kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update cookbooks and add wordpress cookbook

Browse Source
This commit is contained in:
Greg Karékinian
2016-02-19 18:09:49 +01:00
parent 9ba973e3ac
commit 820b0ab3f8
606 changed files with 22421 additions and 14084 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
cookbooks/sudo/README.md
View File

@@ -1,30 +1,34 @@
sudo cookbook
=============
[![Build Status](https://secure.travis-ci.org/opscode-cookbooks/sudo.png?branch=master)](http://travis-ci.org/opscode-cookbooks/sudo)
# sudo cookbook
[![Build Status](https://travis-ci.org/chef-cookbooks/sudo.svg?branch=master)](http://travis-ci.org/chef-cookbooks/sudo) [![Cookbook Version](https://img.shields.io/cookbook/v/sudo.svg)](https://supermarket.chef.io/cookbooks/sudo)
The Chef `sudo` cookbook installs the `sudo` package and configures the `/etc/sudoers` file.
It also exposes an LWRP for adding and managing sudoers.
## Requirements
### Platforms
- Debian/Ubuntu
- RHEL/CentOS/Scientific/Amazon/Oracle
- FreeBSD
- Mac OS X
Requirements
------------
The platform has a package named `sudo` and the `sudoers` file is `/etc/sudoers`.
### Chef
- Chef 11+
### Cookbooks
- None
Attributes
----------
## Attributes
- `node['authorization']['sudo']['groups']` - groups to enable sudo access (default: `[ "sysadmin" ]`)
- `node['authorization']['sudo']['users']` - users to enable sudo access (default: `[]`)
- `node['authorization']['sudo']['passwordless']` - use passwordless sudo (default: `false`)
- `node['authorization']['sudo']['include_sudoers_d']` - include and manager `/etc/sudoers.d` (default: `false`)
- `node['authorization']['sudo']['include_sudoers_d']` - include and manage `/etc/sudoers.d` (default: `false`)
- `node['authorization']['sudo']['agent_forwarding']` - preserve `SSH_AUTH_SOCK` when sudoing (default: `false`)
- `node['authorization']['sudo']['sudoers_defaults']` - Array of `Defaults` entries to configure in `/etc/sudoers`
- `node['authorization']['sudo']['setenv']` - Whether to permit preserving of environment with `sudo -E` (default: `false`)
Usage
-----
#### Attributes
## Usage
### Attributes
To use attributes for defining sudoers, set the attributes above on the node (or role) itself:
```json
@@ -56,24 +60,23 @@ default_attributes(
**Note that the template for the sudoers file has the group "sysadmin" with ALL:ALL permission, though the group by default does not exist.**
#### Sudoers Defaults
### Sudoers Defaults
Configure a node attribute, `node['authorization']['sudo']['sudoers_defaults']` as an array of `Defaults` entries to configure in `/etc/sudoers`. A list of examples for common platforms is listed below:
Configure a node attribute,
`node['authorization']['sudo']['sudoers_defaults']` as an array of
`Defaults` entries to configure in `/etc/sudoers`. A list of examples
for common platforms is listed below:
_Debian_
*Debian*
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = ['env_reset']
```
*Ubuntu 10.04*
_Ubuntu 10.04_
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = ['env_reset']
```
*Ubuntu 12.04*
_Ubuntu 12.04_
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = [
'env_reset',
@@ -81,7 +84,8 @@ node.default['authorization']['sudo']['sudoers_defaults'] = [
]
```
*FreeBSD*
_FreeBSD_
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = [
'env_reset',
@@ -89,8 +93,7 @@ node.default['authorization']['sudo']['sudoers_defaults'] = [
]
```
*RHEL family 5.x*
The version of sudo in RHEL 5 may not support `+=`, as used in `env_keep`, so its a single string.
_RHEL family 5.x_ The version of sudo in RHEL 5 may not support `+=`, as used in `env_keep`, so its a single string.
