From b9cf396d42cc7681804779e799946f3aa3c5c22d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Wed, 28 Jun 2023 15:29:03 +0200 Subject: [PATCH] Deploy akkounts without the application_git cookbook Use the built-in git resource from Chef instead. poise/application does not work on modern Chef. --- Berksfile | 1 + Berksfile.lock | 4 + cookbooks/ruby_build/.markdownlint-cli2.yaml | 5 + cookbooks/ruby_build/CHANGELOG.md | 235 ++++++++++++++++++ cookbooks/ruby_build/LICENSE | 202 +++++++++++++++ cookbooks/ruby_build/README.md | 79 ++++++ cookbooks/ruby_build/chefignore | 115 +++++++++ .../ruby_build/libraries/package_deps.rb | 43 ++++ cookbooks/ruby_build/metadata.json | 48 ++++ cookbooks/ruby_build/metadata.rb | 25 ++ cookbooks/ruby_build/renovate.json | 17 ++ cookbooks/ruby_build/resources/definition.rb | 102 ++++++++ .../ruby_build/resources/homebrew_update.rb | 77 ++++++ cookbooks/ruby_build/resources/install.rb | 41 +++ site-cookbooks/kosmos-akkounts/metadata.rb | 6 +- .../kosmos-akkounts/recipes/default.rb | 147 +++++------ .../templates/{env.production.erb => env.erb} | 0 17 files changed, 1072 insertions(+), 75 deletions(-) create mode 100644 cookbooks/ruby_build/.markdownlint-cli2.yaml create mode 100644 cookbooks/ruby_build/CHANGELOG.md create mode 100644 cookbooks/ruby_build/LICENSE create mode 100644 cookbooks/ruby_build/README.md create mode 100644 cookbooks/ruby_build/chefignore create mode 100644 cookbooks/ruby_build/libraries/package_deps.rb create mode 100644 cookbooks/ruby_build/metadata.json create mode 100644 cookbooks/ruby_build/metadata.rb create mode 100644 cookbooks/ruby_build/renovate.json create mode 100644 cookbooks/ruby_build/resources/definition.rb create mode 100644 cookbooks/ruby_build/resources/homebrew_update.rb create mode 100644 cookbooks/ruby_build/resources/install.rb rename site-cookbooks/kosmos-akkounts/templates/{env.production.erb => env.erb} (100%) diff --git a/Berksfile b/Berksfile index add5c45..31788cc 100644 --- a/Berksfile +++ b/Berksfile @@ -52,3 +52,4 @@ cookbook 'java', '~> 4.3.0' cookbook 'ulimit', '~> 1.0.0' cookbook 'golang', '~> 5.3.1' cookbook 'zerotier', '~> 1.0.7' +cookbook 'ruby_build', '~> 2.5.0' diff --git a/Berksfile.lock b/Berksfile.lock index 789a0be..f5a6f5c 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -46,6 +46,7 @@ DEPENDENCIES poise-service (~> 1.5.2) postfix (= 5.0.2) redisio (~> 6.4.1) + ruby_build (~> 2.5.0) timezone_iii (= 1.0.4) ulimit (~> 1.0.0) users (~> 5.3.1) @@ -150,6 +151,9 @@ GRAPH postfix (5.0.2) redisio (6.4.1) selinux (>= 0.0.0) + ruby_build (2.5.0) + homebrew (>= 0.0.0) + yum-epel (>= 0.0.0) selinux (6.1.12) seven_zip (4.2.2) timezone_iii (1.0.4) diff --git a/cookbooks/ruby_build/.markdownlint-cli2.yaml b/cookbooks/ruby_build/.markdownlint-cli2.yaml new file mode 100644 index 0000000..6fa8e77 --- /dev/null +++ b/cookbooks/ruby_build/.markdownlint-cli2.yaml @@ -0,0 +1,5 @@ +config: + ul-indent: false # MD007 + line-length: false # MD013 + no-duplicate-heading: false # MD024 + reference-links-images: false # MD052 diff --git a/cookbooks/ruby_build/CHANGELOG.md b/cookbooks/ruby_build/CHANGELOG.md new file mode 100644 index 0000000..79e49d8 --- /dev/null +++ b/cookbooks/ruby_build/CHANGELOG.md @@ -0,0 +1,235 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 2.5.0 - *2023-05-16* + +- Allow ruby-build to recognize when it needs to be upgraded. +- Allow ruby-build to reinstall Ruby if the version changes. + +## 2.4.1 - *2023-05-16* + +## 2.4.0 - *2023-05-16* + +- Ubuntu 18 now uses 'libssl-dev' instead of 'libssl1.0-dev' + +## 2.3.15 - *2023-05-15* + +## 2.3.14 - *2023-04-17* + +## 2.3.13 - *2023-04-07* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.12 - *2023-04-01* + +## 2.3.11 - *2023-04-01* + +## 2.3.10 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.9 - *2023-03-20* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.8 - *2023-03-15* + +Standardise files with files in sous-chefs/repo-management + +Standardise files with files in sous-chefs/repo-management + +## 2.3.7 - *2023-02-27* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.6 - *2023-02-16* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.5 - *2023-02-14* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.4 - *2023-02-13* + +## 2.3.3 - *2023-02-13* + +## 2.3.2 - *2023-02-13* + +## 2.3.1 - *2022-12-06* + +Standardise files with files in sous-chefs/repo-management + +## 2.3.0 - *2022-08-08* + +- Add `verbose` option +- Remove Delivery and move to calling RSpec directly via a reusable workflow +- Use reusable workflows +- Update test build to use Ruby 3.0.4 +- Add Alma Linux & Rocky Linux / Replace CentOS 8 with CentOS Stream 8 +- Standardize kitchen.dokken.yml +- Add support for Ubuntu 22.04 +- Remove use of yum-centos and replace with use of yum-config-manager to make it easier to work with Alma/Rocky +- Install openssl@1.1 on MacOS + +## 2.2.3 - *2022-05-16* + +- Standardise files with files in sous-chefs/repo-management + +## 2.2.2 - *2022-02-10* + +- Standardise files with files in sous-chefs/repo-management + +## 2.2.1 - *2022-02-08* + +- Remove delivery folder + +## 2.2.0 - *2021-12-27* + +- support Chef temporary directory being located on a volume mounted `noexec` +- support Ruby installation directory being created ahead of time + +## 2.1.5 - *2021-11-22* + +- Retry when cloning the ruby-build code repository + +## 2.1.4 - *2021-08-30* + +- Standardise files with files in sous-chefs/repo-management + +## 2.1.3 - *2021-06-01* + +- Standardise files with files in sous-chefs/repo-management + +## 2.1.2 - *2020-12-02* + +- resolved cookstyle error: libraries/package_deps.rb:8:5 convention: `Layout/EmptyLineBetweenDefs` + +## 2.1.1 (2020-09-16) + +- resolved cookstyle error: spec/libraries/cruby_spec.rb:6:7 refactor: `ChefCorrectness/IncorrectLibraryInjection` +- Cookstyle Bot Auto Corrections with Cookstyle 6.16.8 + +## 2.1.0 (2020-06-17) + +- Fix package_deps being passed too many arguments +- Fix switching to master when we're already on master +- Add MacOS testing + +- fix broken environment property (needs a Hash, was set to String) +- update documentation pages with new custom resource name ruby_build_definition +- make the automatic addition of the Ruby version to the prefix an option +- allow users to use the old ruby_build_ruby resource name, for compatibility +- do not assume that users are running Chef 15.3.x and can use unified_mode +- add requested feature: patch + +## 2.0.0 (2020-04-21) + +- Remove support for JRuby, it requires an out of support Java version +- Convert to a custom resource +- Move test from bats to Inspec +- Add support for Amazon Linux +- Add support for Ubuntu 18.04 + +## 1.3.0 (2020-03-05) + +- Add debian-10 platform to test kitchen configurations +- Migrate to github actions +- Fix CircleCI testing, bring it up to Sous-Chefs standards +- Fix Markdown +- Fix YAML +- Use platform? helper in the attributes file +- Remove the unnecessary long_description field in metadata.rb +- Fix libgdbm package name in attributes for debian 10 +- Fix libgdbm package name in attributes for Ubuntu 19.04 + +## 1.2.0 (2019-01-23) + +- Add debian-10 platform to test kitchen configurations +- Migrate to github actions +- Remove recipes +- Add ruby_build_install resource +- Add ruby_build_definition resource +- Add unit testing + +## 1.1.0 (2017-04-07) + +- Maintenance of this cookbook