kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update cookbooks and add wordpress cookbook

Browse Source
This commit is contained in:
Greg Karékinian
2016-02-19 18:09:49 +01:00
parent 9ba973e3ac
commit 820b0ab3f8
606 changed files with 22421 additions and 14084 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cookbooks/apt/.gitignore vendored
View File

@@ -1,15 +0,0 @@
.vagrant
Berksfile.lock
Gemfile.lock
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
.bundle
.cache
.kitchen
bin
.kitchen.local.yml
.coverage

47
cookbooks/apt/.kitchen.cloud.yml
View File

@@ -1,47 +0,0 @@
---
driver_config:
digitalocean_client_id: <%= ENV['DIGITAL_OCEAN_CLIENT_ID'] %>
digitalocean_api_key: <%= ENV['DIGITAL_OCEAN_API_KEY'] %>
provisioner:
name: chef_zero
require_chef_omnibus: latest
platforms:
- name: ubuntu-1004
driver_plugin: digitalocean
driver_config:
image_id: 5566812
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
- name: ubuntu-1204
driver_plugin: digitalocean
driver_config:
image_id: 5588928
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
- name: ubuntu-1404
driver_plugin: digitalocean
driver_config:
image_id: 5141286
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
suites:
- name: default
run_list:
- recipe[apt]

62
cookbooks/apt/.kitchen.yml
View File

@@ -1,62 +0,0 @@
driver:
name: vagrant
platforms:
- name: debian-7.2.0
run_list: apt::default
# - name: debian-8.0
# run_list: apt::default
- name: ubuntu-10.04
run_list: apt::default
- name: ubuntu-12.04
run_list: apt::default
- name: ubuntu-13.04
run_list: apt::default
- name: ubuntu-13.10
run_list: apt::default
- name: ubuntu-14.04
run_list: apt::default
# driver:
# box: chef/ubuntu-14.04
suites:
- name: default
run_list:
- recipe[minitest-handler]
- recipe[apt_test]
- name: cacher-client
run_list:
- recipe[minitest-handler]
- recipe[apt_test::cacher-client]
- name: cacher-ng
run_list:
- recipe[minitest-handler]
- recipe[apt_test::cacher-ng]
- name: cacher-ng-client
run_list:
- recipe[minitest-handler]
- recipe[apt_test::cacher-ng-client]
attributes:
apt:
cacher_dir: '/tmp/apt-cacher'
cacher_port: '9876'
cacher_interface: 'eth0'
compiletime: true
- name: lwrps
run_list:
- recipe[minitest-handler]
- recipe[apt_test::lwrps]
- name: unattended-upgrades
run_list:
- recipe[minitest-handler]
- recipe[apt_test::unattended-upgrades]
attributes:
apt:
unattended_upgrades:
enable: true

37
cookbooks/apt/.rubocop.yml
View File

@@ -1,37 +0,0 @@
AllCops:
Exclude:
- vendor/**
- metadata.rb
- Guardfile
- test/cookbooks/apt_test/metadata.rb
- .kitchen/**
# Disable ABCSize because it doesn't fit well with resources
AbcSize:
Enabled: false
AssignmentInCondition:
Enabled: false
ClassAndModuleChildren:
Enabled: false
ClassLength:
Enabled: false
CyclomaticComplexity:
Max: 15
Documentation:
Enabled: false
Encoding:
Enabled: false
FileName:
Enabled: false
HashSyntax:
Enabled: false
LineLength:
Enabled: false
MethodLength:
Enabled: false
ParameterLists:
Enabled: false
# StringLiterals:
# EnforcedStyle: double_quotes
TrailingComma:
Enabled: false

