From ec6f4134be135cf337764c76cf459426943509b1 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Sun, 30 Jun 2019 21:40:37 -0400 Subject: [PATCH] Base ready --- Vagrantfile | 144 +++ ops/cookbooks/Berksfile | 6 + .../app/.delivery/build_cookbook/.kitchen.yml | 21 + .../app/.delivery/build_cookbook/Berksfile | 7 + .../app/.delivery/build_cookbook/LICENSE | 3 + .../app/.delivery/build_cookbook/README.md | 146 +++ .../app/.delivery/build_cookbook/chefignore | 104 +++ .../data_bags/keys/delivery_builder_keys.json | 1 + .../app/.delivery/build_cookbook/metadata.rb | 8 + .../build_cookbook/recipes/default.rb | 6 + .../build_cookbook/recipes/deploy.rb | 6 + .../build_cookbook/recipes/functional.rb | 6 + .../.delivery/build_cookbook/recipes/lint.rb | 6 + .../build_cookbook/recipes/provision.rb | 6 + .../build_cookbook/recipes/publish.rb | 6 + .../build_cookbook/recipes/quality.rb | 6 + .../build_cookbook/recipes/security.rb | 6 + .../.delivery/build_cookbook/recipes/smoke.rb | 6 + .../build_cookbook/recipes/syntax.rb | 6 + .../.delivery/build_cookbook/recipes/unit.rb | 6 + .../build_cookbook/secrets/fakey-mcfakerton | 0 .../test/fixtures/cookbooks/test/metadata.rb | 2 + .../cookbooks/test/recipes/default.rb | 9 + ops/cookbooks/app/.delivery/config.json | 17 + ops/cookbooks/app/.delivery/project.toml | 36 + ops/cookbooks/app/.gitignore | 22 + ops/cookbooks/app/.kitchen.yml | 26 + ops/cookbooks/app/Berksfile | 5 + ops/cookbooks/app/CHANGELOG.md | 11 + ops/cookbooks/app/LICENSE | 3 + ops/cookbooks/app/README.md | 4 + ops/cookbooks/app/chefignore | 104 +++ ops/cookbooks/app/metadata.rb | 22 + ops/cookbooks/app/recipes/default.rb | 0 ops/cookbooks/app/spec/spec_helper.rb | 3 + .../app/spec/unit/recipes/default_spec.rb | 35 + .../test/integration/default/default_test.rb | 16 + ops/cookbooks/metadata.rb | 3 + .../app/.delivery/build_cookbook/.kitchen.yml | 21 + .../app/.delivery/build_cookbook/Berksfile | 7 + .../app/.delivery/build_cookbook/LICENSE | 3 + .../app/.delivery/build_cookbook/README.md | 146 +++ .../app/.delivery/build_cookbook/chefignore | 104 +++ .../data_bags/keys/delivery_builder_keys.json | 1 + .../app/.delivery/build_cookbook/metadata.rb | 8 + .../build_cookbook/recipes/default.rb | 6 + .../build_cookbook/recipes/deploy.rb | 6 + .../build_cookbook/recipes/functional.rb | 6 + .../.delivery/build_cookbook/recipes/lint.rb | 6 + .../build_cookbook/recipes/provision.rb | 6 + .../build_cookbook/recipes/publish.rb | 6 + .../build_cookbook/recipes/quality.rb | 6 + .../build_cookbook/recipes/security.rb | 6 + .../.delivery/build_cookbook/recipes/smoke.rb | 6 + .../build_cookbook/recipes/syntax.rb | 6 + .../.delivery/build_cookbook/recipes/unit.rb | 6 + .../build_cookbook/secrets/fakey-mcfakerton | 0 .../test/fixtures/cookbooks/test/metadata.rb | 2 + .../cookbooks/test/recipes/default.rb | 9 + .../vendor/app/.delivery/config.json | 17 + .../vendor/app/.delivery/project.toml | 36 + ops/cookbooks/vendor/app/LICENSE | 3 + ops/cookbooks/vendor/app/README.md | 4 + ops/cookbooks/vendor/app/chefignore | 104 +++ ops/cookbooks/vendor/app/metadata.json | 35 + ops/cookbooks/vendor/app/metadata.rb | 22 + ops/cookbooks/vendor/app/recipes/default.rb | 0 ops/cookbooks/vendor/ark/.foodcritic | 0 ops/cookbooks/vendor/ark/CHANGELOG.md | 263 ++++++ ops/cookbooks/vendor/ark/CONTRIBUTING.md | 2 + ops/cookbooks/vendor/ark/README.md | 298 ++++++ .../vendor/ark/attributes/default.rb | 47 + .../vendor/ark/files/default/foo.tar.gz | Bin 0 -> 219 bytes .../vendor/ark/files/default/foo.tbz | Bin 0 -> 163 bytes .../vendor/ark/files/default/foo.tgz | Bin 0 -> 152 bytes .../vendor/ark/files/default/foo.txz | Bin 0 -> 200 bytes .../vendor/ark/files/default/foo.zip | Bin 0 -> 976 bytes .../vendor/ark/files/default/foo_sub.tar.gz | Bin 0 -> 193 bytes .../vendor/ark/files/default/foo_sub.zip | Bin 0 -> 614 bytes ops/cookbooks/vendor/ark/libraries/default.rb | 112 +++ .../vendor/ark/libraries/general_owner.rb | 13 + .../libraries/platform_specific_builders.rb | 23 + .../vendor/ark/libraries/resource_defaults.rb | 119 +++ .../ark/libraries/resource_deprecations.rb | 33 + .../ark/libraries/sevenzip_command_builder.rb | 78 ++ .../ark/libraries/tar_command_builder.rb | 56 ++ .../ark/libraries/unzip_command_builder.rb | 48 + .../vendor/ark/libraries/windows_owner.rb | 13 + ops/cookbooks/vendor/ark/metadata.json | 1 + ops/cookbooks/vendor/ark/recipes/default.rb | 23 + ops/cookbooks/vendor/ark/resources/default.rb | 536 +++++++++++ .../vendor/ark/templates/add_to_path.sh.erb | 1 + .../vendor/build-essential/CHANGELOG.md | 285 ++++++ .../vendor/build-essential/CONTRIBUTING.md | 2 + .../vendor/build-essential/README.md | 138 +++ .../build-essential/attributes/default.rb | 21 + .../vendor/build-essential/metadata.json | 1 + .../build-essential/recipes/_windows.rb | 53 ++ .../vendor/build-essential/recipes/default.rb | 24 + .../resources/build_essential.rb | 107 +++ .../resources/xcode_command_line_tools.rb | 57 ++ ops/cookbooks/vendor/change-me/Berksfile | 6 + .../app/.delivery/build_cookbook/.kitchen.yml | 21 + .../app/.delivery/build_cookbook/Berksfile | 7 + .../app/.delivery/build_cookbook/LICENSE | 3 + .../app/.delivery/build_cookbook/README.md | 146 +++ .../app/.delivery/build_cookbook/chefignore | 104 +++ .../data_bags/keys/delivery_builder_keys.json | 1 + .../app/.delivery/build_cookbook/metadata.rb | 8 + .../build_cookbook/recipes/default.rb | 6 + .../build_cookbook/recipes/deploy.rb | 6 + .../build_cookbook/recipes/functional.rb | 6 + .../.delivery/build_cookbook/recipes/lint.rb | 6 + .../build_cookbook/recipes/provision.rb | 6 + .../build_cookbook/recipes/publish.rb | 6 + .../build_cookbook/recipes/quality.rb | 6 + .../build_cookbook/recipes/security.rb | 6 + .../.delivery/build_cookbook/recipes/smoke.rb | 6 + .../build_cookbook/recipes/syntax.rb | 6 + .../.delivery/build_cookbook/recipes/unit.rb | 6 + .../build_cookbook/secrets/fakey-mcfakerton | 0 .../test/fixtures/cookbooks/test/metadata.rb | 2 + .../cookbooks/test/recipes/default.rb | 9 + .../change-me/app/.delivery/config.json | 17 + .../change-me/app/.delivery/project.toml | 36 + ops/cookbooks/vendor/change-me/app/.gitignore | 22 + .../vendor/change-me/app/.kitchen.yml | 26 + ops/cookbooks/vendor/change-me/app/Berksfile | 5 + .../vendor/change-me/app/CHANGELOG.md | 11 + ops/cookbooks/vendor/change-me/app/LICENSE | 3 + ops/cookbooks/vendor/change-me/app/README.md | 4 + ops/cookbooks/vendor/change-me/app/chefignore | 104 +++ .../vendor/change-me/app/metadata.rb | 22 + .../vendor/change-me/app/recipes/default.rb | 0 .../vendor/change-me/app/spec/spec_helper.rb | 3 + .../app/spec/unit/recipes/default_spec.rb | 35 + .../test/integration/default/default_test.rb | 16 + ops/cookbooks/vendor/change-me/metadata.json | 33 + ops/cookbooks/vendor/change-me/metadata.rb | 3 + ops/cookbooks/vendor/mingw/CHANGELOG.md | 58 ++ ops/cookbooks/vendor/mingw/CONTRIBUTING.md | 2 + ops/cookbooks/vendor/mingw/README.md | 138 +++ .../vendor/mingw/attributes/default.rb | 3 + .../vendor/mingw/files/default/bash.bat | 17 + .../mingw/files/default/custom-upgrade.sh | 23 + .../mingw/files/default/custom_prefix.sh | 13 + .../vendor/mingw/files/default/pthread.h | 719 +++++++++++++++ .../vendor/mingw/files/default/time.h | 297 ++++++ .../vendor/mingw/libraries/_helper.rb | 38 + ops/cookbooks/vendor/mingw/metadata.json | 1 + ops/cookbooks/vendor/mingw/recipes/default.rb | 19 + ops/cookbooks/vendor/mingw/resources/get.rb | 56 ++ .../vendor/mingw/resources/msys2_package.rb | 139 +++ .../vendor/mingw/resources/tdm_gcc.rb | 114 +++ ops/cookbooks/vendor/mysql/.foodcritic | 1 + ops/cookbooks/vendor/mysql/CHANGELOG.md | 692 ++++++++++++++ ops/cookbooks/vendor/mysql/CONTRIBUTING.md | 2 + ops/cookbooks/vendor/mysql/README.md | 424 +++++++++ .../vendor/mysql/libraries/helpers.rb | 291 ++++++ .../vendor/mysql/libraries/matchers.rb | 71 ++ .../vendor/mysql/libraries/mysql_base.rb | 30 + .../mysql_client_installation_package.rb | 31 + .../vendor/mysql/libraries/mysql_config.rb | 56 ++ .../mysql_server_installation_package.rb | 42 + .../vendor/mysql/libraries/mysql_service.rb | 105 +++ .../mysql/libraries/mysql_service_base.rb | 203 +++++ .../mysql_service_manager_systemd.rb | 142 +++ .../mysql_service_manager_sysvinit.rb | 79 ++ .../mysql_service_manager_upstart.rb | 103 +++ ops/cookbooks/vendor/mysql/metadata.json | 1 + .../apparmor/usr.sbin.mysqld-instance.erb | 14 + .../apparmor/usr.sbin.mysqld-local.erb | 1 + .../default/apparmor/usr.sbin.mysqld.erb | 47 + .../vendor/mysql/templates/default/my.cnf.erb | 57 ++ .../default/smf/svc.method.mysqld.erb | 28 + .../default/systemd/mysqld-wait-ready.erb | 30 + .../default/systemd/mysqld.service.erb | 16 + .../templates/default/sysvinit/mysqld.erb | 279 ++++++ .../templates/default/tmpfiles.d.conf.erb | 1 + .../default/upstart/mysqld-wait-ready.erb | 22 + .../templates/default/upstart/mysqld.erb | 26 + ops/cookbooks/vendor/nodejs/CHANGELOG.md | 166 ++++ ops/cookbooks/vendor/nodejs/README.md | 199 ++++ .../vendor/nodejs/attributes/default.rb | 41 + ops/cookbooks/vendor/nodejs/attributes/npm.rb | 2 + .../vendor/nodejs/attributes/packages.rb | 11 + .../vendor/nodejs/attributes/repo.rb | 12 + .../vendor/nodejs/libraries/nodejs_helper.rb | 40 + ops/cookbooks/vendor/nodejs/metadata.json | 1 + .../vendor/nodejs/recipes/default.rb | 23 + .../vendor/nodejs/recipes/install.rb | 21 + ops/cookbooks/vendor/nodejs/recipes/iojs.rb | 1 + ops/cookbooks/vendor/nodejs/recipes/nodejs.rb | 21 + .../nodejs/recipes/nodejs_from_binary.rb | 65 ++ .../nodejs/recipes/nodejs_from_package.rb | 33 + .../nodejs/recipes/nodejs_from_source.rb | 45 + ops/cookbooks/vendor/nodejs/recipes/npm.rb | 28 + .../vendor/nodejs/recipes/npm_from_source.rb | 32 + .../vendor/nodejs/recipes/npm_packages.rb | 11 + ops/cookbooks/vendor/nodejs/recipes/repo.rb | 20 + .../vendor/nodejs/resources/npm_package.rb | 100 +++ ops/cookbooks/vendor/postgresql/CHANGELOG.md | 153 ++++ .../vendor/postgresql/CONTRIBUTING.md | 21 + ops/cookbooks/vendor/postgresql/README.md | 433 +++++++++ .../vendor/postgresql/libraries/helpers.rb | 247 +++++ ops/cookbooks/vendor/postgresql/metadata.json | 1 + ops/cookbooks/vendor/postgresql/metadata.rb | 15 + .../vendor/postgresql/resources/access.rb | 59 ++ .../postgresql/resources/client_install.rb | 35 + .../vendor/postgresql/resources/database.rb | 67 ++ .../vendor/postgresql/resources/extension.rb | 49 + .../vendor/postgresql/resources/ident.rb | 55 ++ .../vendor/postgresql/resources/repository.rb | 90 ++ .../postgresql/resources/server_conf.rb | 52 ++ .../postgresql/resources/server_install.rb | 76 ++ .../vendor/postgresql/resources/user.rb | 87 ++ .../postgresql/templates/pg_hba.conf.erb | 33 + .../postgresql/templates/pg_ident.conf.erb | 49 + .../postgresql/templates/pgsql.sysconfig.erb | 2 + .../postgresql/templates/postgresql.conf.erb | 26 + .../templates/postgresql.service.erb | 6 + ops/cookbooks/vendor/seven_zip/Gemfile | 8 + ops/cookbooks/vendor/seven_zip/LICENSE | 201 +++++ ops/cookbooks/vendor/seven_zip/README.md | 114 +++ ops/cookbooks/vendor/seven_zip/appveyor.yml | 42 + .../vendor/seven_zip/attributes/default.rb | 31 + ops/cookbooks/vendor/seven_zip/chefignore | 98 ++ .../vendor/seven_zip/libraries/matchers.rb | 33 + ops/cookbooks/vendor/seven_zip/metadata.json | 38 + ops/cookbooks/vendor/seven_zip/metadata.rb | 12 + .../vendor/seven_zip/providers/archive.rb | 64 ++ ops/cookbooks/vendor/seven_zip/rakefile.rb | 27 + .../vendor/seven_zip/recipes/default.rb | 24 + .../vendor/seven_zip/resources/archive.rb | 29 + .../vendor/seven_zip/resources/tool.rb | 47 + .../.delivery/build_cookbook/.kitchen.yml | 21 + .../.delivery/build_cookbook/Berksfile | 7 + .../.delivery/build_cookbook/LICENSE | 3 + .../.delivery/build_cookbook/README.md | 146 +++ .../.delivery/build_cookbook/chefignore | 104 +++ .../data_bags/keys/delivery_builder_keys.json | 1 + .../.delivery/build_cookbook/metadata.rb | 8 + .../build_cookbook/recipes/default.rb | 6 + .../build_cookbook/recipes/deploy.rb | 6 + .../build_cookbook/recipes/functional.rb | 6 + .../.delivery/build_cookbook/recipes/lint.rb | 6 + .../build_cookbook/recipes/provision.rb | 6 + .../build_cookbook/recipes/publish.rb | 6 + .../build_cookbook/recipes/quality.rb | 6 + .../build_cookbook/recipes/security.rb | 6 + .../.delivery/build_cookbook/recipes/smoke.rb | 6 + .../build_cookbook/recipes/syntax.rb | 6 + .../.delivery/build_cookbook/recipes/unit.rb | 6 + .../build_cookbook/secrets/fakey-mcfakerton | 0 .../test/fixtures/cookbooks/test/metadata.rb | 2 + .../cookbooks/test/recipes/default.rb | 9 + .../vendor/t42-common/.delivery/config.json | 17 + .../vendor/t42-common/.delivery/project.toml | 36 + ops/cookbooks/vendor/t42-common/LICENSE | 3 + ops/cookbooks/vendor/t42-common/README.md | 4 + .../vendor/t42-common/attributes/apache.rb | 0 .../vendor/t42-common/attributes/mysql.rb | 6 + .../vendor/t42-common/attributes/nodejs.rb | 5 + .../vendor/t42-common/attributes/postgres.rb | 5 + .../vendor/t42-common/attributes/python.rb | 3 + .../vendor/t42-common/attributes/redis.rb | 1 + ops/cookbooks/vendor/t42-common/chefignore | 104 +++ ops/cookbooks/vendor/t42-common/metadata.json | 37 + ops/cookbooks/vendor/t42-common/metadata.rb | 24 + .../vendor/t42-common/recipes/apache.rb | 52 ++ .../vendor/t42-common/recipes/mysql.rb | 21 + .../vendor/t42-common/recipes/nodejs.rb | 59 ++ .../vendor/t42-common/recipes/openresty.rb | 64 ++ .../vendor/t42-common/recipes/php.rb | 6 + .../vendor/t42-common/recipes/postgres.rb | 49 + .../vendor/t42-common/recipes/python.rb | 42 + .../vendor/t42-common/recipes/redis.rb | 19 + .../templates/apache/vhost.conf.erb | 76 ++ .../templates/openresty/autossl.conf.erb | 17 + .../templates/openresty/nginx.conf.erb | 75 ++ .../templates/openresty/simple-proxy.conf.erb | 28 + .../t42-common/templates/redis/local.conf | 7 + ops/cookbooks/vendor/windows/CHANGELOG.md | 846 ++++++++++++++++++ ops/cookbooks/vendor/windows/CONTRIBUTING.md | 2 + ops/cookbooks/vendor/windows/README.md | 517 +++++++++++ .../windows/libraries/powershell_helper.rb | 53 ++ .../windows/libraries/registry_helper.rb | 356 ++++++++ .../vendor/windows/libraries/version.rb | 189 ++++ .../windows/libraries/version_helper.rb | 93 ++ .../windows/libraries/windows_helper.rb | 165 ++++ .../windows/libraries/windows_privileged.rb | 103 +++ .../vendor/windows/libraries/wmi_helper.rb | 34 + ops/cookbooks/vendor/windows/metadata.json | 1 + ops/cookbooks/vendor/windows/metadata.rb | 11 + ops/cookbooks/vendor/windows/providers/dns.rb | 153 ++++ .../vendor/windows/recipes/default.rb | 21 + .../vendor/windows/resources/certificate.rb | 301 +++++++ .../windows/resources/certificate_binding.rb | 135 +++ ops/cookbooks/vendor/windows/resources/dns.rb | 30 + .../vendor/windows/resources/http_acl.rb | 109 +++ .../vendor/windows/resources/share.rb | 288 ++++++ .../windows/resources/user_privilege.rb | 40 + .../vendor/windows/resources/zipfile.rb | 127 +++ ops/roles/common.rb | 13 + 304 files changed, 16820 insertions(+) create mode 100644 Vagrantfile create mode 100644 ops/cookbooks/Berksfile create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/.kitchen.yml create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/Berksfile create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/LICENSE create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/README.md create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/chefignore create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/metadata.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/default.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/deploy.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/functional.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/lint.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/provision.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/publish.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/quality.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/security.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/smoke.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/syntax.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/recipes/unit.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/secrets/fakey-mcfakerton create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb create mode 100644 ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb create mode 100644 ops/cookbooks/app/.delivery/config.json create mode 100644 ops/cookbooks/app/.delivery/project.toml create mode 100644 ops/cookbooks/app/.gitignore create mode 100644 ops/cookbooks/app/.kitchen.yml create mode 100644 ops/cookbooks/app/Berksfile create mode 100644 ops/cookbooks/app/CHANGELOG.md create mode 100644 ops/cookbooks/app/LICENSE create mode 100644 ops/cookbooks/app/README.md create mode 100644 ops/cookbooks/app/chefignore create mode 100644 ops/cookbooks/app/metadata.rb create mode 100644 ops/cookbooks/app/recipes/default.rb create mode 100644 ops/cookbooks/app/spec/spec_helper.rb create mode 100644 ops/cookbooks/app/spec/unit/recipes/default_spec.rb create mode 100644 ops/cookbooks/app/test/integration/default/default_test.rb create mode 100644 ops/cookbooks/metadata.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/.kitchen.yml create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/Berksfile create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/LICENSE create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/README.md create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/chefignore create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/metadata.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/default.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/deploy.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/functional.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/lint.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/provision.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/publish.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/quality.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/security.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/smoke.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/syntax.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/unit.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/secrets/fakey-mcfakerton create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb create mode 100644 ops/cookbooks/vendor/app/.delivery/config.json create mode 100644 ops/cookbooks/vendor/app/.delivery/project.toml create mode 100644 ops/cookbooks/vendor/app/LICENSE create mode 100644 ops/cookbooks/vendor/app/README.md create mode 100644 ops/cookbooks/vendor/app/chefignore create mode 100644 ops/cookbooks/vendor/app/metadata.json create mode 100644 ops/cookbooks/vendor/app/metadata.rb create mode 100644 ops/cookbooks/vendor/app/recipes/default.rb create mode 100644 ops/cookbooks/vendor/ark/.foodcritic create mode 100644 ops/cookbooks/vendor/ark/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/ark/CONTRIBUTING.md create mode 100644 ops/cookbooks/vendor/ark/README.md create mode 100644 ops/cookbooks/vendor/ark/attributes/default.rb create mode 100644 ops/cookbooks/vendor/ark/files/default/foo.tar.gz create mode 100644 ops/cookbooks/vendor/ark/files/default/foo.tbz create mode 100644 ops/cookbooks/vendor/ark/files/default/foo.tgz create mode 100644 ops/cookbooks/vendor/ark/files/default/foo.txz create mode 100644 ops/cookbooks/vendor/ark/files/default/foo.zip create mode 100644 ops/cookbooks/vendor/ark/files/default/foo_sub.tar.gz create mode 100644 ops/cookbooks/vendor/ark/files/default/foo_sub.zip create mode 100644 ops/cookbooks/vendor/ark/libraries/default.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/general_owner.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/platform_specific_builders.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/resource_defaults.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/resource_deprecations.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/sevenzip_command_builder.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/tar_command_builder.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/unzip_command_builder.rb create mode 100644 ops/cookbooks/vendor/ark/libraries/windows_owner.rb create mode 100644 ops/cookbooks/vendor/ark/metadata.json create mode 100644 ops/cookbooks/vendor/ark/recipes/default.rb create mode 100644 ops/cookbooks/vendor/ark/resources/default.rb create mode 100644 ops/cookbooks/vendor/ark/templates/add_to_path.sh.erb create mode 100644 ops/cookbooks/vendor/build-essential/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/build-essential/CONTRIBUTING.md create mode 100644 ops/cookbooks/vendor/build-essential/README.md create mode 100644 ops/cookbooks/vendor/build-essential/attributes/default.rb create mode 100644 ops/cookbooks/vendor/build-essential/metadata.json create mode 100644 ops/cookbooks/vendor/build-essential/recipes/_windows.rb create mode 100644 ops/cookbooks/vendor/build-essential/recipes/default.rb create mode 100644 ops/cookbooks/vendor/build-essential/resources/build_essential.rb create mode 100644 ops/cookbooks/vendor/build-essential/resources/xcode_command_line_tools.rb create mode 100644 ops/cookbooks/vendor/change-me/Berksfile create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/.kitchen.yml create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/Berksfile create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/LICENSE create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/README.md create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/chefignore create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/metadata.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/default.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/deploy.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/functional.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/lint.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/provision.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/publish.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/quality.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/security.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/smoke.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/syntax.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/unit.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/secrets/fakey-mcfakerton create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/config.json create mode 100644 ops/cookbooks/vendor/change-me/app/.delivery/project.toml create mode 100644 ops/cookbooks/vendor/change-me/app/.gitignore create mode 100644 ops/cookbooks/vendor/change-me/app/.kitchen.yml create mode 100644 ops/cookbooks/vendor/change-me/app/Berksfile create mode 100644 ops/cookbooks/vendor/change-me/app/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/change-me/app/LICENSE create mode 100644 ops/cookbooks/vendor/change-me/app/README.md create mode 100644 ops/cookbooks/vendor/change-me/app/chefignore create mode 100644 ops/cookbooks/vendor/change-me/app/metadata.rb create mode 100644 ops/cookbooks/vendor/change-me/app/recipes/default.rb create mode 100644 ops/cookbooks/vendor/change-me/app/spec/spec_helper.rb create mode 100644 ops/cookbooks/vendor/change-me/app/spec/unit/recipes/default_spec.rb create mode 100644 ops/cookbooks/vendor/change-me/app/test/integration/default/default_test.rb create mode 100644 ops/cookbooks/vendor/change-me/metadata.json create mode 100644 ops/cookbooks/vendor/change-me/metadata.rb create mode 100644 ops/cookbooks/vendor/mingw/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/mingw/CONTRIBUTING.md create mode 100644 ops/cookbooks/vendor/mingw/README.md create mode 100644 ops/cookbooks/vendor/mingw/attributes/default.rb create mode 100644 ops/cookbooks/vendor/mingw/files/default/bash.bat create mode 100644 ops/cookbooks/vendor/mingw/files/default/custom-upgrade.sh create mode 100644 ops/cookbooks/vendor/mingw/files/default/custom_prefix.sh create mode 100644 ops/cookbooks/vendor/mingw/files/default/pthread.h create mode 100644 ops/cookbooks/vendor/mingw/files/default/time.h create mode 100644 ops/cookbooks/vendor/mingw/libraries/_helper.rb create mode 100644 ops/cookbooks/vendor/mingw/metadata.json create mode 100644 ops/cookbooks/vendor/mingw/recipes/default.rb create mode 100644 ops/cookbooks/vendor/mingw/resources/get.rb create mode 100644 ops/cookbooks/vendor/mingw/resources/msys2_package.rb create mode 100644 ops/cookbooks/vendor/mingw/resources/tdm_gcc.rb create mode 100644 ops/cookbooks/vendor/mysql/.foodcritic create mode 100644 ops/cookbooks/vendor/mysql/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/mysql/CONTRIBUTING.md create mode 100644 ops/cookbooks/vendor/mysql/README.md create mode 100644 ops/cookbooks/vendor/mysql/libraries/helpers.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/matchers.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_base.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_client_installation_package.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_config.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_server_installation_package.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_service.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_service_base.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_systemd.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_sysvinit.rb create mode 100644 ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_upstart.rb create mode 100644 ops/cookbooks/vendor/mysql/metadata.json create mode 100644 ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/my.cnf.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/smf/svc.method.mysqld.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld-wait-ready.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld.service.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/sysvinit/mysqld.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/tmpfiles.d.conf.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld-wait-ready.erb create mode 100644 ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld.erb create mode 100644 ops/cookbooks/vendor/nodejs/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/nodejs/README.md create mode 100644 ops/cookbooks/vendor/nodejs/attributes/default.rb create mode 100644 ops/cookbooks/vendor/nodejs/attributes/npm.rb create mode 100644 ops/cookbooks/vendor/nodejs/attributes/packages.rb create mode 100644 ops/cookbooks/vendor/nodejs/attributes/repo.rb create mode 100644 ops/cookbooks/vendor/nodejs/libraries/nodejs_helper.rb create mode 100644 ops/cookbooks/vendor/nodejs/metadata.json create mode 100644 ops/cookbooks/vendor/nodejs/recipes/default.