Merge branch 'mysql' of theta42/t42-common into master

attributes/mysql.rb

@@ -0,0 +1,6 @@
+require 'securerandom'
+
+node.default['db']['name'] = "#{node['app']['name']}"
+node.default['db']['user'] = "#{node['app']['name']}"
+node.default['db']['root_password'] = SecureRandom.hex(13)
+node.default['db']['password'] = SecureRandom.hex(13)

attributes/nodejs.rb

@@ -1,3 +1,4 @@
+default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node"
 default['NodeJS']['version'] = 8
 default['NodeJS']['working-dir'] = 'src/nodejs'
 default['NodeJS']['exec_file'] = 'app.js'

attributes/postgres.rb

@@ -0,0 +1,5 @@
+require 'securerandom'
+
+default['db']['name'] = node['app']['name']
+default['db']['user'] = node['app']['name']
+default['db']['password'] = SecureRandom.hex(13)

attributes/python.rb

@@ -0,0 +1,3 @@
+default['python']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/python"
+default['python']['version'] = '3.6'
+default['python']['pip_requirements_path'] = 'requirements.txt'

attributes/redis.rb

@@ -0,0 +1 @@
+default['redis']['unix']['path'] = '/var/run/redis/redis.sock'

metadata.rb

@@ -4,9 +4,13 @@ maintainer_email 'you@example.com'
 license 'All Rights Reserved'
 description 'Installs/Configures t42-common'
 long_description 'Installs/Configures t42-common'
-version '0.1.0'
+version '0.1.11'
 chef_version '>= 13.0'
 
+depends 'nodejs'
+depends 'postgresql'
+depends 'mysql'
+
 # The `issues_url` points to the location where issues for this cookbook are
 # tracked.  A `View Issues` link will be displayed on this cookbook's page when
 # uploaded to a Supermarket.

recipes/mysql.rb

@@ -0,0 +1,21 @@
+mysql_service node['app']['name'] do
+  # version '5.7'
+  bind_address node['db']['bind_address']
+  port node['db']['port']
+  # data_dir '/data'
+  initial_root_password node['db']['root_password']
+
+  action [:create, :start]
+end
+
+
+bash 'Make mysql Database and User' do
+	code <<~EOH
+		mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "CREATE DATABASE '#{node['db']['name']}' /*\!40100 DEFAULT CHARACTER SET utf8 */;"
+	    mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "CREATE USER '#{node['db']['user']}'@localhost IDENTIFIED BY '#{node['db']['password']}';"
+	    mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "GRANT ALL PRIVILEGES ON '#{node['db']['name']}'.* TO '#{node['db']['user']}'@'%';"
+	    mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "FLUSH PRIVILEGES;"
+
+	EOH
+	not_if "mysql -h 127.0.0.1 -uroot -p\"#{node['db']['root_password']}\" -e 'use #{node['db']['name']}'"
+end

recipes/nodejs.rb

@@ -11,33 +11,47 @@ version = {
 	}
 }
 
-unless node['node']['working-dir'][0] == '/'
-	node.override['node']['working-dir'] = "#{node['working-dir']}/#{node['node']['working-dir']}"
+unless node['nodejs']['working-dir'][0] == '/'
+	node.override['nodejs']['working-dir'] = "#{node['working-dir']}/#{node['nodejs']['working-dir']}"
 end
 
-unless node['node']['version']
-	node.default['node']['version'] = 8
+unless node['nodejs']['install_version']
+	node.default['nodejs']['install_version'] = 8
 end
 
-unless version.key?(node['node']['version'])
+unless version.key?(node['nodejs']['install_version'])
 	raise <<~EOH
-		Unsupported NodeJS version #{node['node']['version']}.
+		Unsupported NodeJS version #{node['nodejs']['install_version']}.
 		Supports #{version.keys}.
 	EOH
 end
 
-set_version = version[node['node']['version']]
+set_version = version[node['nodejs']['install_version']]
 
 node.default['nodejs']['install_method'] = 'binary'
-node.default['nodejs']['version'] = set_version['version']
+node.default['nodejs']['version'] = set_version['version'].to_str
 node.default['nodejs']['binary']['url'] = set_version['url']
 node.default['nodejs']['binary']['checksum'] = set_version['checksum']
 
+node.default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node"
+
 include_recipe "nodejs"
 