44
cookbooks/apt/.travis.yml
View File

@@ -1,44 +0,0 @@
language: ruby
bundler_args: --without kitchen_vagrant
rvm:
- 2.1.0
before_install:
- echo -n $DO_KEY_CHUNK_{0..30} >> ~/.ssh/id_do.base64
- cat ~/.ssh/id_do.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_do.pem
script:
- bundle exec rake travis --trace
after_script:
- bundle exec kitchen destroy
- cat .kitchen/logs/*
env:
global:
- secure: h2vmDV0AjfSWpUCerHIe9uAR9Od0QDoSRPidEiCjrhNCvaEIz+xFQl3M8eYmHBC31GABdEsiDLHQmj6bPtGOuvceKp37qc9V/h2/oPpPvW2HDjMT6mO6Qx1a5Pv4Xb0PhlUfseZCLDURi/0bM5czxGLH+oqluVEzgrM48m/YWaI=
- secure: fXvnhXK/ckP6EyFvGdYnh0YFwc1q+kF5HYUn3plOn7gytiERo+QwXqsnGtueiqrUzlCnqTWAj1T8wIuiPPmAUr3Ek/LUq1UwVcLYC9Wa2uGeTSooY6k1tzG1mtm+4njpIXxvOZ37NG2TwHLSG15iuJff6dtBE667/r88FjAGxgA=
- secure: NzFG53vCyET7REDbiDBA6AlKwgQtAUnb/2IyCyRwi/Svpf5UWdnqiHD9vepsaLQ+tnJPnCBelP5vM+H7Ln/uWLN39WPz4+36Dry6cWRgTIRG94jCKg3KQJvs6Z+V4bHwRdtvMO5HeAvJUCKRKsIW15odnnPPgPf3OrCHOfQK3Ko=
- secure: 3n0wmPKd+SBBP7prduer7jtIBLAvYP3T0/M+PupH6A8cKNL17kafQO9BwDSfcrRilX0UfOEND2Yq3Au6OfBjmKaFyScUdI5DOT+GWiBcYl9fbmtpz9KG6H8iWG8tIyJQ7vfV6pev8BGDQsmsIBu4SPYTUKUegtvkmmVoeV2je+4=
- secure: yrAlzIzT5sMpJ6VbjSjGLPlMH8LdPNBymaf/5FRxt1n5qLR2GQt9wxaCzGyjhgHo6iAdf3Dw9//YJ8vctnF61XqDOkpc6sW1d8IVZXHPOwb0mr94yQgYWXS/FLk7CFGuELYvKYMLIAXkq/QMOMyro2YLhTD25NblcxTpk5PuJXc=
- secure: 1FMkzei96uga+Fhqb3BK7dIiFj+ItiQhh1vHlotoLecDlDDT0o1YV8jBueLyZiVuFo/n4rKD8zMeCh3g5gfvWGQgZXbxEwMOLixtrW8bnOt/qAGs3qI6H57zXzWU2voUeyWa+ExorBMf1WL1RfIE6S/MlZNJW2OmWKceEaYrsLI=
- secure: ulI/7FdP1JVs61bi7CX3UwmG2v7SzHKfjf3P/wWvbCAO8Z/By/gnHmUn6I0EKsUEA4Gx3kXH8DmVtOZdcYLiNTnWGS38AxPnOfLYa0Lv/h7qqze4MFo5FliNB0iKaq0qn+L/eGYQSlr9e5Opf1Qdp2E47UUFd9VMaCSRKvIpqG4=
- secure: bcfXOTCxjA5Gv2BZWkjO8ukm5Z+t8AZglfvw7VRSqAe4BkyO62WmjONi2qYduB8nAX31IzKMEMOsA8zy9V96B+iAhdc3K5LTaa9VIocaNKoq0lgbLrqw3gW969p1vEbBzSiIn+3bDs7arX1LQ98e9UVt2hBQodSYicRzUuscbSw=
- secure: 2AeqJEMU9QYs40mfX6JppzAMsFJwrtFzYJVwgiN9EGCSqINzEIvnNB2z//nHsMlL6puP0VvapkCYHLDVHi2WHL0fSkkwyyGAfQVR01iM3CSjCl4j9h9Nv6bG78zNItQX64vg9FarTptqrZO/OnaT7dXUfGcAbr8cx9zJRv2fyMw=
- secure: Vx4VZUEF5ptw0lwHtLyMKcBRZwcpApsfAMgj/amqzAhFswjJoafHJ4Ryee+mrg46yXkaXed18xRu7pU/tXLGdp6vuvWFaC/1zCNfsdQBv+BAr46Ig4OB5mE/rwGOiNwbhSj9iHpKGPtUTwOHHqCqP/7ktR1TDIAmB5Esp0QBNFI=
- secure: 0ygYNLFO7ZBI7SH1PBt2ALmwtJfZ9ltCxOARP8ILkgCwLhczolcoT81/kfKigkP75dwYXU9LHiROm2GxFFH9reQdb5X2G3ik6/Xxn6KC1ewIuf8M7+qZx8p//ByazW7OZcvFrfGhsX/LJ5NfAC56Wii88oCUTYEGdM+MIPk8rzQ=
- secure: a0vsypNUkFkdnB2JiI/ZYd+hBfGC2pJt6JovUJr2sglZ0XvU7gyNT3iUmL3I22pM1gh+iAFPtS++OY0OSKRWnEbe7nMDY41soQW9UnfroexBVd+c1sYbJwbLJyTS2I3HxjIikWC2fGhySCX7ryghTQwJddGSh+q9eM0LgbvJ9Tc=
- secure: NUocMJTpGO7PWIMih4kjHGTRvb2vc6ep+fclviipkPzlQ5Ciabco1wW0HQJTX16JINgGVnzwFY16HFylyM74bcZoiSfGsN6E5GAmg5ZRxtpVs2wLHmsrMJxiT3VVMPHkBnZJXBNIcuMw6PAtiAcrOCyNY3Zuig1IuOERt12U2BY=
- secure: oLMuVgRvxDjYCb/hnA3YMJPDAAxyG2a7aUoGQHijSSBxL8VSW7BjfplUViCpWCsQADZgxLGHgfNUETAzHwheDm1TJT1KHVrYUXPDnLXgO89DvzrkLXlrr6JbaDMGUjG7fEEBNDnz5qycLiaoItX7x4/GPhSPOZ45q/64rW3Jvl4=
- secure: OnTKGDs568hSzE5sT9gQhY+nB1xHpnEMoT24UQybPn7Za79tJCkl3WlnqF2sd3+ImsT62xf6PNqRUue8TLVQLCVXCeStrIFPkdp0sps9xtFdNbi6Vb3yrq8QjU4RAQEz5+g8KcmycYMvF3M09lt7jAv8woebXkXdnzHz3IWhwTs=
- secure: 341IG8qb2JKqGDXGsx2a8xEVlkjILA6bSkWqZb9uhoEyW4je7PsqZdCfmKoAcau4I6+sBANu++qARJ58ZpWu+DJzuaKXkhSkdzo/MSykPK04I62v2qhRXUrhkpkXYAB4xK4wKFaCQWVHiCeV5jhEAayZxMB1gLwtxnZRRYXEhY0=
- secure: tvd71+q0xvglcUj6ugSw7oPlruTuNH/XGVh/k6B991zM27NQInmNeMWQa/WE7f8s2xSfG8f9cOtf11uDbPSHgyZj3T6CphfIl5sbT04zFO/1MfI5rbMRBXHvFpUWCb4gS+XUJ146DccuZInF9NI1e3aXNK6u3uPgxmn6DomVRlY=
- secure: BrMErE+J4TneCAGtDe5s8LQjhOJ6fTJSlA/dtmVx+LhzhyUA303wHCziPxrU2PJDL5fGe3r5zX83uoIXwKmU3kb2jRpy7SxF0kdsxqgdbzCnWINRDX5o0TH7AAViUA+nRccWF8wqNWsvkIhv6Pbr1u8B5xScPvBXhEuHJX2iVxo=
- secure: W3o/ae9BZDFNKe0UHGGDuYzriEvf/Eon+miqSwSZ/+rBuTeiX++3dyAMG/4XHeuNDgZ6H7qGtxlkqODK9AHZps5tFZ/zmVzXfzqRItIrGmGLKD7UvbIoS/C5fovhxIwMyWnlXdWeNf4o0QWJed6I188IlDumCxrmnWIWlueap6I=
- secure: rSCNg1LnxNjk/ux80iLQrcHqagWf80PBQf0kM9Wj5dD1nLWvbRMSSeXhiOdNY0ZD9RMROdjupsbFShdF788wAi7ITfhrMf09ys0D3/8ZDmCd51WAUvuutxMEz/TJKTWKItr2gbuRoXvv/hQ9DEWXyHx1A9DaDjwYGBH9bnYmgfs=
- secure: bHD0y307k3vUyA5cYdNc62Tq78r4HX8F4RG8bkgDAP0Z0u8SCfYunk89kw2NCF+qlo+ux84lhh2n/HKAwIdkupQSJaPGO4i241i8pUd1RA0T+CfjvdmMk6KjgbItauAhctgy61BTRJzoLAZQ75JurHLAjc5JNfSxsa1xQGsWIVQ=
- secure: A7NVQrmbAZhwIz+lkDcwX1zw+GJjLbwnW4/A0cCGcZObQxTqM7W6+B6UG9efm2vmxER9xtjstiH9wsLtJYerKxv05jwXoKlq/J+BVu2dTI9S6SqLas6Lo09XFfqtmYKgbV6R2CKDt8hT2a5A/Wp1hK4URjifu2gel/3MO6eeiJs=
- secure: BQCOwcb4u4spzd20vaUSkJycJ0oaojdyucmUV9pRYADH+jDEcCiL52L+bMxGZ+5vYPITG9wG2Kjv8VroyIuYfADMjZJjzMOMiwpjTWxoH7gA/12D8p7FcP9npllJgNg0TMvZUULVx2w2JQEGyq3Kfp2oKHfbgkBhtiSDH8mjSqc=
- secure: ODDYK3EogzOZ4rd/IW3HRAn+Ynpi1ob/lG7udBiiFhOZB8IWzZkNniRBZv60pOVq62YF0EidkNR4MK3Ln+wh3KLkqBWuR86ORgFmGazGxYlUbAfBfwt75FdK2+WAwyLGR3H7eqgTN+Y4U+GyPMUFfMBXbE73sX8Si2ldLy7n5ZE=
- secure: Mk6OHiJ5i4T+/3X5mLOhRuqif7M2cyTPbjNxNhW0oDQG4KB8M+18hDklwnQPpiXOL4LmuuSGDWgOZYnlZHFdLTzj5/nmbfh2qbr30Aqj8OgRnO/jjjU/BrcgBM2zrlH/TOKl5HqHp7bLesHkfTNzNy5IeIuRwZN/8qKNV1HZdtk=
- secure: GyPuciPuxMTNxr1igDPQAAvZdTE4bGIzVM4YpURvZngvhxQgWtvF09nV1FfNQAz643aq1bjbZ1ThfuOagWwTRUVqTgstxwCau/EGOAnoMXt1wDfvBuxpxLK2WDnO8PHYTDtpcnes5D6+45K5Z4bFAs0gIw/XoF0tZiCKVEo+OR0=
- secure: ix+m/F8qUKdjGpBLUW+okt00kmxFOAi7FKi0ndnjQPnHdygMec00tCxcvW4P16QsjpQq7w098Fsjc2V28hMo4RpH0JFPxnnfFttDZfk15UydrYD65EXhpyvh/xmQYd1cCK+YhymhPc0bOz0d7Ava7H7AGfBUkC0DzMdizpbB/pQ=
- secure: ZjxBwneeNa1whozgua2Jx3K9EA0EfaFCjsyB5SGmS8cALzLY4EJawH8iiSGapJrCxz58jK1z3ISdu9a7l5ne85fYI+WuHyTC7QVbW5OpRrOJMwTXf2/hRTVuavp9fA5W7B5nhoqgHMR56YXSaEO6juXiSztsYF7kJiGdCO0f6fQ=
- secure: zavu1UqfqRVh5hFaGdopn32B1ysW1sK769L+cSQnEQprDXB11uBcTJgBX104sw1zUnB0/QTfuZ3eKkhSpDpFg66I7IpqW/Aw7iWVa2EI/eGnQ5vOJwxWA/Bd08H5tpeXSCnjSOQp/Ac/0vhZy2DmhToKDPJakEtRP+/eaqbFNgc=
- secure: omEb6OGAUVSwHvFqUqqw3z16wDv0YrJzQZgHLZuKD8CvC3HvPDQaykqzvFtqrEWAUl5rZf1bSZ/jylximogKzx2+ENn5TjveJQTzQQwVw9FO/Jn8XVM0x7A3K86JpI0azG4LtFAaqpd4mWIAH5ZFeNYB2x6D2jrjXOajLoJ6zmM=