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/install.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/iojs.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/nodejs.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/nodejs_from_binary.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/nodejs_from_package.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/nodejs_from_source.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/npm.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/npm_from_source.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/npm_packages.rb create mode 100644 ops/cookbooks/vendor/nodejs/recipes/repo.rb create mode 100644 ops/cookbooks/vendor/nodejs/resources/npm_package.rb create mode 100644 ops/cookbooks/vendor/postgresql/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/postgresql/CONTRIBUTING.md create mode 100644 ops/cookbooks/vendor/postgresql/README.md create mode 100644 ops/cookbooks/vendor/postgresql/libraries/helpers.rb create mode 100644 ops/cookbooks/vendor/postgresql/metadata.json create mode 100644 ops/cookbooks/vendor/postgresql/metadata.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/access.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/client_install.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/database.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/extension.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/ident.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/repository.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/server_conf.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/server_install.rb create mode 100644 ops/cookbooks/vendor/postgresql/resources/user.rb create mode 100644 ops/cookbooks/vendor/postgresql/templates/pg_hba.conf.erb create mode 100644 ops/cookbooks/vendor/postgresql/templates/pg_ident.conf.erb create mode 100644 ops/cookbooks/vendor/postgresql/templates/pgsql.sysconfig.erb create mode 100644 ops/cookbooks/vendor/postgresql/templates/postgresql.conf.erb create mode 100644 ops/cookbooks/vendor/postgresql/templates/postgresql.service.erb create mode 100644 ops/cookbooks/vendor/seven_zip/Gemfile create mode 100644 ops/cookbooks/vendor/seven_zip/LICENSE create mode 100644 ops/cookbooks/vendor/seven_zip/README.md create mode 100644 ops/cookbooks/vendor/seven_zip/appveyor.yml create mode 100644 ops/cookbooks/vendor/seven_zip/attributes/default.rb create mode 100644 ops/cookbooks/vendor/seven_zip/chefignore create mode 100644 ops/cookbooks/vendor/seven_zip/libraries/matchers.rb create mode 100644 ops/cookbooks/vendor/seven_zip/metadata.json create mode 100644 ops/cookbooks/vendor/seven_zip/metadata.rb create mode 100644 ops/cookbooks/vendor/seven_zip/providers/archive.rb create mode 100644 ops/cookbooks/vendor/seven_zip/rakefile.rb create mode 100644 ops/cookbooks/vendor/seven_zip/recipes/default.rb create mode 100644 ops/cookbooks/vendor/seven_zip/resources/archive.rb create mode 100644 ops/cookbooks/vendor/seven_zip/resources/tool.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/.kitchen.yml create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/Berksfile create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/LICENSE create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/README.md create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/chefignore create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/metadata.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/default.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/deploy.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/functional.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/lint.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/provision.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/publish.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/quality.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/security.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/smoke.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/syntax.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/unit.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/secrets/fakey-mcfakerton create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/config.json create mode 100644 ops/cookbooks/vendor/t42-common/.delivery/project.toml create mode 100644 ops/cookbooks/vendor/t42-common/LICENSE create mode 100644 ops/cookbooks/vendor/t42-common/README.md create mode 100644 ops/cookbooks/vendor/t42-common/attributes/apache.rb create mode 100644 ops/cookbooks/vendor/t42-common/attributes/mysql.rb create mode 100644 ops/cookbooks/vendor/t42-common/attributes/nodejs.rb create mode 100644 ops/cookbooks/vendor/t42-common/attributes/postgres.rb create mode 100644 ops/cookbooks/vendor/t42-common/attributes/python.rb create mode 100644 ops/cookbooks/vendor/t42-common/attributes/redis.rb create mode 100644 ops/cookbooks/vendor/t42-common/chefignore create mode 100644 ops/cookbooks/vendor/t42-common/metadata.json create mode 100644 ops/cookbooks/vendor/t42-common/metadata.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/apache.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/mysql.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/nodejs.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/openresty.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/php.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/postgres.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/python.rb create mode 100644 ops/cookbooks/vendor/t42-common/recipes/redis.rb create mode 100644 ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb create mode 100644 ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb create mode 100644 ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb create mode 100644 ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb create mode 100644 ops/cookbooks/vendor/t42-common/templates/redis/local.conf create mode 100644 ops/cookbooks/vendor/windows/CHANGELOG.md create mode 100644 ops/cookbooks/vendor/windows/CONTRIBUTING.md create mode 100644 ops/cookbooks/vendor/windows/README.md create mode 100644 ops/cookbooks/vendor/windows/libraries/powershell_helper.rb create mode 100644 ops/cookbooks/vendor/windows/libraries/registry_helper.rb create mode 100644 ops/cookbooks/vendor/windows/libraries/version.rb create mode 100644 ops/cookbooks/vendor/windows/libraries/version_helper.rb create mode 100644 ops/cookbooks/vendor/windows/libraries/windows_helper.rb create mode 100644 ops/cookbooks/vendor/windows/libraries/windows_privileged.rb create mode 100644 ops/cookbooks/vendor/windows/libraries/wmi_helper.rb create mode 100644 ops/cookbooks/vendor/windows/metadata.json create mode 100644 ops/cookbooks/vendor/windows/metadata.rb create mode 100644 ops/cookbooks/vendor/windows/providers/dns.rb create mode 100644 ops/cookbooks/vendor/windows/recipes/default.rb create mode 100644 ops/cookbooks/vendor/windows/resources/certificate.rb create mode 100644 ops/cookbooks/vendor/windows/resources/certificate_binding.rb create mode 100644 ops/cookbooks/vendor/windows/resources/dns.rb create mode 100644 ops/cookbooks/vendor/windows/resources/http_acl.rb create mode 100644 ops/cookbooks/vendor/windows/resources/share.rb create mode 100644 ops/cookbooks/vendor/windows/resources/user_privilege.rb create mode 100644 ops/cookbooks/vendor/windows/resources/zipfile.rb create mode 100644 ops/roles/common.rb diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..88514e7 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,144 @@ +require 'json' +begin + secrets = JSON.parse(File.read('secrets.json')) + puts 'Loading secrets file' +rescue + secrets = {} + puts 'Secrets file not found' +end + +class ::Hash + def deep_merge(second) + second.each do |key, value| + if value.class == Hash and self[key.to_sym] + self[key.to_sym].deep_merge(value) + else + self[key.to_sym] = value + end + end + return self + end +end + +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "ubuntu/xenial64" + config.vm.synced_folder '.', '/vagrant' # The vagrant dir just stopped automounting + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + config.vm.network "forwarded_port", guest: 80, host: 8000 + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider 'virtualbox' do |vb| + # Customize the amount of memory on the VM: + vb.memory = '1024' + vb.default_nic_type = "virtio" + vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<~SHELL + if ! apt list ruby2.5 | grep installed; then + apt-add-repository ppa:brightbox/ruby-ng -y + apt-get update + sudo apt-get install -y build-essential resolvconf ruby2.5 ruby2.5-dev gem + fi + + if ! which berks >/dev/null; then + gem install berkshelf --no-ri --no-rdoc + # ln -s /opt/chef/embedded/bin/berks /usr/local/bin/berks + fi + + cd /vagrant + git submodule update --init --recursive + + cd /vagrant/ops/cookbooks + rm -rf vendor + rm -rf $HOME/.berksfile + berks update + berks vendor vendor + SHELL + + config.vm.provision 'chef_solo' do |chef| + chef.version = '14.12.3' # version 14.12.9 fails to run + chef.cookbooks_path = [ + 'ops/cookbooks/', + 'ops/cookbooks/vendor/' + ] + chef.roles_path ='ops/roles' + chef.add_role('common') + chef.json = { + 'working-dir': '/vagrant', + 'app': { + 'name': 'change_me', + 'domain': 'localhost', + }, + # 'nodejs': { + # 'working-dir': 'node_rtc', + # 'port': '8001' + # }, + # 'python': { + # 'working-dir': 'django', + # }, + # 'db':{}, + # 'redis':{ + # 'unix': { + # 'perm': '777' + # } + # }, + # 'django': { + # 'settings_path': 'project/settings', + # 'email': { + # 'host': 'smtp.gmail.com', + # 'port': '587', + # 'tls': 'True', + # }, + # 'allowed_hosts': [ + # '*' + # ], + # 'github': { + # 'TEST_ORG': 'ByteTesting', + # 'DISTRIBUTOR_ORG': 'ByteExercises', + # 'SOURCE_ORG': 'ByteAcademyCo' + # } + # }, + # 'web':{ + # 'admin_email': 'admin2342@example.com', + # 'do_ssl': false, + # 'static': [ + # {'uri': '/static', 'path': 'django/staticfiles'}, + # ], + # 'wsgi': { + # 'wsgi_path': 'django/project/wsgi.py', + # }, + # 'socket.io': { + # 'host': 'localhost', + # 'port': '8001', + # } + # }, + }.deep_merge(secrets); + end +end diff --git a/ops/cookbooks/Berksfile b/ops/cookbooks/Berksfile new file mode 100644 index 0000000..361bfaf --- /dev/null +++ b/ops/cookbooks/Berksfile @@ -0,0 +1,6 @@ +source 'https://supermarket.chef.io' + # cookbook 'mysql', '~> 8.5.1' +metadata + +cookbook 'app', path: 'app' +cookbook 't42-common', git: 'https://git.theta42.com/theta42/t42-common.git' \ No newline at end of file diff --git a/ops/cookbooks/app/.delivery/build_cookbook/.kitchen.yml b/ops/cookbooks/app/.delivery/build_cookbook/.kitchen.yml new file mode 100644 index 0000000..bc6e264 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/.kitchen.yml @@ -0,0 +1,21 @@ +--- +driver: + name: vagrant + synced_folders: + - [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data'] + +provisioner: + name: chef_zero + encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton' + data_bags_path: './data_bags' + product_name: chefdk + +platforms: + - name: ubuntu-16.04 + - name: centos-7 + +suites: + - name: default + run_list: + - recipe[test] + attributes: diff --git a/ops/cookbooks/app/.delivery/build_cookbook/Berksfile b/ops/cookbooks/app/.delivery/build_cookbook/Berksfile new file mode 100644 index 0000000..61dab72 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/Berksfile @@ -0,0 +1,7 @@ +source 'https://supermarket.chef.io' + +metadata + +group :delivery do + cookbook 'test', path: './test/fixtures/cookbooks/test' +end diff --git a/ops/cookbooks/app/.delivery/build_cookbook/LICENSE b/ops/cookbooks/app/.delivery/build_cookbook/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/app/.delivery/build_cookbook/README.md b/ops/cookbooks/app/.delivery/build_cookbook/README.md new file mode 100644 index 0000000..297af5a --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/README.md @@ -0,0 +1,146 @@ +# build_cookbook + +A build cookbook for running the parent project through Chef Delivery + +This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline. + +## .delivery/config.json + +In the parent directory to this build_cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration. + +## Test Kitchen - Local Verify Testing + +This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project. + +Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build_cookbook`), and run: + +``` +kitchen test +``` + +## Recipes + +Each of the recipes in this build_cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section. + +## Making Changes - Cookbook Example + +When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent. + +First, create a new branch for the changes. + +``` +git checkout -b testing-build-cookbook +``` + +Next, increment the version in the metadata.rb. This should be in the _parent_, not in this, the build_cookbook. If this is not done, the verify phase will fail. + +``` +% git diff + +-version '0.1.0' ++version '0.1.1' +``` + +The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`. + +```ruby +require 