`\n- `module_fileinfo`\n- `module_fpdf`\n- `module_gd`\n- `module_imap`\n- `module_ldap`\n- `module_memcache`\n- `module_mysql`\n- `module_pgsql`\n- `module_sqlite3`\n\nThe installation of the php modules in these recipes can now be accomplished by installing from a native package or via the new php_pear LWRP. For example, the functionality of the `module_memcache` recipe can be enabled in the following ways:\n\n```ruby\n# using apt\npackage \"php5-memcache\" do\n action :install\nend\n\n# using pear LWRP\nphp_pear \"memcache\" do\n action :install\nend\n```\n\n## Usage\n\nSimply include the `php` recipe where ever you would like php installed. To install from source override the `node['php']['install_method']` attribute with in a role or wrapper cookbook:\n\n### Role example:\n\n```ruby\nname \"php\"\ndescription \"Install php from source\"\noverride_attributes(\n \"php\" => {\n \"install_method\" => \"source\"\n }\n)\nrun_list(\n \"recipe[php]\"\n)\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2008-2017, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","ubuntu":">= 0.0.0"},"dependencies":{"build-essential":">= 0.0.0","xml":">= 0.0.0","mysql":">= 6.0.0","yum-epel":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"php":"Installs php","php::package":"Installs php using packages.","php::source":"Installs php from source.","php::module_apc":"Install the php5-apc package","php::module_curl":"Install the php5-curl package","php::module_fileinfo":"Install the php5-fileinfo package","php::module_fpdf":"Install the php-fpdf package","php::module_gd":"Install the php5-gd package","php::module_imap":"Install the php5-imap package","php::module_ldap":"Install the php5-ldap package","php::module_memcache":"Install the php5-memcache package","php::module_mysql":"Install the php5-mysql package","php::module_pgsql":"Install the php5-pgsql packag","php::module_sqlite3":"Install the php5-sqlite3 package"},"source_url":"https://github.com/chef-cookbooks/php","issues_url":"https://github.com/chef-cookbooks/php/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file +{"name":"php","version":"6.1.1","description":"Installs and maintains php and php modules","long_description":"# php Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/php.svg?branch=master)](http://travis-ci.org/chef-cookbooks/php) [![Cookbook Version](https://img.shields.io/cookbook/v/php.svg)](https://supermarket.chef.io/cookbooks/php)\n\nIt installs and configures PHP and the PEAR package management system. Also includes resources for managing PEAR (and PECL) packages, PECL channels, and PHP-FPM pools.\n\n## Requirements\n\n### Platforms\n\n- Debian, Ubuntu\n- CentOS, Red Hat, Oracle, Scientific, Amazon Linux\n- Fedora\n\n### Chef\n\n- Chef 12.7+\n\n### Cookbooks\n\n- build-essential\n\n## Attributes\n\n- `node['php']['install_method']` = method to install php with, default `package`.\n- `node['php']['directives']` = Hash of directives and values to append to `php.ini`, default `{}`.\n- `node['php']['pear_setup']` = Boolean value to determine whether to set up pear repositories. Default: `true`\n- `node['php']['pear_channels']` = List of external pear channels to add if `node['php']['pear_setup]` is true. Default: `['pear.php.net', 'pecl.php.net']`\n\nThe file also contains the following attribute types:\n\n- platform specific locations and settings.\n- source installation settings\n\n## Resources\n\nThis cookbook includes resources for managing:\n\n- PEAR channels\n- PEAR/PECL packages\n\n### `php_pear_channel`\n\n[PEAR Channels](http://pear.php.net/manual/en/guide.users.commandline.channels.php) are alternative sources for PEAR packages. This resource provides and easy way to manage these channels.\n\n#### Actions\n\n- `:discover`: Initialize a channel from its server.\n- `:add`: Add a channel to the channel list, usually only used to add private channels. Public channels are usually added using the `:discover` action\n- `:update`: Update an existing channel\n- `:remove`: Remove a channel from the List\n\n#### Properties\n\n- `channel_name`: name attribute. The name of the channel to discover\n- `channel_xml`: the channel.xml file of the channel you are adding\n- `binary`: pear binary, default: pear\n\n#### Examples\n\n```ruby\n# discover the horde channel\nphp_pear_channel \"pear.horde.org\" do\n action :discover\nend\n\n# download xml then add the symfony channel\nremote_file \"#{Chef::Config[:file_cache_path]}/symfony-channel.xml\" do\n source 'http://pear.symfony-project.com/channel.xml'\n mode '0644'\nend\nphp_pear_channel 'symfony' do\n channel_xml \"#{Chef::Config[:file_cache_path]}/symfony-channel.xml\"\n action :add\nend\n\n# update the main pear channel\nphp_pear_channel 'pear.php.net' do\n action :update\nend\n\n# update the main pecl channel\nphp_pear_channel 'pecl.php.net' do\n action :update\nend\n```\n\n### `php_pear`\n\n[PEAR](http://pear.php.net/) is a framework and distribution system for reusable PHP components. [PECL](http://pecl.php.net/) is a repository for PHP Extensions. PECL contains C extensions for compiling into PHP. As C programs, PECL extensions run more efficiently than PEAR packages. PEARs and PECLs use the same packaging and distribution system. As such this resource is clever enough to abstract away the small differences and can be used for managing either. This resource also creates the proper module .ini file for each PECL extension at the correct location for each supported platform.\n\n#### Actions\n\n- `:install`: Install a pear package - if version is provided, install that specific version\n- `:upgrade`: Upgrade a pear package - if version is provided, upgrade to that specific version\n- `:remove`: Remove a pear package\n- `:reinstall`: Force install of the package even if the same version is already installed. Note: This will converge on every Chef run and is probably not what you want.\n- `:purge`: An alias for remove as the two behave the same in pear\n\n#### Properties\n\n- `package_name`: name attribute. The name of the pear package to install\n- `version`: the version of the pear package to install/upgrade. If no version is given latest is assumed.\n- `channel`:\n- `options`: Add additional options to the underlying pear package command\n- `directives`: extra extension directives (settings) for a pecl. on most platforms these usually get rendered into the extension's .ini file\n- `zend_extensions`: extension filenames which should be loaded with zend_extension.\n- `preferred_state`: PEAR by default installs stable packages only, this allows you to install pear packages in a devel, alpha or beta state\n- `binary`: The pear binary to use, by default pear, can be overridden if the binary is not called pear, e.g. pear7\n\n#### Examples\n\n```ruby\n# upgrade a pear\nphp_pear 'XML_RPC' do\n action :upgrade\nend\n\n# install a specific version\nphp_pear 'XML_RPC' do\n version '1.5.4'\n action :install\nend\n\n# install the mongodb pecl\nphp_pear 'Install mongo but use a different resource name' do\n package_name 'mongo'\n action :install\nend\n\n# install the xdebug pecl\nphp_pear 'xdebug' do\n # Specify that xdebug.so must be loaded as a zend extension\n zend_extensions ['xdebug.so']\n action :install\nend\n\n# install apc pecl with directives\nphp_pear 'apc' do\n action :install\n directives(shm_size: 128, enable_cli: 1)\nend\n\n# install using the pear-7 binary\nphp_pear 'apc' do\n action :install\n binary 'pear7'\nend\n\n# install the beta version of Horde_Url\n# from the horde channel\nhc = php_pear_channel 'pear.horde.org' do\n action :discover\nend\n\nphp_pear 'Horde_Url' do\n preferred_state 'beta'\n channel hc.channel_name\n action :install\nend\n\n# install the YAML pear from the symfony project\nsc = php_pear_channel 'pear.symfony-project.com' do\n action :discover\nend\n\nphp_pear 'YAML' do\n channel sc.channel_name\n action :install\nend\n```\n\n### `php_fpm_pool`\n\nInstalls the `php-fpm` package appropriate for your distro (if using packages) and configures a FPM pool for you. Currently only supported in Debian-family operating systems and CentOS 7 (or at least tested with such, YMMV if you are using source).\n\nPlease consider FPM functionally pre-release, and test it thoroughly in your environment before using it in production\n\nMore info: \n\n#### Actions\n\n- `:install`: Installs the FPM pool (default).\n- `:uninstall`: Removes the FPM pool.\n\n#### Attribute Parameters\n\n- `pool_name`: name attribute. The name of the FPM pool.\n- `listen`: The listen address. Default: `/var/run/php5-fpm.sock`\n- `user`: The user to run the FPM under. Default should be the webserver user for your distro.\n- `group`: The group to run the FPM under. Default should be the webserver group for your distro.\n- `process_manager`: Process manager to use - see . Default: `dynamic`\n- `max_children`: Max children to scale to. Default: 5\n- `start_servers`: Number of servers to start the pool with. Default: 2\n- `min_spare_servers`: Minimum number of servers to have as spares. Default: 1\n- `max_spare_servers`: Maximum number of servers to have as spares. Default: 3\n- `chdir`: The startup working directory of the pool. Default: `/`\n- `additional_config`: Additional parameters in JSON. Default: {}\n\n#### Examples\n\n```ruby\n# Install a FPM pool named \"default\"\nphp_fpm_pool 'default' do\n action :install\nend\n```\n\n## Recipes\n\n### default\n\nInclude the default recipe in a run list, to get `php`. By default `php` is installed from packages but this can be changed by using the `install_method` attribute.\n\n### package\n\nThis recipe installs PHP from packages.\n\n### source\n\nThis recipe installs PHP from source.\n\n## Usage\n\nSimply include the `php` recipe where ever you would like php installed. To install from source override the `node['php']['install_method']` attribute with in a role or wrapper cookbook:\n\n### Role example:\n\n```ruby\nname 'php'\ndescription 'Install php from source'\noverride_attributes(\n 'php' => {\n 'install_method' => 'source',\n }\n)\nrun_list(\n 'recipe[php]'\n)\n```\n\n## Maintainers\n\nThis cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)\n\n## License\n\n**Copyright:** 2011-2018, Chef Software, Inc.\n**Copyright:** 2018, Oracle and/or its affiliates. All rights reserved\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","ubuntu":">= 0.0.0"},"dependencies":{"build-essential":">= 5.0","yum-epel":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"php":"Installs php","php::package":"Installs php using packages.","php::source":"Installs php from source."},"source_url":"https://github.com/chef-cookbooks/php","issues_url":"https://github.com/chef-cookbooks/php/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/php/providers/pear.rb b/cookbooks/php/providers/pear.rb deleted file mode 100644 index 7e9cd04..0000000 --- a/cookbooks/php/providers/pear.rb +++ /dev/null @@ -1,304 +0,0 @@ -# -# Author:: Seth Chisamore -# Cookbook:: php -# Provider:: pear_package -# -# Copyright:: 2011-2017, Chef Software, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -use_inline_resources - -require 'chef/mixin/shell_out' -require 'chef/mixin/language' -include Chef::Mixin::ShellOut - -# the logic in all action methods mirror that of -# the Chef::Provider::Package which will make -# refactoring into core chef easy - -use_inline_resources - -def whyrun_supported? - true -end - -action :install do - # If we specified a version, and it's not the current version, move to the specified version - install_version = @new_resource.version unless @new_resource.version.nil? || @new_resource.version == @current_resource.version - - # If it's not installed at all or an upgrade, install it - if install_version || @current_resource.version.nil? - description = "install package #{@new_resource} #{install_version}" - converge_by(description) do - info_output = "Installing #{@new_resource}" - info_output << " version #{install_version}" if install_version && !install_version.empty? - Chef::Log.info(info_output) - install_package(@new_resource.package_name, install_version) - end - end -end - -action :upgrade do - if @current_resource.version != candidate_version - orig_version = @current_resource.version || 'uninstalled' - description = "upgrade package #{@new_resource} version from #{orig_version} to #{candidate_version}" - converge_by(description) do - Chef::Log.info("Upgrading #{@new_resource} version from #{orig_version} to #{candidate_version}") - upgrade_package(@new_resource.package_name, candidate_version) - end - end -end - -action :remove do - if removing_package? - description = "remove package #{@new_resource}" - converge_by(description) do - Chef::Log.info("Removing #{@new_resource}") - remove_package(@current_resource.package_name, @new_resource.version) - end - end -end - -action :purge do - if removing_package? - description = "purge package #{@new_resource}" - converge_by(description) do - Chef::Log.info("Purging #{@new_resource}") - purge_package(@current_resource.package_name, @new_resource.version) - end - end -end - -def removing_package? - if @current_resource.version.nil? - false # nothing to remove - elsif @new_resource.version.nil? - true # remove any version of a package - elsif @new_resource.version == @current_resource.version - true # remove the version we have - else - false # we don't have the version we want to remove - end -end - -def expand_options(options) - options ? " #{options}" : '' -end - -# these methods are the required overrides of -# a provider that extends from Chef::Provider::Package -# so refactoring into core Chef should be easy - -def load_current_resource - @current_resource = new_resource.class.new(new_resource.name) - @current_resource.package_name(@new_resource.package_name) - @bin = node['php']['pear'] - if pecl? - Chef::Log.debug("#{@new_resource} smells like a pecl...installing package in Pecl mode.") - @bin = node['php']['pecl'] - end - Chef::Log.debug("#{@current_resource}: Installed version: #{current_installed_version} Candidate version: #{candidate_version}") - - unless current_installed_version.nil? - @current_resource.version(current_installed_version) - Chef::Log.debug("Current version is #{@current_resource.version}") if @current_resource.version - end - @current_resource -end - -def current_installed_version - @current_installed_version ||= begin - version_check_cmd = "#{@bin} -d " - version_check_cmd << " preferred_state=#{can_haz(@new_resource, 'preferred_state')}" - version_check_cmd << " list#{expand_channel(can_haz(@new_resource, 'channel'))}" - p = shell_out(version_check_cmd) - response = nil - response = grep_for_version(p.stdout, @new_resource.package_name) if p.stdout =~ /\.?Installed packages/i - response - end -end - -def candidate_version - @candidate_version ||= begin - candidate_version_cmd = "#{@bin} -d " - candidate_version_cmd << "preferred_state=#{can_haz(@new_resource, 'preferred_state')}" - candidate_version_cmd << " search#{expand_channel(can_haz(@new_resource, 'channel'))}" - candidate_version_cmd << " #{@new_resource.package_name}" - p = shell_out(candidate_version_cmd) - response = nil - response = grep_for_version(p.stdout, @new_resource.package_name) if p.stdout =~ /\.?Matched packages/i - response - end -end - -def install_package(name, version) - command = "printf \"\r\" | #{@bin} -d" - command << " preferred_state=#{can_haz(@new_resource, 'preferred_state')}" - command << " install -a#{expand_options(@new_resource.options)}" - command << " #{prefix_channel(can_haz(@new_resource, 'channel'))}#{name}" - command << "-#{version}" if version && !version.empty? - pear_shell_out(command) - manage_pecl_ini(name, :create, can_haz(@new_resource, 'directives'), can_haz(@new_resource, 'zend_extensions')) if pecl? - enable_package(name) -end - -def upgrade_package(name, version) - command = "printf \"\r\" | #{@bin} -d" - command << " preferred_state=#{can_haz(@new_resource, 'preferred_state')}" - command << " upgrade -a#{expand_options(@new_resource.options)}" - command << " #{prefix_channel(can_haz(@new_resource, 'channel'))}#{name}" - command << "-#{version}" if version && !version.empty? - pear_shell_out(command) - manage_pecl_ini(name, :create, can_haz(@new_resource, 'directives'), can_haz(@new_resource, 'zend_extensions')) if pecl? - enable_package(name) -end - -def remove_package(name, version) - command = "#{@bin} uninstall" - command << " #{expand_options(@new_resource.options)}" - command << " #{prefix_channel(can_haz(@new_resource, 'channel'))}#{name}" - command << "-#{version}" if version && !version.empty? - pear_shell_out(command) - disable_package(name) - manage_pecl_ini(name, :delete, nil, nil) if pecl? -end - -def enable_package(name) - execute "#{node['php']['enable_mod']} #{name}" do - only_if { platform?('ubuntu') && ::File.exist?(node['php']['enable_mod']) } - end -end - -def disable_package(name) - execute "#{node['php']['disable_mod']} #{name}" do - only_if { platform?('ubuntu') && ::File.exist?(node['php']['disable_mod']) } - end -end - -def pear_shell_out(command) - p = shell_out!(command) - # pear/pecl commands return a 0 on failures...we'll grep for it - p.invalid! if p.stdout.split('\n').last =~ /^ERROR:.+/i - p -end - -def purge_package(name, version) - remove_package(name, version) -end - -def expand_channel(channel) - channel ? " -c #{channel}" : '' -end - -def prefix_channel(channel) - channel ? "#{channel}/" : '' -end - -def extension_dir - @extension_dir ||= begin - # Consider using "pecl config-get ext_dir". It is more cross-platform. - # p = shell_out("php-config --extension-dir") - p = shell_out("#{node['php']['pecl']} config-get ext_dir") - p.stdout.strip - end -end - -def get_extension_files(name) - files = [] - - p = shell_out("#{@bin} list-files #{name}") - p.stdout.each_line.grep(/^src\s+.*\.so$/i).each do |line| - files << line.split[1] - end - - files -end - -def manage_pecl_ini(name, action, directives, zend_extensions) - ext_prefix = extension_dir - ext_prefix << ::File::SEPARATOR if ext_prefix[-1].chr != ::File::SEPARATOR - - files = get_extension_files(name) - - extensions = Hash[ - files.map do |filepath| - rel_file = filepath.clone - rel_file.slice! ext_prefix if rel_file.start_with? ext_prefix - zend = zend_extensions.include?(rel_file) - [(zend ? filepath : rel_file), zend] - end - ] - - directory node['php']['ext_conf_dir'] do - owner 'root' - group 'root' - mode '0755' - recursive true - end - - template "#{node['php']['ext_conf_dir']}/#{name}.ini" do - source 'extension.ini.erb' - cookbook 'php' - owner 'root' - group 'root' - mode '0644' - variables(name: name, extensions: extensions, directives: directives) - action action - end -end - -def grep_for_version(stdout, package) - v = nil - - stdout.split(/\n/).grep(/^#{package}\s/i).each do |m| - # XML_RPC 1.5.4 stable - # mongo 1.1.4/(1.1.4 stable) 1.1.4 MongoDB database driver - # Horde_Url -n/a-/(1.0.0beta1 beta) Horde Url class - # Horde_Url 1.0.0beta1 (beta) 1.0.0beta1 Horde Url class - v = m.split(/\s+/)[1].strip - v = if v.split(%r{/\//})[0] =~ /.\./ - # 1.1.4/(1.1.4 stable) - v.split(%r{/\//})[0] - else - # -n/a-/(1.0.0beta1 beta) - v.split(%r{/(.*)\/\((.*)/}).last.split(/\s/)[0] - end - end - v -end - -def pecl? - @pecl ||= - begin - # search as a pear first since most 3rd party channels will report pears as pecls! - search_args = '' - search_args << " -d preferred_state=#{can_haz(@new_resource, 'preferred_state')}" - search_args << " search#{expand_channel(can_haz(@new_resource, 'channel'))} #{@new_resource.package_name}" - - if grep_for_version(shell_out(node['php']['pear'] + search_args).stdout, @new_resource.package_name) - false - elsif grep_for_version(shell_out(node['php']['pecl'] + search_args).stdout, @new_resource.package_name) - true - else - raise "Package #{@new_resource.package_name} not found in either PEAR or PECL." - end - end -end - -# TODO: remove when provider is moved into Chef core -# this allows PhpPear to work with Chef::Resource::Package -def can_haz(resource, attribute_name) - resource.respond_to?(attribute_name) ? resource.send(attribute_name) : nil -end diff --git a/cookbooks/php/recipes/default.rb b/cookbooks/php/recipes/default.rb index 88a6cad..7692ca4 100644 --- a/cookbooks/php/recipes/default.rb +++ b/cookbooks/php/recipes/default.rb @@ -4,7 +4,7 @@ # Cookbook:: php # Recipe:: default # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,12 +22,12 @@ include_recipe "php::#{node['php']['install_method']}" # update the main channels -php_pear_channel 'pear.php.net' do - action :update -end - -php_pear_channel 'pecl.php.net' do - action :update +node['php']['pear_channels'].each do |channel| + php_pear_channel channel do + binary node['php']['pear'] + action :update + only_if { node['php']['pear_setup'] } + end end include_recipe 'php::ini' diff --git a/cookbooks/php/recipes/ini.rb b/cookbooks/php/recipes/ini.rb index d2d9c85..df348d7 100644 --- a/cookbooks/php/recipes/ini.rb +++ b/cookbooks/php/recipes/ini.rb @@ -3,7 +3,7 @@ # Cookbook:: php # Recipe:: ini # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/php/recipes/module_apc.rb b/cookbooks/php/recipes/module_apc.rb deleted file mode 100644 index cb8a1eb..0000000 --- a/cookbooks/php/recipes/module_apc.rb +++ /dev/null @@ -1,32 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_apc -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' - package %w(httpd-devel pcre pcre-devel) - - php_pear 'APC' do - action :install - directives(shm_size: '128M', enable_cli: 0) - end -when 'debian' - package node['php']['apc']['package'] -end diff --git a/cookbooks/php/recipes/module_apcu.rb b/cookbooks/php/recipes/module_apcu.rb deleted file mode 100644 index 263ceb5..0000000 --- a/cookbooks/php/recipes/module_apcu.rb +++ /dev/null @@ -1,32 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_apc -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' - package %w(httpd-devel pcre pcre-devel) - - php_pear 'APCu' do - action :install - directives(shm_size: '128M', enable_cli: 0) - end -when 'debian' - package node['php']['apcu']['package'] -end diff --git a/cookbooks/php/recipes/module_curl.rb b/cookbooks/php/recipes/module_curl.rb deleted file mode 100644 index e896a41..0000000 --- a/cookbooks/php/recipes/module_curl.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_curl -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -package node['php']['curl']['package'] do - action :install - only_if { platform_family?('debian') } # centos php compiled with curl -end diff --git a/cookbooks/php/recipes/module_fpdf.rb b/cookbooks/php/recipes/module_fpdf.rb deleted file mode 100644 index 5a1b0c3..0000000 --- a/cookbooks/php/recipes/module_fpdf.rb +++ /dev/null @@ -1,35 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_fpdf -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' - pearhub_chan = php_pear_channel 'pearhub.org' do - action :discover - end - php_pear 'FPDF' do - channel pearhub_chan.channel_name - action :install - end -when 'debian' - package 'php-fpdf' do - action :install - end -end diff --git a/cookbooks/php/recipes/module_gd.rb b/cookbooks/php/recipes/module_gd.rb deleted file mode 100644 index 9bb1082..0000000 --- a/cookbooks/php/recipes/module_gd.rb +++ /dev/null @@ -1,34 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_gd -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -pkg = value_for_platform( - %w(centos redhat scientific fedora amazon oracle) => { - 'default' => 'php-gd', - }, - 'freebsd' => { - 'default' => 'php56-gd', - }, - 'default' => node['php']['gd']['package'] -) - -package pkg do - action :install -end diff --git a/cookbooks/php/recipes/module_imap.rb b/cookbooks/php/recipes/module_imap.rb deleted file mode 100644 index c5853aa..0000000 --- a/cookbooks/php/recipes/module_imap.rb +++ /dev/null @@ -1,28 +0,0 @@ -# -# Author:: Artur Melo () -# Cookbook:: php -# Recipe:: module_imap -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -pkg = value_for_platform( - %w(centos redhat scientific fedora amazon oracle) => { - 'default' => 'php-imap', - }, - 'default' => 'php5-imap' -) - -package pkg do - action :install -end diff --git a/cookbooks/php/recipes/module_ldap.rb b/cookbooks/php/recipes/module_ldap.rb deleted file mode 100644 index 0555948..0000000 --- a/cookbooks/php/recipes/module_ldap.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_ldap -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -pkg = value_for_platform( - %w(centos redhat scientific fedora amazon oracle) => { - 'default' => 'php-ldap', - }, - 'default' => node['php']['ldap']['package'] -) - -package pkg do - action :install -end diff --git a/cookbooks/php/recipes/module_memcache.rb b/cookbooks/php/recipes/module_memcache.rb deleted file mode 100644 index 5f79573..0000000 --- a/cookbooks/php/recipes/module_memcache.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_memcache -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -case node['platform_family'] -when 'rhel', 'fedora', 'amazon' - package 'zlib-devel' - - php_pear 'memcache' do - action :install - end -when 'debian' - package 'php5-memcache' -end diff --git a/cookbooks/php/recipes/module_mysql.rb b/cookbooks/php/recipes/module_mysql.rb deleted file mode 100644 index b8a87c5..0000000 --- a/cookbooks/php/recipes/module_mysql.rb +++ /dev/null @@ -1,24 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_mysql -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -package node['php']['mysql']['package'] do - action :install -end diff --git a/cookbooks/php/recipes/module_pgsql.rb b/cookbooks/php/recipes/module_pgsql.rb deleted file mode 100644 index 95318a6..0000000 --- a/cookbooks/php/recipes/module_pgsql.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_pgsql -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -pkg = value_for_platform( - %w(centos redhat scientific fedora amazon oracle) => { - 'default' => 'php-pgsql', - }, - 'default' => node['php']['pgsql']['package'] -) - -package pkg do - action :install -end diff --git a/cookbooks/php/recipes/module_sqlite3.rb b/cookbooks/php/recipes/module_sqlite3.rb deleted file mode 100644 index 10ee38f..0000000 --- a/cookbooks/php/recipes/module_sqlite3.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () -# Cookbook:: php -# Recipe:: module_sqlite3 -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -package node['php']['sqlite']['package'] do - action :install - only_if { platform_family?('debian') } # already there in centos, --with-pdo-sqlite=shared -end diff --git a/cookbooks/php/recipes/package.rb b/cookbooks/php/recipes/package.rb index b077ff5..b361ff2 100644 --- a/cookbooks/php/recipes/package.rb +++ b/cookbooks/php/recipes/package.rb @@ -4,7 +4,7 @@ # Cookbook:: php # Recipe:: package # -# Copyright:: 2013-2017, Chef Software, Inc. +# Copyright:: 2013-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/php/recipes/recompile.rb b/cookbooks/php/recipes/recompile.rb index 4137bc0..46398cb 100644 --- a/cookbooks/php/recipes/recompile.rb +++ b/cookbooks/php/recipes/recompile.rb @@ -3,7 +3,7 @@ # Cookbook:: php # Recipe:: recompile # -# Copyright:: 2014-2017, David Kinzer +# Copyright:: 2014-2018, David Kinzer # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/php/recipes/source.rb b/cookbooks/php/recipes/source.rb index 257aaa2..407fab9 100644 --- a/cookbooks/php/recipes/source.rb +++ b/cookbooks/php/recipes/source.rb @@ -3,7 +3,7 @@ # Cookbook:: php # Recipe:: source # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,15 +20,9 @@ configure_options = node['php']['configure_options'].join(' ') -include_recipe 'build-essential' -include_recipe 'xml' +build_essential 'install compilation tools' include_recipe 'yum-epel' if node['platform_family'] == 'rhel' -mysql_client 'default' do - action :create - only_if { configure_options =~ /mysql/ } -end - package node['php']['src_deps'] version = node['php']['version'] diff --git a/cookbooks/php/resources/fpm_pool.rb b/cookbooks/php/resources/fpm_pool.rb index 1b1a40e..87570c8 100644 --- a/cookbooks/php/resources/fpm_pool.rb +++ b/cookbooks/php/resources/fpm_pool.rb @@ -3,7 +3,7 @@ # Cookbook:: php # Resource:: fpm_pool # -# Copyright:: 2015-2017, Chef Software, Inc +# Copyright:: 2015-2018, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/php/resources/pear.rb b/cookbooks/php/resources/pear.rb index 287489b..c4aea46 100644 --- a/cookbooks/php/resources/pear.rb +++ b/cookbooks/php/resources/pear.rb @@ -1,9 +1,9 @@ # # Author:: Seth Chisamore # Cookbook:: php -# Resource:: pear_package +# Resource:: pear # -# Copyright:: 2011-2016, Chef Software, Inc +# Copyright:: 2011-2018, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,21 +18,263 @@ # limitations under the License. # -default_action :install -actions :install, :upgrade, :remove, :purge +property :package_name, String, name_property: true +property :version, [String, nil], default: nil +property :channel, String +property :options, String +property :directives, Hash, default: {} +property :zend_extensions, Array, default: [] +property :preferred_state, String, default: 'stable' +property :binary, String, default: 'pear' +property :priority, [String, nil], default: nil -state_attrs :channel, - :directives, - :options, - :package_name, - :preferred_state, - :version, - :zend_extensions +def current_installed_version(new_resource) + version_check_cmd = "#{new_resource.binary} -d" + version_check_cmd << " preferred_state=#{new_resource.preferred_state}" + version_check_cmd << " list#{expand_channel(new_resource.channel)}" + p = shell_out(version_check_cmd) + response = nil + response = grep_for_version(p.stdout, new_resource.package_name) if p.stdout =~ /\.?Installed packages/i + response +end -attribute :package_name, kind_of: String, name_attribute: true -attribute :version, default: nil -attribute :channel, kind_of: String -attribute :options, kind_of: String -attribute :directives, kind_of: Hash, default: {} -attribute :zend_extensions, kind_of: Array, default: [] -attribute :preferred_state, default: 'stable' +def expand_channel(channel) + channel ? " -c #{channel}" : '' +end + +def grep_for_version(stdout, package) + version = nil + stdout.split(/\n/).grep(/^#{package}\s/i).each do |m| + # XML_RPC 1.5.4 stable + # mongo 1.1.4/(1.1.4 stable) 1.1.4 MongoDB database driver + # Horde_Url -n/a-/(1.0.0beta1 beta) Horde Url class + # Horde_Url 1.0.0beta1 (beta) 1.0.0beta1 Horde Url class + version = m.split(/\s+/)[1].strip + version = if version.split(%r{/\//})[0] =~ /.\./ + # 1.1.4/(1.1.4 stable) + version.split(%r{/\//})[0] + else + # -n/a-/(1.0.0beta1 beta) + version.split(%r{/(.*)\/\((.*)/}).last.split(/\s/)[0] + end + end + version +end + +load_current_value do |new_resource| + unless current_installed_version(new_resource).nil? + version(current_installed_version(new_resource)) + Chef::Log.debug("Current version is #{version}") if version + end +end + +action :install do + # If we specified a version, and it's not the current version, move to the specified version + install_version = new_resource.version unless new_resource.version.nil? || new_resource.version == current_resource.version + # Check if the version we want is already installed + versions_match = candidate_version == current_installed_version(new_resource) + + # If it's not installed at all or an upgrade, install it + if install_version || new_resource.version.nil? && !versions_match + converge_by("install package #{new_resource.package_name} #{install_version}") do + info_output = "Installing #{new_resource.package_name}" + info_output << " version #{install_version}" if install_version && !install_version.empty? + Chef::Log.info(info_output) + install_package(new_resource.package_name, install_version) + end + end +end + +# reinstall is just an install that always fires +action :reinstall do + install_version = new_resource.version unless new_resource.version.nil? + converge_by("reinstall package #{new_resource.package_name} #{install_version}") do + info_output = "Installing #{new_resource.package_name}" + info_output << " version #{install_version}" if install_version && !install_version.empty? + Chef::Log.info(info_output) + install_package(new_resource.package_name, install_version, force: true) + end +end + +action :upgrade do + if current_resource.version != candidate_version + orig_version = @current_resource.version || 'uninstalled' + description = "upgrade package #{new_resource.package_name} version from #{orig_version} to #{candidate_version}" + converge_by(description) do + upgrade_package(new_resource.package_name, candidate_version) + end + end +end + +action :remove do + if removing_package? + converge_by("remove package #{new_resource.package_name}") do + remove_package(@current_resource.package_name, new_resource.version) + end + end +end + +action :purge do + if removing_package? + converge_by("purge package #{new_resource.package_name}") do + remove_package(@current_resource.package_name, new_resource.version) + end + end +end + +action_class do + def expand_options(options) + options ? " #{options}" : '' + end + + def candidate_version + candidate_version_cmd = "#{new_resource.binary} -d " + candidate_version_cmd << "preferred_state=#{new_resource.preferred_state}" + candidate_version_cmd << " search#{expand_channel(new_resource.channel)}" + candidate_version_cmd << " #{new_resource.package_name}" + p = shell_out(candidate_version_cmd) + response = nil + response = grep_for_version(p.stdout, new_resource.package_name) if p.stdout =~ /\.?Matched packages/i + response + end + + def install_package(name, version, **opts) + command = "printf \"\r\" | #{new_resource.binary} -d" + command << " preferred_state=#{new_resource.preferred_state}" + command << " install -a#{expand_options(new_resource.options)}" + command << ' -f' if opts[:force] # allows us to force a reinstall + command << " #{prefix_channel(new_resource.channel)}#{name}" + command << "-#{version}" if version && !version.empty? + pear_shell_out(command) + manage_pecl_ini(name, :create, new_resource.directives, new_resource.zend_extensions, new_resource.priority) if pecl? + enable_package(name) + end + + def upgrade_package(name, version) + command = "printf \"\r\" | #{new_resource.binary} -d" + command << " preferred_state=#{new_resource.preferred_state}" + command << " upgrade -a#{expand_options(new_resource.options)}" + command << " #{prefix_channel(new_resource.channel)}#{name}" + command << "-#{version}" if version && !version.empty? + pear_shell_out(command) + manage_pecl_ini(name, :create, new_resource.directives, new_resource.zend_extensions, new_resource.priority) if pecl? + enable_package(name) + end + + def remove_package(name, version) + command = "#{new_resource.binary} uninstall" + command << " #{expand_options(new_resource.options)}" + command << " #{prefix_channel(new_resource.channel)}#{name}" + command << "-#{version}" if version && !version.empty? + pear_shell_out(command) + disable_package(name) + manage_pecl_ini(name, :delete, nil, nil, nil) if pecl? + end + + def enable_package(name) + execute "#{node['php']['enable_mod']} #{name}" do + only_if { platform?('ubuntu') && ::File.exist?(node['php']['enable_mod']) } + end + end + + def disable_package(name) + execute "#{node['php']['disable_mod']} #{name}" do + only_if { platform?('ubuntu') && ::File.exist?(node['php']['disable_mod']) } + end + end + + def pear_shell_out(command) + p = shell_out!(command) + # pear/pecl commands return a 0 on failures...we'll grep for it + p.invalid! if p.stdout.split('\n').last =~ /^ERROR:.+/i + p + end + + def prefix_channel(channel) + channel ? "#{channel}/" : '' + end + + def removing_package? + if new_resource.version.nil? + true # remove any version of a package + else + new_resource.version == @current_resource.version # we don't have the version we want to remove + end + end + + def extension_dir + @extension_dir ||= begin + # Consider using "pecl config-get ext_dir". It is more cross-platform. + # p = shell_out("php-config --extension-dir") + p = shell_out("#{node['php']['pecl']} config-get ext_dir") + p.stdout.strip + end + end + + def get_extension_files(name) + files = [] + + p = shell_out("#{new_resource.binary} list-files #{name}") + p.stdout.each_line.grep(/^src\s+.*\.so$/i).each do |line| + files << line.split[1] + end + + files + end + + def pecl? + @pecl ||= + begin + # search as a pear first since most 3rd party channels will report pears as pecls! + search_args = '' + search_args << " -d preferred_state=#{new_resource.preferred_state}" + search_args << " search#{expand_channel(new_resource.channel)} #{new_resource.package_name}" + + if grep_for_version(shell_out(new_resource.binary + search_args).stdout, new_resource.package_name) + false + elsif grep_for_version(shell_out(node['php']['pecl'] + search_args).stdout, new_resource.package_name) + true + else + raise "Package #{new_resource.package_name} not found in either PEAR or PECL." + end + end + end + + def manage_pecl_ini(name, action, directives, zend_extensions, priority) + ext_prefix = extension_dir + ext_prefix << ::File::SEPARATOR if ext_prefix[-1].chr != ::File::SEPARATOR + + files = get_extension_files(name) + + extensions = Hash[ + files.map do |filepath| + rel_file = filepath.clone + rel_file.slice! ext_prefix if rel_file.start_with? ext_prefix + zend = zend_extensions.include?(rel_file) + [(zend ? filepath : rel_file), zend] + end + ] + + directory node['php']['ext_conf_dir'] do + owner 'root' + group 'root' + mode '0755' + recursive true + end + + template "#{node['php']['ext_conf_dir']}/#{name}.ini" do + source 'extension.ini.erb' + cookbook 'php' + owner 'root' + group 'root' + mode '0644' + variables( + name: name, + extensions: extensions, + directives: directives, + priority: priority + ) + action action + end + end +end diff --git a/cookbooks/php/resources/pear_channel.rb b/cookbooks/php/resources/pear_channel.rb index 188453a..96a244e 100644 --- a/cookbooks/php/resources/pear_channel.rb +++ b/cookbooks/php/resources/pear_channel.rb @@ -4,7 +4,7 @@ # Cookbook:: php # Resource:: pear_channel # -# Copyright:: 2011-2017, Chef Software, Inc +# Copyright:: 2011-2018, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,9 +19,9 @@ # limitations under the License. # -property :channel_xml, kind_of: String -property :channel_name, kind_of: String, name_property: true -property :pear, kind_of: String, default: lazy { node['php']['pear'] } +property :channel_xml, String +property :channel_name, String, name_property: true +property :binary, String, default: 'pear' # TODO: add authenticated channel support! # property :username, :kind_of => String # property :password, :kind_of => String @@ -29,7 +29,7 @@ property :pear, kind_of: String, default: lazy { node['php']['pear'] } action :discover do unless exists? Chef::Log.info("Discovering pear channel #{new_resource}") - execute "#{new_resource.pear} channel-discover #{new_resource.channel_name}" do + execute "#{new_resource.binary} channel-discover #{new_resource.channel_name}" do action :run end end @@ -38,28 +38,17 @@ end action :add do unless exists? Chef::Log.info("Adding pear channel #{new_resource} from #{new_resource.channel_xml}") - execute "#{new_resource.pear} channel-add #{new_resource.channel_xml}" do + execute "#{new_resource.binary} channel-add #{new_resource.channel_xml}" do action :run end end end action :update do - if exists? - update_needed = false - begin - update_needed = true if shell_out("#{new_resource.pear} search -c #{new_resource.channel_name} NNNNNN").stdout =~ /channel-update/ - rescue Chef::Exceptions::CommandTimeout - # CentOS can hang on 'pear search' if a channel needs updating - Chef::Log.info("Timed out checking if channel-update needed...forcing update of pear channel #{new_resource}") - update_needed = true - end - if update_needed - description = "update pear channel #{new_resource}" - converge_by(description) do - Chef::Log.info("Updating pear channel #{new_resource}") - shell_out!("#{new_resource.pear} channel-update #{new_resource.channel_name}") - end + if exists? && update_needed? + converge_by("update pear channel #{new_resource}") do + Chef::Log.info("Updating pear channel #{new_resource}") + shell_out!("#{new_resource.binary} channel-update #{new_resource.channel_name}") end end end @@ -67,15 +56,32 @@ end action :remove do if exists? Chef::Log.info("Deleting pear channel #{new_resource}") - execute "#{new_resource.pear} channel-delete #{new_resource.channel_name}" do + execute "#{new_resource.binary} channel-delete #{new_resource.channel_name}" do action :run end end end action_class do + # determine if the channel needs to be updated by searching for a bogus package + # in that channel and looking for the text prompting the user to update the channel + # in the CLI output + # @return [Boolean] does the channel need to be updated + def update_needed? + begin + return true if shell_out("#{new_resource.binary} search -c #{new_resource.channel_name} NNNNNN").stdout =~ /channel-update/ + rescue Chef::Exceptions::CommandTimeout + # CentOS can hang on 'pear search' if a channel needs updating + Chef::Log.info("Timed out checking if channel-update needed...forcing update of pear channel #{new_resource.channel_name}") + return true + end + false + end + + # run pear channel-info to see if the channel has been setup or not + # @return [Boolean] does the channel exist locally def exists? - shell_out!("#{new_resource.pear} channel-info #{new_resource.channel_name}") + shell_out!("#{new_resource.binary} channel-info #{new_resource.channel_name}") true rescue Mixlib::ShellOut::ShellCommandFailed false diff --git a/cookbooks/php/templates/debian/php.ini.erb b/cookbooks/php/templates/debian/php.ini.erb index 9588925..9d47d75 100644 --- a/cookbooks/php/templates/debian/php.ini.erb +++ b/cookbooks/php/templates/debian/php.ini.erb @@ -91,11 +91,6 @@ ; Please see the actual settings later in the document for more details as to why ; we recommend these changes in PHP's behavior. -; allow_call_time_pass_reference -; Default Value: On -; Development Value: Off -; Production Value: Off - ; display_errors ; Default Value: On ; Development Value: On @@ -233,10 +228,6 @@ asp_tags = Off ; http://php.net/precision precision = 14 -; Enforce year 2000 compliance (will cause problems with non-compliant browsers) -; http://php.net/y2k-compliance -y2k_compliance = On - ; Output buffering is a mechanism for controlling how much output data ; (excluding headers and cookies) PHP should keep internally before pushing that ; data to the client. If your application's output exceeds this setting, PHP @@ -319,20 +310,6 @@ unserialize_callback_func = ; are decoded with unserialize, the data will remain the same. serialize_precision = 100 -; This directive allows you to enable and disable warnings which PHP will issue -; if you pass a value by reference at function call time. Passing values by -; reference at function call time is a deprecated feature which will be removed -; from PHP at some point in the near future. The acceptable method for passing a -; value by reference to a function is by declaring the reference in the functions -; definition, not at call time. This directive does not disable this feature, it -; only determines whether PHP will warn you about it or not. These warnings -; should enabled in development environments only. -; Default Value: On (Suppress warnings) -; Development Value: Off (Issue warnings) -; Production Value: Off (Issue warnings) -; http://php.net/allow-call-time-pass-reference -allow_call_time_pass_reference = Off - ; Safe Mode ; http://php.net/safe-mode safe_mode = Off diff --git a/cookbooks/php/templates/default/php.ini.erb b/cookbooks/php/templates/default/php.ini.erb index 7fcb3b7..6c3f990 100644 --- a/cookbooks/php/templates/default/php.ini.erb +++ b/cookbooks/php/templates/default/php.ini.erb @@ -91,11 +91,6 @@ ; Please see the actual settings later in the document for more details as to why ; we recommend these changes in PHP's behavior. -; allow_call_time_pass_reference -; Default Value: On -; Development Value: Off -; Production Value: Off - ; display_errors ; Default Value: On ; Development Value: On @@ -233,10 +228,6 @@ asp_tags = Off ; http://php.net/precision precision = 14 -; Enforce year 2000 compliance (will cause problems with non-compliant browsers) -; http://php.net/y2k-compliance -y2k_compliance = On - ; Output buffering is a mechanism for controlling how much output data ; (excluding headers and cookies) PHP should keep internally before pushing that ; data to the client. If your application's output exceeds this setting, PHP @@ -319,20 +310,6 @@ unserialize_callback_func = ; are decoded with unserialize, the data will remain the same. serialize_precision = 100 -; This directive allows you to enable and disable warnings which PHP will issue -; if you pass a value by reference at function call time. Passing values by -; reference at function call time is a deprecated feature which will be removed -; from PHP at some point in the near future. The acceptable method for passing a -; value by reference to a function is by declaring the reference in the functions -; definition, not at call time. This directive does not disable this feature, it -; only determines whether PHP will warn you about it or not. These warnings -; should enabled in development environments only. -; Default Value: On (Suppress warnings) -; Development Value: Off (Issue warnings) -; Production Value: Off (Issue warnings) -; http://php.net/allow-call-time-pass-reference -allow_call_time_pass_reference = Off - ; Safe Mode ; http://php.net/safe-mode safe_mode = Off diff --git a/cookbooks/php/templates/ubuntu/php.ini.erb b/cookbooks/php/templates/ubuntu/php.ini.erb index 9588925..9d47d75 100644 --- a/cookbooks/php/templates/ubuntu/php.ini.erb +++ b/cookbooks/php/templates/ubuntu/php.ini.erb @@ -91,11 +91,6 @@ ; Please see the actual settings later in the document for more details as to why ; we recommend these changes in PHP's behavior. -; allow_call_time_pass_reference -; Default Value: On -; Development Value: Off -; Production Value: Off - ; display_errors ; Default Value: On ; Development Value: On @@ -233,10 +228,6 @@ asp_tags = Off ; http://php.net/precision precision = 14 -; Enforce year 2000 compliance (will cause problems with non-compliant browsers) -; http://php.net/y2k-compliance -y2k_compliance = On - ; Output buffering is a mechanism for controlling how much output data ; (excluding headers and cookies) PHP should keep internally before pushing that ; data to the client. If your application's output exceeds this setting, PHP @@ -319,20 +310,6 @@ unserialize_callback_func = ; are decoded with unserialize, the data will remain the same. serialize_precision = 100 -; This directive allows you to enable and disable warnings which PHP will issue -; if you pass a value by reference at function call time. Passing values by -; reference at function call time is a deprecated feature which will be removed -; from PHP at some point in the near future. The acceptable method for passing a -; value by reference to a function is by declaring the reference in the functions -; definition, not at call time. This directive does not disable this feature, it -; only determines whether PHP will warn you about it or not. These warnings -; should enabled in development environments only. -; Default Value: On (Suppress warnings) -; Development Value: Off (Issue warnings) -; Production Value: Off (Issue warnings) -; http://php.net/allow-call-time-pass-reference -allow_call_time_pass_reference = Off - ; Safe Mode ; http://php.net/safe-mode safe_mode = Off diff --git a/cookbooks/rbac/README.md b/cookbooks/rbac/README.md deleted file mode 100644 index e7f3f74..0000000 --- a/cookbooks/rbac/README.md +++ /dev/null @@ -1,82 +0,0 @@ -Role based access control -========================= - -Solaris and Illumos provide sophisticated role-based access control for -delegating authorizations within the system. Using RBAC, users can be -given permissions to manage and update services without sudo. - -This cookbook provides chef with LWRPs to manage RBAC and grant permissions. - -At this time this cookbook ONLY manages SMF-related permissions (ie, ability -of non-priviliged users to start/stop SMF services), but in the future it may -be enhanced to support arbitrary Solaris permissions. - -## Installation - -In order to add the RBAC LWRPs to a chef run, add the following recipe -to the run_list: - - rbac::default - -This will do no work, but will load the providers. - -## LWRPs - -### rbac - -Defines a set of authorizations that can be applied to SMF services and -authorized to users, without actually applying them to users. - -Actions: - * create (default) - -Attributes: - * name - -Example: - -```ruby -rbac "nginx" do - action :create -end -``` - -This will update the authorizations file at `/etc/security/auth_attr` -with the following lines: - -``` -solaris.smf.manage.nginx:::Manage nginx Service States:: -solaris.smf.value.nginx:::Change value of nginx Service:: -``` - -Users who are given these authorizations can change properties of the -service as well as change its state (i.e. `svcadm disable|enable|restart|clear service` - -### rbac_auth - -Adds the rbac definition created by `auth` to the user `name`. - -Actions: - * add (default) - -Attributes: - * name - for descriptive purposes and to ensure that each LWRP call is uniquely - identified in the chef run - * user - * auth - -Example: - -```ruby -rbac_auth "add nginx management permissions to my_user" do - user "my_user" - auth "nginx" -end -``` - -This adds both manage and value auths to user `my_user`. - -## TODO - -* separate manage auth from value auth -* ability to delete all rbac attributes diff --git a/cookbooks/rbac/libraries/rbac.rb b/cookbooks/rbac/libraries/rbac.rb deleted file mode 100644 index 27b29a8..0000000 --- a/cookbooks/rbac/libraries/rbac.rb +++ /dev/null @@ -1,15 +0,0 @@ -# This module is used to retain state during the course of a chef -# run. The LWRPs in the cookbook modify a global hash in this module, -# and at the end of the chef run if user authorizations change they -# are written out into the system. -# -module RBAC - def self.authorizations - @authorizations ||= {} - end - - def self.add_authorization(username, auth) - authorizations[username] ||= [] - authorizations[username] << auth - end -end diff --git a/cookbooks/rbac/metadata.json b/cookbooks/rbac/metadata.json deleted file mode 100644 index 08c1d91..0000000 --- a/cookbooks/rbac/metadata.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "name": "rbac", - "description": "Allows delegation of service management to users with Solaris Role Based Access Control (RBAC)", - "long_description": "Role based access control\n=========================\n\nSolaris and Illumos provide sophisticated role-based access control for\ndelegating authorizations within the system. Using RBAC, users can be\ngiven permissions to manage and update services without sudo.\n\nThis cookbook provides chef with LWRPs to manage RBAC and grant permissions.\n\nAt this time this cookbook ONLY manages SMF-related permissions (ie, ability\nof non-priviliged users to start/stop SMF services), but in the future it may\nbe enhanced to support arbitrary Solaris permissions.\n\n## Installation\n\nIn order to add the RBAC LWRPs to a chef run, add the following recipe \nto the run_list:\n\n rbac::default\n\nThis will do no work, but will load the providers.\n\n## LWRPs\n\n### rbac\n\nDefines a set of authorizations that can be applied to SMF services and\nauthorized to users, without actually applying them to users.\n\nActions:\n * create (default)\n\nAttributes:\n * name\n\nExample:\n\n```ruby\nrbac \"nginx\" do\n action :create\nend\n```\n\nThis will update the authorizations file at `/etc/security/auth_attr`\nwith the following lines:\n\n```\nsolaris.smf.manage.nginx:::Manage nginx Service States::\nsolaris.smf.value.nginx:::Change value of nginx Service::\n```\n\nUsers who are given these authorizations can change properties of the\nservice as well as change its state (i.e. `svcadm disable|enable|restart|clear service`\n\n### rbac_auth\n\nAdds the rbac definition created by `auth` to the user `name`.\n\nActions:\n * add (default)\n\nAttributes:\n * name - for descriptive purposes and to ensure that each LWRP call is uniquely\n identified in the chef run\n * user\n * auth\n\nExample:\n\n```ruby\nrbac_auth \"add nginx management permissions to my_user\" do\n user \"my_user\"\n auth \"nginx\"\nend\n```\n\nThis adds both manage and value auths to user `my_user`.\n\n## TODO\n\n* separate manage auth from value auth\n* ability to delete all rbac attributes\n", - "maintainer": "Eric Saxby", - "maintainer_email": "sax@livinginthepast.org", - "license": "MIT", - "platforms": { - "solaris2": ">= 0.0.0", - "smartos": ">= 0.0.0" - }, - "dependencies": { - - }, - "recommendations": { - - }, - "suggestions": { - - }, - "conflicting": { - - }, - "providing": { - - }, - "replacing": { - - }, - "attributes": { - - }, - "groupings": { - - }, - "recipes": { - - }, - "version": "1.0.3", - "source_url": "", - "issues_url": "" -} diff --git a/cookbooks/rbac/metadata.rb b/cookbooks/rbac/metadata.rb deleted file mode 100644 index 91c58d2..0000000 --- a/cookbooks/rbac/metadata.rb +++ /dev/null @@ -1,10 +0,0 @@ -name 'rbac' -maintainer 'Eric Saxby' -maintainer_email 'sax@livinginthepast.org' -license 'MIT' -description 'Allows delegation of service management to users with Solaris Role Based Access Control (RBAC)' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '1.0.3' - -supports 'solaris2' -supports 'smartos' diff --git a/cookbooks/rbac/providers/auth.rb b/cookbooks/rbac/providers/auth.rb deleted file mode 100644 index d922489..0000000 --- a/cookbooks/rbac/providers/auth.rb +++ /dev/null @@ -1,20 +0,0 @@ -def load_current_resource - @current_resource = Chef::Resource::RbacAuth.new(new_resource.name) - @new_resource.definition = run_context.resource_collection.find(:rbac => @new_resource.auth) - begin - @new_resource.user_definition = run_context.resource_collection.find(:rbac_user => @new_resource.user) - rescue Chef::Exceptions::ResourceNotFound - end -end - -action :add do - unless new_resource.user_definition - new_resource.user_definition = rbac_user new_resource.user - end - - new_resource.add_auth new_resource.user, new_resource.auth - - new_resource.updated_by_last_action(true) - - new_resource.notifies(:apply, new_resource.user_definition, :delayed) -end diff --git a/cookbooks/rbac/providers/default.rb b/cookbooks/rbac/providers/default.rb deleted file mode 100644 index 368de9e..0000000 --- a/cookbooks/rbac/providers/default.rb +++ /dev/null @@ -1,27 +0,0 @@ - -def load_current_resource - @current_resource = Chef::Resource::Rbac.new(@new_resource.name) -end - -action :create do - definition = new_resource.name - - new_resource.updated_by_last_action(false) - - manage_auth = "solaris.smf.manage.#{definition}:::Manage #{definition} Service States::" - manage = execute "add RBAC #{definition} management to /etc/security/auth_attr" do - command "echo \"#{manage_auth}\" >> /etc/security/auth_attr" - not_if "grep \"#{manage_auth}\" /etc/security/auth_attr" - end - - # This additional permission allows the user to call svccfg -s service setprop - # to set dynamic properties without having to re-run chef. This may be - # moved into a separate LWRP in the future. - value_auth = "solaris.smf.value.#{definition}:::Change value of #{definition} Service::" - value = execute "add RBAC #{definition} value to /etc/security/auth_attr" do - command "echo \"#{value_auth}\" >> /etc/security/auth_attr" - not_if "grep \"#{value_auth}\" /etc/security/auth_attr" - end - - new_resource.updated_by_last_action(manage.updated_by_last_action? || value.updated_by_last_action?) -end diff --git a/cookbooks/rbac/providers/user.rb b/cookbooks/rbac/providers/user.rb deleted file mode 100644 index cefb660..0000000 --- a/cookbooks/rbac/providers/user.rb +++ /dev/null @@ -1,22 +0,0 @@ -# The rbac_user LWRP is an internal set of classes used by other LWRPs to -# delay writing of user attributes until the end of the chef run. It should not be -# manually run. - -def load_current_resource - @current_resource = Chef::Resource::Rbac::User.new(@new_resource.user) -end - -action :apply do - username = new_resource.user - - auths = RBAC.authorizations[username] - permissions = auths.inject([]) do |auth, name| - auth + ["solaris.smf.manage.#{name}", "solaris.smf.value.#{name}"] - end.sort.uniq.join(',') - - execute "Apply rbac authorizations to #{username}" do - command "usermod -A #{permissions} #{username}" - action :nothing - not_if "grep #{username} /etc/user_attr | grep 'auths=#{permissions}'" - end.run_action(:run) -end diff --git a/cookbooks/rbac/recipes/default.rb b/cookbooks/rbac/recipes/default.rb deleted file mode 100644 index 3cab4b3..0000000 --- a/cookbooks/rbac/recipes/default.rb +++ /dev/null @@ -1,6 +0,0 @@ -# -# Cookbook Name:: rbac -# Recipe:: default -# -# Copyright 2012, ModCloth, Inc. -# diff --git a/cookbooks/rbac/resources/auth.rb b/cookbooks/rbac/resources/auth.rb deleted file mode 100644 index 4c8bedd..0000000 --- a/cookbooks/rbac/resources/auth.rb +++ /dev/null @@ -1,14 +0,0 @@ - -default_action :add - -actions :add - -attribute :user, :kind_of => String, :required => true -attribute :auth, :kind_of => String, :required => true - -# private, internal attributes -attr_accessor :definition, :user_definition - -def add_auth(user, auth) - RBAC.add_authorization(user, auth) -end diff --git a/cookbooks/rbac/resources/default.rb b/cookbooks/rbac/resources/default.rb deleted file mode 100644 index 8a56e0a..0000000 --- a/cookbooks/rbac/resources/default.rb +++ /dev/null @@ -1,6 +0,0 @@ - -default_action :create - -actions :create - -attribute :name, :kind_of => String, :name_attribute => true, :required => true diff --git a/cookbooks/rbac/resources/user.rb b/cookbooks/rbac/resources/user.rb deleted file mode 100644 index 25fb93c..0000000 --- a/cookbooks/rbac/resources/user.rb +++ /dev/null @@ -1,6 +0,0 @@ - -default_action :nothing - -actions :apply - -attribute :user, :kind_of => String, :name_attribute => true, :required => true diff --git a/cookbooks/selinux/CHANGELOG.md b/cookbooks/selinux/CHANGELOG.md deleted file mode 100644 index 0e43d7f..0000000 --- a/cookbooks/selinux/CHANGELOG.md +++ /dev/null @@ -1,52 +0,0 @@ -selinux Cookbook CHANGELOG -========================== - -v0.9.0 (2015-02-22) -------------------- -- Initial Debian / Ubuntu support -- Various bug fixes - -v0.8.0 (2014-04-23) -------------------- -- [COOK-4528] - Fix selinux directory permissions -- [COOK-4562] - Basic support for Ubuntu/Debian - - -v0.7.2 (2014-03-24) -------------------- -handling minimal installs - - -v0.7.0 (2014-02-27) -------------------- -[COOK-4218] Support setting SELinux boolean values - - -v0.6.2 ------- -- Fixing bug introduced in 0.6.0 -- adding basic test-kitchen coverage - - -v0.6.0 ------- -- [COOK-760] - selinux enforce/permit/disable based on attribute - - -v0.5.6 ------- -- [COOK-2124] - enforcing recipe fails if selinux is disabled - -v0.5.4 ------- -- [COOK-1277] - disabled recipe fails on systems w/o selinux installed - -v0.5.2 ------- -- [COOK-789] - fix dangling commas causing syntax error on some rubies - -v0.5.0 ------- -- [COOK-678] - add the selinux cookbook to the repository -- Use main selinux config file (/etc/selinux/config) -- Use getenforce instead of selinuxenabled for enforcing and permissive diff --git a/cookbooks/selinux/README.md b/cookbooks/selinux/README.md deleted file mode 100644 index 11e8961..0000000 --- a/cookbooks/selinux/README.md +++ /dev/null @@ -1,144 +0,0 @@ -Description -=========== - -Provides recipes for manipulating SELinux policy enforcement state. - -Requirements -============ - -RHEL family distribution or other Linux system that uses SELinux. - -## Platform: - -Tested on RHEL 5.8, 6.3 - -Node Attributes -=============== - -* `node['selinux']['state']` - The SELinux policy enforcement state. - The state to set by default, to match the default SELinux state on - RHEL. Can be "enforcing", "permissive", "disabled" - -* `node['selinux']['booleans']` - A hash of SELinux boolean names and the - values they should be set to. Values can be off, false, or 0 to disable; - or on, true, or 1 to enable. - -Resources/Providers -=================== - -## selinux\_state - -The `selinux_state` LWRP is used to manage the SELinux state on the -system. It does this by using the `setenforce` command and rendering -the `/etc/selinux/config` file from a template. - -### Actions - -* `:nothing` - default action, does nothing -* `:enforcing` - Sets SELinux to enforcing. -* `:disabled` - Sets SELinux to disabled. -* `:permissive` - Sets SELinux to permissive. - -### Attributes - -The LWRP has no user-settable resource attributes. - -### Examples - -Simply set SELinux to enforcing or permissive: - - selinux_state "SELinux Enforcing" do - action :enforcing - end - - selinux_state "SELinux Permissive" do - action :permissive - end - -The action here is based on the value of the -`node['selinux']['state']` attribute, which we convert to lower-case -and make a symbol to pass to the action. - - selinux_state "SELinux #{node['selinux']['state'].capitalize}" do - action node['selinux']['state'].downcase.to_sym - end - -Recipes -======= - -All the recipes now leverage the LWRP described above. - -## default - -The default recipe will use the attribute `node['selinux']['state']` -in the `selinux_state` LWRP's action. By default, this will be `:enforcing`. - -## enforcing - -This recipe will use `:enforcing` as the `selinux_state` action. - -## permissive - -This recipe will use `:permissive` as the `selinux_state` action. - -## disabled - -This recipe will use `:disabled` as the `selinux_state` action. - -Usage -===== - -By default, this cookbook will have SELinux enforcing by default, as -the default recipe uses the `node['selinux']['state']` attribute, -which is "enforcing." This is in line with the policy of enforcing by -default on RHEL family distributions. - -This has complicated considerations when changing the default -configuration of their systems, whether it is with automated -configuration management or manually. Often, third party help forums -and support sites recommend setting SELinux to "permissive." This -cookbook can help with that, in two ways. - -You can simply set the attribute in a role applied to the node: - - name "base" - description "Base role applied to all nodes." - default_attributes( - "selinux" => { - "state" => "permissive" - } - ) - -Or, you can apply the recipe to the run list (e.g., in a role): - - name "base" - description "Base role applied to all nodes." - run_list( - "recipe[selinux::permissive]", - ) - -Roadmap -======= - -Add LWRP/Libraries for manipulating security contexts for files and -services managed by Chef. - -License and Author -================== - -- Author:: Sean OMeara () -- Author:: Joshua Timberman () - -Copyright:: 2011-2012, Chef Software, Inc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/cookbooks/selinux/attributes/default.rb b/cookbooks/selinux/attributes/default.rb deleted file mode 100644 index 68d07f3..0000000 --- a/cookbooks/selinux/attributes/default.rb +++ /dev/null @@ -1,2 +0,0 @@ -default['selinux']['state'] = 'enforcing' -default['selinux']['booleans'] = {} diff --git a/cookbooks/selinux/libraries/selinux_service_helpers.rb b/cookbooks/selinux/libraries/selinux_service_helpers.rb deleted file mode 100644 index 1c2e568..0000000 --- a/cookbooks/selinux/libraries/selinux_service_helpers.rb +++ /dev/null @@ -1,13 +0,0 @@ -module SELinuxServiceHelpers - def self.selinux_bool(bool) - if ['on', 'true', '1', true, 1].include? bool - 'on' - elsif ['off', 'false', '0', false, 0].include? bool - 'off' - else - Chef::Log.warn "Not a valid boolean value: #{bool}" - nil - end - end -end - diff --git a/cookbooks/selinux/metadata.json b/cookbooks/selinux/metadata.json deleted file mode 100644 index f956ff1..0000000 --- a/cookbooks/selinux/metadata.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "selinux", - "version": "0.9.0", - "description": "Manages SELinux policy state via LWRP or recipes.", - "long_description": "Description\n===========\n\nProvides recipes for manipulating SELinux policy enforcement state.\n\nRequirements\n============\n\nRHEL family distribution or other Linux system that uses SELinux.\n\n## Platform:\n\nTested on RHEL 5.8, 6.3\n\nNode Attributes\n===============\n\n* `node['selinux']['state']` - The SELinux policy enforcement state.\n The state to set by default, to match the default SELinux state on\n RHEL. Can be \"enforcing\", \"permissive\", \"disabled\"\n\n* `node['selinux']['booleans']` - A hash of SELinux boolean names and the\n values they should be set to. Values can be off, false, or 0 to disable;\n or on, true, or 1 to enable.