has been moved to the Sous Chefs organization - +- Switched git installation to the git cookbook +- Sped up converge times by using multi-package installs when available +- Added Chefspec matchers +- Removed a duplicate package that was causing warnings on Chef 12 / failures on Chef 13 +- Ensured that multi-package installs would continue on Amazon Linux with Chef 13 +- Removed some fragile and unnecessary code that checked to see if we were on Chef 12+ +- Switched testing to Delivery local mode and removed all test gems from the Gemfile. +- Added a skeleton Chefspec test suite +- Updated to more modern Ruby versions to test with + +## 1.0.0 (2016-07-18) + +- This cookbook has been moved under the chef-rbenv Github organization to allow for additional committers and further maintenance +- The cookbook now requires Chef 12 due to the use of multi-package installations +- Existing lists of package dependencies have been updated to match those on the ruby-build wiki. This removes several runtime dependencies such as readline, zlib, and subversion +- Added support for installing Rubinius dependencies when installing Rubinius +- Added dependency installation on OS X machines +- Added support for FreeBSD +- Added a dependency on yum-epel when on RHEL +- Added Travis CI integration testing using kitchen-dokken and inspec +- Added cookstyle for Ruby linting and resolved all warnings +- Updated the ruby-build Github URL to the new location +- Switched package dependency logic to use platform_family which supports additional derivative distros +- Add source_url, issues_url, and chef_version metadata to metadata.rb +- Updated the LWRP to use use_inline_resources for proper update notifications +- Added a Chef 11+ style default_action to the LWRP +- Updated attribute file to use default instead of node.set which avoids deprecation warnings +- Updated the Berksfile to use Supermarket +- Updated the Gemfile with the latest testing dependencies +- Added the Apache 2.0 license file +- Updated readme to remove HTML tables that don't render in Supermarket +- Swapped the Rakefile for the standard Chef Rakefile + +## 0.8.0 (2013-05-22) + +- Pull request [#8]: Remove libyaml-devel pkg dependency for Red Hat family platforms. ([@fnichol]) +- Pull request [#9]: Use the HTTPS clone URL. ([@adammck]) +- Pull request [#10]: Use old-form notifies to support AWS OpsWorks. ([@tsabat]) +- Issue [#7]: Install Git package(s) only if Git is not previously installed. ([@fnichol], [@ChrisLundquist]) +- Convert project from Jamie to Test Kitchen. ([@fnichol]) + +## 0.7.2 (2012-12-31) + +- Fix missing package dependencies for C Ruby versions on RHEL family. ([@fnichol]) +- Print Ruby build time to :info logger (formerly :debug). ([@fnichol]) +- Add integration tests for commonly installed Ruby versions. ([@fnichol]) + +## 0.7.0 (2012-11-21) + +- Add environment attr to ruby_build_ruby. This allows for adding custom compilation flags, as well as newer ruby-build environment variables, such as RUBY_BUILD_MIRROR_URL. ([@fnichol]) +- Update foodcritic configuration and update .travis.yml. ([@fnichol]) +- Update Installation section of README (welcome Berkshelf). ([@fnichol]) + +## 0.6.2 (2012-05-03) + +- Fix ruby_build_ruby LWRP now notifies when updated (FC017). ([@fnichol]) +- Fix Add plaform equivalents in default attrs (FC024). ([@fnichol]) +- Fix JRuby requires make package on Ubuntu/Debian. ([@fnichol]) +- Ensure `Chef::Config[:file_cache_path]` exists in solo mode. ([@fnichol]) +- Add TravisCI to run Foodcritic linter. ([@fnichol]) +- Reorganize README with section links. ([@fnichol]) + +## 0.6.0 (2011-12-10) + +The initial release. + +[#10]: https://github.com/fnichol/chef-ruby_build/issues/10 +[#7]: https://github.com/fnichol/chef-ruby_build/issues/7 +[#8]: https://github.com/fnichol/chef-ruby_build/issues/8 +[#9]: https://github.com/fnichol/chef-ruby_build/issues/9 +[@adammck]: https://github.com/adammck +[@chrislundquist]: https://github.com/ChrisLundquist +[@fnichol]: https://github.com/fnichol +[@tsabat]: https://github.com/tsabat diff --git a/cookbooks/ruby_build/LICENSE b/cookbooks/ruby_build/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/ruby_build/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/ruby_build/README.md b/cookbooks/ruby_build/README.md new file mode 100644 index 0000000..37e0f3b --- /dev/null +++ b/cookbooks/ruby_build/README.md @@ -0,0 +1,79 @@ +# ruby-build Chef Cookbook + +[![Cookbook Version](https://img.shields.io/cookbook/v/ruby_build.svg)](https://supermarket.chef.io/cookbooks/ruby_build) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) + +## Description + +Manages the [ruby-build][rb_site] framework and its installed Rubies, through custom resources. + +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + +## Usage + +It is for use in standalone mode. If you wish to use ruby-build with rbenv, please use the [rbenv cookbook][rbenv-cookbook]. + +## Requirements + +### Chef + +- Chef 15+ + +### Supported Platforms + +- Ubuntu 16.04+ +- MacOS +- debian 8+ +- FreeBSD 9+ +- RedHat 6+ + +## Usage + +```ruby +# metadata.rb +depends 'ruby_build' +``` + +```ruby +# default.rb +ruby_build_install '' + +ruby_build_definition '2.6.0' + +# build 2.6.0 with a patch that lives in your cookbook's files/default dir +ruby_build_definition '2.6.0' do + patch 'foobar.patch' +end +``` + +## Resources + +- [ruby_build_install](https://github.com/sous-chefs/ruby_build/blob/master/documentation/resources/install.md) +- [ruby_build_definition](https://github.com/sous-chefs/ruby_build/blob/master/documentation/resources/definition.md) + +## License and Author + +Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at + +```text +http://www.apache.org/licenses/LICENSE-2.0 +``` + +### Sponsors + +[rb_site]: https://github.com/rbenv/ruby-build +[rbenv-cookbook]: https://github.com/sous-chefs/ruby_rbenv + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/ruby_build/chefignore b/cookbooks/ruby_build/chefignore new file mode 100644 index 0000000..a27b0b2 --- /dev/null +++ b/cookbooks/ruby_build/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen*.yml +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/ruby_build/libraries/package_deps.rb b/cookbooks/ruby_build/libraries/package_deps.rb new file mode 100644 index 0000000..d03164a --- /dev/null +++ b/cookbooks/ruby_build/libraries/package_deps.rb @@ -0,0 +1,43 @@ +class Chef + module Rbenv + module MacOs + def openssl_prefix + `/usr/local/bin/brew --prefix openssl@1.1`.strip! + end + end + + module PackageDeps + def cruby_package_deps + case node['platform_family'] + when 'rhel', 'fedora', 'amazon' + %w( gcc bzip2 openssl-devel libyaml-devel libffi-devel readline-devel zlib-devel gdbm-devel ncurses-devel make patch ) + when 'debian' + case node['platform'] + when 'debian' + if node['platform_version'].to_i >= 10 + %w( gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm6 libgdbm-dev make patch ) + else + %w( gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev make patch ) + end + when 'ubuntu' + if node['platform_version'].to_i >= 20 + %w( gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm6 libgdbm-dev make patch ) + elsif node['platform_version'].to_i == 18 + %w( gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm5 libgdbm-dev make patch ) + else + %w( gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev make patch ) + end + end + when 'suse' + %w( gcc make automake gdbm-devel libyaml-devel ncurses-devel readline-devel zlib-devel libopenssl-devel patch ) + when 'mac_os_x' + %w( openssl@1.1 readline ) + end + end + + def package_deps + cruby_package_deps + end + end + end +end diff --git a/cookbooks/ruby_build/metadata.json b/cookbooks/ruby_build/metadata.json new file mode 100644 index 0000000..aaf0ec5 --- /dev/null +++ b/cookbooks/ruby_build/metadata.json @@ -0,0 +1,48 @@ +{ + "name": "ruby_build", + "description": "Manages the ruby-build framework and its installed rubies. A LWRP is also defined.", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0", + "freebsd": ">= 0.0.0", + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "fedora": ">= 0.0.0", + "amazon": ">= 0.0.0", + "scientific": ">= 0.0.0", + "suse": ">= 0.0.0", + "opensuse": ">= 0.0.0", + "opensuseleap": ">= 0.0.0", + "mac_os_x": ">= 0.0.0" + }, + "dependencies": { + "yum-epel": ">= 0.0.0", + "homebrew": ">= 0.0.0" + }, + "providing": { + + }, + "recipes": { + + }, + "version": "2.5.0", + "source_url": "https://github.com/sous-chefs/ruby_build", + "issues_url": "https://github.com/sous-chefs/ruby_build/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 15.0" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/ruby_build/metadata.rb b/cookbooks/ruby_build/metadata.rb new file mode 100644 index 0000000..9d4f6bc --- /dev/null +++ b/cookbooks/ruby_build/metadata.rb @@ -0,0 +1,25 @@ +name 'ruby_build' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Manages the ruby-build framework and its installed rubies. A LWRP is also defined.' +source_url 'https://github.com/sous-chefs/ruby_build' +issues_url 'https://github.com/sous-chefs/ruby_build/issues' +chef_version '>= 15.0' +version '2.5.0' + +supports 'ubuntu' +supports 'debian' +supports 'freebsd' +supports 'redhat' +supports 'centos' +supports 'fedora' +supports 'amazon' +supports 'scientific' +supports 'suse' +supports 'opensuse' +supports 'opensuseleap' +supports 'mac_os_x' + +depends 'yum-epel' +depends 'homebrew' diff --git a/cookbooks/ruby_build/renovate.json b/cookbooks/ruby_build/renovate.json new file mode 100644 index 0000000..7e7a8ba --- /dev/null +++ b/cookbooks/ruby_build/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base"], + "packageRules": [{ + "groupName": "Actions", + "matchUpdateTypes": ["patch", "pin", "digest"], + "automerge": true, + "addLabels": ["Release: Patch", "Skip: Announcements"] + }, + { + "groupName": "Actions", + "matchUpdateTypes": ["major"], + "automerge": false, + "addLabels": ["Release: Patch", "Skip: Announcements"] + } + ] +} diff --git a/cookbooks/ruby_build/resources/definition.rb b/cookbooks/ruby_build/resources/definition.rb new file mode 100644 index 0000000..763cc3d --- /dev/null +++ b/cookbooks/ruby_build/resources/definition.rb @@ -0,0 +1,102 @@ +include Chef::Rbenv::MacOs + +# for compatibility with earlier incarnations +# of this resource +# +provides :ruby_build_ruby + +property :definition, String, + name_property: true, + description: 'Version of Ruby to install' + +property :prefix_path, String, + default: '/usr/local/ruby', + description: 'Location to install Ruby' + +property :verbose, [true, false], + default: false, + description: 'print compilation status to stdout' + +# NOTE: adding the Ruby version to the installation prefix +# by default is unexpected and will likely lead to user +# problems. Now defaults to false. +# +property :version_prefix, [true, false], + default: false, + description: 'add Ruby version to the installation prefix' + +property :patch, [String, nil], + description: 'path to a Ruby patch file for ruby-build to use' + +property :environment, Hash, + default: {}, + description: 'Environment hash to pass to the ruby-build install process' + +property :user, String, + description: 'User to install as' + +property :group, String, + description: 'Group to install as' + +unified_mode true if respond_to? :unified_mode + +action :install do + Chef::Log.fatal('JRuby is not a supported definition') \ + if new_resource.definition.include? 