8
cookbooks/apt/Berksfile
View File

@@ -1,8 +0,0 @@
source 'https://supermarket.chef.io'
metadata
group :integration do
cookbook 'minitest-handler'
cookbook 'apt_test', :path => './test/cookbooks/apt_test'
end

33
cookbooks/apt/CHANGELOG.md
View File

@@ -1,6 +1,37 @@
apt Cookbook CHANGELOG
======================
v2.9.2
-------------------
- #168 Adding guard to package resource.
v2.9.1
-------------------
- Adding package apt-transport-https to default.rb
v2.9.0
-------------------
- Add `sensitive` flag for apt\_repositories
- Enable installation of recommended or suggested packages
- Tidy up `apt-get update` logic
- Fixing not_if guard on ruby_block[validate-key #{key}]
v2.8.2 (2015-08-24)
-------------------
- Fix removal of apt\_preferences
v2.8.1 (2015-08-18)
-------------------
- Handle keyservers as URLs and bare hostnames
v2.8.0 (2015-08-18)
-------------------
- Access keyservers on port 80
- Adds key\_proxy as LWRP attribute for apt\_repository
- Fix wildcard glob preferences files
- Fix text output verification for non en\_US locales
- Quote repo URLs to deal with spaces
v2.7.0 (2015-03-23)
-------------------
- Support Debian 8.0
@@ -22,7 +53,7 @@ v2.5.3 (2014-08-14)
v2.5.2 (2014-08-14)
-------------------
- Fully restore fully restore 2.3.10 behaviour
- Fully restore 2.3.10 behaviour
v2.5.1 (2014-08-14)
-------------------

29
cookbooks/apt/CONTRIBUTING
View File

@@ -1,29 +0,0 @@
If you would like to contribute, please open a ticket in JIRA:
* http://tickets.chef.io
Create the ticket in the COOK project and use the cookbook name as the
component.
For all code contributions, we ask that contributors sign a
contributor license agreement (CLA). Instructions may be found here:
* http://wiki.chef.io/display/chef/How+to+Contribute
When contributing changes to individual cookbooks, please do not
modify the version number in the metadata.rb. Also please do not
update the CHANGELOG.md for a new version. Not all changes to a
cookbook may be merged and released in the same versions. Chef Software will
handle the version updates during the release process. You are welcome
to correct typos or otherwise make updates to documentation in the
README.
If a contribution adds new platforms or platform versions, indicate
such in the body of the commit message(s), and update the relevant
COOK ticket. When writing commit messages, it is helpful for others if
you indicate the COOK ticket. For example:
git commit -m '[COOK-1041] Updated pool resource to correctly delete.'
In the ticket itself, it is also helpful if you include log output of
a successful Chef run, but this is not absolutely required.

