git-hosting/provision-node
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: git-hosting:master
Branches Tags
git-hosting:master
git-hosting:setup
..
compare: git-hosting:setup
Branches Tags
git-hosting:master
git-hosting:setup

No commits in common. "master" and "setup" have entirely different histories.
master ... setup

75 changed files with 45 additions and 7335 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +0,0 @@
.vagrant/

57
Vagrantfile vendored
View File

@ -1,57 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "generic/ubuntu1604"
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
config.vm.network "forwarded_port", guest: 3000, host: 8030 # gitea server
config.vm.network "forwarded_port", guest: 80, host: 8080 # HTTP proxy to gitea
config.vm.network "forwarded_port", guest: 443, host: 8443 # HTTPS proxy to gitea
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# Customize the amount of memory on the VM:
vb.memory = "1024"
end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
config.vm.provision "chef_solo" do |chef|
chef.version = "14.12.3" # version 14.12.9 fails to run
chef.cookbooks_path = [
'ops/cookbooks/',
'ops/cookbooks/vendor'
]
chef.roles_path = 'ops/roles'
chef.add_role('app')
chef.json = {
'custom-domain': 'localhost.vm42.us',
'custom-title': 'My gitea server!',
'db-password': 'mypassword',
}
end
end

5
cookbooks/hosting.json Normal file
View File

@ -0,0 +1,5 @@
{
"run_list": [ "recipe[hosting::user]",
"recipe[hosting::mkdir]"
]
}

0
ops/cookbooks/hosting/.delivery/build_cookbook/.kitchen.yml → cookbooks/hosting/.delivery/build_cookbook/.kitchen.yml
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/Berksfile → cookbooks/hosting/.delivery/build_cookbook/Berksfile
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/LICENSE → cookbooks/hosting/.delivery/build_cookbook/LICENSE
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/README.md → cookbooks/hosting/.delivery/build_cookbook/README.md
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/chefignore → cookbooks/hosting/.delivery/build_cookbook/chefignore
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json → cookbooks/hosting/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/metadata.rb → cookbooks/hosting/.delivery/build_cookbook/metadata.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/default.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/default.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/deploy.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/deploy.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/functional.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/functional.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/lint.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/lint.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/provision.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/provision.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/publish.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/publish.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/quality.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/quality.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/security.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/security.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/smoke.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/smoke.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/syntax.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/syntax.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/recipes/unit.rb → cookbooks/hosting/.delivery/build_cookbook/recipes/unit.rb
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/secrets/fakey-mcfakerton → cookbooks/hosting/.delivery/build_cookbook/secrets/fakey-mcfakerton
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb → cookbooks/hosting/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb vendored
View File

0
ops/cookbooks/hosting/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb → cookbooks/hosting/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb vendored
View File

0
ops/cookbooks/hosting/.delivery/config.json → cookbooks/hosting/.delivery/config.json
View File

0
ops/cookbooks/hosting/.delivery/project.toml → cookbooks/hosting/.delivery/project.toml
View File

0
ops/cookbooks/hosting/.gitignore → cookbooks/hosting/.gitignore vendored
View File

0
ops/cookbooks/hosting/.kitchen.yml → cookbooks/hosting/.kitchen.yml
View File

0
ops/cookbooks/hosting/Berksfile → cookbooks/hosting/Berksfile
View File

0
ops/cookbooks/hosting/CHANGELOG.md → cookbooks/hosting/CHANGELOG.md
View File

0
ops/cookbooks/hosting/LICENSE → cookbooks/hosting/LICENSE
View File

0
ops/cookbooks/hosting/README.md → cookbooks/hosting/README.md
View File

0
ops/cookbooks/hosting/chefignore → cookbooks/hosting/chefignore
View File

2
ops/cookbooks/hosting/metadata.rb → cookbooks/hosting/metadata.rb
View File

@ -7,8 +7,6 @@ long_description 'Installs/Configures hosting'
version '0.1.0'
chef_version '>= 13.0'
depends 'postgresql'
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.

0
ops/cookbooks/hosting/recipes/default.rb → cookbooks/hosting/recipes/default.rb
View File

20
cookbooks/hosting/recipes/mkdir.rb Normal file
View File

@ -0,0 +1,20 @@
directory '/opt/theta42' do
owner 'root'
group 'root'
mode '0755'
action :create
end
directory '/opt/theta42/bin' do
owner 'root'
group 'root'
mode '0755'
action :create
end
directory '/opt/theta42/gitea' do
owner 'gitea'
group 'gitea'
mode '0755'
action :create
end

17
cookbooks/hosting/recipes/postgress.rb Normal file
View File

@ -0,0 +1,17 @@
postgresql_server_install 'My PostgreSQL Server install' do
action :install
end
postgresql_access 'local_postgres_superuser' do
comment 'Local postgres superuser access'
access_type 'local'
access_db 'all'
access_user 'postgres'
access_addr nil
access_method 'ident'
end
postgresql_user 'gitea' do
password 'UserP4ssword'
createdb true
end

4
ops/cookbooks/hosting/recipes/user.rb → cookbooks/hosting/recipes/user.rb
View File

@ -1,8 +1,8 @@
user 'gitea system user' do
comment 'gitea system user'
username 'gitea'
home '/home/gitea'
shell '/bin/bash'
system true
shell '/bin/false'
end
group 'gitea' do

0
ops/cookbooks/hosting/spec/spec_helper.rb → cookbooks/hosting/spec/spec_helper.rb
View File

0
ops/cookbooks/hosting/spec/unit/recipes/default_spec.rb → cookbooks/hosting/spec/unit/recipes/default_spec.rb
View File

0
ops/cookbooks/hosting/test/integration/default/default_test.rb → cookbooks/hosting/test/integration/default/default_test.rb
View File

1
cookbooks/solo.rb Normal file
View File

@ -0,0 +1 @@
cookbook_path '/opt/theta42/provision-node/cookbooks'

22
init.sh
View File

@ -1,22 +0,0 @@
apt-get install -y git wget nano;
if which chef-solo; then
echo 'found chef-solo, skipping';
else
echo 'Installing chef-dk';
wget https://packages.chef.io/files/stable/chefdk/3.9.0/ubuntu/16.04/chefdk_3.9.0-1_amd64.deb -O chefdk.deb;
dpkg -i chefdk.deb;
fi
mkdir /opt/theta42 -p;
rm -rf /opt/theta42/provision-node;
## Install the node agent
git clone https://git.theta42.com/git-hosting/provision-node.git /opt/theta42/provision-node;
chef-solo -c /opt/theta42/provision-node/cookbooks/solo.rb -j /opt/theta42/provision-node/cookbooks/hosting.json;

8
ops/app.json
View File

@ -1,8 +0,0 @@
{
"run_list": [
"role[app]"
],
"custom-domain": "localhost.vm42.us",
"custom-title": "My gitea server!",
"db-password": "mypassword"
}