'jruby' + + if platform_family?('mac_os_x') && Chef::VERSION < '16' + Array(package_deps).each do |pkg| + package pkg + end + else + package package_deps + end + + installation_path = if new_resource.version_prefix + ::File.join(new_resource.prefix_path, new_resource.definition) + else + new_resource.prefix_path + end + + env = if platform_family?('mac_os_x') + extra_env = { 'RUBY_CONFIGURE_OPTS' => "--with-openssl-dir=#{openssl_prefix}" } + new_resource.environment.merge extra_env + else + new_resource.environment + end + + ruby_build_cmd = [ + '/usr/local/bin/ruby-build', + new_resource.definition, + installation_path, + ].join(' ') + + ruby_build_cmd += ' --verbose' if new_resource.verbose + + if new_resource.patch + patch_path = "#{Chef::Config[:file_cache_path]}/#{new_resource.patch}" + ruby_build_cmd += %( --patch < "#{patch_path}" ) + + cookbook_file patch_path do + source new_resource.patch + end + end + + bash "ruby-build #{new_resource.definition}" do + code ruby_build_cmd + environment env + user new_resource.user + group new_resource.group + not_if do + ::Dir.exist?("#{installation_path}/bin") && + new_resource.definition == `#{installation_path}/bin/ruby -e 'print RUBY_VERSION'` + end + live_stream true + action :run + end +end + +action_class do + include Chef::Rbenv::PackageDeps + include Chef::Rbenv::MacOs +end diff --git a/cookbooks/ruby_build/resources/homebrew_update.rb b/cookbooks/ruby_build/resources/homebrew_update.rb new file mode 100644 index 0000000..de88d53 --- /dev/null +++ b/cookbooks/ruby_build/resources/homebrew_update.rb @@ -0,0 +1,77 @@ +unified_mode true if respond_to? :unified_mode + +provides :homebrew_update + +description 'Use the **homebrew_update** resource to manage Homebrew repository updates on MacOS.' +introduced '16.2' +examples <<~DOC + **Update the hombrew repository data at a specified interval**: + ```ruby + homebrew_update 'all platforms' do + frequency 86400 + action :periodic + end + ``` + **Update the Homebrew repository at the start of a Chef Infra Client run**: + ```ruby + homebrew_update 'update' + ``` +DOC + +# allow bare homebrew_update with no name +property :name, String, default: '' + +property :frequency, Integer, + description: 'Determines how frequently (in seconds) Homebrew updates are made. Use this property when the `:periodic` action is specified.', + default: 86_400 + +default_action :periodic + +action_class do + BREW_STAMP_DIR = '/var/lib/homebrew/periodic'.freeze + BREW_STAMP = "#{BREW_STAMP_DIR}/update-success-stamp".freeze + + # Determines whether we need to run `homebrew update` + # + # @return [Boolean] + def brew_up_to_date? + ::File.exist?(BREW_STAMP) && + ::File.mtime(BREW_STAMP) > Time.now - new_resource.frequency + end + + def do_update + directory BREW_STAMP_DIR do + recursive true + end + + file BREW_STAMP do + content "BREW::Update::Post-Invoke-Success\n" + action :create_if_missing + end + + execute 'brew update' do + command %w(brew update) + default_env true + user Homebrew.owner + notifies :touch, "file[#{BREW_STAMP}]", :immediately + end + end +end + +action :periodic do + return unless mac_os_x? + + unless brew_up_to_date? + converge_by 'update new lists of packages' do + do_update + end + end +end + +action :update do + return unless mac_os_x? + + converge_by 