37
cookbooks/apt/Gemfile
View File

@@ -1,37 +0,0 @@
source 'https://rubygems.org'
group :lint do
gem 'foodcritic', '~> 3.0'
gem 'rubocop', '~> 0.23'
gem 'rainbow', '< 2.0'
end
group :unit do
gem 'berkshelf', '~> 3.0.0.beta6'
gem 'chefspec', '~> 4.0'
end
group :kitchen_common do
gem 'test-kitchen', '~> 1.2'
end
group :kitchen_vagrant do
gem 'kitchen-vagrant', '~> 0.11'
end
group :kitchen_cloud do
gem 'kitchen-digitalocean'
gem 'kitchen-ec2'
end
group :development do
gem 'ruby_gntp'
gem 'growl'
gem 'rb-fsevent'
gem 'guard', '~> 2.4'
gem 'guard-kitchen'
gem 'guard-foodcritic'
gem 'guard-rspec'
gem 'guard-rubocop'
gem 'rake'
end

35
cookbooks/apt/Guardfile
View File

@@ -1,35 +0,0 @@
# A sample Guardfile
# More info at https://github.com/guard/guard#readme
# guard 'kitchen' do
# watch(%r{test/.+})
# watch(%r{^recipes/(.+)\.rb$})
# watch(%r{^attributes/(.+)\.rb$})
# watch(%r{^files/(.+)})
# watch(%r{^templates/(.+)})
# watch(%r{^providers/(.+)\.rb})
# watch(%r{^resources/(.+)\.rb})
# end
guard 'foodcritic', cookbook_paths: '.', all_on_start: false do
watch(%r{attributes/.+\.rb$})
watch(%r{providers/.+\.rb$})
watch(%r{recipes/.+\.rb$})
watch(%r{resources/.+\.rb$})
watch('metadata.rb')
end
guard 'rubocop', all_on_start: false do
watch(%r{attributes/.+\.rb$})
watch(%r{providers/.+\.rb$})
watch(%r{recipes/.+\.rb$})
watch(%r{resources/.+\.rb$})
watch('metadata.rb')
end
guard :rspec, cmd: 'bundle exec rspec', all_on_start: false, notification: false do
watch(%r{^libraries/(.+)\.rb$})
watch(%r{^spec/(.+)_spec\.rb$})
watch(%r{^(recipes)/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
watch('spec/spec_helper.rb') { 'spec' }
end