\n\nResources/Providers\n===================\n\n## selinux\\_state\n\nThe `selinux_state` LWRP is used to manage the SELinux state on the\nsystem. It does this by using the `setenforce` command and rendering\nthe `/etc/selinux/config` file from a template.\n\n### Actions\n\n* `:nothing` - default action, does nothing\n* `:enforcing` - Sets SELinux to enforcing.\n* `:disabled` - Sets SELinux to disabled.\n* `:permissive` - Sets SELinux to permissive.\n\n### Attributes\n\nThe LWRP has no user-settable resource attributes.\n\n### Examples\n\nSimply set SELinux to enforcing or permissive:\n\n selinux_state \"SELinux Enforcing\" do\n action :enforcing\n end\n\n selinux_state \"SELinux Permissive\" do\n action :permissive\n end\n\nThe action here is based on the value of the\n`node['selinux']['state']` attribute, which we convert to lower-case\nand make a symbol to pass to the action.\n\n selinux_state \"SELinux #{node['selinux']['state'].capitalize}\" do\n action node['selinux']['state'].downcase.to_sym\n end\n\nRecipes\n=======\n\nAll the recipes now leverage the LWRP described above.\n\n## default\n\nThe default recipe will use the attribute `node['selinux']['state']`\nin the `selinux_state` LWRP's action. By default, this will be `:enforcing`.\n\n## enforcing\n\nThis recipe will use `:enforcing` as the `selinux_state` action.\n\n## permissive\n\nThis recipe will use `:permissive` as the `selinux_state` action.\n\n## disabled\n\nThis recipe will use `:disabled` as the `selinux_state` action.\n\nUsage\n=====\n\nBy default, this cookbook will have SELinux enforcing by default, as\nthe default recipe uses the `node['selinux']['state']` attribute,\nwhich is \"enforcing.\" This is in line with the policy of enforcing by\ndefault on RHEL family distributions.\n\nThis has complicated considerations when changing the default\nconfiguration of their systems, whether it is with automated\nconfiguration management or manually. Often, third party help forums\nand support sites recommend setting SELinux to \"permissive.\" This\ncookbook can help with that, in two ways.\n\nYou can simply set the attribute in a role applied to the node:\n\n name \"base\"\n description \"Base role applied to all nodes.\"\n default_attributes(\n \"selinux\" => {\n \"state\" => \"permissive\"\n }\n )\n\nOr, you can apply the recipe to the run list (e.g., in a role):\n\n name \"base\"\n description \"Base role applied to all nodes.\"\n run_list(\n \"recipe[selinux::permissive]\",\n )\n\nRoadmap\n=======\n\nAdd LWRP/Libraries for manipulating security contexts for files and\nservices managed by Chef.\n\nLicense and Author\n==================\n\n- Author:: Sean OMeara ()\n- Author:: Joshua Timberman ()\n\nCopyright:: 2011-2012, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Sam Kottler", - "maintainer_email": "shk@linux.com", - "license": "Apache", - "platforms": { - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "scientific": ">= 0.0.0", - "oracle": ">= 0.0.0", - "amazon": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "debian": ">= 0.0.0" - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - "selinux/state": { - "display_name": "SELinux State", - "description": "The SELinux policy enforcement state.", - "choices": [ - "enforcing", - "permissive", - "disabled" - ], - "recipes": [ - "selinux::default" - ], - "type": "string", - "default": "enforcing" - } - }, - "groupings": { - }, - "recipes": { - "selinux": "Use LWRP with state attribute to manage SELinux state.", - "selinux::enforcing": "Use :enforcing as the action for the selinux_state.", - "selinux::permissive": "Use :permissive as the action for the selinux_state.", - "selinux::disabled": "Use :disabled as the action for the selinux_state." - } -} \ No newline at end of file diff --git a/cookbooks/selinux/providers/state.rb b/cookbooks/selinux/providers/state.rb deleted file mode 100644 index c61556a..0000000 --- a/cookbooks/selinux/providers/state.rb +++ /dev/null @@ -1,75 +0,0 @@ -# -# Cookbook Name:: selinux -# Provider:: default -# -# Copyright 2011, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -require 'chef/mixin/shell_out' -include Chef::Mixin::ShellOut - -def whyrun_supported? - true -end - -action :enforcing do - unless @current_resource.state == "enforcing" - execute "selinux-enforcing" do - not_if "getenforce | grep -qx 'Enforcing'" - command "setenforce 1" - end - se_template = render_selinux_template("enforcing") - end -end - -action :disabled do - unless @current_resource.state == "disabled" - execute "selinux-disabled" do - only_if "selinuxenabled" - command "setenforce 0" - end - se_template = render_selinux_template("disabled") - end -end - -action :permissive do - unless @current_resource.state == "permissive" || @current_resource.state == "disabled" - execute "selinux-permissive" do - not_if "getenforce | egrep -qx 'Permissive|Disabled'" - command "setenforce 0" - end - se_template = render_selinux_template("permissive") - end -end - -def load_current_resource - @current_resource = Chef::Resource::SelinuxState.new(new_resource.name) - s = shell_out("getenforce") - @current_resource.state(s.stdout.chomp.downcase) -end - -def render_selinux_template(state) - template "#{state} selinux config" do - path "/etc/selinux/config" - source "sysconfig/selinux.erb" - cookbook "selinux" - if state == 'permissive' - not_if "getenforce | grep -qx 'Disabled'" - end - variables( - :selinux => state, - :selinuxtype => "targeted" - ) - end -end diff --git a/cookbooks/selinux/recipes/_common.rb b/cookbooks/selinux/recipes/_common.rb deleted file mode 100644 index c8a1c7e..0000000 --- a/cookbooks/selinux/recipes/_common.rb +++ /dev/null @@ -1,17 +0,0 @@ - -case node[:platform_family] -when %r(debian|ubuntu) - package 'selinux-utils' -when 'rhel', 'fedora' - package 'libselinux-utils' -else - # implement support for your platform here! - raise "#{node[:platform_family]} not supported!" -end - -directory '/etc/selinux' do - owner 'root' - group 'root' - mode '0755' - action :create -end diff --git a/cookbooks/selinux/recipes/default.rb b/cookbooks/selinux/recipes/default.rb deleted file mode 100644 index 7feb0e5..0000000 --- a/cookbooks/selinux/recipes/default.rb +++ /dev/null @@ -1,34 +0,0 @@ -# -# Cookbook Name:: selinux -# Recipe:: default -# -# Copyright 2011, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -include_recipe 'selinux::_common' - -selinux_state "SELinux #{node['selinux']['state'].capitalize}" do - action node['selinux']['state'].downcase.to_sym -end - -node['selinux']['booleans'].each do |boolean, value| - value = SELinuxServiceHelpers.selinux_bool(value) - unless value.nil? - script "boolean_#{boolean}" do - interpreter "bash" - code "setsebool -P #{boolean} #{value}" - not_if "getsebool #{boolean} |egrep -q \" #{value}\"$" - end - end -end diff --git a/cookbooks/selinux/recipes/disabled.rb b/cookbooks/selinux/recipes/disabled.rb deleted file mode 100644 index 904051a..0000000 --- a/cookbooks/selinux/recipes/disabled.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Author:: Sean OMeara () -# Cookbook Name:: selinux -# Recipe:: disabled -# -# Copyright 2011, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'selinux::_common' - -selinux_state "SELinux Disabled" do - action :disabled -end diff --git a/cookbooks/selinux/recipes/enforcing.rb b/cookbooks/selinux/recipes/enforcing.rb deleted file mode 100644 index d1be09e..0000000 --- a/cookbooks/selinux/recipes/enforcing.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Author:: Sean OMeara () -# Cookbook Name:: selinux -# Recipe:: enforcing -# -# Copyright 2011, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'selinux::_common' - -selinux_state "SELinux Enforcing" do - action :enforcing -end diff --git a/cookbooks/selinux/recipes/permissive.rb b/cookbooks/selinux/recipes/permissive.rb deleted file mode 100644 index 6010be3..0000000 --- a/cookbooks/selinux/recipes/permissive.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Author:: Sean OMeara () -# Cookbook Name:: selinux -# Recipe:: permissive -# -# Copyright 2011, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'selinux::_common' - -selinux_state "SELinux Permissive" do - action :permissive -end diff --git a/cookbooks/selinux/resources/state.rb b/cookbooks/selinux/resources/state.rb deleted file mode 100644 index eb7debf..0000000 --- a/cookbooks/selinux/resources/state.rb +++ /dev/null @@ -1,22 +0,0 @@ -# -# Cookbook Name:: selinux -# Resource:: default -# -# Copyright 2011, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -default_action :nothing -actions :enforcing, :disabled, :permissive - -attribute :state, :default => nil diff --git a/cookbooks/selinux/templates/default/sysconfig/selinux.erb b/cookbooks/selinux/templates/default/sysconfig/selinux.erb deleted file mode 100644 index 2b393f0..0000000 --- a/cookbooks/selinux/templates/default/sysconfig/selinux.erb +++ /dev/null @@ -1,11 +0,0 @@ -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - SELinux is fully disabled. -SELINUX=<%= @selinux %> -# SELINUXTYPE= type of policy in use. Possible values are: -# targeted - Only targeted network daemons are protected. -# strict - Full SELinux protection. -SELINUXTYPE=<%= @selinuxtype %> - diff --git a/cookbooks/smf/README.md b/cookbooks/smf/README.md deleted file mode 100644 index a1dabb0..0000000 --- a/cookbooks/smf/README.md +++ /dev/null @@ -1,370 +0,0 @@ -SMF -=== - -## Description - -Service Management Facility (SMF) is a tool in many Illumos and Solaris-derived operating systems -that treats services as first class objects of the system. It provides an XML syntax for -declaring how the system can interact with and control a service. - -The SMF cookbook contains providers for creating or modifying a service within the SMF framework. - - -## Requirements - -Any operating system that uses SMF, ie Solaris, SmartOS, OpenIndiana etc. - -The `smf` provider depends on the `builder` gem, which can be installed -via the `smf::default` recipe. - -Requires the RBAC cookbook, which can be found at . - -Processes can be run inside a project wrapper. In this case, look to the Resource Control cookbook, -which can be found at . Note that the SMF LWRP -does not create or manage the project. - - -## Basic Usage - -Note that we run the `smf::default` recipe before using LWRPs from this -cookbook. - -```ruby -include_recipe 'smf' - -smf 'my-service' do - user 'non-root-user' - start_command 'my-service start' - start_timeout 10 - stop_command 'pkill my-service' - stop_timeout 5 - restart_command 'my-service restart' - restart_timeout 60 - environment 'PATH' => '/home/non-root-user/bin', - 'RAILS_ENV' => 'staging' - locale 'C' - manifest_type 'application' - service_path '/var/svc/manifest' - notifies :restart, 'service[my-service]' -end - -service 'my-service' do - action :enable -end - -service 'my-service' do - action :restart -end -``` - - -## Attributes - -Ownership: -* `user` - User to run service commands as -* `group` - Group to run service commands as - -RBAC -* `authorization` - What management and value authorizations should be - created for this service. Defaults to the service name. - -Dependency management: -* `include_default_dependencies` - Service should depend on file system - and network services. Defaults to `true`. See [Dependencies](#dependencies) - for more info. -* `dependency` - an optional array of hashes signifying service and path - dependencies for this service to run. See [Dependencies](#dependencies). - -Process management: -* `project` - Name of project to run commands in -* `start_command` -* `start_timeout` -* `stop_command` - defaults to `:kill`, which basically means it will destroy every PID generated from the start command -* `stop_timeout` -* `restart_command` - defaults to `stop_command`, then `start_command` -* `restart_timeout` -* `refresh_command` - by default SMF treats this as `true`. This will be called when the SMF definition changes or - when a `notify :reload, 'service[thing]'` is called. -* `refresh_timeout` -* `duration` - Can be either `contract`, `wait`, `transient` or - `child`, but defaults to `contract`. See the [Duration](#duration) section below. -* `environment` - Hash - Environment variables to set while running commands -* `ignore` - Array - Faults to ignore in subprocesses. For example, - if core dumps in children are handled by a master process and you - don't want SMF thinking the service is exploding, you can ignore - ["core", "signal"]. -* `privileges` - Array - An array of privileges to be allowed for started processes. - Defaults to ['basic', 'net_privaddr'] -* `property_groups` - Hash - This should be in the form `{"group name" => {"type" => "application", "key" => "value", ...}}` -* `working_directory` - PWD that SMF should cd to in order to run commands -* `locale` - Character encoding to use (default "C") - -Manifest/FMRI metadata: -* `service_path` - defaults to `/var/svc/manifest` -* `manifest_type` - defaults to `application` -* `stability` - String - defaults to "Evolving". Valid options are - "Standard", "Stable", "Evolving", "Unstable", "External" and - "Obsolete" - -Deprecated: -* `credentials_user` - deprecated in favor of `user` - - -## Provider Actions - -### :install (default) - -This will drop a manifest XML file into `#{service_path}/#{manifest_type}/#{name}.xml`. If there is already a service -with a name that is matched by `new_resource.name` then the FMRI of our manifest will be set to the FMRI of the -pre-existing service. In this case, our properties will be merged into the properties of the pre-existing service. - -In this way, updates to recipes that use the SMF provider will not delete existing service properties, but will add -or overwrite them. - -Because of this, the SMF provider can be used to update properties for -services that are installed via a package manager. - -### :delete - -Remove an SMF definition. This stops the service if it is running. - -### :add_rbac - -This uses the `rbac` cookbook to define permissions that can then be applied to a user. This can be useful when local -users should manage services that are added via packages. - -```ruby -smf "nginx" do - action :add_rbac -end - -rbac_auth "Allow my user to manage nginx" do - user "my_user" - auth "nginx" -end -``` - - -## Resource Notes - -### `user`, `working_directory` and `environment` - -SMF does a remarkably good job running services as delegated users, and removes a lot of pain if you configure a -service correctly. There are many examples online (blogs, etc) of users wrapping their services in shell scripts with -`start`, `stop`, `restart` arguments. In general it seems as if the intention of these scripts is to take care of the -problem of setting environment variables and shelling out as another user. - -The use of init scripts to wrap executables can be unnecessary with SMF, as it provides hooks for all of these use cases. -When using `user`, SMF will assume that the `working_directory` is the user's home directory. This can be -easily overwritten (to `/home/user/app/current` for a Rails application, for example). One thing to be careful of is -that shell profile files will not be loaded. For this reason, if environment variables (such as PATH) are different -on your system or require additional entries arbitrary key/values may be set using the `environment` attribute. - -All things considered, one should think carefully about the need for an init script when working with SMF. For -well-behaved applications with simple configuration, an init script is overkill. Applications with endless command-line -options or that need a real login shell (for instance ruby applications that use RVM) an init script may make life -easier. - -### Role Based Authorization - -By default the SMF definition creates authorizations based on the -service name. The service user is then granted these authorizations. If -the service is named `asplosions`, then `solaris.smf.manage.asplosions` -and `solaris.smf.value.asplosions` will be created. - -The authorization can be changed by manually setting `authorization` on -the smf block: - -```ruby -smf 'asplosions' do - user 'monkeyking' - start_command 'asplode' - authorization 'booms' -end -``` - -This can be helpful if there are many services configured on a single -host, as multiple services can be collapsed into the same -authorizations. For instance: https://illumos.org/issues/4968 - -### Dependencies - -SMF allows services to explicitly list their dependencies on other -services. Among other things, this ensures that services are enabled in -the proper order on boot, so that a service doesn't fail to start -because another service has not yet been started. - -By default, services created by the SMF LWRP depend on the following other services: -* svc:/milestone/sysconfig -* svc:/system/filesystem/local -* svc:/milestone/name-services -* svc:/milestone/network - -On Solaris11, `svc:/milestone/sysconfig` is replaced with -`svc:/milestone/config`. - -These are configured with the attribute `include_default_dependencies`, -which defaults to `true`. - -Other dependencies can be specified with the `dependencies` attribute, -which takes an array of hashes as follows: - -```ruby -smf 'redis' - -smf 'redis-6999' do - start_command "..." - dependencies [ - {name: 'redis', fmris: ['svc:/application/management/redis'], - grouping: 'require_all', restart_on: 'restart', type: 'service'} - ] -end -``` - -Valid options for grouping: -* require_all - All listed FMRIs must be online -* require_any - Any of the listed FMRIs must be online -* exclude_all - None of the listed FMRIs can be online -* optional_all - FMRIs are either online or unable to come online - -Valid options for restart_on: -* error - Hardware fault -* restart - Restarts service if the depedency is restarted -* refresh - Restarted if the dependency is restarted or refreshed for - any reason -* none - Don't do anything - -Valid options for type: -* service - expects dependency FMRIs to be other services ie: svc:/type/of/service:instance -* path - expects FMRIs to be paths, ie file://localhost/etc/redis/redis.conf - -Note: the provider currently does not do any validation of these values. Also, type:path has not been extensively -tested. Use this at your own risk, or improve the provider's compatibility with type:path and submit a pull request! - -### Duration - -There are several different ways that SMF can track your service. By default it uses `contract`. -Basically, this means that it will keep track of the PIDs of all daemonized processes generated from `start_command`. -If SMF sees that processes are cycling, it may try to restart the service. If things get too hectic, it -may think that your service is flailing and put it into maintenance mode. If this is normal for your service, -for instance if you have a master that occasionally reaps processes, you may want to specify additional -configuration options. - -If you have a job that you want managed by SMF, but which is not daemonized, another duration option is -`transient`. In this mode, SMF will not watch any processes, but will expect that the main process exits cleanly. -This can be used, for instance, for a script that must be run at boot time, or for a script that you want to delegate -to particular users with Role Based Access Control. In this case, the script can be registered with SMF to run as root, -but with the start_command delegated to your user. - -A third option is `wait`. This covers non-daemonized processes. - -A fourth option is `child`. - -### Ignore - -Sometimes you have a case where your service behaves poorly. The Ruby server Unicorn, for example, has a master -process that likes to kill its children. This causes core dumps that SMF will interpret to be a failing service. -Instead you can `ignore ["core", "signal"]` and SMF will stop caring about core dumps. - -### Privileges - -Some system calls require privileges generally only granted to superusers or particular roles. In Solaris, an -SMF definition can also set specific privileges for contracted processes. - -By default the SMF provider will grant 'basic' and 'net_privaddr' permissions, but this can be set as follows: - -```ruby -smf 'elasticsearch' do - start_command 'elasticsearch' - privileges ['basic', 'proc_lock_memory'] -end -``` - -See the (privileges man page)[https://www.illumos.org/man/5/privileges] for more information. - -### Property Groups - -Property Groups are where you can store extra information for SMF to use later. They should be used in the -following format: - -```ruby -smf "my-service" do - start_command "do-something" - property_groups({ - "config" => { - "type" => "application", - "my-property" => "property value" - } - }) -end -``` - -`type` will default to `application`, and is used in the manifest XML to declare how the property group will be -used. For this reason, `type` can not be used as a property name (ie variable). - -One way to use property groups is to pass variables on to commands, as follows: - -```ruby -rails_env = node["from-chef-environment"]["rails-env"] - -smf "unicorn" do - start_command "bundle exec unicorn_rails -c /home/app_user/app/current/config/%{config/rails_env} -E %{config/rails_env} -D" - start_timeout 300 - restart_command ":kill -SIGUSR2" - restart_timeout 300 - working_directory "/home/app_user/app/current" - property_groups({ - "config" => { - "rails_env" => rails_env - } - }) -end -``` - -This is especially handy if you have a case where your commands may come from role attributes, but can -only work if they have access to variables set in an environment or computed in a recipe. - -### Stability - -This is for reference more than anything, so that administrators of a service know what to expect of possible changes to -the service definition. - -See: - - -## Working Examples - -Please see the [examples](https://github.com/livinginthepast/smf/blob/master/EXAMPLES.md) page for -example usages. - - -## Cookbook upgrades, possible side effects - -Changes to this cookbook may change the way that its internal checksums are generated for a service. -If you `notify :restart` any service from within the `smf` block or include a `refresh_command`, please -be aware that upgrading this cookbook may trigger a refresh or a registered notification on the first -subsequent chef run. - -## Contributing - -* fork -* file an issue to track updates/communication -* add tests -* rebase master into your branch -* issue a pull request - -Please do not increment the cookbook version in a fork. Version updates -will be done on the master branch after any pull requests are merged. - -When upstream changes are added to the master branch while you are -working on a contribution, please rebase master into your branch and -force push. A pull request should be able to be merged through a -fast-forward, without a merge commit. - -## Testing - -```bash -bundle -vagrant plugin install vagrant-smartos-zones -bundle exec strainer test -``` diff --git a/cookbooks/smf/libraries/helper.rb b/cookbooks/smf/libraries/helper.rb deleted file mode 100644 index ab2b0c6..0000000 --- a/cookbooks/smf/libraries/helper.rb +++ /dev/null @@ -1,9 +0,0 @@ -unless defined?(SMFManifest::Helper) - module SMFManifest - # Generic helper that other helpers can inherit from. - # Takes the current node object, as well as an optional - # resource. - class Helper < Struct.new(:node, :resource) - end - end -end diff --git a/cookbooks/smf/libraries/matchers.rb b/cookbooks/smf/libraries/matchers.rb deleted file mode 100644 index e0242e3..0000000 --- a/cookbooks/smf/libraries/matchers.rb +++ /dev/null @@ -1,9 +0,0 @@ -if defined?(ChefSpec) - def install_smf(name) - ChefSpec::Matchers::ResourceMatcher.new(:smf, :install, name) - end - - def delete_smf(name) - ChefSpec::Matchers::ResourceMatcher.new(:smf, :delete, name) - end -end diff --git a/cookbooks/smf/libraries/rbac_helper.rb b/cookbooks/smf/libraries/rbac_helper.rb deleted file mode 100644 index 6461afe..0000000 --- a/cookbooks/smf/libraries/rbac_helper.rb +++ /dev/null @@ -1,31 +0,0 @@ -module SMFManifest - # Helper methods for determining whether work needs to be done - # with respect to assigning RBAC values to a service. - class RBACHelper < SMFManifest::Helper - include Chef::Mixin::ShellOut - - def authorization_set? - current_authorization == authorization - end - - def value_authorization_set? - current_value_authorization == value_authorization - end - - def current_authorization - shell_out("svcprop -p general/action_authorization #{resource.name}").stdout.chomp - end - - def current_value_authorization - shell_out("svcprop -p general/value_authorization #{resource.name}").stdout.chomp - end - - def authorization - "solaris.smf.manage.#{resource.authorization_name}" - end - - def value_authorization - "solaris.smf.value.#{resource.authorization_name}" - end - end -end diff --git a/cookbooks/smf/libraries/xml_builder.rb b/cookbooks/smf/libraries/xml_builder.rb deleted file mode 100644 index a9b7f7f..0000000 --- a/cookbooks/smf/libraries/xml_builder.rb +++ /dev/null @@ -1,209 +0,0 @@ -## This is kind of a hack, to ensure that the cookbook can be -# loaded. On first load, nokogiri may not be present. It is -# installed at load time by recipes/default.rb, so that at run -# time nokogiri will be present. -# -require 'forwardable' - -# rubocop:disable Metrics/ClassLength -module SMFManifest - # XMLBuilder manages the translation of the SMF Chef resource attributes into - # XML that can be parsed by `svccfg import`. - # - # SMFManifest::XMLBuilder.new(resource, node).to_xml - # - class XMLBuilder - # allow delegation - extend Forwardable - - attr_reader :resource, :node - - # delegate methods to :resource - def_delegators :resource, :name, :authorization_name, :dependencies, :duration, :environment, :group, :ignore, - :include_default_dependencies, :locale, :manifest_type, :project, :property_groups, - :service_path, :stability, :working_directory - - public - - def initialize(smf_resource, node) - @resource = smf_resource - @node = node - end - - def to_xml - @xml_output ||= xml_output - end - - protected - - ## methods that need to be called from within the context - # of the Nokogiri builder block need to be protected, rather - # than private. - - def commands - @commands ||= { - 'start' => resource.start_command, - 'stop' => resource.stop_command, - 'restart' => resource.restart_command, - 'refresh' => resource.refresh_command - } - end - - def timeout - @timeouts ||= { - 'start' => resource.start_timeout, - 'stop' => resource.stop_timeout, - 'restart' => resource.restart_timeout, - 'refresh' => resource.refresh_timeout - } - end - - def default_dependencies - if node.platform == 'solaris2' && node.platform_version == '5.11' - [ - { 'name' => 'milestone', 'value' => '/milestone/config' }, - { 'name' => 'fs-local', 'value' => '/system/filesystem/local' }, - { 'name' => 'name-services', 'value' => '/milestone/name-services' }, - { 'name' => 'network', 'value' => '/milestone/network' } - ] - else - [ - { 'name' => 'milestone', 'value' => '/milestone/sysconfig' }, - { 'name' => 'fs-local', 'value' => '/system/filesystem/local' }, - { 'name' => 'name-services', 'value' => '/milestone/name-services' }, - { 'name' => 'network', 'value' => '/milestone/network' } - ] - end - end - - private - - def xml_output - xml_builder = ::Builder::XmlMarkup.new(indent: 2) - xml_builder.instruct! - xml_builder.declare! :DOCTYPE, :service_bundle, :SYSTEM, '/usr/share/lib/xml/dtd/service_bundle.dtd.1' - xml_builder.service_bundle('name' => name, 'type' => 'manifest') do |xml| - xml.service('name' => service_fmri, 'type' => 'service', 'version' => '1') do |service| - service.create_default_instance('enabled' => 'false') - service.single_instance - - if include_default_dependencies - default_dependencies.each do |dependency| - service.dependency('name' => dependency['name'], - 'grouping' => 'require_all', - 'restart_on' => 'none', - 'type' => 'service') do |dep| - dep.service_fmri('value' => "svc:#{dependency['value']}") - end - end - end - - dependencies.each do |dependency| - service.dependency('name' => dependency['name'], - 'grouping' => dependency['grouping'], - 'restart_on' => dependency['restart_on'], - 'type' => dependency['type']) do |dep| - dependency['fmris'].each do |service_fmri| - dep.service_fmri('value' => service_fmri) - end - end - end - - service.method_context(exec_context) do |context| - context.method_credential(credentials) if user != 'root' - - if environment - context.method_environment do |env| - environment.each_pair do |var, value| - env.envvar('name' => var, 'value' => value) - end - end - end - end - - commands.each_pair do |type, command| - if command - service.exec_method('type' => 'method', 'name' => type, 'exec' => command, 'timeout_seconds' => timeout[type]) - end - end - - service.property_group('name' => 'general', 'type' => 'framework') do |group| - group.propval('name' => 'action_authorization', - 'type' => 'astring', - 'value' => "solaris.smf.manage.#{authorization_name}") - group.propval('name' => 'value_authorization', - 'type' => 'astring', - 'value' => "solaris.smf.value.#{authorization_name}") - end - - if sets_duration? || ignores_faults? - service.property_group('name' => 'startd', 'type' => 'framework') do |group| - group.propval('name' => 'duration', 'type' => 'astring', 'value' => duration) if sets_duration? - group.propval('name' => 'ignore_error', 'type' => 'astring', 'value' => ignore.join(',')) if ignores_faults? - end - end - - property_groups.each_pair do |name, properties| - service.property_group('name' => name, 'type' => properties.delete('type') { |_type| 'application' }) do |group| - properties.each_pair do |key, value| - group.propval('name' => key, 'value' => value, 'type' => check_type(value)) - end - end - end - - service.stability('value' => stability) - - service.template do |template| - template.common_name do |common_name| - common_name.loctext(name, 'xml:lang' => locale) - end - end - end - end - - xml_builder.target! - end - - def credentials - creds = { 'user' => user, 'privileges' => resource.privilege_list } - creds.merge!('group' => group) unless group.nil? - creds - end - - def user - resource.user || resource.credentials_user || 'root' - end - - def exec_context - context = {} - context['working_directory'] = working_directory unless working_directory.nil? - context['project'] = project unless project.nil? - context - end - - def check_type(value) - if value == value.to_i - 'integer' - else - 'astring' - end - end - - def ignores_faults? - !ignore.nil? - end - - def sets_duration? - duration != 'contract' - end - - # resource.fmri is set in the SMF :install action of the default provider. - # If there is already a service with a name that is matched by our resource.name - # then we grab the FMRI (fault management resource identifier) from the system. - # If a service is not found, we set this to our own FMRI. - def service_fmri - resource.fmri.nil? || resource.fmri.empty? ? "#{manifest_type}/management/#{name}" : resource.fmri.gsub(/^\//, '') - end - end -end -# rubocop:enable Metrics/ClassLength diff --git a/cookbooks/smf/metadata.json b/cookbooks/smf/metadata.json deleted file mode 100644 index d5aba81..0000000 --- a/cookbooks/smf/metadata.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "smf", - "description": "A light weight resource provider (LWRP) for SMF (Service Management Facility)", - "long_description": "SMF\n===\n\n## Description\n\nService Management Facility (SMF) is a tool in many Illumos and Solaris-derived operating systems\nthat treats services as first class objects of the system. It provides an XML syntax for \ndeclaring how the system can interact with and control a service.\n\nThe SMF cookbook contains providers for creating or modifying a service within the SMF framework.\n\n\n## Requirements\n\nAny operating system that uses SMF, ie Solaris, SmartOS, OpenIndiana etc.\n\nThe `smf` provider depends on the `builder` gem, which can be installed\nvia the `smf::default` recipe.\n\nRequires the RBAC cookbook, which can be found at .\n\nProcesses can be run inside a project wrapper. In this case, look to the Resource Control cookbook,\nwhich can be found at . Note that the SMF LWRP\ndoes not create or manage the project.\n\n\n## Basic Usage\n\nNote that we run the `smf::default` recipe before using LWRPs from this\ncookbook.\n\n```ruby\ninclude_recipe 'smf'\n\nsmf 'my-service' do\n user 'non-root-user'\n start_command 'my-service start'\n start_timeout 10\n stop_command 'pkill my-service'\n stop_timeout 5\n restart_command 'my-service restart'\n restart_timeout 60\n environment 'PATH' => '/home/non-root-user/bin',\n 'RAILS_ENV' => 'staging'\n locale 'C'\n manifest_type 'application'\n service_path '/var/svc/manifest'\n notifies :restart, 'service[my-service]'\nend\n\nservice 'my-service' do\n action :enable\nend\n\nservice 'my-service' do\n action :restart\nend\n```\n\n\n## Attributes\n\nOwnership:\n* `user` - User to run service commands as\n* `group` - Group to run service commands as\n\nRBAC\n* `authorization` - What management and value authorizations should be\n created for this service. Defaults to the service name.\n\nDependency management:\n* `include_default_dependencies` - Service should depend on file system\n and network services. Defaults to `true`. See [Dependencies](#dependencies)\n for more info.\n* `dependency` - an optional array of hashes signifying service and path\n dependencies for this service to run. See [Dependencies](#dependencies).\n\nProcess management:\n* `project` - Name of project to run commands in\n* `start_command`\n* `start_timeout`\n* `stop_command` - defaults to `:kill`, which basically means it will destroy every PID generated from the start command\n* `stop_timeout`\n* `restart_command` - defaults to `stop_command`, then `start_command`\n* `restart_timeout`\n* `refresh_command` - by default SMF treats this as `true`. This will be called when the SMF definition changes or\n when a `notify :reload, 'service[thing]'` is called.\n* `refresh_timeout`\n* `duration` - Can be either `contract`, `wait`, `transient` or\n `child`, but defaults to `contract`. See the [Duration](#duration) section below.\n* `environment` - Hash - Environment variables to set while running commands\n* `ignore` - Array - Faults to ignore in subprocesses. For example, \n if core dumps in children are handled by a master process and you \n don't want SMF thinking the service is exploding, you can ignore \n [\"core\", \"signal\"].\n* `privileges` - Array - An array of privileges to be allowed for started processes.\n Defaults to ['basic', 'net_privaddr']\n* `property_groups` - Hash - This should be in the form `{\"group name\" => {\"type\" => \"application\", \"key\" => \"value\", ...}}`\n* `working_directory` - PWD that SMF should cd to in order to run commands\n* `locale` - Character encoding to use (default \"C\")\n\nManifest/FMRI metadata:\n* `service_path` - defaults to `/var/svc/manifest`\n* `manifest_type` - defaults to `application`\n* `stability` - String - defaults to \"Evolving\". Valid options are\n \"Standard\", \"Stable\", \"Evolving\", \"Unstable\", \"External\" and\n \"Obsolete\"\n\nDeprecated:\n* `credentials_user` - deprecated in favor of `user`\n\n\n## Provider Actions\n\n### :install (default)\n\nThis will drop a manifest XML file into `#{service_path}/#{manifest_type}/#{name}.xml`. If there is already a service\nwith a name that is matched by `new_resource.name` then the FMRI of our manifest will be set to the FMRI of the \npre-existing service. In this case, our properties will be merged into the properties of the pre-existing service.\n\nIn this way, updates to recipes that use the SMF provider will not delete existing service properties, but will add \nor overwrite them.\n\nBecause of this, the SMF provider can be used to update properties for\nservices that are installed via a package manager.\n\n### :delete\n\nRemove an SMF definition. This stops the service if it is running.\n\n### :add_rbac\n\nThis uses the `rbac` cookbook to define permissions that can then be applied to a user. This can be useful when local\nusers should manage services that are added via packages.\n\n```ruby\nsmf \"nginx\" do\n action :add_rbac\nend\n\nrbac_auth \"Allow my user to manage nginx\" do\n user \"my_user\"\n auth \"nginx\"\nend\n```\n\n\n## Resource Notes\n\n### `user`, `working_directory` and `environment`\n\nSMF does a remarkably good job running services as delegated users, and removes a lot of pain if you configure a \nservice correctly. There are many examples online (blogs, etc) of users wrapping their services in shell scripts with \n`start`, `stop`, `restart` arguments. In general it seems as if the intention of these scripts is to take care of the\nproblem of setting environment variables and shelling out as another user.\n\nThe use of init scripts to wrap executables can be unnecessary with SMF, as it provides hooks for all of these use cases. \nWhen using `user`, SMF will assume that the `working_directory` is the user's home directory. This can be\neasily overwritten (to `/home/user/app/current` for a Rails application, for example). One thing to be careful of is \nthat shell profile files will not be loaded. For this reason, if environment variables (such as PATH) are different \non your system or require additional entries arbitrary key/values may be set using the `environment` attribute.\n\nAll things considered, one should think carefully about the need for an init script when working with SMF. For \nwell-behaved applications with simple configuration, an init script is overkill. Applications with endless command-line \noptions or that need a real login shell (for instance ruby applications that use RVM) an init script may make life\neasier.\n\n### Role Based Authorization\n\nBy default the SMF definition creates authorizations based on the\nservice name. The service user is then granted these authorizations. If\nthe service is named `asplosions`, then `solaris.smf.manage.asplosions`\nand `solaris.smf.value.asplosions` will be created.\n\nThe authorization can be changed by manually setting `authorization` on\nthe smf block:\n\n```ruby\nsmf 'asplosions' do\n user 'monkeyking'\n start_command 'asplode'\n authorization 'booms'\nend\n```\n\nThis can be helpful if there are many services configured on a single\nhost, as multiple services can be collapsed into the same\nauthorizations. For instance: https://illumos.org/issues/4968 \n\n### Dependencies\n\nSMF allows services to explicitly list their dependencies on other\nservices. Among other things, this ensures that services are enabled in\nthe proper order on boot, so that a service doesn't fail to start\nbecause another service has not yet been started.\n\nBy default, services created by the SMF LWRP depend on the following other services:\n* svc:/milestone/sysconfig\n* svc:/system/filesystem/local\n* svc:/milestone/name-services\n* svc:/milestone/network\n\nOn Solaris11, `svc:/milestone/sysconfig` is replaced with\n`svc:/milestone/config`.\n\nThese are configured with the attribute `include_default_dependencies`,\nwhich defaults to `true`.\n\nOther dependencies can be specified with the `dependencies` attribute,\nwhich takes an array of hashes as follows:\n\n```ruby\nsmf 'redis'\n\nsmf 'redis-6999' do\n start_command \"...\"\n dependencies [\n {name: 'redis', fmris: ['svc:/application/management/redis'],\n grouping: 'require_all', restart_on: 'restart', type: 'service'}\n ]\nend\n```\n\nValid options for grouping:\n* require_all - All listed FMRIs must be online\n* require_any - Any of the listed FMRIs must be online\n* exclude_all - None of the listed FMRIs can be online\n* optional_all - FMRIs are either online or unable to come online\n\nValid options for restart_on:\n* error - Hardware fault\n* restart - Restarts service if the depedency is restarted\n* refresh - Restarted if the dependency is restarted or refreshed for\n any reason\n* none - Don't do anything\n\nValid options for type:\n* service - expects dependency FMRIs to be other services ie: svc:/type/of/service:instance\n* path - expects FMRIs to be paths, ie file://localhost/etc/redis/redis.conf\n\nNote: the provider currently does not do any validation of these values. Also, type:path has not been extensively\ntested. Use this at your own risk, or improve the provider's compatibility with type:path and submit a pull request!\n\n### Duration\n\nThere are several different ways that SMF can track your service. By default it uses `contract`. \nBasically, this means that it will keep track of the PIDs of all daemonized processes generated from `start_command`.\nIf SMF sees that processes are cycling, it may try to restart the service. If things get too hectic, it\nmay think that your service is flailing and put it into maintenance mode. If this is normal for your service,\nfor instance if you have a master that occasionally reaps processes, you may want to specify additional\nconfiguration options.\n\nIf you have a job that you want managed by SMF, but which is not daemonized, another duration option is\n`transient`. In this mode, SMF will not watch any processes, but will expect that the main process exits cleanly.\nThis can be used, for instance, for a script that must be run at boot time, or for a script that you want to delegate\nto particular users with Role Based Access Control. In this case, the script can be registered with SMF to run as root,\nbut with the start_command delegated to your user.\n\nA third option is `wait`. This covers non-daemonized processes.\n\nA fourth option is `child`.\n\n### Ignore\n\nSometimes you have a case where your service behaves poorly. The Ruby server Unicorn, for example, has a master \nprocess that likes to kill its children. This causes core dumps that SMF will interpret to be a failing service.\nInstead you can `ignore [\"core\", \"signal\"]` and SMF will stop caring about core dumps.\n\n### Privileges\n\nSome system calls require privileges generally only granted to superusers or particular roles. In Solaris, an\nSMF definition can also set specific privileges for contracted processes.\n\nBy default the SMF provider will grant 'basic' and 'net_privaddr' permissions, but this can be set as follows:\n\n```ruby\nsmf 'elasticsearch' do\n start_command 'elasticsearch'\n privileges ['basic', 'proc_lock_memory']\nend\n```\n\nSee the (privileges man page)[https://www.illumos.org/man/5/privileges] for more information.\n\n### Property Groups\n\nProperty Groups are where you can store extra information for SMF to use later. They should be used in the\nfollowing format:\n\n```ruby\nsmf \"my-service\" do\n start_command \"do-something\"\n property_groups({\n \"config\" => {\n \"type\" => \"application\",\n \"my-property\" => \"property value\"\n }\n })\nend\n```\n\n`type` will default to `application`, and is used in the manifest XML to declare how the property group will be\nused. For this reason, `type` can not be used as a property name (ie variable).\n\nOne way to use property groups is to pass variables on to commands, as follows:\n\n```ruby\nrails_env = node[\"from-chef-environment\"][\"rails-env\"]\n\nsmf \"unicorn\" do\n start_command \"bundle exec unicorn_rails -c /home/app_user/app/current/config/%{config/rails_env} -E %{config/rails_env} -D\"\n start_timeout 300\n restart_command \":kill -SIGUSR2\"\n restart_timeout 300\n working_directory \"/home/app_user/app/current\"\n property_groups({\n \"config\" => {\n \"rails_env\" => rails_env\n }\n })\nend\n```\n\nThis is especially handy if you have a case where your commands may come from role attributes, but can\nonly work if they have access to variables set in an environment or computed in a recipe.\n\n### Stability\n\nThis is for reference more than anything, so that administrators of a service know what to expect of possible changes to \nthe service definition.\n\nSee: \n\n\n## Working Examples\n\nPlease see the [examples](https://github.com/livinginthepast/smf/blob/master/EXAMPLES.md) page for\nexample usages.\n\n\n## Cookbook upgrades, possible side effects\n\nChanges to this cookbook may change the way that its internal checksums are generated for a service.\nIf you `notify :restart` any service from within the `smf` block or include a `refresh_command`, please\nbe aware that upgrading this cookbook may trigger a refresh or a registered notification on the first\nsubsequent chef run.\n\n## Contributing\n\n* fork\n* file an issue to track updates/communication\n* add tests\n* rebase master into your branch\n* issue a pull request\n\nPlease do not increment the cookbook version in a fork. Version updates\nwill be done on the master branch after any pull requests are merged.\n\nWhen upstream changes are added to the master branch while you are\nworking on a contribution, please rebase master into your branch and\nforce push. A pull request should be able to be merged through a\nfast-forward, without a merge commit.\n\n## Testing\n\n```bash\nbundle\nvagrant plugin install vagrant-smartos-zones\nbundle exec strainer test\n```\n", - "maintainer": "Eric Saxby", - "maintainer_email": "sax@livinginthepast.org", - "license": "MIT", - "platforms": { - "smartos": ">= 0.0.0" - }, - "dependencies": { - "rbac": ">= 1.0.1" - }, - "recommendations": { - - }, - "suggestions": { - "resource-control": ">= 0.0.0" - }, - "conflicting": { - - }, - "providing": { - - }, - "replacing": { - - }, - "attributes": { - - }, - "groupings": { - - }, - "recipes": { - - }, - "version": "2.2.8", - "source_url": "", - "issues_url": "", - "privacy": false, - "chef_versions": [ - - ], - "ohai_versions": [ - - ] -} diff --git a/cookbooks/smf/metadata.rb b/cookbooks/smf/metadata.rb deleted file mode 100644 index 94a4751..0000000 --- a/cookbooks/smf/metadata.rb +++ /dev/null @@ -1,13 +0,0 @@ -name 'smf' -maintainer 'Eric Saxby' -maintainer_email 'sax@livinginthepast.org' -license 'MIT' -description 'A light weight resource provider (LWRP) for SMF (Service Management Facility)' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '2.2.8' - -supports 'smartos' - -depends 'rbac', '>= 1.0.1' - -suggests 'resource-control' # For managing Solaris projects, when setting project on a manifest diff --git a/cookbooks/smf/providers/default.rb b/cookbooks/smf/providers/default.rb deleted file mode 100644 index 76670e1..0000000 --- a/cookbooks/smf/providers/default.rb +++ /dev/null @@ -1,143 +0,0 @@ - -require 'chef/mixin/shell_out' -require 'fileutils' -include Chef::Mixin::ShellOut - -def load_current_resource - find_fmri unless new_resource.fmri - - @current_resource = Chef::Resource::Smf.new(new_resource.name) - @current_resource.fmri(new_resource.fmri) - @current_resource.load -end - -action :install do - create_directories - write_manifest - create_rbac_definitions - import_manifest - deduplicate_manifest - add_rbac_permissions - - new_resource.updated_by_last_action(smf_changed?) - new_resource.save_checksum if smf_changed? -end - -action :add_rbac do - create_rbac_definitions - service new_resource.name - - manage = execute "add SMF authorization to allow RBAC for #{new_resource.name}" do - command "svccfg -s #{new_resource.name} " \ - 'setprop general/action_authorization=astring:' \ - "'solaris.smf.manage.#{new_resource.authorization_name}'" - not_if { SMFManifest::RBACHelper.new(node, new_resource).authorization_set? } - notifies :reload, "service[#{new_resource.name}]" - end - - value = execute "add SMF value to allow RBAC for #{new_resource.name}" do - command "svccfg -s #{new_resource.name} " \ - 'setprop general/value_authorization=astring: ' \ - 'solaris.smf.value.#{new_resource.authorization_name}' - not_if { SMFManifest::RBACHelper.new(node, new_resource).value_authorization_set? } - notifies :reload, "service[#{new_resource.name}]" - end - - new_resource.updated_by_last_action(manage.updated_by_last_action? || value.updated_by_last_action?) -end - -action :delete do - new_resource.updated_by_last_action(false) - - if @current_resource.smf_exists? - service new_resource.name do - action [:stop, :disable] - end - - execute "remove service #{new_resource.name} from SMF" do - command "svccfg delete #{new_resource.name}" - end - - delete_manifest - new_resource.remove_checksum - - new_resource.updated_by_last_action(true) - end -end - -private - -def smf_changed? - @current_resource.checksum != new_resource.checksum || !@current_resource.smf_exists? -end - -def find_fmri - fmri_check = shell_out(%(svcs -H -o FMRI #{new_resource.name})) - if fmri_check.exitstatus == 0 - new_resource.fmri fmri_check.stdout.chomp.split(':')[1] - else - new_resource.fmri "/#{new_resource.manifest_type}/management/#{new_resource.name}" - end -end - -def create_directories - Chef::Log.debug "Creating manifest directory at #{new_resource.xml_path}" - FileUtils.mkdir_p new_resource.xml_path -end - -def write_manifest - return unless smf_changed? - - Chef::Log.debug "Writing SMF manifest for #{new_resource.name}" - ::File.open(new_resource.xml_file, 'w') do |file| - file.puts SMFManifest::XMLBuilder.new(new_resource, node).to_xml - end -end - -def delete_manifest - return unless ::File.exist?(new_resource.xml_file) - - Chef::Log.debug "Removing SMF manifest for #{new_resource.name}" - ::File.delete(new_resource.xml_file) -end - -def create_rbac_definitions - rbac new_resource.authorization_name do - action :create - end -end - -def add_rbac_permissions - user = new_resource.user || new_resource.credentials_user || 'root' - - rbac_auth "Add RBAC for #{new_resource.name} to #{user}" do - user user - auth new_resource.authorization_name - not_if { user == 'root' } - end -end - -def import_manifest - return unless smf_changed? - - Chef::Log.debug("importing SMF manifest #{new_resource.xml_file}") - shell_out!("svccfg import #{new_resource.xml_file}") -end - -def deduplicate_manifest - # If we are overwriting properties from an old SMF definition (from pkgsrc, etc) - # there may be redundant XML files that we want to dereference - name = new_resource.name - - duplicate_manifest = shell_out("svcprop #{name} | grep -c manifestfiles").stdout.strip.to_i > 1 - return unless duplicate_manifest - - Chef::Log.debug "Removing duplicate SMF manifest reference from #{name}" - shell_out! "svccfg -s #{name} delprop " \ - "`svcprop #{name} | grep manifestfiles | grep -v #{new_resource.xml_file} | awk '{ print $1 }'` " \ - "&& svcadm refresh #{name}" -end - -def smf_defined?(fmri) - shell_out("svcs #{fmri}").exitstatus == 0 -end diff --git a/cookbooks/smf/recipes/SMFServicesOK.rb b/cookbooks/smf/recipes/SMFServicesOK.rb deleted file mode 100644 index d3f5c1f..0000000 --- a/cookbooks/smf/recipes/SMFServicesOK.rb +++ /dev/null @@ -1,25 +0,0 @@ -directory '/opt/scripts' do - action :create - mode '0755' - owner 'root' - group 'root' -end - -directory '/opt/local/etc/snmp/conf.d' do - action :create - mode '0755' - owner 'root' - group 'root' -end - -template '/opt/scripts/SMFServicesOK.sh' do - path '/opt/scripts/SMFServicesOK.sh' - source 'SMFServicesOK.sh.erb' - mode '0755' -end - -template 'SMFServicesOK.snmpd.conf' do - path '/opt/local/etc/snmp/conf.d/SMFServicesOK.snmpd.conf' - source 'SMFServicesOK.snmpd.conf.erb' - mode '0644' -end diff --git a/cookbooks/smf/recipes/default.rb b/cookbooks/smf/recipes/default.rb deleted file mode 100644 index 72d8f16..0000000 --- a/cookbooks/smf/recipes/default.rb +++ /dev/null @@ -1,7 +0,0 @@ -## These libraries need to be installed when the cookbook -# is loaded, otherwise they are not available when the -# cookbook runs. - -chef_gem 'builder' - -require 'builder' diff --git a/cookbooks/smf/resources/default.rb b/cookbooks/smf/resources/default.rb deleted file mode 100644 index 6224e19..0000000 --- a/cookbooks/smf/resources/default.rb +++ /dev/null @@ -1,124 +0,0 @@ - -require 'chef/mixin/shell_out' -include Chef::Mixin::ShellOut - -actions :install, :add_rbac, :delete -default_action :install - -attribute :name, kind_of: String, name_attribute: true, required: true -attribute :user, kind_of: [String, NilClass], default: nil -attribute :group, kind_of: [String, NilClass], default: nil -attribute :project, kind_of: [String, NilClass], default: nil - -attribute :authorization, kind_of: [String, NilClass], default: nil - -attribute :start_command, kind_of: [String, NilClass], default: nil -attribute :start_timeout, kind_of: Integer, default: 5 -attribute :stop_command, kind_of: String, default: ':kill' -attribute :stop_timeout, kind_of: Integer, default: 5 -attribute :restart_command, kind_of: [String, NilClass], default: nil -attribute :restart_timeout, kind_of: Integer, default: 5 -attribute :refresh_command, kind_of: [String, NilClass], default: nil -attribute :refresh_timeout, kind_of: Integer, default: 5 - -attribute :include_default_dependencies, kind_of: [TrueClass, FalseClass], default: true -attribute :dependencies, kind_of: [Array], default: [] - -attribute :privileges, kind_of: [Array], default: %w(basic net_privaddr) -attribute :working_directory, kind_of: [String, NilClass], default: nil -attribute :environment, kind_of: [Hash, NilClass], default: nil -attribute :locale, kind_of: String, default: 'C' - -attribute :manifest_type, kind_of: String, default: 'application' -attribute :service_path, kind_of: String, default: '/var/svc/manifest' - -attribute :duration, kind_of: String, default: 'contract', regex: '(contract|wait|transient|child)' -attribute :ignore, kind_of: [Array, NilClass], default: nil -attribute :fmri, kind_of: String, default: nil - -attribute :stability, kind_of: String, equal_to: %w(Standard Stable Evolving Unstable External Obsolete), - default: 'Evolving' - -attribute :property_groups, kind_of: Hash, default: {} - -# Deprecated -attribute :credentials_user, kind_of: [String, NilClass], default: nil - -## internal methods - -def xml_path - "#{service_path}/#{manifest_type}" -end - -def xml_file - "#{xml_path}/#{name}.xml" -end - -require 'fileutils' -require 'digest/md5' - -# Save a checksum out to a file, for future chef runs -# -def save_checksum - Chef::Log.debug("Saving checksum for SMF #{name}: #{checksum}") - ::FileUtils.mkdir_p(Chef::Config.checksum_path) - f = ::File.new(checksum_file, 'w') - f.write checksum -end - -def remove_checksum - return unless ::File.exist?(checksum_file) - - Chef::Log.debug("Removing checksum for SMF #{name}") - ::File.delete(checksum_file) -end - -# Load current resource from checksum file and projects database. -# This should only ever be called on @current_resource, never on new_resource. -# -def load - @checksum ||= ::File.exist?(checksum_file) ? ::File.read(checksum_file) : '' - @smf_exists = shell_out("svcs #{fmri}").exitstatus == 0 - Chef::Log.debug("Loaded checksum for SMF #{name}: #{@checksum}") - Chef::Log.debug("SMF service already exists for #{fmri}? #{@smf_exists.inspect}") -end - -def authorization_name - authorization || name -end - -def checksum - attributes = [ - user, credentials_user, group, - project, start_command, start_timeout, stop_command, - stop_timeout, restart_command, restart_timeout, - refresh_command, refresh_timeout, working_directory, - locale, authorization, manifest_type, service_path, - duration, ignore.to_s, include_default_dependencies, - dependencies, fmri, stability, environment_as_string, - privilege_list, property_groups_as_string, '0' - ] - @checksum ||= Digest::MD5.hexdigest(attributes.join(':')) -end - -def checksum_file - "#{Chef::Config.checksum_path}/smf--#{name}" -end - -def environment_as_string - return nil if environment.nil? - environment.inject('') { |memo, k, v| memo << [k, v].join('|') } -end - -def privilege_list - privileges.join(',') -end - -def property_groups_as_string - return nil if property_groups.empty? - property_groups.inject('') { |memo, k, v| memo << [k, v].join('|') } -end - -def smf_exists? - !!@smf_exists -end diff --git a/cookbooks/smf/templates/default/SMFServicesOK.sh.erb b/cookbooks/smf/templates/default/SMFServicesOK.sh.erb deleted file mode 100755 index b135216..0000000 --- a/cookbooks/smf/templates/default/SMFServicesOK.sh.erb +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# if we're on SunOS 5.10+, we should check for beat services. - -if [ "`uname -s`" = "SunOS" ] && [ `uname -r|cut -d. -f1` -ge 5 ] && [ `uname -r|cut -d. -f2` -ge 10 ] -then - B=`svcs -Ha |egrep -v "disabled|online|legacy_run"` - if [ "foo$B" == "foo" ] - then - echo "OK" - else - echo $B - fi -fi diff --git a/cookbooks/smf/templates/default/SMFServicesOK.snmpd.conf.erb b/cookbooks/smf/templates/default/SMFServicesOK.snmpd.conf.erb deleted file mode 100644 index 8d3add8..0000000 --- a/cookbooks/smf/templates/default/SMFServicesOK.snmpd.conf.erb +++ /dev/null @@ -1 +0,0 @@ -extend SMFServicesOK /opt/scripts/SMFServicesOK.sh diff --git a/cookbooks/tar/CHANGELOG.md b/cookbooks/tar/CHANGELOG.md deleted file mode 100644 index 4cdd05a..0000000 --- a/cookbooks/tar/CHANGELOG.md +++ /dev/null @@ -1,138 +0,0 @@ -# tar Cookbook CHANGELOG - -This file is used to list changes made in each version of the tar cookbook. - -## 2.2.0 (2018-07-24) - -- Enable FC016 again -- Use dokken and swap opensuse 13 testing for debian 9 -- GH-42 Fix opensuse image name in .kitchen.yml -- GH-42 Add freebsd 10 and 11 to tested platforms -- GH-42 Skip tar package install on freebsd -- GH-42 Fix default group name in tar_extract -- GH-42 Ensure src_dir exists in tar_package -- GH-42 Use short options for make command -- GH-42 Use latest nano for testing purposes -- GH-42 Add freebsd to supported platforms list -- Update creates parameter to reflect what gets extracted by resource. -- Remove chefspec matchers that are autogenerated -- Use build_essential resource instead of the recipe - -## 2.1.1 (2017-06-13) - -- Fix metadata source and issues links. - -## 2.1.0 (2017-05-30) - -- Test with Local Delivery instead of Rake -- Update apache2 license string -- Attribute -> Property in the custom resource -- Remove class_eval and require Chef 12.7+ - -## 2.0.0 (2017-02-16) - -- Converted the existing LWRPs to custom resources and bumped the minimum supported Chef release to 12.5 -- Add all supported platforms to the metadata -- Add full testing of the resources in Travis CI - -## 1.1.0 (2016-12-21) - -- added support for .xz compression type -- Reformat the readme -- Define both Chefspec matchers -- Remove Chef 11 compatibility code - -## 1.0.0 (2016-12-21) - -- This cookbook has been adopted by Chef and will be maintained by the Community Cookbook Team going forward. -- This cookbook now requires Chef 12.1+ to align with the requirements of all Chef maintained cookbooks -- Cookbook boilerplate has been updated - - - chefignore file added - - gitignore file - - Test Kitchen config added - - Berksfile added - - Gemfile added - - Badges added to the readme - - Add maintainers files - - Add rakefile for simplified testing - - Add github templates - - Add license file - - Update author in metadata and add supermarket metadata - - Add contributing and testing docs - - Cookstyle fixes - - Add basic chefspec convergence test - - Add a basic test cookbook - - Add test kitchen testing in Travis - -## v0.7.0 (2015-07-08) - -- Add adoption notice -- Use `file_cache_path` instead of `file_backup_path` for downloaded artifact storage -- Fix links to Chef documentation in README - -## v0.6.0 (2014-12-03) - -- Allow either string or array for tar flags - -## v0.5.0 (2014-07-28) - -- Add support for more attributes of `remote_file` -- Escape downloaded file names - -## v0.4.0 (2014-06-13) - -- Add `archive_name` option for when the file name is different from the package name - -## v0.3.4 (2014-06-05) - -- Define ChefSpec::Runner method for tar_extract - -## v0.3.3 (2014-06-03) - -- Add ChefSpec matchers - -## v0.3.2 (2014-05-05) - -- Add checksum to remote file downloads - -## v0.3.1 (2014-04-04) - -- Correct "notifies" definition in tar_extract's remote_file - -## v0.3.0 (2014-03-21) - -- Add `:extract_local` action - -## v0.2.0 (2013-12-31) - -- Make `tar_extract` only run if needed -- Fix missing space in command line prefix -- Ensure `file_backup_path` exists on initial chef-client run -- Only add headers if needed - -## v0.1.0 (2013-11-26) - -- Allow custom HTTP headers when downloading files -- Allow the type of tar compression -- Improve resource notifications - -## v0.0.4 (2013-10-02) - -- Remove conditional download requests in favor of built-in functionality in Chef >= 11.6.0. -- Fix readme example -- Foodcritic fixes - -## v0.0.3 (2013-01-30) - -- Conditional requests for downloads -- Allow extract if non-root user -- Formatting fixes - -## v0.0.2 (2012-10-13) - -- Add `tar_extract` LWRP - -## v0.0.1 (2011-09-15) - -Initial release diff --git a/cookbooks/tar/CONTRIBUTING.md b/cookbooks/tar/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/tar/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/tar/README.md b/cookbooks/tar/README.md deleted file mode 100644 index d5f9644..0000000 --- a/cookbooks/tar/README.md +++ /dev/null @@ -1,115 +0,0 @@ -# tar Cookbook - -[![Build Status](https://travis-ci.org/chef-cookbooks/tar.svg?branch=master)](https://travis-ci.org/chef-cookbooks/tar) [![Cookbook Version](https://img.shields.io/cookbook/v/tar.svg)](https://supermarket.chef.io/cookbooks/tar) - -Installs tar and includes resources for managing remote tar files. `tar_package` handles remote source package compilation. `tar_extract` handles retrieving remote tar files and extracting them locally. - -## Requirements - -### Platforms - -- Debian / Ubuntu derivatives -- RHEL and derivatives -- openSUSE / SUSE Linux Enterprises -- FreeBSD - -### Chef - -- Chef 12.7+ - -## Resources - -### tar_package - -The `tar_package` resource provides an easy way to download remote files and compile and install them. This only works for the most basic Autoconf programs that can do `./configure && make && make install`. - -#### Actions - -- `install` Installs the package - -#### Properties - -- `source`: name attribute. The source remote URL. -- `prefix`: Directory to be used as the `--prefix` configure flag. -- `source_directory`: Directory to which source files are downloaded. -- `creates`: prevent the command from running when the specified file already exists. -- `configure_flags`: Array of additional flags to be passed to `./configure`. -- `archive_name`: Specify a different name for the downloaded archive. Use it if the directory name inside the tar file is different than the name defined in the URL. Additionally, `tar_package` supports most `remote_file` [attributes](https://docs.chef.io/chef/resources.html#remote-file). - -#### Example - -``` -tar_package 'http://pgfoundry.org/frs/download.php/1446/pgpool-3.4.1.tar.gz' do - prefix '/usr/local' - creates '/usr/local/bin/pgpool' -end -``` - -This will download, compile, and install the package from the given URL and install it into /usr/local. - -### tar_extract - -The `tar_extract` resource provides an easy way to extract tar files from downloaded or local files. - -#### Actions - -- `extract` Extracts the tar file from a url -- `extract_local` Extracts the tar file from a local file path - -#### Properties - -- `source`: name attribute. The source remote URL. -- `target_dir`: Directory to extract into, e.g. tar xzf -C (target_dir) -- `download_dir`: Directory to which tarball is downloaded (defaults to chef cache which requires root `group` and `user`). -- `creates`: prevent the command from running when the specified file already exists. -- `compress_char`: Flag for compression type, such as `z` for `gzip`. `man tar` for options. -- `tar_flags`: Array of additional flags to be passed to tar xzf command. -- `group`: Group name or group ID to extract the archive under. If set to non-root group, point to a `download_dir` the group has permission to access. -- `user`: User name or user ID to extract the archive under. If set to non-root user, point to a `download_dir` the user has permission to access. Additionally, `tar_extract` supports most `remote_file` [attributes](https://docs.chef.io/chef/resources.html#remote-file). - -#### Example - -``` -tar_extract 'http://dev.mycoderepo.com/artifacts/mycode-1.2.3.tar.gz' do - target_dir '/opt/myapp/mycode' - creates '/opt/myapp/mycode/lib' - tar_flags [ '-P', '--strip-components 1' ] -end -``` - -This will download the tarball to cache, extract the contents to /opt/myapp/mycode, use the file '/opt/myapp/mycode/lib' to determine idempotency, and pass both '-P' and '--strip-components 1' flags to the tar xzf command. - -``` -tar_extract '/tmp/mycode-1.2.3.tar.gz' do - action :extract_local - target_dir '/opt/myapp/mycode' - creates '/opt/myapp/mycode/lib' -end -``` - -This will extract the contents of /tmp/mycode-1.2.3.tar.gz to /opt/myapp/mycode and use the file '/opt/myapp/mycode/lib' to determine idempotency. - -## LICENSE AND AUTHOR - -- **Author:** Nathan L Smith ([nathan@cramerdev.com](mailto:nathan@cramerdev.com)) -- **Author:** George Miranda ([gmiranda@chef.io](mailto:gmiranda@chef.io)) -- **Author:** Mark Van de Vyver ([mark@@taqtiqa.com](mailto:mark@taqtiqa.com)) - -```text - -Copyright: 2011, Cramer Development, Inc. -Copyright: 2013, TAQTIQA LLC. -Copyright: 2011-2017, Chef Software, Inc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` diff --git a/cookbooks/tar/metadata.json b/cookbooks/tar/metadata.json deleted file mode 100644 index 50de2cd..0000000 --- a/cookbooks/tar/metadata.