From f9a2f0aaacbf744c3364844e0de7984695c090b9 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:05:57 -0400 Subject: [PATCH 1/7] updated nodejs --- attributes/nodejs.rb | 2 ++ recipes/nodejs.rb | 34 ++++++++++++++++++++++++---------- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/attributes/nodejs.rb b/attributes/nodejs.rb index 34fdaed..d83b8c5 100644 --- a/attributes/nodejs.rb +++ b/attributes/nodejs.rb @@ -1,3 +1,5 @@ +node.default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node" + default['NodeJS']['version'] = 8 default['NodeJS']['working-dir'] = 'src/nodejs' default['NodeJS']['exec_file'] = 'app.js' diff --git a/recipes/nodejs.rb b/recipes/nodejs.rb index 86575b0..a1cd956 100644 --- a/recipes/nodejs.rb +++ b/recipes/nodejs.rb @@ -11,33 +11,47 @@ version = { } } -unless node['node']['working-dir'][0] == '/' - node.override['node']['working-dir'] = "#{node['working-dir']}/#{node['node']['working-dir']}" +unless node['nodejs']['working-dir'][0] == '/' + node.override['nodejs']['working-dir'] = "#{node['working-dir']}/#{node['nodejs']['working-dir']}" end -unless node['node']['version'] - node.default['node']['version'] = 8 +unless node['nodejs']['install_version'] + node.default['nodejs']['install_version'] = 8 end -unless version.key?(node['node']['version']) +unless version.key?(node['nodejs']['install_version']) raise <<~EOH - Unsupported NodeJS version #{node['node']['version']}. + Unsupported NodeJS version #{node['nodejs']['install_version']}. Supports #{version.keys}. EOH end -set_version = version[node['node']['version']] +set_version = version[node['nodejs']['install_version']] node.default['nodejs']['install_method'] = 'binary' -node.default['nodejs']['version'] = set_version['version'] +node.default['nodejs']['version'] = set_version['version'].to_str node.default['nodejs']['binary']['url'] = set_version['url'] node.default['nodejs']['binary']['checksum'] = set_version['checksum'] +node.default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node" + include_recipe "nodejs" +directory node['nodejs']['env_path'] do + recursive true +end + +file "#{node['nodejs']['env_path']}/package.json" do + owner 'root' + group 'root' + mode 0755 + content ::File.open("#{node['nodejs']['working-dir']}/package.json").read + action :create +end + execute 'Install NPM package.json' do - cwd node['node']['working-dir'] - command "npm --prefix \"#{node['node']['working-dir']}\" install" + cwd node['nodejs']['env_path'] + command "npm --prefix #{node['nodejs']['env_path']} install #{node['nodejs']['env_path']}" end directory "/var/log/node/#{node['app']['name']}" do -- 2.34.1 From 283a04f8d98725ed3c82e2d02fe3fa025cbfcd18 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:06:21 -0400 Subject: [PATCH 2/7] Redis recipe --- attributes/redis.rb | 1 + recipes/redis.rb | 19 +++++++++++++++++++ templates/redis/local.conf | 7 +++++++ 3 files changed, 27 insertions(+) create mode 100644 attributes/redis.rb create mode 100644 recipes/redis.rb create mode 100644 templates/redis/local.conf diff --git a/attributes/redis.rb b/attributes/redis.rb new file mode 100644 index 0000000..ce39b86 --- /dev/null +++ b/attributes/redis.rb @@ -0,0 +1 @@ +default['redis']['unix']['path'] = '/var/run/redis/redis.sock' diff --git a/recipes/redis.rb b/recipes/redis.rb new file mode 100644 index 0000000..095d7a2 --- /dev/null +++ b/recipes/redis.rb @@ -0,0 +1,19 @@ +apt_package 'redis-server' + +template '/etc/redis/local.conf' do + source 'redis/local.conf' +end + +if node['redis']['unix']['perm'] + bash 'append_to_config' do + user 'root' + code <<~EOF + echo "include /etc/redis/local.conf" >> /etc/redis/redis.conf + EOF + not_if 'grep -q "/etc/redis/local.conf" /etc/redis/redis.conf' + end +end + +systemd_unit 'redis-server.service' do + action :restart +end diff --git a/templates/redis/local.conf b/templates/redis/local.conf new file mode 100644 index 0000000..4ed4830 --- /dev/null +++ b/templates/redis/local.conf @@ -0,0 +1,7 @@ +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# + +unixsocket <%= node['redis']['unix']['path'] %> +unixsocketperm <%= node['redis']['unix']['perm'] %> -- 2.34.1 From bce2f6a261e4f5dfb5d24b05ac0ecbb42959f88f Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:12:47 -0400 Subject: [PATCH 3/7] Node attributes --- attributes/nodejs.