201
cookbooks/apt/LICENSE
View File

@@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

59
cookbooks/apt/README.md
View File

@@ -1,11 +1,10 @@
apt Cookbook
============
[![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/chef-cookbooks/apt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Build Status](https://img.shields.io/travis/chef-cookbooks/apt.svg)][travis]
[![Cookbook Version](https://img.shields.io/cookbook/v/apt.svg)][cookbook]
[![Build Status](https://img.shields.io/travis/opscode-cookbooks/apt.svg)][travis]
[cookbook]: https://community.chef.io/cookbooks/apt
[travis]: https://travis-ci.org/opscode-cookbooks/apt
[travis]: https://travis-ci.org/chef-cookbooks/apt
This cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d.
@@ -50,11 +49,9 @@ To do this, you need to override the `cache_bypass` attribute with an array of r
```json
{
...,
'apt': {
...,
'cache_bypass': {
URL: PROTOCOL
"apt": {
"cache_bypass": {
"URL": "PROTOCOL"
}
}
}
@@ -64,9 +61,9 @@ For example, to prevent caching and directly connect to the repository at `downl
```json
{
'apt': {
'cache_bypass': {
'download.oracle.com': 'http'
"apt": {
"cache_bypass": {
"download.oracle.com": "http"
}
}
}
@@ -94,7 +91,7 @@ Attributes
### Caching
* `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search
* `['apt']['cacher_interface]` - interface to connect to the cacher-ng service, no default.
* `['apt']['cacher_interface']` - interface to connect to the cacher-ng service, no default.
* `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142'
* `['apt']['cacher_ssl_support']` - indicates whether the cacher supports upstream SSL servers, default is 'false'
* `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'
@@ -105,17 +102,22 @@ Attributes
### Unattended Upgrades
* `['apt']['unattended_upgrades']['enable']` - enables unattended upgrades, default is false
* `['apt']['unattended_upgrades']['update_package_lists']` — automatically update package list (`apt-get update`) daily, default is true
* `['apt']['unattended_upgrades']['allowed_origins']` array of allowed apt origins from which to pull automatic upgrades, defaults to a guess at the system's main origin and should almost always be overridden
* `['apt']['unattended_upgrades']['package_blacklist']` — an array of package which should never be automatically upgraded, defaults to none
* `['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg']` — attempts to repair dpkg state with `dpkg --force-confold --configure -a` if it exits uncleanly, defaults to false (contrary to the unattended-upgrades default)
* `['apt']['unattended_upgrades']['minimal_steps']` — Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false.
* `['apt']['unattended_upgrades']['install_on_shutdown']` Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false.
* `['apt']['unattended_upgrades']['mail']` Send email to this address for problems or packages upgrades. Defaults to no email.
* `['apt']['unattended_upgrades']['mail_only_on_error']` — If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true.
* `['apt']['unattended_upgrades']['update_package_lists']` - automatically update package list (`apt-get update`) daily, default is true
* `['apt']['unattended_upgrades']['allowed_origins']` - array of allowed apt origins from which to pull automatic upgrades, defaults to a guess at the system's main origin and should almost always be overridden
* `['apt']['unattended_upgrades']['package_blacklist']` - an array of package which should never be automatically upgraded, defaults to none
* `['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg']` - attempts to repair dpkg state with `dpkg --force-confold --configure -a` if it exits uncleanly, defaults to false (contrary to the unattended-upgrades default)
* `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false.
* `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false.
* `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email.
* `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true.
* `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false.
* `['apt']['unattended_upgrades']['automatic_reboot']` Automatically reboots *without confirmation* if a restart is required after the upgrade. Defaults to false.
* `['apt']['unattended_upgrades']['dl_limit']` — Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit).
* `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots *without confirmation* if a restart is required after the upgrade. Defaults to false.
* `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit).
### Configuration for APT
* `['apt']['confd']['install_recommends']` - Consider recommended packages as a dependency for installing. (default: true)
* `['apt']['confd']['install_suggests']` - Consider suggested packages as a dependency for installing. (default: false)
Libraries
---------
@@ -154,6 +156,17 @@ apt_repository 'zenoss' do
end
```
Enable Ubuntu [multiverse](https://help.ubuntu.com/community/Repositories/Ubuntu) repositories:
```ruby
apt_repository 'security-ubuntu-multiverse' do
uri 'http://security.ubuntu.com/ubuntu'
distribution 'trusty-security'
components ['multiverse']
deb_src 'true'
end
```
Add the Nginx PPA, autodetect the key and repository url:
```ruby
@@ -265,7 +278,7 @@ License & Authors
- Author:: Seth Chisamore (schisamo@chef.io)
```text
Copyright 2009-2013, Chef Software, Inc.
Copyright:: 2009-2015, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

59
cookbooks/apt/Rakefile
View File

@@ -1,59 +0,0 @@
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
require 'foodcritic'
require 'kitchen'
# Style tests. Rubocop and Foodcritic
namespace :style do
desc 'Run Ruby style checks'
RuboCop::RakeTask.new(:ruby)
desc 'Run Chef style checks'
FoodCritic::Rake::LintTask.new(:chef) do |t|
t.options = {
fail_tags: ['any'],
tags: ['~FC005']
}
end
end
desc 'Run all style checks'
task style: ['style:chef', 'style:ruby']
# Rspec and ChefSpec
desc 'Run ChefSpec examples'
RSpec::Core::RakeTask.new(:spec)
# Integration tests. Kitchen.ci
namespace :integration do
desc 'Run Test Kitchen with Vagrant'
task :vagrant do
Kitchen.logger = Kitchen.default_file_logger
Kitchen::Config.new.instances.each do |instance|
instance.test(:always)
end
end
desc 'Run Test Kitchen with cloud plugins'
task :cloud do
run_kitchen = true
if ENV['TRAVIS'] == 'true' && ENV['TRAVIS_PULL_REQUEST'] != 'false'
run_kitchen = false
end
if run_kitchen
Kitchen.logger = Kitchen.default_file_logger
@loader = Kitchen::Loader::YAML.new(project_config: './.kitchen.cloud.yml')
config = Kitchen::Config.new(loader: @loader)
config.instances.each do |instance|
instance.test(:always)
end
end
end
end
desc 'Run all tests on Travis'
task travis: ['style', 'spec', 'integration:cloud']
# Default
task default: ['style', 'spec', 'integration:vagrant']

187
cookbooks/apt/TESTING.md
View File

@@ -1,187 +0,0 @@
TESTING doc
========================
Bundler
-------
A ruby environment with Bundler installed is a prerequisite for using
the testing harness shipped with this cookbook. At the time of this
writing, it works with Ruby 2.0 and Bundler 1.5.3. All programs