46
ops/cookbooks/hosting/recipes/gitea.rb
View File

@ -1,46 +0,0 @@
remote_file '/opt/theta42/bin/gitea' do
source 'https://github.com/go-gitea/gitea/releases/download/v1.8.1/gitea-1.8.1-linux-amd64'
mode '0755'
action :create
end
template '/opt/theta42/gitea/conf/app.ini' do
source 'app.ini.erb'
owner 'gitea'
group 'gitea'
mode '0755'
end
systemd_unit 'gitea.service' do
content <<-EOU.gsub(/^\s+/, '')
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=postgresql.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=10s
Type=simple
User=gitea
Group=gitea
WorkingDirectory=/opt/theta42/gitea
ExecStart=/opt/theta42/bin/gitea web --config /opt/theta42/gitea/conf/app.ini
Restart=always
Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/opt/theta42/gitea GITEA_CUSTOM=/opt/theta42/gitea/custom
[Install]
WantedBy=multi-user.target
EOU
action [:create, :enable, :start]
end

48
ops/cookbooks/hosting/recipes/mkdir.rb
View File

@ -1,48 +0,0 @@
directory '/opt/theta42' do
owner 'root'
group 'root'
mode '0755'
action :create
end
directory '/opt/theta42/bin' do
owner 'root'
group 'root'
mode '0755'
action :create
end
directory '/home/gitea' do
owner 'gitea'
group 'gitea'
mode '0755'
action :create
end
directory '/opt/theta42/gitea' do
owner 'gitea'
group 'gitea'
mode '0755'
action :create
end
directory '/opt/theta42/gitea/conf' do
owner 'gitea'
group 'gitea'
mode '0755'
action :create
end
directory '/opt/theta42/gitea/data' do
owner 'gitea'
group 'gitea'
mode '0755'
action :create
end
directory '/opt/theta42/gitea/custom' do
owner 'gitea'
group 'gitea'
mode '0755'
action :create
end

62
ops/cookbooks/hosting/recipes/nginx.rb
View File

@ -1,62 +0,0 @@
# apt_repository 'open resty repo' do
# uri 'http://openresty.org/package/ubuntu'
# key 'https://openresty.org/package/pubkey.gpg'
# components ['main']
# end
apt_package 'software-properties-common'
execute 'add key' do
command 'wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -'
end
execute 'add repo' do
command 'add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"; apt update'
end
apt_package 'openresty'
apt_package 'luarocks'
execute 'install lua-resty-auto-ssl' do
command 'luarocks install lua-resty-auto-ssl'
end
directory '/etc/ssl' do
mode '0755'
action :create
end
execute 'defualt ssl' do
command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt"
end
execute 'defualt ssl' do
command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt"
end
template '/etc/openresty/nginx.conf' do
source 'nginx.conf.erb'
end
template '/etc/openresty/autossl.conf' do
source 'autossl.conf.erb'
end
directory '/etc/openresty/sites-enabled' do
mode '0755'
action :create
end
directory '/var/log/nginx/' do
mode '0775'
action :create
end
template '/etc/openresty/sites-enabled/host.conf' do
source 'host.conf.erb'
end
systemd_unit 'openresty' do
action :reload
end

53
ops/cookbooks/hosting/recipes/postgress.rb
View File

@ -1,53 +0,0 @@
postgresql_server_install 'My PostgreSQL Server install' do
initdb_locale 'en_US.utf8'
action :install
end
postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
initdb_locale 'en_US.utf8'
action :create
end
postgresql_access 'local_postgres_superuser' do
comment 'Local postgres superuser access'
access_type 'local'
access_db 'all'
access_user 'postgres'
access_addr nil
access_method 'ident'
end
postgresql_user 'gitea' do
password node['db-password']
# createrole true
end
# Hack for creating a database, this cook book is broken with debian...
execute 'add database' do
command 'createdb gitea'
user 'postgres'
not_if 'psql -lqt | cut -d \| -f 1 | grep -qw gitea', :user => 'postgres'
end
execute 'Grant gitea user' do
command 'echo "grant all privileges on database gitea to gitea ;" | psql'
user 'postgres'
end
template '/home/gitea/dump.sql' do
source 'gitea_postgres.sql.erb'
owner 'gitea'
group 'gitea'
mode '0755'
end
execute 'base DB' do
command 'psql gitea < /home/gitea/dump.sql'
user 'postgres'
end
# postgresql_database 'gitea' do
# locale 'en_US.utf8'
# owner 'gitea'
# end

67
ops/cookbooks/hosting/templates/app.ini.erb
View File

@ -1,67 +0,0 @@
APP_NAME = <%= node['custom-title'] %>
RUN_USER = gitea
RUN_MODE = prod
[oauth2]
JWT_SECRET = QywECk5l8_8GDE7wMZpAJHOAO74eIpg1ny_-zm3AKSY
[security]
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTc4ODAwNjJ9.k3PPY_Dh0s04j8aQOx7R8N56bqLEGmBKOF3SnsHTtBw
INSTALL_LOCK = true
SECRET_KEY = x95ZGsKkk3PEQxsyGiIERM1DRX4vMosnTVqOwULjbpK70X4pSQ7keBMU1QPr5ExH
[database]
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = gitea
USER = gitea
PASSWD = <%= node['db-password'] %>
SSL_MODE = disable
PATH = /opt/theta42/data/gitea.db
[repository]
ROOT = /root/gitea-repositories
[server]
SSH_DOMAIN = <%= node['custom-domain'] %>
DOMAIN = <%= node['custom-domain'] %>
HTTP_PORT = 3000
ROOT_URL = http://<%= node['custom-domain'] %>/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /opt/theta42/gitea/data/lfs
LFS_JWT_SECRET = tvg4SFUSNduclix3Lye9_UD1IYaX46lUDUpenQovSbY
OFFLINE_MODE = false
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[session]
PROVIDER = file
[log]
MODE = file
LEVEL = Info
ROOT_PATH = /opt/theta42/gitea/log

16
ops/cookbooks/hosting/templates/autossl.conf.erb
View File

@ -1,16 +0,0 @@
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

5281
ops/cookbooks/hosting/templates/gitea_postgres.sql.erb
View File

File diff suppressed because it is too large Load Diff

24
ops/cookbooks/hosting/templates/host.conf.erb
View File

@ -1,24 +0,0 @@
server {
listen 80;
listen 443 ssl;
server_name <%= node['custom-domain'];
include autossl.conf;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/gitea.access.log;
error_log /var/log/nginx/gitea.error.log;
}
}

75
ops/cookbooks/hosting/templates/nginx.conf.erb
View File

@ -1,75 +0,0 @@
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
client_max_body_size 4g;
lua_shared_dict auto_ssl 100m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.4.4 8.8.8.8;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 127.0.0.1:8999;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include sites-enabled/*;
}