+directory node['nodejs']['env_path'] do
+	recursive true
+end
+
+file "#{node['nodejs']['env_path']}/package.json" do
+  owner 'root'
+  group 'root'
+  mode 0755
+  content ::File.open("#{node['nodejs']['working-dir']}/package.json").read
+  action :create
+end
+
 execute 'Install NPM package.json' do
-	cwd node['node']['working-dir']
-	command "npm --prefix \"#{node['node']['working-dir']}\" install"
+	cwd node['nodejs']['env_path']
+	command "npm --prefix #{node['nodejs']['env_path']} install #{node['nodejs']['env_path']}"
 end
 
 directory "/var/log/node/#{node['app']['name']}" do

recipes/openresty.rb

@@ -0,0 +1,64 @@
+# apt_repository 'open resty repo' do
+#   uri 'http://openresty.org/package/ubuntu'
+#   key 'https://openresty.org/package/pubkey.gpg'
+#   components   ['main']
+# end
+
+apt_package 'software-properties-common'
+
+execute 'add key' do
+	command 'wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -'
+end
+
+execute 'add repo' do
+	command 'add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"; apt update'
+end
+
+apt_package 'openresty'
+
+if node['web']['do_ssl']
+	apt_package 'luarocks'
+
+	execute 'install lua-resty-auto-ssl' do
+	  command 'luarocks install lua-resty-auto-ssl'
+	end
+
+	directory '/etc/ssl' do
+	  mode '0755'
+	  action :create
+	end
+
+	execute 'defualt ssl' do
+		command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt"
+	end
+
+	execute 'defualt ssl' do
+		command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt"
+	end
+
+	template '/etc/openresty/autossl.conf' do
+		source 'autossl.conf.erb'
+	end
+end
+
+template '/etc/openresty/nginx.conf' do
+	source 'nginx.conf.erb'
+end
+
+directory '/etc/openresty/sites-enabled' do
+  mode '0755'
+  action :create
+end
+
+directory '/var/log/nginx/' do
+	mode '0775'
+	action :create
+end
+
+template '/etc/openresty/sites-enabled/host.conf' do
+	source 'host.conf.erb'
+end
+
+systemd_unit 'openresty' do
+	action :reload
+end

recipes/php.rb

@@ -0,0 +1,14 @@
+unless node['php']['working-dir'][0] == '/'
+	node.override['php']['working-dir'] = "#{node['working-dir']}/#{node['php']['working-dir']}"
+end
+
+[
+	'php',
+	'libapache2-mod-php',
+].each do |pkg|
+	apt_package pkg
+end
+
+systemd_unit 'apache2.service' do
+	action :restart
+end

recipes/postgres.rb

@@ -0,0 +1,49 @@
+execute 'add key' do
+  command 'wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -'
+end
+
+execute 'add repo' do
+  command 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
+end
+
+
+apt_update 'update' do
+end.run_action(:update) if platform_family?('debian')
+
+postgresql_server_install 'My PostgreSQL Server install' do
+  initdb_locale 'en_US.utf8'
+  action :install
+end
+
+postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
+  initdb_locale 'en_US.utf8'
+  action :create
+end
+
+postgresql_access 'local_postgres_superuser' do
+  comment 'Local postgres superuser access'
+  access_type 'local'
+  access_db 'all'
+  access_user 'postgres'
+  access_addr nil
+  access_method 'ident'
+end
+
+postgresql_user 'DB user' do
+  create_user node['db']['user']
+  password node['db']['password']
+  createrole true
+end
+
+# Hack for creating a database, this cook book is broken with debian...
+
+execute 'add database' do
+	command "createdb #{node['db']['name']}"
+	user 'postgres'
+	not_if "psql -lqt | grep -w \"#{node['db']['name']}\"", :user => 'postgres'
+end
+
+execute 'Grant DB user' do
+	command "echo \"grant all privileges on database #{node['db']['name']} to #{node['db']['user']} ;\" | psql"
+	user 'postgres'
+end

recipes/python.rb

@@ -0,0 +1,42 @@
+#
+# Cookbook:: django-bakend
+# Recipe:: default
+#
+# Copyright:: 2019, The Authors, All Rights Reserved.
+
+unless node['python']['working-dir'][0] == '/'
+	node.override['python']['working-dir'] = "#{node['working-dir']}/#{node['python']['working-dir']}"
+end
+
+
+apt_repository 'Python apt repo' do
+  uri 'ppa:deadsnakes/ppa'
+  repo_name 'ppa-deadsnakes'
+  deb_src true
+  action :add
+end
+
+apt_update
+
+[
+	"python#{node['python']['version']}",
+	"python#{node['python']['version']}-dev",
+	"python#{node['python']['version'][0]}-pip",
+
+].each do |pkg|
+	apt_package pkg
+end
+
+execute 'Install virtual' do
+	command "pip#{node['python']['version'][0]} install virtualenv"
+end
+
+bash 'Install python requirements file' do
+	# user 'root'
+	# cwd  '/mydir'
+	code <<~EOH
+		virtualenv #{node['python']['env_path']}
+		source #{node['python']['env_path']}/bin/activate
+		pip install -r #{node['python']['working-dir']}/#{node['python']['pip_requirements_path']}
+	EOH
+end