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"tar","version":"2.2.0","description":"Installs tar and two resources to manage remote tar packages","long_description":"# tar Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/tar.svg?branch=master)](https://travis-ci.org/chef-cookbooks/tar) [![Cookbook Version](https://img.shields.io/cookbook/v/tar.svg)](https://supermarket.chef.io/cookbooks/tar)\n\nInstalls tar and includes resources for managing remote tar files. `tar_package` handles remote source package compilation. `tar_extract` handles retrieving remote tar files and extracting them locally.\n\n## Requirements\n\n### Platforms\n\n- Debian / Ubuntu derivatives\n- RHEL and derivatives\n- openSUSE / SUSE Linux Enterprises\n- FreeBSD\n\n### Chef\n\n- Chef 12.7+\n\n## Resources\n\n### tar_package\n\nThe `tar_package` resource provides an easy way to download remote files and compile and install them. This only works for the most basic Autoconf programs that can do `./configure && make && make install`.\n\n#### Actions\n\n- `install` Installs the package\n\n#### Properties\n\n- `source`: name attribute. The source remote URL.\n- `prefix`: Directory to be used as the `--prefix` configure flag.\n- `source_directory`: Directory to which source files are downloaded.\n- `creates`: prevent the command from running when the specified file already exists.\n- `configure_flags`: Array of additional flags to be passed to `./configure`.\n- `archive_name`: Specify a different name for the downloaded archive. Use it if the directory name inside the tar file is different than the name defined in the URL. Additionally, `tar_package` supports most `remote_file` [attributes](https://docs.chef.io/chef/resources.html#remote-file).\n\n#### Example\n\n```\ntar_package 'http://pgfoundry.org/frs/download.php/1446/pgpool-3.4.1.tar.gz' do\n prefix '/usr/local'\n creates '/usr/local/bin/pgpool'\nend\n```\n\nThis will download, compile, and install the package from the given URL and install it into /usr/local.\n\n### tar_extract\n\nThe `tar_extract` resource provides an easy way to extract tar files from downloaded or local files.\n\n#### Actions\n\n- `extract` Extracts the tar file from a url\n- `extract_local` Extracts the tar file from a local file path\n\n#### Properties\n\n- `source`: name attribute. The source remote URL.\n- `target_dir`: Directory to extract into, e.g. tar xzf -C (target_dir)\n- `download_dir`: Directory to which tarball is downloaded (defaults to chef cache which requires root `group` and `user`).\n- `creates`: prevent the command from running when the specified file already exists.\n- `compress_char`: Flag for compression type, such as `z` for `gzip`. `man tar` for options.\n- `tar_flags`: Array of additional flags to be passed to tar xzf command.\n- `group`: Group name or group ID to extract the archive under. If set to non-root group, point to a `download_dir` the group has permission to access.\n- `user`: User name or user ID to extract the archive under. If set to non-root user, point to a `download_dir` the user has permission to access. Additionally, `tar_extract` supports most `remote_file` [attributes](https://docs.chef.io/chef/resources.html#remote-file).\n\n#### Example\n\n```\ntar_extract 'http://dev.mycoderepo.com/artifacts/mycode-1.2.3.tar.gz' do\n target_dir '/opt/myapp/mycode'\n creates '/opt/myapp/mycode/lib'\n tar_flags [ '-P', '--strip-components 1' ]\nend\n```\n\nThis will download the tarball to cache, extract the contents to /opt/myapp/mycode, use the file '/opt/myapp/mycode/lib' to determine idempotency, and pass both '-P' and '--strip-components 1' flags to the tar xzf command.\n\n```\ntar_extract '/tmp/mycode-1.2.3.tar.gz' do\n action :extract_local\n target_dir '/opt/myapp/mycode'\n creates '/opt/myapp/mycode/lib'\nend\n```\n\nThis will extract the contents of /tmp/mycode-1.2.3.tar.gz to /opt/myapp/mycode and use the file '/opt/myapp/mycode/lib' to determine idempotency.\n\n## LICENSE AND AUTHOR\n\n- **Author:** Nathan L Smith ([nathan@cramerdev.com](mailto:nathan@cramerdev.com))\n- **Author:** George Miranda ([gmiranda@chef.io](mailto:gmiranda@chef.io))\n- **Author:** Mark Van de Vyver ([mark@@taqtiqa.com](mailto:mark@taqtiqa.com))\n\n```text\n\nCopyright: 2011, Cramer Development, Inc.\nCopyright: 2013, TAQTIQA LLC.\nCopyright: 2011-2017, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","amazon":">= 0.0.0","zlinux":">= 0.0.0","freebsd":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/tar","issues_url":"https://github.com/chef-cookbooks/tar/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/tar/recipes/default.rb b/cookbooks/tar/recipes/default.rb deleted file mode 100644 index 2301c4b..0000000 --- a/cookbooks/tar/recipes/default.rb +++ /dev/null @@ -1,22 +0,0 @@ -# -# Cookbook:: tar -# Recipe:: default -# -# Author:: Nathan L Smith () -# -# Copyright:: 2011, Cramer Development, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -package 'tar' unless platform_family?('freebsd') diff --git a/cookbooks/tar/resources/extract.rb b/cookbooks/tar/resources/extract.rb deleted file mode 100644 index 0dd27c6..0000000 --- a/cookbooks/tar/resources/extract.rb +++ /dev/null @@ -1,98 +0,0 @@ -# -# Cookbook:: tar -# Resource:: extract -# -# Author:: Nathan L Smith () -# Author:: George Miranda () -# Author:: Mark Van de Vyver () -# -# Copyright:: 2011, Cramer Development, Inc. -# Copyright:: 2012-2016, Chef Software, Inc. -# Copyright:: 2013, TAQTIQA LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -property :source, String, name_property: true -property :checksum, String -property :download_dir, String, default: Chef::Config[:file_cache_path] -property :group, String, default: node['root_group'] -property :mode, String, default: '0755' -property :target_dir, String -property :creates, String -property :compress_char, String, default: 'z' -property :tar_flags, [String, Array], default: [] -property :user, String, default: 'root' -property :headers, Hash -property :use_etag, [true, false], default: true -property :use_last_modified, [true, false], default: true -property :atomic_update, [true, false], default: true -property :force_unlink, [true, false], default: false -property :manage_symlink_source, [true, false] - -require 'shellwords' - -action :extract do - r = new_resource - basename = ::File.basename(r.name) - extname = ::File.extname(r.name) - r.compress_char = '' if extname.casecmp('.xz') == 0 - local_archive = "#{r.download_dir}/#{basename}" - - directory r.download_dir do - recursive true - end - - remote_file basename do - source r.source - checksum r.checksum - path local_archive - backup false - action :create - group r.group - owner r.user - mode r.mode - headers r.headers unless r.headers.nil? - use_etag r.use_etag - use_last_modified r.use_last_modified - atomic_update r.atomic_update - force_unlink r.force_unlink - manage_symlink_source r.manage_symlink_source - notifies :run, "execute[extract #{local_archive}]" - end - - extract_tar(local_archive, new_resource) -end - -action :extract_local do - extract_tar(new_resource.name, new_resource) -end - -action_class do - def extract_tar(local_archive, r) - directory r.target_dir - execute "extract #{local_archive}" do - flags = if r.tar_flags.is_a?(String) - r.tar_flags - else - r.tar_flags.join(' ') - end - command "tar xf#{r.compress_char} #{local_archive.shellescape} #{flags}" - cwd r.target_dir - creates r.creates - group r.group - user r.user - action (r.creates || r.not_if.any? || r.only_if.any? ? :run : :nothing) - end - end -end diff --git a/cookbooks/tar/resources/package.rb b/cookbooks/tar/resources/package.rb deleted file mode 100644 index 1a42a2f..0000000 --- a/cookbooks/tar/resources/package.rb +++ /dev/null @@ -1,71 +0,0 @@ -# -# Cookbook:: tar -# Resource:: package -# -# Author:: Nathan L Smith () -# -# Copyright:: 2011, Cramer Development, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -property :source, String, name_property: true -property :headers, Hash, default: {} -property :prefix, String -property :source_directory, String, default: '/usr/local/src' -property :creates, String -property :configure_flags, Array, default: [] -property :archive_name, String -property :headers, Hash -property :use_etag, [true, false], default: true -property :use_last_modified, [true, false], default: true -property :atomic_update, [true, false], default: true -property :force_unlink, [true, false], default: false -property :manage_symlink_source, [true, false] - -action :install do - r = new_resource - basename = r.archive_name || ::File.basename(r.name) - dirname = basename.chomp('.tar.gz') # Assuming .tar.gz - src_dir = r.source_directory - - directory src_dir do - recursive true - end - - remote_file basename do - source r.name - path "#{src_dir}/#{basename}" - backup false - headers r.headers unless r.headers.nil? - use_etag r.use_etag - use_last_modified r.use_last_modified - atomic_update r.atomic_update - force_unlink r.force_unlink - manage_symlink_source r.manage_symlink_source - action :create_if_missing - end - - execute "extract #{basename}" do - command "tar xfz #{basename}" - cwd src_dir - creates "#{src_dir}/#{dirname}" - end - - execute "compile & install #{dirname}" do - flags = [r.prefix ? "--prefix=#{r.prefix}" : nil, *r.configure_flags].compact.join(' ') - command "./configure --quiet #{flags} && make -s && make -s install" - cwd "#{src_dir}/#{dirname}" - creates r.creates - end -end diff --git a/cookbooks/windows/.foodcritic b/cookbooks/windows/.foodcritic deleted file mode 100644 index 6c8fa23..0000000 --- a/cookbooks/windows/.foodcritic +++ /dev/null @@ -1,2 +0,0 @@ -~FC059 -~FC016 diff --git a/cookbooks/windows/CHANGELOG.md b/cookbooks/windows/CHANGELOG.md index c1df254..e9f7941 100644 --- a/cookbooks/windows/CHANGELOG.md +++ b/cookbooks/windows/CHANGELOG.md @@ -2,6 +2,298 @@ This file is used to list changes made in each version of the windows cookbook. +## 5.3.0 (2019-03-06) + +- Expanded certificate testing to cover more scenarios - [@Xorima](https://github.com/Xorima) +- Updated windows_share to better compare the current and desired path in order to prevent converging on each Chef run - [@Xorima](https://github.com/Xorima) +- Backported all windows_certificate fixes from Chef 14.8 - 14.11 including improvements to importing the types of certificates that can be imported, suppport for nested certs, and support for importing private keys with certs. + +## 5.2.4 (2019-02-28) + +- Fix http_acl regex to properly capture SDDL - [@Annih](https://github.com/Annih) +- Updated windows_share to create share if the share is deleted, and to sanitize paths using Chef::Util::PathHelper.cleanpath (#607) - [@Xorima](https://github.com/Xorima) + +## 5.3.3 (2019-01-30) + +- Updated windows_certificate code to match that in Chef 14.10. This increases the requirement of the win32_certstore gem to the latest and resolves multiple issues with the previous implementation. + +## 5.2.2 (2018-11-20) + +- windows_share: Accounts to be revoked should be provided as an individually quoted string array + +## 5.2.1 (2018-11-19) + +- windows_share: Fix idempotency by not adding everyone by default + +## 5.2.0 (2018-11-14) + +- Support installing deleted features in windows_feature_dism + +## 5.1.6 (2018-11-13) + +- Add a warning to the readme regarding windows_share and windows_certificate now being included in Chef 14.7 +- Deprecated win_friendly_path helper in favor of built-in helpers + +## 5.1.5 (2018-11-07) + +- Avoid deprecation warnings in windows_share and windows_certificate on Chef 14.7+ as these are now included in the chef-client itself. + +## 5.1.4 (2018-10-30) + +- Note the :verify action for windows_certificate in the readme +- certificate resource: auto set sensitive is passing password + +## 5.1.3 (2018-10-11) + +- Remove docs and test suite for windows tasks +- Changed variable name in log message for retrieving SMB share access +- Don't load the windows helper in windows_certificate + +## 5.1.2 (2018-10-08) + +- Fix typo in windows_feature_dism resource name + +## 5.1.1 (2018-09-06) + +- Require the win32-certstore gem and upgrade the gem as the resource runs so we get the most up to date version +- Remove redundant helper methods from the windows_certificate resource + +## 5.1.0 (2018-08-29) + +- Add an action to windows_user_privilege to remove a privilege +- Fix failing appveyor tests +- Require win32-certstore 0.1.8 which resolves several issues with the windows_certificate resource +- Avoid deprecation warnings with Chef 14.3+ by not loading resources that are now built into Chef + +## 5.0.0 (2018-07-24) + +### Breaking Changes + +This release removes the windows_task and windows_path resources from this cookbook. This resources shipped in Chef 13.0 and 13.4 This raises the required version of chef-client for this cookbook to 13.4 or later. + +## 4.3.4 (2018-07-18) + +- Fix error message typo in windows_feature_powershell +- Use win32-certstore 0.1.7 for bugfixes + +## 4.3.3 (2018-07-05) + +- Fix failures on PS 3.0 in windows_feature_powershell + +## 4.3.2 (2018-06-13) + +- Don't error in windows_feature_dism when providing a source + +## 4.3.1 (2018-06-11) + +- Make sure to quote each individual user to grant share access to + +## 4.3.0 (2018-06-11) + +- Add the windows_user_privilege resource which can grant privileges like Logon As a Service +- Add windows_feature_powershell support for Windows 2008 R2 by not downcasing the feature names there and modifying the shell_out commands to make older output look like the 2012+ output +- windows_certificate resource has been reworked to use the new win32-certstore gem. This gem abstracts away much of the logic and will allow us to better support certificates on Windows, especially on non-english systems. +- Convert pester tests to InSpec for easier testing with ChefDK out of the box +- Added additional tests for better testing in AppVeyor +- Stop importing the servermanager module in windows_feature_powershell since we require PowerShell 3.0 and we don't need to do this there +- Improve the error messages in Windows feature to get the Windows versions right +- Increase readability in version logic with helpers in windows_feature resources + +## 4.2.5 (2018-05-28) + +- Add quoting to Path when creating new Share + +## 4.2.4 (2018-05-14) + +- Fix the platform version check in windows_share + +## 4.2.3 (2018-05-07) + +- Include the helper in the action class to prevent failures with the zipfile resource + +## 4.2.2 (2018-04-24) + +- Properly fail in windows_share on Windows 2008 R2 since we lack the cmdlets to manipulates shares on those systems. + +## 4.2.1 (2018-04-17) + +- Make sure shares can have spaces in the share name + +## 4.2.0 (2018-04-16) + +- Initial rewrite of windows_share to use PowerShell for share creation. This introduces multiple new properties and resolves a good number of longstanding issues. Please be sure to report any issues you see with this so we can stabilize this resource and include it in Chef 15! +- Resolve failures in windows_certificate + +## 4.1.4 (2018-03-29) + +- Raise in windows_feature_powershell if we're on PS < 3.0 + +## 4.1.3 (2018-03-28) + +- Restore support for Windows 2008 R2 in windows_feature_dism + +## 4.1.2 (2018-03-27) + +- Improve creation messaging for shares +- Allow feature names to be case insensitive in windows_feature + +## 4.1.1 (2018-03-23) + +- Simplify delete action slightly in windows_pagefile +- Don't use win_friendly_path helper in windows_pagefile since we already coerce the path value + +## 4.1.0 (2018-03-21) + +- Adds Caching for WIndows Feature Powershell resource using the same sort of logic we use on windows_feature_dism. This gives us a 3.5X speedup when no features need to be changed (subsequent runs after the change) +- Warn if we're on w2k12 and trying to use source/management properties in windows_feature_powershell since that doesn't work. +- Properly parse features into arrays so installing an array of features works in dism/powershell. This is the preferred way to install a number of features and will be faster than a large number of feature resources +- Fix description of properties for pagefile in the readme + +## 4.0.2 (2018-03-20) + +- Enable FC016 testing +- Enable FC059 testing +- Properly calculate available packages if source is passed in windows_feature_dism resource + +## 4.0.1 (2018-03-07) + +Fix the previous update to windows_feature_dism to use 'override' level of attributes not the normal level which persists to the node. Thanks to @Annih for pointing out the mistake here. + +## 4.0.0 (2018-03-05) + +### WARNING + +This release contains a complete rewrite to windows_feature_dism resource and includes several behavior changes to windows_feature resource. Make sure to read the complete list of changes below before deploying this to production systems. + +#### DISM feature caching Ohai plugin replacement + +In the 3.X cookbook we installed an Ohai plugin that cached the state of features on the node, and we reloaded that plugin anytime we installed/removed a feature from the system. This greatly sped up Chef runs where no features were actually installed/removed (2nd run and later). Without the caching each resource would take about 1 second longer while it queried current feature state. Using Ohai to cache this data was problematic though due to incompatibilities with Chef Solo, the reliance on the ohai cookbook, and the addition of extra node data which had to be stored on the Chef Server. + +In the 4.0 release instead of caching data via an Ohai plugin we just write directly to the node within the resource. This avoids the need to load in the ohai plugin and the various issues that come with that. In the end it's basically the exact same thing, but less impacting on end users and faster when the data needs to be updated. + +#### Fail when feature is missing in windows_feature_dism + +The windows_feature_dism resource had a rather un-Chef behavior in which it just warned you if a feature wasn't available on your platform and then continued on silently. This isn't how we handle missing packages in any of our package resource and because of that it's not going to be what anyone expects out of the box. If someone really wants SNMP installed and we can't install it we should fail instead of continuing on as if we did install it. So we'll now do the following things: + +- When installing a feature that doesn't exist: fail +- When removing a feature that doesn't exist: continue since it is technically removed +- When deleting a feature that doesn't exist: continue since it is technically deleted + +For some users, particularly those writing community cookbooks, this is going to be a breaking change. I'd highly recommend putting logic within your cookbooks to only install features on supported releases of Windows. If you'd just like it to continue even with a failure you can also use `ignore_failure true` on your resource although this produces a lot of failure messaging in logs. + +#### Properly support features as an array in windows_feature_dism + +We claimed to support installing features as an array in the windows_feature_dism resource previously, but it didn't actually work. The actual result was a warning that the array of features wasn't available on your platform since we compared the array to available features as if it was a string. We now properly support installation as a array and we do validation on each feature in the array to make sure the features are available on your Windows release. + +#### Install as the default action in windows_feature_powershell + +Due to some previous refactoring the :install action was not the default action for windows_feature_powershell. For all other package resources in Chef install is the default so this would likely lead to some unexpected behavior in cookbooks. This is technically a breaking change, but I suspect everyone assumed :install was always the default. + +#### servermanagercmd.exe Support Removal + +This cookbook previously supported servermanagercmd.exe, which was necessary for feature installation on Windows 2003 / 2008 (not R2) systems. Windows 2003 went full EOL in 2015 and 2008 went into extended support in 2015\. Neither releases are supported platforms for Chef or this cookbook so we've chosen to simplify the code and remove support entirely. + +#### Remove the undocumented node['windows']['rubyzipversion'] attribute + +This attribute was a workaround for a bug in the rubyzip gem YEARS ago that's just not necessary anymore. We also never documented this attribute and a resource shouldn't change behavior based on attributes. + +## 3.5.2 (2018-03-01) + +- Remove value_for_feature_provider helper which wasn't being used and was using deprecated methods +- Add all the Windows Core editions to the version helper +- Simplify / speedup how we find the font directory in windows_font +- Don't bother enabling why-run mode in the resources since it's enabled by default +- Don't include mixlib-shellout in the resources since it's included by default +- Fix installation messaging for windows_feature_powershell to properly show all features being installed +- Use powershell for the share creation / deletion in windows_share. This speeds up the runs and fixes some of the failures. + +## 3.5.1 (2018-02-23) + +- Add a new `shortcut_name` property to `windows_shortcut` +- Use Chef's built in registry_key_exists helper in `windows_printer_port` +- Fix the `source` coerce in `windows_font` + +## 3.5.0 (2018-02-23) + +- Add Windows 2016 to the supported releases in the readme +- Add Windows 10 detection to the version helper +- Remove the Chefspec matchers. These are auto generated by ChefSpec now. If this causes your specs to fail upgrade ChefDK +- In `certificate_binding` support `hostnameport` option if address is a hostname +- Convert several tests to InSpec tests and add additional test scenarios +- Remove `required: true` on the name_properties, which serves no purpose and will be a Foodcritic rule in the next Foodcritic release +- Fix `windows_feature` logging to work when the user provides an array of features +- Don't both coercing a symbol into a symbol in the `windows_auto_run` resource. +- Switch `windows_font` over to the built in path helper in Chef, which a much more robust +- Don't coerce forward slashes to backslashes in the `windows_font` `source` property if the source is a URI +- Add a new `path` property to `windows_pagefile` for properly overriding the resource name +- Coerce backslashes to forward slashes in `windows_pagefile`'s `path` property so we do the right thing even if a user gives bad input +- Add a new `program_name` property in windows_auto_run for overriding the resource name +- Rename `program` property to `path` in windows_auto_run. The legacy name will continue to work, but cookbooks should be updated +- Coerce the `path` property to use backslashes in `windows_auto_run` so it works no matter what format of path the user provides +- Avoid writing out an extra space in `windows_auto_run`'s registry entry when the user doesn't specify an arg +- Added yard comments to many of the helper methods + +## 3.4.4 (2018-01-19) + +- Fix undefined method for 'ipv4_address' in windows_printer_port + +## 3.4.3 (2018-01-04) + +- Added missing parentheses around PersistKeySet flag that was preventing PowerShell from creating X509Certificate2 object + +## 3.4.2 (2018-01-02) + +- Add deprecation warnings for windows_path and windows_task which are now included in Chef 13\. These will be removed from this cookbook in Sept 2018. + +## 3.4.1 (2017-12-06) + +- Fix long-running filtering by replace LIKE with equality sign in the share resource +- Use logical OR instead of AND when trying to detect share permissions changing in the share resource +- Remove extra new_resource.updated_by_last_action in the windows_task resource that resulted in a Foodcritic warning + +## 3.4.0 (2017-11-14) + +- Add a root key property for the auto_run resource +- Fix a resource typo where a name_property was still written name_attribute +- Resolve FC108 warnings + +## 3.3.0 (2017-11-06) + +- Add new dns resource. See readme for examples +- Add BUILTIN\Users to SYSTEM_USERS for windows_task + +## 3.2.0 (2017-10-17) + +- Add management_tools property to windows_feature powershell provider which installs the various management tools +- Fix deprecations_namespace_collisions +- Add additional certificate store names +- Add the ability to define a timeout on windows_feature +- Multiple improvements to the font resource + + - Improved logging, particularly debug logging + - Allow pulling the font from a remote location using remote_file + - Fix some failures in fetching local fonts + - Added a font_name property that allows you specify the local name of the font, which can be different from the name of the chef resource. This allows you to create more friendly resource names for your converge. + - Handle font resources with backslashes in their source + +- Remove source property from servermanagercmd provider as it does not support it. + +- Remove converge_by around inner powershell_script resource to stop it always reporting as changed + +- Change install feature guards to work on Windows 2008r2 + +- Allow dism feature installs to work on non-English systems + +## 3.1.3 (2017-09-18) + +### windows_task and windows_path deprecation + +s of chef-client 13.0+ and 13.4+ windows_task and windows_path are now included in the Chef client. windows_task underwent a full rewrite that greatly improved the functionality and idempotency of the resource. We highly recommend using these new resources by upgrading to Chef 13.4 or later. If you are running these more recent Chef releases the windows_task and windows_path resources within chef-client will take precedence over those in this cookbook. In September 2018 we will release a new major version of this cookbook that removes windows_task and windows_path. + +## 3.1.2 (2017-08-14) + +- Revert "Require path in the share resource instead of raising if it's missing" which was causing failures due to a bug in the chef-client + ## 3.1.1 (2017-06-13) - Replace Windows 7 testing with Windows 10 testing @@ -34,7 +326,7 @@ This file is used to list changes made in each version of the windows cookbook. ## 3.0.1 (2017-03-17) -- Fix `windows_share` to be fully idempotent. Fixes #447 +- Fix `windows_share` to be fully idempotent. Fixes #447 ## 3.0.0 (2017-03-15) diff --git a/cookbooks/windows/MAINTAINERS.md b/cookbooks/windows/MAINTAINERS.md deleted file mode 100644 index 9f6bd2e..0000000 --- a/cookbooks/windows/MAINTAINERS.md +++ /dev/null @@ -1,21 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Adam Edwards](https://github.com/adamedx) - -# Maintainers -* [Adam Edwards](https://github.com/adamedx) -* [Kartik Null Cating-Subramanian](https://github.com/ksubrama) -* [Steven Murawski](https://github.com/smurawski) -* [Matt Wrock](https://github.com/mwrock) -* [Jay Mundrawala](https://github.com/jaym) -* [Claire McQuin](https://github.com/mcquin) -* [Salim Alam](https://github.com/chefsalim) -* [Tim Smith](https://github.com/tas50) -* [Jennifer Davis](https://github.com/sigje) diff --git a/cookbooks/windows/README.md b/cookbooks/windows/README.md index 90e9e9c..a6ca85e 100644 --- a/cookbooks/windows/README.md +++ b/cookbooks/windows/README.md @@ -12,15 +12,24 @@ Provides a set of Windows-specific resources to aid in the creation of cookbooks - Windows Server 2008 R2 - Windows 8, 8.1 - Windows Server 2012 (R1, R2) +- Windows Server 2016 ### Chef -- Chef 12.6+ +- Chef 13.4+ ## Resources +### Deprecated Resources Note + +As of Chef Client 14.0+ the auto_run, feature, feature_dism, feature_powershell, font, pagefile, printer_port, printer, and shortcut resources are now included in the Chef Client. If you are running Chef 14+ the resources in Chef client will take precedence over the resources in this cookbook. In April 2019 we will release a new major version of this cookbook that removes these resources. + +As of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources. + ### windows_auto_run +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. + #### Actions - `:create` - Create an item to be run at login @@ -28,9 +37,10 @@ Provides a set of Windows-specific resources to aid in the creation of cookbooks #### Properties -- `name` - Name attribute. The name of the value to be stored in the registry -- `program` - The program to be run at login +- `program_name` - Name property. The name of the value to be stored in the registry +- `path` - The program to be run at login. This property was previous named `program`. Cookbooks using the `program` property will continue to function, but should be updated. - `args` - The arguments for the program +- `root` - The registry root key to put the entry under--`:machine` (default) or `:user` #### Examples @@ -46,6 +56,8 @@ end ### windows_certificate +`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource. + Installs a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work. #### Actions @@ -53,13 +65,27 @@ Installs a certificate into the Windows certificate store from a file, and grant - `:create` - creates or updates a certificate. - `:delete` - deletes a certificate. - `:acl_add` - adds read-only entries to a certificate's private key ACL. +- `:verify` - logs whether or not a certificate is valid #### Properties - `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete). - `pfx_password` - the password to access the source if it is a pfx file. - `private_key_acl` - array of 'domain\account' entries to be granted read-only access to the certificate's private key. This is not idempotent. -- `store_name` - the certificate store to manipulate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store). +- `store_name` - the certificate store to manipulate. One of: + - MY (Personal) + - CA (Intermediate Certification Authorities) + - ROOT (Trusted Root Certification Authorities) + - TRUSTEDPUBLISHER (Trusted Publishers) + - CLIENTAUTHISSUER (Client Authentication Issuers) + - REMOTE DESKTOP (Remote Desktop) + - TRUSTEDDEVICES (Trusted Devices) + - WEBHOSTING (Web Hosting) + - AUTHROOT (Third-Party Root Certification Authorities) + - TRUSTEDPEOPLE (Trusted People) + - SMARTCARDROOT (Smart Card Trusted Roots) + - TRUST (Enterprise Trust) + - DISALLOWED (Untrusted Certificates) - `user_store` - if false (default) then use the local machine store; if true then use the current user's store. #### Examples @@ -99,10 +125,25 @@ Binds a certificate to an HTTP port in order to enable TLS communication. - `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound. - `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash. -- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). +- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of: + - IP v4 address `1.2.3.4` + - IP v6 address `[::1]` + - Host name `www.foo.com` - `port` - the port to bind against. Default is 443. - `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS. -- `store_name` - the store to locate the certificate in. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store). +- `store_name` - the store to locate the certificate in. One of: + - MY (Personal) + - CA (Intermediate Certification Authorities) + - ROOT (Trusted Root Certification Authorities) + - TRUSTEDPUBLISHER (Trusted Publishers) + - CLIENTAUTHISSUER (Client Authentication Issuers) + - REMOTE DESKTOP (Remote Desktop) + - TRUSTEDDEVICES (Trusted Devices) + - WEBHOSTING (Web Hosting) + - AUTHROOT (Third-Party Root Certification Authorities) + - TRUSTEDPEOPLE (Trusted People) + - SMARTCARDROOT (Smart Card Trusted Roots) + - TRUST (Enterprise Trust) #### Examples @@ -122,8 +163,54 @@ windows_certificate_binding "me.acme.com" do end ``` +### windows_dns + +Configures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools. + +#### Actions + +- :create: creates/updates the DNS entry +- :delete: deletes the DNS entry + +#### Properties + +- host_name: name attribute. FQDN of the entry to act on. +- dns_server: the DNS server to update. Default is local machine (.) +- record_type: the type of record to create. One of A (default) or CNAME +- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias +- ttl: if > 0 then set the time to live of the record + +#### Examples + +```ruby +# Create A record linked to 2 addresses with a 10 minute ttl +windows_dns "m1.chef.test" do + target ['10.9.8.7', '1.2.3.4'] + ttl 600 +end +``` + +```ruby +# Delete records. target is mandatory although not used +windows_dns "m1.chef.test" do + action :delete + target [] +end +``` + +```ruby +# Set an alias against the node in a role +nodes = search( :node, "role:my_service" ) +windows_dns "myservice.chef.test" do + record_type 'CNAME' + target nodes[0]['fqdn'] +end +``` + ### windows_feature +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. + **BREAKING CHANGE - Version 3.0.0** This resource has been moved from using LWRPs and multiple providers to using Custom Resources. To maintain functionality, you'll need to change `provider` to `install_method`. @@ -132,7 +219,7 @@ Windows Roles and Features can be thought of as built-in operating system packag This resource allows you to manage these 'features' in an unattended, idempotent way. -There are three methods for the `windows_feature` which map into Microsoft's three major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx), [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834%28WS.10%29.aspx) (The CLI for Server Manager), and [PowerShell](https://technet.microsoft.com/en-us/library/cc731774(v=ws.11).aspx). As Servermanagercmd is deprecated, Chef will set the default method to `:windows_feature_dism` if `dism.exe` is present on the system being configured. The default method will fall back to `:windows_feature_servermanagercmd`, and then `:windows_feature_powershell`. +There are two underlying resources that power `windows_feature` which map to the available installation systems on supported releases of Windows: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx) and [PowerShell](https://technet.microsoft.com/en-us/library/cc731774(v=ws.11).aspx). Chef will set the default method to `:windows_feature_dism` if `dism.exe` is present on the system being configured and otherwise use `:windows_feature_powershell`. For more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt: @@ -142,12 +229,6 @@ For Dism: dism /online /Get-Features ``` -For ServerManagerCmd: - -```text -servermanagercmd -query -``` - For PowerShell: ```text @@ -158,14 +239,16 @@ get-windowsfeature - `:install` - install a Windows role/feature - `:remove` - remove a Windows role/feature -- `:delete` - remove a Windows role/feature from the image (not supported by ServerManagerCmd) +- `:delete` - remove a Windows role/feature from the image #### Properties -- `feature_name` - name of the feature/role(s) to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS). -- `all` - Boolean. Optional. Default: false. DISM and Powershell providers only. Forces all dependencies to be installed. -- `source` - String. Optional. DISM provider only. Uses local repository for feature install. -- `install_method` - Symbol. Optional. **REPLACEMENT FOR THE PREVIOUS PROVIDER OPTION** If not supplied, Chef will determine which method to use (in the order of `:windows_feature_dism`, `:windows_feature_servercmd`, `:windows_feature_powershell`) +- `feature_name` - name of the feature/role(s) to install. The same feature may have different names depending on the underlying resource being used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS). +- `all` - Boolean. Optional. Default: false. For DISM this is the equivalent of specifying the /All switch to dism.exe, forcing all parent dependencies to be installed. With the PowerShell install method, the `-InstallAllSubFeatures` switch is applied. Note that these two methods may not produce identical results. +- `management_tools` - Boolean. Optional. Default: false. PowerShell only. Includes the `-IncludeManagementTools` switch. Installs all applicable management tools of the roles, role services, or features specified by the feature name. +- `source` - String. Optional. Uses local repository for feature install. +- `timeout` - Integer. Optional. Default: 600\. Specifies a timeout (in seconds) for feature install. +- `install_method` - Symbol. Optional. If not supplied, Chef will determine which method to use (in the order of `:windows_feature_dism`, `:windows_feature_servercmd`, `:windows_feature_powershell`) #### Examples @@ -177,13 +260,14 @@ windows_feature 'DHCPServer' do end ``` -Install the .Net 3.5.1 feature on Server 2012 using repository files on DVD and install all dependencies +Install the .Net 3.5.1 feature on Server 2012 using repository files on DVD and install all dependencies with a timeout of 900 seconds ```ruby windows_feature "NetFx3" do action :install all true source "d:\sources\sxs" + timeout 900 end ``` @@ -214,11 +298,21 @@ windows_feature ['Web-Asp-Net45', 'Web-Net-Ext45'] do end ``` +Install the Network Policy and Access Service feature, including the management tools. Which, for this example, will automatically install `RSAT-NPAS` as well. + +```ruby +windows_feature 'NPAS' do + action :install + management_tools true + install_method :windows_feature_powershell +end +``` + ### windows_font -Installs a font. +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. -Font files should be included in the cookbooks +Installs font files. Sources the font by default from the cookbook, but a URI source can be specified as well. #### Actions @@ -226,13 +320,17 @@ Font files should be included in the cookbooks #### Properties -- `name` - The file name of the font file name to install. The path defaults to the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name. -- `source` - Set an alternate path to the font file. +- `font_name` - The file name of the font file name to install. The path defaults to the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name. +- `source` - A local filesystem path or URI to source the font file from.. #### Examples ```ruby windows_font 'Code New Roman.otf' + +windows_font 'Custom.otf' do + source "https://example.com/Custom.otf" +end ``` ### windows_http_acl @@ -248,7 +346,7 @@ Sets the Access Control List for an http URL to grant non-admin accounts permiss - `url` - the name of the url to be created/deleted. - `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`. -- `user` - the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. +- `user` - the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist. #### Examples @@ -273,8 +371,9 @@ end ### windows_pagefile -Configures the file that provides virtual memory for applications requiring more memory than available RAM or that are paged out to free up memory in use. +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. +Configures the file that provides virtual memory for applications requiring more memory than available RAM or that are paged out to free up memory in use. #### Actions @@ -283,14 +382,16 @@ Configures the file that provides virtual memory for applications requiring more #### Properties -- `name` - the path to the pagefile, String, name_property: true +- `path` - the path to the pagefile, String, name_property: true - `system_managed` - configures whether the system manages the pagefile size. [true, false] - `automatic_managed` - all of the settings are managed by the system. If this is set to true, other settings will be ignored. [true, false], default: false -- `initial_size` - initial size of the pagefile in bytes. Integer -- `maximum_size` - maximum size of the pagefile in bytes. Integer +- `initial_size` - initial size of the pagefile in megbytes. Integer +- `maximum_size` - maximum size of the pagefile in megbytes. Integer ### windows_printer_port +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. + Create and delete TCP/IPv4 printer ports. #### Actions @@ -346,25 +447,27 @@ end ### windows_printer +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. + Create Windows printer. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system. -The Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer. +The Windows Printer resource will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` resource before creating the printer. #### Actions - `:create` - Create a new printer -- `:delete` - Delete a new printer +- `:delete` - Delete an existing printer #### Properties -- `device_id` - Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room' +- `device_id` - Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'. Name property. - `comment` - Optional string describing the printer queue. - `default` - Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting. - `driver_name` - String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node. - `location` - Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207' - `shared` - Boolean. Defaults to false. - `share_name` - Printer share name. -- `ipv4_address` - Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP address to set it. Required. +- `ipv4_address` - Printer's IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP address to set it. Required. An error of "Set-WmiInstance : Generic failure" is most likely due to the printer driver name not matching or not being installed. @@ -389,21 +492,33 @@ end ### windows_share +`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource. + Creates, modifies and removes Windows shares. All properties are idempotent. +`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8. + #### Actions -- :create: creates/modifies a share -- :delete: deletes a share +- `:create`: creates/modifies a share +- `:delete`: deletes a share #### Properties -- share_name: name attribute, the share name. -- path: path to the directory to be shared. Required when creating. If the share already exists on a different path then it is deleted and re-created. -- description: description to be applied to the share -- full_users: array of users which should have "Full control" permissions -- change_users: array of users which should have "Change" permissions -- read_users: array of users which should have "Read" permissions +property | type | default | description +------------------------ | ---------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- +`share_name` | String | resource name | the share to assign to the share +`path` | String | | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created. +`description` | String | | description to be applied to the share +`full_users` | Array | [] | users which should have "Full control" permissions +`change_users` | Array | [] | Users are granted modify permission to access the share. +`read_users` | Array | [] | users which should have "Read" permissions +`temporary` | True/False | false | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer +`scope_name` | String | '*' | The scope name of the share. +`ca_timeout` | Integer | 0 | The continuous availability time-out for the share. +`continuously_available` | True/False | false | Indicates that the share is continuously available. +`concurrent_user_limit` | Integer | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate +`encrypt_data` | True/False | false | Indicates that the share is encrypted. #### Examples @@ -424,6 +539,8 @@ end ### windows_shortcut +`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource. + Creates and modifies Windows shortcuts. #### Actions @@ -432,8 +549,8 @@ Creates and modifies Windows shortcuts. #### Properties -- `name` - name attribute. The shortcut to create/modify. -- `target` - what the shortcut links to +- `shortcut_name` - The name for the shortcut if it differs from the resource name. Name property +- `target` - Where the shortcut links to. - `arguments` - arguments to pass to the target when the shortcut is executed - `description` - description of the shortcut - `cwd` - Working directory to use when the target is executed @@ -441,27 +558,19 @@ Creates and modifies Windows shortcuts. #### Examples -Add a shortcut all users desktop: +Add a shortcut to all users desktop: ```ruby require 'win32ole' all_users_desktop = WIN32OLE.new("WScript.Shell").SpecialFolders("AllUsersDesktop") windows_shortcut "#{all_users_desktop}/Notepad.lnk" do - target "C:\\WINDOWS\\notepad.exe" + target "C:\\Windows\\notepad.exe" description "Launch Notepad" - iconlocation "C:\\windows\\notepad.exe, 0" + iconlocation "C:\\Windows\\notepad.exe,0" end ``` -#### Library Methods - -```ruby -Registry.value_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','BGINFO') -Registry.key_exists?('HKLM\SOFTWARE\Microsoft') -BgInfo = Registry.get_value('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','BGINFO') -``` - ### windows_path #### Actions @@ -491,88 +600,87 @@ windows_path 'C:\7-Zip' do end ``` -### windows_task +### windows_user_privilege -Creates, deletes or runs a Windows scheduled task. Requires Windows Server 2008 due to API usage. +Adds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`). #### Actions -- `:create` - creates a task (or updates existing if user or command has changed) -- `:delete` - deletes a task -- `:run` - runs a task -- `:end` - ends a task -- `:change` - changes the un/pw or command of a task -- `:enable` - enable a task -- `:disable` - disable a task +- `:add` - add the specified privileges to the `principal` +- `:remove` - remove the specified privilege of the `principal` #### Properties -- `task_name` - name attribute, The task name. ("Task Name" or "/Task Name") -- `force` - When used with create, will update the task. -- `command` - The command the task will run. -- `cwd` - The directory the task will be run from. -- `user` - The user to run the task as. (defaults to 'SYSTEM') -- `password` - The user's password. (requires user) -- `run_level` - Run with `:limited` or `:highest` privileges. -- `frequency` - Frequency with which to run the task. (default is :hourly. Other valid values include :minute, :hourly, :daily, :weekly, :monthly, :once, :on_logon, :onstart, :on_idle) :once requires start_time -- `frequency_modifier` - Multiple for frequency. (15 minutes, 2 days). Monthly tasks may also use these values": ('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY') -- `start_day` - Specifies the first date on which the task runs. Optional string (MM/DD/YYYY) -- `start_time` - Specifies the start time to run the task. Optional string (HH:mm) -- `interactive_enabled` - (Allow task to run interactively or non-interactively. Requires user and password.) -- `day` - For monthly or weekly tasks, the day(s) on which the task runs. (MON - SUN, *, 1 - 31) -- `months` - The Months of the year on which the task runs. (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC, *). Multiple months should be comma delimited. -- `idle_time` - For :on_idle frequency, the time (in minutes) without user activity that must pass to trigger the task. (1 - 999) +- `principal` - Name attribute, Required, String. The user or group to be granted privileges. +- `privilege` - Required, String/Array. The privilege(s) to be granted. #### Examples -Create a `chef-client` task with TaskPath `\` running every 15 minutes +Grant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege. ```ruby -windows_task 'chef-client' do - user 'Administrator' - password '$ecR3t' - cwd 'C:\\chef\\bin' - command 'chef-client -L C:\\tmp\\' - run_level :highest - frequency :minute - frequency_modifier 15 +windows_user_privilege 'Administrator' do + privilege %w(SeBatchLogonRight SeServiceLogonRight) end ``` -Update `chef-client` task with new password and log location +Remove `Logon as a batch job` privilege of Administrator. ```ruby -windows_task 'chef-client' do - user 'Administrator' - password 'N3wPassW0Rd' - cwd 'C:\\chef\\bin' - command 'chef-client -L C:\\chef\\logs\\' - action :change +windows_user_privilege 'Administrator' do + privilege %w(SeBatchLogonRight) + action :remove end ``` -Delete a task named `old task` +#### Available Privileges -```ruby -windows_task 'old task' do - action :delete -end ``` - -Enable a task named `chef-client` - -```ruby -windows_task 'chef-client' do - action :enable -end -``` - -Disable a task named `ProgramDataUpdater` with TaskPath `\Microsoft\Windows\Application Experience\` - -```ruby -windows_task '\Microsoft\Windows\Application Experience\ProgramDataUpdater' do - action :disable -end +SeTrustedCredManAccessPrivilege Access Credential Manager as a trusted caller +SeNetworkLogonRight Access this computer from the network +SeTcbPrivilege Act as part of the operating system +SeMachineAccountPrivilege Add workstations to domain +SeIncreaseQuotaPrivilege Adjust memory quotas for a process +SeInteractiveLogonRight Allow log on locally +SeRemoteInteractiveLogonRight Allow log on through Remote Desktop Services +SeBackupPrivilege Back up files and directories +SeChangeNotifyPrivilege Bypass traverse checking +SeSystemtimePrivilege Change the system time +SeTimeZonePrivilege Change the time zone +SeCreatePagefilePrivilege Create a pagefile +SeCreateTokenPrivilege Create a token object +SeCreateGlobalPrivilege Create global objects +SeCreatePermanentPrivilege Create permanent shared objects +SeCreateSymbolicLinkPrivilege Create symbolic links +SeDebugPrivilege Debug programs +SeDenyNetworkLogonRight Deny access this computer from the network +SeDenyBatchLogonRight Deny log on as a batch job +SeDenyServiceLogonRight Deny log on as a service +SeDenyInteractiveLogonRight Deny log on locally +SeDenyRemoteInteractiveLogonRight Deny log on through Remote Desktop Services +SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation +SeRemoteShutdownPrivilege Force shutdown from a remote system +SeAuditPrivilege Generate security audits +SeImpersonatePrivilege Impersonate a client after authentication +SeIncreaseWorkingSetPrivilege Increase a process working set +SeIncreaseBasePriorityPrivilege Increase scheduling priority +SeLoadDriverPrivilege Load and unload device drivers +SeLockMemoryPrivilege Lock pages in memory +SeBatchLogonRight Log on as a batch job +SeServiceLogonRight Log on as a service +SeSecurityPrivilege Manage auditing and security log +SeRelabelPrivilege Modify an object label +SeSystemEnvironmentPrivilege Modify firmware environment values +SeManageVolumePrivilege Perform volume maintenance tasks +SeProfileSingleProcessPrivilege Profile single process +SeSystemProfilePrivilege Profile system performance +SeUnsolicitedInputPrivilege "Read unsolicited input from a terminal device" +SeUndockPrivilege Remove computer from docking station +SeAssignPrimaryTokenPrivilege Replace a process level token +SeRestorePrivilege Restore files and directories +SeShutdownPrivilege Shut down the system +SeSyncAgentPrivilege Synchronize directory service data +SeTakeOwnershipPrivilege Take ownership of files or other objects ``` ### windows_zipfile @@ -714,60 +822,6 @@ case ::Windows::VersionHelper.nt_version node end ``` -## Windows ChefSpec Matchers - -The Windows cookbook includes custom [ChefSpec](https://github.com/sethvargo/chefspec) matchers you can use to test your own cookbooks that consume Windows cookbook LWRPs. - -### Example Matcher Usage - -```ruby -expect(chef_run).to install_windows_package('Node.js').with( - source: 'http://nodejs.org/dist/v0.10.26/x64/node-v0.10.26-x64.msi') -``` - -### Windows Cookbook Matchers - -- create_windows_auto_run -- remove_windows_auto_run -- create_windows_certificate -- delete_windows_certificate -- add_acl_to_windows_certificate -- create_windows_certificate_binding -- delete_windows_certificate_binding -- install_windows_feature -- install_windows_feature_dism -- install_windows_feature_servermanagercmd -- install_windows_feature_powershell -- remove_windows_feature -- remove_windows_feature_dism -- remove_windows_feature_servermanagercmd -- remove_windows_feature_powershell -- delete_windows_feature -- delete_windows_feature_dism -- delete_windows_feature_powershell -- install_windows_font -- create_windows_http_acl -- delete_windows_http_acl -- install_windows_package -- remove_windows_package -- set_windows_pagefile -- add_windows_path -- remove_windows_path -- create_windows_printer -- delete_windows_printer -- create_windows_printer_port -- delete_windows_printer_port -- create_windows_shortcut -- create_windows_shortcut -- create_windows_task -- disable_windows_task -- enable_windows_task -- delete_windows_task -- run_windows_task -- change_windows_task -- unzip_windows_zipfile_to -- zip_windows_zipfile_to - ## Usage Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook. @@ -784,7 +838,7 @@ depends 'windows' - Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com)) ```text -Copyright 2011-2016, Chef Software, Inc. +Copyright 2011-2018, Chef Software, Inc. Copyright 2010, VMware, Inc. Copyright 2011, Business Intelligence Associates, Inc Copyright 2012, Nordstrom, Inc. diff --git a/cookbooks/windows/attributes/default.rb b/cookbooks/windows/attributes/default.rb deleted file mode 100644 index 7e63845..0000000 --- a/cookbooks/windows/attributes/default.rb +++ /dev/null @@ -1,21 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: windows -# Attribute:: default -# -# Copyright:: 2011-2017, Chef Software, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -default['windows']['rubyzipversion'] = nil diff --git a/cookbooks/windows/files/dism_features.rb b/cookbooks/windows/files/dism_features.rb deleted file mode 100644 index 804dcc0..0000000 --- a/cookbooks/windows/files/dism_features.rb +++ /dev/null @@ -1,45 +0,0 @@ -# -# Author:: Wade Peacock -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -# limitations under the License. -# - -Ohai.plugin(:DismFeatures) do - provides 'dism_features' - collect_data(:windows) do - dism_features Mash.new - # This is for 32-bit ruby/chef client on 64-bit Windows - # This emulates the locate_sysnative_cmd helper as it is not available - cmd = 'dism.exe' - dism = if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\#{cmd}") - "#{ENV['WINDIR']}\\sysnative\\#{cmd}" - elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\#{cmd}") - "#{ENV['WINDIR']}\\system32\\#{cmd}" - else - cmd - end - # Grab raw feature information from dism command line - raw_list_of_features = shell_out("#{dism} /Get-Features /Online /Format:Table").stdout - # Split stdout into an array by windows line ending - features_list = raw_list_of_features.split("\r\n") - features_list.each do |feature_details_raw| - # Skip lines that do not match Enable / Disable - next unless feature_details_raw =~ /(En|Dis)able/ - # Strip trailing whitespace characters then split on n number of spaces + | + n number of spaces - feature_details = feature_details_raw.strip.split(/\s+[|]\s+/) - # Add to Mash - dism_features[feature_details.first] = feature_details.last - end - end -end diff --git a/cookbooks/windows/libraries/matchers.rb b/cookbooks/windows/libraries/matchers.rb deleted file mode 100644 index 8299d94..0000000 --- a/cookbooks/windows/libraries/matchers.rb +++ /dev/null @@ -1,586 +0,0 @@ -if defined?(ChefSpec) - - ChefSpec.define_matcher :windows_auto_run - ChefSpec.define_matcher :windows_certificate - ChefSpec.define_matcher :windows_certificate_binding - ChefSpec.define_matcher :windows_feature - ChefSpec.define_matcher :windows_feature_dism - ChefSpec.define_matcher :windows_feature_servermanagercmd - ChefSpec.define_matcher :windows_feature_powershell - ChefSpec.define_matcher :windows_font - ChefSpec.define_matcher :windows_http_acl - ChefSpec.define_matcher :windows_pagefile - ChefSpec.define_matcher :windows_path - ChefSpec.define_matcher :windows_printer - ChefSpec.define_matcher :windows_printer_port - ChefSpec.define_matcher :windows_share - ChefSpec.define_matcher :windows_shortcut - ChefSpec.define_matcher :windows_task - ChefSpec.define_matcher :windows_zipfile - - # - # Assert that a +windows_certificate+ resource exists in the Chef run with the - # action +:create+. Given a Chef Recipe that creates 'c:\test\mycert.pfx' as a - # +windows_certificate+: - # - # windows_certificate 'c:\test\mycert.pfx' do - # action :create - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_certificate+ resource with ChefSpec. - # - # @example Assert that a +windows_certificate+ was created - # expect(chef_run).to create_windows_certificate('c:\test\mycert.pfx') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def create_windows_certificate(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate, :create, resource_name) - end - - # - # Assert that a +windows_certificate+ resource exists in the Chef run with the - # action +:delete+. Given a Chef Recipe that deletes "me.acme.com" as a - # +windows_certificate+: - # - # windows_certificate 'me.acme.com' do - # action :delete - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_certificate+ resource with ChefSpec. - # - # @example Assert that a +windows_certificate+ was _not_ deleted - # expect(chef_run).to_not delete_windows_certificate('me.acme.com') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def delete_windows_certificate(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate, :delete, resource_name) - end - - # - # Assert that a +windows_certificate+ resource exists in the Chef run with the - # action +:acl_add+. Given a Chef Recipe that adds a private key acl to "me.acme.com" as a - # +windows_certificate+: - # - # windows_certificate 'me.acme.com' do - # private_key_acl ['acme\fred', 'pc\jane'] - # action :acl_add - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_certificate+ resource with ChefSpec. - # - # @example Assert that a +windows_certificate+ was _not_ removed - # expect(chef_run).to add_acl_to_windows_certificate('me.acme.com').with(private_key_acl: ['acme\fred', 'pc\jane']) - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def add_acl_to_windows_certificate(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate, :acl_add, resource_name) - end - - # - # Assert that a +windows_feature+ resource exists in the Chef run with the - # action +:install+. Given a Chef Recipe that installs "NetFX3" as a - # +windows_feature+: - # - # windows_feature 'NetFX3' do - # action :install - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_feature+ resource with ChefSpec. - # - # @example Assert that a +windows_feature+ was installed - # expect(chef_run).to install_windows_feature('NetFX3') - # - # @example Assert that a +windows_feature+ was _not_ installed - # expect(chef_run).to_not install_windows_feature('NetFX3') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def install_windows_feature(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature, :install, resource_name) - end - - def install_windows_feature_servermanagercmd(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_servermanagercmd, :install, resource_name) - end - - def install_windows_feature_dism(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_dism, :install, resource_name) - end - - def install_windows_feature_powershell(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_powershell, :install, resource_name) - end - - # - # Assert that a +windows_feature+ resource exists in the Chef run with the - # action +:remove+. Given a Chef Recipe that removes "NetFX3" as a - # +windows_feature+: - # - # windows_feature 'NetFX3' do - # action :remove - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_feature+ resource with ChefSpec. - # - # @example Assert that a +windows_feature+ was removed - # expect(chef_run).to remove_windows_feature('NetFX3') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def remove_windows_feature(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature, :remove, resource_name) - end - - def remove_windows_feature_servermanagercmd(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_servermanagercmd, :remove, resource_name) - end - - def remove_windows_feature_dism(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_dism, :remove, resource_name) - end - - def remove_windows_feature_powershell(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_powershell, :remove, resource_name) - end - - # - # Assert that a +windows_feature+ resource exists in the Chef run with the - # action +:delete+. Given a Chef Recipe that deletes "NetFX3" as a - # +windows_feature+: - # - # windows_feature 'NetFX3' do - # action :delete - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_feature+ resource with ChefSpec. - # - # @example Assert that a +windows_feature+ was deleted - # expect(chef_run).to delete_windows_feature('NetFX3') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def delete_windows_feature(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature, :delete, resource_name) - end - - def delete_windows_feature_dism(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_dism, :delete, resource_name) - end - - def delete_windows_feature_powershell(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_powershell, :delete, resource_name) - end - - # - # Assert that a +windows_task+ resource exists in the Chef run with the - # action +:create+. Given a Chef Recipe that creates "mytask" as a - # +windows_task+: - # - # windows_task 'mytask' do - # command 'mybatch.bat' - # action :create - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_task+ resource with ChefSpec. - # - # @example Assert that a +windows_task+ was created - # expect(chef_run).to create_windows_task('mytask') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def create_windows_task(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :create, resource_name) - end - - # - # Assert that a +windows_task+ resource exists in the Chef run with the - # action +:disable+. Given a Chef Recipe that creates "mytask" as a - # +windows_task+: - # - # windows_task 'mytask' do - # action :disable - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_task+ resource with ChefSpec. - # - # @example Assert that a +windows_task+ was disabled - # expect(chef_run).to disable_windows_task('mytask') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def disable_windows_task(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :disable, resource_name) - end - - # - # Assert that a +windows_task+ resource exists in the Chef run with the - # action +:enable+. Given a Chef Recipe that creates "mytask" as a - # +windows_task+: - # - # windows_task 'mytask' do - # action :enable - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_task+ resource with ChefSpec. - # - # @example Assert that a +windows_task+ was enabled - # expect(chef_run).to enable_windows_task('mytask') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def enable_windows_task(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :enable, resource_name) - end - - # - # Assert that a +windows_task+ resource exists in the Chef run with the - # action +:delete+. Given a Chef Recipe that deletes "mytask" as a - # +windows_task+: - # - # windows_task 'mytask' do - # action :delete - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_task+ resource with ChefSpec. - # - # @example Assert that a +windows_task+ was deleted - # expect(chef_run).to delete_windows_task('mytask') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def delete_windows_task(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :delete, resource_name) - end - - # - # Assert that a +windows_task+ resource exists in the Chef run with the - # action +:run+. Given a Chef Recipe that runs "mytask" as a - # +windows_task+: - # - # windows_task 'mytask' do - # action :run - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_task+ resource with ChefSpec. - # - # @example Assert that a +windows_task+ was run - # expect(chef_run).to run_windows_task('mytask') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def run_windows_task(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :run, resource_name) - end - - # - # Assert that a +windows_task+ resource exists in the Chef run with the - # action +:change+. Given a Chef Recipe that changes "mytask" as a - # +windows_task+: - # - # windows_task 'mytask' do - # action :change - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_task+ resource with ChefSpec. - # - # @example Assert that a +windows_task+ was changed - # expect(chef_run).to change_windows_task('mytask') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def change_windows_task(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :change, resource_name) - end - - # - # Assert that a +windows_path+ resource exists in the Chef run with the - # action +:add+. Given a Chef Recipe that adds "C:\7-Zip" to the Windows - # PATH env var - # - # windows_path 'C:\7-Zip' do - # action :add - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_path+ resource with ChefSpec. - # - # @example Assert that a +windows_path+ was added - # expect(chef_run).to add_windows_path('C:\7-Zip') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def add_windows_path(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_path, :add, resource_name) - end - - # - # Assert that a +windows_path+ resource exists in the Chef run with the - # action +:remove+. Given a Chef Recipe that removes "C:\7-Zip" from the - # Windows PATH env var - # - # windows_path 'C:\7-Zip' do - # action :remove - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_path+ resource with ChefSpec. - # - # @example Assert that a +windows_path+ was removed - # expect(chef_run).to remove_windows_path('C:\7-Zip') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def remove_windows_path(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_path, :remove, resource_name) - end - - # - # Assert that a +windows_pagefile+ resource exists in the Chef run with the - # action +:set+. Given a Chef Recipe that sets a pagefile - # - # windows_pagefile "pagefile" do - # system_managed true - # initial_size 1024 - # maximum_size 4096 - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_pagefile+ resource with ChefSpec. - # - # @example Assert that a +windows_pagefile+ was set - # expect(chef_run).to set_windows_pagefile('pagefile').with( - # initial_size: 1024) - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def set_windows_pagefile(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_pagefile, :set, resource_name) - end - - # - # Assert that a +windows_zipfile+ resource exists in the Chef run with the - # action +:unzip+. Given a Chef Recipe that extracts "SysinternalsSuite.zip" - # to c:/bin - # - # windows_zipfile "c:/bin" do - # source "http://download.sysinternals.com/Files/SysinternalsSuite.zip" - # action :unzip - # not_if {::File.exists?