'spec_helper' + +describe 'godzilla::default' do + context 'When all attributes are default, on Ubuntu 16.04' do + let(:chef_run) do + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.converge(described_recipe) + end + + it 'installs zsh' do + expect(chef_run).to install_package('zsh') + end + end +end +``` + +Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository. + +``` +git add ../.. +git commit -m 'WIP: Testing changes' +``` + +From _this_ directory (`.delivery/build_cookbook`, relative to the parent cookbook project), run + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`. + +``` +cd ../../ +$EDITOR/recipes/default.rb +``` + +It should look like this: + +``` +package 'zsh' +``` + +Create another commit. + +``` +git add . +git commit -m 'WIP: Install zsh in default recipe' +``` + +Now rerun kitchen from the build_cookbook. + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break. + +``` +Recipe: test::default + +- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen + * execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run + - execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen + + - execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen + +Running handlers: +Running handlers complete +Chef Client finished, 3/32 resources updated in 54.665445968 seconds +Finished converging (1m26.83s). +``` + +Victory is ours! Our verify phase passed on the build nodes. + +We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added. + +``` +cd ../.. +delivery review +``` + +## FAQ + +### Why don't I just run rspec and foodcritic/rubocop on my local system? + +An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery. + +### Why do I have to make a commit every time? + +When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery. + +### What do I do next? + +Make changes in the cookbook project as required for organizational goals and needs. Modify the `build_cookbook` as necessary for the pipeline phases that the cookbook should go through. + +### What if I get stuck? + +Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck. diff --git a/ops/cookbooks/app/.delivery/build_cookbook/chefignore b/ops/cookbooks/app/.delivery/build_cookbook/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json b/ops/cookbooks/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json new file mode 100644 index 0000000..af375ea --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json @@ -0,0 +1 @@ +{"id": "delivery_builder_keys"} \ No newline at end of file diff --git a/ops/cookbooks/app/.delivery/build_cookbook/metadata.rb b/ops/cookbooks/app/.delivery/build_cookbook/metadata.rb new file mode 100644 index 0000000..fc26412 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/metadata.rb @@ -0,0 +1,8 @@ +name 'build_cookbook' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'all_rights' +version '0.1.0' +chef_version '>= 13.0' + +depends 'delivery-truck' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/default.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/default.rb new file mode 100644 index 0000000..5bb9df3 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/default.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::default' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/deploy.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/deploy.rb new file mode 100644 index 0000000..43af83c --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/deploy.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: deploy +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::deploy' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/functional.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/functional.rb new file mode 100644 index 0000000..66001fe --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/functional.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: functional +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::functional' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/lint.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/lint.rb new file mode 100644 index 0000000..0188770 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/lint.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: lint +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::lint' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/provision.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/provision.rb new file mode 100644 index 0000000..ac44c47 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/provision.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: provision +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::provision' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/publish.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/publish.rb new file mode 100644 index 0000000..618b3f4 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/publish.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: publish +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::publish' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/quality.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/quality.rb new file mode 100644 index 0000000..7b2ad5d --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/quality.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: quality +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::quality' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/security.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/security.rb new file mode 100644 index 0000000..00096dd --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/security.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: security +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::security' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/smoke.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/smoke.rb new file mode 100644 index 0000000..332646f --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/smoke.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: smoke +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::smoke' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/syntax.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/syntax.rb new file mode 100644 index 0000000..4052638 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/syntax.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: syntax +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::syntax' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/recipes/unit.rb b/ops/cookbooks/app/.delivery/build_cookbook/recipes/unit.rb new file mode 100644 index 0000000..fde68b8 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/recipes/unit.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: unit +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::unit' diff --git a/ops/cookbooks/app/.delivery/build_cookbook/secrets/fakey-mcfakerton b/ops/cookbooks/app/.delivery/build_cookbook/secrets/fakey-mcfakerton new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb b/ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb new file mode 100644 index 0000000..1725039 --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb @@ -0,0 +1,2 @@ +name 'test' +version '0.1.0' \ No newline at end of file diff --git a/ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb b/ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb new file mode 100644 index 0000000..2fd58de --- /dev/null +++ b/ops/cookbooks/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true +%w(unit lint syntax).each do |phase| + # TODO: This works on Linux/Unix. Not Windows. + execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do + cwd '/tmp/repo-data' + user 'vagrant' + environment('GIT_DISCOVERY_ACROSS_FILESYSTEM' => '1') + end +end diff --git a/ops/cookbooks/app/.delivery/config.json b/ops/cookbooks/app/.delivery/config.json new file mode 100644 index 0000000..987952b --- /dev/null +++ b/ops/cookbooks/app/.delivery/config.json @@ -0,0 +1,17 @@ +{ + "version": "2", + "build_cookbook": { + "name": "build_cookbook", + "path": ".delivery/build_cookbook" + }, + "delivery-truck": { + "lint": { + "enable_cookstyle": true + } + }, + "skip_phases": [], + "job_dispatch": { + "version": "v2" + }, + "dependencies": [] +} diff --git a/ops/cookbooks/app/.delivery/project.toml b/ops/cookbooks/app/.delivery/project.toml new file mode 100644 index 0000000..9f54c5e --- /dev/null +++ b/ops/cookbooks/app/.delivery/project.toml @@ -0,0 +1,36 @@ +# Delivery Prototype for Local Phases Execution +# +# The purpose of this file is to prototype a new way to execute +# phases locally on your workstation. The delivery-cli will read +# this file and execute the command(s) that are configured for +# each phase. You can customize them by just modifying the phase +# key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# +# As this is still a prototype we are not modifying the current +# config.json file and it will continue working as usual. + +[local_phases] +unit = "chef exec rspec spec/" +lint = "chef exec cookstyle" +# Foodcritic includes rules only appropriate for community cookbooks +# uploaded to Supermarket. We turn off any rules tagged "supermarket" +# by default. If you plan to share this cookbook you should remove +# '-t ~supermarket' below to enable supermarket rules. +syntax = "chef exec foodcritic . -t ~supermarket" +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Specify a remote URI location for the `project.toml` file. +# This is useful for teams that wish to centrally manage the behavior +# of the `delivery local` command across many different projects. +# +# remote_file = "https://url/project.toml" diff --git a/ops/cookbooks/app/.gitignore b/ops/cookbooks/app/.gitignore new file mode 100644 index 0000000..13e41c4 --- /dev/null +++ b/ops/cookbooks/app/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +.kitchen.local.yml + +# Chef +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/ops/cookbooks/app/.kitchen.yml b/ops/cookbooks/app/.kitchen.yml new file mode 100644 index 0000000..bc0455f --- /dev/null +++ b/ops/cookbooks/app/.kitchen.yml @@ -0,0 +1,26 @@ +--- +driver: + name: vagrant + +provisioner: + name: chef_zero + # You may wish to disable always updating cookbooks in CI or other testing environments. + # For example: + # always_update_cookbooks: <%= !ENV['CI'] %> + always_update_cookbooks: true + +verifier: + name: inspec + +platforms: + - name: ubuntu-16.04 + - name: centos-7 + +suites: + - name: default + run_list: + - recipe[django-bakend::default] + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/ops/cookbooks/app/Berksfile b/ops/cookbooks/app/Berksfile new file mode 100644 index 0000000..2a72827 --- /dev/null +++ b/ops/cookbooks/app/Berksfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true +source 'https://supermarket.chef.io' + # cookbook 'mysql', '~> 8.5.1' + cookbook "library-cookbook", "~> 0.1.1", git: "https://github.com/example/library-cookbook.git" +metadata diff --git a/ops/cookbooks/app/CHANGELOG.md b/ops/cookbooks/app/CHANGELOG.md new file mode 100644 index 0000000..fa2cdb1 --- /dev/null +++ b/ops/cookbooks/app/CHANGELOG.md @@ -0,0 +1,11 @@ +# django-bakend CHANGELOG + +This file is used to list changes made in each version of the django-bakend cookbook. + +# 0.1.0 + +Initial release. + +- change 0 +- change 1 + diff --git a/ops/cookbooks/app/LICENSE b/ops/cookbooks/app/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/app/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/app/README.md b/ops/cookbooks/app/README.md new file mode 100644 index 0000000..0bbe0ca --- /dev/null +++ b/ops/cookbooks/app/README.md @@ -0,0 +1,4 @@ +# django-backend + +TODO: Enter the cookbook description here. + diff --git a/ops/cookbooks/app/chefignore b/ops/cookbooks/app/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/app/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/app/metadata.rb b/ops/cookbooks/app/metadata.rb new file mode 100644 index 0000000..be8b94b --- /dev/null +++ b/ops/cookbooks/app/metadata.rb @@ -0,0 +1,22 @@ +name 'app' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'All Rights Reserved' +description 'Installs/Configures django-backend' +long_description 'Installs/Configures django-backend' +version '0.1.0' +chef_version '>= 13.0' + +depends 't42-common' + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//django-backend/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//django-backend' diff --git a/ops/cookbooks/app/recipes/default.rb b/ops/cookbooks/app/recipes/default.rb new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/app/spec/spec_helper.rb b/ops/cookbooks/app/spec/spec_helper.rb new file mode 100644 index 0000000..052d78a --- /dev/null +++ b/ops/cookbooks/app/spec/spec_helper.