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = [
@@ -105,7 +108,8 @@ node.default['authorization']['sudo']['sudoers_defaults'] = [
]
```
*RHEL family 6.x*
_RHEL family 6.x_
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = [
'!visiblepw',
@@ -121,7 +125,8 @@ node.default['authorization']['sudo']['sudoers_defaults'] = [
]
```
*Mac OS X*
_Mac OS X_
```ruby
node.default['authorization']['sudo']['sudoers_defaults'] = [
'env_reset',
@@ -139,13 +144,12 @@ node.default['authorization']['sudo']['sudoers_defaults'] = [
]
```
#### LWRP
### LWRP
**Note** Sudo version 1.7.2 or newer is required to use the sudo LWRP as it relies on the "#includedir" directive introduced in version 1.7.2. The recipe does not enforce installing the version. To use this LWRP, set `node['authorization']['sudo']['include_sudoers_d']` to `true`.
There are two ways for rendering a sudoer-fragment using this LWRP:
1. Using the built-in template
2. Using a custom, cookbook-level template
1. Using the built-in template
2. Using a custom, cookbook-level template
Both methods will create the `/etc/sudoers.d/#{username}` file with the correct permissions.
@@ -177,7 +181,7 @@ In either case, the following file would be generated in `/etc/sudoers.d/tomcat`
%tomcat ALL=(app_user) /etc/init.d/tomcat restart
```
##### LWRP Attributes
#### LWRP Attributes
<table>
<thead>
<tr>
@@ -238,6 +242,24 @@ case it is not already</td>
<td><tt>['!requiretty','env_reset']</tt></td>
<td></td>
</tr>
<tr>
<td>setenv</td>
<td>whether to permit the preserving of environment with `sudo -E`</td>
<td><tt>true</tt></td>
<td><tt><false></tt></td>
</tr>
<tr>
<td>env_keep_add</td>
<td>array of strings to add to env_keep</td>
<td><tt>['HOME', 'MY_ENV_VAR MY_OTHER_ENV_VAR']</tt></td>
<td></td>
</tr>
<tr>
<td>env_keep_subtract</td>
<td>array of strings to remove from env_keep</td>
<td><tt>['DISPLAY', 'MY_SECURE_ENV_VAR']</tt></td>
<td></td>
</tr>
<tr>
<td>variables</td>
<td>the variables to pass to the custom template</td>
@@ -249,50 +271,49 @@ case it is not already</td>
**If you use the template attribute, all other attributes will be ignored except for the variables attribute.**
Development
-----------
## Development
This section details "quick development" steps. For a detailed explanation, see [[Contributing.md]].
- Clone this repository from GitHub:
1. Clone this repository from GitHub:
```
$ git clone git@github.com:chef-cookbooks/sudo.git
```
$ git clone git@github.com:opscode-cookbooks/sudo.git
- Create a git branch
2. Create a git branch
```
$ git checkout -b my_bug_fix
```
$ git checkout -b my_bug_fix
- Install dependencies:
3. Install dependencies:
```
$ bundle install
```
$ bundle install
4. Make your changes/patches/fixes, committing appropiately
5. **Write tests**
6. Run the tests:
- `bundle exec foodcritic -f any .`
- `bundle exec rspec`
- `bundle exec rubocop`
- `bundle exec kitchen test`
- Make your changes/patches/fixes, committing appropiately
- **Write tests**
- Run the tests:
- `bundle exec foodcritic -f any .`
- `bundle exec rspec`
- `bundle exec rubocop`
- `bundle exec kitchen test`
In detail:
- Foodcritic will catch any Chef-specific style errors
- RSpec will run the unit tests
- Rubocop will check for Ruby-specific style errors
- Test Kitchen will run and converge the recipes
- Foodcritic will catch any Chef-specific style errors
- RSpec will run the unit tests
- Rubocop will check for Ruby-specific style errors
- Test Kitchen will run and converge the recipes
## License & Authors
**Author:** Bryan W. Berry [bryan.berry@gmail.com](mailto:bryan.berry@gmail.com)
**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))
License and Authors
-------------------
- Author:: Bryan W. Berry <bryan.berry@gmail.com>
- Author:: Adam Jacob <adam@opscode.com>
- Author:: Seth Chisamore <schisamo@opscode.com>
- Author:: Seth Vargo <sethvargo@gmail.com>
```text
Copyright 2009-2012, Opscode, Inc.
**Copyright:** 2008-2016, Chef Software, Inc.
```
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at