("c:/bin/PsExec.exe")} - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_zipfile+ resource with ChefSpec. - # - # @example Assert that a +windows_zipfile+ was unzipped - # expect(chef_run).to unzip_windows_zipfile_to('c:/bin') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def unzip_windows_zipfile_to(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_zipfile, :unzip, resource_name) - end - - # - # Assert that a +windows_zipfile+ resource exists in the Chef run with the - # action +:zip+. Given a Chef Recipe that zips "c:/src" - # to c:/code.zip - # - # windows_zipfile "c:/code.zip" do - # source "c:/src" - # action :zip - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_zipfile+ resource with ChefSpec. - # - # @example Assert that a +windows_zipfile+ was zipped - # expect(chef_run).to zip_windows_zipfile_to('c:/code.zip') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def zip_windows_zipfile_to(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_zipfile, :zip, resource_name) - end - - # - # Assert that a +windows_share+ resource exists in the Chef run with the - # action +:create+. Given a Chef Recipe that shares "c:/src" - # as Src - # - # windows_share "Src" do - # path "c:/src" - # action :create - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_share+ resource with ChefSpec. - # - # @example Assert that a +windows_share+ was created - # expect(chef_run).to create_windows_share('Src') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def create_windows_share(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_share, :create, resource_name) - end - - # - # Assert that a +windows_share+ resource exists in the Chef run with the - # action +:delete+. Given a Chef Recipe that deletes share "c:/src" - # - # windows_share "Src" do - # action :delete - # end - # - # The Examples section demonstrates the different ways to test a - # +windows_share+ resource with ChefSpec. - # - # @example Assert that a +windows_share+ was created - # expect(chef_run).to delete_windows_share('Src') - # - # - # @param [String, Regex] resource_name - # the name of the resource to match - # - # @return [ChefSpec::Matchers::ResourceMatcher] - # - def delete_windows_share(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_share, :delete, resource_name) - end - - # All the other less commonly used LWRPs - def create_windows_shortcut(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_shortcut, :create, resource_name) - end - - def create_windows_auto_run(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_auto_run, :create, resource_name) - end - - def remove_windows_auto_run(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_auto_run, :remove, resource_name) - end - - def create_windows_printer(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_printer, :create, resource_name) - end - - def delete_windows_printer(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_printer, :delete, resource_name) - end - - def create_windows_printer_port(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_printer_port, :create, resource_name) - end - - def delete_windows_printer_port(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_printer_port, :delete, resource_name) - end - - def install_windows_font(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_font, :install, resource_name) - end - - def create_windows_certificate_binding(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate_binding, :create, resource_name) - end - - def delete_windows_certificate_binding(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate_binding, :delete, resource_name) - end - - def create_windows_http_acl(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_http_acl, :create, resource_name) - end - - def delete_windows_http_acl(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:windows_http_acl, :delete, resource_name) - end -end diff --git a/cookbooks/windows/libraries/powershell_helper.rb b/cookbooks/windows/libraries/powershell_helper.rb index e9261b4..be021a3 100644 --- a/cookbooks/windows/libraries/powershell_helper.rb +++ b/cookbooks/windows/libraries/powershell_helper.rb @@ -1,9 +1,9 @@ # # Author:: Seth Chisamore () # Cookbook:: windows -# Library:: helper +# Library:: powershell_helper # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/windows/libraries/registry_helper.rb b/cookbooks/windows/libraries/registry_helper.rb index 91ae91a..3ca2254 100644 --- a/cookbooks/windows/libraries/registry_helper.rb +++ b/cookbooks/windows/libraries/registry_helper.rb @@ -3,10 +3,10 @@ # Author:: Seth Chisamore () # Author:: Paul Morton () # Cookbook:: windows -# Provider:: registry +# Library:: registry_helper # # Copyright:: 2010-2017, VMware, Inc. -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # Copyright:: 2011-2017, Business Intelligence Associates, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -45,7 +45,7 @@ module Windows hkey = { 'HKLM' => 'HKEY_LOCAL_MACHINE', 'HKCU' => 'HKEY_CURRENT_USER', - 'HKU' => 'HKEY_USERS', + 'HKU' => 'HKEY_USERS', }[hive_name] || hive_name Chef::Log.debug("Hive resolved to #{hkey}") @@ -257,9 +257,9 @@ module Windows end Chef::Log.debug("Resolved user SID to #{sid}") - return sid + sid rescue - return nil + nil end def hive_loaded?(path) @@ -350,7 +350,7 @@ module Windows end module Registry - module_function + module_function # rubocop: disable Lint/UselessAccessModifier extend Windows::RegistryHelper end diff --git a/cookbooks/windows/libraries/version.rb b/cookbooks/windows/libraries/version.rb index 64f6230..a353451 100644 --- a/cookbooks/windows/libraries/version.rb +++ b/cookbooks/windows/libraries/version.rb @@ -3,7 +3,7 @@ # Cookbook:: windows # Library:: version # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -139,6 +139,7 @@ module Windows end WIN_VERSIONS = { + 'Windows 10' => { major: 10, minor: 0, callable: -> { @product_type != VER_NT_WORKSTATION } }, 'Windows Server 2012 R2' => { major: 6, minor: 3, callable: -> { @product_type != VER_NT_WORKSTATION } }, 'Windows 8' => { major: 6, minor: 2, callable: -> { @product_type == VER_NT_WORKSTATION } }, 'Windows Server 2012' => { major: 6, minor: 2, callable: -> { @product_type != VER_NT_WORKSTATION } }, diff --git a/cookbooks/windows/libraries/version_helper.rb b/cookbooks/windows/libraries/version_helper.rb index 2b5d4b3..fcb0aa7 100644 --- a/cookbooks/windows/libraries/version_helper.rb +++ b/cookbooks/windows/libraries/version_helper.rb @@ -36,6 +36,20 @@ module Windows STANDARD_SERVER = 0x0D unless constants.include?(:STANDARD_SERVER) # Server Standard without Hyper-V Core STANDARD_SERVER_V = 0x28 unless constants.include?(:STANDARD_SERVER_V) + # Small Business Server Premium Core + PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE = 0x3F unless constants.include?(:PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE) + # Server Solutions Premium Core + STANDARD_SERVER_SOLUTIONS = 0x35 unless constants.include?(:STANDARD_SERVER_SOLUTIONS) + # Storage Server Enterprise Core + STORAGE_ENTERPRISE_SERVER = 0x2E unless constants.include?(:STORAGE_ENTERPRISE_SERVER) + # Storage Server Express Core + STORAGE_EXPRESS_SERVER = 0x2B unless constants.include?(:STORAGE_EXPRESS_SERVER) + # Storage Server Standard Core + STORAGE_STANDARD_SERVER = 0x2C unless constants.include?(:STORAGE_STANDARD_SERVER) + # Storage Server Workgroup Core + STORAGE_WORKGROUP_SERVER = 0x2D unless constants.include?(:STORAGE_WORKGROUP_SERVER) + # Web Server Core + WEB_SERVER = 0x1D unless constants.include?(:WEB_SERVER) end # Module referencing product type contants @@ -73,7 +87,7 @@ module Windows end def self.validate_platform(node) - raise 'Windows helper are only supported on windows platform!' if node['platform'] != 'windows' + raise 'Windows helper are only supported on windows platform!' unless node['platform'] == 'windows' end end end diff --git a/cookbooks/windows/libraries/windows_helper.rb b/cookbooks/windows/libraries/windows_helper.rb index 4d102da..edc2d42 100644 --- a/cookbooks/windows/libraries/windows_helper.rb +++ b/cookbooks/windows/libraries/windows_helper.rb @@ -1,9 +1,9 @@ # # Author:: Seth Chisamore () # Cookbook:: windows -# Library:: helper +# Library:: windows_helper # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +20,9 @@ require 'uri' require 'Win32API' if Chef::Platform.windows? require 'chef/exceptions' +require 'openssl' +require 'chef/mixin/powershell_out' +require 'chef/util/path_helper' module Windows module Helper @@ -30,6 +33,7 @@ module Windows # returns windows friendly version of the provided path, # ensures backslashes are used everywhere def win_friendly_path(path) + Chef::Log.warn('The win_friendly_path helper has been deprecated and will be removed from the next major release of the windows cookbook. Please update any cookbooks using this helper to instead require `chef/util/path_helper` and then use `Chef::Util::PathHelper.cleanpath`.') path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR || '\\') if path end @@ -47,16 +51,6 @@ module Windows end end - # Create a feature provider dependent value object. - # mainly created becasue Windows Feature names are - # different based on whether dism.exe or servicemanagercmd.exe - # is used for installation - def value_for_feature_provider(provider_hash) - p = Chef::Platform.find_provider_for_node(node, :windows_feature) - key = p.to_s.downcase.split('::').last - provider_hash[key] || provider_hash[key.to_sym] - end - # singleton instance of the Windows Version checker def win_version @win_version ||= Windows::Version.new @@ -88,7 +82,7 @@ module Windows cache_file_path = source end - windows_path ? win_friendly_path(cache_file_path) : cache_file_path + windows_path ? Chef::Util::PathHelper.cleanpath(cache_file_path) : cache_file_path end end @@ -103,7 +97,7 @@ module Windows buf.strip end - def is_package_installed?(package_name) # rubocop:disable Style/PredicateName + def is_package_installed?(package_name) # rubocop:disable Naming/PredicateName installed_packages.include?(package_name) end diff --git a/cookbooks/windows/libraries/windows_privileged.rb b/cookbooks/windows/libraries/windows_privileged.rb index 5abf08b..68d96c3 100644 --- a/cookbooks/windows/libraries/windows_privileged.rb +++ b/cookbooks/windows/libraries/windows_privileged.rb @@ -57,7 +57,7 @@ class Chef unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, token) raise get_last_error end - token = token.unpack('L')[0] + token = token.unpack1('L') privileges.each do |name| unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED) diff --git a/cookbooks/windows/libraries/wmi_helper.rb b/cookbooks/windows/libraries/wmi_helper.rb index 4d9c609..2acdc38 100644 --- a/cookbooks/windows/libraries/wmi_helper.rb +++ b/cookbooks/windows/libraries/wmi_helper.rb @@ -1,7 +1,9 @@ # # Author:: Adam Edwards () +# Cookbook:: windows +# Library:: wmi_helper # -# Copyright:: 2014-2017, Chef Software, Inc. +# Copyright:: 2014-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/windows/metadata.json b/cookbooks/windows/metadata.json index d959937..46a3073 100644 --- a/cookbooks/windows/metadata.json +++ b/cookbooks/windows/metadata.json @@ -1 +1 @@ -{"name":"windows","version":"3.1.1","description":"Provides a set of useful Windows-specific primitives.","long_description":"# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## Requirements\n\n### Platforms\n\n- Windows 7\n- Windows Server 2008 R2\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n\n### Chef\n\n- Chef 12.6+\n\n## Resources\n\n### windows_auto_run\n\n#### Actions\n\n- `:create` - Create an item to be run at login\n- `:remove` - Remove an item that was previously setup to run at login\n\n#### Properties\n\n- `name` - Name attribute. The name of the value to be stored in the registry\n- `program` - The program to be run at login\n- `args` - The arguments for the program\n\n#### Examples\n\nRun BGInfo at login\n\n```ruby\nwindows_auto_run 'BGINFO' do\n program 'C:/Sysinternals/bginfo.exe'\n args '\\'C:/Sysinternals/Config.bgi\\' /NOLICPROMPT /TIMER:0'\n action :create\nend\n```\n\n### windows_certificate\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n\n- `:create` - creates or updates a certificate.\n- `:delete` - deletes a certificate.\n- `:acl_add` - adds read-only entries to a certificate's private key ACL.\n\n#### Properties\n\n- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).\n- `pfx_password` - the password to access the source if it is a pfx file.\n- `private_key_acl` - array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- `store_name` - the certificate store to manipulate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).\n- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n pfx_password \"password\"\n private_key_acl [\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n store_name \"CA\"\nend\n```\n\n```ruby\n# Remove all certificates matching the subject\nwindows_certificate \"me.acme.com\" do\n action :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses).\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n cert_name \"d234567890a23f567c901e345bc8901d34567890\"\n name_kind :hash\n store_name \"CA\"\n port 4334\nend\n```\n\n### windows_feature\n\n**BREAKING CHANGE - Version 3.0.0**\n\nThis resource has been moved from using LWRPs and multiple providers to using Custom Resources. To maintain functionality, you'll need to change `provider` to `install_method`.\n\nWindows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'.\n\nThis resource allows you to manage these 'features' in an unattended, idempotent way.\n\nThere are three methods for the `windows_feature` which map into Microsoft's three major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx), [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834%28WS.10%29.aspx) (The CLI for Server Manager), and [PowerShell](https://technet.microsoft.com/en-us/library/cc731774(v=ws.11).aspx). As Servermanagercmd is deprecated, Chef will set the default method to `:windows_feature_dism` if `dism.exe` is present on the system being configured. The default method will fall back to `:windows_feature_servermanagercmd`, and then `:windows_feature_powershell`.\n\nFor more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt:\n\nFor Dism:\n\n```text\ndism /online /Get-Features\n```\n\nFor ServerManagerCmd:\n\n```text\nservermanagercmd -query\n```\n\nFor PowerShell:\n\n```text\nget-windowsfeature\n```\n\n#### Actions\n\n- `:install` - install a Windows role/feature\n- `:remove` - remove a Windows role/feature\n- `:delete` - remove a Windows role/feature from the image (not supported by ServerManagerCmd)\n\n#### Properties\n\n- `feature_name` - name of the feature/role(s) to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).\n- `all` - Boolean. Optional. Default: false. DISM and Powershell providers only. Forces all dependencies to be installed.\n- `source` - String. Optional. DISM provider only. Uses local repository for feature install.\n- `install_method` - Symbol. Optional. **REPLACEMENT FOR THE PREVIOUS PROVIDER OPTION** If not supplied, Chef will determine which method to use (in the order of `:windows_feature_dism`, `:windows_feature_servercmd`, `:windows_feature_powershell`)\n\n#### Examples\n\nInstall the DHCP Server feature\n\n```ruby\nwindows_feature 'DHCPServer' do\n action :install\nend\n```\n\nInstall the .Net 3.5.1 feature on Server 2012 using repository files on DVD and install all dependencies\n\n```ruby\nwindows_feature \"NetFx3\" do\n action :install\n all true\n source \"d:\\sources\\sxs\"\nend\n```\n\nRemove Telnet Server and Client features\n\n```ruby\nwindows_feature ['TelnetServer', 'TelnetClient'] do\n action :remove\nend\n```\n\nAdd the SMTP Server feature using the PowerShell provider\n\n```ruby\nwindows_feature \"smtp-server\" do\n action :install\n all true\n install_method :windows_feature_powershell\nend\n```\n\nInstall multiple features using one resource with the PowerShell provider\n\n```ruby\nwindows_feature ['Web-Asp-Net45', 'Web-Net-Ext45'] do\n action :install\n install_method :windows_feature_powershell\nend\n```\n\n### windows_font\n\nInstalls a font.\n\nFont files should be included in the cookbooks\n\n#### Actions\n\n- `:install` - install a font to the system fonts directory.\n\n#### Properties\n\n- `name` - The file name of the font file name to install. The path defaults to the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name.\n- `source` - Set an alternate path to the font file.\n\n#### Examples\n\n```ruby\nwindows_font 'Code New Roman.otf'\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n action :delete\nend\n```\n\n### windows_pagefile\n\nConfigures the file that provides virtual memory for applications requiring more memory than available RAM or that are paged out to free up memory in use.\n\n\n#### Actions\n\n- `:set` - configures the default pagefile, creating if it doesn't exist.\n- `:delete` - deletes the specified pagefile.\n\n#### Properties\n\n- `name` - the path to the pagefile, String, name_property: true\n- `system_managed` - configures whether the system manages the pagefile size. [true, false]\n- `automatic_managed` - all of the settings are managed by the system. If this is set to true, other settings will be ignored. [true, false], default: false\n- `initial_size` - initial size of the pagefile in bytes. Integer\n- `maximum_size` - maximum size of the pagefile in bytes. Integer\n\n### windows_printer_port\n\nCreate and delete TCP/IPv4 printer ports.\n\n#### Actions\n\n- `:create` - Create a TCIP/IPv4 printer port. This is the default action.\n- `:delete` - Delete a TCIP/IPv4 printer port\n\n#### Properties\n\n- `ipv4_address` - Name attribute. Required. IPv4 address, e.g. '10.0.24.34'\n- `port_name` - Port name. Optional. Defaults to 'IP_' + `ipv4_address`\n- `port_number` - Port number. Optional. Defaults to 9100.\n- `port_description` - Port description. Optional.\n- `snmp_enabled` - Boolean. Optional. Defaults to false.\n- `port_protocol` - Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1.\n\n#### Examples\n\nCreate a TCP/IP printer port named 'IP_10.4.64.37' with all defaults\n\n```ruby\nwindows_printer_port '10.4.64.37' do\n action :create\nend\n```\n\nDelete a printer port\n\n```ruby\nwindows_printer_port '10.4.64.37' do\n action :delete\nend\n```\n\nDelete a port with a custom port_name\n\n```ruby\nwindows_printer_port '10.4.64.38' do\n port_name 'My awesome port'\n action :delete\nend\n```\n\nCreate a port with more options\n\n```ruby\nwindows_printer_port '10.4.64.39' do\n port_name 'My awesome port'\n snmp_enabled true\n port_protocol 2\nend\n```\n\n### windows_printer\n\nCreate Windows printer. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system.\n\nThe Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer.\n\n#### Actions\n\n- `:create` - Create a new printer\n- `:delete` - Delete a new printer\n\n#### Properties\n\n- `device_id` - Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'\n- `comment` - Optional string describing the printer queue.\n- `default` - Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting.\n- `driver_name` - String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node.\n- `location` - Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207'\n- `shared` - Boolean. Defaults to false.\n- `share_name` - Printer share name.\n- `ipv4_address` - Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP address to set it. Required.\n\nAn error of \"Set-WmiInstance : Generic failure\" is most likely due to the printer driver name not matching or not being installed.\n\n#### Examples\n\nCreate a printer\n\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n driver_name 'HP LaserJet 4100 Series PCL6'\n ipv4_address '10.4.64.38'\nend\n```\n\nDelete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port.\n\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n action :delete\nend\n```\n\n### windows_share\n\nCreates, modifies and removes Windows shares. All properties are idempotent.\n\n#### Actions\n\n- :create: creates/modifies a share\n- :delete: deletes a share\n\n#### Properties\n\n- share_name: name attribute, the share name.\n- path: path to the directory to be shared. Required when creating. If the share already exists on a different path then it is deleted and re-created.\n- description: description to be applied to the share\n- full_users: array of users which should have \"Full control\" permissions\n- change_users: array of users which should have \"Change\" permissions\n- read_users: array of users which should have \"Read\" permissions\n\n#### Examples\n\n```ruby\nwindows_share \"foo\" do\n action :create\n path \"C:\\\\foo\"\n full_users [\"DOMAIN_A\\\\some_user\", \"DOMAIN_B\\\\some_other_user\"]\n read_users [\"DOMAIN_C\\\\Domain users\"]\nend\n```\n\n```ruby\nwindows_share \"foo\" do\n action :delete\nend\n```\n\n### windows_shortcut\n\nCreates and modifies Windows shortcuts.\n\n#### Actions\n\n- `:create` - create or modify a windows shortcut\n\n#### Properties\n\n- `name` - name attribute. The shortcut to create/modify.\n- `target` - what the shortcut links to\n- `arguments` - arguments to pass to the target when the shortcut is executed\n- `description` - description of the shortcut\n- `cwd` - Working directory to use when the target is executed\n- `iconlocation` - Icon to use, in the format of `\"path, index\"` where index is which icon in that file to use (See [WshShortcut.IconLocation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx))\n\n#### Examples\n\nAdd a shortcut all users desktop:\n\n```ruby\nrequire 'win32ole'\nall_users_desktop = WIN32OLE.new(\"WScript.Shell\").SpecialFolders(\"AllUsersDesktop\")\n\nwindows_shortcut \"#{all_users_desktop}/Notepad.lnk\" do\n target \"C:\\\\WINDOWS\\\\notepad.exe\"\n description \"Launch Notepad\"\n iconlocation \"C:\\\\windows\\\\notepad.exe, 0\"\nend\n```\n\n#### Library Methods\n\n```ruby\nRegistry.value_exists?('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\nRegistry.key_exists?('HKLM\\SOFTWARE\\Microsoft')\nBgInfo = Registry.get_value('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\n```\n\n### windows_path\n\n#### Actions\n\n- `:add` - Add an item to the system path\n- `:remove` - Remove an item from the system path\n\n#### Properties\n\n- `path` - Name attribute. The name of the value to add to the system path\n\n#### Examples\n\nAdd Sysinternals to the system path\n\n```ruby\nwindows_path 'C:\\Sysinternals' do\n action :add\nend\n```\n\nRemove 7-Zip from the system path\n\n```ruby\nwindows_path 'C:\\7-Zip' do\n action :remove\nend\n```\n\n### windows_task\n\nCreates, deletes or runs a Windows scheduled task. Requires Windows Server 2008 due to API usage.\n\n#### Actions\n\n- `:create` - creates a task (or updates existing if user or command has changed)\n- `:delete` - deletes a task\n- `:run` - runs a task\n- `:end` - ends a task\n- `:change` - changes the un/pw or command of a task\n- `:enable` - enable a task\n- `:disable` - disable a task\n\n#### Properties\n\n- `task_name` - name attribute, The task name. (\"Task Name\" or \"/Task Name\")\n- `force` - When used with create, will update the task.\n- `command` - The command the task will run.\n- `cwd` - The directory the task will be run from.\n- `user` - The user to run the task as. (defaults to 'SYSTEM')\n- `password` - The user's password. (requires user)\n- `run_level` - Run with `:limited` or `:highest` privileges.\n- `frequency` - Frequency with which to run the task. (default is :hourly. Other valid values include :minute, :hourly, :daily, :weekly, :monthly, :once, :on_logon, :onstart, :on_idle) :once requires start_time\n- `frequency_modifier` - Multiple for frequency. (15 minutes, 2 days). Monthly tasks may also use these values\": ('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY')\n- `start_day` - Specifies the first date on which the task runs. Optional string (MM/DD/YYYY)\n- `start_time` - Specifies the start time to run the task. Optional string (HH:mm)\n- `interactive_enabled` - (Allow task to run interactively or non-interactively. Requires user and password.)\n- `day` - For monthly or weekly tasks, the day(s) on which the task runs. (MON - SUN, *, 1 - 31)\n- `months` - The Months of the year on which the task runs. (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC, *). Multiple months should be comma delimited.\n- `idle_time` - For :on_idle frequency, the time (in minutes) without user activity that must pass to trigger the task. (1 - 999)\n\n#### Examples\n\nCreate a `chef-client` task with TaskPath `\\` running every 15 minutes\n\n```ruby\nwindows_task 'chef-client' do\n user 'Administrator'\n password '$ecR3t'\n cwd 'C:\\\\chef\\\\bin'\n command 'chef-client -L C:\\\\tmp\\\\'\n run_level :highest\n frequency :minute\n frequency_modifier 15\nend\n```\n\nUpdate `chef-client` task with new password and log location\n\n```ruby\nwindows_task 'chef-client' do\n user 'Administrator'\n password 'N3wPassW0Rd'\n cwd 'C:\\\\chef\\\\bin'\n command 'chef-client -L C:\\\\chef\\\\logs\\\\'\n action :change\nend\n```\n\nDelete a task named `old task`\n\n```ruby\nwindows_task 'old task' do\n action :delete\nend\n```\n\nEnable a task named `chef-client`\n\n```ruby\nwindows_task 'chef-client' do\n action :enable\nend\n```\n\nDisable a task named `ProgramDataUpdater` with TaskPath `\\Microsoft\\Windows\\Application Experience\\`\n\n```ruby\nwindows_task '\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater' do\n action :disable\nend\n```\n\n### windows_zipfile\n\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.\n\n#### core_version?\n\nDetermines whether given node is running on a windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n when '6.0' then 'Windows vista or Server 2008'\n when '6.1' then 'Windows 7 or Server 2008R2'\n when '6.2' then 'Windows 8 or Server 2012'\n when '6.3' then 'Windows 8.1 or Server 2012R2'\n when '10.0' then 'Windows 10'\nend\n```\n\n## Windows ChefSpec Matchers\n\nThe Windows cookbook includes custom [ChefSpec](https://github.com/sethvargo/chefspec) matchers you can use to test your own cookbooks that consume Windows cookbook LWRPs.\n\n### Example Matcher Usage\n\n```ruby\nexpect(chef_run).to install_windows_package('Node.js').with(\n source: 'http://nodejs.org/dist/v0.10.26/x64/node-v0.10.26-x64.msi')\n```\n\n### Windows Cookbook Matchers\n\n- create_windows_auto_run\n- remove_windows_auto_run\n- create_windows_certificate\n- delete_windows_certificate\n- add_acl_to_windows_certificate\n- create_windows_certificate_binding\n- delete_windows_certificate_binding\n- install_windows_feature\n- install_windows_feature_dism\n- install_windows_feature_servermanagercmd\n- install_windows_feature_powershell\n- remove_windows_feature\n- remove_windows_feature_dism\n- remove_windows_feature_servermanagercmd\n- remove_windows_feature_powershell\n- delete_windows_feature\n- delete_windows_feature_dism\n- delete_windows_feature_powershell\n- install_windows_font\n- create_windows_http_acl\n- delete_windows_http_acl\n- install_windows_package\n- remove_windows_package\n- set_windows_pagefile\n- add_windows_path\n- remove_windows_path\n- create_windows_printer\n- delete_windows_printer\n- create_windows_printer_port\n- delete_windows_printer_port\n- create_windows_shortcut\n- create_windows_shortcut\n- create_windows_task\n- disable_windows_task\n- enable_windows_task\n- delete_windows_task\n- run_windows_task\n- change_windows_task\n- unzip_windows_zipfile_to\n- zip_windows_zipfile_to\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2016, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"ohai":">= 4.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file +{"name":"windows","version":"5.3.0","description":"Provides a set of useful Windows-specific primitives.","long_description":"# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## Requirements\n\n### Platforms\n\n- Windows 7\n- Windows Server 2008 R2\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n- Windows Server 2016\n\n### Chef\n\n- Chef 13.4+\n\n## Resources\n\n### Deprecated Resources Note\n\nAs of Chef Client 14.0+ the auto_run, feature, feature_dism, feature_powershell, font, pagefile, printer_port, printer, and shortcut resources are now included in the Chef Client. If you are running Chef 14+ the resources in Chef client will take precedence over the resources in this cookbook. In April 2019 we will release a new major version of this cookbook that removes these resources.\n\nAs of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources.\n\n### windows_auto_run\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\n#### Actions\n\n- `:create` - Create an item to be run at login\n- `:remove` - Remove an item that was previously setup to run at login\n\n#### Properties\n\n- `program_name` - Name property. The name of the value to be stored in the registry\n- `path` - The program to be run at login. This property was previous named `program`. Cookbooks using the `program` property will continue to function, but should be updated.\n- `args` - The arguments for the program\n- `root` - The registry root key to put the entry under--`:machine` (default) or `:user`\n\n#### Examples\n\nRun BGInfo at login\n\n```ruby\nwindows_auto_run 'BGINFO' do\n program 'C:/Sysinternals/bginfo.exe'\n args '\\'C:/Sysinternals/Config.bgi\\' /NOLICPROMPT /TIMER:0'\n action :create\nend\n```\n\n### windows_certificate\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n\n- `:create` - creates or updates a certificate.\n- `:delete` - deletes a certificate.\n- `:acl_add` - adds read-only entries to a certificate's private key ACL.\n- `:verify` - logs whether or not a certificate is valid\n\n#### Properties\n\n- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).\n- `pfx_password` - the password to access the source if it is a pfx file.\n- `private_key_acl` - array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- `store_name` - the certificate store to manipulate. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n - DISALLOWED (Untrusted Certificates)\n- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n pfx_password \"password\"\n private_key_acl [\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n store_name \"CA\"\nend\n```\n\n```ruby\n# Remove all certificates matching the subject\nwindows_certificate \"me.acme.com\" do\n action :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:\n - IP v4 address `1.2.3.4`\n - IP v6 address `[::1]`\n - Host name `www.foo.com`\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n cert_name \"d234567890a23f567c901e345bc8901d34567890\"\n name_kind :hash\n store_name \"CA\"\n port 4334\nend\n```\n\n### windows_dns\n\nConfigures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.\n\n#### Actions\n\n- :create: creates/updates the DNS entry\n- :delete: deletes the DNS entry\n\n#### Properties\n\n- host_name: name attribute. FQDN of the entry to act on.\n- dns_server: the DNS server to update. Default is local machine (.)\n- record_type: the type of record to create. One of A (default) or CNAME\n- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias\n- ttl: if > 0 then set the time to live of the record\n\n#### Examples\n\n```ruby\n# Create A record linked to 2 addresses with a 10 minute ttl\nwindows_dns \"m1.chef.test\" do\n target ['10.9.8.7', '1.2.3.4']\n ttl 600\nend\n```\n\n```ruby\n# Delete records. target is mandatory although not used\nwindows_dns \"m1.chef.test\" do\n action :delete\n target []\nend\n```\n\n```ruby\n# Set an alias against the node in a role\nnodes = search( :node, \"role:my_service\" )\nwindows_dns \"myservice.chef.test\" do\n record_type 'CNAME'\n target nodes[0]['fqdn']\nend\n```\n\n### windows_feature\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\n**BREAKING CHANGE - Version 3.0.0**\n\nThis resource has been moved from using LWRPs and multiple providers to using Custom Resources. To maintain functionality, you'll need to change `provider` to `install_method`.\n\nWindows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'.\n\nThis resource allows you to manage these 'features' in an unattended, idempotent way.\n\nThere are two underlying resources that power `windows_feature` which map to the available installation systems on supported releases of Windows: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx) and [PowerShell](https://technet.microsoft.com/en-us/library/cc731774(v=ws.11).aspx). Chef will set the default method to `:windows_feature_dism` if `dism.exe` is present on the system being configured and otherwise use `:windows_feature_powershell`.\n\nFor more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt:\n\nFor Dism:\n\n```text\ndism /online /Get-Features\n```\n\nFor PowerShell:\n\n```text\nget-windowsfeature\n```\n\n#### Actions\n\n- `:install` - install a Windows role/feature\n- `:remove` - remove a Windows role/feature\n- `:delete` - remove a Windows role/feature from the image\n\n#### Properties\n\n- `feature_name` - name of the feature/role(s) to install. The same feature may have different names depending on the underlying resource being used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).\n- `all` - Boolean. Optional. Default: false. For DISM this is the equivalent of specifying the /All switch to dism.exe, forcing all parent dependencies to be installed. With the PowerShell install method, the `-InstallAllSubFeatures` switch is applied. Note that these two methods may not produce identical results.\n- `management_tools` - Boolean. Optional. Default: false. PowerShell only. Includes the `-IncludeManagementTools` switch. Installs all applicable management tools of the roles, role services, or features specified by the feature name.\n- `source` - String. Optional. Uses local repository for feature install.\n- `timeout` - Integer. Optional. Default: 600\\. Specifies a timeout (in seconds) for feature install.\n- `install_method` - Symbol. Optional. If not supplied, Chef will determine which method to use (in the order of `:windows_feature_dism`, `:windows_feature_servercmd`, `:windows_feature_powershell`)\n\n#### Examples\n\nInstall the DHCP Server feature\n\n```ruby\nwindows_feature 'DHCPServer' do\n action :install\nend\n```\n\nInstall the .Net 3.5.1 feature on Server 2012 using repository files on DVD and install all dependencies with a timeout of 900 seconds\n\n```ruby\nwindows_feature \"NetFx3\" do\n action :install\n all true\n source \"d:\\sources\\sxs\"\n timeout 900\nend\n```\n\nRemove Telnet Server and Client features\n\n```ruby\nwindows_feature ['TelnetServer', 'TelnetClient'] do\n action :remove\nend\n```\n\nAdd the SMTP Server feature using the PowerShell provider\n\n```ruby\nwindows_feature \"smtp-server\" do\n action :install\n all true\n install_method :windows_feature_powershell\nend\n```\n\nInstall multiple features using one resource with the PowerShell provider\n\n```ruby\nwindows_feature ['Web-Asp-Net45', 'Web-Net-Ext45'] do\n action :install\n install_method :windows_feature_powershell\nend\n```\n\nInstall the Network Policy and Access Service feature, including the management tools. Which, for this example, will automatically install `RSAT-NPAS` as well.\n\n```ruby\nwindows_feature 'NPAS' do\n action :install\n management_tools true\n install_method :windows_feature_powershell\nend\n```\n\n### windows_font\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\nInstalls font files. Sources the font by default from the cookbook, but a URI source can be specified as well.\n\n#### Actions\n\n- `:install` - install a font to the system fonts directory.\n\n#### Properties\n\n- `font_name` - The file name of the font file name to install. The path defaults to the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name.\n- `source` - A local filesystem path or URI to source the font file from..\n\n#### Examples\n\n```ruby\nwindows_font 'Code New Roman.otf'\n\nwindows_font 'Custom.otf' do\n source \"https://example.com/Custom.otf\"\nend\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n action :delete\nend\n```\n\n### windows_pagefile\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\nConfigures the file that provides virtual memory for applications requiring more memory than available RAM or that are paged out to free up memory in use.\n\n#### Actions\n\n- `:set` - configures the default pagefile, creating if it doesn't exist.\n- `:delete` - deletes the specified pagefile.\n\n#### Properties\n\n- `path` - the path to the pagefile, String, name_property: true\n- `system_managed` - configures whether the system manages the pagefile size. [true, false]\n- `automatic_managed` - all of the settings are managed by the system. If this is set to true, other settings will be ignored. [true, false], default: false\n- `initial_size` - initial size of the pagefile in megbytes. Integer\n- `maximum_size` - maximum size of the pagefile in megbytes. Integer\n\n### windows_printer_port\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreate and delete TCP/IPv4 printer ports.\n\n#### Actions\n\n- `:create` - Create a TCIP/IPv4 printer port. This is the default action.\n- `:delete` - Delete a TCIP/IPv4 printer port\n\n#### Properties\n\n- `ipv4_address` - Name attribute. Required. IPv4 address, e.g. '10.0.24.34'\n- `port_name` - Port name. Optional. Defaults to 'IP_' + `ipv4_address`\n- `port_number` - Port number. Optional. Defaults to 9100.\n- `port_description` - Port description. Optional.\n- `snmp_enabled` - Boolean. Optional. Defaults to false.\n- `port_protocol` - Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1.\n\n#### Examples\n\nCreate a TCP/IP printer port named 'IP_10.4.64.37' with all defaults\n\n```ruby\nwindows_printer_port '10.4.64.37' do\n action :create\nend\n```\n\nDelete a printer port\n\n```ruby\nwindows_printer_port '10.4.64.37' do\n action :delete\nend\n```\n\nDelete a port with a custom port_name\n\n```ruby\nwindows_printer_port '10.4.64.38' do\n port_name 'My awesome port'\n action :delete\nend\n```\n\nCreate a port with more options\n\n```ruby\nwindows_printer_port '10.4.64.39' do\n port_name 'My awesome port'\n snmp_enabled true\n port_protocol 2\nend\n```\n\n### windows_printer\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreate Windows printer. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system.\n\nThe Windows Printer resource will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` resource before creating the printer.\n\n#### Actions\n\n- `:create` - Create a new printer\n- `:delete` - Delete an existing printer\n\n#### Properties\n\n- `device_id` - Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'. Name property.\n- `comment` - Optional string describing the printer queue.\n- `default` - Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting.\n- `driver_name` - String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node.\n- `location` - Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207'\n- `shared` - Boolean. Defaults to false.\n- `share_name` - Printer share name.\n- `ipv4_address` - Printer's IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP address to set it. Required.\n\nAn error of \"Set-WmiInstance : Generic failure\" is most likely due to the printer driver name not matching or not being installed.\n\n#### Examples\n\nCreate a printer\n\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n driver_name 'HP LaserJet 4100 Series PCL6'\n ipv4_address '10.4.64.38'\nend\n```\n\nDelete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port.\n\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n action :delete\nend\n```\n\n### windows_share\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreates, modifies and removes Windows shares. All properties are idempotent.\n\n`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8.\n\n#### Actions\n\n- `:create`: creates/modifies a share\n- `:delete`: deletes a share\n\n#### Properties\n\nproperty | type | default | description\n------------------------ | ---------- | ------------- | -----------------------------------------------------------------------------------------------------------------------------------------------------------\n`share_name` | String | resource name | the share to assign to the share\n`path` | String | | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.\n`description` | String | | description to be applied to the share\n`full_users` | Array | [] | users which should have \"Full control\" permissions\n`change_users` | Array | [] | Users are granted modify permission to access the share.\n`read_users` | Array | [] | users which should have \"Read\" permissions\n`temporary` | True/False | false | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer\n`scope_name` | String | '*' | The scope name of the share.\n`ca_timeout` | Integer | 0 | The continuous availability time-out for the share.\n`continuously_available` | True/False | false | Indicates that the share is continuously available.\n`concurrent_user_limit` | Integer | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate\n`encrypt_data` | True/False | false | Indicates that the share is encrypted.\n\n#### Examples\n\n```ruby\nwindows_share \"foo\" do\n action :create\n path \"C:\\\\foo\"\n full_users [\"DOMAIN_A\\\\some_user\", \"DOMAIN_B\\\\some_other_user\"]\n read_users [\"DOMAIN_C\\\\Domain users\"]\nend\n```\n\n```ruby\nwindows_share \"foo\" do\n action :delete\nend\n```\n\n### windows_shortcut\n\n`Note`: This resource is now included in Chef 14 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreates and modifies Windows shortcuts.\n\n#### Actions\n\n- `:create` - create or modify a windows shortcut\n\n#### Properties\n\n- `shortcut_name` - The name for the shortcut if it differs from the resource name. Name property\n- `target` - Where the shortcut links to.\n- `arguments` - arguments to pass to the target when the shortcut is executed\n- `description` - description of the shortcut\n- `cwd` - Working directory to use when the target is executed\n- `iconlocation` - Icon to use, in the format of `\"path, index\"` where index is which icon in that file to use (See [WshShortcut.IconLocation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx))\n\n#### Examples\n\nAdd a shortcut to all users desktop:\n\n```ruby\nrequire 'win32ole'\nall_users_desktop = WIN32OLE.new(\"WScript.Shell\").SpecialFolders(\"AllUsersDesktop\")\n\nwindows_shortcut \"#{all_users_desktop}/Notepad.lnk\" do\n target \"C:\\\\Windows\\\\notepad.exe\"\n description \"Launch Notepad\"\n iconlocation \"C:\\\\Windows\\\\notepad.exe,0\"\nend\n```\n\n### windows_path\n\n#### Actions\n\n- `:add` - Add an item to the system path\n- `:remove` - Remove an item from the system path\n\n#### Properties\n\n- `path` - Name attribute. The name of the value to add to the system path\n\n#### Examples\n\nAdd Sysinternals to the system path\n\n```ruby\nwindows_path 'C:\\Sysinternals' do\n action :add\nend\n```\n\nRemove 7-Zip from the system path\n\n```ruby\nwindows_path 'C:\\7-Zip' do\n action :remove\nend\n```\n\n### windows_user_privilege\n\nAdds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`).\n\n#### Actions\n\n- `:add` - add the specified privileges to the `principal`\n- `:remove` - remove the specified privilege of the `principal`\n\n#### Properties\n\n- `principal` - Name attribute, Required, String. The user or group to be granted privileges.\n- `privilege` - Required, String/Array. The privilege(s) to be granted.\n\n#### Examples\n\nGrant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight SeServiceLogonRight)\nend\n```\n\nRemove `Logon as a batch job` privilege of Administrator.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight)\n action :remove\nend\n```\n\n#### Available Privileges\n\n```\nSeTrustedCredManAccessPrivilege Access Credential Manager as a trusted caller\nSeNetworkLogonRight Access this computer from the network\nSeTcbPrivilege Act as part of the operating system\nSeMachineAccountPrivilege Add workstations to domain\nSeIncreaseQuotaPrivilege Adjust memory quotas for a process\nSeInteractiveLogonRight Allow log on locally\nSeRemoteInteractiveLogonRight Allow log on through Remote Desktop Services\nSeBackupPrivilege Back up files and directories\nSeChangeNotifyPrivilege Bypass traverse checking\nSeSystemtimePrivilege Change the system time\nSeTimeZonePrivilege Change the time zone\nSeCreatePagefilePrivilege Create a pagefile\nSeCreateTokenPrivilege Create a token object\nSeCreateGlobalPrivilege Create global objects\nSeCreatePermanentPrivilege Create permanent shared objects\nSeCreateSymbolicLinkPrivilege Create symbolic links\nSeDebugPrivilege Debug programs\nSeDenyNetworkLogonRight Deny access this computer from the network\nSeDenyBatchLogonRight Deny log on as a batch job\nSeDenyServiceLogonRight Deny log on as a service\nSeDenyInteractiveLogonRight Deny log on locally\nSeDenyRemoteInteractiveLogonRight Deny log on through Remote Desktop Services\nSeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation\nSeRemoteShutdownPrivilege Force shutdown from a remote system\nSeAuditPrivilege Generate security audits\nSeImpersonatePrivilege Impersonate a client after authentication\nSeIncreaseWorkingSetPrivilege Increase a process working set\nSeIncreaseBasePriorityPrivilege Increase scheduling priority\nSeLoadDriverPrivilege Load and unload device drivers\nSeLockMemoryPrivilege Lock pages in memory\nSeBatchLogonRight Log on as a batch job\nSeServiceLogonRight Log on as a service\nSeSecurityPrivilege Manage auditing and security log\nSeRelabelPrivilege Modify an object label\nSeSystemEnvironmentPrivilege Modify firmware environment values\nSeManageVolumePrivilege Perform volume maintenance tasks\nSeProfileSingleProcessPrivilege Profile single process\nSeSystemProfilePrivilege Profile system performance\nSeUnsolicitedInputPrivilege \"Read unsolicited input from a terminal device\"\nSeUndockPrivilege Remove computer from docking station\nSeAssignPrimaryTokenPrivilege Replace a process level token\nSeRestorePrivilege Restore files and directories\nSeShutdownPrivilege Shut down the system\nSeSyncAgentPrivilege Synchronize directory service data\nSeTakeOwnershipPrivilege Take ownership of files or other objects\n```\n\n### windows_zipfile\n\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.\n\n#### core_version?\n\nDetermines whether given node is running on a windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n when '6.0' then 'Windows vista or Server 2008'\n when '6.1' then 'Windows 7 or Server 2008R2'\n when '6.2' then 'Windows 8 or Server 2012'\n when '6.3' then 'Windows 8.1 or Server 2012R2'\n when '10.0' then 'Windows 10'\nend\n```\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2018, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 13.4"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/windows/metadata.rb b/cookbooks/windows/metadata.rb new file mode 100644 index 0000000..61c0255 --- /dev/null +++ b/cookbooks/windows/metadata.rb @@ -0,0 +1,11 @@ +name 'windows' +maintainer 'Chef Software, Inc.' +maintainer_email 'cookbooks@chef.io' +license 'Apache-2.0' +description 'Provides a set of useful Windows-specific primitives.' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '5.3.0' +supports 'windows' +source_url 'https://github.com/chef-cookbooks/windows' +issues_url 'https://github.com/chef-cookbooks/windows/issues' +chef_version '>= 13.4' diff --git a/cookbooks/windows/providers/dns.rb b/cookbooks/windows/providers/dns.rb new file mode 100644 index 0000000..f6a8b31 --- /dev/null +++ b/cookbooks/windows/providers/dns.rb @@ -0,0 +1,153 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook:: windows +# Provider:: dns +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# See this for info on DNSCMD +# https://technet.microsoft.com/en-gb/library/cc772069.aspx#BKMK_10 + +include Windows::Helper + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + if @current_resource.exists + needs_change = (@new_resource.record_type != @current_resource.record_type) || + (@new_resource.ttl > 0 && @new_resource.ttl != @current_resource.ttl) || + (@new_resource.target.is_a?(String) && @new_resource.target != @current_resource.target) || + (@new_resource.target.is_a?(Array) && !(@new_resource.target - @current_resource.target).empty?) + + if needs_change + converge_by("Changing #{@new_resource.host_name}") do + update_dns + end + else + Chef::Log.debug("#{@new_resource.host_name} already exists - nothing to do") + end + else + converge_by("Creating #{@new_resource.host_name}") do + update_dns + end + end +end + +action :delete do + if @current_resource.exists + converge_by("Deleting #{@current_resource.host_name}") do + execute_command! 'recorddelete', "#{@current_resource.record_type} /f" + end + else + Chef::Log.debug("#{@new_resource.host_name} does not exist - nothing to do") + end +end + +def load_current_resource + # validate the new resource params : A records should be an array + if @new_resource.record_type == 'A' && @new_resource.target.is_a?(String) + raise 'target property must be an array for record_type A' + end + + @current_resource = Chef::Resource::WindowsDns.new(@new_resource.name) + @current_resource.host_name(@new_resource.host_name) + @current_resource.dns_server(@new_resource.dns_server) + + parts = @current_resource.host_name.scan(/(\w+)\.(.*)/) + @host = parts[0][0] + @domain = parts[0][1] + + fetch_attributes +end + +private + +def fetch_attributes + @command = locate_sysnative_cmd('dnscmd.exe') + cmd = shell_out("#{@command} #{@current_resource.dns_server} /enumrecords #{@domain} #{@host}") + Chef::Log.debug "dnscmd reports: #{cmd.stdout}" + + # extract values from returned text + if cmd.stdout.include?('DNS_ERROR_NAME_DOES_NOT_EXIST') + @current_resource.exists = false + @current_resource.target([]) + elsif cmd.exitstatus == 0 + @current_resource.exists = true + + m = cmd.stdout.scan(/(\d+)\s(A)\s+(\d+\.\d+\.\d+\.\d+)/) + if m.empty? + m = cmd.stdout.scan(/(\d+)\s(CNAME)\s+((?:\w+\.)+)/) + if m.empty? + @current_resource.exists = false + @current_resource.target([]) + else + # We have a cname record + @current_resource.record_type('CNAME') + @current_resource.ttl(m[0][0].to_i) + @current_resource.target(m[0][2].chomp('.')) + end + else + # we have A entries + @current_resource.record_type('A') + @current_resource.ttl(m[0][0].to_i) + addresses = [] + m.each do |match| + addresses.push(match[2]) + end + @current_resource.target(addresses) + end + else + raise "dnscmd returned error #{cmd.exitstatus} : #{cmd.stderr} #{cmd.stdout}" + end +end + +def update_dns + ttl = @new_resource.ttl if @new_resource.ttl > 0 + + if @current_resource.record_type != @new_resource.record_type + # delete current record(s) as we're changing the type + execute_command! 'recorddelete', "#{@current_resource.record_type} /f" + end + + if @new_resource.record_type == 'A' + # delete existing records that are no longer defined + (@current_resource.target - @new_resource.target).each do |address| + Chef::Log.info "Deleting #{address}" + execute_command! 'recorddelete', "A #{address} /f" + end + + # add new records that don't exist + # if ttl has changed then update all records + addresses = if @current_resource.ttl == @new_resource.ttl + (@new_resource.target - @current_resource.target) + else + @new_resource.target + end + addresses.each do |address| + Chef::Log.info "Adding/Changing #{address}" + execute_command! 'recordadd', "#{ttl} A #{address}" + end + else + execute_command! 'recordadd', "#{ttl} CNAME #{@new_resource.target}" + end +end + +def execute_command!(mode, options) + shell_out!("#{@command} #{@current_resource.dns_server} /#{mode} #{@domain} #{@host} #{options}") +end diff --git a/cookbooks/windows/recipes/default.rb b/cookbooks/windows/recipes/default.rb index c383261..73845f6 100644 --- a/cookbooks/windows/recipes/default.rb +++ b/cookbooks/windows/recipes/default.rb @@ -3,7 +3,7 @@ # Cookbook:: windows # Recipe:: default # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/windows/resources/auto_run.rb b/cookbooks/windows/resources/auto_run.rb index 4330b99..3b8f993 100644 --- a/cookbooks/windows/resources/auto_run.rb +++ b/cookbooks/windows/resources/auto_run.rb @@ -3,8 +3,8 @@ # Cookbook:: windows # Resource:: auto_run # -# Copyright:: 2011-2017, Business Intelligence Associates, Inc. -# Copyright:: 2017, Chef Software, Inc. +# Copyright:: 2011-2018, Business Intelligence Associates, Inc. +# Copyright:: 2017-2018, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,28 +19,48 @@ # limitations under the License. # -property :program, String -property :name, String, name_property: true +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_auto_run + +property :program_name, String, name_property: true +property :path, String, coerce: proc { |x| x.tr('/', '\\') } property :args, String +property :root, Symbol, + equal_to: %i(machine user), + default: :machine + +alias_method :program, :path action :create do - registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do + data = "\"#{new_resource.path}\"" + data << " #{new_resource.args}" if new_resource.args + + registry_key registry_path do values [{ - name: new_resource.name, + name: new_resource.program_name, type: :string, - data: "\"#{new_resource.program}\" #{new_resource.args}", + data: data, }] action :create end end action :remove do - registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do + registry_key registry_path do values [{ - name: new_resource.name, + name: new_resource.program_name, type: :string, data: '', }] action :delete end end + +action_class do + # determine the full registry path based on the root property + # @return [String] + def registry_path + { machine: 'HKLM', user: 'HKCU' }[new_resource.root] + \ + '\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' + end +end diff --git a/cookbooks/windows/resources/certificate.rb b/cookbooks/windows/resources/certificate.rb index 783093d..4003fbb 100644 --- a/cookbooks/windows/resources/certificate.rb +++ b/cookbooks/windows/resources/certificate.rb @@ -4,6 +4,7 @@ # Resource:: certificate # # Copyright:: 2015-2017, Calastone Ltd. +# Copyright:: 2018-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,29 +19,38 @@ # limitations under the License. # -include Windows::Helper +require 'chef/util/path_helper' -property :source, String, name_property: true, required: true +chef_version_for_provides '< 14.7' if respond_to?(:chef_version_for_provides) +resource_name :windows_certificate + +property :source, String, name_property: true property :pfx_password, String property :private_key_acl, Array -property :store_name, String, default: 'MY', regex: /^(?:MY|CA|ROOT|TrustedPublisher|TRUSTEDPEOPLE)$/ -property :user_store, [true, false], default: false +property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'TrustedPublisher', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST', 'DISALLOWED'] +property :user_store, [TrueClass, FalseClass], default: false +property :cert_path, String +property :sensitive, [ TrueClass, FalseClass ], default: lazy { |r| r.pfx_password ? true : false } action :create do - hash = '$cert.GetCertHashString()' - code_script = cert_script(true) << - within_store_script { |store| store + '.Add($cert)' } << - acl_script(hash) + load_gem - guard_script = cert_script(false) << - cert_exists_script(hash) + # Extension of the certificate + ext = ::File.extname(new_resource.source) + cert_obj = fetch_cert_object(ext) # Fetch OpenSSL::X509::Certificate object + thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint - converge_by("adding certificate #{new_resource.source} into #{new_resource.store_name} to #{cert_location}\\#{new_resource.store_name}") do - powershell_script new_resource.name do - guard_interpreter :powershell_script - convert_boolean_return true - code code_script - not_if guard_script + # Need to check if return value is Boolean:true + # If not then the given certificate should be added in certstore + if verify_cert(thumbprint) == true + Chef::Log.debug('Certificate is already present') + else + converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do + if ext == '.pfx' + add_pfx_cert + else + add_cert(cert_obj) + end end end end @@ -60,59 +70,146 @@ action :acl_add do code_script << acl_script(hash) guard_script << cert_exists_script(hash) - converge_by("setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}") do - powershell_script new_resource.name do - guard_interpreter :powershell_script - convert_boolean_return true - code code_script - only_if guard_script - end + powershell_script "setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}" do + guard_interpreter :powershell_script + convert_boolean_return true + code code_script + only_if guard_script + sensitive if new_resource.sensitive end end action :delete do - # do we have a hash or a subject? - # TODO: It's a bit annoying to know the thumbprint of a cert you want to remove when you already - # have the file. Support reading the hash directly from the file if provided. - search = if new_resource.source =~ /^[a-fA-F0-9]{40}$/ - "Thumbprint -eq '#{new_resource.source}'" - else - "Subject -like '*#{new_resource.source.sub(/\*/, '`*')}*'" # escape any * in the source - end - cert_command = "Get-ChildItem Cert:\\#{cert_location}\\#{new_resource.store_name} | where { $_.#{search} }" + load_gem - code_script = within_store_script do |store| - <<-EOH -foreach ($c in #{cert_command}) -{ - #{store}.Remove($c) -} -EOH - end - guard_script = "@(#{cert_command}).Count -gt 0\n" - converge_by("Removing certificate #{new_resource.source} from #{cert_location}\\#{new_resource.store_name}") do - powershell_script new_resource.name do - guard_interpreter :powershell_script - convert_boolean_return true - code code_script - only_if guard_script + cert_obj = fetch_cert + if cert_obj + converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do + delete_cert end + else + Chef::Log.debug('Certificate not found') end end +action :fetch do + load_gem + + cert_obj = fetch_cert + if cert_obj + show_or_store_cert(cert_obj) + else + Chef::Log.debug('Certificate not found') + end +end + +action :verify do + load_gem + + out = verify_cert + if !!out == out + out = out ? 'Certificate is valid' : 'Certificate not valid' + end + Chef::Log.info(out.to_s) +end + action_class do + require 'openssl' + + # load the gem and rescue a gem install if it fails to load + def load_gem + gem 'win32-certstore', '>= 0.2.4' + require 'win32-certstore' # until this is in core chef + rescue LoadError + Chef::Log.debug('Did not find win32-certstore >= 0.2.4 gem installed. Installing now') + chef_gem 'win32-certstore' do + compile_time true + action :upgrade + end + + require 'win32-certstore' + end + + def add_cert(cert_obj) + store = ::Win32::Certstore.open(new_resource.store_name) + store.add(cert_obj) + end + + def add_pfx_cert + store = ::Win32::Certstore.open(new_resource.store_name) + store.add_pfx(new_resource.source, new_resource.pfx_password) + end + + def delete_cert + store = ::Win32::Certstore.open(new_resource.store_name) + store.delete(new_resource.source) + end + + def fetch_cert + store = ::Win32::Certstore.open(new_resource.store_name) + store.get(new_resource.source) + end + + # Checks whether a certificate with the given thumbprint + # is already present and valid in certificate store + # If the certificate is not present, verify_cert returns a String: "Certificate not found" + # But if it is present but expired, it returns a Boolean: false + # Otherwise, it returns a Boolean: true + def verify_cert(thumbprint = new_resource.source) + store = ::Win32::Certstore.open(new_resource.store_name) + store.valid?(thumbprint) + end + + def show_or_store_cert(cert_obj) + if new_resource.cert_path + export_cert(cert_obj, new_resource.cert_path) + if ::File.size(new_resource.cert_path) > 0 + Chef::Log.info("Certificate export in #{new_resource.cert_path}") + else + ::File.delete(new_resource.cert_path) + end + else + Chef::Log.info(cert_obj.display) + end + end + + def export_cert(cert_obj, cert_path) + out_file = ::File.new(cert_path, 'w+') + case ::File.extname(cert_path) + when '.pem' + out_file.puts(cert_obj.to_pem) + when '.der' + out_file.puts(cert_obj.to_der) + when '.cer' + cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout + out_file.puts(cert_out) + when '.crt' + cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout + out_file.puts(cert_out) + when '.pfx' + cert_out = powershell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout + out_file.puts(cert_out) + when '.p7b' + cert_out = powershell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout + out_file.puts(cert_out) + else + Chef::Log.info('Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b') + end + out_file.close + end + def cert_location @location ||= new_resource.user_store ? 