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true +require 'chefspec' +require 'chefspec/berkshelf' diff --git a/ops/cookbooks/app/spec/unit/recipes/default_spec.rb b/ops/cookbooks/app/spec/unit/recipes/default_spec.rb new file mode 100644 index 0000000..9b42aab --- /dev/null +++ b/ops/cookbooks/app/spec/unit/recipes/default_spec.rb @@ -0,0 +1,35 @@ +# +# Cookbook:: app +# Spec:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. + +require 'spec_helper' + +describe 'app::default' do + context 'When all attributes are default, on Ubuntu 16.04' do + let(:chef_run) do + # for a complete list of available platforms and versions see: + # https://github.com/customink/fauxhai/blob/master/PLATFORMS.md + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.converge(described_recipe) + end + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end + + context 'When all attributes are default, on CentOS 7.4.1708' do + let(:chef_run) do + # for a complete list of available platforms and versions see: + # https://github.com/customink/fauxhai/blob/master/PLATFORMS.md + runner = ChefSpec::ServerRunner.new(platform: 'centos', version: '7.4.1708') + runner.converge(described_recipe) + end + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end +end diff --git a/ops/cookbooks/app/test/integration/default/default_test.rb b/ops/cookbooks/app/test/integration/default/default_test.rb new file mode 100644 index 0000000..2f46d3c --- /dev/null +++ b/ops/cookbooks/app/test/integration/default/default_test.rb @@ -0,0 +1,16 @@ +# InSpec test for recipe django-bakend::default + +# The InSpec reference, with examples and extensive documentation, can be +# found at http://inspec.io/docs/reference/resources/ + +unless os.windows? + # This is an example test, replace with your own test. + describe user('root'), :skip do + it { should exist } + end +end + +# This is an example test, replace it with your own test. +describe port(80), :skip do + it { should_not be_listening } +end diff --git a/ops/cookbooks/metadata.rb b/ops/cookbooks/metadata.rb new file mode 100644 index 0000000..3b84b32 --- /dev/null +++ b/ops/cookbooks/metadata.rb @@ -0,0 +1,3 @@ +name 'change-me' + +depnds 'app' \ No newline at end of file diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/.kitchen.yml b/ops/cookbooks/vendor/app/.delivery/build_cookbook/.kitchen.yml new file mode 100644 index 0000000..bc6e264 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/.kitchen.yml @@ -0,0 +1,21 @@ +--- +driver: + name: vagrant + synced_folders: + - [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data'] + +provisioner: + name: chef_zero + encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton' + data_bags_path: './data_bags' + product_name: chefdk + +platforms: + - name: ubuntu-16.04 + - name: centos-7 + +suites: + - name: default + run_list: + - recipe[test] + attributes: diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/Berksfile b/ops/cookbooks/vendor/app/.delivery/build_cookbook/Berksfile new file mode 100644 index 0000000..61dab72 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/Berksfile @@ -0,0 +1,7 @@ +source 'https://supermarket.chef.io' + +metadata + +group :delivery do + cookbook 'test', path: './test/fixtures/cookbooks/test' +end diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/LICENSE b/ops/cookbooks/vendor/app/.delivery/build_cookbook/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/README.md b/ops/cookbooks/vendor/app/.delivery/build_cookbook/README.md new file mode 100644 index 0000000..297af5a --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/README.md @@ -0,0 +1,146 @@ +# build_cookbook + +A build cookbook for running the parent project through Chef Delivery + +This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline. + +## .delivery/config.json + +In the parent directory to this build_cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration. + +## Test Kitchen - Local Verify Testing + +This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project. + +Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build_cookbook`), and run: + +``` +kitchen test +``` + +## Recipes + +Each of the recipes in this build_cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section. + +## Making Changes - Cookbook Example + +When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent. + +First, create a new branch for the changes. + +``` +git checkout -b testing-build-cookbook +``` + +Next, increment the version in the metadata.rb. This should be in the _parent_, not in this, the build_cookbook. If this is not done, the verify phase will fail. + +``` +% git diff + +-version '0.1.0' ++version '0.1.1' +``` + +The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`. + +```ruby +require 'spec_helper' + +describe 'godzilla::default' do + context 'When all attributes are default, on Ubuntu 16.04' do + let(:chef_run) do + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.converge(described_recipe) + end + + it 'installs zsh' do + expect(chef_run).to install_package('zsh') + end + end +end +``` + +Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository. + +``` +git add ../.. +git commit -m 'WIP: Testing changes' +``` + +From _this_ directory (`.delivery/build_cookbook`, relative to the parent cookbook project), run + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`. + +``` +cd ../../ +$EDITOR/recipes/default.rb +``` + +It should look like this: + +``` +package 'zsh' +``` + +Create another commit. + +``` +git add . +git commit -m 'WIP: Install zsh in default recipe' +``` + +Now rerun kitchen from the build_cookbook. + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break. + +``` +Recipe: test::default + +- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen + * execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run + - execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen + + - execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen + +Running handlers: +Running handlers complete +Chef Client finished, 3/32 resources updated in 54.665445968 seconds +Finished converging (1m26.83s). +``` + +Victory is ours! Our verify phase passed on the build nodes. + +We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added. + +``` +cd ../.. +delivery review +``` + +## FAQ + +### Why don't I just run rspec and foodcritic/rubocop on my local system? + +An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery. + +### Why do I have to make a commit every time? + +When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery. + +### What do I do next? + +Make changes in the cookbook project as required for organizational goals and needs. Modify the `build_cookbook` as necessary for the pipeline phases that the cookbook should go through. + +### What if I get stuck? + +Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck. diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/chefignore b/ops/cookbooks/vendor/app/.delivery/build_cookbook/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json b/ops/cookbooks/vendor/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json new file mode 100644 index 0000000..af375ea --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json @@ -0,0 +1 @@ +{"id": "delivery_builder_keys"} \ No newline at end of file diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/metadata.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/metadata.rb new file mode 100644 index 0000000..fc26412 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/metadata.rb @@ -0,0 +1,8 @@ +name 'build_cookbook' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'all_rights' +version '0.1.0' +chef_version '>= 13.0' + +depends 'delivery-truck' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/default.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/default.rb new file mode 100644 index 0000000..5bb9df3 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/default.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::default' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/deploy.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/deploy.rb new file mode 100644 index 0000000..43af83c --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/deploy.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: deploy +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::deploy' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/functional.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/functional.rb new file mode 100644 index 0000000..66001fe --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/functional.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: functional +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::functional' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/lint.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/lint.rb new file mode 100644 index 0000000..0188770 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/lint.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: lint +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::lint' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/provision.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/provision.rb new file mode 100644 index 0000000..ac44c47 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/provision.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: provision +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::provision' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/publish.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/publish.rb new file mode 100644 index 0000000..618b3f4 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/publish.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: publish +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::publish' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/quality.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/quality.rb new file mode 100644 index 0000000..7b2ad5d --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/quality.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: quality +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::quality' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/security.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/security.rb new file mode 100644 index 0000000..00096dd --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/security.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: security +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::security' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/smoke.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/smoke.rb new file mode 100644 index 0000000..332646f --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/smoke.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: smoke +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::smoke' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/syntax.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/syntax.rb new file mode 100644 index 0000000..4052638 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/syntax.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: syntax +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::syntax' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/unit.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/unit.rb new file mode 100644 index 0000000..fde68b8 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/recipes/unit.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: unit +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::unit' diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/secrets/fakey-mcfakerton b/ops/cookbooks/vendor/app/.delivery/build_cookbook/secrets/fakey-mcfakerton new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb new file mode 100644 index 0000000..1725039 --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb @@ -0,0 +1,2 @@ +name 'test' +version '0.1.0' \ No newline at end of file diff --git a/ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb b/ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb new file mode 100644 index 0000000..2fd58de --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true +%w(unit lint syntax).each do |phase| + # TODO: This works on Linux/Unix. Not Windows. + execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do + cwd '/tmp/repo-data' + user 'vagrant' + environment('GIT_DISCOVERY_ACROSS_FILESYSTEM' => '1') + end +end diff --git a/ops/cookbooks/vendor/app/.delivery/config.json b/ops/cookbooks/vendor/app/.delivery/config.json new file mode 100644 index 0000000..987952b --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/config.json @@ -0,0 +1,17 @@ +{ + "version": "2", + "build_cookbook": { + "name": "build_cookbook", + "path": ".delivery/build_cookbook" + }, + "delivery-truck": { + "lint": { + "enable_cookstyle": true + } + }, + "skip_phases": [], + "job_dispatch": { + "version": "v2" + }, + "dependencies": [] +} diff --git a/ops/cookbooks/vendor/app/.delivery/project.toml b/ops/cookbooks/vendor/app/.delivery/project.toml new file mode 100644 index 0000000..9f54c5e --- /dev/null +++ b/ops/cookbooks/vendor/app/.delivery/project.toml @@ -0,0 +1,36 @@ +# Delivery Prototype for Local Phases Execution +# +# The purpose of this file is to prototype a new way to execute +# phases locally on your workstation. The delivery-cli will read +# this file and execute the command(s) that are configured for +# each phase. You can customize them by just modifying the phase +# key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# +# As this is still a prototype we are not modifying the current +# config.json file and it will continue working as usual. + +[local_phases] +unit = "chef exec rspec spec/" +lint = "chef exec cookstyle" +# Foodcritic includes rules only appropriate for community