involved, with the exception of Vagrant, can be installed by cd'ing
into the parent directory of this cookbook and running "bundle install"
Rakefile
--------
The Rakefile ships with a number of tasks, each of which can be ran
individually, or in groups. Typing "rake" by itself will perform style
checks with Rubocop and Foodcritic, ChefSpec with rspec, and
integration with Test Kitchen using the Vagrant driver by
default.Alternatively, integration tests can be ran with Test Kitchen
cloud drivers.
```
$ rake -T
rake integration:cloud # Run Test Kitchen with cloud plugins
rake integration:vagrant # Run Test Kitchen with Vagrant
rake spec # Run ChefSpec examples
rake style # Run all style checks
rake style:chef # Lint Chef cookbooks
rake style:ruby # Run Ruby style checks
rake travis # Run all tests on Travis
```
Style Testing
-------------
Ruby style tests can be performed by Rubocop by issuing either
```
bundle exec rubocop
```
or
```
rake style:ruby
```
Chef style tests can be performed with Foodcritic by issuing either
```
bundle exec foodcritic
```
or
```
rake style:chef
```
Spec Testing
-------------
Unit testing is done by running Rspec examples. Rspec will test any
libraries, then test recipes using ChefSpec. This works by compiling a
recipe (but not converging it), and allowing the user to make
assertions about the resource_collection.
Integration Testing
-------------------
Integration testing is performed by Test Kitchen. Test Kitchen will
use either the Vagrant driver or various cloud drivers to instantiate
machines and apply cookbooks. After a successful converge, tests are
uploaded and ran out of band of Chef. Tests should be designed to
ensure that a recipe has accomplished its goal.
Integration Testing using Vagrant
---------------------------------
Integration tests can be performed on a local workstation using
Virtualbox or VMWare. Detailed instructions for setting this up can be
found at the [Bento](https://github.com/chef/bento) project web site.
Integration tests using Vagrant can be performed with either
```
bundle exec kitchen test
```
or
```
rake integration:vagrant
```
Integration Testing using Cloud providers
-----------------------------------------
Integration tests can be performed on cloud providers using
Test Kitchen plugins. This cookbook ships a ```.kitchen.cloud.yml```
that references environmental variables present in the shell that
```kitchen test``` is ran from. These usually contain authentication
tokens for driving IaaS APIs, as well as the paths to ssh private keys
needed for Test Kitchen log into them after they've been created.
Examples of environment variables being set in ```~/.bash_profile```:
```
# digital_ocean
export DIGITAL_OCEAN_CLIENT_ID='your_bits_here'
export DIGITAL_OCEAN_API_KEY='your_bits_here'
export DIGITAL_OCEAN_SSH_KEY_IDS='your_bits_here'
# aws
export AWS_ACCESS_KEY_ID='your_bits_here'
export AWS_SECRET_ACCESS_KEY='your_bits_here'
export AWS_KEYPAIR_NAME='your_bits_here'
# joyent
export SDC_CLI_ACCOUNT='your_bits_here'
export SDC_CLI_IDENTITY='your_bits_here'
export SDC_CLI_KEY_ID='your_bits_here'
```
Integration tests using cloud drivers can be performed with either
```
export KITCHEN_YAML=.kitchen.cloud.yml
bundle exec kitchen test
```
or
```
rake integration:cloud
```
Digital Ocean Hint
------------------
At the time of this writing, you cannot find the numerical values
needed for your SSH_KEY_IDS from the GUI. Instead, you will need to
access the API from the command line.
curl -L 'https://api.digitalocean.com/ssh_keys/?client_id=your_bits_here&api_key=your_bits_here'
Words about .travis.yml
-----------------------
In order for Travis to perform integration tests on public cloud
providers, two major things need to happen. First, the environment
variables referenced by ```.kitchen.cloud.yml``` need to be made
available. Second, the private half of the ssh keys needed to log into
machines need to be dropped off on the machine.
The first part is straight forward. The travis gem can encrypt
environment variables against the public key on the Travis repository
and add them to the .travis.yml.
```
gem install travis
travis encrypt AWS_ACCESS_KEY_ID='your_bits_here' --add
travis encrypt AWS_SECRET_ACCESS_'your_bits_here' --add
travis encrypt AWS_KEYPAIR_NAME='your_bits_here' --add
travis encrypt EC2_SSH_KEY_PATH='~/.ssh/id_ec2.pem' --add
travis encrypt DIGITAL_OCEAN_CLIENT_ID='your_bits_here' --add
travis encrypt DIGITAL_OCEAN_API_KEY='your_bits_here' --add
travis encrypt DIGITAL_OCEAN_SSH_KEY_IDS='your_bits_here' --add
travis encrypt DIGITAL_OCEAN_SSH_KEY_PATH='~/.ssh/id_do.pem' --add
```
The second part is a little more complicated. Travis ENV variables are
restricted to 90 bytes, and will not fit an entire SSH key. This can
be worked around by breaking them up into 90 byte chunks, stashing
them into ENV variables, then digging them out in the
```before_install``` section of .travis.yml
Here is an AWK script to do the encoding.
```
base64 ~/.ssh/travisci_cook_digitalocean.pem | \
awk '{
j=0;
for( i=1; i<length; i=i+90 ) {
system("travis encrypt DO_KEY_CHUNK_" j "=" substr($0, i, 90) " --add");
j++;
}
}'
base64 ~/.ssh/travisci_cook_ec2.pem | \
awk '{
j=0;
for( i=1; i<length; i=i+90 ) {
system("travis encrypt EC2_KEY_CHUNK_" j "=" substr($0, i, 90)" --add");
j++;
}
}'
```
Then in .travis.yml:
```
before_install:
- echo -n $DO_KEY_CHUNK_{0..30} >> ~/.ssh/id_do.base64
- cat ~/.ssh/id_do.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_do.pem
- echo -n $EC2_KEY_CHUNK_{0..30} >> ~/.ssh/id_ec2.base64
- cat ~/.ssh/id_ec2.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_ec2.pem
```

3
cookbooks/apt/attributes/default.rb
View File

@@ -46,3 +46,6 @@ default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false
default['apt']['unattended_upgrades']['automatic_reboot'] = false
default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now'
default['apt']['unattended_upgrades']['dl_limit'] = nil
default['apt']['confd']['install_recommends'] = true
default['apt']['confd']['install_suggests'] = false

12
cookbooks/apt/libraries/helpers.rb
View File

@@ -27,6 +27,18 @@ module Apt
!which('apt-get').nil?
end
# Determines whether we need to run `apt-get update`
#
# @return [Boolean]
def apt_up_to_date?
if ::File.exist?('/var/lib/apt/periodic/update-success-stamp') &&
::File.mtime('/var/lib/apt/periodic/update-success-stamp') > Time.now - node['apt']['periodic_update_min_delay']
true
else
false
end
end
# Finds a command in $PATH
#
# @return [String, nil]

122
cookbooks/apt/metadata.json
View File

File diff suppressed because one or more lines are too long

38
cookbooks/apt/metadata.rb
View File

@@ -1,38 +0,0 @@
name 'apt'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@chef.io'
license 'Apache 2.0'
description 'Configures apt and apt services and LWRPs for managing apt repositories and preferences'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '2.7.0'
recipe 'apt', 'Runs apt-get update during compile phase and sets up preseed directories'
recipe 'apt::cacher-ng', 'Set up an apt-cacher-ng caching proxy'
recipe 'apt::cacher-client', 'Client for the apt::cacher-ng caching proxy'