153
ops/cookbooks/vendor/postgresql/CHANGELOG.md vendored
View File

@ -1,153 +0,0 @@
# postgresql Cookbook CHANGELOG
This file is used to list changes made in the last 3 major versions of the postgresql cookbook.
## Unreleased
## v7.1.4 (28-03-2019)
- Fix installation of extensions.
## v7.1.3 (15-01-2019)
- Added support for dash in database role name.
## v7.1.2 (06-01-2019)
- Cleanup and update the user resource documentation and code. Removed extraneous 'sensitive' property which is a common property in all Chef resources.
- Change default permissions on the postgres.conf to be world readable so that psql can work.
## v7.1.1 (26-09-2018)
- Rename slave to follower
- Use CircleCI for testing
- Simplyfy extension resource
## v7.1.0 (22-06-2018)
- Update the `initdb` script to use initdb rather than a service. #542
- Refactor database commands to use the common connect method. #535
- Increase the unit test coverage.
## v7.0.0 (25-05-2018)
_Breaking Change_ Please see UPGRADING.md and the README.md for information how to use.
- Add custom resources for:
- `postgresql_client_install`
- `postgresql_server_install`
- `postgresql_repository`
- `postgresql_pg_gem`
- Deprecate recipes:
- `apt_pgdg_postgresql`
- `config_initdb`
- `config_pgtune`
- `contrib`
- `ruby`
- `yum_pgdg_postgresql`
- Remove deprecated tests
## v6.1.3 (2018-04-18)
- Fix recipes referencing the old helpers
## v6.1.2 (2018-04-16)
**this will be the last release of the 6.0 series before all recipes are removed from the cookbook**
- Deprecate all recipes
## v6.1.1 (2017-03-08)
- Fix pg gem installation on non-omnibus chef runs
- Resolve resource cloning deprecation warnings in the ruby recipe
- Fix issues resolving the timezone on CentOS 7 and probably other distros
- Test with Delivery local instead of Rake
## v6.1.0 (2017-02-18)
- Fix a method name conflict that caused errors if Chef Sugar was also being used on the run list
- Revert a previous PR that added support for Postgresql 9.6 as it introduced incorrect configuration values
- Added Fedora 25 support for pgdg packages
- Added RHEL 5 support for Postgresql 9.4 pgdg packages
- Removed testing for RHEL 5 and Ubuntu 12.04 as they are scheduled for EoL in the near future
- Improvements to Test Kitchen testing to allow more extensive testing in Travis CI
- Fixed the client recipe on Fedora
- Added Inspec tests for client installs
## v6.0.1 (2017-01-04
- Fix systemd unit file template
## v6.0.0 (2017-01-03)
- This cookbook now requires Chef 12.1 or later
- Removed the dependency on the apt cookbook as this functionality is built into modern chef client releases
- Added a new custom resource for installing extensions. This acts as a replacement for the contrib recipe with minimal backwards compatibility. You can now install / remove extensions into any database. This adds the compat_resource cookbook dependency so we can continue to support Chef 12.1-12.4, which lack custom resource support.
- The unused get_result_orig helper has been removed. If you utilized this you'll want to move it to your own wrapper cookbook
- Updates for compatibility with Postgresql 9.5 and 9.6
- Fixed client package installation on openSUSE Leap 42.2
- ca-certificates recipe has been deprecated. If ca-certificates package needs to be upgraded the user should do so prior to including this recipe. Package upgrades in community cookbooks are generally a bad idea as this bring in updated packages to production systems. The recipe currently warns if used and will be removed with the next major cookbook release.
- Fixed RHEL platform detection in the Ruby recipe
- systemd fixes for RHEL systems
- Fix systemd service file include when using pgdg packages
- Package installation now uses multi-package installs to speed up converge times
- Added integration testing in Travis of the client recipe using a new test cookbook. This will be expanded in the future to cover server installation as well
- Expanded the specs to test converges on multiple platforms
## v5.2.0 (2016-12-30)
- Updated contacts and links to point to Sous Chefs now
- Added a Code of Conduct (the Chef CoC)
- Removed duplicate platforms in the metadata
- Fix Chef runs with local mode in the server recipe
- Fix the ruby recipe to not fail when you specify enabling both the apt and yum repos for mixed distro environments
- Set the postgresql data directory to 700 permissions
- Added node['postgresql']['pg_gem']['version'] to specify the version of the pg gem to install
- Cookstyle fixes for the latest cookstyle release
- Removed test deps from the Gemfile. Rely on ChefDK for base testing deps instead
## v5.1.0 (2016-11-01)
- Maintenance of this cookbook has been migrated from Heavy Water to Sous Chefs - <https://sous-chefs.org/>
- Add support for Chef-Zero (local mode)
- Don't hardcode the UID / GID on RHEL/Amazon/Suse platforms
- Add PGDG yum RPMs for 9.5 / 9.6
## v5.0.0 (2016-10-25)
### Breaking changes
- Switched from Librarian to Berkshelf
- Remove support for the following platforms
- SLES < 12
- openSUSE < 13
- Debian < 7
- Ubuntu < 12.04
- RHEL < 6
- Amazon < 2013
- Unsupported (EOL) Fedora releases
### Other changes
- Added support for Ubuntu 16.04
- Loosened cookbook dependencies to not prevent pulling in the latest community cookbooks
- Added chef_version metadata
- Switched from rubocop to cookstyle and fix all warnings
- Removed minitests and the minitest handler
- Added support for opensuse / opensuseleap
- Added support for Fedora 23/24
- Added a chefignore file to limit the files uploaded to the chef server
- Updated Test Kitchen config to test on modern platform releases
- Added a Rakefile and updated Travis to test with ChefDK and that rakefile
- Avoid installing packages included in build-essential twice in the ruby recipe
- Require at least build-essential 2.0
- Don't cleanup the old PPA files in the apt_pgdg_postgresql recipe anymore. These should be long gone everywhere
- Remove logic in the apt_pgdg_postgresql recipe that made Chef fail when new distro releases came out
- Avoid node.set deprecation warnings
- Avoid managed_home deprecation warnings in server_redhat recipe

21
ops/cookbooks/vendor/postgresql/CONTRIBUTING.md vendored
View File

@ -1,21 +0,0 @@
# Contributing
## Branches
### `master` branch
The master branch is the current committed changes. These changes may not yet be released although we try to release often.
## Tags
All releases are tagged in git. To see the releases available to you see the changelog or the tags directly.
## Pull requests
- <https://github.com/sous-chefs/postgresql/pulls>
## Issues
Need to report an issue? Use the github issues:
- <https://github.com/sous-chefs/postgresql/issues>