cookbooks +# uploaded to Supermarket. We turn off any rules tagged "supermarket" +# by default. If you plan to share this cookbook you should remove +# '-t ~supermarket' below to enable supermarket rules. +syntax = "chef exec foodcritic . -t ~supermarket" +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Specify a remote URI location for the `project.toml` file. +# This is useful for teams that wish to centrally manage the behavior +# of the `delivery local` command across many different projects. +# +# remote_file = "https://url/project.toml" diff --git a/ops/cookbooks/vendor/app/LICENSE b/ops/cookbooks/vendor/app/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/vendor/app/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/vendor/app/README.md b/ops/cookbooks/vendor/app/README.md new file mode 100644 index 0000000..0bbe0ca --- /dev/null +++ b/ops/cookbooks/vendor/app/README.md @@ -0,0 +1,4 @@ +# django-backend + +TODO: Enter the cookbook description here. + diff --git a/ops/cookbooks/vendor/app/chefignore b/ops/cookbooks/vendor/app/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/vendor/app/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/app/metadata.json b/ops/cookbooks/vendor/app/metadata.json new file mode 100644 index 0000000..8a71b1e --- /dev/null +++ b/ops/cookbooks/vendor/app/metadata.json @@ -0,0 +1,35 @@ +{ + "name": "app", + "description": "Installs/Configures django-backend", + "long_description": "Installs/Configures django-backend", + "maintainer": "The Authors", + "maintainer_email": "you@example.com", + "license": "All Rights Reserved", + "platforms": { + + }, + "dependencies": { + "t42-common": ">= 0.0.0" + }, + "providing": { + + }, + "recipes": { + + }, + "version": "0.1.0", + "source_url": "", + "issues_url": "", + "privacy": false, + "chef_versions": [ + [ + ">= 13.0" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ] +} diff --git a/ops/cookbooks/vendor/app/metadata.rb b/ops/cookbooks/vendor/app/metadata.rb new file mode 100644 index 0000000..be8b94b --- /dev/null +++ b/ops/cookbooks/vendor/app/metadata.rb @@ -0,0 +1,22 @@ +name 'app' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'All Rights Reserved' +description 'Installs/Configures django-backend' +long_description 'Installs/Configures django-backend' +version '0.1.0' +chef_version '>= 13.0' + +depends 't42-common' + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//django-backend/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//django-backend' diff --git a/ops/cookbooks/vendor/app/recipes/default.rb b/ops/cookbooks/vendor/app/recipes/default.rb new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/ark/.foodcritic b/ops/cookbooks/vendor/ark/.foodcritic new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/ark/CHANGELOG.md b/ops/cookbooks/vendor/ark/CHANGELOG.md new file mode 100644 index 0000000..b8ad542 --- /dev/null +++ b/ops/cookbooks/vendor/ark/CHANGELOG.md @@ -0,0 +1,263 @@ +# ark Cookbook CHANGELOG + +This file is used to list changes made in each version of the ark cookbook. + +## 4.0.0 (2018-07-25) + +- Support append_env_path property on Windows, which increases the minimum required Chef release to Chef 13.4 + +## 3.1.1 (2018-07-24) + +- Remove ChefSpec matchers since these are autogenerated now +- Update specs to the latest platform versions +- Remove template out of defaults directory +- Remove dependency on the Windows cookbook + +## 3.1.0 (2017-05-06) + +- Ensure the dependencies get installed on Chef 13 Amazon Linux systems +- Require Chef 12.7+ and remove action_class.class_eval usage + +## 3.0.0 (2017-04-05) + +- Rewrite of resource to custom resources. +- Remove EOL platforms from testing. +- Update zlib URL +- +## 2.2.1 (2016-12-16) +- Use Ohai root_group attribute to avoid trying to set the group to root on BSD/macOS. +- Add missing accessor for owner property + +## 2.2.0 (2016-12-14) + +- Add detection of .7z file extensions +- Fix 7zip extraction using strip_components >= 1 to properly extract to the path instead of the user's home_dir +- Always quote the path to the 7zip and xcopy binaries as they may have spaces +- Clarified in the readme that the install_with_make action includes the configure action +- Fix files with very long paths failing to extract on Windows +- Fix default owner of 'root' failing on Windows +- Fix 7-zip extraction with long paths when strip_components is >= 1 +- Add the group attribute parameter to README +- Fix package installation failure on macOS systems +- Use x to extract with 7-zip, not e. Use e only for dump, which strips directories. + +## 2.1.0 (2016-11-15) + +- Move tar/7zip path logic out of attributes and into helpers to prevent failures when 7zip is not installed before the chef run starts +- Improve platform testing in Test Kitchen +- Recognize Windows as a supported platform in the readme +- Introduce a new attribute for overriding the 7-zip location: node['ark']['sevenzip_binary'] + +## 2.0.2 (2016-11-03) + +- Fix suse support and centos < 6 + +## 2.1.0 (2016-11-01) + +- Use multipackage installs to speed up installation +- Avoid installation package dependencies on Windows entirely +- Remove the testing bin stubs + +## 2.0.0 (2016-09-15) + +- Add CentOS 7.2, Fedora 23, and Suse specs +- Add centos 5, debian, and opensuse travis testing +- Add a contributing doc +- Fix cookstyle warnings +- Require Chef 12.1+ + +## [v1.2.0](https://github.com/chef-cookbooks/ark/tree/v1.2.0) (2016-07-03) + +[Full Changelog](https://github.com/chef-cookbooks/ark/compare/v1.1.0...v1.2.0) + +- Create seven_zip unpack command when strip_components is 0 [#155](https://github.com/chef-cookbooks/ark/pull/155) ([terkill](https://github.com/terkill)) +- Get 7zip path from the windows registry. [#153](https://github.com/chef-cookbooks/ark/pull/153) ([buri17](https://github.com/buri17)) +- Use fullpath for xcopy and icacls. [#152](https://github.com/chef-cookbooks/ark/pull/152) ([buri17](https://github.com/buri17)) +- Define custom matcher helper for notification testing, fixes #139 [#144](https://github.com/chef-cookbooks/ark/pull/144) ([szymonpk](https://github.com/szymonpk)) + +## v1.1.0 (2016-05-19) + +- Add support for RHEL 7 +- Fixes to the readme to clarify actions / properties +- Expose the backup property in remote file to the ark resource +- Transfer the cookbook back to Chef +- Resolve all rubocop warnings +- Add maintainers files and Chef contributing docs +- Test on the latest platforms in .kitchen.yml and update Travis to use kitchen-dokken with additional platforms + +## v1.0.1 (2016-02-16) + +- Remove a large number of zero byte archives that snuck into the repository +- Remove a Chef 10 compatibility check in the custom resource + +## v1.0.0 (2016-02-09) + +- Added the pkg-config package to the debian platform family +- Added tar, xz-lzma-compat, and bzip2 packages to the RHEL and fedora platform families +- Updated FreeBSD to install gmake instead of make +- Added OS X, SmartOS, and FreeBSD to the tar path attributes to support those platforms +- Removed the has_binaries attribute from put action documentation in the readme file since this isn't supported there +- Moved the libraries module locations to no longer be under Opscode:: and broke out libraries into more logical units +- Fixed issues with spaces in Windows paths that could cause failures +- Fixed a bad attribute for the 7zip home on windows. Instead of using a node attribute use the value directly to avoid computed attribute overiding issues +- Switched from the 7-zip cookbook to seven_zip since the 7-zip cookbook is now deprecated +- Changed unzip commands to not use -u so that a newer archive can overwrite an existing directory +- Added support for actions py_setup, py_setup_install, py_setup_build +- Fixed setting home_dir attribute +- Added source_url and issues_url to the metadata.rb +- Expanded the supported platforms in metadata.rb +- Removed all references to Opscode +- Improved error logging when an unknown extension is encountered +- Added support for .tar files +- Improved overall testing: + + - Removed the kitchen.cloud.yml file and gem dependencies + - Added integration testing in Travis with Kitchen-Docker and Travis tests now run using the nightly build of ChefDK + - Expanded platforms tested in the .kitchen.yml file + - Updated the Gemfile with the latest testing dependencies + - Added full Chefspec coverage + - Greatly expanded the ark_spec test cookbook + - Removed the original minitests + +- Added standard Chef .gitignore and chefignore files + +- Resolved a large number of rubocop warnings + +- Removed old Opscode contributing and testing docs + +- Added a cookbook version badge to the readme + +- Removed the Toftfile + +## v0.9.0 (2014-06-06) + +- [COOK-3642] Add Windows support + +## v0.8.2 (2014-04-23) + +- [COOK-4514] - Support for SLES with the Ark cookbook + +## v0.8.0 (2014-04-10) + +- [COOK-2771] - Add support for XZ compression + +## v0.7.2 (2014-03-28) + +- [COOK-4477] - Fix failing test suite +- [COOK-4484] - Replace strip_leading_dir attribute with more general strip_components + +## v0.7.0 (2014-03-18) + +- [COOK-4437] - configure and install_with_make should chown after unpack + +## v0.6.0 (2014-02-27) + +[COOK-3786] - Unable to install multiple versions of archive without duplication + +## v0.5.0 (2014-02-21) + +### Bug + +- **[COOK-4288](https://tickets.opscode.com/browse/COOK-4288)** - Cleanup the Kitchen + +### Improvement + +- **[COOK-4264](https://tickets.opscode.com/browse/COOK-4264)** - Add node['ark']['package_dependencies'] to allow tuning packages. + +## v0.4.2 + +### Improvement + +- **[COOK-3854](https://tickets.opscode.com/browse/COOK-3854)** - Capability with mac_os_x: '/bin/chown' - No such file or directory +- Cleaning up some style for rubucop +- Updating test harness + +## v0.4.0 + +### Improvement + +- **[COOK-3539](https://tickets.opscode.com/browse/COOK-3539)** - Allow dumping of bz2 and gzip files + +## v0.3.2 + +### Bug + +- **[COOK-3191](https://tickets.opscode.com/browse/COOK-3191)** - Propogate unzip failures +- **[COOK-3118](https://tickets.opscode.com/browse/COOK-3118)** - Set cookbook attribute in provider +- **[COOK-3055](https://tickets.opscode.com/browse/COOK-3055)** - Use proper scope in helper module +- **[COOK-3054](https://tickets.opscode.com/browse/COOK-3054)** - Fix notification resource updating + +### Improvement + +- **[COOK-3179](https://tickets.opscode.com/browse/COOK-3179)** - README updates and refactor + +## v0.3.0 + +### Improvement + +- [COOK-3087]: Can't use ark with chef < 11 + +### Bug + +- [COOK-3064]: `only_if` statements in ark's `install_with_make` and configure actions are not testing for file existence correctly. +- [COOK-3067]: ark kitchen test for `cherry_pick` is expecting the binary to be in the same parent folder as in the archive. + +## v0.2.4 + +### Bug + +- [COOK-3048]: Ark provider contains a `ruby_block` resource without a block attribute +- [COOK-3063]: Ark cookbook `cherry_pick` action's unzip command does not close if statement +- [COOK-3065]: Ark install action does not symlink binaries correctly + +## v0.2.2 + +- Update the README to reflect the requirement for Chef 11 to use the ark resource (`use_inline_resources`). +- Making this a release so it will also appear on the community site page. + +## v0.2.0 + +### Bug + +- [COOK-2772]: Ark cookbook has foodcritic failures in provides/default.rb + +### Improvement + +- [COOK-2520]: Refactor ark providers to use the '`use_inline_resources`' LWRP DSL feature + +## v0.1.0 + +- [COOK-2335] - ark resource broken on Chef 11 + +## v0.0.1 + +- [COOK-2026] - Allow `cherry_pick` action to be used for directories as well as files + +## v0.0.1 + +- [COOK-1593] - README formatting updates for better display on Community Site + +## v0.0.1 + +### Bug + +- dangling "unless" + +### Improvement + +- add `setup_py_*` actions +- add vagrantfile +- add foodcritic test +- travis.ci support + +## v0.0.10 (May 23, 2012 + +### Bug + +- `strip_leading_dir` not working for zip files + +### Improvement + +- use autogen.sh to generate configure script for configure action +- support more file extensions +- add extension attribute which allows you to download files which do not have the file extension as part of the URL diff --git a/ops/cookbooks/vendor/ark/CONTRIBUTING.md b/ops/cookbooks/vendor/ark/CONTRIBUTING.md new file mode 100644 index 0000000..ef2f2b8 --- /dev/null +++ b/ops/cookbooks/vendor/ark/CONTRIBUTING.md @@ -0,0 +1,2 @@ +Please refer to +https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/ops/cookbooks/vendor/ark/README.md b/ops/cookbooks/vendor/ark/README.md new file mode 100644 index 0000000..7fe2007 --- /dev/null +++ b/ops/cookbooks/vendor/ark/README.md @@ -0,0 +1,298 @@ +# ark cookbook + +[![Build Status](https://travis-ci.org/chef-cookbooks/ark.svg?branch=master)](https://travis-ci.org/chef-cookbooks/ark) [![Cookbook Version](https://img.shields.io/cookbook/v/ark.svg)](https://supermarket.chef.io/cookbooks/ark) + +## Overview + +This cookbook provides `ark`, a resource for managing software archives. It manages the fetch-unpack-configure-build-install process common to installing software from source, or from binary distributions that are not fully fledged OS packages. + +This cookbook