%w{ ubuntu debian }.each do |os|
supports os
end
attribute 'apt/cacher-client/restrict_environment',
:description => 'Whether to restrict the search for the caching server to the same environment as this node',
:default => 'false'
attribute 'apt/cacher_port',
:description => 'Default listen port for the caching server',
:default => '3142'
attribute 'apt/cacher_ssl_support',
:description => 'The caching server supports upstream SSL servers via CONNECT',
:default => 'false'
attribute 'apt/cacher_interface',
:description => 'Default listen interface for the caching server',
:default => nil
attribute 'apt/key_proxy',
:description => 'Passed as the proxy passed to GPG for the apt_repository resource',
:default => ''
attribute 'apt/caching_server',
:description => 'Set this to true if the node is a caching server',
:default => 'false'

25
cookbooks/apt/providers/preference.rb
View File

@@ -28,12 +28,16 @@ def build_pref(package_name, pin, pin_priority)
"Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n"
end
def safe_name(name)
name.tr('.', '_').gsub('*', 'wildcard')
end
action :add do
preference = build_pref(
new_resource.glob || new_resource.package_name,
new_resource.pin,
new_resource.pin_priority
)
)
directory '/etc/apt/preferences.d' do
owner 'root'
@@ -43,6 +47,16 @@ action :add do
action :create
end
name = safe_name(new_resource.name)
file "/etc/apt/preferences.d/#{new_resource.name}.pref" do
action :delete
if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref")
Chef::Log.warn "Replacing #{new_resource.name}.pref with #{name}.pref in /etc/apt/preferences.d/"
end
only_if { name != new_resource.name }
end
file "/etc/apt/preferences.d/#{new_resource.name}" do
action :delete
if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}")
@@ -50,7 +64,7 @@ action :add do
end
end
file "/etc/apt/preferences.d/#{new_resource.name}.pref" do
file "/etc/apt/preferences.d/#{name}.pref" do
owner 'root'
group 'root'
mode 00644
@@ -60,9 +74,10 @@ action :add do
end
action :remove do
if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref")
Chef::Log.info "Un-pinning #{new_resource.name} from /etc/apt/preferences.d/"
file "/etc/apt/preferences.d/#{new_resource.name}.pref" do
name = safe_name(new_resource.name)
if ::File.exist?("/etc/apt/preferences.d/#{name}.pref")
Chef::Log.info "Un-pinning #{name} from /etc/apt/preferences.d/"
file "/etc/apt/preferences.d/#{name}.pref" do
action :delete
end
end

81
cookbooks/apt/providers/repository.rb
View File

@@ -24,25 +24,37 @@ def whyrun_supported?
end
# install apt key from keyserver
def install_key_from_keyserver(key, keyserver)
def install_key_from_keyserver(key, keyserver, key_proxy)
execute "install-key #{key}" do
if !node['apt']['key_proxy'].empty?
command "apt-key adv --keyserver-options http-proxy=#{node['apt']['key_proxy']} --keyserver hkp://#{keyserver}:80 --recv #{key}"
else
if keyserver.start_with?('hkp://')
command "apt-key adv --keyserver #{keyserver} --recv #{key}"
elsif key_proxy.empty?
command "apt-key adv --keyserver hkp://#{keyserver}:80 --recv #{key}"
else
command "apt-key adv --keyserver-options http-proxy=#{key_proxy} --keyserver hkp://#{keyserver}:80 --recv #{key}"
end
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :run
not_if do
extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint|
key_present = extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint|
fingerprint.end_with?(key.upcase)
end
key_present && key_is_valid('apt-key list', key.upcase)
end
end
ruby_block "validate-key #{key}" do
block do
fail "The key #{key} is no longer valid and cannot be used for an apt repository."
end
not_if { key_is_valid('apt-key list', key.upcase) }
end
end
# run command and extract gpg ids
def extract_fingerprints_from_cmd(cmd)
so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US' })
so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' })
so.run_command
so.stdout.split(/\n/).map do |t|
if z = t.match(/^ +Key fingerprint = ([0-9A-F ]+)/)
@@ -51,14 +63,34 @@ def extract_fingerprints_from_cmd(cmd)
end.compact
end
# determine whether apt thinks the key is still valid
def key_is_valid(cmd, key)
valid = true
so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' })
so.run_command
# rubocop:disable Style/Next
so.stdout.split(/\n/).map do |t|
if t.match(%r{^\/#{key}.*\[expired: .*\]$})
Chef::Log.debug "Found expired key: #{t}"
valid = false
break
end
end
Chef::Log.debug "key #{key} validity: #{valid}"
valid
end
# install apt key from URI
def install_key_from_uri(uri)
key_name = uri.split(/\//).last
key_name = uri.split(%r{\/}).last
cached_keyfile = "#{Chef::Config[:file_cache_path]}/#{key_name}"
if new_resource.key =~ /http/
remote_file cached_keyfile do
source new_resource.key
mode 00644
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :create
end
else
@@ -66,12 +98,20 @@ def install_key_from_uri(uri)
source new_resource.key
cookbook new_resource.cookbook
mode 00644
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :create
end
ruby_block "validate-key #{cached_keyfile}" do
block do
fail "The key #{cached_keyfile} is no longer valid and cannot be used for an apt repository." unless key_is_valid("gpg #{cached_keyfile}", '')
end
end
end
execute "install-key #{key_name}" do
command "apt-key add #{cached_keyfile}"
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :run
not_if do
installed_keys = extract_fingerprints_from_cmd('apt-key finger')
@@ -83,19 +123,19 @@ end
# build repo file contents
def build_repo(uri, distribution, components, trusted, arch, add_deb_src)
uri = '"' + uri + '"' unless uri.start_with?("\"", "'")
components = components.join(' ') if components.respond_to?(:join)
repo_options = []
repo_options << "arch=#{arch}" if arch
repo_options << 'trusted=yes' if trusted
repo_options = '[' + repo_options.join(' ') + ']' unless repo_options.empty?
repo_info = "#{uri} #{distribution} #{components}\n"
repo_info = "#{repo_options} #{repo_info}" unless repo_options.empty?
repo_opts = '[' + repo_options.join(' ') + ']' unless repo_options.empty?
repo_info = "#{repo_opts} #{uri} #{distribution} #{components}\n".lstrip
repo = "deb #{repo_info}"
repo << "deb-src #{repo_info}" if add_deb_src
repo
end
def get_ppa_key(ppa_owner, ppa_repo)
def get_ppa_key(ppa_owner, ppa_repo, key_proxy)
# Launchpad has currently only one stable API which is marked as EOL April 2015.
# The new api in devel still uses the same api call for +archive, so I made the version
# configurable to provide some sort of workaround if api 1.0 ceases to exist.
@@ -115,12 +155,12 @@ def get_ppa_key(ppa_owner, ppa_repo)
raise error
end
install_key_from_keyserver(key_id, default_keyserver)
install_key_from_keyserver(key_id, default_keyserver, key_proxy)
end
# fetch ppa key, return full repo url
def get_ppa_url(ppa)
repo_schema = 'http://ppa.launchpad.net/%s/%s/ubuntu'
def get_ppa_url(ppa, key_proxy)
repo_schema = 'http://ppa.launchpad.net/%s/%s/ubuntu'
# ppa:user/repo logic ported from
# http://bazaar.launchpad.net/~ubuntu-core-dev/software-properties/main/view/head:/softwareproperties/ppa.py#L86
@@ -131,7 +171,7 @@ def get_ppa_url(ppa)