433
ops/cookbooks/vendor/postgresql/README.md vendored
View File

@ -1,433 +0,0 @@
# PostgreSQL cookbook
[![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql)
[![Build Status](https://img.shields.io/circleci/project/github/sous-chefs/postgresql/master.svg)](https://circleci.com/gh/sous-chefs/postgresql)
[![pullreminders](https://pullreminders.com/badge.svg)](https://pullreminders.com?ref=badge)
Installs and configures PostgreSQL as a client or a server.
## Upgrading
If you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see upgrading.md for a full description.
## Requirements
### Platforms
- Amazon Linux
- Debian 7+
- Ubuntu 14.04+
- Red Hat/CentOS/Scientific 6+
- Fedora
### PostgreSQL version
We follow the currently supported versions listed on <https://www.postgresql.org/support/versioning/>
### Chef
- Chef 13.8+
### Cookbook Dependencies
None.
## Resources
### postgresql_client_install
This resource installs PostgreSQL client packages.
#### Actions
- `install` - (default) Install client packages
#### Properties
Name | Types | Description | Default | Required?
------------------- | ----------------- | ------------------------------------------------------------- | ----------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
`hba_file` | String | | `#{conf_dir}/main/pg_hba.conf` | no
`ident_file` | String | | `#{conf_dir}/main/pg_ident.conf` | no
`external_pid_file` | String | | `/var/run/postgresql/#{version}-main.pid` | no
`password` | String, nil | Pass in a password, or have the cookbook generate one for you | <random string> | no
#### Examples
To install version 9.5:
```ruby
postgresql_client_install 'My PostgreSQL Client install' do
version '9.5'
end
```
### postgresql_server_install
This resource installs PostgreSQL client and server packages.
#### Actions
- `install` - (default) Install client and server packages
- `create` - Initialize the database
#### Properties
Name | Types | Description | Default | Required?
------------------- | --------------- | --------------------------------------------- | -------------------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no
`hba_file` | String | Path of pg_hba.conf file | `<default_os_path>/pg_hba.conf'` | no
`ident_file` | String | Path of pg_ident.conf file | `<default_os_path>/pg_ident.conf` | no
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<version>-main.pid</version>` | no
`password` | String, nil | Set PostgreSQL user password | 'generate' | no
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
`initdb_locale` | String | Locale to initialise the database with | 'C' | no
#### Examples
To install PostgreSQL server, set your own postgres password using non-default service port.
```ruby
postgresql_server_install 'My PostgreSQL Server install' do
action :install
end
postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
password 'MyP4ssw0rd'
port 5433
action :create
end
```
#### Known issues
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
### postgresql_server_conf
This resource manages postgresql.conf configuration file.
#### Actions
- `modify` - (default) Manager PostgreSQL configuration file (postgresql.conf)
#### Properties
Name | Types | Description | Default | Required?
---------------------- | ------- | --------------------------------------- | --------------------------------------------------- | ---------
`version` | String | Version of PostgreSQL to install | '9.6' | no
`data_directory` | String | Path of PostgreSQL data directory | `<default_os_data_path>` | no
`hba_file` | String | Path of pg_hba.conf file | `<default_os_conf_path>/pg_hba.conf` | no
`ident_file` | String | Path of pg_ident.conf file | `<default_os_conf_path>/pg_ident.conf` | no
`external_pid_file` | String | Path of PID file | `/var/run/postgresql/<postgresql_version>-main.pid` | no
`stats_temp_directory` | String | Path of stats file | `/var/run/postgresql/version>-main.pg_stat_tmp` | no
`port` | Integer | Set listen port of PostgreSQL service | 5432 | no
`additional_config` | Hash | Extra configuration for the config file | {} | no
#### Examples
To setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too.
```ruby
postgresql_server_conf 'My PostgreSQL Config' do
version '9.5'
data_directory '/data/postgresql/9.5/main'
notifies :reload, 'service[postgresql]'
end
```
### postgresql_extension
This resource manages PostgreSQL extensions for a given database.
#### Actions
- `create` - (default) Creates an extension in a given database
- `drop` - Drops an extension from the database
#### Properties
Name | Types | Description | Default | Required?
------------- | ------ | -------------------------------------------------------------------------------- | ---------------- | ---------
`database` | String | Name of the database to install the extension into | | yes
`extension` | String | Name of the extension to install the database | Name of resource | yes
`version` | String | Version of the extension to install | | no
`old_version` | String | Older module name for new extension replacement. Appends FROM to extension query | | no
#### Examples
To install the `adminpack` extension:
```ruby
# Add the contrib package in Ubuntu/Debian
package 'postgresql-contrib-9.6'
# Install adminpack extension
postgresql_extension 'postgres adminpack' do
database 'postgres'
extension 'adminpack'
end
```
### postgresql_access
This resource uses the accumulator pattern to build up the `pg_hba.conf` file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final `pg_hba.conf`
#### Actions
- `grant` - (default) Creates an access line inside of `pg_hba.conf`
#### Properties
Name | Types | Description | Default | Required?
--------------- | ------ | ----------------------------------------------------------------------------------------- | ----------------- | ---------
`name` | String | Name of the access resource, this is left as a comment inside the `pg_hba` config | Resource name | yes
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_hba.conf.erb' | yes
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | yes
`comment` | String | A comment to leave above the entry in `pg_hba` | nil | no
`access_type` | String | The type of access, e.g. local or host | 'local' | yes
`access_db` | String | The database to access. Can use 'all' for all databases | 'all' | yes
`access_user` | String | The user accessing the database. Can use 'all' for any user | 'all' | yes
`access_addr` | String | The address(es) allowed access. Can be nil if method ident is used since it is local then | nil | no
`access_method` | String | Authentication method to use | 'ident' | yes
#### Examples
To grant access to the PostgreSQL user with ident authentication:
```ruby
postgresql_access 'local_postgres_superuser' do
comment 'Local postgres superuser access'
access_type 'local'
access_db 'all'
access_user 'postgres'
access_addr nil
access_method 'ident'
end
```
This generates the following line in the `pg_hba.conf`:
```
# Local postgres superuser access
local all postgres ident
```
**Note**: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this:
```
# "local" is for Unix domain socket connections only
local all all peer
```
### postgresql_ident
This resource generate `pg_ident.conf` configuration file to manage user mapping between system and PostgreSQL users.
#### Actions
- `create` - (default) Creates an mapping line inside of `pg_ident.conf`
#### Properties
Name | Types | Description | Default | Required?
-------------- | ----------- | -------------------------------------------------------------------------- | ------------------- | ---------