'force update new lists of packages' do + do_update + end +end diff --git a/cookbooks/ruby_build/resources/install.rb b/cookbooks/ruby_build/resources/install.rb new file mode 100644 index 0000000..d3c8daf --- /dev/null +++ b/cookbooks/ruby_build/resources/install.rb @@ -0,0 +1,41 @@ +property :name, String, default: '' + +property :git_ref, String, + default: 'master', + description: 'Git reference to download, set to a tag to get a specific version' + +unified_mode true if respond_to? :unified_mode + +action :install do + src_path = "#{Chef::Config['file_cache_path']}/ruby-build" + + if platform_family?('rhel') + if node['platform_version'].to_i >= 8 + package 'yum-utils' + + execute 'yum-config-manager --enable powertools' do + not_if 'yum-config-manager --dump powertools | grep -q "enabled = 1"' + end + end + + include_recipe 'yum-epel' + end + + package %w(tar bash curl git) unless platform_family?('mac_os_x', 'freebsd') + + git src_path do + repository 'https://github.com/rbenv/ruby-build.git' + revision new_resource.git_ref unless new_resource.git_ref == 'master' + retries 5 + retry_delay 5 + end + + execute 'Install ruby-build' do + cwd src_path + command %(sh ./install.sh) + not_if do + ::File.exist?('/usr/local/bin/ruby-build') && + `#{src_path}/bin/ruby-build --version` == `/usr/local/bin/ruby-build --version` + end + end +end diff --git a/site-cookbooks/kosmos-akkounts/metadata.rb b/site-cookbooks/kosmos-akkounts/metadata.rb index 8e0cf07..6ae1ac6 100644 --- a/site-cookbooks/kosmos-akkounts/metadata.rb +++ b/site-cookbooks/kosmos-akkounts/metadata.rb @@ -5,15 +5,13 @@ license 'MIT' description 'Installs/configures kosmos-akkounts' long_description 'Installs/configures kosmos-akkounts' version '0.2.0' -chef_version '>= 14.0' +chef_version '>= 18.0' depends 'kosmos-nginx' depends "kosmos-nodejs" depends "redisio" -depends "poise-ruby-build" -depends "application" -depends 'application_git' depends "postgresql" depends "kosmos_postgresql" depends "backup" depends "kosmos-dirsrv" +depends "ruby_build" diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 8091cc2..597f276 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -30,9 +30,15 @@ npm_package "yarn" do end ruby_version = "2.7.5" -bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle" +ruby_path = "/opt/ruby_build/builds/#{ruby_version}" +bundle_path = "#{ruby_path}/bin/bundle" rails_env = node.chef_environment == "development" ? "development" : "production" +ruby_build_install 'v20230615' +ruby_build_definition ruby_version do + prefix_path ruby_path +end + postgres_readonly_host = search(:node, "role:postgresql_replica").first["knife_zero"]["host"] rescue nil btcpay_host = search(:node, "role:btcpay").first["knife_zero"]["host"] rescue nil lndhub_host = search(:node, "role:lndhub").first["knife_zero"]["host"] rescue nil @@ -152,7 +158,7 @@ systemd_unit "akkounts-sidekiq.service" do User: deploy_user, WorkingDirectory: deploy_path, Environment: "MALLOC_ARENA_MAX=2", - ExecStart: "#{bundle_path} exec sidekiq -C #{deploy_path}/config/sidekiq.yml -e production", + ExecStart: "#{bundle_path} exec sidekiq -C #{deploy_path}/config/sidekiq.yml -e #{rails_env}", WatchdogSec: "10", Restart: "on-failure", RestartSec: "1", @@ -169,84 +175,83 @@ systemd_unit "akkounts-sidekiq.service" do action [:create, :enable] end -application deploy_path do +deploy_env = { + "HOME" => deploy_path, + "PATH" => "#{ruby_path}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin", + "RAILS_ENV" => rails_env, + "NODE_ENV" => rails_env +} + +git deploy_path do + repository node[app_name]["repo"] + revision node[app_name]["revision"] + user deploy_user + group deploy_group + # Restart