recipes/redis.rb

@@ -0,0 +1,19 @@
+apt_package 'redis-server'
+
+template '/etc/redis/local.conf' do
+	source 'redis/local.conf'
+end
+
+if node['redis']['unix']['perm']
+	bash 'append_to_config' do
+	  user 'root'
+	  code <<~EOF
+	      echo "include /etc/redis/local.conf" >> /etc/redis/redis.conf
+	  EOF
+	  not_if 'grep -q "/etc/redis/local.conf" /etc/redis/redis.conf'
+	end
+end
+
+systemd_unit 'redis-server.service' do
+	action :restart
+end

templates/apache/vhost.conf.erb

@@ -41,14 +41,25 @@
       </FilesMatch>
     </IfModule>
 
+    <% if node['web']['root'] %>
+    DocumentRoot <%= node['web']['root'] %>
+    <Directory <%= node['web']['root'] %>/>
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+    </Directory>
+    <% end -%>
+
+    <% if node['web']['static'] %>
     <% node['web']['static'].each do |static| -%>
     Alias <%= static['uri'] %> <%= node['working-dir'] %>/<%= static['path'] %>
 
+    <% end -%>
     <% end -%>
 
     <% if node['web']['wsgi'] %>
     
-    WSGIDaemonProcess <%= node['app']['name'] %> python-path=<%= node['python']['working-dir'] %> python-home=<%= node['python']['virtualenv_path'] %>
+    WSGIDaemonProcess <%= node['app']['name'] %> python-path=<%= node['python']['working-dir'] %> python-home=<%= node['python']['env_path'] %>
     WSGIProcessGroup <%= node['app']['name'] %>
     WSGIScriptAlias / <%= node['working-dir'] %>/<%= node['web']['wsgi']['wsgi_path'] %>
 

templates/openresty/autossl.conf.erb

@@ -0,0 +1,17 @@
+  ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers  on;
+  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+
+  ssl_certificate_by_lua_block {
+    auto_ssl:ssl_certificate()
+  }
+
+  location /.well-known/acme-challenge/ {
+    content_by_lua_block {
+      auto_ssl:challenge_server()
+    }
+  }
+
+  ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+  ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
+  

templates/openresty/nginx.conf.erb

@@ -0,0 +1,75 @@
+#user  nobody;
+worker_processes 4;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    client_max_body_size 4g;
+
+
+    lua_shared_dict auto_ssl 100m;
+    lua_shared_dict auto_ssl_settings 64k;
+
+    resolver 8.8.4.4 8.8.8.8;
+
+    init_by_lua_block {
+        auto_ssl = (require "resty.auto-ssl").new()
+	auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
+        auto_ssl:set("allow_domain", function(domain)
+            return true
+        end)
+        auto_ssl:init()
+    }
+
+    init_worker_by_lua_block {
+      auto_ssl:init_worker()
+    }
+
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    server {
+      listen 127.0.0.1:8999;
+
+      # Increase the body buffer size, to ensure the internal POSTs can always
+      # parse the full POST contents into memory.
+      client_body_buffer_size 128k;
+      client_max_body_size 128k;
+
+      location / {
+        content_by_lua_block {
+          auto_ssl:hook_server()
+        }
+      }
+    }
+
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+    include sites-enabled/*;
+
+}

templates/openresty/simple-proxy.conf.erb

@@ -0,0 +1,28 @@
+server {
+    listen   80;
+    <% if node['web']['do_ssl'] %>
+    listen  443 ssl;
+    <% end %>
+    server_name <%= node['app']['domain'] %>;
+
+    <% if node['web']['do_ssl'] %>
+    include autossl.conf;
+    <% end %>
+
+    proxy_set_header X-Forwarded-For $remote_addr;
+
+    location / {
+         proxy_pass         http://localhost:3000;
+         proxy_set_header   Host $host;
+         proxy_set_header   X-Real-IP $remote_addr;
+         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header   X-Forwarded-Host $server_name;
+         proxy_read_timeout  1200s;
+
+         # used for view/edit office file via Office Online Server
+         client_max_body_size 0;
+    }
+
+     access_log      /var/log/nginx/<%= node['app']['name'] %>.access.log;
+     error_log       /var/log/nginx/<%= node['app']['name'] %>.error.log;
+}

templates/redis/local.conf

@@ -0,0 +1,7 @@
+# Specify the path for the Unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+
+unixsocket <%= node['redis']['unix']['path'] %> 
+unixsocketperm <%= node['redis']['unix']['perm'] %>