`mapname` | String | Name of the user mapping | Resource name | yes
`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_ident.conf.erb' | no
`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | no
`comment` | String, nil | A comment to leave above the entry in `pg_ident` | nil | no
`system_user` | String | System user or regexp used for the mapping | None | yes
`pg_user` | String | Pg user or regexp used for the mapping | None | yes
#### Examples
Creates a `mymapping` mapping that map `john` system user to `user1` PostgreSQL user:
```ruby
postgresql_ident 'Map john to user1' do
comment 'John Mapping'
mapname 'mymapping'
system_user 'john'
pg_user 'user1'
end
```
This generates the following line in the `pg_ident.conf`:
```
# MAPNAME SYSTEM-USERNAME PG-USERNAME
# John Mapping
mymapping john user1
```
To grant access to the foo user with password authentication:
```ruby
postgresql_access 'local_foo_user' do
comment 'Foo user access'
access_type 'host'
access_db 'all'
access_user 'foo'
access_addr '127.0.0.1/32'
access_method 'md5'
end
```
This generates the following line in the `pg_hba.conf`:
```
# Local postgres superuser access
host all foo 127.0.0.1/32 ident
```
### postgresql_database
This resource manages PostgreSQL databases.
#### Actions
- `create` - (default) Creates the given database.
- `drop` - Drops the given database.
#### Properties
Name | Types | Description | Default | Required?
---------- | ------- | ------------------------------------------------------------------- | ------------------- | ---------
`database` | String | Name of the database to create | Resource name | yes
`user` | String | User which run psql command | 'postgres' | no
`template` | String | Template used to create the new database | 'template1' | no
`host` | String | Define the host server where the database creation will be executed | Not set (localhost) | no
`port` | Integer | Define the port of PostgreSQL server | 5432 | no
`encoding` | String | Define database encoding | 'UTF-8' | no
`locale` | String | Define database locale | 'en_US.UTF-8' | no
`owner` | String | Define the owner of the database | Not set | no
#### Examples
To create database named 'my_app' with owner 'user1':
```ruby
postgresql_database 'my_app' do
owner 'user1'
end
```
#### Known issues
On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the
same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).
### postgresql_user
This resource manage PostgreSQL users.
#### Actions
- `create` - (default) Creates the given user with default or given privileges.
- `update` - Update user privilieges.
- `drop` - Deletes the given user.
#### Properties
Name | Types | Description | Default | Required?
-------------------- | ------- | ----------------------------------------------- | -------- | ---------
`create_user` | String | User to create (defaults to the resource name) | | Yes
`superuser` | Boolean | Define if user needs superuser role | false | no
`createdb` | Boolean | Define if user needs createdb role | false | no
`createrole` | Boolean | Define if user needs createrole role | false | no
`inherit` | Boolean | Define if user inherits the privileges of roles | true | no
`replication` | Boolean | Define if user needs replication role | false | no
`login` | Boolean | Define if user can login | true | no
`password` | String | Set user's password | | no
`encrypted_password` | String | Set user's password with an hashed password | | no
`valid_until` | String | Define an account expiration date | | no
`attributes` | Hash | Additional attributes for :update action | {} | no
`user` | String | User for command | postgres | no
`database` | String | Database for command | | no
`host` | String | Hostname for command | | no
`port` | Integer | Port number to connect to postgres | 5432 | no
#### Examples
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
```ruby
postgresql_user 'user1' do
password 'UserP4ssword'
createdb true
valid_until '2018-12-31'
end
```
Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.
```ruby
postgresql_user 'user1' do
password 'UserP4ssword'
createdb true
valid_until '2018-12-31'
end
```
## Usage
To install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters.
More examples can be found in `test/cookbooks/test/recipes`
## Example Usage
```ruby
# cookbooks/my_postgresql/recipes/default.rb
postgresql_client_install 'PostgreSQL Client' do
setup_repo false
version '10.6'
end
postgresql_server_install 'PostgreSQL Server' do
version '10.6'
setup_repo false
password 'P0stgresP4ssword'
end
postgresql_server_conf 'PostgreSQL Config' do
notifies :reload, 'service[postgresql]'
end
```
## Contributing
Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.
1. **Fork** the repo on GitHub
2. **Clone** the project to your own machine
3. **Commit** changes to your own branch
4. **Push** your work back up to your fork
5. Submit a **Pull request** so that we can review your changes
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
[Contribution informations for this project](CONTRIBUTING.md)
## License
Copyright 2010-2017, Chef Software, Inc.
```text
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

247
ops/cookbooks/vendor/postgresql/libraries/helpers.rb vendored
View File

@ -1,247 +0,0 @@
#
# Cookbook:: postgresql
# Library:: helpers
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module PostgresqlCookbook
module Helpers
include Chef::Mixin::ShellOut
require 'securerandom'
def psql_command_string(new_resource, query, grep_for: nil, value_only: false)
cmd = "/usr/bin/psql -c \"#{query}\""
cmd << " -d #{new_resource.database}" if new_resource.database
cmd << " -U #{new_resource.user}" if new_resource.user
cmd << " --host #{new_resource.host}" if new_resource.host
cmd << " --port #{new_resource.port}" if new_resource.port
cmd << ' --tuples-only' if value_only
cmd << " | grep #{grep_for}" if grep_for
cmd
end
def execute_sql(new_resource, query)
# If we don't pass in a user to the resource
# default to the postgres user
user = new_resource.user ? new_resource.user : 'postgres'
# Query could be a String or an Array of Strings
statement = query.is_a?(String) ? query : query.join("\n")
cmd = shell_out(statement, user: user)
# Pass back cmd so we can decide what to do with it in the calling method.
cmd
end
def database_exists?(new_resource)
sql = %(SELECT datname from pg_database WHERE datname='#{new_resource.database}')
exists = psql_command_string(new_resource, sql, grep_for: new_resource.database)
cmd = execute_sql(new_resource, exists)
cmd.exitstatus == 0
end
def user_exists?(new_resource)
sql = %(SELECT rolname FROM pg_roles WHERE rolname='#{new_resource.create_user}';)
exists = psql_command_string(new_resource, sql, grep_for: new_resource.create_user)
cmd = execute_sql(new_resource, exists)
cmd.exitstatus == 0
end
def extension_installed?(new_resource)
query = %(SELECT extversion FROM pg_extension WHERE extname='#{new_resource.extension}';)
check_extension_version = psql_command_string(new_resource, query, value_only: true)
version_result = execute_sql(new_resource, check_extension_version)
if new_resource.version
version_result.stdout == new_resource.version
else
!version_result.stdout.chomp.empty?
end
end
def alter_role_sql(new_resource)
sql = %(ALTER ROLE postgres ENCRYPTED PASSWORD '#{postgres_password(new_resource)}';)
psql_command_string(new_resource, sql)
end
def create_extension_sql(new_resource)
sql = "CREATE EXTENSION IF NOT EXISTS #{new_resource.extension}"