services on deployments + notifies :run, "execute[restart #{app_name} services]", :delayed +end + +execute "restart #{app_name} services" do + command "true" + action :nothing + notifies :restart, "service[#{app_name}]", :delayed + notifies :restart, "service[#{app_name}-sidekiq]", :delayed +end + +file "#{deploy_path}/config/master.key" do + content credentials['rails_master_key'] + mode '0400' owner deploy_user group deploy_group + notifies :run, "execute[restart #{app_name} services]", :delayed +end - # Take care of application restarts manually, in the git resource - action_on_update false +template "#{deploy_path}/.env.#{rails_env}" do + source 'env.erb' + owner deploy_user + group deploy_group + mode 0600 + sensitive true + variables config: env + notifies :run, "execute[restart #{app_name} services]", :delayed +end - environment "HOME" => deploy_path, - "PATH" => "/opt/ruby_build/builds/#{ruby_version}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" +execute "bundle install" do + environment deploy_env + user deploy_user + cwd deploy_path + command "bundle install --without development,test --deployment" +end - ruby_runtime ruby_version do - provider :ruby_build - version ruby_version - end +execute "yarn install" do + environment deploy_env + user deploy_user + cwd deploy_path + command "yarn install --pure-lockfile" +end - git do - user deploy_user - group deploy_group - repository node[app_name]["repo"] - revision node[app_name]["revision"] - # Restart services on deployments - notifies :restart, "application[#{deploy_path}]", :delayed - end +execute 'rake db:migrate' do + environment deploy_env + user deploy_user + group deploy_group + cwd deploy_path + command "bundle exec rake db:migrate" +end - file "#{deploy_path}/config/master.key" do - content credentials['rails_master_key'] - mode '0400' - owner deploy_user - group deploy_group - end +execute 'rake assets:precompile' do + environment deploy_env + user deploy_user + group deploy_group + cwd deploy_path + command "bundle exec rake assets:precompile" +end - template "#{deploy_path}/.env.production" do - source 'env.production.erb' - owner deploy_user - group deploy_group - mode 0600 - sensitive true - variables config: env - notifies :restart, "application[#{deploy_path}]", :delayed - end +service "akkounts" do + action [:enable, :start] +end - execute "bundle install" do - environment "HOME" => deploy_path - user deploy_user - cwd deploy_path - command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment" - end - - execute "yarn install" do - environment "HOME" => deploy_path, "NODE_ENV" => "production" - user deploy_user - cwd deploy_path - command "yarn install --pure-lockfile" - end - - execute 'rake db:migrate' do - environment "RAILS_ENV" => rails_env, "HOME" => deploy_path - user deploy_user - group deploy_group - cwd deploy_path - command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake db:migrate" - end - - execute 'rake assets:precompile' do - environment "RAILS_ENV" => rails_env, "HOME" => deploy_path - user deploy_user - group deploy_group - cwd deploy_path - command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake assets:precompile" - end - - service "akkounts" do - action [:enable, :start] - end - - service "akkounts-sidekiq" do - action [:enable, :start] - end +service "akkounts-sidekiq" do + action [:enable, :start] end firewall_rule "akkounts_zerotier" do diff --git a/site-cookbooks/kosmos-akkounts/templates/env.production.erb b/site-cookbooks/kosmos-akkounts/templates/env.erb similarity index 100% rename from site-cookbooks/kosmos-akkounts/templates/env.production.erb rename to site-cookbooks/kosmos-akkounts/templates/env.erb