'CurrentUser' : 'LocalMachine' end def cert_script(persist) cert_script = '$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2' - file = win_friendly_path(new_resource.source) + file = Chef::Util::PathHelper.cleanpath(new_resource.source) cert_script << " \"#{file}\"" if ::File.extname(file.downcase) == '.pfx' cert_script << ", \"#{new_resource.pfx_password}\"" if persist && new_resource.user_store - cert_script << ', [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet' + cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)' elsif persist cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeyset)' end @@ -122,45 +219,83 @@ action_class do def cert_exists_script(hash) <<-EOH - $hash = #{hash} - Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" - EOH +$hash = #{hash} +Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" + EOH end def within_store_script inner_script = yield '$store' <<-EOH - $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location}) - $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) - #{inner_script} - $store.Close() - EOH +$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location}) +$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) +#{inner_script} +$store.Close() + EOH end def acl_script(hash) return '' if new_resource.private_key_acl.nil? || new_resource.private_key_acl.empty? + # this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx set_acl_script = <<-EOH - $hash = #{hash} - $storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" - if ($storeCert -eq $null) { throw 'no key exists.' } - $keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName - if ($keyname -eq $null) { throw 'no private key exists.' } - if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore) - { - $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname" - } - else - { - $currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName) - $userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value - $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname" - } - EOH +$hash = #{hash} +$storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" +if ($storeCert -eq $null) { throw 'no key exists.' } +$keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName +if ($keyname -eq $null) { throw 'no private key exists.' } +if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore) +{ + $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname" +} +else +{ + $currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName) + $userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value + $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname" +} + EOH new_resource.private_key_acl.each do |name| set_acl_script << "$uname='#{name}'; icacls $fullpath /grant $uname`:RX\n" end set_acl_script end + + # Method returns an OpenSSL::X509::Certificate object + # + # Based on its extension, the certificate contents are used to initialize + # PKCS12 (PFX), PKCS7 (P7B) objects which contains OpenSSL::X509::Certificate. + # + # @note Other then PEM, all the certificates are usually in binary format, and hence + # their contents are loaded by using File.binread + # + # @param ext [String] Extension of the certificate + # + # @return [OpenSSL::X509::Certificate] Object containing certificate's attributes + # + # @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate + # + def fetch_cert_object(ext) + contents = if binary_cert? + ::File.binread(new_resource.source) + else + ::File.read(new_resource.source) + end + + case ext + when '.pfx' + OpenSSL::PKCS12.new(contents, new_resource.pfx_password).certificate + when '.p7b' + OpenSSL::PKCS7.new(contents).certificates.first + else + OpenSSL::X509::Certificate.new(contents) + end + end + + # @return [Boolean] Whether the certificate file is binary encoded or not + # + def binary_cert? + powershell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == 'binary' + end end diff --git a/cookbooks/windows/resources/certificate_binding.rb b/cookbooks/windows/resources/certificate_binding.rb index 507ab85..df0aa44 100644 --- a/cookbooks/windows/resources/certificate_binding.rb +++ b/cookbooks/windows/resources/certificate_binding.rb @@ -4,6 +4,7 @@ # Resource:: certificate_binding # # Copyright:: 2015-2017, Calastone Ltd. +# Copyright:: 2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,20 +19,20 @@ # limitations under the License. # -include Chef::Mixin::ShellOut include Chef::Mixin::PowershellOut include Windows::Helper -property :cert_name, String, name_property: true, required: true +property :cert_name, String, name_property: true property :name_kind, Symbol, equal_to: [:hash, :subject], default: :subject property :address, String, default: '0.0.0.0' property :port, Integer, default: 443 property :app_id, String, default: '{4dc3e181-e14b-4a21-b022-59fc669b0914}' -property :store_name, String, default: 'MY', regex: /^(?:MY|CA|ROOT)$/ +property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST'] property :exists, [true, false], desired_state: true load_current_value do |desired| - cmd = shell_out("#{locate_sysnative_cmd('netsh.exe')} http show sslcert ipport=#{desired.address}:#{desired.port}") + mode = desired.address.match(/(\d+\.){3}\d+|\[.+\]/).nil? ? 'hostnameport' : 'ipport' + cmd = shell_out("#{locate_sysnative_cmd('netsh.exe')} http show sslcert #{mode}=#{desired.address}:#{desired.port}") Chef::Log.debug "netsh reports: #{cmd.stdout}" address desired.address @@ -88,7 +89,8 @@ action_class do def add_binding(hash) cmd = "#{netsh_command} http add sslcert" - cmd << " ipport=#{current_resource.address}:#{current_resource.port}" + mode = address_mode(current_resource.address) + cmd << " #{mode}=#{current_resource.address}:#{current_resource.port}" cmd << " certhash=#{hash}" cmd << " appid=#{current_resource.app_id}" cmd << " certstorename=#{current_resource.store_name}" @@ -98,7 +100,8 @@ action_class do end def delete_binding - shell_out!("#{netsh_command} http delete sslcert ipport=#{current_resource.address}:#{current_resource.port}") + mode = address_mode(current_resource.address) + shell_out!("#{netsh_command} http delete sslcert #{mode}=#{current_resource.address}:#{current_resource.port}") end def check_hash(hash) @@ -125,4 +128,8 @@ action_class do hash = p.stdout.strip hash[0].ord == 239 ? hash.force_encoding('UTF-8').delete!("\xEF\xBB\xBF".force_encoding('UTF-8')) : hash end + + def address_mode(address) + address.match(/(\d+\.){3}\d+|\[.+\]/).nil? ? 'hostnameport' : 'ipport' + end end diff --git a/cookbooks/iis/recipes/mod_auth_digest.rb b/cookbooks/windows/resources/dns.rb similarity index 51% rename from cookbooks/iis/recipes/mod_auth_digest.rb rename to cookbooks/windows/resources/dns.rb index 53e06b5..35b0274 100644 --- a/cookbooks/iis/recipes/mod_auth_digest.rb +++ b/cookbooks/windows/resources/dns.rb @@ -1,9 +1,9 @@ # -# Author:: Justin Schuhmann -# Cookbook:: iis -# Recipe:: mod_auth_basic +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Resource:: dns # -# Copyright:: 2016, Justin Schuhmann +# Copyright:: 2015, Calastone Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,19 +18,13 @@ # limitations under the License. # -include_recipe 'iis' +actions :create, :delete +default_action :create -feature = if Opscode::IIS::Helper.older_than_windows2008r2? - 'Web-Digest-Auth' - else - 'IIS-DigestAuthentication' - end +attribute :host_name, kind_of: String, name_property: true, required: true +attribute :record_type, kind_of: String, default: 'A', regex: /^(?:A|CNAME)$/ +attribute :dns_server, kind_of: String, default: '.' +attribute :target, kind_of: [Array, String], required: true +attribute :ttl, kind_of: Integer, required: false, default: 0 -windows_feature feature do - action :install -end - -iis_section 'unlocks digest authentication control in web.config' do - section 'system.webServer/security/authentication/digestAuthentication' - action :unlock -end +attr_accessor :exists diff --git a/cookbooks/windows/resources/feature.rb b/cookbooks/windows/resources/feature.rb index e55ff5a..e6c4542 100644 --- a/cookbooks/windows/resources/feature.rb +++ b/cookbooks/windows/resources/feature.rb @@ -3,7 +3,7 @@ # Cookbook:: windows # Resource:: feature # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,65 +18,42 @@ # limitations under the License. # +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_feature + property :feature_name, [Array, String], name_property: true property :source, String property :all, [true, false], default: false +property :management_tools, [true, false], default: false property :install_method, Symbol, equal_to: [:windows_feature_dism, :windows_feature_powershell, :windows_feature_servermanagercmd] - -include Windows::Helper - -def whyrun_supported? - true -end +property :timeout, Integer, default: 600 action :install do - run_default_provider :install + run_default_subresource :install end action :remove do - run_default_provider :remove + run_default_subresource :remove end action :delete do - run_default_provider :delete + run_default_subresource :delete end action_class do - def locate_default_provider - if new_resource.install_method - new_resource.install_method - elsif ::File.exist?(locate_sysnative_cmd('dism.exe')) - :windows_feature_dism - elsif ::File.exist?(locate_sysnative_cmd('servermanagercmd.exe')) - :windows_feature_servermanagercmd - else - :windows_feature_powershell - end - end + # call the appropriate windows_feature resource based on the specified subresource + # @return [void] + def run_default_subresource(desired_action) + raise 'Support for Windows feature installation via servermanagercmd.exe has been removed as this support is no longer needed in Windows 2008 R2 and above. You will need to update your cookbook to install either via dism or powershell (preferred).' if new_resource.install_method == :windows_feature_servermanagercmd - def run_default_provider(desired_action) - case locate_default_provider - when :windows_feature_dism - windows_feature_dism new_resource.name do - action desired_action - feature_name new_resource.feature_name - source new_resource.source if new_resource.source - all new_resource.all - end - when :windows_feature_servermanagercmd - windows_feature_servermanagercmd new_resource.name do - action desired_action - feature_name new_resource.feature_name - source new_resource.source if new_resource.source - all new_resource.all - end - when :windows_feature_powershell - windows_feature_powershell new_resource.name do - action desired_action - feature_name new_resource.feature_name - source new_resource.source if new_resource.source - all new_resource.all - end + subresource = new_resource.install_method || :windows_feature_dism + declare_resource(subresource, new_resource.name) do + action desired_action + feature_name new_resource.feature_name + source new_resource.source if new_resource.source + all new_resource.all + timeout new_resource.timeout + management_tools new_resource.management_tools if subresource == :windows_feature_powershell end end end diff --git a/cookbooks/windows/resources/feature_dism.rb b/cookbooks/windows/resources/feature_dism.rb index 9a9da56..a028ed4 100644 --- a/cookbooks/windows/resources/feature_dism.rb +++ b/cookbooks/windows/resources/feature_dism.rb @@ -1,9 +1,9 @@ # # Author:: Seth Chisamore () # Cookbook:: windows -# Provider:: feature_dism +# Resource:: feature_dism # -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,87 +18,191 @@ # limitations under the License. # -property :feature_name, [Array, String], name_property: true +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_feature_dism + +property :feature_name, [Array, String], coerce: proc { |x| to_formatted_array(x) }, name_property: true property :source, String property :all, [true, false], default: false +property :timeout, Integer, default: 600 + +# @return [Array] lowercase the array unless we're on < Windows 2012 +def to_formatted_array(x) + x = x.split(/\s*,\s*/) if x.is_a?(String) # split multiple forms of a comma separated list + + # feature installs on windows < 2012 are case sensitive so only downcase when on 2012+ + # @todo when we're really ready to remove support for Windows 2008 R2 this check can go away + older_than_2012_or_8? ? x : x.map(&:downcase) +end + +# a simple helper to determine if we're on a windows release pre-2012 / 8 +# @return [Boolean] Is the system older than Windows 8 / 2012 +def older_than_2012_or_8? + node['platform_version'].to_f < 6.2 +end -include Chef::Mixin::ShellOut include Windows::Helper action :install do - Chef::Log.warn("Requested feature #{new_resource.feature_name} is not available on this system.") unless available? - unless !available? || installed? - converge_by("install Windows feature #{new_resource.feature_name}") do - addsource = new_resource.source ? "/LimitAccess /Source:\"#{new_resource.source}\"" : '' - addall = new_resource.all ? '/All' : '' - shell_out!("#{dism} /online /enable-feature #{to_array(new_resource.feature_name).map { |feature| "/featurename:#{feature}" }.join(' ')} /norestart #{addsource} #{addall}", returns: [0, 42, 127, 3010]) - # Reload ohai data - reload_ohai_features_plugin(new_resource.action, new_resource.feature_name) + reload_cached_dism_data unless node['dism_features_cache'] + fail_if_unavailable # fail if the features don't exist + + Chef::Log.debug("Windows features needing installation: #{features_to_install.empty? ? 'none' : features_to_install.join(',')}") + unless features_to_install.empty? + message = "install Windows feature#{'s' if features_to_install.count > 1} #{features_to_install.join(',')}" + converge_by(message) do + install_command = "#{dism} /online /enable-feature #{features_to_install.map { |f| "/featurename:#{f}" }.join(' ')} /norestart" + install_command << " /LimitAccess /Source:\"#{new_resource.source}\"" if new_resource.source + install_command << ' /All' if new_resource.all + + begin + shell_out!(install_command, returns: [0, 42, 127, 3010], timeout: new_resource.timeout) + rescue Mixlib::ShellOut::ShellCommandFailed => e + raise "Error 50 returned by DISM related to parent features, try setting the 'all' property to 'true' on the 'windows_feature_dism' resource." if required_parent_feature?(e.inspect) + raise e.message + end + reload_cached_dism_data # Reload cached dism feature state end end end action :remove do - if installed? - converge_by("removing Windows feature #{new_resource.feature_name}") do - shell_out!("#{dism} /online /disable-feature #{to_array(new_resource.feature_name).map { |feature| "/featurename:#{feature}" }.join(' ')} /norestart", returns: [0, 42, 127, 3010]) - # Reload ohai data - reload_ohai_features_plugin(new_resource.action, new_resource.feature_name) + reload_cached_dism_data unless node['dism_features_cache'] + + Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? 'none' : features_to_remove.join(',')}") + unless features_to_remove.empty? + message = "remove Windows feature#{'s' if features_to_remove.count > 1} #{features_to_remove.join(',')}" + + converge_by(message) do + shell_out!("#{dism} /online /disable-feature #{features_to_remove.map { |f| "/featurename:#{f}" }.join(' ')} /norestart", returns: [0, 42, 127, 3010], timeout: new_resource.timeout) + + reload_cached_dism_data # Reload cached dism feature state end end end action :delete do - raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not support on #{win_version.sku}" unless supports_feature_delete? - if available? - converge_by("deleting Windows feature #{new_resource.feature_name} from the image") do - shell_out!("#{dism} /online /disable-feature #{to_array(new_resource.feature_name).map { |feature| "/featurename:#{feature}" }.join(' ')} /Remove /norestart", returns: [0, 42, 127, 3010]) - # Reload ohai data - reload_ohai_features_plugin(new_resource.action, new_resource.feature_name) + raise_if_delete_unsupported + + reload_cached_dism_data unless node['dism_features_cache'] + + fail_if_unavailable # fail if the features don't exist + + Chef::Log.debug("Windows features needing deletion: #{features_to_delete.empty? ? 'none' : features_to_delete.join(',')}") + unless features_to_delete.empty? + message = "delete Windows feature#{'s' if features_to_delete.count > 1} #{features_to_delete.join(',')} from the image" + converge_by(message) do + shell_out!("#{dism} /online /disable-feature #{features_to_delete.map { |f| "/featurename:#{f}" }.join(' ')} /Remove /norestart", returns: [0, 42, 127, 3010], timeout: new_resource.timeout) + + reload_cached_dism_data # Reload cached dism feature state end end end action_class do - def installed? - @installed ||= begin - install_ohai_plugin unless node['dism_features'] + # @return [Array] features the user has requested to install which need installation + def features_to_install + @install ||= begin + # disabled features are always available to install + available_for_install = node['dism_features_cache']['disabled'].dup - # Compare against ohai plugin instead of costly dism run - node['dism_features'].key?(new_resource.feature_name) && node['dism_features'][new_resource.feature_name] =~ /Enable/ + # removed features are also available for installation + available_for_install.concat(node['dism_features_cache']['removed']) + + # the intersection of the features to install & disabled/removed features are what needs installing + new_resource.feature_name & available_for_install end end - def available? - @available ||= begin - install_ohai_plugin unless node['dism_features'] + # @return [Array] features the user has requested to remove which need removing + def features_to_remove + # the intersection of the features to remove & enabled features are what needs removing + @remove ||= new_resource.feature_name & node['dism_features_cache']['enabled'] + end - # Compare against ohai plugin instead of costly dism run - node['dism_features'].key?(new_resource.feature_name) && node['dism_features'][new_resource.feature_name] !~ /with payload removed/ + # @return [Array] features the user has requested to delete which need deleting + def features_to_delete + # the intersection of the features to remove & enabled/disabled features are what needs removing + @remove ||= begin + all_available = node['dism_features_cache']['enabled'] + + node['dism_features_cache']['disabled'] + new_resource.feature_name & all_available end end - def reload_ohai_features_plugin(take_action, feature_name) - ohai "Reloading Dism_Features Plugin - Action #{take_action} of feature #{feature_name}" do - action :reload - plugin 'dism_features' + # if any features are not supported on this release of Windows or + # have been deleted raise with a friendly message. At one point in time + # we just warned, but this goes against the behavior of ever other package + # provider in Chef and it isn't clear what you'd want if you passed an array + # and some features were available and others were not. + # @return [void] + def fail_if_unavailable + all_available = node['dism_features_cache']['enabled'] + + node['dism_features_cache']['disabled'] + + node['dism_features_cache']['removed'] + + # the difference of desired features to install to all features is what's not available + unavailable = (new_resource.feature_name - all_available) + raise "The Windows feature#{'s' if unavailable.count > 1} #{unavailable.join(',')} #{unavailable.count > 1 ? 'are' : 'is'} not available on this version of Windows. Run 'dism /online /Get-Features' to see the list of available feature names." unless unavailable.empty? + end + + # run dism.exe to get a list of all available features and their state + # and save that to the node at node.override level. + # We do this because getting a list of features in dism takes at least a second + # and this data will be persisted across multiple resource runs which gives us + # a much faster run when no features actually need to be installed / removed. + # @return [void] + def reload_cached_dism_data + Chef::Log.debug('Caching Windows features available via dism.exe.') + node.override['dism_features_cache'] = Mash.new + node.override['dism_features_cache']['enabled'] = [] + node.override['dism_features_cache']['disabled'] = [] + node.override['dism_features_cache']['removed'] = [] + + # Grab raw feature information from dism command line + raw_list_of_features = shell_out("#{dism} /Get-Features /Online /Format:Table /English").stdout + + # Split stdout into an array by windows line ending + features_list = raw_list_of_features.split("\r\n") + features_list.each do |feature_details_raw| + case feature_details_raw + when /Payload Removed/ # matches 'Disabled with Payload Removed' + add_to_feature_mash('removed', feature_details_raw) + when /Enable/ # matches 'Enabled' and 'Enable Pending' aka after reboot + add_to_feature_mash('enabled', feature_details_raw) + when /Disable/ # matches 'Disabled' and 'Disable Pending' aka after reboot + add_to_feature_mash('disabled', feature_details_raw) + end end + Chef::Log.debug("The dism cache contains\n#{node['dism_features_cache']}") end - def install_ohai_plugin - Chef::Log.info("node['dism_features'] data missing. Installing the dism_features Ohai plugin") + # parse the feature string and add the values to the appropriate array + # in the + # strips trailing whitespace characters then split on n number of spaces + # + | + n number of spaces + # @return [void] + def add_to_feature_mash(feature_type, feature_string) + feature_details = feature_string.strip.split(/\s+[|]\s+/).first - ohai_plugin 'dism_features' do - compile_time true - cookbook 'windows' - end + # dism on windows 2012+ isn't case sensitive so it's best to compare + # lowercase lists so the user input doesn't need to be case sensitive + # @todo when we're ready to remove windows 2008R2 the gating here can go away + feature_details.downcase! unless older_than_2012_or_8? + node.override['dism_features_cache'][feature_type] << feature_details end - def supports_feature_delete? - win_version.major_version >= 6 && win_version.minor_version >= 2 + # Fail unless we're on windows 8+ / 2012+ where deleting a feature is supported + # @return [void] + def raise_if_delete_unsupported + raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not support on Windows releases before Windows 8/2012. Cannot continue!" if older_than_2012_or_8? end - # account for File System Redirector + def required_parent_feature?(error_message) + error_message.include?('Error: 50') && error_message.include?('required parent feature') + end + + # find dism accounting for File System Redirector # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx def dism @dism ||= begin diff --git a/cookbooks/windows/resources/feature_powershell.rb b/cookbooks/windows/resources/feature_powershell.rb index 04d6687..cfcaec5 100644 --- a/cookbooks/windows/resources/feature_powershell.rb +++ b/cookbooks/windows/resources/feature_powershell.rb @@ -1,70 +1,242 @@ # # Author:: Greg Zapp () # Cookbook:: windows -# Provider:: feature_powershell +# Resource:: feature_powershell +# +# Copyright:: 2015-2018, Chef Software, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # -property :feature_name, [Array, String], name_attribute: true +require 'chef/json_compat' + +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_feature_powershell + +property :feature_name, [Array, String], coerce: proc { |x| to_formatted_array(x) }, name_property: true property :source, String -property :all, [true, false], default: false +property :all, [TrueClass, FalseClass], default: false +property :timeout, Integer, default: 600 +property :management_tools, [TrueClass, FalseClass], default: false + +# a simple helper to determine if we're on a windows release pre-2012 / 8 +# @return [Boolean] Is the system older than Windows 8 / 2012 +def older_than_2012_or_8? + node['platform_version'].to_f < 6.2 +end + +def to_formatted_array(x) + x = x.split(/\s*,\s*/) if x.is_a?(String) # split multiple forms of a comma separated list + + # feature installs on windows < 8/2012 are case sensitive so only downcase when on 2012+ + older_than_2012_or_8? ? x : x.map(&:downcase) +end include Chef::Mixin::PowershellOut -include Windows::Helper + +action :install do + raise_on_old_powershell + + reload_cached_powershell_data unless node['powershell_features_cache'] + fail_if_unavailable # fail if the features don't exist + fail_if_removed # fail if the features are in removed state + + Chef::Log.debug("Windows features needing installation: #{features_to_install.empty? ? 'none' : features_to_install.join(',')}") + unless features_to_install.empty? + converge_by("install Windows feature#{'s' if features_to_install.count > 1} #{features_to_install.join(',')}") do + install_command = "#{install_feature_cmdlet} #{features_to_install.join(',')}" + install_command << ' -IncludeAllSubFeature' if new_resource.all + if older_than_2012_or_8? && (new_resource.source || new_resource.management_tools) + Chef::Log.warn("The 'source' and 'management_tools' properties are only available on Windows 8/2012 or greater. Skipping these properties!") + else + install_command << " -Source \"#{new_resource.source}\"" if new_resource.source + install_command << ' -IncludeManagementTools' if new_resource.management_tools + end + + cmd = powershell_out!(install_command, timeout: new_resource.timeout) + Chef::Log.info(cmd.stdout) + + reload_cached_powershell_data # Reload cached powershell feature state + end + end +end action :remove do - if installed? - converge_by("remove Windows feature #{new_resource.feature_name}") do - cmd = powershell_out!("#{remove_feature_cmdlet} #{to_array(new_resource.feature_name).join(',')}") + raise_on_old_powershell + + reload_cached_powershell_data unless node['powershell_features_cache'] + + Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? 'none' : features_to_remove.join(',')}") + + unless features_to_remove.empty? + converge_by("remove Windows feature#{'s' if features_to_remove.count > 1} #{features_to_remove.join(',')}") do + cmd = powershell_out!("#{remove_feature_cmdlet} #{features_to_remove.join(',')}", timeout: new_resource.timeout) Chef::Log.info(cmd.stdout) + + reload_cached_powershell_data # Reload cached powershell feature state end end end action :delete do - if available? - converge_by("delete Windows feature #{new_resource.feature_name} from the image") do - cmd = powershell_out!("Uninstall-WindowsFeature #{to_array(new_resource.feature_name).join(',')} -Remove") + raise_on_old_powershell + raise_if_delete_unsupported + + reload_cached_powershell_data unless node['powershell_features_cache'] + + fail_if_unavailable # fail if the features don't exist + + Chef::Log.debug("Windows features needing deletion: #{features_to_delete.empty? ? 'none' : features_to_delete.join(',')}") + + unless features_to_delete.empty? + converge_by("delete Windows feature#{'s' if features_to_delete.count > 1} #{features_to_delete.join(',')} from the image") do + cmd = powershell_out!("Uninstall-WindowsFeature #{features_to_delete.join(',')} -Remove", timeout: new_resource.timeout) Chef::Log.info(cmd.stdout) + + reload_cached_powershell_data # Reload cached powershell feature state end end end action_class do + # shellout to determine the actively installed version of powershell + # we have this same data in ohai, but it doesn't get updated if powershell is installed mid run + # @return [Integer] the powershell version or 0 for nothing + def powershell_version + cmd = powershell_out('$PSVersionTable.psversion.major') + return 1 if cmd.stdout.empty? # PowerShell 1.0 doesn't have a $PSVersionTable + Regexp.last_match(1).to_i if cmd.stdout =~ /^(\d+)/ + rescue Errno::ENOENT + 0 # zero as in nothing is installed + end + + # raise if we're running powershell less than 3.0 since we need convertto-json + # check the powershell version via ohai data and if we're < 3.0 also shellout to make sure as + # a newer version could be installed post ohai run. Yes we're double checking. It's fine. + # @todo this can go away when we fully remove support for Windows 2008 R2 + # @raise [RuntimeError] Raise if powershell is < 3.0 + def raise_on_old_powershell + # be super defensive about the powershell lang plugin not being there + return if node['languages'] && node['languages']['powershell'] && node['languages']['powershell']['version'].to_i >= 3 + raise 'The windows_feature_powershell resource requires PowerShell 3.0 or later. Please install PowerShell 3.0+ before running this resource.' if powershell_version < 3 + end + + # The appropirate cmdlet to install a windows feature based on windows release + # @return [String] def install_feature_cmdlet - node['os_version'].to_f < 6.2 ? 'Import-Module ServerManager; Add-WindowsFeature' : 'Install-WindowsFeature' + older_than_2012_or_8? ? 'Add-WindowsFeature' : 'Install-WindowsFeature' end + # The appropirate cmdlet to remove a windows feature based on windows release + # @return [String] def remove_feature_cmdlet - node['os_version'].to_f < 6.2 ? 'Import-Module ServerManager; Remove-WindowsFeature' : 'Uninstall-WindowsFeature' + older_than_2012_or_8? ? 'Remove-WindowsFeature' : 'Uninstall-WindowsFeature' end - def installed? - @installed ||= begin - cmd = powershell_out("(Get-WindowsFeature #{to_array(new_resource.feature_name).join(',')} | ?{$_.InstallState -ne \'Installed\'}).count") - cmd.stderr.empty? && cmd.stdout.chomp.to_i == 0 + # @return [Array] features the user has requested to install which need installation + def features_to_install + # the intersection of the features to install & disabled features are what needs installing + @install ||= new_resource.feature_name & node['powershell_features_cache']['disabled'] + end + + # @return [Array] features the user has requested to remove which need removing + def features_to_remove + # the intersection of the features to remove & enabled features are what needs removing + @remove ||= new_resource.feature_name & node['powershell_features_cache']['enabled'] + end + + # @return [Array] features the user has requested to delete which need deleting + def features_to_delete + # the intersection of the features to remove & enabled/disabled features are what needs removing + @remove ||= begin + all_available = node['powershell_features_cache']['enabled'] + + node['powershell_features_cache']['disabled'] + new_resource.feature_name & all_available end end - def available? - @available ||= begin - cmd = powershell_out("(Get-WindowsFeature #{to_array(new_resource.feature_name).join(',')} | ?{$_.InstallState -ne \'Removed\'}).count") - cmd.stderr.empty? && cmd.stdout.chomp.to_i > 0 - end - end -end - -action :install do - Chef::Log.warn("Requested feature #{new_resource.feature_name} is not available on this system.") unless available? - unless !available? || installed? - converge_by("install Windows feature #{new_resource.feature_name}") do - addsource = new_resource.source ? "-Source \"#{new_resource.source}\"" : '' - addall = new_resource.all ? '-IncludeAllSubFeature' : '' - cmd = if node['os_version'].to_f < 6.2 - powershell_out!("#{install_feature_cmdlet} #{to_array(new_resource.feature_name).join(',')} #{addall}") - else - powershell_out!("#{install_feature_cmdlet} #{to_array(new_resource.feature_name).join(',')} #{addsource} #{addall}") - end - Chef::Log.info(cmd.stdout) + # if any features are not supported on this release of Windows or + # have been deleted raise with a friendly message. At one point in time + # we just warned, but this goes against the behavior of ever other package + # provider in Chef and it isn't clear what you'd want if you passed an array + # and some features were available and others were not. + # @return [void] + def fail_if_unavailable + all_available = node['powershell_features_cache']['enabled'] + + node['powershell_features_cache']['disabled'] + + node['powershell_features_cache']['removed'] + + # the difference of desired features to install to all features is what's not available + unavailable = (new_resource.feature_name - all_available) + raise "The Windows feature#{'s' if unavailable.count > 1} #{unavailable.join(',')} #{unavailable.count > 1 ? 'are' : 'is'} not available on this version of Windows. Run 'Get-WindowsFeature' to see the list of available feature names." unless unavailable.empty? + end + + # run Get-WindowsFeature to get a list of all available features and their state + # and save that to the node at node.override level. + # @return [void] + def reload_cached_powershell_data + Chef::Log.debug('Caching Windows features available via Get-WindowsFeature.') + node.override['powershell_features_cache'] = Mash.new + node.override['powershell_features_cache']['enabled'] = [] + node.override['powershell_features_cache']['disabled'] = [] + node.override['powershell_features_cache']['removed'] = [] + + parsed_feature_list.each do |feature_details_raw| + case feature_details_raw['InstallState'] + when 5 # matches 'Removed' InstallState + add_to_feature_mash('removed', feature_details_raw['Name']) + when 1, 3 # matches 'Installed' or 'InstallPending' states + add_to_feature_mash('enabled', feature_details_raw['Name']) + when 0, 2 # matches 'Available' or 'UninstallPending' states + add_to_feature_mash('disabled', feature_details_raw['Name']) + end end + Chef::Log.debug("The powershell cache contains\n#{node['powershell_features_cache']}") + end + + # fetch the list of available feature names and state in JSON and parse the JSON + def parsed_feature_list + # Grab raw feature information from dism command line + # Windows < 2012 doesn't present a state value so we have to check if the feature is installed or not + raw_list_of_features = if older_than_2012_or_8? # make the older format look like the new format, warts and all + powershell_out!('Get-WindowsFeature | Select-Object -Property Name, @{Name=\"InstallState\"; Expression = {If ($_.Installed) { 1 } Else { 0 }}} | ConvertTo-Json -Compress', timeout: new_resource.timeout).stdout + else + powershell_out!('Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress', timeout: new_resource.timeout).stdout + end + + Chef::JSONCompat.from_json(raw_list_of_features) + end + + # add the features values to the appropriate array + # @return [void] + def add_to_feature_mash(feature_type, feature_details) + # add the lowercase feature name to the mash unless we're on < 2012 where they're case sensitive + node.override['powershell_features_cache'][feature_type] << (older_than_2012_or_8? ? feature_details : feature_details.downcase) + end + + # Fail if any of the packages are in a removed state + # @return [void] + def fail_if_removed + return if new_resource.source # if someone provides a source then all is well + if node['platform_version'].to_f > 6.2 # 2012R2 or later + return if registry_key_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing') && registry_value_exists?('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing', name: 'LocalSourcePath') # if source is defined in the registry, still fine + end + removed = new_resource.feature_name & node['powershell_features_cache']['removed'] + raise "The Windows feature#{'s' if removed.count > 1} #{removed.join(',')} #{removed.count > 1 ? 'are' : 'is'} have been removed from the host and cannot be installed." unless removed.empty? + end + + # Fail unless we're on windows 8+ / 2012+ where deleting a feature is supported + def raise_if_delete_unsupported + raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not supported on Windows releases before Windows 8/2012. Cannot continue!" if older_than_2012_or_8? end end diff --git a/cookbooks/windows/resources/feature_servermanagercmd.rb b/cookbooks/windows/resources/feature_servermanagercmd.rb deleted file mode 100644 index 3b68ea4..0000000 --- a/cookbooks/windows/resources/feature_servermanagercmd.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: windows -# Provider:: feature_servermanagercmd -# -# Copyright:: 2011-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -property :feature_name, [Array, String], name_attribute: true -property :source, String -property :all, [true, false], default: false - -include Chef::Mixin::ShellOut -include Windows::Helper - -action :install do - unless installed? - converge_by("install Windows feature #{new_resource.feature_name}") do - check_reboot(shell_out("#{servermanagercmd} -install #{to_array(new_resource.feature_name).join(' ')}", returns: [0, 42, 127, 1003, 3010]), new_resource.feature_name) - end - end -end - -action :remove do - if installed? - converge_by("removing Windows feature #{new_resource.feature_name}") do - check_reboot(shell_out("#{servermanagercmd} -remove #{to_array(new_resource.feature_name).join(' ')}", returns: [0, 42, 127, 1003, 3010]), new_resource.feature_name) - end - end -end - -action :delete do - Chef::Log.warn('servermanagercmd does not support removing a feature from the image.') -end - -# Exit codes are listed at http://technet.microsoft.com/en-us/library/cc749128(v=ws.10).aspx - -action_class do - def check_reboot(result, feature) - if result.exitstatus == 3010 # successful, but needs reboot - node.run_state['reboot_requested'] = true - Chef::Log.warn("Require reboot to install #{feature}") - elsif result.exitstatus == 1001 # failure, but needs reboot before we can do anything else - node.run_state['reboot_requested'] = true - Chef::Log.warn("Failed installing #{feature} and need to reboot") - end - result.error! # throw for any other bad results. The above results will also get raised, and should cause a reboot via the handler. - end - - def installed? - @installed ||= begin - cmd = shell_out("#{servermanagercmd} -query", returns: [0, 42, 127, 1003]) - cmd.stderr.empty? && (cmd.stdout =~ /^\s*?\[X\]\s.+?\s\[#{new_resource.feature_name}\]\s*$/i) - end - end - - # account for File System Redirector - # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx - def servermanagercmd - @servermanagercmd ||= begin - locate_sysnative_cmd('servermanagercmd.exe') - end - end -end diff --git a/cookbooks/windows/resources/font.rb b/cookbooks/windows/resources/font.rb index 997333e..76e7a46 100644 --- a/cookbooks/windows/resources/font.rb +++ b/cookbooks/windows/resources/font.rb @@ -3,8 +3,8 @@ # Cookbook:: windows # Resource:: font # -# Copyright:: 2014-2017, Schuberg Philis BV. -# Copyright:: 2017, Chef Software, Inc. +# Copyright:: 2014-2018, Schuberg Philis BV. +# Copyright:: 2017-2018, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,14 +19,17 @@ # limitations under the License. # -property :name, String, name_property: true -property :source, String, required: false +require 'chef/util/path_helper' -include Windows::Helper +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_font + +property :font_name, String, name_property: true +property :source, String, required: false, coerce: proc { |x| x =~ /^.:.*/ ? x.tr('\\', '/').gsub('//', '/') : x } action :install do if font_exists? - Chef::Log.debug("Not installing font: #{new_resource.name}, font already installed.") + Chef::Log.debug("Not installing font: #{new_resource.font_name} as font already installed.") else retrieve_cookbook_font install_font @@ -35,46 +38,74 @@ action :install do end action_class do + # if a source is specified fetch using remote_file. If not use cookbook_file def retrieve_cookbook_font - font_file = new_resource.name + font_file = new_resource.font_name if new_resource.source remote_file font_file do - action :nothing - source "file://#{new_resource.source}" - path win_friendly_path(::File.join(ENV['TEMP'], font_file)) + action :nothing + source source_uri + path Chef::Util::PathHelper.join(ENV['TEMP'], font_file) end.run_action(:create) else cookbook_file font_file do action :nothing cookbook cookbook_name.to_s unless cookbook_name.nil? - path win_friendly_path(::File.join(ENV['TEMP'], font_file)) + path Chef::Util::PathHelper.join(ENV['TEMP'], font_file) end.run_action(:create) end end + # delete the temp cookbook file def del_cookbook_font - file ::File.join(ENV['TEMP'], new_resource.name) do + file Chef::Util::PathHelper.join(ENV['TEMP'], new_resource.font_name) do action :delete end end + # install the font into the appropriate fonts directory def install_font require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/ fonts_dir = WIN32OLE.new('WScript.Shell').SpecialFolders('Fonts') folder = WIN32OLE.new('Shell.Application').Namespace(fonts_dir) - converge_by("install font #{new_resource.name}") do - folder.CopyHere(win_friendly_path(::File.join(ENV['TEMP'], new_resource.name))) + converge_by("install font #{new_resource.font_name} to #{fonts_dir}") do + folder.CopyHere(Chef::Util::PathHelper.join(ENV['TEMP'], new_resource.font_name)) end end - # Check to see if the font is installed + # Check to see if the font is installed in the fonts dir # - # === Returns - # :: If the font is installed - # :: If the font is not instaled + # @return [Boolean] Is the font is installed? def font_exists? require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - fonts_dir = WIN32OLE.new('WScript.Shell').SpecialFolders('Fonts') - ::File.exist?(win_friendly_path(::File.join(fonts_dir, new_resource.name))) + fonts_dir = Chef::Util::PathHelper.join(ENV['windir'], 'fonts') + Chef::Log.debug("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists") + ::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)) + end + + # Parse out the schema provided to us to see if it's one we support via remote_file. + # We do this because URI will parse C:/foo as schema 'c', which won't work with remote_file + # + # @return [Boolean] + def remote_file_schema?(schema) + return true if %w(http https ftp).include?(schema) + end + + # return new_resource.source if we have a proper URI specified + # if it's a local file listed as a source return it in file:// format + # + # @return [String] path to the font + def source_uri + begin + require 'uri' + if remote_file_schema?(URI.parse(new_resource.source).scheme) + Chef::Log.debug('source property starts with ftp/http. Using source property unmodified') + return new_resource.source + end + rescue URI::InvalidURIError + Chef::Log.warn("source property of #{new_resource.source} could not be processed as a URI. Check the format you provided.") + end + Chef::Log.debug('source property does not start with ftp/http. Prepending with file:// as it appears to be a local file.') + "file://#{new_resource.source}" end end diff --git a/cookbooks/windows/resources/http_acl.rb b/cookbooks/windows/resources/http_acl.rb index 0dacb50..c675043 100644 --- a/cookbooks/windows/resources/http_acl.rb +++ b/cookbooks/windows/resources/http_acl.rb @@ -18,10 +18,9 @@ # limitations under the License. # -include Chef::Mixin::ShellOut include Windows::Helper -property :url, String, name_property: true, required: true +property :url, String, name_property: true property :user, String property :sddl, String property :exists, [true, false], desired_state: true @@ -36,7 +35,7 @@ load_current_value do |desired| exists true url desired.url # Checks first for sddl, because it generates user(s) - sddl_match = cmd_out.match(/SDDL:\s*(?.+)/) + sddl_match = cmd_out.match(/SDDL:\s*(?\S+)/) if sddl_match sddl sddl_match['sddl'] else diff --git a/cookbooks/windows/resources/pagefile.rb b/cookbooks/windows/resources/pagefile.rb index 60977c2..c5f326e 100644 --- a/cookbooks/windows/resources/pagefile.rb +++ b/cookbooks/windows/resources/pagefile.rb @@ -3,8 +3,8 @@ # Cookbook:: windows # Resource:: pagefile # -# Copyright:: 2012-2017, Nordstrom, Inc. -# Copyright:: 2017, Chef Software, Inc. +# Copyright:: 2012-2018, Nordstrom, Inc. +# Copyright:: 2017-2018, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,17 +19,19 @@ # limitations under the License. # -property :name, String, name_property: true +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_pagefile + +property :path, String, coerce: proc { |x| x.tr('/', '\\') }, name_property: true property :system_managed, [true, false] property :automatic_managed, [true, false], default: false property :initial_size, Integer property :maximum_size, Integer -include Chef::Mixin::ShellOut include Windows::Helper action :set do - pagefile = new_resource.name + pagefile = new_resource.path initial_size = new_resource.initial_size maximum_size = new_resource.maximum_size system_managed = new_resource.system_managed @@ -58,16 +60,22 @@ end action :delete do validate_name - pagefile = new_resource.name - delete(pagefile) if exists?(pagefile) + delete(new_resource.path) if exists?(new_resource.path) end action_class do + # make sure the provided name property matches the appropriate format + # we do this here and not in the property itself because if automatic_managed + # is set then this validation is not necessary / doesn't make sense at all def validate_name - return if /^.:.*.sys/ =~ new_resource.name - raise "#{new_resource.name} does not match the format DRIVE:\\path\\file.sys for pagefiles. Example: C:\\pagefile.sys" + return if /^.:.*.sys/ =~ new_resource.path + raise "#{new_resource.path} does not match the format DRIVE:\\path\\file.sys for pagefiles. Example: C:\\pagefile.sys" end + # See if the pagefile exists + # + # @param [String] pagefile path to the pagefile + # @return [Boolean] def exists?(pagefile) @exists ||= begin Chef::Log.debug("Checking if #{pagefile} exists by runing: #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list") @@ -76,6 +84,12 @@ action_class do end end + # is the max/min pagefile size set? + # + # @param [String] pagefile path to the pagefile + # @param [String] min the minimum size of the pagefile + # @param [String] max the minimum size of the pagefile + # @return [Boolean] def max_and_min_set?(pagefile, min, max) @max_and_min_set ||= begin Chef::Log.debug("Checking if #{pagefile} min: #{min} and max #{max} are set") @@ -84,14 +98,20 @@ action_class do end end + # create a pagefile + # + # @param [String] pagefile path to the pagefile def create(pagefile) converge_by("create pagefile #{pagefile}") do - Chef::Log.debug("Running #{wmic} pagefileset create name=\"#{win_friendly_path(pagefile)}\"") - cmd = shell_out("#{wmic} pagefileset create name=\"#{win_friendly_path(pagefile)}\"") + Chef::Log.debug("Running #{wmic} pagefileset create name=\"#{pagefile}\"") + cmd = shell_out("#{wmic} pagefileset create name=\"#{pagefile}\"") check_for_errors(cmd.stderr) end end + # delete a pagefile + # + # @param [String] pagefile path to the pagefile def delete(pagefile) converge_by("remove pagefile #{pagefile}") do Chef::Log.debug("Running #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete") @@ -100,6 +120,9 @@ action_class do end end + # see if the pagefile is automatically managed by Windows + # + # @return [Boolean] def automatic_managed? @automatic_managed ||= begin Chef::Log.debug('Checking if pagefiles are automatically managed') @@ -108,6 +131,7 @@ action_class do end end + # turn on automatic management of all pagefiles by Windows def set_automatic_managed converge_by('set pagefile to Automatic Managed') do Chef::Log.debug("Running #{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True") @@ -116,6 +140,7 @@ action_class do end end + # turn off automatic management of all pagefiles by Windows def unset_automatic_managed converge_by('set pagefile to User Managed') do Chef::Log.debug("Running #{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False") @@ -124,6 +149,11 @@ action_class do end end + # set a custom size for the pagefile (vs the defaults) + # + # @param [String] pagefile path to the pagefile + # @param [String] min the minimum size of the pagefile + # @param [String] max the minimum size of the pagefile def set_custom_size(pagefile, min, max) converge_by("set #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") do Chef::Log.debug("Running #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}") @@ -132,7 +162,10 @@ action_class do end end - def set_system_managed(pagefile) # rubocop: disable Style/AccessorMethodName + # set a pagefile size to be system managed + # + # @param [String] pagefile path to the pagefile + def set_system_managed(pagefile) # rubocop: disable Naming/AccessorMethodName converge_by("set #{pagefile} to System Managed") do Chef::Log.debug("Running #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0") cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0", returns: [0]) @@ -141,11 +174,11 @@ action_class do end def get_setting_id(pagefile) - pagefile = win_friendly_path(pagefile) - pagefile = pagefile.split('\\') - "#{pagefile[1]} @ #{pagefile[0]}" + split_path = pagefile.split('\\') + "#{split_path[1]} @ #{split_path[0]}" end + # raise if there's an error on stderr on a shellout def check_for_errors(stderr) raise stderr.chomp unless stderr.empty? end diff --git a/cookbooks/windows/resources/path.rb b/cookbooks/windows/resources/path.rb deleted file mode 100644 index 21a22a8..0000000 --- a/cookbooks/windows/resources/path.rb +++ /dev/null @@ -1,54 +0,0 @@ -# -# Author:: Paul Morton () -# Cookbook:: windows -# Resource:: path -# -# Copyright:: 2011-2017, Business Intelligence Associates, Inc -# Copyright:: 2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -property :path, String, name_property: true - -include Windows::Helper - -action :add do - env 'path' do - action :modify - delim ::File::PATH_SEPARATOR - value new_resource.path.tr('/', '\\') - notifies :run, "ruby_block[fix ruby ENV['PATH']]", :immediately - end - - # The windows Env provider does not correctly expand variables in - # the PATH environment variable. Ruby expects these to be expanded. - # This is a temporary fix for that. - # - # Follow at https://github.com/chef/chef/pull/1876 - # - ruby_block "fix ruby ENV['PATH']" do - block do - ENV['PATH'] = expand_env_vars(ENV['PATH']) - end - action :nothing - end -end - -action :remove do - env 'path' do - action :delete - delim ::File::PATH_SEPARATOR - value new_resource.path.tr('/', '\\') - end -end diff --git a/cookbooks/windows/resources/printer.rb b/cookbooks/windows/resources/printer.rb index 2997fa8..ed9a2a6 100644 --- a/cookbooks/windows/resources/printer.rb +++ b/cookbooks/windows/resources/printer.rb @@ -22,7 +22,10 @@ require 'resolv' -property :device_id, String, name_property: true, required: true +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_printer + +property :device_id, String, name_property: true property :comment, String property :default, [true, false], default: false property :driver_name, String, required: true diff --git a/cookbooks/windows/resources/printer_port.rb b/cookbooks/windows/resources/printer_port.rb index 1629db3..51d2d43 100644 --- a/cookbooks/windows/resources/printer_port.rb +++ b/cookbooks/windows/resources/printer_port.rb @@ -3,7 +3,7 @@ # Cookbook:: windows # Resource:: printer_port # -# Copyright:: 2012-2017, Nordstrom, Inc. +# Copyright:: 2012-2018, Nordstrom, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,10 @@ require 'resolv' -property :ipv4_address, String, name_attribute: true, required: true, regex: Resolv::IPv4::Regex +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_printer_port + +property :ipv4_address, String, name_property: true, regex: Resolv::IPv4::Regex property :port_name, String property :port_number, Integer, default: 9100 property :port_description, String @@ -36,15 +39,15 @@ def port_exists?(name) port_reg_key = PORTS_REG_KEY + name Chef::Log.debug "Checking to see if this reg key exists: '#{port_reg_key}'" - Registry.key_exists?(port_reg_key) + registry_key_exists?(port_reg_key) end +# @todo Set @current_resource port properties from registry load_current_value do |desired| name desired.name ipv4_address desired.ipv4_address - port_name desired.port_name || "IP_#{@new_resource.ipv4_address}" - exists port_exists?(desired.port_name) - # TODO: Set @current_resource port properties from registry + port_name desired.port_name || "IP_#{desired.ipv4_address}" + exists port_exists?(desired.port_name || "IP_#{desired.ipv4_address}") end action :create do diff --git a/cookbooks/windows/resources/share.rb b/cookbooks/windows/resources/share.rb index 7a38087..9e5196b 100644 --- a/cookbooks/windows/resources/share.rb +++ b/cookbooks/windows/resources/share.rb @@ -1,10 +1,12 @@ -# -*- coding: utf-8 -*- # -# Author:: Sölvi Páll Ásgeirsson (), Richard Lavey (richard.lavey@calastone.com) +# Author:: Sölvi Páll Ásgeirsson () +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Author:: Tim Smith (tsmith@chef.io) # Cookbook:: windows # Resource:: share # # Copyright:: 2014-2017, Sölvi Páll Ásgeirsson. +# Copyright:: 2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,271 +21,268 @@ # limitations under the License. # -property :share_name, String, name_property: true -property :path, String, required: true -property :description, String, default: '' -property :full_users, Array, default: [] -property :change_users, Array, default: [] -property :read_users, Array, default: [] +chef_version_for_provides '< 14.7' if respond_to?(:chef_version_for_provides) +resource_name :windows_share + +require 'chef/json_compat' +require 'chef/util/path_helper' + +# Specifies a name for the SMB share. The name may be composed of any valid file name characters, but must be less than 80 characters long. The names pipe and mailslot are reserved for use by the computer. +property :share_name, String, name_property: true + +# Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted. +property :path, String + +# Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters. +property :description, String, default: '' + +# Specifies which accounts are granted full permission to access the share. Use a comma-separated list to specify multiple accounts. An account may not be specified more than once in the FullAccess, ChangeAccess, or ReadAccess parameter lists, but may be specified once in the FullAccess, ChangeAccess, or ReadAccess parameter list and once in the NoAccess parameter list. +property :full_users, Array, default: [], coerce: proc { |u| u.sort } + +# Specifies which users are granted modify permission to access the share +property :change_users, Array, default: [], coerce: proc { |u| u.sort } + +# Specifies which users are granted read permission to access the share. Multiple users can be specified by supplying a comma-separated list. +property :read_users, Array, default: [], coerce: proc { |u| u.sort } + +# Specifies the lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer. By default, new SMB shares are persistent, and non-temporary. +property :temporary, [true, false], default: false + +# Specifies the scope name of the share. +property :scope_name, String, default: '*' + +# Specifies the continuous availability time-out for the share. +property :ca_timeout, Integer, default: 0 + +# Indicates that the share is continuously available. +property :continuously_available, [true, false], default: false + +# Specifies the caching mode of the offline files for the SMB share. +# property :caching_mode, String, equal_to: %w(None Manual Documents Programs BranchCache) + +# Specifies the maximum number of concurrently connected users that the new SMB share may accommodate. If this parameter is set to zero (0), then the number of users is unlimited. +property :concurrent_user_limit, Integer, default: 0 + +# Indicates that the share is encrypted. +property :encrypt_data, [true, false], default: false + +# Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items. +# property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted) -include Windows::Helper include Chef::Mixin::PowershellOut -require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/ +load_current_value do |desired| + # this command selects individual objects because EncryptData & CachingMode have underlying + # types that get converted to their Integer values by ConvertTo-Json & we need to make sure + # those get written out as strings + share_state_cmd = "Get-SmbShare -Name '#{desired.share_name}' | Select-Object Name,Path, Description, Temporary, CATimeout, ContinuouslyAvailable, ConcurrentUserLimit, EncryptData | ConvertTo-Json" -ACCESS_FULL = 2_032_127 -ACCESS_CHANGE = 1_245_631 -ACCESS_READ = 1_179_817 + Chef::Log.debug("Running '#{share_state_cmd}' to determine share state'") + ps_results = powershell_out(share_state_cmd) -action :create do - if different_path? - unless current_resource.path.nil? || current_resource.path.empty? - converge_by('Removing previous share') do - delete_share - end - end - converge_by("Creating share #{current_resource.share_name}") do - create_share - end + # detect a failure without raising and then set current_resource to nil + if ps_results.error? + Chef::Log.debug("Error fetching share state: #{ps_results.stderr}") + current_value_does_not_exist! end - if different_members?(:full_users) || - different_members?(:change_users) || - different_members?(:read_users) || - different_description? - converge_by("Setting permissions and description for #{new_resource.share_name}") do - set_share_permissions + Chef::Log.debug("The Get-SmbShare results were #{ps_results.stdout}") + results = Chef::JSONCompat.from_json(ps_results.stdout) + + path results['Path'] + description results['Description'] + temporary results['Temporary'] + ca_timeout results['CATimeout'] + continuously_available results['ContinuouslyAvailable'] + # caching_mode results['CachingMode'] + concurrent_user_limit results['ConcurrentUserLimit'] + encrypt_data results['EncryptData'] + # folder_enumeration_mode results['FolderEnumerationMode'] + + perm_state_cmd = %(Get-SmbShareAccess -Name "#{desired.share_name}" | Select-Object AccountName,AccessControlType,AccessRight | ConvertTo-Json) + + Chef::Log.debug("Running '#{perm_state_cmd}' to determine share permissions state'") + ps_perm_results = powershell_out(perm_state_cmd) + + # we raise here instead of warning like above because we'd only get here if the above Get-SmbShare + # command was successful and that continuing would leave us with 1/2 known state + raise "Could not determine #{desired.share_name} share permissions by running '#{perm_state_cmd}'" if ps_perm_results.error? + + Chef::Log.debug("The Get-SmbShareAccess results were #{ps_perm_results.stdout}") + + f_users, c_users, r_users = parse_permissions(ps_perm_results.stdout) + + full_users f_users + change_users c_users + read_users r_users +end + +def after_created + raise 'The windows_share resource relies on PowerShell cmdlets not present in Windows releases prior to 8/2012. Cannot continue!' if node['platform_version'].to_f < 6.3 +end + +# given the string output of Get-SmbShareAccess parse out +# arrays of full access users, change users, and read only users +def parse_permissions(results_string) + json_results = Chef::JSONCompat.from_json(results_string) + json_results = [json_results] unless json_results.is_a?(Array) # single result is not an array + + f_users = [] + c_users = [] + r_users = [] + + json_results.each do |perm| + next unless perm['AccessControlType'] == 0 # allow + case perm['AccessRight'] + when 0 then f_users << stripped_account(perm['AccountName']) # 0 full control + when 1 then c_users << stripped_account(perm['AccountName']) # 1 == change + when 2 then r_users << stripped_account(perm['AccountName']) # 2 == read end end + [f_users, c_users, r_users] +end + +# local names are returned from Get-SmbShareAccess in the full format MACHINE\\NAME +# but users of this resource would simply say NAME so we need to strip the values for comparison +def stripped_account(name) + name.slice!("#{node['hostname']}\\") + name +end + +action :create do + # we do this here instead of requiring the property because :delete doesn't need path set + raise 'No path property set' unless new_resource.path + + converge_if_changed do + # you can't actually change the path so you have to delete the old share first + if different_path? + Chef::Log.debug('The path has changed so we will delete and recreate share') + delete_share + create_share + elsif current_resource.nil? + # powershell cmdlet for create is different than updates + Chef::Log.debug('The current resource is nil so we will create a new share') + create_share + else + Chef::Log.debug('The current resource was not nil so we will update an existing share') + update_share + end + + # creating the share does not set permissions so we need to update + update_permissions + end end action :delete do - if !current_resource.path.nil? && !current_resource.path.empty? - converge_by("Deleting #{current_resource.share_name}") do + if current_resource.nil? + Chef::Log.debug("#{new_resource.share_name} does not exist - nothing to do") + else + converge_by("delete #{new_resource.share_name}") do delete_share end - else - Chef::Log.debug("#{current_resource.share_name} does not exist - nothing to do") end end -load_current_value do |desired| - wmi = WIN32OLE.connect('winmgmts://') - shares = wmi.ExecQuery("SELECT * FROM Win32_Share WHERE name = '#{desired.share_name}'") - existing_share = shares.Count == 0 ? nil : shares.ItemIndex(0) - - description '' - unless existing_share.nil? - path existing_share.Path - description existing_share.Description +action_class do + def different_path? + return false if current_resource.nil? # going from nil to something isn't different for our concerns + return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path) + true end - perms = share_permissions name - unless perms.nil? - full_users perms[:full_users] - change_users perms[:change_users] - read_users perms[:read_users] - end -end + def delete_share + delete_command = "Remove-SmbShare -Name '#{new_resource.share_name}' -Force" -def share_permissions(name) - wmi = WIN32OLE.connect('winmgmts://') - shares = wmi.ExecQuery("SELECT * FROM Win32_LogicalShareSecuritySetting WHERE name = '#{name}'") - - # The security descriptor is an output parameter - sd = nil - begin - shares.ItemIndex(0).GetSecurityDescriptor(sd) - sd = WIN32OLE::ARGV[0] - rescue WIN32OLERuntimeError - Chef::Log.warn('Failed to retrieve any security information about the share.') + Chef::Log.debug("Running '#{delete_command}' to remove the share") + powershell_out!(delete_command) end - read = [] - change = [] - full = [] + def update_share + update_command = "Set-SmbShare -Name '#{new_resource.share_name}' -Description '#{new_resource.description}' -Force" - unless sd.nil? - sd.DACL.each do |dacl| - trustee = "#{dacl.Trustee.Domain}\\#{dacl.Trustee.Name}".downcase - case dacl.AccessMask - when ACCESS_FULL - full.push(trustee) - when ACCESS_CHANGE - change.push(trustee) - when ACCESS_READ - read.push(trustee) - else - Chef::Log.warn "Unknown access mask #{dacl.AccessMask} for user #{trustee}. This will be lost if permissions are updated" + Chef::Log.debug("Running '#{update_command}' to update the share") + powershell_out!(update_command) + end + + def create_share + raise "#{new_resource.path} is missing or not a directory. Shares cannot be created if the path doesn't first exist." unless ::File.directory? new_resource.path + + share_cmd = "New-SmbShare -Name '#{new_resource.share_name}' -Path '#{Chef::Util::PathHelper.cleanpath(new_resource.path)}' -Description '#{new_resource.description}' -ConcurrentUserLimit #{new_resource.concurrent_user_limit} -CATimeout #{new_resource.ca_timeout} -EncryptData:#{bool_string(new_resource.encrypt_data)} -ContinuouslyAvailable:#{bool_string(new_resource.continuously_available)}" + share_cmd << " -ScopeName #{new_resource.scope_name}" unless new_resource.scope_name == '*' # passing * causes the command to fail + share_cmd << " -Temporary:#{bool_string(new_resource.temporary)}" if new_resource.temporary # only set true + + Chef::Log.debug("Running '#{share_cmd}' to create the share") + powershell_out!(share_cmd) + + # New-SmbShare adds the "Everyone" user with read access no matter what so we need to remove it + # before we add our permissions + revoke_user_permissions(['Everyone']) + end + + # determine what users in the current state don't exist in the desired state + # users/groups will have their permissions updated with the same command that + # sets it, but removes must be performed with Revoke-SmbShareAccess + def users_to_revoke + @users_to_revoke ||= begin + # if the resource doesn't exist then nothing needs to be revoked + if current_resource.nil? + [] + else # if it exists then calculate the current to new resource diffs + (current_resource.full_users + current_resource.change_users + current_resource.read_users) - (new_resource.full_users + new_resource.change_users + new_resource.read_users) end end end - { - full_users: full, - change_users: change, - read_users: read, - } -end + # update existing permissions on a share + def update_permissions + # revoke any users that had something, but now has nothing + revoke_user_permissions(users_to_revoke) unless users_to_revoke.empty? -action_class do - def description_exists?(resource) - !resource.description.nil? - end + # set permissions for each of the permission types + %w(full read change).each do |perm_type| + # set permissions for a brand new share OR + # update permissions if the current state and desired state differ + next unless permissions_need_update?(perm_type) + grant_command = "Grant-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{new_resource.send("#{perm_type}_users").join('","')}\" -Force -AccessRight #{perm_type}" - def different_description? - if description_exists?(new_resource) && description_exists?(current_resource) - new_resource.description.casecmp(current_resource.description) != 0 - else - description_exists?(new_resource) || description_exists?(current_resource) + Chef::Log.debug("Running '#{grant_command}' to update the share permissions") + powershell_out!(grant_command) end end - def different_path? - return true if current_resource.path.nil? - win_friendly_path(new_resource.path).casecmp(win_friendly_path(current_resource.path)) != 0 + # determine if permissions need to be updated. + # Brand new share with no permissions defined: no + # Brand new share with permissions defined: yes + # Existing share with differing permissions: yes + # + # @param [String] type the permissions type (Full, Read, or Change) + def permissions_need_update?(type) + property_name = "#{type}_users" + + # brand new share, but nothing to set + return false if current_resource.nil? && new_resource.send(property_name).empty? + + # brand new share with new permissions to set + return true if current_resource.nil? && !new_resource.send(property_name).empty? + + # there's a difference between the current and desired state + return true unless (new_resource.send(property_name) - current_resource.send(property_name)).empty? + + # anything else + false end - def different_members?