sql << " FROM \"#{new_resource.old_version}\"" if new_resource.old_version
psql_command_string(new_resource, sql)
end
def user_has_password?(new_resource)
sql = %(SELECT rolpassword from pg_authid WHERE rolname='postgres' AND rolpassword IS NOT NULL;)
cmd = psql_command_string(new_resource, sql)
res = execute_sql(new_resource, cmd)
res.stdout =~ /1 row/ ? true : false
end
def role_sql(new_resource)
sql = %(\\"#{new_resource.create_user}\\" WITH )
%w(superuser createdb createrole inherit replication login).each do |perm|
sql << "#{'NO' unless new_resource.send(perm)}#{perm.upcase} "
end
sql << if new_resource.encrypted_password
"ENCRYPTED PASSWORD '#{new_resource.encrypted_password}'"
elsif new_resource.password
"PASSWORD '#{new_resource.password}'"
else
''
end
sql << if new_resource.valid_until
" VALID UNTIL '#{new_resource.valid_until}'"
else
''
end
end
def create_user_sql(new_resource)
sql = %(CREATE ROLE #{role_sql(new_resource)})
psql_command_string(new_resource, sql)
end
def update_user_sql(new_resource)
sql = %(ALTER ROLE #{role_sql(new_resource)})
psql_command_string(new_resource, sql)
end
def update_user_with_attributes_sql(new_resource, value)
sql = %(ALTER ROLE '#{new_resource.create_user}' SET #{attr} = #{value})
psql_command_string(new_resource, sql)
end
def drop_user_sql(new_resource)
sql = %(DROP ROLE IF EXISTS '#{new_resource.create_user}')
psql_command_string(new_resource, sql)
end
def data_dir(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"/var/lib/pgsql/#{version}/data"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"/var/lib/pgsql#{version.delete('.')}/data"
else
"/var/lib/pgsql/#{version}/data"
end
when 'debian'
"/var/lib/postgresql/#{version}/main"
end
end
def conf_dir(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"/var/lib/pgsql/#{version}/data"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"/var/lib/pgsql#{version.delete('.')}/data"
else
"/var/lib/pgsql/#{version}/data"
end
when 'debian'
"/etc/postgresql/#{version}/main"
end
end
# determine the platform specific service name
def platform_service_name(version = node.run_state['postgresql']['version'])
case node['platform_family']
when 'rhel', 'fedora'
"postgresql-#{version}"
when 'amazon'
if node['virtualization']['system'] == 'docker'
"postgresql#{version.delete('.')}"
else
"postgresql-#{version}"
end
else
'postgresql'
end
end
def follower?
::File.exist? "#{data_dir}/recovery.conf"
end
def initialized?
return true if ::File.exist?("#{conf_dir}/PG_VERSION")
false
end
def secure_random
r = SecureRandom.hex
Chef::Log.debug "Generated password: #{r}"
r
end
# determine the platform specific server package name
def server_pkg_name
platform_family?('debian') ? "postgresql-#{new_resource.version}" : "postgresql#{new_resource.version.delete('.')}-server"
end
# determine the appropriate DB init command to run based on RHEL/Fedora/Amazon release
# initdb defaults to the execution environment.
# https://www.postgresql.org/docs/9.5/static/locale.html
def rhel_init_db_command(new_resource)
cmd = if platform_family?('amazon')
'/usr/bin/initdb'
else
"/usr/pgsql-#{new_resource.version}/bin/initdb"
end
cmd << " --locale '#{new_resource.initdb_locale}'" if new_resource.initdb_locale
cmd << " -D '#{data_dir(new_resource.version)}'"
end
# Given the base URL build the complete URL string for a yum repo
def yum_repo_url(base_url)
"#{base_url}/#{new_resource.version}/#{yum_repo_platform_family_string}/#{yum_repo_platform_string}"
end
# The postgresql yum repos URLs are organized into redhat and fedora directories.s
# route things to the right place based on platform_family
def yum_repo_platform_family_string
platform_family?('fedora') ? 'fedora' : 'redhat'
end
# Build the platform string that makes up the final component of the yum repo URL
def yum_repo_platform_string
platform = platform?('fedora') ? 'fedora' : 'rhel'
release = platform?('amazon') ? '6' : '$releasever'
"#{platform}-#{release}-$basearch"
end
# On Amazon use the RHEL 6 packages. Otherwise use the releasever yum variable
def yum_releasever
platform?('amazon') ? '6' : '$releasever'
end
# Generate a password if the value is set to generate.
def postgres_password(new_resource)
new_resource.password == 'generate' ? secure_random : new_resource.password
end
end
end

1
ops/cookbooks/vendor/postgresql/metadata.json vendored
View File

File diff suppressed because one or more lines are too long

15
ops/cookbooks/vendor/postgresql/metadata.rb vendored
View File

@ -1,15 +0,0 @@
# frozen_string_literal: true
name 'postgresql'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Installs and configures postgresql for clients or servers'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '7.1.4'
source_url 'https://github.com/sous-chefs/postgresql'
issues_url 'https://github.com/sous-chefs/postgresql/issues'
chef_version '>= 13.8'
%w(ubuntu debian fedora amazon redhat centos scientific oracle).each do |os|
supports os
end

59
ops/cookbooks/vendor/postgresql/resources/access.rb vendored
View File

@ -1,59 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: access
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :access_type, String, required: true, default: 'local'
property :access_db, String, required: true, default: 'all'
property :access_user, String, required: true, default: 'postgres'
property :access_method, String, required: true, default: 'ident'
property :cookbook, String, default: 'postgresql'
property :source, String, default: 'pg_hba.conf.erb'
property :access_addr, String
property :comment, String
action :grant do
config_resource = new_resource
with_run_context :root do # ~FC037
edit_resource(:template, "#{conf_dir}/pg_hba.conf") do |new_resource|
source new_resource.source
cookbook new_resource.cookbook
owner 'postgres'
group 'postgres'
mode '0600'
variables[:pg_hba] ||= {}
variables[:pg_hba][new_resource.name] = {
comment: new_resource.comment,
type: new_resource.access_type,
db: new_resource.access_db,
user: new_resource.access_user,
addr: new_resource.access_addr,
method: new_resource.access_method,
}
action :nothing
delayed_action :create
notifies :trigger, config_resource, :immediately
end
end
end
action :trigger do
new_resource.updated_by_last_action(true) # ~FC085
end
action_class do
include PostgresqlCookbook::Helpers
end

35
ops/cookbooks/vendor/postgresql/resources/client_install.rb vendored
View File

@ -1,35 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: client_install
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :version, String, default: '9.6'
property :setup_repo, [true, false], default: true
action :install do
postgresql_repository 'Add downloads.postgresql.org repository' do
version new_resource.version
only_if { new_resource.setup_repo }
end
case node['platform_family']
when 'debian'
package "postgresql-client-#{new_resource.version}"
when 'rhel', 'fedora', 'amazon'
ver = new_resource.version.delete('.')
package "postgresql#{ver}"
end
end

67
ops/cookbooks/vendor/postgresql/resources/database.rb vendored
View File

@ -1,67 +0,0 @@
#
# Cookbook:: postgresql
# Resource:: database
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :template, String, default: 'template1'
property :encoding, String, default: 'UTF-8'
property :locale, String, default: 'en_US.UTF-8'
property :owner, String
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String, name_property: true
property :host, [String, nil], default: nil
property :port, Integer, default: 5432
action :create do
createdb = 'createdb'
createdb << " -E #{new_resource.encoding}" if new_resource.encoding