started its life as a modified version of Infochimp's install_from cookbook. It has since been heavily refactored and extended to meet different use cases. + +Given a simple project archive available at a url: + +```ruby +ark 'pig' do + url 'http://apache.org/pig/pig-0.8.0.tar.gz' +end +``` + +The `ark` resource will: + +- fetch it to to `/var/cache/chef/` +- unpack it to the default path (`/usr/local/pig-0.8.0`) +- create a symlink for `:home_dir` (`/usr/local/pig`) pointing to path +- add specified binary commands to the environment `PATH` variable + +By default, the ark will not run again if the `:path` is not empty. Ark provides many actions to accommodate different use cases, such as `:dump`, `:cherry_pick`, `:put`, and `:install_with_make`. + +At this time ark only handles files available from URLs using the [remote_file](http://docs.chef.io/resource_remote_file.html) provider. It does handle local files using the `file://` protocol. + +## Requirements + +### Platforms + +- Debian/Ubuntu +- RHEL/CentOS/Scientific/Oracle +- Fedora +- FreeBSD +- SmartOS +- Mac OS X +- openSUSE / SUSE Linux Enterprises +- Windows + +Should work on common Unix/Linux systems with typical userland utilities like tar, gzip, etc. May require the installation of build tools for compiling from source, but that installation is outside the scope of this cookbook. + +### Chef + +- Chef 13.4+ + +### Cookbooks + +- build-essential +- seven_zip + +## Attributes + +Customize the attributes to suit site specific conventions and defaults. + +- `node['ark']['apache_mirror']` - if the URL is an apache mirror, use the attribute as the default. default: `http://apache.mirrors.tds.net` +- `node['ark']['prefix_root']` - default base location if the `prefix_root` is not passed into the resource. default: `/usr/local` +- `node['ark']['prefix_bin']` - default binary location if the `prefix_bin` is not passed into the resource. default: `/usr/local/bin` +- `node['ark']['prefix_home']` - default home location if the `prefix_home` is not passed into the resource. default: `/usr/local` +- `node['ark']['package_dependencies']` - prerequisite system packages that need to be installed to support ark. default: varies based on platform +- `node['ark']['tar']` - allows overriding the default path to the tar binary, which varies based on platform +- `node['ark']['sevenzip_binary']` - allows overriding the default path to the 7zip binary, which is determined based on registry key value + +## Resources + +- `ark` - does the extract/build/configure + +### Actions + +- `:install`: extracts the file and creates a 'friendly' symbolic link to the extracted directory path +- `:configure`: configure ahead of the install action +- `:install_with_make`: extracts the archive to a path, runs `configure`, `make`, and `make install`. +- `:dump`: strips all directories from the archive and dumps the contained files into a specified path +- `:cherry_pick`: extract a specified file from an archive and places in specified path +- `:put`: extract the archive to a specified path, does not create any symbolic links +- `:remove`: removes the extracted directory and related symlink #TODO +- `:setup_py`: runs the command "python setup.py" in the extracted directory +- `:setup_py_build`: runs the command "python setup.py build" in the extracted directory +- `:setup_py_install`: runs the command "python setup.py install" in the extracted directory + +### :cherry_pick + +Extract a specified file from an archive and places in specified path. + +#### Relevant Attribute Parameters for :cherry_pick + +- `path`: directory to place file in. +- `creates`: specific file to cherry-pick. + +### :dump + +Strips all directories from the archive and dumps the contained files into a specified path. + +NOTE: This currently only works for zip archives + +#### Attribute Parameters for :dump + +- `path`: path to dump files to. +- `mode`: file mode for `app_home`, as an integer. + + - Example: `0775` + +- `creates`: if you are appending files to a given directory, ark needs a condition to test whether the file has already been extracted. You can specify with creates, a file whose existence indicates the ark has previously been extracted and does not need to be extracted again. + +### :put + +Extract the archive to a specified path, does not create any symbolic links. + +#### Attribute Parameters for :put + +- `path`: path to extract to. + + - Default: `/usr/local` + +- `append_env_path`: boolean, if true, append the `./bin` directory of the extracted directory to the global `PATH` variable for all users. + +### Attribute Parameters + +- `name`: name of the package, defaults to the resource name. +- `url`: url for tarball, `.tar.gz`, `.bin` (oracle-specific), `.war`, and `.zip` currently supported. Also supports special syntax +- `:name:version:apache_mirror:` that will auto-magically construct download url from the apache mirrors site. +- `version`: software version, defaults to `1`. +- `mode`: file mode for `app_home`, is an integer. +- `prefix_root`: default `prefix_root`, for use with `:install*` actions. +- `prefix_home`: default directory prefix for a friendly symlink to the path. + + - Example: `/usr/local/maven` -> `/usr/local/maven-2.2.1` + +- `prefix_bin`: default directory to place a symlink to a binary command. + + - Example: `/opt/bin/mvn` -> `/opt/maven-2.2.1/bin/mvn`, where the `prefix_bin` is `/opt/bin` + +- `path`: path to extract the ark to. The `:install*` actions overwrite any user-provided values for `:path`. + + - Default: `/usr/local/-` for the `:install`, `:install_with_make` actions + +- `home_dir`: symbolic link to the path `:prefix_root/:name-:version`, does not apply to `:dump`, `:put`, or `:cherry_pick` actions. + + - Default: `:prefix_root/:name` + +- `has_binaries`: array of binary commands to symlink into `/usr/local/bin/`, you must specify the relative path. + + - Example: `[ 'bin/java', 'bin/javaws' ]` + +- `append_env_path`: boolean, similar to `has_binaries` but less granular. If true, append the `./bin` directory of the extracted directory to. the `PATH` environment variable for all users, by placing a file in `/etc/profile.d/`. The commands are symbolically linked into `/usr/bin/*`. This option provides more granularity than the boolean option. + + - Example: `mvn`, `java`, `javac`, etc. + +- `environment`: hash of environment variables to pass to invoked shell commands like `tar`, `unzip`, `configure`, and `make`. + +- `strip_components`: number of components in path to strip when extracting archive. With default value of `1`, ark strips the leading directory from an archive, which is the default for both `unzip` and `tar` commands. + +- `autoconf_opts`: an array of command line options for use with the GNU `autoconf` script. + + - Example: `[ '--include=/opt/local/include', '--force' ]` + +- `make_opts`: an array of command line options for use with `make`. + + - Example: `[ '--warn-undefined-variables', '--load-average=2' ]` + +- `owner`: owner of extracted directory. + + - Default: `root` + +- `group`: group of extracted directory. + + - Default: `root` + +- `backup`: The number of backups to be kept in /var/chef/backup (for UNIX- and Linux-based platforms) or C:/chef/backup (for the Microsoft Windows platform). Set to false to prevent backups from being kept. + + - Default: `5` + +#### Examples + +This example copies `ivy.tar.gz` to `/var/cache/chef/ivy-2.2.0.tar.gz`, unpacks its contents to `/usr/local/ivy-2.2.0/` -- stripping the leading directory, and symlinks `/usr/local/ivy` to `/usr/local/ivy-2.2.0` + +```ruby + # install Apache Ivy dependency resolution tool + ark "ivy" do + url 'http://someurl.example.com/ivy.tar.gz' + version '2.2.0' + checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5' + action :install + end +``` + +This example copies `jdk-7u2-linux-x64.tar.gz` to `/var/cache/chef/jdk-7.2.tar.gz`, unpacks its contents to `/usr/local/jvm/jdk-7.2/` -- stripping the leading directory, symlinks `/usr/local/jvm/default` to `/usr/local/jvm/jdk-7.2`, and adds `/usr/local/jvm/jdk-7.2/bin/` to the global `PATH` for all users. The user 'foobar' is the owner of the `/usr/local/jvm/jdk-7.2` directory: + +```ruby + ark 'jdk' do + url 'http://download.example.com/jdk-7u2-linux-x64.tar.gz' + version '7.2' + path "/usr/local/jvm/" + home_dir "/usr/local/jvm/default" + checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5' + append_env_path true + owner 'foobar' + end +``` + +Install Apache Ivy dependency resolution tool in `/resource_name` in this case `/usr/local/ivy`, do not symlink, and strip any leading directory if one exists in the tarball: + +```ruby + ark "ivy" do + url 'http://someurl.example.com/ivy.tar.gz' + checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5' + action :put + end +``` + +Install Apache Ivy dependency resolution tool in `/home/foobar/ivy`, strip any leading directory if one exists, don't keep backup copies of `ivy.tar.gz`: + +```ruby + ark "ivy" do + path "/home/foobar" + url 'http://someurl.example.com/ivy.tar.gz' + checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5' + action :put + backup false + end +``` + +Strip all directories and dump files into path specified by the path attribute. You must specify the `creates` attribute in order to keep the extraction from running every time. The directory path will be created if it doesn't already exist: + +```ruby + ark "my_jars" do + url "http://example.com/bunch_of_jars.zip" + path "/usr/local/tomcat/lib" + creates "mysql.jar" + owner "tomcat" + action :dump + end +``` + +Extract specific files from a tarball (currently only handles one named file): + +```ruby + ark 'mysql-connector-java' do + url 'http://oracle.com/mysql-connector.zip' + creates 'mysql-connector-java-5.0.8-bin.jar' + path '/usr/local/tomcat/lib' + action :cherry_pick + end +``` + +Build and install haproxy and use alternative values for `prefix_root`, `prefix_home`, and `prefix_bin`: + +```ruby + ark "haproxy" do + url "http://haproxy.1wt.eu/download/1.5/src/snapshot/haproxy-ss-20120403.tar.gz" + version "1.5" + checksum 'ba0424bf7d23b3a607ee24bbb855bb0ea347d7ffde0bec0cb12a89623cbaf911' + make_opts [ 'TARGET=linux26' ] + prefix_root '/opt' + prefix_home '/opt' + prefix_bin '/opt/bin' + action :install_with_make + end +``` + +You can also supply the file extension in case the file extension can not be determined by the URL: + +```ruby + ark "test_autogen" do + url 'https://github.com/zeromq/libzmq/tarball/master' + extension "tar.gz" + action :install_with_make + end +``` + +## License & Authors + +- Author: Philip (flip) Kromer - Infochimps, Inc([coders@infochimps.com](mailto:coders@infochimps.com)) +- Author: Bryan W. Berry ([bryan.berry@gmail.com](mailto:bryan.berry@gmail.com)) +- Author: Denis Barishev ([denis.barishev@gmail.com](mailto:denis.barishev@gmail.com)) +- Author: Sean OMeara ([someara@chef.io](mailto:someara@chef.io)) +- Author: John Bellone ([jbellone@bloomberg.net](mailto:jbellone@bloomberg.net)) +- Copyright: 2011, Philip (flip) Kromer - Infochimps, Inc +- Copyright: 2012, Bryan W. Berry +- Copyright: 2012, Denis Barishev +- Copyright: 2013-2017, Chef Software, Inc +- Copyright: 2014, Bloomberg L.P. + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/ops/cookbooks/vendor/ark/attributes/default.rb b/ops/cookbooks/vendor/ark/attributes/default.rb new file mode 100644 index 0000000..10b3e01 --- /dev/null +++ b/ops/cookbooks/vendor/ark/attributes/default.rb @@ -0,0 +1,47 @@ +# +# Cookbook:: ark +# Attributes:: default +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['ark']['apache_mirror'] = 'http://apache.mirrors.tds.net' +default['ark']['prefix_root'] = '/usr/local' +default['ark']['prefix_bin'] = '/usr/local/bin' +default['ark']['prefix_home'] = '/usr/local' + +# the default path will be determined based on platform, but can be overridden here +default['ark']['tar'] = nil + +# the default path will be determined from the registry, but you may override here +default['ark']['sevenzip_binary'] = nil + +pkgs = %w(libtool autoconf) unless platform_family?('mac_os_x') +pkgs += %w(make) unless platform_family?('mac_os_x', 'freebsd') +pkgs += %w(unzip rsync gcc) unless platform_family?('mac_os_x') +pkgs += %w(autogen) unless platform_family?('rhel', 'fedora', 'mac_os_x', 'suse', 'amazon') +pkgs += %w(gtar) if platform?('freebsd') || platform?('smartos') +pkgs += %w(gmake) if platform?('freebsd') +if platform_family?('rhel', 'suse', 'amazon') + if node['platform_version'].to_i >= 7 + pkgs += %w(xz bzip2 tar) + elsif node['platform_version'].to_i < 7 + pkgs += %w(xz-lzma-compat bzip2 tar) + end +elsif platform_family?('fedora') + pkgs += %w(xz-lzma-compat bzip2 tar) +end +pkgs += %w(shtool pkg-config) if platform_family?('debian') + +default['ark']['package_dependencies'] = pkgs diff --git a/ops/cookbooks/vendor/ark/files/default/foo.tar.gz b/ops/cookbooks/vendor/ark/files/default/foo.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..16aa5a72262ee8ffdd8ed6523d796fc310148c7c GIT binary patch literal 219 zcmV<103`n(iwFQRj;2ol1MSu83W6{gfZ<(=S5V*P4wn-}N&Zm519bUKNDv_`a8mF- ze})Ix;B~WTno~Dijw&IELU7}#gOm9d zf512Ae=uWz<8{vYzlVAMYjcX1+t2ag{-5>FL(uI1JuLcHO?%t?Bly0*lX3sk9{>OV V000000000!