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/attributes/nodejs.rb b/attributes/nodejs.rb index d83b8c5..f9d8c4e 100644 --- a/attributes/nodejs.rb +++ b/attributes/nodejs.rb @@ -1,5 +1,4 @@ -node.default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node" - +default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node" default['NodeJS']['version'] = 8 default['NodeJS']['working-dir'] = 'src/nodejs' default['NodeJS']['exec_file'] = 'app.js' -- 2.34.1 From 69b621a6439748fdecfb5ec43f2ed9245b14cb93 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:13:10 -0400 Subject: [PATCH 4/7] Python recipe --- attributes/python.rb | 3 +++ recipes/python.rb | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 attributes/python.rb create mode 100644 recipes/python.rb diff --git a/attributes/python.rb b/attributes/python.rb new file mode 100644 index 0000000..5d8bcf3 --- /dev/null +++ b/attributes/python.rb @@ -0,0 +1,3 @@ +default['python']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/python" +default['python']['version'] = '3.6' +default['python']['pip_requirements_path'] = 'requirements.txt' diff --git a/recipes/python.rb b/recipes/python.rb new file mode 100644 index 0000000..12843b4 --- /dev/null +++ b/recipes/python.rb @@ -0,0 +1,42 @@ +# +# Cookbook:: django-bakend +# Recipe:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. + +unless node['python']['working-dir'][0] == '/' + node.override['python']['working-dir'] = "#{node['working-dir']}/#{node['python']['working-dir']}" +end + + +apt_repository 'Python apt repo' do + uri 'ppa:deadsnakes/ppa' + repo_name 'ppa-deadsnakes' + deb_src true + action :add +end + +apt_update + +[ + "python#{node['python']['version']}", + "python#{node['python']['version']}-dev", + "python#{node['python']['version'][0]}-pip", + +].each do |pkg| + apt_package pkg +end + +execute 'Install virtual' do + command "pip#{node['python']['version'][0]} install virtualenv" +end + +bash 'Install python requirements file' do + # user 'root' + # cwd '/mydir' + code <<~EOH + virtualenv #{node['python']['env_path']} + source #{node['python']['env_path']}/bin/activate + pip install -r #{node['python']['working-dir']}/#{node['python']['pip_requirements_path']} + EOH +end -- 2.34.1 From d73c3e56edc683f202b1f7feb95b79e11f7f6658 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:14:15 -0400 Subject: [PATCH 5/7] Added node dependice --- metadata.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/metadata.rb b/metadata.rb index fffd3fe..75a8093 100644 --- a/metadata.rb +++ b/metadata.rb @@ -7,6 +7,8 @@ long_description 'Installs/Configures t42-common' version '0.1.0' chef_version '>= 13.0' +depends 'nodejs' + # The `issues_url` points to the location where issues for this cookbook are # tracked. A `View Issues` link will be displayed on this cookbook's page when # uploaded to a Supermarket. -- 2.34.1 From 98425a1680271388645b24a6615d949d674bd5d1 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:34:53 -0400 Subject: [PATCH 6/7] Added Postgres recipe --- attributes/postgres.rb | 5 +++++ recipes/postgress.rb | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 attributes/postgres.rb create mode 100644 recipes/postgress.rb diff --git a/attributes/postgres.rb b/attributes/postgres.rb new file mode 100644 index 0000000..ff207c3 --- /dev/null +++ b/attributes/postgres.rb @@ -0,0 +1,5 @@ +require 'securerandom' + +default['db']['name'] = node['app']['name'] +default['db']['user'] = node['app']['name'] +default['db']['password'] = SecureRandom.hex(13) diff --git a/recipes/postgress.rb b/recipes/postgress.rb new file mode 100644 index 0000000..5e99705 --- /dev/null +++ b/recipes/postgress.rb @@ -0,0 +1,40 @@ +apt_update 'update' do +end.run_action(:update) if platform_family?('debian') + +postgresql_server_install 'My PostgreSQL Server install' do + initdb_locale 'en_US.utf8' + action :install +end + +postgresql_server_install 'Setup my PostgreSQL 9.6 server' do + initdb_locale 'en_US.utf8' + action :create +end + +postgresql_access 'local_postgres_superuser' do + comment 'Local postgres superuser access' + access_type 'local' + access_db 'all' + access_user 'postgres' + access_addr nil + access_method 'ident' +end + +postgresql_user 'DB user' do + create_user node['db']['user'] + password node['db']['password'] + createrole true +end + +# Hack for creating a database, this cook book is broken with debian... + +execute 'add database' do + command "createdb #{node['db']['name']}" + user 'postgres' + not_if "psql -lqt | grep -w \"#{node['db']['name']}\"", :user => 'postgres' +end + +execute 'Grant DB user' do + command "echo \"grant all privileges on database #{node['db']['name']} to #{node['db']['user']} ;\" | psql" + user 'postgres' +end -- 2.34.1 From 82c9040f03f8ec729325876d3d2e37a790b79f50 