(permission_type) - !(current_resource.send(permission_type.to_sym) - new_resource.send(permission_type.to_sym).map(&:downcase)).empty? && - !(new_resource.send(permission_type.to_sym).map(&:downcase) - current_resource.send(permission_type.to_sym)).empty? + # revoke user permissions from a share + # @param [Array] users + def revoke_user_permissions(users) + revoke_command = "Revoke-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{users.join('","')}\" -Force" + Chef::Log.debug("Running '#{revoke_command}' to revoke share permissions") + powershell_out!(revoke_command) end - def find_share_by_name(name) - wmi = WIN32OLE.connect('winmgmts://') - shares = wmi.ExecQuery("SELECT * FROM Win32_Share WHERE name = '#{name}'") - shares.Count == 0 ? nil : shares.ItemIndex(0) - end - - def delete_share - find_share_by_name(new_resource.share_name).delete - end - - def create_share - raise "#{new_resource.path} is missing or not a directory" unless ::File.directory? new_resource.path - new_share_script = <<-EOH - $share = [wmiclass]"\\\\#{ENV['COMPUTERNAME']}\\root\\CimV2:Win32_Share" - $result=$share.Create('#{new_resource.path}', - '#{new_resource.share_name}', - 0, - 16777216, - '#{new_resource.description}', - $null, - $null) - exit $result.returnValue - EOH - r = powershell_out new_share_script - message = case r.exitstatus - when 2 - '2 : Access Denied' - when 8 - '8 : Unknown Failure' - when 9 - '9 : Invalid Name' - when 10 - '10 : Invalid Level' - when 21 - '21 : Invalid Parameter' - when 22 - '22 : Duplicate Share' - when 23 - '23 : Redirected Path' - when 24 - '24 : Unknown Device or Directory' - when 25 - '25 : Net Name Not Found' - else - r.exitstatus.to_s - end - - raise "Could not create share. Win32_Share.create returned #{message}" if r.error? - end - - # set_share_permissions - Enforce the share permissions as dictated by the resource attributes - def set_share_permissions - share_permissions_script = <<-EOH - Function New-SecurityDescriptor - { - param ( - [array]$ACEs - ) - #Create SeCDesc object - $SecDesc = ([WMIClass] "\\\\$env:ComputerName\\root\\cimv2:Win32_SecurityDescriptor").CreateInstance() - - foreach ($ACE in $ACEs ) - { - $SecDesc.DACL += $ACE.psobject.baseobject - } - - #Return the security Descriptor - return $SecDesc - } - - Function New-ACE - { - param ( - [string] $Name, - [string] $Domain, - [string] $Permission = "Read" - ) - #Create the Trusteee Object - $Trustee = ([WMIClass] "\\\\$env:computername\\root\\cimv2:Win32_Trustee").CreateInstance() - $account = get-wmiobject Win32_Account -filter "Name like '$Name' and Domain like '$Domain'" - $accountSID = [WMI] "\\\\$env:ComputerName\\root\\cimv2:Win32_SID.SID='$($account.sid)'" - - $Trustee.Domain = $Domain - $Trustee.Name = $Name - $Trustee.SID = $accountSID.BinaryRepresentation - - #Create ACE (Access Control List) object. - $ACE = ([WMIClass] "\\\\$env:ComputerName\\root\\cimv2:Win32_ACE").CreateInstance() - switch ($Permission) - { - "Read" { $ACE.AccessMask = 1179817 } - "Change" { $ACE.AccessMask = 1245631 } - "Full" { $ACE.AccessMask = 2032127 } - default { throw "$Permission is not a supported permission value. Possible values are 'Read','Change','Full'" } - } - - $ACE.AceFlags = 3 - $ACE.AceType = 0 - $ACE.Trustee = $Trustee - - $ACE - } - - $dacl_array = @() - - EOH - new_resource.full_users.each do |user| - share_permissions_script += user_to_ace(user, 'Full') - end - - new_resource.change_users.each do |user| - share_permissions_script += user_to_ace(user, 'Change') - end - - new_resource.read_users.each do |user| - share_permissions_script += user_to_ace(user, 'Read') - end - - share_permissions_script += <<-EOH - - $dacl = New-SecurityDescriptor -Aces $dacl_array - - $share = get-wmiobject win32_share -filter 'Name like "#{new_resource.share_name}"' - $return = $share.SetShareInfo($null, '#{new_resource.description}', $dacl) - exit $return.returnValue - EOH - r = powershell_out(share_permissions_script) - raise "Could not set share permissions. Win32_Share.SedtShareInfo returned #{r.exitstatus}" if r.error? - end - - def user_to_ace(fully_qualified_user_name, access) - domain, user = fully_qualified_user_name.split('\\') - unless domain && user - raise "Invalid user entry #{fully_qualified_user_name}. The user names must be specified as 'DOMAIN\\user'" - end - "\n$dacl_array += new-ace -Name '#{user}' -domain '#{domain}' -permission '#{access}'" + # convert True/False into "$True" & "$False" + def bool_string(bool) + # bool ? 1 : 0 + bool ? '$true' : '$false' end end diff --git a/cookbooks/windows/resources/shortcut.rb b/cookbooks/windows/resources/shortcut.rb index ab35f17..d1a40e1 100644 --- a/cookbooks/windows/resources/shortcut.rb +++ b/cookbooks/windows/resources/shortcut.rb @@ -3,7 +3,8 @@ # Cookbook:: windows # Resource:: shortcut # -# Copyright:: 2010-2017, VMware, Inc. +# Copyright:: 2010-2018, VMware, Inc. +# Copyright:: 2017-2018, Chef Software Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,10 @@ # limitations under the License. # -property :name, String +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +resource_name :windows_shortcut + +property :shortcut_name, String, name_property: true property :target, String property :arguments, String property :description, String @@ -28,8 +32,8 @@ property :iconlocation, String load_current_value do |desired| require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - link = WIN32OLE.new('WScript.Shell').CreateShortcut(desired.name) - name desired.name + link = WIN32OLE.new('WScript.Shell').CreateShortcut(desired.shortcut_name) + name desired.shortcut_name target(link.TargetPath) arguments(link.Arguments) description(link.Description) @@ -39,8 +43,8 @@ end action :create do converge_if_changed do - converge_by "creating shortcut #{new_resource.name}" do - link = WIN32OLE.new('WScript.Shell').CreateShortcut(new_resource.name) + converge_by "creating shortcut #{new_resource.shortcut_name}" do + link = WIN32OLE.new('WScript.Shell').CreateShortcut(new_resource.shortcut_name) link.TargetPath = new_resource.target unless new_resource.target.nil? link.Arguments = new_resource.arguments unless new_resource.arguments.nil? link.Description = new_resource.description unless new_resource.description.nil? diff --git a/cookbooks/windows/resources/task.rb b/cookbooks/windows/resources/task.rb deleted file mode 100644 index 2f3ca13..0000000 --- a/cookbooks/windows/resources/task.rb +++ /dev/null @@ -1,384 +0,0 @@ -# -# Author:: Paul Mooring () -# Cookbook:: windows -# Resource:: task -# -# Copyright:: 2012-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Passwords can't be loaded for existing tasks, making :modify both confusing -# and not very useful - -require 'chef/mixin/shell_out' -require 'rexml/document' - -include Chef::Mixin::ShellOut -include Chef::Mixin::PowershellOut - -property :task_name, String, name_property: true, regex: [/\A[^\/\:\*\?\<\>\|]+\z/] -property :command, String -property :cwd, String -property :user, String, default: 'SYSTEM' -property :password, String -property :run_level, equal_to: [:highest, :limited], default: :limited -property :force, [true, false], default: false -property :interactive_enabled, [true, false], default: false -property :frequency_modifier, [Integer, String], default: 1 -property :frequency, equal_to: [:minute, - :hourly, - :daily, - :weekly, - :monthly, - :once, - :on_logon, - :onstart, - :on_idle], default: :hourly -property :start_day, String -property :start_time, String -property :day, [String, Integer] -property :months, String -property :idle_time, Integer -property :exists, [true, false], desired_state: true -property :status, Symbol, desired_state: true -property :enabled, [true, false], desired_state: true - -def load_task_hash(task_name) - Chef::Log.debug 'Looking for existing tasks' - - # we use powershell_out here instead of powershell_out! because a failure implies that the task does not exist - task_script = <<-EOH - [Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8 - schtasks /Query /FO LIST /V /TN \"#{task_name}\" - EOH - output = powershell_out(task_script).stdout.force_encoding('UTF-8') - if output.empty? - task = false - else - task = {} - - output.split("\n").map! { |line| line.split(':', 2).map!(&:strip) }.each do |field| - if field.is_a?(Array) && field[0].respond_to?(:to_sym) - task[field[0].gsub(/\s+/, '').to_sym] = field[1] - end - end - end - - task -end - -load_current_value do |desired| - pathed_task_name = desired.task_name.start_with?('\\') ? desired.task_name : "\\#{desired.task_name}" - - task_hash = load_task_hash pathed_task_name - - task_name pathed_task_name - if task_hash.respond_to?(:[]) && task_hash[:TaskName] == pathed_task_name - exists true - status :running if task_hash[:Status] == 'Running' - enabled task_hash[:ScheduledTaskState] == 'Enabled' ? true : false - cwd task_hash[:StartIn] unless task_hash[:StartIn] == 'N/A' - command task_hash[:TaskToRun] - user task_hash[:RunAsUser] - else - exists false - end -end - -action :create do - if current_resource.exists && !(task_need_update? || new_resource.force) - Chef::Log.info "#{new_resource} task already exists - nothing to do" - else - converge_by("creating a new scheduled task #{new_resource.task_name}") do - validate_user_and_password - validate_interactive_setting - validate_create_frequency_modifier - validate_create_day - validate_create_months - validate_idle_time - - options = {} - options['F'] = '' if new_resource.force || task_need_update? - options['SC'] = schedule - options['MO'] = new_resource.frequency_modifier if frequency_modifier_allowed - options['I'] = new_resource.idle_time unless new_resource.idle_time.nil? - options['SD'] = new_resource.start_day unless new_resource.start_day.nil? - options['ST'] = new_resource.start_time unless new_resource.start_time.nil? - options['TR'] = new_resource.command - options['RU'] = new_resource.user - options['RP'] = new_resource.password if use_password? - options['RL'] = 'HIGHEST' if new_resource.run_level == :highest - options['IT'] = '' if new_resource.interactive_enabled - options['D'] = new_resource.day if new_resource.day - options['M'] = new_resource.months unless new_resource.months.nil? - - run_schtasks 'CREATE', options - cwd(new_resource.cwd) if new_resource.cwd - end - end -end - -action :run do - if current_resource.exists - if current_resource.status == :running - Chef::Log.info "#{new_resource} task is currently running, skipping run" - else - converge_by("running scheduled task #{new_resource.task_name}") do - run_schtasks 'RUN' - new_resource.updated_by_last_action true - end - end - else - Chef::Log.debug "#{new_resource} task doesn't exists - nothing to do" - end -end - -action :change do - if current_resource.exists - converge_by("changing scheduled task #{new_resource.task_name}") do - validate_user_and_password - validate_interactive_setting - - options = {} - options['TR'] = new_resource.command if new_resource.command - options['RU'] = new_resource.user if new_resource.user - options['RP'] = new_resource.password if new_resource.password - options['SD'] = new_resource.start_day unless new_resource.start_day.nil? - options['ST'] = new_resource.start_time unless new_resource.start_time.nil? - options['IT'] = '' if new_resource.interactive_enabled - - run_schtasks 'CHANGE', options - cwd(new_resource.cwd) if new_resource.cwd != current_resource.cwd - end - else - Chef::Log.debug "#{new_resource} task doesn't exists - nothing to do" - end -end - -action :delete do - if current_resource.exists - converge_by("deleting scheduled task #{new_resource.task_name}") do - # always need to force deletion - run_schtasks 'DELETE', 'F' => '' - end - else - Chef::Log.debug "#{new_resource} task doesn't exists - nothing to do" - end -end - -action :end do - if current_resource.exists - if current_resource.status != :running - Chef::Log.debug "#{new_resource} is not running - nothing to do" - else - converge_by("stopping scheduled task #{new_resource.task_name}") do - run_schtasks 'END' - end - end - else - Chef::Log.fatal "#{new_resource} task doesn't exist - nothing to do" - raise Errno::ENOENT, "#{new_resource}: task does not exist, cannot end" - end -end - -action :enable do - if current_resource.exists - if current_resource.enabled - Chef::Log.debug "#{new_resource} already enabled - nothing to do" - else - converge_by("enabling scheduled task #{new_resource.task_name}") do - run_schtasks 'CHANGE', 'ENABLE' => '' - end - end - else - Chef::Log.fatal "#{new_resource} task doesn't exist - nothing to do" - raise Errno::ENOENT, "#{new_resource}: task does not exist, cannot enable" - end -end - -action :disable do - if current_resource.exists - if current_resource.enabled - converge_by("disabling scheduled task #{new_resource.task_name}") do - run_schtasks 'CHANGE', 'DISABLE' => '' - end - else - Chef::Log.debug "#{new_resource} already disabled - nothing to do" - end - else - Chef::Log.debug "#{new_resource} task doesn't exist - nothing to do" - end -end - -action_class do - # rubocop:disable Style/StringLiteralsInInterpolation - def run_schtasks(task_action, options = {}) - cmd = "schtasks /#{task_action} /TN \"#{new_resource.task_name}\" " - options.keys.each do |option| - cmd += "/#{option} " - cmd += "\"#{options[option].to_s.gsub('"', "\\\"")}\" " unless options[option] == '' - end - Chef::Log.debug('running: ') - Chef::Log.debug(" #{cmd}") - shell_out!(cmd, returns: [0]) - end - # rubocop:enable Style/StringLiteralsInInterpolation - - def task_need_update? - # gsub needed as schtasks converts single quotes to double quotes on creation - current_resource.command != new_resource.command.tr("'", '"') || - current_resource.user != new_resource.user - end - - def cwd(folder) - Chef::Log.debug 'looking for existing tasks' - - # we use shell_out here instead of shell_out! because a failure implies that the task does not exist - xml_cmd = shell_out("schtasks /Query /TN \"#{new_resource.task_name}\" /XML") - - return if xml_cmd.exitstatus != 0 - - doc = REXML::Document.new(xml_cmd.stdout) - - Chef::Log.debug 'Removing former CWD if any' - doc.root.elements.delete('Actions/Exec/WorkingDirectory') - - unless folder.nil? - Chef::Log.debug 'Setting CWD as #folder' - cwd_element = REXML::Element.new('WorkingDirectory') - cwd_element.add_text(folder) - exec_element = doc.root.elements['Actions/Exec'] - exec_element.add_element(cwd_element) - end - - temp_task_file = ::File.join(ENV['TEMP'], 'windows_task.xml') - begin - ::File.open(temp_task_file, 'w:UTF-16LE') do |f| - doc.write(f) - end - - options = {} - options['RU'] = new_resource.user if new_resource.user - options['RP'] = new_resource.password if new_resource.password - options['IT'] = '' if new_resource.interactive_enabled - options['XML'] = temp_task_file - - run_schtasks('DELETE', 'F' => '') - run_schtasks('CREATE', options) - ensure - ::File.delete(temp_task_file) - end - end - - SYSTEM_USERS = ['NT AUTHORITY\SYSTEM', 'SYSTEM', 'NT AUTHORITY\LOCALSERVICE', 'NT AUTHORITY\NETWORKSERVICE'].freeze - - def validate_user_and_password - return unless new_resource.user && use_password? - return unless new_resource.password.nil? - Chef::Log.fatal "#{new_resource.task_name}: Can't specify a non-system user without a password!" - end - - def validate_interactive_setting - return unless new_resource.interactive_enabled && new_resource.password.nil? - Chef::Log.fatal "#{new_resource} did not provide a password when attempting to set interactive/non-interactive." - end - - def validate_create_day - return unless new_resource.day - unless [:weekly, :monthly].include?(new_resource.frequency) - raise 'day attribute is only valid for tasks that run weekly or monthly' - end - return unless new_resource.day.is_a?(String) && new_resource.day.to_i.to_s != new_resource.day - days = new_resource.day.split(',') - days.each do |day| - unless ['mon', 'tue', 'wed', 'thu', 'fri', 'sat', 'sun', '*'].include?(day.strip.downcase) - raise 'day attribute invalid. Only valid values are: MON, TUE, WED, THU, FRI, SAT, SUN and *. Multiple values must be separated by a comma.' - end - end - end - - def validate_create_months - return unless new_resource.months - unless [:monthly].include?(new_resource.frequency) - raise 'months attribute is only valid for tasks that run monthly' - end - return unless new_resource.months.is_a? String - months = new_resource.months.split(',') - months.each do |month| - unless ['JAN', 'FEB', 'MAR', 'APR', 'MAY', 'JUN', 'JUL', 'AUG', 'SEP', 'OCT', 'NOV', 'DEC', '*'].include?(month.strip.upcase) - raise 'months attribute invalid. Only valid values are: JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC and *. Multiple values must be separated by a comma.' - end - end - end - - def validate_idle_time - return unless new_resource.frequency == :on_idle - return if new_resource.idle_time.to_i > 0 && new_resource.idle_time.to_i <= 999 - raise "idle_time value #{new_resource.idle_time} is invalid. Valid values for :on_idle frequency are 1 - 999." - end - - def validate_create_frequency_modifier - # Currently is handled in create action 'frequency_modifier_allowed' line. Does not allow for frequency_modifier for once,onstart,onlogon,onidle - # Note that 'OnEvent' is not a supported frequency. - return if new_resource.frequency.nil? || new_resource.frequency_modifier.nil? - case new_resource.frequency - when :minute - unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 1439 - raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :minute frequency are 1 - 1439." - end - when :hourly - unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 23 - raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :hourly frequency are 1 - 23." - end - when :daily - unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 365 - raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :daily frequency are 1 - 365." - end - when :weekly - unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 52 - raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :weekly frequency are 1 - 52." - end - when :monthly - unless ('1'..'12').to_a.push('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY').include?(new_resource.frequency_modifier.to_s.upcase) - raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :monthly frequency are 1 - 12, 'FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY'." - end - end - end - - def use_password? - @use_password ||= !SYSTEM_USERS.include?(new_resource.user.upcase) - end - - def schedule - case new_resource.frequency - when :on_logon - 'ONLOGON' - when :on_idle - 'ONIDLE' - else - new_resource.frequency - end - end - - def frequency_modifier_allowed - case new_resource.frequency - when :minute, :hourly, :daily, :weekly - true - when :monthly - new_resource.months.nil? || %w(FIRST SECOND THIRD FOURTH LAST LASTDAY).include?(new_resource.frequency_modifier) - else - false - end - end -end diff --git a/cookbooks/windows/resources/user_privilege.rb b/cookbooks/windows/resources/user_privilege.rb new file mode 100644 index 0000000..2264ded --- /dev/null +++ b/cookbooks/windows/resources/user_privilege.rb @@ -0,0 +1,40 @@ +# +# Author:: Jared Kauppila () +# Cookbook:: windows +# Resource:: user_privilege +# + +property :principal, String, name_property: true +property :privilege, [Array, String], required: true, coerce: proc { |v| [*v].sort } + +action :add do + ([*new_resource.privilege] - [*current_resource.privilege]).each do |user_right| + converge_by("adding user privilege #{user_right}") do + Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal, user_right) + end + end +end + +action :remove do + if Gem::Version.new(Chef::VERSION) < Gem::Version.new('14.4.10') + Chef::Log.warn('Chef 14.4.10 is required to use windows_privilege remove action') + else + curr_res_privilege = current_resource.privilege + new_res_privilege = new_resource.privilege + missing_res_privileges = (new_res_privilege - curr_res_privilege) + + if missing_res_privileges + Chef::Log.info("Privilege: #{missing_res_privileges.join(', ')} not present. Unable to delete") + end + + (new_res_privilege - missing_res_privileges).each do |user_right| + converge_by("removing user privilege #{user_right}") do + Chef::ReservedNames::Win32::Security.remove_account_right(new_resource.principal, user_right) + end + end + end +end + +load_current_value do |desired| + privilege Chef::ReservedNames::Win32::Security.get_account_right(desired.principal) +end diff --git a/cookbooks/windows/resources/zipfile.rb b/cookbooks/windows/resources/zipfile.rb index cb45609..424717b 100644 --- a/cookbooks/windows/resources/zipfile.rb +++ b/cookbooks/windows/resources/zipfile.rb @@ -1,11 +1,12 @@ # # Author:: Doug MacEachern () # Author:: Seth Chisamore () +# Author:: Wade Peacock () # Cookbook:: windows # Resource:: zipfile # # Copyright:: 2010-2017, VMware, Inc. -# Copyright:: 2011-2017, Chef Software, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,20 +21,19 @@ # limitations under the License. # +require 'chef/util/path_helper' + property :path, String, name_property: true property :source, String property :overwrite, [true, false], default: false property :checksum, String -include Windows::Helper -require 'find' - action :unzip do ensure_rubyzip_gem_installed Chef::Log.debug("unzip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})") cache_file_path = if new_resource.source =~ %r{^(file|ftp|http|https):\/\/} # http://rubular.com/r/DGoIWjLfGI - uri = as_uri(source) + uri = as_uri(new_resource.source) local_cache_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}" Chef::Log.debug("Caching a copy of file #{new_resource.source} at #{cache_file_path}") @@ -48,7 +48,7 @@ action :unzip do new_resource.source end - cache_file_path = win_friendly_path(cache_file_path) + cache_file_path = Chef::Util::PathHelper.cleanpath(cache_file_path) converge_by("unzip #{new_resource.source}") do ruby_block 'Unzipping' do @@ -111,12 +111,14 @@ action :zip do end action_class do + include Windows::Helper + require 'find' + def ensure_rubyzip_gem_installed require 'zip' rescue LoadError Chef::Log.info("Missing gem 'rubyzip'...installing now.") chef_gem 'rubyzip' do - version node['windows']['rubyzipversion'] action :install compile_time true end diff --git a/cookbooks/wordpress/.gitignore b/cookbooks/wordpress/.gitignore deleted file mode 100644 index dd1e425..0000000 --- a/cookbooks/wordpress/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -.vagrant -Berksfile.lock -Gemfile.lock -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ -.bundle -.cache -.kitchen -bin -.kitchen.local.yml diff --git a/cookbooks/wordpress/.kitchen.yml b/cookbooks/wordpress/.kitchen.yml deleted file mode 100644 index 6e85b2b..0000000 --- a/cookbooks/wordpress/.kitchen.yml +++ /dev/null @@ -1,31 +0,0 @@ -driver_plugin: vagrant -driver_config: - require_chef_omnibus: true - -platforms: - - name: ubuntu-12.04 - run_list: - - recipe[apt] - - name: ubuntu-14.04 - run_list: - - recipe[apt] - - name: centos-6.6 - - name: centos-5.11 - -suites: - - name: default - run_list: - - recipe[wordpress] - attributes: - mysql: - server_root_password: "Please-Dont-Use-In-Production" - server_debian_password: "Please-Dont-Use-In-Production" - server_repl_password: "Please-Dont-Use-In-Production" - - name: nginx - run_list: - - recipe[wordpress::nginx] - attributes: - mysql: - server_root_password: "Please-Dont-Use-In-Production" - server_debian_password: "Please-Dont-Use-In-Production" - server_repl_password: "Please-Dont-Use-In-Production" diff --git a/cookbooks/wordpress/.travis.yml b/cookbooks/wordpress/.travis.yml deleted file mode 100644 index 45af6de..0000000 --- a/cookbooks/wordpress/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -rvm: - - 2.0.0 - - 2.1.5 -before_script: - - bundle exec berks install -bundler_args: --without integration -script: bundle exec strainer test --except kitchen diff --git a/cookbooks/wordpress/Berksfile b/cookbooks/wordpress/Berksfile deleted file mode 100644 index ea7a934..0000000 --- a/cookbooks/wordpress/Berksfile +++ /dev/null @@ -1,7 +0,0 @@ -source "https://supermarket.getchef.com" - -metadata - -group :integration do - cookbook 'apt', '~> 2.6.1' -end diff --git a/cookbooks/wordpress/CHANGELOG.md b/cookbooks/wordpress/CHANGELOG.md deleted file mode 100644 index 69f331b..0000000 --- a/cookbooks/wordpress/CHANGELOG.md +++ /dev/null @@ -1,93 +0,0 @@ -CHANGELOG - -v3.0.0 (2015-02-24) -------------------- -* Cookbook updated to support the MySQL 6.0 community cookbook -* Added selinux as a dependency to resolve MySQL installation issues on CentOS -* Adjustments made to Nginx/PHP-FPM configuration to work out of the box with CentOS -* Added attribute to allow for additional WordPress configuration options -* Updated bats tests to work when testing WordPress version 4+ and <4 -* Removed testing for Ubuntu 10.04 due to fast approaching EOL and bugs in several cookbooks WordPress depends on. - -v2.1.5 (2014-06-28) -------------------- -* Recipe added to support installation with nginx - -v2.1.2 (2014-04-03) -------------------- -* Fixes issue where `mysql::ruby` recipe was removed in v5 of community cookbook - -v2.1.0 (2014-02-27) -------------------- -[COOK-4354] s/Wordpress/WordPress/g in docs -[COOK-4356] Gets WordPress to be extracted to the proper directory -[COOK-4191] WordPress table_prefix not configured when node['wordpress']['db']['prefix'] is set -[COOK-4192] Add attribute to control WordPress multisite features -[COOK-4366] apache2 port parameter - - -v2.0.0 (2014-02-27) -------------------- -[COOK-4180] leverage the database cookbook - - -v1.3.2 (2014-01-23) -------------------- -* [COOK-4248] - use "no_managed_code" when setting up WordPress Pool on Windows -* [COOK-4170] - Wordpress tarball contains a wordpress subdirectory, causing "extract-wordpress" to execute every run and the WP URL to be http://hostname/wordpress/ - - -v1.3.0 ------- -### Bug -- **[COOK-3478](https://tickets.opscode.com/browse/COOK-3478)** - Windows support for Wordpress - - -v1.2.0 ------- -### New Feature -- **[COOK-3321](https://tickets.opscode.com/browse/COOK-3321)** - Add languages recipe - -### Improvement -- **[COOK-3311](https://tickets.opscode.com/browse/COOK-3311)** - Remove legacy Test Kitchen, Add Travis CI - - -v1.1.0 ------- -- Added Test Kitchen 1.0 - -Bug Fixes: -- [COOK-1393]: wordpress recipe should use mysql::ruby to ensure ruby extension is installed -- [COOK-2984]: wordpress cookbook has foodcritic failures - -Improvements: -- [COOK-2661]: Allow downloads from other repos for wordpress install - -v1.0.0: -------- -- [COOK-1127] - update defaults to latest version -- [COOK-1222] - support installing "latest" version -- [COOK-1271] - Wordpress cookbook generates new password on every chef run - -v0.8.8 ------- -- [COOK-826] - recipe doesn't quote password string - -v0.8.6 ------- -- [COOK-534] - allow server_aliases to overridden by an attribute -- [COOK-799] - fixed disables .htaccess breaking permalink feature -- [COOK-820] - guard node.save with check for chef-solo in our cookbooks - -v0.8.4 ------- -- [COOK-406] - wp-config.php.erb has wrong CRLF encoding -- Dropping explicit support for Red Hat platforms due to issues in php and mysql cookbooks (COOK-603, COOK-672, COOK-816, COOK-679) - -v0.8.2 ------- -- [COOK-435] Don't set the mysql root user password in wordpress cookbook -- [COOK-535] - recursively create the directory -- RHEL/CentOS/Fedora support (yeah!) -- cleaned up node attribute keys -- cleaned up README.md diff --git a/cookbooks/wordpress/CONTRIBUTING.md b/cookbooks/wordpress/CONTRIBUTING.md deleted file mode 100644 index 2db9745..0000000 --- a/cookbooks/wordpress/CONTRIBUTING.md +++ /dev/null @@ -1,20 +0,0 @@ -Contribution Guidelines -======================= - -If you would like to contribute to the Chef WordPress cookbook, -you must open a ticket in [JIRA](http://tickets.opscode.com). - -1. Create the ticket in the [COOK] (use "wordpress" for the component) -2. [Sign a CLA](http://wiki.opscode.com/display/chef/How+to+Contribute) - -- Please do NOT modify the version number -- Please do NOT update the CHANGELOG - -We will update the version number and CHANGELOG when we release a new version. - -If a contribution adds new platforms or platform versions, indicate -such in the body of the commit message(s), and update the relevant -COOK ticket. When writing commit messages, it is helpful for others if -you indicate the COOK ticket. For example: - - $ git commit -m '[COOK-1041] Updated pool resource to correctly delete.' diff --git a/cookbooks/wordpress/Gemfile b/cookbooks/wordpress/Gemfile deleted file mode 100644 index 02e31c6..0000000 --- a/cookbooks/wordpress/Gemfile +++ /dev/null @@ -1,14 +0,0 @@ -source 'https://rubygems.org' - -gem 'chef', '>= 11.12' -gem 'berkshelf', '~> 3.0' - -group :test do - gem 'foodcritic', '~> 4.0' - gem 'strainer', '~> 3.1' -end - -group :integration do - gem 'test-kitchen', '~> 1.0' - gem 'kitchen-vagrant', '~> 0.15' -end diff --git a/cookbooks/wordpress/LICENSE b/cookbooks/wordpress/LICENSE deleted file mode 100644 index 11069ed..0000000 --- a/cookbooks/wordpress/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/cookbooks/wordpress/README.md b/cookbooks/wordpress/README.md deleted file mode 100644 index 3e42565..0000000 --- a/cookbooks/wordpress/README.md +++ /dev/null @@ -1,97 +0,0 @@ -[![Build Status](https://travis-ci.org/brint/wordpress-cookbook.svg?branch=master)](https://travis-ci.org/brint/wordpress-cookbook) -[![Dependency Status](https://gemnasium.com/brint/wordpress-cookbook.svg)](https://gemnasium.com/brint/wordpress-cookbook) - -Description -=========== - -The Chef WordPress cookbook installs and configures WordPress according to the instructions at http://codex.wordpress.org/Installing_WordPress. - -Description -=========== - -This cookbook does not set up the WordPress blog. You will need to do this manually by going to http://hostname/wp-admin/install.php (this URL may be different if you change the attribute values). - -Requirements -============ - -Platform --------- - -* Ubuntu 12.04, 14.04 -* RHEL/CentOS 5, 6 -* Windows - -Cookbooks ---------- - -* mysql -* mysql_chef_gem -* php -* apache2 -* iis -* windows -* openssl (uses library to generate secure passwords) -* selinux (used to disable selinux for MySQL on RHEL-based systems) - -Attributes -========== - -### WordPress - -* `node['wordpress']['version']` - Version of WordPress to download. Use 'latest' to download most recent version. -* `node['wordpress']['parent_dir']` - Parent directory to where WordPress will be extracted. (Windows Only) -* `node['wordpress']['dir']` - Location to place WordPress files. -* `node['wordpress']['db']['root_password']` - Root password for MySQL (added for support with community cookbook version 6+) -* `node['wordpress']['db']['instance_name']` - Name of the MySQL instance to use with MySQL (community cookbook version 6+) -* `node['wordpress']['db']['name']` - Name of the WordPress MySQL database. -* `node['wordpress']['db']['user']` - Name of the WordPress MySQL user. -* `node['wordpress']['db']['pass']` - Password of the WordPress MySQL user. By default, generated using openssl cookbook. -* `node['wordpress']['db']['prefix']` - Prefix of all MySQL tables created by WordPress. -* `node['wordpress']['db']['host']` - Host of the WordPress MySQL database. -* `node['wordpress']['db']['port']` - Port of the WordPress MySQL database. -* `node['wordpress']['db']['charset']` - [Character set](http://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) of the WordPress MySQL database tables. Defaults to 'utf8'. -* `node['wordpress']['db']['collate']` - [Collation](http://dev.mysql.com/doc/refman/5.7/en/charset-collation-effect.html) of the WordPress MySQL database tables. - -* `node['wordpress']['allow_multisite']` - Enable [multisite](http://codex.wordpress.org/Create_A_Network) features (default: false). -* `node['wordpress']['wp_config_options']` - A hash of options to define in wp_config.php, output as key value pairs into a PHP constant e.g. `define( '<%= @key %>', <%= @value %> );`. Note: for values you will need to add single quotes around text but omit them for booleans and numbers. (default: {}). -* `node['wordpress']['config_perms']` - Permissions to set for a site's wp-config.php. -* `node['wordpress']['server_aliases']` - Aliases to use when setting up Virtual Host with Nginx or Apache -* `node['wordpress']['server_port']` - Port to use when setting up the Virtual Host with Nginx or Apache - -* `node['wordpress']['install']['user']` - Install user used for WordPress file permissions and the PHP-FPM user (if applicable) -* `node['wordpress']['install']['group']` - Install group used for WordPress file permissions and the PHP-FPM group (if necessary) - -* `node['wordpress']['parent_dir']` - Parent directory of where WordPress will be installed. This is used in the Windows installation to determine where the .zip will be downloaded to. -* `node['wordpress']['dir']` - Path where WordPress should be installed -* `node['wordpress']['url']` - URL to the zip or tarball installer of WordPress -* `node['wordpress']['server_name']` - Hostname used for setting up the Virtual Host configuration for your WordPress site - -* `node['wordpress']['php_options']` - Additional PHP settings for the installation. - -Usage -===== - -Add the "wordpress" recipe to your node's run list or role, or include the recipe in another cookbook. - -License and Author -================== - -* Author:: Barry Steinglass (barry@opscode.com) -* Author:: Joshua Timberman (joshua@opscode.com) -* Author:: Seth Chisamore (schisamo@opscode.com) -* Author:: Lucas Hansen (lucash@opscode.com) -* Author:: Julian C. Dunn (jdunn@getchef.com) - -Copyright:: 2010-2013, Chef Software, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/cookbooks/wordpress/Strainerfile b/cookbooks/wordpress/Strainerfile deleted file mode 100644 index de587cd..0000000 --- a/cookbooks/wordpress/Strainerfile +++ /dev/null @@ -1,3 +0,0 @@ -knife: bundle exec knife cookbook test $COOKBOOK -foodcritic: bundle exec foodcritic -f any $SANDBOX/$COOKBOOK -kitchen: bundle exec kitchen test diff --git a/cookbooks/wordpress/attributes/default.rb b/cookbooks/wordpress/attributes/default.rb deleted file mode 100644 index 92d9b86..0000000 --- a/cookbooks/wordpress/attributes/default.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Author:: Barry Steinglass () -# Author:: Koseki Kengo () -# Author:: Lucas Hansen () -# Author:: Julian C. Dunn () -# -# Cookbook Name:: wordpress -# Attributes:: wordpress -# -# Copyright 2009-2013, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# General settings -default['wordpress']['version'] = 'latest' - -default['wordpress']['db']['root_password'] = 'my_root_password' -default['wordpress']['db']['instance_name'] = 'default' -default['wordpress']['db']['name'] = "wordpressdb" -default['wordpress']['db']['user'] = "wordpressuser" -default['wordpress']['db']['pass'] = nil -default['wordpress']['db']['prefix'] = 'wp_' -default['wordpress']['db']['host'] = 'localhost' -default['wordpress']['db']['port'] = '3306' # Must be a string -default['wordpress']['db']['charset'] = 'utf8' -default['wordpress']['db']['collate'] = '' - -default['wordpress']['allow_multisite'] = false - -default['wordpress']['wp_config_options'] = {} - -default['wordpress']['config_perms'] = 0644 -default['wordpress']['server_aliases'] = [node['fqdn']] -default['wordpress']['server_port'] = '80' - -default['wordpress']['install']['user'] = node['apache']['user'] -default['wordpress']['install']['group'] = node['apache']['group'] - -# Languages -default['wordpress']['languages']['lang'] = '' -default['wordpress']['languages']['version'] = '' -default['wordpress']['languages']['repourl'] = 'http://translate.wordpress.org/projects/wp' -default['wordpress']['languages']['projects'] = ['main', 'admin', 'admin_network', 'continents_cities'] -default['wordpress']['languages']['themes'] = [] -default['wordpress']['languages']['project_pathes'] = { - 'main' => '/', - 'admin' => '/admin/', - 'admin_network' => '/admin/network/', - 'continents_cities' => '/cc/' -} -%w{ten eleven twelve thirteen fourteen fifteen sixteen seventeen eighteen nineteen twenty}.each do |year| - default['wordpress']['languages']['project_pathes']["twenty#{year}"] = "/twenty#{year}/" -end -node['wordpress']['languages']['project_pathes'].each do |project,project_path| - # http://translate.wordpress.org/projects/wp/3.5.x/admin/network/ja/default/export-translations?format=mo - default['wordpress']['languages']['urls'][project] = - node['wordpress']['languages']['repourl'] + '/' + - node['wordpress']['languages']['version'] + project_path + - node['wordpress']['languages']['lang'] + '/default/export-translations?format=mo' -end - -if node['platform'] == 'windows' - default['wordpress']['parent_dir'] = "#{ENV['SystemDrive']}\\inetpub" - default['wordpress']['dir'] = "#{node['wordpress']['parent_dir']}\\wordpress" - default['wordpress']['url'] = "https://wordpress.org/wordpress-#{node['wordpress']['version']}.zip" -else - default['wordpress']['server_name'] = node['fqdn'] - default['wordpress']['parent_dir'] = '/var/www' - default['wordpress']['dir'] = "#{node['wordpress']['parent_dir']}/wordpress" - default['wordpress']['url'] = "https://wordpress.org/wordpress-#{node['wordpress']['version']}.tar.gz" -end - -default['wordpress']['php_options'] = { 'php_admin_value[upload_max_filesize]' => '50M', 'php_admin_value[post_max_size]' => '55M' } diff --git a/cookbooks/wordpress/libraries/helpers.rb b/cookbooks/wordpress/libraries/helpers.rb deleted file mode 100644 index ce6e3fb..0000000 --- a/cookbooks/wordpress/libraries/helpers.rb +++ /dev/null @@ -1,38 +0,0 @@ -# -# Cookbook Name:: wordpress -# Library:: helpers -# Author:: Yvo van Doorn -# Author:: Julian C. Dunn -# -# Copyright 2013, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module Wordpress - module Helpers - def is_local_host?(host) - if host == 'localhost' || host == '127.0.0.1' || host == '::1' - true - else - require 'socket' - require 'resolv' - Socket.ip_address_list.map { |a| a.ip_address }.include? Resolv.getaddress host - end - end - - def self.make_db_query(user, pass, query) - %< --user=#{user} --password="#{pass}" --execute="#{query}"> - end - end -end diff --git a/cookbooks/wordpress/metadata.json b/cookbooks/wordpress/metadata.json deleted file mode 100644 index cd87efa..0000000 --- a/cookbooks/wordpress/metadata.json +++ /dev/null @@ -1,254 +0,0 @@ -{ - "name": "wordpress", - "description": "Installs/Configures WordPress", - "long_description": "[![Build Status](https://travis-ci.org/brint/wordpress-cookbook.svg?branch=master)](https://travis-ci.org/brint/wordpress-cookbook)\n[![Dependency Status](https://gemnasium.com/brint/wordpress-cookbook.svg)](https://gemnasium.com/brint/wordpress-cookbook)\n\nDescription\n===========\n\nThe Chef WordPress cookbook installs and configures WordPress according to the instructions at http://codex.wordpress.org/Installing_WordPress.\n\nDescription\n===========\n\nThis cookbook does not set up the WordPress blog. You will need to do this manually by going to http://hostname/wp-admin/install.php (this URL may be different if you change the attribute values).\n\nRequirements\n============\n\nPlatform\n--------\n\n* Ubuntu 12.04, 14.04\n* RHEL/CentOS 5, 6\n* Windows\n\nCookbooks\n---------\n\n* mysql\n* mysql_chef_gem\n* php\n* apache2\n* iis\n* windows\n* openssl (uses library to generate secure passwords)\n* selinux (used to disable selinux for MySQL on RHEL-based systems)\n\nAttributes\n==========\n\n### WordPress\n\n* `node['wordpress']['version']` - Version of WordPress to download. Use 'latest' to download most recent version.\n* `node['wordpress']['parent_dir']` - Parent directory to where WordPress will be extracted. (Windows Only)\n* `node['wordpress']['dir']` - Location to place WordPress files.\n* `node['wordpress']['db']['root_password']` - Root password for MySQL (added for support with community cookbook version 6+)\n* `node['wordpress']['db']['instance_name']` - Name of the MySQL instance to use with MySQL (community cookbook version 6+)\n* `node['wordpress']['db']['name']` - Name of the WordPress MySQL database.\n* `node['wordpress']['db']['user']` - Name of the WordPress MySQL user.\n* `node['wordpress']['db']['pass']` - Password of the WordPress MySQL user. By default, generated using openssl cookbook.\n* `node['wordpress']['db']['prefix']` - Prefix of all MySQL tables created by WordPress.\n* `node['wordpress']['db']['host']` - Host of the WordPress MySQL database.\n* `node['wordpress']['db']['port']` - Port of the WordPress MySQL database.\n* `node['wordpress']['db']['charset']` - [Character set](http://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) of the WordPress MySQL database tables. Defaults to 'utf8'.\n* `node['wordpress']['db']['collate']` - [Collation](http://dev.mysql.com/doc/refman/5.7/en/charset-collation-effect.html) of the WordPress MySQL database tables.\n\n* `node['wordpress']['allow_multisite']` - Enable [multisite](http://codex.wordpress.org/Create_A_Network) features (default: false).\n* `node['wordpress']['wp_config_options']` - A hash of options to define in wp_config.php, output as key value pairs into a PHP constant e.g. `define( '<%= @key %>', <%= @value %> );`. Note: for values you will need to add single quotes around text but omit them for booleans and numbers. (default: {}).\n* `node['wordpress']['config_perms']` - Permissions to set for a site's wp-config.php.\n* `node['wordpress']['server_aliases']` - Aliases to use when setting up Virtual Host with Nginx or Apache\n* `node['wordpress']['server_port']` - Port to use when setting up the Virtual Host with Nginx or Apache\n\n* `node['wordpress']['install']['user']` - Install user used for WordPress file permissions and the PHP-FPM user (if applicable)\n* `node['wordpress']['install']['group']` - Install group used for WordPress file permissions and the PHP-FPM group (if necessary)\n\n* `node['wordpress']['parent_dir']` - Parent directory of where WordPress will be installed. This is used in the Windows installation to determine where the .zip will be downloaded to.\n* `node['wordpress']['dir']` - Path where WordPress should be installed\n* `node['wordpress']['url']` - URL to the zip or tarball installer of WordPress\n* `node['wordpress']['server_name']` - Hostname used for setting up the Virtual Host configuration for your WordPress site\n\n* `node['wordpress']['php_options']` - Additional PHP settings for the installation.\n\nUsage\n=====\n\nAdd the \"wordpress\" recipe to your node's run list or role, or include the recipe in another cookbook.\n\nLicense and Author\n==================\n\n* Author:: Barry Steinglass (barry@opscode.com)\n* Author:: Joshua Timberman (joshua@opscode.com)\n* Author:: Seth Chisamore (schisamo@opscode.com)\n* Author:: Lucas Hansen (lucash@opscode.com)\n* Author:: Julian C. Dunn (jdunn@getchef.com)\n\nCopyright:: 2010-2013, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Brint O'Hearn", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "windows": ">= 0.0.0", - "centos": ">= 0.0.0", - "redhat": ">= 0.0.0", - "scientific": ">= 0.0.0", - "oracle": ">= 0.0.0" - }, - "dependencies": { - "php": ">= 0.0.0", - "openssl": ">= 0.0.0", - "apache2": ">= 2.0.0", - "database": ">= 1.6.0", - "mysql": ">= 6.0", - "mysql2_chef_gem": ">= 1.0.1", - "build-essential": ">= 0.0.0", - "iis": ">= 1.6.2", - "tar": ">= 0.3.1", - "nginx": ">= 0.0.0", - "php-fpm": ">= 0.0.0", - "selinux": "~> 0.7" - }, - "providing": { - - }, - "attributes": { - "WordPress/version": { - "display_name": "WordPress download version", - "description": "Version of WordPress to download from the WordPress site or 'latest' for the current release.", - "default": "latest", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/checksum": { - "display_name": "WordPress tarball checksum", - "description": "Checksum of the tarball for the version specified.", - "default": "", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/dir": { - "display_name": "WordPress installation directory", - "description": "Location to place WordPress files.", - "default": "/var/www/wordpress", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/db/database": { - "display_name": "WordPress MySQL database", - "description": "WordPress will use this MySQL database to store its data.", - "default": "wordpressdb", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/db/user": { - "display_name": "WordPress MySQL user", - "description": "WordPress will connect to MySQL using this user.", - "default": "wordpressuser", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/db/password": { - "display_name": "WordPress MySQL password", - "description": "Password for the WordPress MySQL user.", - "default": "randomly generated", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/keys/auth": { - "display_name": "WordPress auth key", - "description": "WordPress auth key.", - "default": "randomly generated", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/keys/secure_auth": { - "display_name": "WordPress secure auth key", - "description": "WordPress secure auth key.", - "default": "randomly generated", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/keys/logged_in": { - "display_name": "WordPress logged-in key", - "description": "WordPress logged-in key.", - "default": "randomly generated", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/keys/nonce": { - "display_name": "WordPress nonce key", - "description": "WordPress nonce key.", - "default": "randomly generated", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/server_aliases": { - "display_name": "WordPress Server Aliases", - "description": "WordPress Server Aliases", - "default": "FQDN", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/languages/lang": { - "display_name": "WordPress WPLANG configulation value", - "description": "WordPress WPLANG configulation value", - "default": "", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/languages/version": { - "display_name": "Version of WordPress translation file", - "description": "Version of WordPress translation file", - "default": "", - "choice": [ - - ], - "calculated": false, - "type": "string", - "required": "optional", - "recipes": [ - - ] - }, - "WordPress/languages/projects": { - "display_name": "WordPress translation projects", - "description": "WordPress translation projects", - "type": "array", - "default": [ - "main", - "admin", - "admin/network", - "cc" - ], - "choice": [ - - ], - "calculated": false, - "required": "optional", - "recipes": [ - - ] - } - }, - "recipes": { - "WordPress": "Installs and configures WordPress LAMP stack on a single system", - "WordPress::languages": "Install WordPress translation files" - }, - "version": "3.1.0", - "source_url": "", - "issues_url": "", - "privacy": false, - "chef_versions": [ - - ], - "ohai_versions": [ - - ], - "gems": [ - - ] -} diff --git a/cookbooks/wordpress/metadata.rb b/cookbooks/wordpress/metadata.rb deleted file mode 100644 index fdcf725..0000000 --- a/cookbooks/wordpress/metadata.rb +++ /dev/null @@ -1,100 +0,0 @@ -name "wordpress" -maintainer "Brint O'Hearn" -maintainer_email "cookbooks@opscode.com" -license "Apache 2.0" -description "Installs/Configures WordPress" -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "3.1.0" - -recipe "WordPress", "Installs and configures WordPress LAMP stack on a single system" -recipe "WordPress::languages", "Install WordPress translation files" - -%w{ php openssl }.each do |cb| - depends cb -end - -depends "apache2", ">= 2.0.0" -depends "database", ">= 1.6.0" -depends "mysql", ">= 6.0" -depends "mysql2_chef_gem", ">= 1.0.1" -depends "build-essential" -depends "iis", ">= 1.6.2" -depends "tar", ">= 0.3.1" -depends "nginx" -depends "php-fpm" -depends 'selinux', '~> 0.7' - -%w{ debian ubuntu windows centos redhat scientific oracle }.each do |os| - supports os -end - -attribute "WordPress/version", - :display_name => "WordPress download version", - :description => "Version of WordPress to download from the WordPress site or 'latest' for the current release.", - :default => "latest" - -attribute "WordPress/checksum", - :display_name => "WordPress tarball checksum", - :description => "Checksum of the tarball for the version specified.", - :default => "" - -attribute "WordPress/dir", - :display_name => "WordPress installation directory", - :description => "Location to place WordPress files.", - :default => "/var/www/wordpress" - -attribute "WordPress/db/database", - :display_name => "WordPress MySQL database", - :description => "WordPress will use this MySQL database to store its data.", - :default => "wordpressdb" - -attribute "WordPress/db/user", - :display_name => "WordPress MySQL user", - :description => "WordPress will connect to MySQL using this user.", - :default => "wordpressuser" - -attribute "WordPress/db/password", - :display_name => "WordPress MySQL password", - :description => "Password for the WordPress MySQL user.", - :default => "randomly generated" - -attribute "WordPress/keys/auth", - :display_name => "WordPress auth key", - :description => "WordPress auth key.", - :default => "randomly generated" - -attribute "WordPress/keys/secure_auth", - :display_name => "WordPress secure auth key", - :description => "WordPress secure auth key.", - :default => "randomly generated" - -attribute "WordPress/keys/logged_in", - :display_name => "WordPress logged-in key", - :description => "WordPress logged-in key.", - :default => "randomly generated" - -attribute "WordPress/keys/nonce", - :display_name => "WordPress nonce key", - :description => "WordPress nonce key.", - :default => "randomly generated" - -attribute "WordPress/server_aliases", - :display_name => "WordPress Server Aliases", - :description => "WordPress Server Aliases", - :default => "FQDN" - -attribute "WordPress/languages/lang", - :display_name => "WordPress WPLANG configulation value", - :description => "WordPress WPLANG configulation value", - :default => "" - -attribute "WordPress/languages/version", - :display_name => "Version of WordPress translation file", - :description => "Version of WordPress translation file", - :default => "" - -attribute "WordPress/languages/projects", - :display_name => "WordPress translation projects", - :description => "WordPress translation projects", - :type => "array", - :default => ["main", "admin", "admin/network", "cc"] diff --git a/cookbooks/wordpress/recipes/apache.rb b/cookbooks/wordpress/recipes/apache.rb deleted file mode 100644 index 88acc03..0000000 --- a/cookbooks/wordpress/recipes/apache.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Cookbook Name:: wordpress -# Recipe:: apache -# -# Copyright 2009-2010, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe "php" - -# On Windows PHP comes with the MySQL Module and we use IIS on Windows -unless platform? "windows" - include_recipe "php::module_mysql" - include_recipe "apache2" - include_recipe "apache2::mod_php5" -end - -include_recipe "wordpress::app" - -if platform?('windows') - - include_recipe 'iis::remove_default_site' - - iis_pool 'WordpressPool' do - no_managed_code true - action :add - end - - iis_site 'Wordpress' do - protocol :http - port 80 - path node['wordpress']['dir'] - application_pool 'WordpressPool' - action [:add,:start] - end -else - web_app "wordpress" do - template "wordpress.conf.erb" - docroot node['wordpress']['dir'] - server_name node['wordpress']['server_name'] - server_aliases node['wordpress']['server_aliases'] - server_port node['wordpress']['server_port'] - enable true - end -end diff --git a/cookbooks/wordpress/recipes/app.rb b/cookbooks/wordpress/recipes/app.rb deleted file mode 100644 index b3d9f41..0000000 --- a/cookbooks/wordpress/recipes/app.rb +++ /dev/null @@ -1,90 +0,0 @@ -# -# Cookbook Name:: wordpress -# Recipe:: app -# -# Copyright 2009-2010, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe "wordpress::database" - -::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) -node.set_unless['wordpress']['keys']['auth'] = secure_password -node.set_unless['wordpress']['keys']['secure_auth'] = secure_password -node.set_unless['wordpress']['keys']['logged_in'] = secure_password -node.set_unless['wordpress']['keys']['nonce'] = secure_password -node.set_unless['wordpress']['salt']['auth'] = secure_password -node.set_unless['wordpress']['salt']['secure_auth'] = secure_password -node.set_unless['wordpress']['salt']['logged_in'] = secure_password -node.set_unless['wordpress']['salt']['nonce'] = secure_password -node.save unless Chef::Config[:solo] - -directory node['wordpress']['dir'] do - action :create - recursive true - if platform_family?('windows') - rights :read, 'Everyone' - else - owner node['wordpress']['install']['user'] - group node['wordpress']['install']['group'] - mode '00755' - end -end - -archive = platform_family?('windows') ? 'wordpress.zip' : 'wordpress.tar.gz' - -if platform_family?('windows') - windows_zipfile node['wordpress']['parent_dir'] do - source node['wordpress']['url'] - action :unzip - not_if {::File.exists?("#{node['wordpress']['dir']}\\index.php")} - end -else - tar_extract node['wordpress']['url'] do - target_dir node['wordpress']['dir'] - creates File.join(node['wordpress']['dir'], 'index.php') - user node['wordpress']['install']['user'] - group node['wordpress']['install']['group'] - tar_flags [ '--strip-components 1' ] - not_if { ::File.exists?("#{node['wordpress']['dir']}/index.php") } - end -end - -template "#{node['wordpress']['dir']}/wp-config.php" do - source 'wp-config.php.erb' - mode node['wordpress']['config_perms'] - variables( - :db_name => node['wordpress']['db']['name'], - :db_user => node['wordpress']['db']['user'], - :db_password => node['wordpress']['db']['pass'], - :db_host => node['wordpress']['db']['host'], - :db_prefix => node['wordpress']['db']['prefix'], - :db_charset => node['wordpress']['db']['charset'], - :db_collate => node['wordpress']['db']['collate'], - :auth_key => node['wordpress']['keys']['auth'], - :secure_auth_key => node['wordpress']['keys']['secure_auth'], - :logged_in_key => node['wordpress']['keys']['logged_in'], - :nonce_key => node['wordpress']['keys']['nonce'], - :auth_salt => node['wordpress']['salt']['auth'], - :secure_auth_salt => node['wordpress']['salt']['secure_auth'], - :logged_in_salt => node['wordpress']['salt']['logged_in'], - :nonce_salt => node['wordpress']['salt']['nonce'], - :lang => node['wordpress']['languages']['lang'], - :allow_multisite => node['wordpress']['allow_multisite'], - :wp_config_options => node['wordpress']['wp_config_options'] - ) - owner node['wordpress']['install']['user'] - group node['wordpress']['install']['group'] - action :create -end diff --git a/cookbooks/wordpress/recipes/database.rb b/cookbooks/wordpress/recipes/database.rb deleted file mode 100644 index cdbac48..0000000 --- a/cookbooks/wordpress/recipes/database.rb +++ /dev/null @@ -1,97 +0,0 @@ -# -# Cookbook Name:: wordpress -# Recipe:: database -# Author:: Lucas Hansen () -# Author:: Julian C. Dunn () -# Author:: Craig Tracey () -# -# Copyright (C) 2013, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -mysql_client 'default' do - action :create - not_if { node['platform_family'] == 'windows' } -end - -mysql2_chef_gem 'default' do - action :install -end - -::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) -::Chef::Recipe.send(:include, Wordpress::Helpers) - -node.set_unless['wordpress']['db']['pass'] = secure_password -node.save unless Chef::Config[:solo] - -db = node['wordpress']['db'] - -if is_local_host? db['host'] - - # The following is required for the mysql community cookbook to work properly - include_recipe 'selinux::disabled' if node['platform_family'] == 'rhel' - - mysql_service db['instance_name'] do - port db['port'] - initial_root_password db['root_password'] - action [:create, :start] - end - - socket = "/var/run/mysql-#{db['instance_name']}/mysqld.sock" - - if node['platform_family'] == 'debian' - directory "/var/run/mysqld" do - action :create - owner "mysql" - group "mysql" - end - link '/var/run/mysqld/mysqld.sock' do - to socket - not_if 'test -f /var/run/mysqld/mysqld.sock' - end - elsif node['platform_family'] == 'rhel' - link '/var/lib/mysql/mysql.sock' do - to socket - not_if 'test -f /var/lib/mysql/mysql.sock' - end - end - - mysql_connection_info = { - :host => 'localhost', - :username => 'root', - :socket => socket, - :password => db['root_password'] - } - - mysql_database db['name'] do - connection mysql_connection_info - action :create - end - - mysql_database_user db['user'] do - connection mysql_connection_info - password db['pass'] - host db['host'] - database_name db['name'] - action :create - end - - mysql_database_user db['user'] do - connection mysql_connection_info - database_name db['name'] - privileges [:all] - action :grant - end - -end diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb deleted file mode 100644 index 39636ec..0000000 --- a/cookbooks/wordpress/recipes/default.rb +++ /dev/null @@ -1,20 +0,0 @@ -# -# Cookbook Name:: wordpress -# Recipe:: default -# -# Copyright 2009-2010, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe "wordpress::apache" diff --git a/cookbooks/wordpress/recipes/languages.rb b/cookbooks/wordpress/recipes/languages.rb deleted file mode 100644 index 54a5aac..0000000 --- a/cookbooks/wordpress/recipes/languages.rb +++ /dev/null @@ -1,64 +0,0 @@ -# -# Cookbook Name:: wordpress -# Recipe:: languages -# Author:: Koseki Kengo -# -# Copyright 2013, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe "wordpress" - -directory "#{node['wordpress']['dir']}/wp-content/languages" do - owner "root" - group "root" - mode "0755" - action :create - recursive true -end - -unless node['wordpress']['languages']['lang'].to_s.empty? && - node['wordpress']['languages']['version'].to_s.empty? - urls = node['wordpress']['languages']['urls'] - node['wordpress']['languages']['projects'].to_a.each do |project| - next unless urls[project] - - file = "#{node['wordpress']['dir']}/wp-content/languages/" - file += "#{project.tr('_', '-')}-" if project != 'main' - file += "#{node['wordpress']['languages']['lang']}.mo" - - remote_file file do - source urls[project] - owner "root" - group "root" - mode "0644" - action :create_if_missing - end - end - - node['wordpress']['languages']['themes'].to_a.each do |project| - next unless urls[project] - - file = "#{node['wordpress']['dir']}/wp-content/themes/#{project}/languages/" - file += "#{node['wordpress']['languages']['lang']}.mo" - - remote_file file do - source urls[project] - owner "root" - group "root" - mode "0644" - action :create_if_missing - end - end -end diff --git a/cookbooks/wordpress/recipes/nginx.rb b/cookbooks/wordpress/recipes/nginx.rb deleted file mode 100644 index 7820a2b..0000000 --- a/cookbooks/wordpress/recipes/nginx.rb +++ /dev/null @@ -1,62 +0,0 @@ -# -# Cookbook Name:: wordpress -# Recipe:: nginx -# -# Copyright 2009-2010, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -node.set_unless['php-fpm']['pools'] = [] - -include_recipe "php-fpm" - -php_fpm_pool "wordpress" do - listen "127.0.0.1:9001" - user node['wordpress']['install']['user'] - group node['wordpress']['install']['group'] - if node['platform'] == 'ubuntu' and node['platform_version'] == '10.04' - process_manager 'dynamic' - end - listen_owner node['wordpress']['install']['user'] - listen_group node['wordpress']['install']['group'] - php_options node['wordpress']['php_options'] - start_servers 5 -end - -include_recipe "php::module_mysql" - -node.set_unless['nginx']['default_site_enabled'] = false -include_recipe "nginx" - -include_recipe "wordpress::app" - -template "#{node['nginx']['dir']}/sites-enabled/wordpress.conf" do - source "nginx.conf.erb" - variables( - :docroot => node['wordpress']['dir'], - :server_name => node['wordpress']['server_name'], - :server_aliases => node['wordpress']['server_aliases'], - :server_port => node['wordpress']['server_port'] - ) - action :create -end - -# The following block is specifically for OS's like CentOS that include a -# default site as a part of the install. This block will only be triggered if -# node['nginx']['default_site_enable'] is set to false. -file File.join(node['nginx']['dir'], 'conf.d', 'default.conf') do - action :delete - notifies :reload, 'service[nginx]' - only_if { node['platform_family'] == 'rhel' && !node['nginx']['default_site_enabled'] } -end diff --git a/cookbooks/wordpress/templates/default/nginx.conf.erb b/cookbooks/wordpress/templates/default/nginx.conf.erb deleted file mode 100644 index 8b19b5a..0000000 --- a/cookbooks/wordpress/templates/default/nginx.conf.erb +++ /dev/null @@ -1,21 +0,0 @@ -server { - listen <%= @server_port %>; - server_name <%= @server_name %> <%= @server_aliases.join(" ") %>; - - access_log /var/log/nginx/<%= @server_name %>.access.log; - error_log /var/log/nginx/<%= @server_name %>.error.log; - - root <%= @docroot %>; - index index.php; - - location / { - try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass 127.0.0.1:9001; - fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name; - } -} diff --git a/cookbooks/wordpress/templates/default/wordpress.conf.erb b/cookbooks/wordpress/templates/default/wordpress.conf.erb deleted file mode 100644 index 2fc691b..0000000 --- a/cookbooks/wordpress/templates/default/wordpress.conf.erb +++ /dev/null @@ -1,31 +0,0 @@ -> - ServerName <%= @params[:server_name] %> - ServerAlias <% @params[:server_aliases].each do |a| %><%= a %> <% end %> - DocumentRoot <%= @params[:docroot] %> - - > - Options FollowSymLinks - AllowOverride FileInfo Options - <% if node['apache']['version'] == '2.4' %> - Require all granted - <% else %> - Order allow,deny - Allow from all - <% end %> - - - - Options FollowSymLinks - AllowOverride None - - - LogLevel info - ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log - CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined - - RewriteEngine On -<% unless node['apache']['version'] == '2.4' %> - RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log - RewriteLogLevel 0 -<% end %> - diff --git a/cookbooks/wordpress/templates/default/wp-config.php.erb b/cookbooks/wordpress/templates/default/wp-config.php.erb deleted file mode 100644 index ef157d9..0000000 --- a/cookbooks/wordpress/templates/default/wp-config.php.erb +++ /dev/null @@ -1,99 +0,0 @@ -'); - -/** MySQL database username */ -define('DB_USER', '<%= @db_user %>'); - -/** MySQL database password */ -define('DB_PASSWORD', '<%= @db_password %>'); - -/** MySQL hostname */ -define('DB_HOST', '<%= @db_host %>'); - -/** Database Charset to use in creating database tables. */ -define('DB_CHARSET', '<%= @db_charset %>'); - -/** The Database Collate type. Don't change this if in doubt. */ -define('DB_COLLATE', '<%= @db_collate %>'); - -/**#@+ - * Authentication Unique Keys and Salts. - * - * Change these to different unique phrases! - * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} - * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. - * - * @since 2.6.0 - */ -define('AUTH_KEY', '<%= @auth_key %>'); -define('SECURE_AUTH_KEY', '<%= @secure_auth_key %>'); -define('LOGGED_IN_KEY', '<%= @logged_in_key %>'); -define('NONCE_KEY', '<%= @nonce_key %>'); -define('AUTH_SALT', '<%= @auth_salt %>'); -define('SECURE_AUTH_SALT', '<%= @secure_auth_salt %>'); -define('LOGGED_IN_SALT', '<%= @logged_in_salt %>'); -define('NONCE_SALT', '<%= @nonce_salt %>'); - -/**#@-*/ - -/** - * WordPress Database Table prefix. - * - * You can have multiple installations in one database if you give each a unique - * prefix. Only numbers, letters, and underscores please! - */ -$table_prefix = '<%= @db_prefix %>'; - -/** - * WordPress Localized Language, defaults to English. - * - * Change this to localize WordPress. A corresponding MO file for the chosen - * language must be installed to wp-content/languages. For example, install - * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German - * language support. - */ -define('WPLANG', '<%= @lang %>'); - -/** - * For developers: WordPress debugging mode. - * - * Change this to true to enable the display of notices during development. - * It is strongly recommended that plugin and theme developers use WP_DEBUG - * in their development environments. - */ -define('WP_DEBUG', false); - -<% if @allow_multisite %> -/* Multisite */ -define( 'WP_ALLOW_MULTISITE', true ); -<% end %> - -<% @wp_config_options.each do |key,value| %> -define( '<%= key %>', <%= value %> ); -<% end %> - -/* That's all, stop editing! Happy blogging. */ - -/** Absolute path to the WordPress directory. */ -if ( !defined('ABSPATH') ) - define('ABSPATH', dirname(__FILE__) . '/'); - -/** Sets up WordPress vars and included files. */ -require_once(ABSPATH . 