kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update cookbooks and add wordpress cookbook

Browse Source
This commit is contained in:
Greg Karékinian
2016-02-19 18:09:49 +01:00
parent 9ba973e3ac
commit 820b0ab3f8
606 changed files with 22421 additions and 14084 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
cookbooks/users/providers/manage.rb
View File

@@ -3,7 +3,7 @@
# Provider:: manage
#
# Copyright 2011, Eric G. Wolfe
# Copyright 2009-2011, Chef Software, Inc.
# Copyright 2009-2015, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,92 +18,93 @@
# limitations under the License.
#
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
end
def initialize(*args)
super
@action = :create
end
def chef_solo_search_installed?
klass = ::Search::const_get('Helper')
klass = ::Search.const_get('Helper')
return klass.is_a?(Class)
rescue NameError
return false
end
def search_missing?
Chef::Config[:solo] && !(Chef::Config[:local_mode] || chef_solo_search_installed?)
end
action :remove do
if Chef::Config[:solo] and not chef_solo_search_installed?
Chef::Log.warn("This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.")
if search_missing?
Chef::Log.warn('This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.')
else
search(new_resource.data_bag, "groups:#{new_resource.search_group} AND action:remove") do |rm_user|
user rm_user['username'] ||= rm_user['id'] do
action :remove
force rm_user['force'] ||= false
end
end
end
end
action :create do
security_group = Array.new
users_groups = {}
users_groups[new_resource.group_name] = []
if Chef::Config[:solo] and not chef_solo_search_installed?
Chef::Log.warn("This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.")
if search_missing?
Chef::Log.warn('This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.')
else
search(new_resource.data_bag, "groups:#{new_resource.search_group} AND NOT action:remove") do |u|
u['username'] ||= u['id']
security_group << u['username']
u['groups'].each do |g|
users_groups[g] = [] unless users_groups.key?(g)
users_groups[g] << u['username']
end
if node['apache'] and node['apache']['allowed_openids']
if node['apache'] && node['apache']['allowed_openids']
Array(u['openid']).compact.each do |oid|
node.default['apache']['allowed_openids'] << oid unless node['apache']['allowed_openids'].include?(oid)
end
end
# Set home_basedir based on platform_family
# Platform specific checks
# Set home_basedir
# Set shell on FreeBSD
home_basedir = '/home'
case node['platform_family']
when 'mac_os_x'
home_basedir = '/Users'
when 'debian', 'rhel', 'fedora', 'arch', 'suse', 'freebsd'
home_basedir = '/home'
when 'freebsd'
# Check if we need to prepend shell with /usr/local/?
u['shell'] = (!File.exist?(u['shell']) && File.exist?("/usr/local#{u['shell']}") ? "/usr/local#{u['shell']}" : '/bin/sh')
end
# Set home to location in data bag,
# or a reasonable default ($home_basedir/$user).
if u['home']
home_dir = u['home']
else
home_dir = "#{home_basedir}/#{u['username']}"
end
home_dir = (u['home'] ? u['home'] : "#{home_basedir}/#{u['username']}")
# check whether home dir is null
manage_home = (home_dir == '/dev/null' ? false : true)
# The user block will fail if the group does not yet exist.
# See the -g option limitations in man 8 useradd for an explanation.
# This should correct that without breaking functionality.
if u['gid'] and u['gid'].kind_of?(Numeric)
group u['username'] do
gid u['gid']
end
group u['username'] do
gid validate_id(u['gid'])
only_if { u['gid'] && u['gid'].is_a?(Numeric) }
end
# Create user object.
# Do NOT try to manage null home directories.
user u['username'] do
uid u['uid']
if u['gid']
gid u['gid']
end
uid validate_id(u['uid'])
gid validate_id(u['gid']) if u['gid']
shell u['shell']
comment u['comment']
password u['password'] if u['password']
if home_dir == "/dev/null"
supports :manage_home => false
else
supports :manage_home => true
end
supports manage_home: manage_home
home home_dir
action u['action'] if u['action']
end
@@ -112,65 +113,72 @@ action :create do
Chef::Log.debug("Managing home files for #{u['username']}")
directory "#{home_dir}/.ssh" do
owner u['username']
group u['gid'] || u['username']
mode "0700"
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0700'
only_if { u['ssh_keys'] || u['ssh_private_key'] || u['ssh_public_key'] }
end
if u['ssh_keys']
template "#{home_dir}/.ssh/authorized_keys" do
source "authorized_keys.erb"
cookbook new_resource.cookbook
owner u['username']
group u['gid'] || u['username']
mode "0600"
variables :ssh_keys => u['ssh_keys']
end
template "#{home_dir}/.ssh/authorized_keys" do
source 'authorized_keys.erb'
cookbook new_resource.cookbook
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0600'
variables ssh_keys: u['ssh_keys']
only_if { u['ssh_keys'] }
end
if u['ssh_private_key']
key_type = u['ssh_private_key'].include?("BEGIN RSA PRIVATE KEY") ? "rsa" : "dsa"
key_type = u['ssh_private_key'].include?('BEGIN RSA PRIVATE KEY') ? 'rsa' : 'dsa'
template "#{home_dir}/.ssh/id_#{key_type}" do
source "private_key.erb"
source 'private_key.erb'
cookbook new_resource.cookbook
owner u['id']
group u['gid'] || u['id']
mode "0400"
variables :private_key => u['ssh_private_key']
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0400'
variables private_key: u['ssh_private_key']
end
end
if u['ssh_public_key']
key_type = u['ssh_public_key'].include?("ssh-rsa") ? "rsa" : "dsa"
key_type = u['ssh_public_key'].include?('ssh-rsa') ? 'rsa' : 'dsa'
template "#{home_dir}/.ssh/id_#{key_type}.pub" do
source "public_key.pub.erb"
source 'public_key.pub.erb'
cookbook new_resource.cookbook
owner u['id']
group u['gid'] || u['id']
mode "0400"
variables :public_key => u['ssh_public_key']
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0400'
variables public_key: u['ssh_public_key']
end
end
else
Chef::Log.debug("Not managing home files for #{u['username']}")
end
end
# Populating users to appropriates groups
users_groups.each do |g, u|
group g do
members u
append true
action :manage # Do nothing if group doesn't exist
end unless g == new_resource.group_name # Dealing with managed group later
end
end
group new_resource.group_name do
if new_resource.group_id
gid new_resource.group_id
end
members security_group
gid new_resource.group_id if new_resource.group_id
members users_groups[new_resource.group_name]
end
end
private
def manage_home_files?(home_dir, user)
def manage_home_files?(home_dir, _user)
# Don't manage home dir if it's NFS mount
# and manage_nfs_home_dirs is disabled
if home_dir == "/dev/null"
if home_dir == '/dev/null'
false
elsif fs_remote?(home_dir)
new_resource.manage_nfs_home_dirs ? true : false