createdb << " -l #{new_resource.locale}" if new_resource.locale
createdb << " -T #{new_resource.template}" unless new_resource.template.empty?
createdb << " -O #{new_resource.owner}" if new_resource.owner
createdb << " -U #{new_resource.user}" if new_resource.user
createdb << " -h #{new_resource.host}" if new_resource.host
createdb << " -p #{new_resource.port}" if new_resource.port
createdb << " #{new_resource.database}"
bash "Create Database #{new_resource.database}" do
code createdb
user new_resource.user
not_if { follower? }
not_if { database_exists?(new_resource) }
end
end
action :drop do
converge_by "Drop PostgreSQL Database #{new_resource.database}" do
dropdb = 'dropdb'
dropdb << " -U #{new_resource.user}" if new_resource.user
dropdb << " --host #{new_resource.host}" if new_resource.host
dropdb << " --port #{new_resource.port}" if new_resource.port
dropdb << " #{new_resource.database}"
bash "drop postgresql database #{new_resource.database})" do
user 'postgres'
code dropdb
not_if { follower? }
only_if { database_exists?(new_resource) }
end
end
end
action_class do
include PostgresqlCookbook::Helpers
end

49
ops/cookbooks/vendor/postgresql/resources/extension.rb vendored
View File

@ -1,49 +0,0 @@
#
# Cookbook:: postgresql
# Resource:: extension
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :extension, String, name_property: true
property :old_version, String
property :version, String
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String, required: true
property :host, [String, nil]
property :port, Integer, default: 5432
action :create do
bash "CREATE EXTENSION #{new_resource.name}" do
code create_extension_sql(new_resource)
user 'postgres'
action :run
not_if { follower? || extension_installed?(new_resource) }
end
end
action :drop do
bash "DROP EXTENSION #{new_resource.name}" do
code psql_command_string(new_resource, "DROP EXTENSION IF EXISTS \"#{new_resource.extension}\"")
user 'postgres'
action :run
not_if { follower? }
only_if { extension_installed?(new_resource) }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

55
ops/cookbooks/vendor/postgresql/resources/ident.rb vendored
View File

@ -1,55 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: access
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :mapname, String, required: true
property :source, String, default: 'pg_ident.conf.erb'
property :cookbook, String, default: 'postgresql'
property :system_user, String, required: true
property :pg_user, String, required: true
property :comment, [String, nil], default: nil
action :create do
ident_resource = new_resource
with_run_context :root do # ~FC037
edit_resource(:template, "#{conf_dir}/pg_ident.conf") do |new_resource|
source new_resource.source
cookbook new_resource.cookbook
owner 'postgres'
group 'postgres'
mode '0640'
variables[:pg_ident] ||= {}
variables[:pg_ident][new_resource.name] = {
comment: new_resource.comment,
mapname: new_resource.mapname,
system_user: new_resource.system_user,
pg_user: new_resource.pg_user,
}
action :nothing
delayed_action :create
notifies :trigger, ident_resource, :immediately
end
end
end
action :trigger do
new_resource.updated_by_last_action(true) # ~FC085
end
action_class do
include PostgresqlCookbook::Helpers
end

90
ops/cookbooks/vendor/postgresql/resources/repository.rb vendored
View File

@ -1,90 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: repository
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :version, String, default: '9.6'
property :enable_pgdg, [true, false], default: true
property :enable_pgdg_source, [true, false], default: false
property :enable_pgdg_updates_testing, [true, false], default: false
property :enable_pgdg_source_updates_testing, [true, false], default: false
property :yum_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG'
property :apt_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc'
action :add do
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
remote_file "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" do
source new_resource.yum_gpg_key_uri
end
yum_repository "PostgreSQL #{new_resource.version}" do # ~FC005
repositoryid "pgdg#{new_resource.version}"
description "PostgreSQL.org #{new_resource.version}"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum')
enabled new_resource.enable_pgdg
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - source " do
repositoryid "pgdg#{new_resource.version}-source"
description "PostgreSQL.org #{new_resource.version} Source"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms')
enabled new_resource.enable_pgdg_source
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - updates testing" do
repositoryid "pgdg#{new_resource.version}-updates-testing"
description "PostgreSQL.org #{new_resource.version} Updates Testing"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/testing')
enabled new_resource.enable_pgdg_updates_testing
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
yum_repository "PostgreSQL #{new_resource.version} - source - updates testing" do
repositoryid "pgdg#{new_resource.version}-source-updates-testing"
description "PostgreSQL.org #{new_resource.version} Source Updates Testing"
baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms/testing')
enabled new_resource.enable_pgdg_source_updates_testing
gpgcheck true
gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}"
end
when 'debian'
apt_update
package 'apt-transport-https'
apt_repository 'postgresql_org_repository' do
uri 'https://download.postgresql.org/pub/repos/apt/'
components ['main', new_resource.version.to_s]
distribution "#{node['lsb']['codename']}-pgdg"
key new_resource.apt_gpg_key_uri
cache_rebuild true
end
else
raise "The platform_family '#{node['platform_family']}' or platform '#{node['platform']}' is not supported by the postgresql_repository resource. If you believe this platform can/should be supported by this resource please file and issue or open a pull request at https://github.com/sous-chefs/postgresql"
end
end
action_class do
include PostgresqlCookbook::Helpers
end

52
ops/cookbooks/vendor/postgresql/resources/server_conf.rb vendored
View File

@ -1,52 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: server_conf
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include PostgresqlCookbook::Helpers
property :version, String, default: '9.6'
property :data_directory, String, default: lazy { data_dir }
property :hba_file, String, default: lazy { "#{conf_dir}/pg_hba.conf" }
property :ident_file, String, default: lazy { "#{conf_dir}/pg_ident.conf" }
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
property :stats_temp_directory, String, default: lazy { "/var/run/postgresql/#{version}-main.pg_stat_tmp" }
property :port, Integer, default: 5432
property :additional_config, Hash, default: {}
property :cookbook, String, default: 'postgresql'
action :modify do
template "#{conf_dir}/postgresql.conf" do
cookbook new_resource.cookbook
source 'postgresql.conf.erb'
owner 'postgres'
group 'postgres'
mode '0644'
variables(
data_dir: new_resource.data_directory,
hba_file: new_resource.hba_file,
ident_file: new_resource.ident_file,
external_pid_file: new_resource.external_pid_file,
stats_temp_directory: new_resource.stats_temp_directory,
port: new_resource.port,
additional_config: new_resource.additional_config
)
end
end
action_class do
include PostgresqlCookbook::Helpers
end

76
ops/cookbooks/vendor/postgresql/resources/server_install.rb vendored
View File

@ -1,76 +0,0 @@