'wp-settings.php'); diff --git a/cookbooks/wordpress/test/integration/default/bats/verify_default.bats b/cookbooks/wordpress/test/integration/default/bats/verify_default.bats deleted file mode 100644 index 538cb6e..0000000 --- a/cookbooks/wordpress/test/integration/default/bats/verify_default.bats +++ /dev/null @@ -1,4 +0,0 @@ -@test "check for wordpress install" { - export welcome="WordPress.*[Ii]nstallation" - wget -O - http://localhost/wp-admin/install.php | egrep "${welcome}" -} diff --git a/cookbooks/wordpress/test/integration/nginx/bats/verify_default.bats b/cookbooks/wordpress/test/integration/nginx/bats/verify_default.bats deleted file mode 100644 index 538cb6e..0000000 --- a/cookbooks/wordpress/test/integration/nginx/bats/verify_default.bats +++ /dev/null @@ -1,4 +0,0 @@ -@test "check for wordpress install" { - export welcome="WordPress.*[Ii]nstallation" - wget -O - http://localhost/wp-admin/install.php | egrep "${welcome}" -} diff --git a/cookbooks/xml/CHANGELOG.md b/cookbooks/xml/CHANGELOG.md deleted file mode 100644 index c0dedd4..0000000 --- a/cookbooks/xml/CHANGELOG.md +++ /dev/null @@ -1,125 +0,0 @@ -# xml Cookbook CHANGELOG - -This file is used to list changes made in each version of the xml cookbook. - -## 3.1.2 (2017-05-30) - -- Fix Amazon linux support on Chef 13 - -## 3.1.1 (2017-01-16) - -- Use the right priority to set compile_time attribute - -## 3.1.0 (2016-12-07) - -- Move the build essential compile time setting to attributes file -- Remove the Chef 11 compatibility check in chef_gem -- Remove support for Arch since it's not a supported Chef platform -- If no packages are defined log a warning instead of failing hard -- Add specs for all supported platforms and windows - -## 3.0.0 (2016-09-07) - -- Make sure to install zlib-devel on RHEL -- Testing updates -- Require Chef 12.1 and use multipackage to speed up installs -- Don't use chef-sugar since it wasn't necessary - -## v2.0.0 (2015-12-07) - -- The 1.3.1 release pinned the nokogiri gem version to 1.6.2.1 to avoid compilation failure that occured at some point in time. The cookbook also prevented the user from setting the version attribute to a modern nokogiri release. Nokogiri no longer fails to install so there is no longer a reason to pin or gate the versions. This release removes the version attribute and instead installs the latest version, but still allows the user to set the version attribute to pin to a specific version. - -## v1.3.1 (2015-10-12) - -- Fixed compile errors on Chef 11 -- Added an empty array of packages for unknown systems to prevent failures on Windows and other operating systems - -## v1.3.0 (2015-10-06) - -- Added zlib1g-dev on Ubuntu / Debian to fix compiles -- Add support for OS X -- Add source_url and issues_url to metadata.rb for Supermarket -- Updated readme to reflect that use_system_libraries actually defaults to false -- Use compile_time attribute with chef_gem to avoid deprecation warnings -- Update Chefspec tests to 4.X format -- Add additional platforms to the Kitchen CI config -- Use the standard Rubocop config and resolve all warnings -- Add Ruby 2.1/2.2 to Travis and remove Ruby 1.9.3 -- Update Berksfile to 3.X format -- Update contributing and testing docs -- Update and expand testing dependencies in the Gemfile -- Add maintainers.md and maintainers.toml files -- Add cookbook version badge to the readme -- Add Chef and platform requirements to the readme -- Add Rakfile for simplified testing -- Remove yum and build-essential from the Berksfile since these didn't need to be there -- Update .gitignore and add chefignore to prevent extra files from being uploaded to the Chef server - -## v1.2.13 (2014-02-18) - -- Reverting compile_time work - -## v1.2.12 (2014-02-18) - -- Fixing last patch to play nicely with Chef Sugar - -## v1.2.11 (2014-02-18) - -- Fixing chef_gem for Chef below 12.1.0 - -## v1.2.10 (2014-02-17) - -- Being explicit about usage of the chef_gem's compile_time property. -- Eliminating future deprecation warnings in Chef 12.1.0. - -## v1.2.9 (2014-12-10) - -- Re-release with stove 3.2.2 to get a metadata.rb - -## v1.2.8 (2014-12-09) - -- [#11] Fix warning message from build-essential -- [#13] pin nokogiri to a working version - -## v1.2.6 (2014-06-17) - -- [COOK-4468] Only set ENV variable when needed - -## v1.2.4 (2014-03-27) - -- [COOK-4474] - Bump apt and yum versions in Berksfile, Lock to build-essentials 1.4 -- [COOK-4468] - Set NOKOGIRI_USE_SYSTEM_LIBRARIES env variable - -## v1.2.2 (2014-02-27) - -[COOK-4382] - Fix xml cookbook spec test [COOK-4304] - Set proper packages for SUSE 11 - -## v1.2.1 - -### Improvement - -- [COOK-4304](https://tickets.chef.io/browse/COOK-4304) - Now sets proper packages for SUSE 11 - -## v1.2.0 - -### Improvement - -- **[COOK-3462](https://tickets.chef.io/browse/COOK-3462)** - Allow installing packages during compile time - -## v1.1.2 - -- [COOK-2059] - missing dependency on build-essential - -## v1.1.0 - -- [COOK-1826] - support nokogiri chef_gem -- [COOK-1902] - add support for archlinux - -## v1.0.4 - -- [COOK-1232] - add xslt to xml cookbook - -## v1.0.2 - -- [COOK-953] - Add FreeBSD support -- [COOK-775] - Add Amazon Linux support diff --git a/cookbooks/xml/CONTRIBUTING.md b/cookbooks/xml/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/xml/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/xml/MAINTAINERS.md b/cookbooks/xml/MAINTAINERS.md deleted file mode 100644 index 645ed14..0000000 --- a/cookbooks/xml/MAINTAINERS.md +++ /dev/null @@ -1,15 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/xml/README.md b/cookbooks/xml/README.md deleted file mode 100644 index 6270dd0..0000000 --- a/cookbooks/xml/README.md +++ /dev/null @@ -1,68 +0,0 @@ -# XML Cookbook - -[![Build Status](https://travis-ci.org/chef-cookbooks/xml.svg?branch=master)](http://travis-ci.org/chef-cookbooks/xml) [![Cookbook Version](http://img.shields.io/cookbook/v/xml.svg)](https://supermarket.chef.io/cookbooks/xml) - -Installs development package for libxml. - -## DEPRECATED - -nokogiri is now included in Chef so this cookbook has been deprecated. If a more useful purpose can be come up with for the namespace we will gladly revive it - -## Requirements - -### Platforms - -- Debian/Ubuntu -- RHEL/CentOS/Scientific/Amazon/Oracle -- Suse -- FreeBSD - -### Chef - -- Chef 12.1+ - -### Cookbooks - -- build-essential - -## Attributes - -- `node['xml']['packages']` - Array of package names that should be installed -- `node['xml']['nokogiri']['use_system_libraries']` - Whether to use system libraries for nokogiri (defaults to `false`) - -## Recipes - -### default - -Installs the development packages for libxml2 and libxslt. - -For installing the packages during compile time: - -```ruby -node.normal['xml']['compiletime'] = true -include_recipe 'xml::default' -``` - -### ruby - -Installs the nokogiri gem into Chef's Ruby environment so it can be used in recipes. If nokogiri is being installed using the system's libxml package your distro must include version 2.6.21 or later. Due to this Debian 7 or earlier / Ubuntu 12.04 or earlier will not work with the system library attribute enabled. - -## License & Authors - -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) - -**Copyright:** 2009-2016, Chef Software, Inc. - -``` -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` diff --git a/cookbooks/xml/attributes/default.rb b/cookbooks/xml/attributes/default.rb deleted file mode 100644 index 3ea5a3c..0000000 --- a/cookbooks/xml/attributes/default.rb +++ /dev/null @@ -1,36 +0,0 @@ -# -# Cookbook:: xml -# Attributes:: default -# -# Copyright:: 2009-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -default['xml']['compiletime'] = false - -case node['platform_family'] -when 'rhel', 'fedora', 'suse', 'amazon' - default['xml']['packages'] = %w(libxml2-devel libxslt-devel zlib-devel) -when 'debian' - default['xml']['packages'] = %w(libxml2-dev libxslt-dev zlib1g-dev) -when 'freebsd' - default['xml']['packages'] = %w(libxml2 libxslt) -when 'mac_os_x' - default['xml']['packages'] = %w(libxml2) -else - default['xml']['packages'] = [] -end - -default['xml']['nokogiri']['use_system_libraries'] = false -default['xml']['nokogiri']['version'] = nil diff --git a/cookbooks/xml/attributes/ruby.rb b/cookbooks/xml/attributes/ruby.rb deleted file mode 100644 index 918601f..0000000 --- a/cookbooks/xml/attributes/ruby.rb +++ /dev/null @@ -1 +0,0 @@ -default['build-essential']['compile_time'] = true diff --git a/cookbooks/xml/metadata.json b/cookbooks/xml/metadata.json deleted file mode 100644 index 3f6f21e..0000000 --- a/cookbooks/xml/metadata.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"xml","version":"3.1.2","description":"Installs xml","long_description":"# XML Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/xml.svg?branch=master)](http://travis-ci.org/chef-cookbooks/xml) [![Cookbook Version](http://img.shields.io/cookbook/v/xml.svg)](https://supermarket.chef.io/cookbooks/xml)\n\nInstalls development package for libxml.\n\n## DEPRECATED\n\nnokogiri is now included in Chef so this cookbook has been deprecated. If a more useful purpose can be come up with for the namespace we will gladly revive it\n\n## Requirements\n\n### Platforms\n\n- Debian/Ubuntu\n- RHEL/CentOS/Scientific/Amazon/Oracle\n- Suse\n- FreeBSD\n\n### Chef\n\n- Chef 12.1+\n\n### Cookbooks\n\n- build-essential\n\n## Attributes\n\n- `node['xml']['packages']` - Array of package names that should be installed\n- `node['xml']['nokogiri']['use_system_libraries']` - Whether to use system libraries for nokogiri (defaults to `false`)\n\n## Recipes\n\n### default\n\nInstalls the development packages for libxml2 and libxslt.\n\nFor installing the packages during compile time:\n\n```ruby\nnode.normal['xml']['compiletime'] = true\ninclude_recipe 'xml::default'\n```\n\n### ruby\n\nInstalls the nokogiri gem into Chef's Ruby environment so it can be used in recipes. If nokogiri is being installed using the system's libxml package your distro must include version 2.6.21 or later. Due to this Debian 7 or earlier / Ubuntu 12.04 or earlier will not work with the system library attribute enabled.\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","freebsd":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","suse":">= 0.0.0","ubuntu":">= 0.0.0"},"dependencies":{"build-essential":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"xml":"Installs libxml development packages"},"source_url":"https://github.com/chef-cookbooks/xml","issues_url":"https://github.com/chef-cookbooks/xml/issues","chef_version":[[">= 12.1"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/xml/recipes/default.rb b/cookbooks/xml/recipes/default.rb deleted file mode 100644 index 470b974..0000000 --- a/cookbooks/xml/recipes/default.rb +++ /dev/null @@ -1,27 +0,0 @@ -# -# Cookbook:: xml -# Recipe:: default -# -# Copyright:: 2010-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -if node['xml']['packages'].empty? - Chef::Log.warn("No XML packages defined for installation in node['xml']['packages'] for your platform.") -else - r = package node['xml']['packages'] do - action(node['xml']['compiletime'] ? :nothing : :install) - end - r.run_action(:install) if node['xml']['compiletime'] -end diff --git a/cookbooks/xml/recipes/ruby.rb b/cookbooks/xml/recipes/ruby.rb deleted file mode 100644 index 029f8ec..0000000 --- a/cookbooks/xml/recipes/ruby.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Cookbook:: xml -# Recipe:: ruby -# -# Author:: Joseph Holsten () -# -# Copyright:: 2008-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -execute 'apt-get update' do - ignore_failure true - action :nothing -end.run_action(:run) if 'debian' == node['platform_family'] - -node.default['xml']['compiletime'] = true -include_recipe 'build-essential::default' -include_recipe 'xml::default' - -if node['xml']['nokogiri']['use_system_libraries'] - ENV['NOKOGIRI_USE_SYSTEM_LIBRARIES'] = node['xml']['nokogiri']['use_system_libraries'].to_s -end - -chef_gem 'nokogiri' do - version node['xml']['nokogiri']['version'] if node['xml']['nokogiri']['version'] - action :install - compile_time true -end diff --git a/cookbooks/yum-epel/CHANGELOG.md b/cookbooks/yum-epel/CHANGELOG.md index fcf4def..08b13d6 100644 --- a/cookbooks/yum-epel/CHANGELOG.md +++ b/cookbooks/yum-epel/CHANGELOG.md @@ -1,42 +1,162 @@ -yum-epel Cookbook CHANGELOG -====================== -This file is used to list changes made in each version of the yum-centos cookbook. +# yum-epel Cookbook CHANGELOG + +This file is used to list changes made in each version of the yum-epel cookbook. + +## 3.3.0 (2018-10-09) + +- Fix cookbook to work on all releases of Amazon Linux 2 +- Test on Amazon Linux 2 in specs and in Travis + +## 3.2.0 (2018-07-24) + +- Support EPEL on ARM32. + +## 3.1.0 (2018-02-26) + +- Add support for Amazon Linux 2.0 + +## 3.0.0 (2018-02-16) + +- Require Chef 12.14+ and remove the compat_resource dependency + +## 2.1.2 (2017-06-15) + +- Switch from Rake testing to Local Delivery +- Update apache2 license string to be a SPDX compliant string +- Change yum repo location of gpgkey to download.fedoraproject.org instead of dl.fedoraproject.org +- Avoid chefspec deprecations and speed up specs + +## 2.1.1 (2017-01-05) + +- Revert how mirror list strings are generated to fix RHEL 7 + +## 2.1.0 (2016-12-22) + +- Test in Travis using the current build of chef/chef docker image +- Test on older Chef +- allow the use of any valid property via attributes +- fixing tests +- output versions in the job that is being ran +- cops + +## 2.0.0 (2016-11-26) + +- Clarify that we require Chef 12.1+ not 12.0+ +- Use compat_resource instead of the yum cookbook +- Add integration testing with inspec + +## 1.0.2 (2016-10-21) + +- Remove upper bound on yum constraint + +## 1.0.1 (2016-09-11) + +- Fix epel-testing attributes + +## 1.0.0 (2016-09-06) + +- Add chef_version metadata +- Testing updates +- Remove support for Chef 11 + +## v0.7.1 (2016-08-19) + +- Remove bats testing +- Fix attribute settings +- Cleanup travis file + +## v0.7.0 (2016-04-27) + +- Added support for IBM zlinux platform +- Added back the Test Kitchen support for local vagrant testing +- Added long_description to the metadata +- Loosen the dependency on the yum cookbook + +## v0.6.5 + +- updated to use `make_cache` option that yum cookbook allows for the yum resource to use. + +## v0.6.5 (2015-11-23) + +- Fix setting bool false properties + +## v0.6.4 (2015-10-27) + +- Updating default recipe for Chef 13 deprecation warnings. Not +- passing nil. + +## v0.6.3 (2015-09-22) + +- Added standard Chef gitignore and chefignore files +- Added the standard chef rubocop config +- Update contributing, maintainers, and testing docs +- Update Chefspec config to 4.X format +- Update distro versions in the Kitchen config +- Add Travis CI and cookbook version badges in the readme +- Expand the requirements section in the readme +- Add additional distros to the metadata +- Added source_url and issues_url metadata + +## v0.6.2 (2015-06-21) + +- Depending on yum ~> 3.2 +- Support for the password attribute wasn't added to the +- yum_repository LWRP until yum 3.2.0. + +## v0.6.1 (2015-06-21) + +- Switching to https for URL links +- Using metalink URLs + +## v0.6.0 (2015-01-03) + +- Adding EL7 support + +## v0.5.3 (2014-10-28) + +- Revert Use HTTPS for GPG keys and mirror lists + +## v0.5.2 (2014-10-28) + +- Use HTTPS for GPG keys and mirror lists +- Use local key on Amazon Linux + +## v0.5.0 (2014-09-02) + +- Add all attribute available to LWRP to allow for tuning. + +## v0.4.0 (2014-07-27) + +- [#9] Allowing list of repositories to reference configurable. + +## v0.3.6 (2014-04-09) -v0.3.6 (2014-04-09) -------------------- - [COOK-4509] add RHEL7 support to yum-epel cookbook +## v0.3.4 (2014-02-19) -v0.3.4 (2014-02-19) -------------------- COOK-4353 - Fixing typo in readme +## v0.3.2 (2014-02-13) -v0.3.2 (2014-02-13) -------------------- Updating README to explain the 'managed' parameter +## v0.3.0 (2014-02-12) -v0.3.0 (2014-02-12) -------------------- [COOK-4292] - Do not manage secondary repos by default +## v0.2.0 -v0.2.0 ------- Adding Amazon Linux support +## v0.1.6 -v0.1.6 ------- Fixing up attribute values for EL6 +## v0.1.4 -v0.1.4 ------- Adding CHANGELOG.md +## v0.1.0 -v0.1.0 ------- initial release diff --git a/cookbooks/iis/CONTRIBUTING.md b/cookbooks/yum-epel/CONTRIBUTING.md similarity index 100% rename from cookbooks/iis/CONTRIBUTING.md rename to cookbooks/yum-epel/CONTRIBUTING.md diff --git a/cookbooks/yum-epel/README.md b/cookbooks/yum-epel/README.md index c4550f3..734d106 100644 --- a/cookbooks/yum-epel/README.md +++ b/cookbooks/yum-epel/README.md @@ -1,91 +1,111 @@ -yum-epel Cookbook -============ +# yum-epel Cookbook -The yum-epel cookbook takes over management of the default -repositoryids shipped with epel-release. It allows attribute -manipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`, -`epel-testing-debuginfo`, and `epel-testing-source`. +[![Build Status](https://travis-ci.org/chef-cookbooks/yum-epel.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-epel) [![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel) -Requirements ------------- -* Chef 11 or higher -* yum cookbook version 3.0.0 or higher +Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL). + +The yum-epel cookbook takes over management of the default repositoryids shipped with epel-release. It allows attribute manipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`, `epel-testing-debuginfo`, and `epel-testing-source`. + +## Requirements + +### Platforms + +- RHEL/CentOS and derivatives + +### Chef + +- Chef 12.14+ + +### Cookbooks + +- none + +## Attributes -Attributes ----------- The following attributes are set by default -``` ruby +```ruby +default['yum-epel']['repos'] = %w( + epel + epel-debuginfo + epel-source + epel-testing + epel-testing-debuginfo + epel-testing-source +) +``` + +```ruby default['yum']['epel']['repositoryid'] = 'epel' default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' -default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +default['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' default['yum']['epel']['failovermethod'] = 'priority' default['yum']['epel']['gpgcheck'] = true default['yum']['epel']['enabled'] = true default['yum']['epel']['managed'] = true ``` -``` ruby +```ruby default['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo' default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug' default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch' -default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +default['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' default['yum']['epel-debuginfo']['failovermethod'] = 'priority' default['yum']['epel-debuginfo']['gpgcheck'] = true default['yum']['epel-debuginfo']['enabled'] = false default['yum']['epel-debuginfo']['managed'] = false ``` -``` ruby +```ruby default['yum']['epel-source']['repositoryid'] = 'epel-source' default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source' default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch' -default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +default['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' default['yum']['epel-source']['failovermethod'] = 'priority' default['yum']['epel-source']['gpgcheck'] = true default['yum']['epel-source']['enabled'] = false default['yum']['epel-source']['managed'] = false ``` -``` ruby +```ruby default['yum']['epel-testing']['repositoryid'] = 'epel-testing' default['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch' default['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch' -default['yum']['epel-testing']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r' +default['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r' default['yum']['epel-testing']['failovermethod'] = 'priority' default['yum']['epel-testing']['gpgcheck'] = true default['yum']['epel-testing']['enabled'] = false default['yum']['epel-testing']['managed'] = false ``` -``` ruby +```ruby default['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo' default['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug' default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch' -default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' default['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority' default['yum']['epel-testing-debuginfo']['gpgcheck'] = true default['yum']['epel-testing-debuginfo']['enabled'] = false default['yum']['epel-testing-debuginfo']['managed'] = false ``` -``` ruby +```ruby default['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source' default['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source' default['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch' -default['yum']['epel-testing-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +default['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' default['yum']['epel-testing-source']['failovermethod'] = 'priority' default['yum']['epel-testing-source']['gpgcheck'] = true default['yum']['epel-testing-source']['enabled'] = false default['yum']['epel-testing-source']['managed'] = false ``` -Recipes -------- -* default - Walks through node attributes and feeds a yum_resource - parameters. The following is an example a resource generated by the - recipe during compilation. +## Recipes + +- default - Walks through node attributes and feeds a yum_resource +- parameters. The following is an example a resource generated by the +- recipe during compilation. ```ruby yum_repository 'epel' do @@ -93,12 +113,12 @@ Recipes description 'Extra Packages for Enterprise Linux 5 - $basearch' enabled true gpgcheck true - gpgkey 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' + gpgkey 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' end ``` -Usage Example -------------- +## Usage Example + To disable the epel repository through a Role or Environment definition ``` @@ -113,22 +133,19 @@ default_attributes( ) ``` -Uncommonly used repositoryids are not managed by default. This is -speeds up integration testing pipelines by avoiding yum-cache builds -that nobody cares about. To enable the epel-testing repository with a -wrapper cookbook, place the following in a recipe: +Uncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the epel-testing repository with a wrapper cookbook, place the following in a recipe: -``` +```ruby node.default['yum']['epel-testing']['enabled'] = true node.default['yum']['epel-testing']['managed'] = true include_recipe 'yum-epel' ``` -More Examples -------------- +## More Examples + Point the epel repositories at an internally hosted server. -``` +```ruby node.default['yum']['epel']['enabled'] = true node.default['yum']['epel']['mirrorlist'] = nil node.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64' @@ -137,13 +154,13 @@ node.default['yum']['epel']['sslverify'] = false include_recipe 'yum-epel' ``` -License & Authors ------------------ -- Author:: Sean OMeara () +## License & Authors -```text -Copyright:: 2011-2013 Opscode, Inc. +**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +**Copyright:** 2011-2016, Chef Software, Inc. + +``` Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/cookbooks/yum-epel/attributes/default.rb b/cookbooks/yum-epel/attributes/default.rb new file mode 100644 index 0000000..960a280 --- /dev/null +++ b/cookbooks/yum-epel/attributes/default.rb @@ -0,0 +1,8 @@ +default['yum-epel']['repos'] = %w( + epel + epel-debuginfo + epel-source + epel-testing + epel-testing-debuginfo + epel-testing-source +) diff --git a/cookbooks/yum-epel/attributes/epel-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-debuginfo.rb index 0e72757..f95a9e4 100644 --- a/cookbooks/yum-epel/attributes/epel-debuginfo.rb +++ b/cookbooks/yum-epel/attributes/epel-debuginfo.rb @@ -1,28 +1,20 @@ default['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo' +default['yum']['epel-debuginfo']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Debug" -case node['platform'] -when 'amazon' - default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -else - case node['platform_version'].to_i - when 5 - default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 5 - $basearch - Debug' - default['yum']['epel-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - when 6 - default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug' - default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - when 7 - default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 7 - $basearch - Debug' - default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' +if platform?('amazon') + if node['platform_version'].to_i > 2010 + default['yum']['epel-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-6&arch=$basearch' + default['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + else + default['yum']['epel-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=$basearch' + default['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end +else + default['yum']['epel-debuginfo']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-debuginfo']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end - default['yum']['epel-debuginfo']['failovermethod'] = 'priority' default['yum']['epel-debuginfo']['gpgcheck'] = true default['yum']['epel-debuginfo']['enabled'] = false default['yum']['epel-debuginfo']['managed'] = false +default['yum']['epel-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-source.rb b/cookbooks/yum-epel/attributes/epel-source.rb index 1433eed..51975ba 100644 --- a/cookbooks/yum-epel/attributes/epel-source.rb +++ b/cookbooks/yum-epel/attributes/epel-source.rb @@ -1,28 +1,20 @@ default['yum']['epel-source']['repositoryid'] = 'epel-source' +default['yum']['epel-source']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Source" -case node['platform'] -when 'amazon' - default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -else - case node['platform_version'].to_i - when 5 - default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 5 - $basearch - Source' - default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - when 6 - default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source' +if platform?('amazon') + if node['platform_version'].to_i > 2010 default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - when 7 - default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 7 - $basearch - Source' + default['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + else default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-7&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + default['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end +else + default['yum']['epel-source']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-source']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end - default['yum']['epel-source']['failovermethod'] = 'priority' default['yum']['epel-source']['gpgcheck'] = true default['yum']['epel-source']['enabled'] = false default['yum']['epel-source']['managed'] = false +default['yum']['epel-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb index 14353dc..da874d3 100644 --- a/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb +++ b/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb @@ -1,24 +1,20 @@ default['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo' +default['yum']['epel-testing-debuginfo']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing Debug" -case node['platform'] -when 'amazon' - default['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -else - case node['platform_version'].to_i - when 5 - default['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 5 - Testing - $basearch Debug' - default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch' - default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - when 6 - default['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug' - default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch' - default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +if platform?('amazon') + if node['platform_version'].to_i > 2010 + default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel6&arch=$basearch' + default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + else + default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel7&arch=$basearch' + default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end +else + default['yum']['epel-testing-debuginfo']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-testing-debuginfo']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end - default['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority' default['yum']['epel-testing-debuginfo']['gpgcheck'] = true default['yum']['epel-testing-debuginfo']['enabled'] = false default['yum']['epel-testing-debuginfo']['managed'] = false +default['yum']['epel-testing-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-testing-source.rb b/cookbooks/yum-epel/attributes/epel-testing-source.rb index 7f82192..07bc64d 100644 --- a/cookbooks/yum-epel/attributes/epel-testing-source.rb +++ b/cookbooks/yum-epel/attributes/epel-testing-source.rb @@ -1,24 +1,20 @@ default['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source' +default['yum']['epel-testing-source']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing Source" -case node['platform'] -when 'amazon' - default['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel-testing-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel-testing-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -else - case node['platform_version'].to_i - when 5 - default['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 5 - Testing - $basearch Source' - default['yum']['epel-testing-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch' - default['yum']['epel-testing-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - when 6 - default['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source' - default['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch' - default['yum']['epel-testing-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +if platform?('amazon') + if node['platform_version'].to_i > 2010 + default['yum']['epel-testing-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel6&arch=$basearch' + default['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + else + default['yum']['epel-testing-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel7&arch=$basearch' + default['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end +else + default['yum']['epel-testing-source']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-testing-source']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end - default['yum']['epel-testing-source']['failovermethod'] = 'priority' default['yum']['epel-testing-source']['gpgcheck'] = true default['yum']['epel-testing-source']['enabled'] = false default['yum']['epel-testing-source']['managed'] = false +default['yum']['epel-testing-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-testing.rb b/cookbooks/yum-epel/attributes/epel-testing.rb index d54a0f1..3fe52b8 100644 --- a/cookbooks/yum-epel/attributes/epel-testing.rb +++ b/cookbooks/yum-epel/attributes/epel-testing.rb @@ -1,24 +1,20 @@ default['yum']['epel-testing']['repositoryid'] = 'epel-testing' +default['yum']['epel-testing']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing " -case node['platform'] -when 'amazon' - default['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel-testing']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel-testing']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -else - case node['platform_version'].to_i - when 5 - default['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 5 - Testing - $basearch' - default['yum']['epel-testing']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch' - default['yum']['epel-testing']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - when 6 - default['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch' - default['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch' - default['yum']['epel-testing']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +if platform?('amazon') + if node['platform_version'].to_i > 2010 + default['yum']['epel-testing']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel6&arch=$basearch' + default['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + else + default['yum']['epel-testing']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=$basearch' + default['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end +else + default['yum']['epel-testing']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-testing']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end - default['yum']['epel-testing']['failovermethod'] = 'priority' default['yum']['epel-testing']['gpgcheck'] = true default['yum']['epel-testing']['enabled'] = false default['yum']['epel-testing']['managed'] = false +default['yum']['epel-testing']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel.rb b/cookbooks/yum-epel/attributes/epel.rb index 07dceb6..5e99bca 100644 --- a/cookbooks/yum-epel/attributes/epel.rb +++ b/cookbooks/yum-epel/attributes/epel.rb @@ -1,28 +1,28 @@ default['yum']['epel']['repositoryid'] = 'epel' - -case node['platform'] -when 'amazon' - default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' +default['yum']['epel']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch" +default['yum']['epel']['gpgcheck'] = true +case node['kernel']['machine'] +when 'armv7l', 'armv7hl' + default['yum']['epel']['baseurl'] = 'https://armv7.dev.centos.org/repodir/epel-pass-1/' + default['yum']['epel']['gpgcheck'] = false +when 's390x' + default['yum']['epel']['baseurl'] = 'https://kojipkgs.fedoraproject.org/rhel/rc/7/Server/s390x/os/' + default['yum']['epel']['gpgkey'] = 'https://kojipkgs.fedoraproject.org/rhel/rc/7/Server/s390x/os/RPM-GPG-KEY-redhat-release' else - case node['platform_version'].to_i - when 5 - default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 5 - $basearch' - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - when 6 - default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - when 7 - default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 7 - $basearch' - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + if platform?('amazon') + if node['platform_version'].to_i > 2010 + default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' + default['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + else + default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=$basearch' + default['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + end + else + default['yum']['epel']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end end - default['yum']['epel']['failovermethod'] = 'priority' -default['yum']['epel']['gpgcheck'] = true default['yum']['epel']['enabled'] = true default['yum']['epel']['managed'] = true +default['yum']['epel']['make_cache'] = true diff --git a/cookbooks/yum-epel/metadata.json b/cookbooks/yum-epel/metadata.json index f50f5c0..399f0fd 100644 --- a/cookbooks/yum-epel/metadata.json +++ b/cookbooks/yum-epel/metadata.json @@ -1,30 +1 @@ -{ - "name": "yum-epel", - "version": "0.3.6", - "description": "Installs/Configures yum-epel", - "long_description": "yum-epel Cookbook\n============\n\nThe yum-epel cookbook takes over management of the default\nrepositoryids shipped with epel-release. It allows attribute\nmanipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`,\n`epel-testing-debuginfo`, and `epel-testing-source`.\n\nRequirements\n------------\n* Chef 11 or higher\n* yum cookbook version 3.0.0 or higher\n\nAttributes\n----------\nThe following attributes are set by default\n\n``` ruby\ndefault['yum']['epel']['repositoryid'] = 'epel'\ndefault['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch'\ndefault['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\ndefault['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel']['failovermethod'] = 'priority'\ndefault['yum']['epel']['gpgcheck'] = true\ndefault['yum']['epel']['enabled'] = true\ndefault['yum']['epel']['managed'] = true\n```\n\n``` ruby\ndefault['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo'\ndefault['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug'\ndefault['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch'\ndefault['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-debuginfo']['enabled'] = false\ndefault['yum']['epel-debuginfo']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-source']['repositoryid'] = 'epel-source'\ndefault['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source'\ndefault['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch'\ndefault['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-source']['gpgcheck'] = true\ndefault['yum']['epel-source']['enabled'] = false\ndefault['yum']['epel-source']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-testing']['repositoryid'] = 'epel-testing'\ndefault['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch'\ndefault['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch'\ndefault['yum']['epel-testing']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r'\ndefault['yum']['epel-testing']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing']['gpgcheck'] = true\ndefault['yum']['epel-testing']['enabled'] = false\ndefault['yum']['epel-testing']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo'\ndefault['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug'\ndefault['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch'\ndefault['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-testing-debuginfo']['enabled'] = false\ndefault['yum']['epel-testing-debuginfo']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source'\ndefault['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source'\ndefault['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch'\ndefault['yum']['epel-testing-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-source']['gpgcheck'] = true\ndefault['yum']['epel-testing-source']['enabled'] = false\ndefault['yum']['epel-testing-source']['managed'] = false\n```\n\nRecipes\n-------\n* default - Walks through node attributes and feeds a yum_resource\n parameters. The following is an example a resource generated by the\n recipe during compilation.\n\n```ruby\n yum_repository 'epel' do\n mirrorlist 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\n description 'Extra Packages for Enterprise Linux 5 - $basearch'\n enabled true\n gpgcheck true\n gpgkey 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL'\n end\n```\n\nUsage Example\n-------------\nTo disable the epel repository through a Role or Environment definition\n\n```\ndefault_attributes(\n :yum => {\n :epel => {\n :enabled => {\n false\n }\n }\n }\n )\n```\n\nUncommonly used repositoryids are not managed by default. This is\nspeeds up integration testing pipelines by avoiding yum-cache builds\nthat nobody cares about. To enable the epel-testing repository with a\nwrapper cookbook, place the following in a recipe:\n\n```\nnode.default['yum']['epel-testing']['enabled'] = true\nnode.default['yum']['epel-testing']['managed'] = true\ninclude_recipe 'yum-epel'\n```\n\nMore Examples\n-------------\nPoint the epel repositories at an internally hosted server.\n\n```\nnode.default['yum']['epel']['enabled'] = true\nnode.default['yum']['epel']['mirrorlist'] = nil\nnode.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64'\nnode.default['yum']['epel']['sslverify'] = false\n\ninclude_recipe 'yum-epel'\n```\n\nLicense & Authors\n-----------------\n- Author:: Sean OMeara ()\n\n```text\nCopyright:: 2011-2013 Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", - "maintainer": "Chef", - "maintainer_email": "Sean OMeara ", - "license": "Apache 2.0", - "platforms": { - }, - "dependencies": { - "yum": "~> 3.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"yum-epel","version":"3.3.0","description":"Installs and configures the EPEL Yum repository","long_description":"# yum-epel Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/yum-epel.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-epel) [![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel)\n\nExtra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).\n\nThe yum-epel cookbook takes over management of the default repositoryids shipped with epel-release. It allows attribute manipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`, `epel-testing-debuginfo`, and `epel-testing-source`.\n\n## Requirements\n\n### Platforms\n\n- RHEL/CentOS and derivatives\n\n### Chef\n\n- Chef 12.14+\n\n### Cookbooks\n\n- none\n\n## Attributes\n\nThe following attributes are set by default\n\n```ruby\ndefault['yum-epel']['repos'] = %w(\n epel\n epel-debuginfo\n epel-source\n epel-testing\n epel-testing-debuginfo\n epel-testing-source\n)\n```\n\n```ruby\ndefault['yum']['epel']['repositoryid'] = 'epel'\ndefault['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch'\ndefault['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\ndefault['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel']['failovermethod'] = 'priority'\ndefault['yum']['epel']['gpgcheck'] = true\ndefault['yum']['epel']['enabled'] = true\ndefault['yum']['epel']['managed'] = true\n```\n\n```ruby\ndefault['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo'\ndefault['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug'\ndefault['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch'\ndefault['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-debuginfo']['enabled'] = false\ndefault['yum']['epel-debuginfo']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-source']['repositoryid'] = 'epel-source'\ndefault['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source'\ndefault['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch'\ndefault['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-source']['gpgcheck'] = true\ndefault['yum']['epel-source']['enabled'] = false\ndefault['yum']['epel-source']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-testing']['repositoryid'] = 'epel-testing'\ndefault['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch'\ndefault['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch'\ndefault['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r'\ndefault['yum']['epel-testing']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing']['gpgcheck'] = true\ndefault['yum']['epel-testing']['enabled'] = false\ndefault['yum']['epel-testing']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo'\ndefault['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug'\ndefault['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch'\ndefault['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-testing-debuginfo']['enabled'] = false\ndefault['yum']['epel-testing-debuginfo']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source'\ndefault['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source'\ndefault['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch'\ndefault['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-source']['gpgcheck'] = true\ndefault['yum']['epel-testing-source']['enabled'] = false\ndefault['yum']['epel-testing-source']['managed'] = false\n```\n\n## Recipes\n\n- default - Walks through node attributes and feeds a yum_resource\n- parameters. The following is an example a resource generated by the\n- recipe during compilation.\n\n```ruby\n yum_repository 'epel' do\n mirrorlist 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\n description 'Extra Packages for Enterprise Linux 5 - $basearch'\n enabled true\n gpgcheck true\n gpgkey 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL'\n end\n```\n\n## Usage Example\n\nTo disable the epel repository through a Role or Environment definition\n\n```\ndefault_attributes(\n :yum => {\n :epel => {\n :enabled => {\n false\n }\n }\n }\n )\n```\n\nUncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the epel-testing repository with a wrapper cookbook, place the following in a recipe:\n\n```ruby\nnode.default['yum']['epel-testing']['enabled'] = true\nnode.default['yum']['epel-testing']['managed'] = true\ninclude_recipe 'yum-epel'\n```\n\n## More Examples\n\nPoint the epel repositories at an internally hosted server.\n\n```ruby\nnode.default['yum']['epel']['enabled'] = true\nnode.default['yum']['epel']['mirrorlist'] = nil\nnode.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64'\nnode.default['yum']['epel']['sslverify'] = false\n\ninclude_recipe 'yum-epel'\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2011-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum-epel","issues_url":"https://github.com/chef-cookbooks/yum-epel/issues","chef_version":[[">= 12.14"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/yum-epel/metadata.rb b/cookbooks/yum-epel/metadata.rb deleted file mode 100644 index 3b9958b..0000000 --- a/cookbooks/yum-epel/metadata.rb +++ /dev/null @@ -1,9 +0,0 @@ -name 'yum-epel' -maintainer 'Chef' -maintainer_email 'Sean OMeara ' -license 'Apache 2.0' -description 'Installs/Configures yum-epel' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '0.3.6' - -depends 'yum', '~> 3.0' diff --git a/cookbooks/yum-epel/recipes/default.rb b/cookbooks/yum-epel/recipes/default.rb index b8811ba..4ac475c 100644 --- a/cookbooks/yum-epel/recipes/default.rb +++ b/cookbooks/yum-epel/recipes/default.rb @@ -1,8 +1,9 @@ # -# Author:: Sean OMeara () -# Recipe:: yum-epel::default +# Author:: Sean OMeara () +# Cookbook:: yum-epel +# Recipe:: default # -# Copyright 2013, Chef +# Copyright:: 2013-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,41 +17,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -%w{ - epel epel-debuginfo epel-source - epel-testing epel-testing-debuginfo epel-testing-source - }.each do |repo| - - if node['yum'][repo]['managed'] - yum_repository repo do - description node['yum'][repo]['description'] - baseurl node['yum'][repo]['baseurl'] - mirrorlist node['yum'][repo]['mirrorlist'] - gpgcheck node['yum'][repo]['gpgcheck'] - gpgkey node['yum'][repo]['gpgkey'] - enabled node['yum'][repo]['enabled'] - cost node['yum'][repo]['cost'] - exclude node['yum'][repo]['exclude'] - enablegroups node['yum'][repo]['enablegroups'] - failovermethod node['yum'][repo]['failovermethod'] - http_caching node['yum'][repo]['http_caching'] - include_config node['yum'][repo]['include_config'] - includepkgs node['yum'][repo]['includepkgs'] - keepalive node['yum'][repo]['keepalive'] - max_retries node['yum'][repo]['max_retries'] - metadata_expire node['yum'][repo]['metadata_expire'] - mirror_expire node['yum'][repo]['mirror_expire'] - priority node['yum'][repo]['priority'] - proxy node['yum'][repo]['proxy'] - proxy_username node['yum'][repo]['proxy_username'] - proxy_password node['yum'][repo]['proxy_password'] - repositoryid node['yum'][repo]['repositoryid'] - sslcacert node['yum'][repo]['sslcacert'] - sslclientcert node['yum'][repo]['sslclientcert'] - sslclientkey node['yum'][repo]['sslclientkey'] - sslverify node['yum'][repo]['sslverify'] - timeout node['yum'][repo]['timeout'] - action :create +node['yum-epel']['repos'].each do |repo| + next unless node['yum'][repo]['managed'] + yum_repository repo do + node['yum'][repo].each do |config, value| + send(config.to_sym, value) unless value.nil? || config == 'managed' end end end diff --git a/cookbooks/yum-mysql-community/CHANGELOG.md b/cookbooks/yum-mysql-community/CHANGELOG.md deleted file mode 100644 index bfaf1db..0000000 --- a/cookbooks/yum-mysql-community/CHANGELOG.md +++ /dev/null @@ -1,118 +0,0 @@ -# yum-mysql-community Cookbook CHANGELOG - -This file is used to list changes made in each version of the yum-mysql-community cookbook. - -## 2.1.0 (2017-03-26) - -- Fix URLs for amazon so that 2017 resolves to '6' rather than 'latest' - -## 2.0.3 (2016-12-22) - -- Depend on the latest compat_resource cookbook -- Cookstyle fixes - -## 2.0.2 (2016-11-26) -- Remove yum-epel from the readme -- Switch to inspec for testing -- Fix mysql55 in travis - -## 2.0.1 (2016-11-07) -- yum_repository mirrorlist value updated in Readme - -## 2.0.0 (2016-11-05) -- Replace yum dependency with compat_resource -- Replace 'epel' with 'mysql-community' in the readme - -## 1.0.0 (2016-09-06) -- Testing updates -- Remove support for Chef 11 - -## v0.3.0 (2016-07-22) - -- Support Oracle Linux -- Correctly state the required yum cookbook version in the readme -- Add chef_version metadata to metadata.rb - -## v0.2.0 (2016-03-29) - -- Add support for the 2016 Amazon Linux releases -- Update test dependency gems and remove Guard -- Test in Travis CI using kitchen-dokken - -## v0.1.21 (2015-12-01) - -- Fixing if/unless logic in recipes - -## v0.1.20 (2015-11-30) - -- Fixed attributes with a false value not being passed - -## v0.1.19 (2015-10-28) - -- Fixing Chef 13 nil property deprecation warnings - -## v0.1.18 (2015-09-21) - -- Added Travis CI config for lint and unit testing -- Added Chef standard Rubocop file and resolved all warnings -- Added Chef standard chefignore and .gitignore files -- Add supported platforms to the metadata -- Added source_url and issues_url to the metadata -- Added long_description to the metadata -- Updated and expanded development dependencies in the Gemfile -- Added contributing, testing, and maintainers docs -- Added platform requirements to the readme -- Added Travis and cookbook version badges to the readme -- Update Chefspec to 4.X format - -## v0.1.17 (2015-04-06) - -- Updating pubkey link from someara to chef-client github orgs - -## v0.1.16 (2015-03-25) - -- Adding support Amazon Linux 2015.03 to all channels - -## v0.1.15 (2015-03-25) - -- Added support for amazon linux 2015.03 - -## v0.1.14 (2015-03-12) - -- The content of 0.1.13 is questionable: didn't have changelog entry, may have had merged attribute change, but let's be clear and say at least this version 0.1.14 is the right thing. - -## v0.1.13 (2015-03-12) - -- 3 corrected typo in public key attribute - -## v0.1.12 (2015-01-20) - -- Minor style updates - -## v0.1.11 (2014-07-21) - -- Adding RHEL-7 support - -## v0.1.10 (2014-07-21) - -- Adding mysql-5.7 and centos 7 support - -## v0.1.8 (2014-06-18) - -- Updating to support real RHEL - -## v0.1.6 (2014-06-16) - -Fixing typo in mysql55-community attributes - -## v0.1.4 (2014-06-13) - -- updating url to keys in cookbook attributes - -## v0.1.2 (2014-06-11) - -- Move files/mysql_pubkey.asc to files/default/mysql_pubkey.asc - -## v0.1.0 (2014-04-30) - -Initial release diff --git a/cookbooks/yum-mysql-community/CONTRIBUTING.md b/cookbooks/yum-mysql-community/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/yum-mysql-community/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/yum-mysql-community/MAINTAINERS.md b/cookbooks/yum-mysql-community/MAINTAINERS.md deleted file mode 100644 index ca46dbc..0000000 --- a/cookbooks/yum-mysql-community/MAINTAINERS.md +++ /dev/null @@ -1,16 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Sean OMeara](https://github.com/someara) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Sean OMeara](https://github.com/someara) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/yum-mysql-community/README.md b/cookbooks/yum-mysql-community/README.md deleted file mode 100644 index 7bb8f85..0000000 --- a/cookbooks/yum-mysql-community/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# yum-mysql-community Cookbook - -[![Build Status](https://travis-ci.org/chef-cookbooks/yum-mysql-community.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-mysql-community) [![Cookbook Version](https://img.shields.io/cookbook/v/yum-mysql-community.svg)](https://supermarket.chef.io/cookbooks/yum-mysql-community) - -The yum-mysql-community cookbook takes over management of the default repository ids shipped with mysql*-community-release. It allows attribute manipulation of `mysql-connectors-community`, `mysql56-community`, and `mysql57-community-dmr`. - -## Requirements - -### Platforms - -- RHEL/CentOS and derivatives -- Fedora - -### Chef - -- Chef 12.1+ - -### Cookbooks - -- compat_resource - -## Attributes - -The following attributes are set by default - -```ruby -default['yum']['mysql-connectors-community']['repositoryid'] = 'mysql-connectors-community' -default['yum']['mysql-connectors-community']['description'] = 'MySQL Connectors Community' -default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/$releasever/$basearch/' -default['yum']['mysql-connectors-community']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc' -default['yum']['mysql-connectors-community']['failovermethod'] = 'priority' -default['yum']['mysql-connectors-community']['gpgcheck'] = true -default['yum']['mysql-connectors-community']['enabled'] = true -``` - -```ruby -default['yum']['mysql56-community']['repositoryid'] = 'mysql56-community' -default['yum']['mysql56-community']['description'] = 'MySQL 5.6 Community Server' -default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/' -default['yum']['mysql56-community']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc' -default['yum']['mysql56-community']['failovermethod'] = 'priority' -default['yum']['mysql56-community']['gpgcheck'] = true -default['yum']['mysql56-community']['enabled'] = true -``` - -```ruby -default['yum']['mysql57-community-dmr']['repositoryid'] = 'mysql57-community-dmr' -default['yum']['mysql57-community-dmr']['description'] = 'MySQL 5.7 Community Server Development Milestone Release' -default['yum']['mysql57-community-dmr']['baseurl'] = 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/' -default['yum']['mysql57-community-dmr']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc' -default['yum']['mysql57-community-dmr']['failovermethod'] = 'priority' -default['yum']['mysql57-community-dmr']['gpgcheck'] = true -default['yum']['mysql57-community-dmr']['enabled'] = true -``` - -## Recipes - -- mysql55 - Sets up the mysql56-community repository on supported -- platforms - -```ruby - yum_repository 'mysql55-community' do - mirrorlist 'https://repo.mysql.com/yum/mysql-5.5-community/el/$releasever/$basearch/' - description '' - enabled true - gpgcheck true - end -``` - -- mysql56 - Sets up the mysql56-community repository on supported -- platforms - -```ruby - yum_repository 'mysql56-community' do - mirrorlist 'https://repo.mysql.com/yum/mysql-5.6-community/el/$releasever/$basearch/' - description '' - enabled true - gpgcheck true - end -``` - -- connectors - Sets up the mysql-connectors-community repository on supported -- platforms - -## Usage Example - -To disable the mysql-community-dmr repository through a Role or Environment definition - -```ruby -default_attributes( - :yum => { - :mysql57-community-dmr => { - :enabled => { - false - } - } - } - ) -``` - -Uncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the mysql-community-dmr repository with a wrapper cookbook, place the following in a recipe: - -```ruby -node.default['yum']['mysql57-community-dmr']['enabled'] = true -node.default['yum']['mysql57-community-dmr']['managed'] = true -include_recipe 'mysql57-community-dmr' -``` - -## More Examples - -Point the mysql56-community repositories at an internally hosted server. - -``` -node.default['yum']['mysql56-community']['enabled'] = true -node.default['yum']['mysql56-community']['mirrorlist'] = nil -node.default['yum']['mysql56-community']['baseurl'] = 'https://internal.example.com/mysql/mysql56-community/' -node.default['yum']['mysql56-community']['sslverify'] = false - -include_recipe 'mysql56-community' -``` - -## License & Authors - -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) - -**Copyright:** 2011-2016, Chef Software, Inc. - -``` -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` diff --git a/cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb b/cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb deleted file mode 100644 index e76198e..0000000 --- a/cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb +++ /dev/null @@ -1,28 +0,0 @@ -default['yum']['mysql-connectors-community']['repositoryid'] = 'mysql-connectors-community' -default['yum']['mysql-connectors-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' -default['yum']['mysql-connectors-community']['description'] = 'MySQL Connectors Community' -default['yum']['mysql-connectors-community']['failovermethod'] = 'priority' -default['yum']['mysql-connectors-community']['gpgcheck'] = true -default['yum']['mysql-connectors-community']['enabled'] = true - -case node['platform_family'] -when 'rhel' - case node['platform'] - when 'amazon' - default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/6/$basearch/' - when 'redhat', 'oracle' # ~FC024 - case node['platform_version'].to_i - when 5 - # Real Redhat identifies $releasever as 5Server and 6Server - default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/5/$basearch/' - when 6 - default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/6/$basearch/' - when 7 - default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/7/$basearch/' - end - else # other rhel - default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/$releasever/$basearch/' - end -when 'fedora' - default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/fc/$releasever/$basearch/' -end diff --git a/cookbooks/yum-mysql-community/attributes/mysql55-community.rb b/cookbooks/yum-mysql-community/attributes/mysql55-community.rb deleted file mode 100644 index 41dbb27..0000000 --- a/cookbooks/yum-mysql-community/attributes/mysql55-community.rb +++ /dev/null @@ -1,26 +0,0 @@ -default['yum']['mysql55-community']['repositoryid'] = 'mysql55-community' -default['yum']['mysql55-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' -default['yum']['mysql55-community']['description'] = 'MySQL 5.5 Community Server' -default['yum']['mysql55-community']['failovermethod'] = 'priority' -default['yum']['mysql55-community']['gpgcheck'] = true -default['yum']['mysql55-community']['enabled'] = true - -case node['platform_family'] -when 'rhel' - case node['platform'] - when 'amazon' - default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/' - when 'redhat', 'oracle' # ~FC024 - case node['platform_version'].to_i - when 5 - # Real Redhat identifies $releasever as 5Server and 6Server - default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/5/$basearch/' - when 6 - default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/' - when 7 - default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/7/$basearch/' - end - else # other rhel. only 6 and 7 for now - default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/$releasever/$basearch/' - end -end diff --git a/cookbooks/yum-mysql-community/attributes/mysql56-community.rb b/cookbooks/yum-mysql-community/attributes/mysql56-community.rb deleted file mode 100644 index 771151d..0000000 --- a/cookbooks/yum-mysql-community/attributes/mysql56-community.rb +++ /dev/null @@ -1,28 +0,0 @@ -default['yum']['mysql56-community']['repositoryid'] = 'mysql56-community' -default['yum']['mysql56-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' -default['yum']['mysql56-community']['description'] = 'MySQL 5.6 Community Server' -default['yum']['mysql56-community']['failovermethod'] = 'priority' -default['yum']['mysql56-community']['gpgcheck'] = true -default['yum']['mysql56-community']['enabled'] = true - -case node['platform_family'] -when 'rhel' - case node['platform'] - when 'amazon' - default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/' - when 'redhat', 'oracle' # ~FC024 - case node['platform_version'].to_i - when 5 - # Real Redhat identifies $releasever as 5Server and 6Server - default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/5/$basearch/' - when 6 - default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/' - when 7 - default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/7/$basearch/' - end - else # other rhel - default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/$releasever/$basearch/' - end -when 'fedora' - default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/fc/$releasever/$basearch/' -end diff --git a/cookbooks/yum-mysql-community/attributes/mysql57-community.rb b/cookbooks/yum-mysql-community/attributes/mysql57-community.rb deleted file mode 100644 index 997bcb0..0000000 --- a/cookbooks/yum-mysql-community/attributes/mysql57-community.rb +++ /dev/null @@ -1,28 +0,0 @@ -default['yum']['mysql57-community']['repositoryid'] = 'mysql57-community' -default['yum']['mysql57-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' -default['yum']['mysql57-community']['description'] = 'MySQL 5.7 Community Server' -default['yum']['mysql57-community']['failovermethod'] = 'priority' -default['yum']['mysql57-community']['gpgcheck'] = true -default['yum']['mysql57-community']['enabled'] = true - -case node['platform_family'] -when 'rhel' - case node['platform'] - when 'amazon' - default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/' - when 'redhat', 'oracle' # ~FC024 - case node['platform_version'].to_i - when 5 - # Real Redhat identifies $releasever as 5Server and 6Server - default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/5/$basearch/' - when 6 - default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/' - when 7 - default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/' - end - else # other rhel - default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/$releasever/$basearch/' - end -when 'fedora' - default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/fc/$releasever/$basearch/' -end diff --git a/cookbooks/yum-mysql-community/files/default/mysql_pubkey.asc b/cookbooks/yum-mysql-community/files/default/mysql_pubkey.asc deleted file mode 100644 index 8009b88..0000000 --- a/cookbooks/yum-mysql-community/files/default/mysql_pubkey.asc +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.5 (GNU/Linux) - -mQGiBD4+owwRBAC14GIfUfCyEDSIePvEW3SAFUdJBtoQHH/nJKZyQT7h9bPlUWC3 -RODjQReyCITRrdwyrKUGku2FmeVGwn2u2WmDMNABLnpprWPkBdCk96+OmSLN9brZ -fw2vOUgCmYv2hW0hyDHuvYlQA/BThQoADgj8AW6/0Lo7V1W9/8VuHP0gQwCgvzV3 -BqOxRznNCRCRxAuAuVztHRcEAJooQK1+iSiunZMYD1WufeXfshc57S/+yeJkegNW -hxwR9pRWVArNYJdDRT+rf2RUe3vpquKNQU/hnEIUHJRQqYHo8gTxvxXNQc7fJYLV -K2HtkrPbP72vwsEKMYhhr0eKCbtLGfls9krjJ6sBgACyP/Vb7hiPwxh6rDZ7ITnE -kYpXBACmWpP8NJTkamEnPCia2ZoOHODANwpUkP43I7jsDmgtobZX9qnrAXw+uNDI -QJEXM6FSbi0LLtZciNlYsafwAPEOMDKpMqAK6IyisNtPvaLd8lH0bPAnWqcyefep -rv0sxxqUEMcM3o7wwgfN83POkDasDbs3pjwPhxvhz6//62zQJ7Q7TXlTUUwgUGFj -a2FnZSBzaWduaW5nIGtleSAod3d3Lm15c3FsLmNvbSkgPGJ1aWxkQG15c3FsLmNv -bT6IXQQTEQIAHQULBwoDBAMVAwIDFgIBAheABQJLcC5lBQkQ8/JZAAoJEIxxjTtQ -cuH1oD4AoIcOQ4EoGsZvy06D0Ei5vcsWEy8dAJ4g46i3WEcdSWxMhcBSsPz65sh5 -lohMBBMRAgAMBQI+PqPRBYMJZgC7AAoJEElQ4SqycpHyJOEAn1mxHijft00bKXvu -cSo/pECUmppiAJ41M9MRVj5VcdH/KN/KjRtW6tHFPYhMBBMRAgAMBQI+QoIDBYMJ -YiKJAAoJELb1zU3GuiQ/lpEAoIhpp6BozKI8p6eaabzF5MlJH58pAKCu/ROofK8J -Eg2aLos+5zEYrB/LsrkCDQQ+PqMdEAgA7+GJfxbMdY4wslPnjH9rF4N2qfWsEN/l -xaZoJYc3a6M02WCnHl6ahT2/tBK2w1QI4YFteR47gCvtgb6O1JHffOo2HfLmRDRi -Rjd1DTCHqeyX7CHhcghj/dNRlW2Z0l5QFEcmV9U0Vhp3aFfWC4Ujfs3LU+hkAWzE -7zaD5cH9J7yv/6xuZVw411x0h4UqsTcWMu0iM1BzELqX1DY7LwoPEb/O9Rkbf4fm -Le11EzIaCa4PqARXQZc4dhSinMt6K3X4BrRsKTfozBu74F47D8Ilbf5vSYHbuE5p -/1oIDznkg/p8kW+3FxuWrycciqFTcNz215yyX39LXFnlLzKUb/F5GwADBQf+Lwqq -a8CGrRfsOAJxim63CHfty5mUc5rUSnTslGYEIOCR1BeQauyPZbPDsDD9MZ1ZaSaf -anFvwFG6Llx9xkU7tzq+vKLoWkm4u5xf3vn55VjnSd1aQ9eQnUcXiL4cnBGoTbOW -I39EcyzgslzBdC++MPjcQTcA7p6JUVsP6oAB3FQWg54tuUo0Ec8bsM8b3Ev42Lmu -QT5NdKHGwHsXTPtl0klk4bQk4OajHsiy1BMahpT27jWjJlMiJc+IWJ0mghkKHt92 -6s/ymfdf5HkdQ1cyvsz5tryVI3Fx78XeSYfQvuuwqp2H139pXGEkg0n6KdUOetdZ -Whe70YGNPw1yjWJT1IhMBBgRAgAMBQI+PqMdBQkJZgGAAAoJEIxxjTtQcuH17p4A -n3r1QpVC9yhnW2cSAjq+kr72GX0eAJ4295kl6NxYEuFApmr1+0uUq/SlsQ== -=Mski ------END PGP PUBLIC KEY BLOCK----- diff --git a/cookbooks/yum-mysql-community/metadata.json b/cookbooks/yum-mysql-community/metadata.json deleted file mode 100644 index 61614f7..0000000 --- a/cookbooks/yum-mysql-community/metadata.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"yum-mysql-community","version":"2.1.0","description":"Installs/Configures yum-mysql-community","long_description":"# yum-mysql-community Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/yum-mysql-community.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-mysql-community) [![Cookbook Version](https://img.shields.io/cookbook/v/yum-mysql-community.svg)](https://supermarket.chef.io/cookbooks/yum-mysql-community)\n\nThe yum-mysql-community cookbook takes over management of the default repository ids shipped with mysql*-community-release. It allows attribute manipulation of `mysql-connectors-community`, `mysql56-community`, and `mysql57-community-dmr`.