ppa_repo = ppa_name.split('/')[1]
ppa_repo = 'ppa' if ppa_repo.nil?
get_ppa_key(ppa_owner, ppa_repo)
get_ppa_key(ppa_owner, ppa_repo, key_proxy)
format(repo_schema, ppa_owner, ppa_repo)
end
@@ -139,7 +179,7 @@ end
action :add do
# add key
if new_resource.keyserver && new_resource.key
install_key_from_keyserver(new_resource.key, new_resource.keyserver)
install_key_from_keyserver(new_resource.key, new_resource.keyserver, new_resource.key_proxy)
elsif new_resource.key
install_key_from_uri(new_resource.key)
end
@@ -156,6 +196,7 @@ action :add do
execute 'apt-get update' do
command "apt-get update -o Dir::Etc::sourcelist='sources.list.d/#{new_resource.name}.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0'"
ignore_failure true
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :nothing
notifies :run, 'execute[apt-cache gencaches]', :immediately
end
@@ -163,13 +204,13 @@ action :add do
if new_resource.uri.start_with?('ppa:')
# build ppa repo file
repository = build_repo(
get_ppa_url(new_resource.uri),
get_ppa_url(new_resource.uri, new_resource.key_proxy),
new_resource.distribution,
'main',
new_resource.trusted,
new_resource.arch,
new_resource.deb_src
)
)
else
# build repo file
repository = build_repo(
@@ -179,7 +220,7 @@ action :add do
new_resource.trusted,
new_resource.arch,
new_resource.deb_src
)
)
end
file "/etc/apt/sources.list.d/#{new_resource.name}.list" do
@@ -187,6 +228,7 @@ action :add do
group 'root'
mode 00644
content repository
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :create
notifies :delete, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
notifies :run, 'execute[apt-get update]', :immediately if new_resource.cache_rebuild
@@ -197,6 +239,7 @@ action :remove do
if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.name}.list")
Chef::Log.info "Removing #{new_resource.name} repository from /etc/apt/sources.list.d/"
file "/etc/apt/sources.list.d/#{new_resource.name}.list" do
sensitive new_resource.sensitive if respond_to?(:sensitive)
action :delete
end
end

10
cookbooks/apt/recipes/cacher-client.rb
View File

@@ -64,11 +64,11 @@ if servers.length > 0
group 'root'
mode 00644
variables(
:proxy => cacher_ipaddress,
:port => servers[0]['apt']['cacher_port'],
:proxy_ssl => servers[0]['apt']['cacher_ssl_support'],
:bypass => node['apt']['cache_bypass']
)
proxy: cacher_ipaddress,
port: servers[0]['apt']['cacher_port'],
proxy_ssl: servers[0]['apt']['cacher_ssl_support'],
bypass: node['apt']['cache_bypass']
)
action(node['apt']['compiletime'] ? :nothing : :create)
notifies :run, 'execute[apt-get update]', :immediately
end

2
cookbooks/apt/recipes/cacher-ng.rb
View File

@@ -38,6 +38,6 @@ template '/etc/apt-cacher-ng/acng.conf' do
end
service 'apt-cacher-ng' do
supports :restart => true, :status => false
supports restart: true, status: false
action [:enable, :start]
end

30
cookbooks/apt/recipes/default.rb
View File

@@ -35,7 +35,7 @@ file '/var/lib/apt/periodic/update-success-stamp' do
end
# If compile_time_update run apt-get update at compile time
if node['apt']['compile_time_update'] && (!::File.exist?('/var/lib/apt/periodic/update-success-stamp') || !::File.exist?(first_run_file))
if node['apt']['compile_time_update'] && (!apt_up_to_date? || !::File.exist?(first_run_file))
e = bash 'apt-get-update at compile time' do
code <<-EOH
apt-get update
@@ -58,15 +58,6 @@ cookbook_file '/etc/apt/apt.conf.d/15update-stamp' do
source '15update-stamp'
end
# Run apt-get update to create the stamp file
execute 'apt-get-update' do
command 'apt-get update'
ignore_failure true
only_if { apt_installed? }
not_if { ::File.exist?('/var/lib/apt/periodic/update-success-stamp') }
notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
end
# For other recipes to call to force an update
execute 'apt-get update' do
command 'apt-get update'
@@ -93,11 +84,8 @@ end
execute 'apt-get-update-periodic' do
command 'apt-get update'
ignore_failure true
only_if do
apt_installed? &&
::File.exist?('/var/lib/apt/periodic/update-success-stamp') &&
::File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - node['apt']['periodic_update_min_delay']
end
only_if { apt_installed? }
not_if { apt_up_to_date? }
notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
end
@@ -110,3 +98,15 @@ end
only_if { apt_installed? }
end
end
template '/etc/apt/apt.conf.d/10recommends' do
owner 'root'
group 'root'
mode '644'
source '10recommends.erb'
end
package 'apt-transport-https' do
only_if { apt_installed? }
action :install
end

8
cookbooks/apt/resources/preference.rb
View File

@@ -31,7 +31,7 @@ state_attrs :glob,
:pin,
:pin_priority
attribute :package_name, :kind_of => String, :name_attribute => true, :regex => [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/]
attribute :glob, :kind_of => String
attribute :pin, :kind_of => String
attribute :pin_priority, :kind_of => String
attribute :package_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*)+$/]
attribute :glob, kind_of: String
attribute :pin, kind_of: String
attribute :pin_priority, kind_of: String

29
cookbooks/apt/resources/repository.rb
View File

@@ -34,22 +34,27 @@ state_attrs :arch,
:distribution,
:key,
:keyserver,
:key_proxy,
:repo_name,
:trusted,
:uri
:uri,
:sensitive
# name of the repo, used for source.list filename
attribute :repo_name, :kind_of => String, :name_attribute => true, :regex => [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/]
attribute :uri, :kind_of => String
attribute :distribution, :kind_of => String
attribute :components, :kind_of => Array, :default => []
attribute :arch, :kind_of => String, :default => nil
attribute :trusted, :kind_of => [TrueClass, FalseClass], :default => false
attribute :repo_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/]
attribute :uri, kind_of: String
attribute :distribution, kind_of: String
attribute :components, kind_of: Array, default: []
attribute :arch, kind_of: String, default: nil
attribute :trusted, kind_of: [TrueClass, FalseClass], default: false
# whether or not to add the repository as a source repo as well
attribute :deb_src, :default => false
attribute :keyserver, :kind_of => String, :default => nil
attribute :key, :kind_of => String, :default => nil
attribute :cookbook, :kind_of => String, :default => nil
attribute :deb_src, default: false
attribute :keyserver, kind_of: String, default: nil
attribute :key, kind_of: String, default: nil
attribute :key_proxy, kind_of: String, default: node['apt']['key_proxy']
attribute :cookbook, kind_of: String, default: nil
# trigger cache rebuild
# If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}?
attribute :cache_rebuild, :kind_of => [TrueClass, FalseClass], :default => true
attribute :cache_rebuild, kind_of: [TrueClass, FalseClass], default: true
# Hide content of the source file, don't show output for commands being run, etc.
attribute :sensitive, kind_of: [TrueClass, FalseClass], default: false

3
cookbooks/apt/templates/default/10recommends.erb Normal file
View File

@@ -0,0 +1,3 @@
# Managed by Chef
APT::Install-Recommends "<%= node['apt']['confd']['install_recommends'] ? 1 : 0 %>";
APT::Install-Suggests "<%= node['apt']['confd']['install_suggests'] ? 1 : 0 %>";