# frozen_string_literal: true
#
# Cookbook:: postgresql
# Resource:: server_install
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include PostgresqlCookbook::Helpers
property :version, String, default: '9.6'
property :setup_repo, [true, false], default: true
property :hba_file, String, default: lazy { "#{conf_dir}/main/pg_hba.conf" }
property :ident_file, String, default: lazy { "#{conf_dir}/main/pg_ident.conf" }
property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" }
property :password, [String, nil], default: 'generate' # Set to nil if we do not want to set a password
property :port, Integer, default: 5432
property :initdb_locale, String
# Connection preferences
property :user, String, default: 'postgres'
property :database, String
property :host, [String, nil]
action :install do
node.run_state['postgresql'] ||= {}
node.run_state['postgresql']['version'] = new_resource.version
postgresql_client_install 'Install PostgreSQL Client' do
version new_resource.version
setup_repo new_resource.setup_repo
end
package server_pkg_name
end
action :create do
execute 'init_db' do
command rhel_init_db_command(new_resource)
user new_resource.user
not_if { initialized? }
only_if { platform_family?('rhel', 'fedora', 'amazon') }
end
# We use to use find_resource here.
# But that required the user to do the same in their recipe.
# This also seemed to never trigger notifications, therefore requiring a log resource
# to notify the enable/start on the service, which always fires (Check v7.0 tag for more)
service 'postgresql' do
service_name platform_service_name
supports restart: true, status: true, reload: true
action [:enable, :start]
end
# Generate a random password or set it as per new_resource.password.
bash 'generate-postgres-password' do
user 'postgres'
code alter_role_sql(new_resource)
not_if { user_has_password?(new_resource) }
not_if { new_resource.password.nil? }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

87
ops/cookbooks/vendor/postgresql/resources/user.rb vendored
View File

@ -1,87 +0,0 @@
#
# Cookbook:: postgresql
# Resource:: user
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :create_user, String, name_property: true
property :superuser, [true, false], default: false
property :createdb, [true, false], default: false
property :createrole, [true, false], default: false
property :inherit, [true, false], default: true
property :replication, [true, false], default: false
property :login, [true, false], default: true
property :password, String
property :encrypted_password, String
property :valid_until, String
property :attributes, Hash, default: {}
# Connection prefernces
property :user, String, default: 'postgres'
property :database, String
property :host, String
property :port, Integer, default: 5432
action :create do
Chef::Log.warn('You cannot use "attributes" property with create action.') unless new_resource.attributes.empty?
execute "create postgresql user #{new_resource.create_user}" do # ~FC009
user 'postgres'
command create_user_sql(new_resource)
sensitive new_resource.sensitive
not_if { follower? || user_exists?(new_resource) }
end
end
action :update do
if new_resource.attributes.empty?
execute "update postgresql user #{new_resource.create_user}" do
user 'postgres'
command update_user_sql(new_resource)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
else
new_resource.attributes.each do |attr, value|
v = if value.is_a?(TrueClass) || value.is_a?(FalseClass)
value.to_s
else
"'#{value}'"
end
execute "Update postgresql user #{new_resource.create_user} to set #{attr}" do
user 'postgres'
command update_user_with_attributes_sql(new_resource, v)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
end
end
end
action :drop do
execute "drop postgresql user #{new_resource.create_user}" do
user 'postgres'
command drop_user_sql(new_resource)
sensitive true
not_if { follower? }
only_if { user_exists?(new_resource) }
end
end
action_class do
include PostgresqlCookbook::Helpers
end

33
ops/cookbooks/vendor/postgresql/templates/pg_hba.conf.erb vendored
View File

@ -1,33 +0,0 @@
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
###########
# From the postgresql_access resources
###########
<% @pg_hba.each do |k,v| -%>
# <%= k %>
<% if v[:comment] -%>
# <%= v[:comment] %>
<% end -%>
<% if v[:addr] %>
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:addr].ljust(23) %> <%= v[:method] %>
<% else %>
<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:method] %>
<% end %>
<% end %>

49
ops/cookbooks/vendor/postgresql/templates/pg_ident.conf.erb vendored
View File

@ -1,49 +0,0 @@
# PostgreSQL User Name Maps
# =========================
#
# Refer to the PostgreSQL documentation, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls PostgreSQL user name mapping. It maps external
# user names to their corresponding PostgreSQL user names. Records
# are of the form:
#
# MAPNAME SYSTEM-USERNAME PG-USERNAME
#
# (The uppercase quantities must be replaced by actual values.)
#
# MAPNAME is the (otherwise freely chosen) map name that was used in
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
# client. PG-USERNAME is the requested PostgreSQL user name. The
# existence of a record specifies that SYSTEM-USERNAME may connect as
# PG-USERNAME.
#
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
# regular expression. Optionally this can contain a capture (a
# parenthesized subexpression). The substring matching the capture
# will be substituted for \1 (backslash-one) if present in
# PG-USERNAME.
#
# Multiple maps may be specified in this file and used by pg_hba.conf.
#
# No map names are defined in the default configuration. If all
# system user names and PostgreSQL user names are the same, you don't
# need anything in this file.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here
# ----------------------------------
# MAPNAME SYSTEM-USERNAME PG-USERNAME
<% @pg_ident.each do |k,v| -%>
<% if v[:comment] -%>
# <%= v[:comment] %>
<% end -%>
<%= v[:mapname].ljust(15) %> <%= v[:system_user].ljust(23) %> <%= v[:pg_user].ljust(15) %>
<% end %>

2
ops/cookbooks/vendor/postgresql/templates/pgsql.sysconfig.erb vendored
View File

@ -1,2 +0,0 @@
PGDATA=<%= @postgresql_dir %>
PGPORT=<%= @port %>

26
ops/cookbooks/vendor/postgresql/templates/postgresql.conf.erb vendored
View File

@ -1,26 +0,0 @@
# PostgreSQL configuration file
# This file was automatically generated and dropped off by chef!
# Please refer to the PostgreSQL documentation for details on
# configuration settings.
data_directory = '<%= @data_dir %>'
hba_file = '<%= @hba_file %>'
ident_file = '<%= @ident_file %>'
external_pid_file = '<%= @external_pid_file %>'
stats_temp_directory = '<%= @stats_temp_directory %>'
port = <%= @port %>
<% @additional_config.sort.each do |key, value| %>
<% next if value.nil? -%>
<%= key %> = <%=
case value
when String
"'#{value}'"
when TrueClass
'on'
when FalseClass
'off'
else
value
end
%>
<% end %>

6
ops/cookbooks/vendor/postgresql/templates/postgresql.service.erb vendored
View File

@ -1,6 +0,0 @@
[Service]
.include /usr/lib/systemd/system/<%= @svc_name %>.service
Environment=
Environment=PGPORT=<%= @port %>
Environment=PGDATA=<%= @data_dir %>

10
ops/roles/app.rb
View File

@ -1,10 +0,0 @@
name :app
description "A basic role"
run_list(
"recipe[hosting::user]",
"recipe[hosting::mkdir]",
"recipe[hosting::postgress]",
"recipe[hosting::gitea]",
"recipe[hosting::nginx]",
)

5
ops/solo.rb
View File

@ -1,5 +0,0 @@
cookbook_path [
'/opt/theta42/provision-node/ops/cookbooks',
'/opt/theta42/provision-node/ops/cookbooks/vendor',
]
roles_path '/opt/theta42/provision-node/ops/roles'