\n\n## Requirements\n\n### Platforms\n\n- RHEL/CentOS and derivatives\n- Fedora\n\n### Chef\n\n- Chef 12.1+\n\n### Cookbooks\n\n- compat_resource\n\n## Attributes\n\nThe following attributes are set by default\n\n```ruby\ndefault['yum']['mysql-connectors-community']['repositoryid'] = 'mysql-connectors-community'\ndefault['yum']['mysql-connectors-community']['description'] = 'MySQL Connectors Community'\ndefault['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/$releasever/$basearch/'\ndefault['yum']['mysql-connectors-community']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc'\ndefault['yum']['mysql-connectors-community']['failovermethod'] = 'priority'\ndefault['yum']['mysql-connectors-community']['gpgcheck'] = true\ndefault['yum']['mysql-connectors-community']['enabled'] = true\n```\n\n```ruby\ndefault['yum']['mysql56-community']['repositoryid'] = 'mysql56-community'\ndefault['yum']['mysql56-community']['description'] = 'MySQL 5.6 Community Server'\ndefault['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/'\ndefault['yum']['mysql56-community']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc'\ndefault['yum']['mysql56-community']['failovermethod'] = 'priority'\ndefault['yum']['mysql56-community']['gpgcheck'] = true\ndefault['yum']['mysql56-community']['enabled'] = true\n```\n\n```ruby\ndefault['yum']['mysql57-community-dmr']['repositoryid'] = 'mysql57-community-dmr'\ndefault['yum']['mysql57-community-dmr']['description'] = 'MySQL 5.7 Community Server Development Milestone Release'\ndefault['yum']['mysql57-community-dmr']['baseurl'] = 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/'\ndefault['yum']['mysql57-community-dmr']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc'\ndefault['yum']['mysql57-community-dmr']['failovermethod'] = 'priority'\ndefault['yum']['mysql57-community-dmr']['gpgcheck'] = true\ndefault['yum']['mysql57-community-dmr']['enabled'] = true\n```\n\n## Recipes\n\n- mysql55 - Sets up the mysql56-community repository on supported\n- platforms\n\n```ruby\n yum_repository 'mysql55-community' do\n mirrorlist 'https://repo.mysql.com/yum/mysql-5.5-community/el/$releasever/$basearch/'\n description ''\n enabled true\n gpgcheck true\n end\n```\n\n- mysql56 - Sets up the mysql56-community repository on supported\n- platforms\n\n```ruby\n yum_repository 'mysql56-community' do\n mirrorlist 'https://repo.mysql.com/yum/mysql-5.6-community/el/$releasever/$basearch/'\n description ''\n enabled true\n gpgcheck true\n end\n```\n\n- connectors - Sets up the mysql-connectors-community repository on supported\n- platforms\n\n## Usage Example\n\nTo disable the mysql-community-dmr repository through a Role or Environment definition\n\n```ruby\ndefault_attributes(\n :yum => {\n :mysql57-community-dmr => {\n :enabled => {\n false\n }\n }\n }\n )\n```\n\nUncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the mysql-community-dmr repository with a wrapper cookbook, place the following in a recipe:\n\n```ruby\nnode.default['yum']['mysql57-community-dmr']['enabled'] = true\nnode.default['yum']['mysql57-community-dmr']['managed'] = true\ninclude_recipe 'mysql57-community-dmr'\n```\n\n## More Examples\n\nPoint the mysql56-community repositories at an internally hosted server.\n\n```\nnode.default['yum']['mysql56-community']['enabled'] = true\nnode.default['yum']['mysql56-community']['mirrorlist'] = nil\nnode.default['yum']['mysql56-community']['baseurl'] = 'https://internal.example.com/mysql/mysql56-community/'\nnode.default['yum']['mysql56-community']['sslverify'] = false\n\ninclude_recipe 'mysql56-community'\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2011-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0"},"dependencies":{"compat_resource":">= 12.16.3"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum-mysql-community","issues_url":"https://github.com/chef-cookbooks/yum-mysql-community/issues","chef_version":">= 12.1","ohai_version":{}} \ No newline at end of file diff --git a/cookbooks/yum-mysql-community/recipes/connectors.rb b/cookbooks/yum-mysql-community/recipes/connectors.rb deleted file mode 100644 index 58ea5b2..0000000 --- a/cookbooks/yum-mysql-community/recipes/connectors.rb +++ /dev/null @@ -1,48 +0,0 @@ -# -# Author:: Sean OMeara () -# Recipe:: yum-mysql-community::connectors -# -# Copyright:: 2014-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -yum_repository 'mysql-connectors-community' do - description node['yum']['mysql-connectors-community']['description'] unless node['yum']['mysql-connectors-community']['description'].nil? - baseurl node['yum']['mysql-connectors-community']['baseurl'] unless node['yum']['mysql-connectors-community']['baseurl'].nil? - mirrorlist node['yum']['mysql-connectors-community']['mirrorlist'] unless node['yum']['mysql-connectors-community']['mirrorlist'].nil? - gpgcheck node['yum']['mysql-connectors-community']['gpgcheck'] unless node['yum']['mysql-connectors-community']['gpgcheck'].nil? - gpgkey node['yum']['mysql-connectors-community']['gpgkey'] unless node['yum']['mysql-connectors-community']['gpgkey'].nil? - enabled node['yum']['mysql-connectors-community']['enabled'] unless node['yum']['mysql-connectors-community']['enabled'].nil? - cost node['yum']['mysql-connectors-community']['cost'] unless node['yum']['mysql-connectors-community']['cost'].nil? - exclude node['yum']['mysql-connectors-community']['exclude'] unless node['yum']['mysql-connectors-community']['exclude'].nil? - enablegroups node['yum']['mysql-connectors-community']['enablegroups'] unless node['yum']['mysql-connectors-community']['enablegroups'].nil? - failovermethod node['yum']['mysql-connectors-community']['failovermethod'] unless node['yum']['mysql-connectors-community']['failovermethod'].nil? - http_caching node['yum']['mysql-connectors-community']['http_caching'] unless node['yum']['mysql-connectors-community']['http_caching'].nil? - include_config node['yum']['mysql-connectors-community']['include_config'] unless node['yum']['mysql-connectors-community']['include_config'].nil? - includepkgs node['yum']['mysql-connectors-community']['includepkgs'] unless node['yum']['mysql-connectors-community']['includepkgs'].nil? - keepalive node['yum']['mysql-connectors-community']['keepalive'] unless node['yum']['mysql-connectors-community']['keepalive'].nil? - max_retries node['yum']['mysql-connectors-community']['max_retries'] unless node['yum']['mysql-connectors-community']['max_retries'].nil? - metadata_expire node['yum']['mysql-connectors-community']['metadata_expire'] unless node['yum']['mysql-connectors-community']['metadata_expire'].nil? - mirror_expire node['yum']['mysql-connectors-community']['mirror_expire'] unless node['yum']['mysql-connectors-community']['mirror_expire'].nil? - priority node['yum']['mysql-connectors-community']['priority'] unless node['yum']['mysql-connectors-community']['priority'].nil? - proxy node['yum']['mysql-connectors-community']['proxy'] unless node['yum']['mysql-connectors-community']['proxy'].nil? - proxy_username node['yum']['mysql-connectors-community']['proxy_username'] unless node['yum']['mysql-connectors-community']['proxy_username'].nil? - proxy_password node['yum']['mysql-connectors-community']['proxy_password'] unless node['yum']['mysql-connectors-community']['proxy_password'].nil? - repositoryid node['yum']['mysql-connectors-community']['repositoryid'] unless node['yum']['mysql-connectors-community']['repositoryid'].nil? - sslcacert node['yum']['mysql-connectors-community']['sslcacert'] unless node['yum']['mysql-connectors-community']['sslcacert'].nil? - sslclientcert node['yum']['mysql-connectors-community']['sslclientcert'] unless node['yum']['mysql-connectors-community']['sslclientcert'].nil? - sslclientkey node['yum']['mysql-connectors-community']['sslclientkey'] unless node['yum']['mysql-connectors-community']['sslclientkey'].nil? - sslverify node['yum']['mysql-connectors-community']['sslverify'] unless node['yum']['mysql-connectors-community']['sslverify'].nil? - timeout node['yum']['mysql-connectors-community']['timeout'] unless node['yum']['mysql-connectors-community']['timeout'].nil? - action :create -end diff --git a/cookbooks/yum-mysql-community/recipes/mysql55.rb b/cookbooks/yum-mysql-community/recipes/mysql55.rb deleted file mode 100644 index 512aa63..0000000 --- a/cookbooks/yum-mysql-community/recipes/mysql55.rb +++ /dev/null @@ -1,48 +0,0 @@ -# -# Author:: Sean OMeara () -# Recipe:: yum-mysql-community::mysql55 -# -# Copyright:: 2014-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -yum_repository 'mysql55-community' do - description node['yum']['mysql55-community']['description'] unless node['yum']['mysql55-community']['description'].nil? - baseurl node['yum']['mysql55-community']['baseurl'] unless node['yum']['mysql55-community']['baseurl'].nil? - mirrorlist node['yum']['mysql55-community']['mirrorlist'] unless node['yum']['mysql55-community']['mirrorlist'].nil? - gpgcheck node['yum']['mysql55-community']['gpgcheck'] unless node['yum']['mysql55-community']['gpgcheck'].nil? - gpgkey node['yum']['mysql55-community']['gpgkey'] unless node['yum']['mysql55-community']['gpgkey'].nil? - enabled node['yum']['mysql55-community']['enabled'] unless node['yum']['mysql55-community']['enabled'].nil? - cost node['yum']['mysql55-community']['cost'] unless node['yum']['mysql55-community']['cost'].nil? - exclude node['yum']['mysql55-community']['exclude'] unless node['yum']['mysql55-community']['exclude'].nil? - enablegroups node['yum']['mysql55-community']['enablegroups'] unless node['yum']['mysql55-community']['enablegroups'].nil? - failovermethod node['yum']['mysql55-community']['failovermethod'] unless node['yum']['mysql55-community']['failovermethod'].nil? - http_caching node['yum']['mysql55-community']['http_caching'] unless node['yum']['mysql55-community']['http_caching'].nil? - include_config node['yum']['mysql55-community']['include_config'] unless node['yum']['mysql55-community']['include_config'].nil? - includepkgs node['yum']['mysql55-community']['includepkgs'] unless node['yum']['mysql55-community']['includepkgs'].nil? - keepalive node['yum']['mysql55-community']['keepalive'] unless node['yum']['mysql55-community']['keepalive'].nil? - max_retries node['yum']['mysql55-community']['max_retries'] unless node['yum']['mysql55-community']['max_retries'].nil? - metadata_expire node['yum']['mysql55-community']['metadata_expire'] unless node['yum']['mysql55-community']['metadata_expire'].nil? - mirror_expire node['yum']['mysql55-community']['mirror_expire'] unless node['yum']['mysql55-community']['mirror_expire'].nil? - priority node['yum']['mysql55-community']['priority'] unless node['yum']['mysql55-community']['priority'].nil? - proxy node['yum']['mysql55-community']['proxy'] unless node['yum']['mysql55-community']['proxy'].nil? - proxy_username node['yum']['mysql55-community']['proxy_username'] unless node['yum']['mysql55-community']['proxy_username'].nil? - proxy_password node['yum']['mysql55-community']['proxy_password'] unless node['yum']['mysql55-community']['proxy_password'].nil? - repositoryid node['yum']['mysql55-community']['repositoryid'] unless node['yum']['mysql55-community']['repositoryid'].nil? - sslcacert node['yum']['mysql55-community']['sslcacert'] unless node['yum']['mysql55-community']['sslcacert'].nil? - sslclientcert node['yum']['mysql55-community']['sslclientcert'] unless node['yum']['mysql55-community']['sslclientcert'].nil? - sslclientkey node['yum']['mysql55-community']['sslclientkey'] unless node['yum']['mysql55-community']['sslclientkey'].nil? - sslverify node['yum']['mysql55-community']['sslverify'] unless node['yum']['mysql55-community']['sslverify'].nil? - timeout node['yum']['mysql55-community']['timeout'] unless node['yum']['mysql55-community']['timeout'].nil? - action :create -end diff --git a/cookbooks/yum-mysql-community/recipes/mysql56.rb b/cookbooks/yum-mysql-community/recipes/mysql56.rb deleted file mode 100644 index 9ba3f10..0000000 --- a/cookbooks/yum-mysql-community/recipes/mysql56.rb +++ /dev/null @@ -1,48 +0,0 @@ -# -# Author:: Sean OMeara () -# Recipe:: yum-mysql-community::mysql56-community -# -# Copyright:: 2014-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -yum_repository 'mysql56-community' do - description node['yum']['mysql56-community']['description'] unless node['yum']['mysql56-community']['description'].nil? - baseurl node['yum']['mysql56-community']['baseurl'] unless node['yum']['mysql56-community']['baseurl'].nil? - mirrorlist node['yum']['mysql56-community']['mirrorlist'] unless node['yum']['mysql56-community']['mirrorlist'].nil? - gpgcheck node['yum']['mysql56-community']['gpgcheck'] unless node['yum']['mysql56-community']['gpgcheck'].nil? - gpgkey node['yum']['mysql56-community']['gpgkey'] unless node['yum']['mysql56-community']['gpgkey'].nil? - enabled node['yum']['mysql56-community']['enabled'] unless node['yum']['mysql56-community']['enabled'].nil? - cost node['yum']['mysql56-community']['cost'] unless node['yum']['mysql56-community']['cost'].nil? - exclude node['yum']['mysql56-community']['exclude'] unless node['yum']['mysql56-community']['exclude'].nil? - enablegroups node['yum']['mysql56-community']['enablegroups'] unless node['yum']['mysql56-community']['enablegroups'].nil? - failovermethod node['yum']['mysql56-community']['failovermethod'] unless node['yum']['mysql56-community']['failovermethod'].nil? - http_caching node['yum']['mysql56-community']['http_caching'] unless node['yum']['mysql56-community']['http_caching'].nil? - include_config node['yum']['mysql56-community']['include_config'] unless node['yum']['mysql56-community']['include_config'].nil? - includepkgs node['yum']['mysql56-community']['includepkgs'] unless node['yum']['mysql56-community']['includepkgs'].nil? - keepalive node['yum']['mysql56-community']['keepalive'] unless node['yum']['mysql56-community']['keepalive'].nil? - max_retries node['yum']['mysql56-community']['max_retries'] unless node['yum']['mysql56-community']['max_retries'].nil? - metadata_expire node['yum']['mysql56-community']['metadata_expire'] unless node['yum']['mysql56-community']['metadata_expire'].nil? - mirror_expire node['yum']['mysql56-community']['mirror_expire'] unless node['yum']['mysql56-community']['mirror_expire'].nil? - priority node['yum']['mysql56-community']['priority'] unless node['yum']['mysql56-community']['priority'].nil? - proxy node['yum']['mysql56-community']['proxy'] unless node['yum']['mysql56-community']['proxy'].nil? - proxy_username node['yum']['mysql56-community']['proxy_username'] unless node['yum']['mysql56-community']['proxy_username'].nil? - proxy_password node['yum']['mysql56-community']['proxy_password'] unless node['yum']['mysql56-community']['proxy_password'].nil? - repositoryid node['yum']['mysql56-community']['repositoryid'] unless node['yum']['mysql56-community']['repositoryid'].nil? - sslcacert node['yum']['mysql56-community']['sslcacert'] unless node['yum']['mysql56-community']['sslcacert'].nil? - sslclientcert node['yum']['mysql56-community']['sslclientcert'] unless node['yum']['mysql56-community']['sslclientcert'].nil? - sslclientkey node['yum']['mysql56-community']['sslclientkey'] unless node['yum']['mysql56-community']['sslclientkey'].nil? - sslverify node['yum']['mysql56-community']['sslverify'] unless node['yum']['mysql56-community']['sslverify'].nil? - timeout node['yum']['mysql56-community']['timeout'] unless node['yum']['mysql56-community']['timeout'].nil? - action :create -end diff --git a/cookbooks/yum-mysql-community/recipes/mysql57.rb b/cookbooks/yum-mysql-community/recipes/mysql57.rb deleted file mode 100644 index 4236176..0000000 --- a/cookbooks/yum-mysql-community/recipes/mysql57.rb +++ /dev/null @@ -1,48 +0,0 @@ -# -# Author:: Sean OMeara () -# Recipe:: yum-mysql-community::mysql57-community -# -# Copyright:: 2014-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -yum_repository 'mysql57-community' do - description node['yum']['mysql57-community']['description'] unless node['yum']['mysql57-community']['description'].nil? - baseurl node['yum']['mysql57-community']['baseurl'] unless node['yum']['mysql57-community']['baseurl'].nil? - mirrorlist node['yum']['mysql57-community']['mirrorlist'] unless node['yum']['mysql57-community']['mirrorlist'].nil? - gpgcheck node['yum']['mysql57-community']['gpgcheck'] unless node['yum']['mysql57-community']['gpgcheck'].nil? - gpgkey node['yum']['mysql57-community']['gpgkey'] unless node['yum']['mysql57-community']['gpgkey'].nil? - enabled node['yum']['mysql57-community']['enabled'] unless node['yum']['mysql57-community']['enabled'].nil? - cost node['yum']['mysql57-community']['cost'] unless node['yum']['mysql57-community']['cost'].nil? - exclude node['yum']['mysql57-community']['exclude'] unless node['yum']['mysql57-community']['exclude'].nil? - enablegroups node['yum']['mysql57-community']['enablegroups'] unless node['yum']['mysql57-community']['enablegroups'].nil? - failovermethod node['yum']['mysql57-community']['failovermethod'] unless node['yum']['mysql57-community']['failovermethod'].nil? - http_caching node['yum']['mysql57-community']['http_caching'] unless node['yum']['mysql57-community']['http_caching'].nil? - include_config node['yum']['mysql57-community']['include_config'] unless node['yum']['mysql57-community']['include_config'].nil? - includepkgs node['yum']['mysql57-community']['includepkgs'] unless node['yum']['mysql57-community']['includepkgs'].nil? - keepalive node['yum']['mysql57-community']['keepalive'] unless node['yum']['mysql57-community']['keepalive'].nil? - max_retries node['yum']['mysql57-community']['max_retries'] unless node['yum']['mysql57-community']['max_retries'].nil? - metadata_expire node['yum']['mysql57-community']['metadata_expire'] unless node['yum']['mysql57-community']['metadata_expire'].nil? - mirror_expire node['yum']['mysql57-community']['mirror_expire'] unless node['yum']['mysql57-community']['mirror_expire'].nil? - priority node['yum']['mysql57-community']['priority'] unless node['yum']['mysql57-community']['priority'].nil? - proxy node['yum']['mysql57-community']['proxy'] unless node['yum']['mysql57-community']['proxy'].nil? - proxy_username node['yum']['mysql57-community']['proxy_username'] unless node['yum']['mysql57-community']['proxy_username'].nil? - proxy_password node['yum']['mysql57-community']['proxy_password'] unless node['yum']['mysql57-community']['proxy_password'].nil? - repositoryid node['yum']['mysql57-community']['repositoryid'] unless node['yum']['mysql57-community']['repositoryid'].nil? - sslcacert node['yum']['mysql57-community']['sslcacert'] unless node['yum']['mysql57-community']['sslcacert'].nil? - sslclientcert node['yum']['mysql57-community']['sslclientcert'] unless node['yum']['mysql57-community']['sslclientcert'].nil? - sslclientkey node['yum']['mysql57-community']['sslclientkey'] unless node['yum']['mysql57-community']['sslclientkey'].nil? - sslverify node['yum']['mysql57-community']['sslverify'] unless node['yum']['mysql57-community']['sslverify'].nil? - timeout node['yum']['mysql57-community']['timeout'] unless node['yum']['mysql57-community']['timeout'].nil? - action :create -end diff --git a/cookbooks/mingw/.foodcritic b/cookbooks/yum/.foodcritic similarity index 100% rename from cookbooks/mingw/.foodcritic rename to cookbooks/yum/.foodcritic diff --git a/cookbooks/yum/CHANGELOG.md b/cookbooks/yum/CHANGELOG.md index d49c48a..c7dcf30 100644 --- a/cookbooks/yum/CHANGELOG.md +++ b/cookbooks/yum/CHANGELOG.md @@ -2,6 +2,43 @@ This file is used to list changes made in each version of the yum cookbook. +## 5.1.0 (2017-08-04) + +- Avoid spec deprecation warnings +- Use an empty string `releasever` to lock an Amazon Linux AMI to its current verison + +## 5.0.1 (2017-04-06) + +- Switch from Rake testing to Local Delivery +- Rename kitchen-docker to kitchen-dokken +- Update apache2 license string +- use true/false vs. TrueClass and FalseClass in the resource + +## 5.0.0 (2017-02-12) + +### Breaking changes + +- Removed the yum_repository resource and instead require chef-client 12.14 or later, which has the yum repository functionality built in. This resolves Chef 13 compatibility warnings for any cookbook with the yum cookbook. + +### Other changes + +- Convert yum_globalconfig from an LWRP to a custom resource + +## 4.2.0 (2017-02-12) + +- Make cache in the DNF compat recipe +- Fix `fastestmirror_enabled`. +- Require Chef 12.1 not 12.0 +- Convert to Inspec + +## 4.1.0 (2016-10-21) + +- Purge yum cache before removing a repo not after + +## 4.0.0 (2016-09-06) + +- Remove support for Chef 11 + ## 3.13.0 (2016-09-06) - Add deprecation warning for add/remove actions, which were replaced with create/delete in Yum 3.0 diff --git a/cookbooks/yum/MAINTAINERS.md b/cookbooks/yum/MAINTAINERS.md deleted file mode 100644 index c6a51ae..0000000 --- a/cookbooks/yum/MAINTAINERS.md +++ /dev/null @@ -1,19 +0,0 @@ - - -# Maintainers -This file lists how this cookbook project is maintained. When making changes to the system, this -file tells you who needs to review your patch - you need a simple majority of maintainers -for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need -to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) -for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Sean OMeara](https://github.com/someara) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/yum/README.md b/cookbooks/yum/README.md index b73c3de..1c00047 100644 --- a/cookbooks/yum/README.md +++ b/cookbooks/yum/README.md @@ -1,92 +1,28 @@ # yum Cookbook + [![Build Status](https://travis-ci.org/chef-cookbooks/yum.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum) [![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.chef.io/cookbooks/yum) -The Yum cookbook exposes the `yum_globalconfig` and `yum_repository` resources that allows a user to both control global behavior and make individual Yum repositories available for use. These resources aim to allow the user to configure all options listed in the `yum.conf` man page, found at [http://linux.die.net/man/5/yum.conf](http://linux.die.net/man/5/yum.conf) +The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to control global yum behavior. This resources aims to allow the user to configure all options listed in the `yum.conf` man page, found at ## Requirements + ### Platforms + - RHEL/CentOS and derivatives - Fedora ### Chef -- Chef 11+ + +- Chef 12.14+ ### Cookbooks + - none -## Resources/Providers -### yum_repository -This resource manages a yum repository configuration file at /etc/yum.repos.d/`repositoryid`.repo. When the file needs to be repaired, it calls yum-makecache so packages in the repo become available to the next resource. - -#### Example - -```ruby -# add the Zenoss repository -yum_repository 'zenoss' do - description "Zenoss Stable repo" - baseurl "http://dev.zenoss.com/yum/stable/" - gpgkey 'http://dev.zenoss.com/yum/RPM-GPG-KEY-zenoss' - action :create -end - -# add some internal company repo -yum_repository 'OurCo' do - description 'OurCo yum repository' - mirrorlist 'http://artifacts.ourco.org/mirrorlist?repo=ourco-6&arch=$basearch' - gpgkey 'http://artifacts.ourco.org/pub/yum/RPM-GPG-KEY-OURCO-6' - action :create -end -``` - -```ruby -# delete CentOS-Media repo -yum_repository 'CentOS-Media' do - action :delete -end -``` - -#### Actions -- `:create` - creates a repository file and builds the repository listing -- `:delete` - deletes the repository file -- `:makecache` - update yum cache - -#### Parameters -- `baseurl` - Must be a URL to the directory where the yum repository's 'repodata' directory lives. Can be an http://, ftp:// or file:// URL. You can specify multiple URLs in one baseurl statement. -- `cost` - relative cost of accessing this repository. Useful for weighing one repo's packages as greater/less than any other. defaults to 1000 -- `clean_metadata` - Run "yum clean metadata " during repository creation. defaults to true. -- `description` - Maps to the 'name' parameter in a repository .conf. Descriptive name for the repository channel. This directive must be specified. -- `enabled` - Either `true` or `false`. This tells yum whether or not use this repository. -- `enablegroups` - Either `true` or `false`. Determines whether yum will allow the use of package groups for this repository. Default is `true` (package groups are allowed). -- `exclude` - List of packages to exclude from updates or installs. This should be a space separated list in a single string. Shell globs using wildcards (eg. * and ?) are allowed. -- `failovermethod` - Either 'roundrobin' or 'priority'. -- `fastestmirror_enabled` - Either `true` or `false` -- `gpgcheck` - Either `true` or `false`. This tells yum whether or not it should perform a GPG signature check on packages. When this is set in the [main] section it sets the default for all repositories. The default is `true`. -- `gpgkey` - A URL pointing to the ASCII-armored GPG key file for the repository. This option is used if yum needs a public key to verify a package and the required key hasn't been imported into the RPM database. If this option is set, yum will automatically import the key from the specified URL. -- `http_caching` - Either 'all', 'packages', or 'none'. Determines how upstream HTTP caches are instructed to handle any HTTP downloads that Yum does. Defaults to 'all' -- `includepkgs` - Inverse of exclude. This is a list of packages you want to use from a repository. If this option lists only one package then that is all yum will ever see from the repository. Defaults to an empty list. -- `keepalive` - Either `true` or `false`. This tells yum whether or not HTTP/1.1 keepalive should be used with this repository. -- `make_cache` - Optional, Default is `true`, if `false` then `yum -q makecache` will not be ran -- `max_retries` - Set the number of times any attempt to retrieve a file should retry before returning an error. Setting this to '0' makes yum try forever. Default is '10'. -- `metadata_expire` - Time (in seconds) after which the metadata will expire. So that if the current metadata downloaded is less than this many seconds old then yum will not update the metadata against the repository. If you find that yum is not downloading information on updates as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a d, h or m respectively. The default is 6 hours, to compliment yum-updatesd running once an hour. It's also possible to use the word "never", meaning that the metadata will never expire. Note that when using a metalink file the metalink must always be newer than the metadata for the repository, due to the validation, so this timeout also applies to the metalink file. -- `mirrorlist` - Specifies a URL to a file containing a list of baseurls. This can be used instead of or with the baseurl option. Substitution variables, described below, can be used with this option. As a special hack is the mirrorlist URL contains the word "metalink" then the value of mirrorlist is copied to metalink (if metalink is not set) -- `mirror_expire` - Time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than this many seconds old then yum will not download another copy of the mirrorlist, it has the same extra format as metadata_expire. If you find that yum is not downloading the mirrorlists as often as you would like lower the value of this option. -- `mirrorlist_expire` - alias for mirror_expire -- `mode` - Permissions mode of .repo file on disk. Useful for scenarios where secrets are in the repo file. If set to '600', normal users will not be able to use yum search, yum info, etc. Defaults to '0644' -- `priority` - When the yum-priorities plug-in is enabled, you set priorities on repository entries, where N is an integer from 1 to 99. The default priority for repositories is 99. -- `proxy` - URL to the proxy server that yum should use. -- `proxy_username` - username to use for proxy -- `proxy_password` - password for this proxy -- `report_instanceid` - Report instance ID when using Amazon Linux AMIs and repositories -- `repositoryid` - Must be a unique name for each repository, one word. Defaults to name attribute. -- `sensitive` - Optional, Default is `false`, if `true` then content of repository file is hidden from chef run output. -- `source` - Use a custom template source instead of the default one in the yum cookbook -- `sslcacert` - Path to the directory containing the databases of the certificate authorities yum should use to verify SSL certificates. Defaults to none - uses system default -- `sslclientcert` - Path to the SSL client certificate yum should use to connect to repos/remote sites Defaults to none. -- `sslclientkey` - Path to the SSL client key yum should use to connect to repos/remote sites Defaults to none. -- `sslverify` - Either `true` or `false`. Determines if yum will verify SSL certificates/hosts. Defaults to `true` -- `timeout` - Number of seconds to wait for a connection before timing out. Defaults to 30 seconds. This may be too short of a time for extremely overloaded sites. +## Resources ### yum_globalconfig + This renders a template with global yum configuration parameters. The default recipe uses it to render `/etc/yum.conf`. It is flexible enough to be used in other scenarios, such as building RPMs in isolation by modifying `installroot`. #### Example @@ -101,22 +37,30 @@ yum_globalconfig '/my/chroot/etc/yum.conf' do end ``` -#### Parameters -`yum_globalconfig` can take most of the same parameters as a `yum_repository`, plus more, too numerous to describe here. Below are a few of the more commonly used ones. For a complete list, please consult the `yum.conf` man page, found here: [http://linux.die.net/man/5/yum.conf](http://linux.die.net/man/5/yum.conf) +#### Properties + +`yum_globalconfig` can take most of the same parameters as a `yum_repository`, plus more, too numerous to describe here. Below are a few of the more commonly used ones. For a complete list, please consult the `yum.conf` man page, found here: + - `cachedir` - Directory where yum should store its cache and db files. The default is '/var/cache/yum'. - `keepcache` - Either `true` or `false`. Determines whether or not yum keeps the cache of headers and packages after successful installation. Default is `false` -- `debuglevel` - Debug message output level. Practical range is 0-10. Default is '2'. +- `debuglevel` - Debug message output level. Practical range is 0-10\. Default is '2'. - `exclude` - List of packages to exclude from updates or installs. This should be a space separated list. Shell globs using wildcards (eg. * and ?) are allowed. - `installonlypkgs` = List of package provides that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-debug, kernel-unsupported, kernel-source, kernel-devel, kernel-PAE, kernel-PAE-debug. - `logfile` - Full directory and file name for where yum should write its log file. -- `exactarch` - Either `true` or `false`. Set to `true` to make 'yum update' only update the architectures of packages that you have installed. ie: with this enabled yum will not install an i686 package to update an x86_64 package. Default is `true` +- `exactarch` - Either `true` or `false`. Set to `true` to make 'yum update' only update the architectures of packages that you have installed. ie: with this enabled yum will not install an i686 package to update an x86_64 package. Default is `true` - `gpgcheck` - Either `true` or `false`. This tells yum whether or not it should perform a GPG signature check on the packages gotten from this repository. +### yum_repository + +This resource is now provided by chef-client 12.14 and later and has been removed from this cookbook. If you require this resource we highly recommend upgrading your chef-client, but if that is not an option you can pin the 4.X yum cookbook. + ## Recipes + - `default` - Configures `yum_globalconfig[/etc/yum.conf]` with values found in node attributes at `node['yum']['main']` -- `dnf_yum_compat` - Installs the yum package using dnf on Fedora systems to provide support for the package resource in recipes. This is necessary as Chef does not yet (as of Q4 2015) have native support for DNF. This recipe should be 1st on a Fedora runlist +- `dnf_yum_compat` - Installs the yum package using dnf on Fedora systems to provide support for the package resource in recipes. This is necessary on chef-client < 12.18\. This recipe should be 1st on a Fedora runlist ## Attributes + The following attributes are set by default ```ruby @@ -132,14 +76,22 @@ default['yum']['main']['installonlypkgs'] = nil default['yum']['main']['installroot'] = nil ``` -For Amazon platform nodes, +For Amazon platform nodes, the default is to receive a continuous flow of updates, ```ruby default['yum']['main']['releasever'] = 'latest' ``` +To lock existing instances to the current version of the Amazon AMI, + +```ruby +default['yum']['main']['releasever'] = '' +``` + ## Related Cookbooks + Recipes from older versions of this cookbook have been moved individual cookbooks. Recipes for managing platform yum configurations and installing specific repositories can be found in one (or more!) of the following cookbook. + - yum-centos - yum-fedora - yum-amazon @@ -151,9 +103,11 @@ Recipes from older versions of this cookbook have been moved individual cookbook - yum-pgdg ## Usage + Put `depends 'yum'` in your metadata.rb to gain access to the yum_repository resource. ## License & Authors + - Author:: Eric G. Wolfe - Author:: Matt Ray ([matt@chef.io](mailto:matt@chef.io)) - Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io)) @@ -161,7 +115,7 @@ Put `depends 'yum'` in your metadata.rb to gain access to the yum_repository res ```text Copyright:: 2011 Eric G. Wolfe -Copyright:: 2013-2016 Chef Software, Inc. +Copyright:: 2013-2017 Chef Software, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cookbooks/yum/attributes/main.rb b/cookbooks/yum/attributes/main.rb index 8eb3784..5ac4af7 100644 --- a/cookbooks/yum/attributes/main.rb +++ b/cookbooks/yum/attributes/main.rb @@ -21,11 +21,11 @@ default['yum']['main']['releasever'] = case node['platform'] when 'amazon' 'latest' end -default['yum']['main']['alwaysprompt'] = nil # [TrueClass, FalseClass] -default['yum']['main']['assumeyes'] = nil # [TrueClass, FalseClass] +default['yum']['main']['alwaysprompt'] = nil # [true, false] +default['yum']['main']['assumeyes'] = nil # [true, false] default['yum']['main']['bandwidth'] = nil # /^\d+$/ default['yum']['main']['bugtracker_url'] = nil # /.*/ -default['yum']['main']['clean_requirements_on_remove'] = nil # [TrueClass, FalseClass] +default['yum']['main']['clean_requirements_on_remove'] = nil # [true, false] default['yum']['main']['color'] = nil # %w{ always never } default['yum']['main']['color_list_available_downgrade'] = nil # /.*/ default['yum']['main']['color_list_available_install'] = nil # /.*/ @@ -40,41 +40,41 @@ default['yum']['main']['color_update_installed'] = nil # /.*/ default['yum']['main']['color_update_local'] = nil # /.*/ default['yum']['main']['color_update_remote'] = nil # /.*/ default['yum']['main']['commands'] = nil # /.*/ -default['yum']['main']['deltarpm'] = nil # [TrueClass, FalseClass] +default['yum']['main']['deltarpm'] = nil # [true, false] default['yum']['main']['debuglevel'] = nil # /^\d+$/ -default['yum']['main']['diskspacecheck'] = nil # [TrueClass, FalseClass] -default['yum']['main']['enable_group_conditionals'] = nil # [TrueClass, FalseClass] +default['yum']['main']['diskspacecheck'] = nil # [true, false] +default['yum']['main']['enable_group_conditionals'] = nil # [true, false] default['yum']['main']['errorlevel'] = nil # /^\d+$/ -default['yum']['main']['exactarch'] = nil # [TrueClass, FalseClass] +default['yum']['main']['exactarch'] = nil # [true, false] default['yum']['main']['exclude'] = nil # /.*/ -default['yum']['main']['gpgcheck'] = true # [TrueClass, FalseClass] +default['yum']['main']['gpgcheck'] = true # [true, false] default['yum']['main']['group_package_types'] = nil # /.*/ -default['yum']['main']['groupremove_leaf_only'] = nil # [TrueClass, FalseClass] +default['yum']['main']['groupremove_leaf_only'] = nil # [true, false] default['yum']['main']['history_list_view'] = nil # /.*/ -default['yum']['main']['history_record'] = nil # [TrueClass, FalseClass] +default['yum']['main']['history_record'] = nil # [true, false] default['yum']['main']['history_record_packages'] = nil # /.*/ default['yum']['main']['http_caching'] = nil # %w{ packages all none } default['yum']['main']['installonly_limit'] = nil # /\d+/, /keep/ default['yum']['main']['installonlypkgs'] = nil # /.*/ default['yum']['main']['installroot'] = nil # /.*/ -default['yum']['main']['keepalive'] = nil # [TrueClass, FalseClass] -default['yum']['main']['keepcache'] = false # [TrueClass, FalseClass] +default['yum']['main']['keepalive'] = nil # [true, false] +default['yum']['main']['keepcache'] = false # [true, false] default['yum']['main']['kernelpkgnames'] = nil # /.*/ -default['yum']['main']['localpkg_gpgcheck'] = false # [TrueClass,# FalseClass] +default['yum']['main']['localpkg_gpgcheck'] = false # [true,# false] default['yum']['main']['logfile'] = '/var/log/yum.log' # /.*/ default['yum']['main']['max_retries'] = nil # /^\d+$/ default['yum']['main']['mdpolicy'] = nil # %w{ packages all none } default['yum']['main']['metadata_expire'] = nil # /^\d+$/ default['yum']['main']['mirrorlist_expire'] = nil # /^\d+$/ default['yum']['main']['multilib_policy'] = nil # %w{ all best } -default['yum']['main']['obsoletes'] = nil # [TrueClass, FalseClass] -default['yum']['main']['overwrite_groups'] = nil # [TrueClass, FalseClass] +default['yum']['main']['obsoletes'] = nil # [true, false] +default['yum']['main']['overwrite_groups'] = nil # [true, false] default['yum']['main']['password'] = nil # /.*/ default['yum']['main']['path'] = '/etc/yum.conf' # /.*/ default['yum']['main']['persistdir'] = nil # /.*/ default['yum']['main']['pluginconfpath'] = nil # /.*/ default['yum']['main']['pluginpath'] = nil # /.*/ -default['yum']['main']['plugins'] = nil # [TrueClass, FalseClass] +default['yum']['main']['plugins'] = nil # [true, false] default['yum']['main']['protected_multilib'] = nil # /.*/ default['yum']['main']['protected_packages'] = nil # /.*/ default['yum']['main']['proxy'] = nil # /.*/ @@ -82,17 +82,17 @@ default['yum']['main']['proxy_password'] = nil # /.*/ default['yum']['main']['proxy_username'] = nil # /.*/ default['yum']['main']['password'] = nil # /.*/ default['yum']['main']['recent'] = nil # /^\d+$/ -default['yum']['main']['repo_gpgcheck'] = nil # [TrueClass, FalseClass] +default['yum']['main']['repo_gpgcheck'] = nil # [true, false] default['yum']['main']['reposdir'] = nil # /.*/ -default['yum']['main']['reset_nice'] = nil # [TrueClass, FalseClass] +default['yum']['main']['reset_nice'] = nil # [true, false] default['yum']['main']['rpmverbosity'] = nil # %w{ info critical# emergency error warn debug } -default['yum']['main']['showdupesfromrepos'] = nil # [TrueClass, FalseClass] -default['yum']['main']['skip_broken'] = nil # [TrueClass, FalseClass] -default['yum']['main']['ssl_check_cert_permissions'] = nil # [TrueClass, FalseClass] +default['yum']['main']['showdupesfromrepos'] = nil # [true, false] +default['yum']['main']['skip_broken'] = nil # [true, false] +default['yum']['main']['ssl_check_cert_permissions'] = nil # [true, false] default['yum']['main']['sslcacert'] = nil # /.*/ default['yum']['main']['sslclientcert'] = nil # /.*/ default['yum']['main']['sslclientkey'] = nil # /.*/ -default['yum']['main']['sslverify'] = nil # [TrueClass, FalseClass] +default['yum']['main']['sslverify'] = nil # [true, false] default['yum']['main']['syslog_device'] = nil # /.*/ default['yum']['main']['syslog_facility'] = nil # /.*/ default['yum']['main']['syslog_ident'] = nil # /.*/ diff --git a/cookbooks/yum/libraries/matchers.rb b/cookbooks/yum/libraries/matchers.rb index 631b708..220238a 100644 --- a/cookbooks/yum/libraries/matchers.rb +++ b/cookbooks/yum/libraries/matchers.rb @@ -1,20 +1,4 @@ if defined?(ChefSpec) - def create_yum_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:yum_repository, :create, resource_name) - end - - def add_yum_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:yum_repository, :add, resource_name) - end - - def delete_yum_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:yum_repository, :delete, resource_name) - end - - def remove_yum_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:yum_repository, :remove, resource_name) - end - def create_yum_globalconfig(resource_name) ChefSpec::Matchers::ResourceMatcher.new(:yum_globalconfig, :create, resource_name) end diff --git a/cookbooks/yum/metadata.json b/cookbooks/yum/metadata.json index 3b3faac..44a7f68 100644 --- a/cookbooks/yum/metadata.json +++ b/cookbooks/yum/metadata.json @@ -1 +1 @@ -{"name":"yum","version":"3.13.0","description":"Configures various yum components on Red Hat-like systems","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file +{"name":"yum","version":"5.1.0","description":"Configures various yum components on Red Hat-like systems","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum","issues_url":"https://github.com/chef-cookbooks/yum/issues","chef_version":[[">= 12.14"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/yum/providers/globalconfig.rb b/cookbooks/yum/providers/globalconfig.rb deleted file mode 100644 index ef649bb..0000000 --- a/cookbooks/yum/providers/globalconfig.rb +++ /dev/null @@ -1,40 +0,0 @@ -# -# Cookbook Name:: yum -# Provider:: repository -# -# Author:: Sean OMeara -# Copyright 2013-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -use_inline_resources - -def whyrun_supported? - true -end - -action :create do - template new_resource.path do - source 'main.erb' - cookbook 'yum' - mode '0644' - variables(config: new_resource) - end -end - -action :delete do - file new_resource.path do - action :delete - end -end diff --git a/cookbooks/yum/providers/repository.rb b/cookbooks/yum/providers/repository.rb deleted file mode 100644 index 0b7846c..0000000 --- a/cookbooks/yum/providers/repository.rb +++ /dev/null @@ -1,115 +0,0 @@ -# -# Cookbook Name:: yum -# Provider:: repository -# -# Author:: Sean OMeara -# Copyright 2013-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# In Chef 11 and above, calling the use_inline_resources method will -# make Chef create a new "run_context". When an action is called, any -# nested resources are compiled and converged in isolation from the -# recipe that calls it. - -use_inline_resources - -def whyrun_supported? - true -end - -action :add do - Chef::Log.warn('The :add method in yum_repository has been deprecated in favor of :create. Please update your cookbook to use the :create action') - action_create -end - -action :remove do - Chef::Log.warn('The :remove method in yum_repository has been deprecated in favor of :delete. Repository deletion in Chef 12.14+ with :remove will fail') - action_delete -end - -action :create do - if new_resource.clean_headers - Chef::Log.warn <<-eos - Use of `clean_headers` in resource yum[#{new_resource.repositoryid}] is now deprecated and will be removed in a future release. - `clean_metadata` should be used instead - eos - end - - template "/etc/yum.repos.d/#{new_resource.repositoryid}.repo" do - if new_resource.source.nil? - source 'repo.erb' - cookbook 'yum' - else - source new_resource.source - end - mode new_resource.mode - sensitive new_resource.sensitive - variables(config: new_resource) - if new_resource.make_cache - notifies :run, "execute[yum clean metadata #{new_resource.repositoryid}]", :immediately if new_resource.clean_metadata || new_resource.clean_headers - notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately - notifies :create, "ruby_block[yum-cache-reload-#{new_resource.repositoryid}]", :immediately - end - end - - execute "yum clean metadata #{new_resource.repositoryid}" do - command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}" - action :nothing - end - - # get the metadata for this repo only - execute "yum-makecache-#{new_resource.repositoryid}" do - command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}" - action :nothing - only_if { new_resource.enabled } - end - - # reload internal Chef yum cache - ruby_block "yum-cache-reload-#{new_resource.repositoryid}" do - block { Chef::Provider::Package::Yum::YumCache.instance.reload } - action :nothing - end -end - -action :delete do - file "/etc/yum.repos.d/#{new_resource.repositoryid}.repo" do - action :delete - notifies :run, "execute[yum clean all #{new_resource.repositoryid}]", :immediately - notifies :create, "ruby_block[yum-cache-reload-#{new_resource.repositoryid}]", :immediately - end - - execute "yum clean all #{new_resource.repositoryid}" do - command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}" - only_if "yum repolist | grep -P '^#{new_resource.repositoryid}([ \t]|$)'" - action :nothing - end - - ruby_block "yum-cache-reload-#{new_resource.repositoryid}" do - block { Chef::Provider::Package::Yum::YumCache.instance.reload } - action :nothing - end -end - -action :makecache do - execute "yum-makecache-#{new_resource.repositoryid}" do - command "yum -q makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}" - action :run - end - - ruby_block "yum-cache-reload-#{new_resource.repositoryid}" do - block { Chef::Provider::Package::Yum::YumCache.instance.reload } - action :run - end -end diff --git a/cookbooks/yum/recipes/default.rb b/cookbooks/yum/recipes/default.rb index d1fe392..e489fb2 100644 --- a/cookbooks/yum/recipes/default.rb +++ b/cookbooks/yum/recipes/default.rb @@ -3,7 +3,7 @@ # Author:: Joshua Timberman () # Recipe:: yum::default # -# Copyright 2013-2016, Chef Software, Inc () +# Copyright:: 2013-2017, Chef Software, Inc () # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/yum/recipes/dnf_yum_compat.rb b/cookbooks/yum/recipes/dnf_yum_compat.rb index a673f17..d88fecf 100644 --- a/cookbooks/yum/recipes/dnf_yum_compat.rb +++ b/cookbooks/yum/recipes/dnf_yum_compat.rb @@ -2,7 +2,7 @@ # Author:: Tim Smith () # Recipe:: yum::fedora_yum_compat # -# Copyright 2015-2016, Chef Software, Inc () +# Copyright:: 2015-2017, Chef Software, Inc () # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,8 +16,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +execute 'make yum cache' do + command 'yum makecache' + action :nothing +end + execute 'install yum' do command 'dnf install yum -y' not_if { ::File.exist?('/var/lib/yum') } action :nothing + notifies :run, 'execute[make yum cache]', :immediately end.run_action(:run) diff --git a/cookbooks/yum/resources/globalconfig.rb b/cookbooks/yum/resources/globalconfig.rb index e30185b..d294767 100644 --- a/cookbooks/yum/resources/globalconfig.rb +++ b/cookbooks/yum/resources/globalconfig.rb @@ -1,9 +1,9 @@ # -# Cookbook Name:: yum +# Cookbook:: yum # Resource:: repository # # Author:: Sean OMeara -# Copyright 2013-2016, Chef Software, Inc. +# Copyright:: 2013-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,92 +18,102 @@ # limitations under the License. # -actions :create, :delete - -default_action :create - # http://linux.die.net/man/5/yum.conf -attribute :alwaysprompt, kind_of: [TrueClass, FalseClass], default: nil -attribute :assumeyes, kind_of: [TrueClass, FalseClass], default: nil -attribute :bandwidth, kind_of: String, regex: /^\d+/, default: nil -attribute :bugtracker_url, kind_of: String, regex: /.*/, default: nil -attribute :clean_requirements_on_remove, kind_of: [TrueClass, FalseClass], default: nil -attribute :cachedir, kind_of: String, regex: /.*/, default: '/var/cache/yum/$basearch/$releasever' -attribute :color, kind_of: String, equal_to: %w(always never), default: nil -attribute :color_list_available_downgrade, kind_of: String, regex: /.*/, default: nil -attribute :color_list_available_install, kind_of: String, regex: /.*/, default: nil -attribute :color_list_available_reinstall, kind_of: String, regex: /.*/, default: nil -attribute :color_list_available_upgrade, kind_of: String, regex: /.*/, default: nil -attribute :color_list_installed_extra, kind_of: String, regex: /.*/, default: nil -attribute :color_list_installed_newer, kind_of: String, regex: /.*/, default: nil -attribute :color_list_installed_older, kind_of: String, regex: /.*/, default: nil -attribute :color_list_installed_reinstall, kind_of: String, regex: /.*/, default: nil -attribute :color_search_match, kind_of: String, regex: /.*/, default: nil -attribute :color_update_installed, kind_of: String, regex: /.*/, default: nil -attribute :color_update_local, kind_of: String, regex: /.*/, default: nil -attribute :color_update_remote, kind_of: String, regex: /.*/, default: nil -attribute :commands, kind_of: String, regex: /.*/, default: nil -attribute :debuglevel, kind_of: String, regex: /^\d+$/, default: '2' -attribute :deltarpm, kind_of: [TrueClass, FalseClass], default: nil -attribute :diskspacecheck, kind_of: [TrueClass, FalseClass], default: nil -attribute :distroverpkg, kind_of: String, regex: /.*/, default: nil -attribute :enable_group_conditionals, kind_of: [TrueClass, FalseClass], default: nil -attribute :errorlevel, kind_of: String, regex: /^\d+$/, default: nil -attribute :exactarch, kind_of: [TrueClass, FalseClass], default: true -attribute :exclude, kind_of: String, regex: /.*/, default: nil -attribute :gpgcheck, kind_of: [TrueClass, FalseClass], default: true -attribute :group_package_types, kind_of: String, regex: /.*/, default: nil -attribute :groupremove_leaf_only, kind_of: [TrueClass, FalseClass], default: nil -attribute :history_list_view, kind_of: String, equal_to: %w(users commands single-user-commands), default: nil -attribute :history_record, kind_of: [TrueClass, FalseClass], default: nil -attribute :history_record_packages, kind_of: String, regex: /.*/, default: nil -attribute :http_caching, kind_of: String, equal_to: %w(packages all none), default: nil -attribute :installonly_limit, kind_of: String, regex: [/^\d+/, /keep/], default: '3' -attribute :installonlypkgs, kind_of: String, regex: /.*/, default: nil -attribute :installroot, kind_of: String, regex: /.*/, default: nil -attribute :keepalive, kind_of: [TrueClass, FalseClass], default: nil -attribute :keepcache, kind_of: [TrueClass, FalseClass], default: false -attribute :kernelpkgnames, kind_of: String, regex: /.*/, default: nil -attribute :localpkg_gpgcheck, kind_of: [TrueClass, FalseClass], default: nil -attribute :logfile, kind_of: String, regex: /.*/, default: '/var/log/yum.log' -attribute :max_retries, kind_of: String, regex: /^\d+$/, default: nil -attribute :mdpolicy, kind_of: String, equal_to: %w(instant group:primary group:small group:main group:all), default: nil -attribute :metadata_expire, kind_of: String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/], default: nil -attribute :mirrorlist_expire, kind_of: String, regex: /^\d+$/, default: nil -attribute :multilib_policy, kind_of: String, equal_to: %w(all best), default: nil -attribute :obsoletes, kind_of: [TrueClass, FalseClass], default: nil -attribute :overwrite_groups, kind_of: [TrueClass, FalseClass], default: nil -attribute :password, kind_of: String, regex: /.*/, default: nil -attribute :path, kind_of: String, regex: /.*/, name_attribute: true -attribute :persistdir, kind_of: String, regex: /.*/, default: nil -attribute :pluginconfpath, kind_of: String, regex: /.*/, default: nil -attribute :pluginpath, kind_of: String, regex: /.*/, default: nil -attribute :plugins, kind_of: [TrueClass, FalseClass], default: true -attribute :protected_multilib, kind_of: [TrueClass, FalseClass], default: nil -attribute :protected_packages, kind_of: String, regex: /.*/, default: nil -attribute :proxy, kind_of: String, regex: /.*/, default: nil -attribute :proxy_password, kind_of: String, regex: /.*/, default: nil -attribute :proxy_username, kind_of: String, regex: /.*/, default: nil -attribute :recent, kind_of: String, regex: /^\d+$/, default: nil -attribute :releasever, kind_of: String, regex: /.*/, default: nil -attribute :repo_gpgcheck, kind_of: [TrueClass, FalseClass], default: nil -attribute :reposdir, kind_of: String, regex: /.*/, default: nil -attribute :reset_nice, kind_of: [TrueClass, FalseClass], default: nil -attribute :rpmverbosity, kind_of: String, equal_to: %w(info critical emergency error warn debug), default: nil -attribute :showdupesfromrepos, kind_of: [TrueClass, FalseClass], default: nil -attribute :skip_broken, kind_of: [TrueClass, FalseClass], default: nil -attribute :ssl_check_cert_permissions, kind_of: [TrueClass, FalseClass], default: nil -attribute :sslcacert, kind_of: String, regex: /.*/, default: nil -attribute :sslclientcert, kind_of: String, regex: /.*/, default: nil -attribute :sslclientkey, kind_of: String, regex: /.*/, default: nil -attribute :sslverify, kind_of: [TrueClass, FalseClass], default: nil -attribute :syslog_device, kind_of: String, regex: /.*/, default: nil -attribute :syslog_facility, kind_of: String, regex: /.*/, default: nil -attribute :syslog_ident, kind_of: String, regex: /.*/, default: nil -attribute :throttle, kind_of: String, regex: [/\d+k/, /\d+M/, /\d+G/], default: nil -attribute :timeout, kind_of: String, regex: /^\d+$/, default: nil -attribute :tolerant, kind_of: [TrueClass, FalseClass], default: nil -attribute :tsflags, kind_of: String, regex: /.*/, default: nil -attribute :username, kind_of: String, regex: /.*/, default: nil +property :alwaysprompt, [true, false] +property :assumeyes, [true, false] +property :bandwidth, String, regex: /^\d+/ +property :bugtracker_url, String, regex: /.*/ +property :clean_requirements_on_remove, [true, false] +property :cachedir, String, regex: /.*/, default: '/var/cache/yum/$basearch/$releasever' +property :color, String, equal_to: %w(always never) +property :color_list_available_downgrade, String, regex: /.*/ +property :color_list_available_install, String, regex: /.*/ +property :color_list_available_reinstall, String, regex: /.*/ +property :color_list_available_upgrade, String, regex: /.*/ +property :color_list_installed_extra, String, regex: /.*/ +property :color_list_installed_newer, String, regex: /.*/ +property :color_list_installed_older, String, regex: /.*/ +property :color_list_installed_reinstall, String, regex: /.*/ +property :color_search_match, String, regex: /.*/ +property :color_update_installed, String, regex: /.*/ +property :color_update_local, String, regex: /.*/ +property :color_update_remote, String, regex: /.*/ +property :commands, String, regex: /.*/ +property :debuglevel, String, regex: /^\d+$/, default: '2' +property :deltarpm, [true, false] +property :diskspacecheck, [true, false] +property :distroverpkg, String, regex: /.*/ +property :enable_group_conditionals, [true, false] +property :errorlevel, String, regex: /^\d+$/ +property :exactarch, [true, false], default: true +property :exclude, String, regex: /.*/ +property :gpgcheck, [true, false], default: true +property :group_package_types, String, regex: /.*/ +property :groupremove_leaf_only, [true, false] +property :history_list_view, String, equal_to: %w(users commands single-user-commands) +property :history_record, [true, false] +property :history_record_packages, String, regex: /.*/ +property :http_caching, String, equal_to: %w(packages all none) +property :installonly_limit, String, regex: [/^\d+/, /keep/], default: '3' +property :installonlypkgs, String, regex: /.*/ +property :installroot, String, regex: /.*/ +property :keepalive, [true, false] +property :keepcache, [true, false], default: false +property :kernelpkgnames, String, regex: /.*/ +property :localpkg_gpgcheck, [true, false] +property :logfile, String, regex: /.*/, default: '/var/log/yum.log' +property :max_retries, String, regex: /^\d+$/ +property :mdpolicy, String, equal_to: %w(instant group:primary group:small group:main group:all) +property :metadata_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/] +property :mirrorlist_expire, String, regex: /^\d+$/ +property :multilib_policy, String, equal_to: %w(all best) +property :obsoletes, [true, false] +property :overwrite_groups, [true, false] +property :password, String, regex: /.*/ +property :path, String, regex: /.*/, name_property: true +property :persistdir, String, regex: /.*/ +property :pluginconfpath, String, regex: /.*/ +property :pluginpath, String, regex: /.*/ +property :plugins, [true, false], default: true +property :protected_multilib, [true, false] +property :protected_packages, String, regex: /.*/ +property :proxy, String, regex: /.*/ +property :proxy_password, String, regex: /.*/ +property :proxy_username, String, regex: /.*/ +property :recent, String, regex: /^\d+$/ +property :releasever, String, regex: /.*/ +property :repo_gpgcheck, [true, false] +property :reposdir, String, regex: /.*/ +property :reset_nice, [true, false] +property :rpmverbosity, String, equal_to: %w(info critical emergency error warn debug) +property :showdupesfromrepos, [true, false] +property :skip_broken, [true, false] +property :ssl_check_cert_permissions, [true, false] +property :sslcacert, String, regex: /.*/ +property :sslclientcert, String, regex: /.*/ +property :sslclientkey, String, regex: /.*/ +property :sslverify, [true, false] +property :syslog_device, String, regex: /.*/ +property :syslog_facility, String, regex: /.*/ +property :syslog_ident, String, regex: /.*/ +property :throttle, String, regex: [/\d+k/, /\d+M/, /\d+G/] +property :timeout, String, regex: /^\d+$/ +property :tolerant, [true, false] +property :tsflags, String, regex: /.*/ +property :username, String, regex: /.*/ +property :options, Hash -attribute :options, kind_of: Hash +action :create do + template new_resource.path do + source 'main.erb' + cookbook 'yum' + mode '0644' + variables(config: new_resource) + end +end + +action :delete do + file new_resource.path do + action :delete + end +end diff --git a/cookbooks/yum/resources/repository.rb b/cookbooks/yum/resources/repository.rb deleted file mode 100644 index 7514d5a..0000000 --- a/cookbooks/yum/resources/repository.rb +++ /dev/null @@ -1,71 +0,0 @@ -# -# Cookbook Name:: yum -# Resource:: repository -# -# Author:: Sean OMeara -# Copyright 2013-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -actions :create, :delete, :add, :remove, :makecache - -default_action :create - -# http://linux.die.net/man/5/yum.conf -attribute :baseurl, kind_of: [String, Array], regex: /.*/, default: nil -attribute :cost, kind_of: String, regex: /^\d+$/, default: nil -attribute :clean_headers, kind_of: [TrueClass, FalseClass], default: false # deprecated -attribute :clean_metadata, kind_of: [TrueClass, FalseClass], default: true -attribute :description, kind_of: String, regex: /.*/, default: 'Ye Ole Rpm Repo' -attribute :enabled, kind_of: [TrueClass, FalseClass], default: true -attribute :enablegroups, kind_of: [TrueClass, FalseClass], default: nil -attribute :exclude, kind_of: String, regex: /.*/, default: nil -attribute :failovermethod, kind_of: String, equal_to: %w(priority roundrobin), default: nil -attribute :fastestmirror_enabled, kind_of: [TrueClass, FalseClass], default: nil -attribute :gpgcheck, kind_of: [TrueClass, FalseClass], default: true -attribute :gpgkey, kind_of: [String, Array], regex: /.*/, default: nil -attribute :http_caching, kind_of: String, equal_to: %w(packages all none), default: nil -attribute :include_config, kind_of: String, regex: /.*/, default: nil -attribute :includepkgs, kind_of: String, regex: /.*/, default: nil -attribute :keepalive, kind_of: [TrueClass, FalseClass], default: nil -attribute :make_cache, kind_of: [TrueClass, FalseClass], default: true -attribute :max_retries, kind_of: [String, Integer], default: nil -attribute :metadata_expire, kind_of: String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/], default: nil -attribute :mirrorexpire, kind_of: String, regex: /.*/, default: nil -attribute :mirrorlist, kind_of: String, regex: /.*/, default: nil -attribute :mirror_expire, kind_of: String, regex: [/^\d+$/, /^\d+[mhd]$/], default: nil -attribute :mirrorlist_expire, kind_of: String, regex: [/^\d+$/, /^\d+[mhd]$/], default: nil -attribute :mode, default: '0644' -attribute :priority, kind_of: String, regex: /^(\d?[0-9]|[0-9][0-9])$/, default: nil -attribute :proxy, kind_of: String, regex: /.*/, default: nil -attribute :proxy_username, kind_of: String, regex: /.*/, default: nil -attribute :proxy_password, kind_of: String, regex: /.*/, default: nil -attribute :username, kind_of: String, regex: /.*/, default: nil -attribute :password, kind_of: String, regex: /.*/, default: nil -attribute :repo_gpgcheck, kind_of: [TrueClass, FalseClass], default: nil -attribute :report_instanceid, kind_of: [TrueClass, FalseClass], default: nil -attribute :repositoryid, kind_of: String, regex: /.*/, name_attribute: true -attribute :sensitive, kind_of: [TrueClass, FalseClass], default: false -attribute :skip_if_unavailable, kind_of: [TrueClass, FalseClass], default: nil -attribute :source, kind_of: String, regex: /.*/, default: nil -attribute :sslcacert, kind_of: String, regex: /.*/, default: nil -attribute :sslclientcert, kind_of: String, regex: /.*/, default: nil -attribute :sslclientkey, kind_of: String, regex: /.*/, default: nil -attribute :sslverify, kind_of: [TrueClass, FalseClass], default: nil -attribute :timeout, kind_of: String, regex: /^\d+$/, default: nil - -attribute :options, kind_of: Hash - -alias_method :url, :baseurl -alias_method :keyurl, :gpgkey diff --git a/cookbooks/yum/templates/default/repo.erb b/cookbooks/yum/templates/default/repo.erb deleted file mode 100644 index 5fd6e7f..0000000 --- a/cookbooks/yum/templates/default/repo.erb +++ /dev/null @@ -1,130 +0,0 @@ -# This file was generated by Chef -# Do NOT modify this file by hand. - -[<%= @config.repositoryid %>] -name=<%= @config.description %> -<% if @config.baseurl %> -baseurl=<%= case @config.baseurl - when Array - @config.baseurl.join("\n") - else - @config.baseurl - end %> -<% end -%> -<% if @config.cost %> -cost=<%= @config.cost %> -<% end %> -<% if @config.enabled %> -enabled=1 -<% else %> -enabled=0 -<% end %> -<% if @config.enablegroups %> -enablegroups=1 -<% end %> -<% if @config.exclude %> -exclude=<%= @config.exclude %> -<% end %> -<% if @config.failovermethod %> -failovermethod=<%= @config.failovermethod %> -<% end %> -<% if @config.fastestmirror_enabled %> -fastestmirror_enabled=<%= @config.fastestmirror_enabled %> -<% end %> -<% if @config.gpgcheck %> -gpgcheck=1 -<% else %> -gpgcheck=0 -<% end %> -<% if @config.gpgkey %> -gpgkey=<%= case @config.gpgkey - when Array - @config.gpgkey.join("\n ") - else - @config.gpgkey - end %> -<% end -%> -<% if @config.http_caching %> -http_caching=<%= @config.http_caching %> -<% end %> -<% if @config.include_config %> -include=<%= @config.include_config %> -<% end %> -<% if @config.includepkgs %> -includepkgs=<%= @config.includepkgs %> -<% end %> -<% if @config.keepalive %> -keepalive=1 -<% end %> -<% if @config.metadata_expire %> -metadata_expire=<%= @config.metadata_expire %> -<% end %> -<% if @config.mirrorlist %> -mirrorlist=<%= @config.mirrorlist %> -<% end %> -<% if @config.mirror_expire %> -mirror_expire=<%= @config.mirror_expire %> -<% end %> -<% if @config.mirrorlist_expire %> -mirrorlist_expire=<%= @config.mirrorlist_expire %> -<% end %> -<% if @config.priority %> -priority=<%= @config.priority %> -<% end %> -<% if @config.proxy %> -proxy=<%= @config.proxy %> -<% end %> -<% if @config.proxy_username %> -proxy_username=<%= @config.proxy_username %> -<% end %> -<% if @config.proxy_password %> -proxy_password=<%= @config.proxy_password %> -<% end %> -<% if @config.username %> -username=<%= @config.username %> -<% end %> -<% if @config.password %> -password=<%= @config.password %> -<% end %> -<% if @config.repo_gpgcheck %> -repo_gpgcheck=1 -<% end %> -<% if @config.max_retries %> -retries=<%= @config.max_retries %> -<% end %> -<% if @config.report_instanceid %> -report_instanceid=<%= @config.report_instanceid %> -<% end %> -<% if @config.skip_if_unavailable %> -skip_if_unavailable=1 -<% end %> -<% if @config.sslcacert %> -sslcacert=<%= @config.sslcacert %> -<% end %> -<% if @config.sslclientcert %> -sslclientcert=<%= @config.sslclientcert %> -<% end %> -<% if @config.sslclientkey %> -sslclientkey=<%= @config.sslclientkey %> -<% end %> -<% unless @config.sslverify.nil? %> -sslverify=<%= ( @config.sslverify ) ? 'true' : 'false' %> -<% end %> -<% if @config.timeout %> -timeout=<%= @config.timeout %> -<% end %> -<% if @config.options -%> -<% @config.options.each do |key, value| -%> -<%= key %>=<%= - case value - when Array - value.join("\n ") - when TrueClass - '1' - when FalseClass - '0' - else - value - end %> -<% end -%> -<% end -%> diff --git a/cookbooks/yum/templates/default/main.erb b/cookbooks/yum/templates/main.erb similarity index 99% rename from cookbooks/yum/templates/default/main.erb rename to cookbooks/yum/templates/main.erb index dd2b0f5..19e6710 100644 --- a/cookbooks/yum/templates/default/main.erb +++ b/cookbooks/yum/templates/main.erb @@ -199,7 +199,7 @@ proxy_username=<%= @config.proxy_username %> <% if @config.recent %> recent=<%= @config.recent %> <% end %> -<% if @config.releasever %> +<% if @config.releasever && @config.releasever.length > 0 %> releasever=<%= @config.releasever %> <% end %> <% if @config.repo_gpgcheck %>