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 27 May 2019 22:42:59 -0400 Subject: [PATCH 7/7] Added Openresty recipe --- recipes/openresty.rb | 64 +++++++++++++++++++ templates/openresty/autossl.conf.erb | 17 +++++ templates/openresty/nginx.conf.erb | 75 +++++++++++++++++++++++ templates/openresty/simple-proxy.conf.erb | 28 +++++++++ 4 files changed, 184 insertions(+) create mode 100644 recipes/openresty.rb create mode 100644 templates/openresty/autossl.conf.erb create mode 100644 templates/openresty/nginx.conf.erb create mode 100644 templates/openresty/simple-proxy.conf.erb diff --git a/recipes/openresty.rb b/recipes/openresty.rb new file mode 100644 index 0000000..bf0d30b --- /dev/null +++ b/recipes/openresty.rb @@ -0,0 +1,64 @@ +# apt_repository 'open resty repo' do +# uri 'http://openresty.org/package/ubuntu' +# key 'https://openresty.org/package/pubkey.gpg' +# components ['main'] +# end + +apt_package 'software-properties-common' + +execute 'add key' do + command 'wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -' +end + +execute 'add repo' do + command 'add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"; apt update' +end + +apt_package 'openresty' + +if node['web']['do_ssl'] + apt_package 'luarocks' + + execute 'install lua-resty-auto-ssl' do + command 'luarocks install lua-resty-auto-ssl' + end + + directory '/etc/ssl' do + mode '0755' + action :create + end + + execute 'defualt ssl' do + command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt" + end + + execute 'defualt ssl' do + command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt" + end + + template '/etc/openresty/autossl.conf' do + source 'autossl.conf.erb' + end +end + +template '/etc/openresty/nginx.conf' do + source 'nginx.conf.erb' +end + +directory '/etc/openresty/sites-enabled' do + mode '0755' + action :create +end + +directory '/var/log/nginx/' do + mode '0775' + action :create +end + +template '/etc/openresty/sites-enabled/host.conf' do + source 'host.conf.erb' +end + +systemd_unit 'openresty' do + action :reload +end \ No newline at end of file diff --git a/templates/openresty/autossl.conf.erb b/templates/openresty/autossl.conf.erb new file mode 100644 index 0000000..275df72 --- /dev/null +++ b/templates/openresty/autossl.conf.erb @@ -0,0 +1,17 @@ + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + + ssl_certificate_by_lua_block { + auto_ssl:ssl_certificate() + } + + location /.well-known/acme-challenge/ { + content_by_lua_block { + auto_ssl:challenge_server() + } + } + + ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt; + ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key; + \ No newline at end of file diff --git a/templates/openresty/nginx.conf.erb b/templates/openresty/nginx.conf.erb new file mode 100644 index 0000000..29e97db --- /dev/null +++ b/templates/openresty/nginx.conf.erb @@ -0,0 +1,75 @@ +#user nobody; +worker_processes 4; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + client_max_body_size 4g; + + + lua_shared_dict auto_ssl 100m; + lua_shared_dict auto_ssl_settings 64k; + + resolver 8.8.4.4 8.8.8.8; + + init_by_lua_block { + auto_ssl = (require "resty.auto-ssl").new() + auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis") + auto_ssl:set("allow_domain", function(domain) + return true + end) + auto_ssl:init() + } + + init_worker_by_lua_block { + auto_ssl:init_worker() + } + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server { + listen 127.0.0.1:8999; + + # Increase the body buffer size, to ensure the internal POSTs can always + # parse the full POST contents into memory. + client_body_buffer_size 128k; + client_max_body_size 128k; + + location / { + content_by_lua_block { + auto_ssl:hook_server() + } + } + } + + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + include sites-enabled/*; + +} diff --git a/templates/openresty/simple-proxy.conf.erb b/templates/openresty/simple-proxy.conf.erb new file mode 100644 index 0000000..6482164 --- /dev/null +++ b/templates/openresty/simple-proxy.conf.erb @@ -0,0 +1,28 @@ +server { + listen 80; + <% if node['web']['do_ssl'] %> + listen 443 ssl; + <% end %> + server_name <%= node['app']['domain'] %>; + + <% if node['web']['do_ssl'] %> + include autossl.conf; + <% end %> + + proxy_set_header X-Forwarded-For $remote_addr; + + location / { + proxy_pass http://localhost:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + } + + access_log /var/log/nginx/<%= node['app']['name'] %>.access.log; + error_log /var/log/nginx/<%= node['app']['name'] %>.error.log; +} -- 2.34.1