_XJS<(X{|5005gLZx8?g literal 0 HcmV?d00001 diff --git a/ops/cookbooks/vendor/ark/files/default/foo.tbz b/ops/cookbooks/vendor/ark/files/default/foo.tbz new file mode 100644 index 0000000000000000000000000000000000000000..6f29777ec1e157f8fd531ae4e57e4eea364a525e GIT binary patch literal 163 zcmV;U09^k^00IC2fCwM}l!nwI zk7+|ek(1N_ijsP2Z4*Ngp^?2)S7V+vCP0BIDyMn&kkZ4GR&Aq$Btga;z~)@=Rc^W& z9hoCFq=`ZpWLt?bLhh1c7?LDc-ViZmMN-O|84n^=s9_ng2a?xUaiHuurs-qD1TZ`h R)aZzR7ji{7P>>s)4CiZ8KuiDt literal 0 HcmV?d00001 diff --git a/ops/cookbooks/vendor/ark/files/default/foo.tgz b/ops/cookbooks/vendor/ark/files/default/foo.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f78dd037253c3c2350fd9ed480320bea6be31966 GIT binary patch literal 152 zcmb2|=3sbOxXYh``R&DnTuh1r4G$|t<}Yw7p7Z?X=}U513wf&kd=Yq~I*rfi;QvOB z#S1>1e_b`@;FiMe``pd%zRMT7y(A^vdS^zD=Vlh^zZ>5buD`6yVyXYtDAxY|ZR`KR z#jo#&*<4AN{p!Xar&5v1QL#Of5|vCpFx9x0RSFs BMTr0a literal 0 HcmV?d00001 diff --git a/ops/cookbooks/vendor/ark/files/default/foo.txz b/ops/cookbooks/vendor/ark/files/default/foo.txz new file mode 100644 index 0000000000000000000000000000000000000000..7f742da55c07756dff398f33fa25681310ea7fdf GIT binary patch literal 200 zcmV;(05|{rH+ooF000E$*0e?f03iVu0001VFXf})C;tG4T>vv1>|OxfG-0AA4iM3v zBfN0Wv4-Tm_tGCGrz781mq2|@ZlR!$J;&($Z%Ow~ zLcHt}C|L&dMaH^;GLMF>0002FsZM0o*@zV3HB>Ci$ZIiU-L}Ntt;NpIrpH#i$RD z&(KW~LNg^LKOX2ou-`ytfiTWcLN`ks)2!V5qEx~LGBU|A7Xe0_S{B;B|5fRA> ziAW6RAxy)JMwn>~3|ktVkW52FD$rC=q>^oF52~rq2qtVQdSLP}z}yP*`86a{A(0I< z5o_cie2;FT5ZpwN?`0SfVF@x37V)H;D~@7r2Bx`)M1ae1RyLsj7}$W2k%@s}C(sB6 F1^~sT!)^co literal 0 HcmV?d00001 diff --git a/ops/cookbooks/vendor/ark/files/default/foo_sub.tar.gz b/ops/cookbooks/vendor/ark/files/default/foo_sub.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..258d205f7711c7f2198f1471b184c3d02e12c4ef GIT binary patch literal 193 zcmV;y06za8iwFQ!yE0P%1MSmG3WG2dg<+SH6|^_zCRvXT#3EGi0bPF6T01DT;2?tZ z|0ZV=%#9~$`u<#GCL+;$^UScMl)B`Lv8A)>o!8)u*fLltjL$vT!#qyakVdJxwri_l z{xYJLGB6wOHVR&_-zd1Wf}4SnxCSH=1q^sP5v@B!~&NgiJuUp9jf=q|7`r-64Qv3eY!(dL||p1Hu?SVq}tI z#uXwG(6A9;cLtO4;WdkZ_U;#o0U@{Q^Vg?2P5ffmE literal 0 HcmV?d00001 diff --git a/ops/cookbooks/vendor/ark/libraries/default.rb b/ops/cookbooks/vendor/ark/libraries/default.rb new file mode 100644 index 0000000..635695c --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/default.rb @@ -0,0 +1,112 @@ +require_relative 'platform_specific_builders' +require_relative 'resource_deprecations' +require_relative 'resource_defaults' +require_relative 'sevenzip_command_builder' +require_relative 'unzip_command_builder' +require_relative 'tar_command_builder' +require_relative 'general_owner' +require_relative 'windows_owner' + +module Ark + module ProviderHelpers + extend ::Ark::PlatformSpecificBuilders + + generates_archive_commands_for :seven_zip, + when_the: -> { node['platform_family'] == 'windows' }, + with_klass: ::Ark::SevenZipCommandBuilder + + generates_archive_commands_for :unzip, + when_the: -> { new_resource.extension =~ /zip|war|jar/ }, + with_klass: ::Ark::UnzipCommandBuilder + + generates_archive_commands_for :tar, + when_the: -> { true }, + with_klass: ::Ark::TarCommandBuilder + + generates_owner_commands_for :windows, + when_the: -> { node['platform_family'] == 'windows' }, + with_klass: ::Ark::WindowsOwner + + generates_owner_commands_for :all_other_platforms, + when_the: -> { true }, + with_klass: ::Ark::GeneralOwner + + def deprecations + ::Ark::ResourceDeprecations.on(new_resource) + end + + def show_deprecations + deprecations.each { |message| Chef::Log.warn("DEPRECATED: #{message}") } + end + + def defaults + @resource_defaults ||= ::Ark::ResourceDefaults.new(new_resource) + end + + def set_paths + new_resource.extension = defaults.extension + new_resource.prefix_bin = defaults.prefix_bin + new_resource.prefix_root = defaults.prefix_root + new_resource.home_dir = defaults.home_dir + new_resource.version = defaults.version + new_resource.owner = defaults.owner + + # TODO: what happens when the path is already set -- + # with the current logic we overwrite it + # if you are in windows we overwrite it + # otherwise we overwrite it with the root/name-version + new_resource.path = defaults.path + new_resource.release_file = defaults.release_file + end + + def set_put_paths + new_resource.extension = defaults.extension + + # TODO: Should we be setting the prefix_root - + # as the prefix_root could be used in the path_with_version + # new_resource.prefix_root = default.prefix_root + new_resource.path = defaults.path_without_version + new_resource.release_file = defaults.release_file_without_version + end + + def set_dump_paths + new_resource.extension = defaults.extension + new_resource.release_file = defaults.release_file_without_version + end + + def unpack_command + archive_application.unpack + end + + def dump_command + archive_application.dump + end + + def cherry_pick_command + archive_application.cherry_pick + end + + def unzip_command + archive_application.unpack + end + + def owner_command + owner_builder_klass.new(new_resource).command + end + + private + + def archive_application + @archive_application ||= archive_builder_klass.new(new_resource) + end + + def archive_builder_klass + new_resource.extension ||= defaults.extension + Ark::ProviderHelpers.archive_command_generators.find { |condition, _klass| instance_exec(&condition) }.last + end + + def owner_builder_klass + Ark::ProviderHelpers.owner_command_generators.find { |condition, _klass| instance_exec(&condition) }.last + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/general_owner.rb b/ops/cookbooks/vendor/ark/libraries/general_owner.rb new file mode 100644 index 0000000..f7591de --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/general_owner.rb @@ -0,0 +1,13 @@ +module Ark + class GeneralOwner + def initialize(resource) + @resource = resource + end + + attr_reader :resource + + def command + "chown -R #{resource.owner}:#{resource.group} #{resource.path}" + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/platform_specific_builders.rb b/ops/cookbooks/vendor/ark/libraries/platform_specific_builders.rb new file mode 100644 index 0000000..b8bd6f0 --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/platform_specific_builders.rb @@ -0,0 +1,23 @@ +module Ark + module PlatformSpecificBuilders + def generates_archive_commands_for(_name, options) + condition = options[:when_the] + builder = options[:with_klass] + archive_command_generators.push [condition, builder] + end + + def archive_command_generators + @archive_command_generators ||= [] + end + + def generates_owner_commands_for(_name, options) + condition = options[:when_the] + builder = options[:with_klass] + owner_command_generators.push [condition, builder] + end + + def owner_command_generators + @owner_command_generators ||= [] + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/resource_defaults.rb b/ops/cookbooks/vendor/ark/libraries/resource_defaults.rb new file mode 100644 index 0000000..9b5ac76 --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/resource_defaults.rb @@ -0,0 +1,119 @@ +module Ark + class ResourceDefaults + def extension + resource.extension || generate_extension_from_url(resource.url.clone) + end + + def prefix_bin + resource.prefix_bin || prefix_bin_from_node_in_run_context + end + + def prefix_root + resource.prefix_root || prefix_root_from_node_in_run_context + end + + def home_dir + if resource.home_dir.nil? || resource.home_dir.empty? + prefix_home = resource.prefix_home || prefix_home_from_node_in_run_context + ::File.join(prefix_home, resource.name) + else + resource.home_dir + end + end + + def version + resource.version || default_version + end + + def path + if windows? + resource.win_install_dir + else + ::File.join(resource.prefix_root, "#{resource.name}-#{resource.version}") + end + end + + def owner + resource.owner || default_owner + end + + def windows? + node_in_run_context['platform_family'] == 'windows' + end + + def path_without_version + partial_path = resource.path || prefix_root_from_node_in_run_context + ::File.join(partial_path, resource.name) + end + + def release_file + release_filename = "#{resource.name}-#{resource.version}.#{resource.extension}" + ::File.join(file_cache_path, release_filename) + end + + def release_file_without_version + release_filename = "#{resource.name}.#{resource.extension}" + ::File.join(file_cache_path, release_filename) + end + + def initialize(resource) + @resource = resource + end + + private + + attr_reader :resource + + def generate_extension_from_url(url) + # purge any trailing redirect + url =~ %r{^https?:\/\/.*(.bin|bz2|gz|jar|tbz|tgz|txz|war|xz|zip|7z)(\/.*\/)} + url.gsub!(Regexp.last_match(2), '') unless Regexp.last_match(2).nil? + # remove trailing query string + release_basename = ::File.basename(url.gsub(/\?.*\z/, '')).gsub(/-bin\b/, '') + # (\?.*)? accounts for a trailing querystring + Chef::Log.debug("DEBUG: release_basename is #{release_basename}") + release_basename =~ /^(.+?)\.(jar|tar\.bz2|tar\.gz|tar\.xz|tbz|tgz|txz|war|zip|tar|7z)(\?.*)?/ + Chef::Log.debug("DEBUG: file_extension is #{Regexp.last_match(2)}") + Regexp.last_match(2) + end + + def prefix_bin_from_node_in_run_context + node_in_run_context['ark']['prefix_bin'] + end + + def prefix_root_from_node_in_run_context + node_in_run_context['ark']['prefix_root'] + end + + def prefix_home_from_node_in_run_context + node_in_run_context['ark']['prefix_home'] + end + + def default_version + '1' + end + + def default_owner + if windows? + wmi_property_from_query(:name, "select * from Win32_UserAccount where sid like 'S-1-5-21-%-500' and LocalAccount=True") + else + 'root' + end + end + + def wmi_property_from_query(wmi_property, wmi_query) + @wmi = ::WIN32OLE.connect('winmgmts://') + result = @wmi.ExecQuery(wmi_query) + return nil unless result.each.count > 0 + result.each.next.send(wmi_property) + end + + def file_cache_path + Chef::Config[:file_cache_path] + end + + def node_in_run_context + resource.run_context.node + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/resource_deprecations.rb b/ops/cookbooks/vendor/ark/libraries/resource_deprecations.rb new file mode 100644 index 0000000..9a4fc47 --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/resource_deprecations.rb @@ -0,0 +1,33 @@ +module Ark + class ResourceDeprecations + def self.on(resource) + new(resource).warnings + end + + def initialize(resource) + @resource = resource + end + + attr_reader :resource + + def warnings + applicable_deprecrations.map { |_, message| message } + end + + def applicable_deprecrations + deprecations.select { |condition, _| send(condition) } + end + + def deprecations + { strip_leading_dir_feature: strip_leading_dir_feature_message } + end + + def strip_leading_dir_feature + [true, false].include?(resource.strip_leading_dir) + end + + def strip_leading_dir_feature_message + 'strip_leading_dir attribute was deprecated. Use strip_components instead.' + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/sevenzip_command_builder.rb b/ops/cookbooks/vendor/ark/libraries/sevenzip_command_builder.rb new file mode 100644 index 0000000..7319a0e --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/sevenzip_command_builder.rb @@ -0,0 +1,78 @@ +module Ark + class SevenZipCommandBuilder + def unpack + sevenzip_command + end + + def dump + sevenzip_command_builder(resource.path, 'e') + end + + def cherry_pick + "#{sevenzip_command_builder(resource.path, 'x')} -r #{resource.creates}" + end + + def initialize(resource) + @resource = resource + end + + private + + attr_reader :resource + + def node + resource.run_context.node + end + + def sevenzip_command + if resource.strip_components <= 0 + return sevenzip_command_builder(resource.path, 'x') + end + + tmpdir = make_temp_directory.tr('/', '\\') + cmd = sevenzip_command_builder(tmpdir, 'x') + + cmd += ' && ' + currdir = tmpdir + + 1.upto(resource.strip_components).each do |count| + cmd += "for /f %#{count} in ('dir /ad /b \"#{currdir}\"') do " + currdir += "\\%#{count}" + end + + cmd += "(\"#{ENV.fetch('SystemRoot')}\\System32\\robocopy\" \"#{currdir}\" \"#{resource.path}\" /s /e) ^& IF %ERRORLEVEL% LEQ 3 cmd /c exit 0" + end + + def sevenzip_binary + @tar_binary ||= "\"#{(node['ark']['sevenzip_binary'] || sevenzip_path_from_registry)}\"" + end + + def sevenzip_path_from_registry + begin + basepath = ::Win32::Registry::HKEY_LOCAL_MACHINE.open('SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe').read_s('Path') + + # users like pretty errors + rescue ::Win32::Registry::Error + raise 'Failed to find the path of 7zip binary by searching checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe\Path. Make sure to install 7zip before using this resource. If 7zip is installed and you still receive this message you can also specify the 7zip binary path by setting node["ark"]["sevenzip_binary"]' + end + "#{basepath}7z.exe" + end + + def sevenzip_command_builder(dir, command) + "#{sevenzip_binary} #{command} \"#{resource.release_file}\"#{extension_is_tar} -o\"#{dir}\" -uy" + end + + def extension_is_tar + if resource.extension =~ /tar.gz|tgz|tar.bz2|tbz|tar.xz|txz/ + " -so | #{sevenzip_binary} x -aoa -si -ttar" + else + ' -aoa' # force overwrite, Fixes #164 + end + end + + def make_temp_directory + require 'tmpdir' + Dir.mktmpdir + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/tar_command_builder.rb b/ops/cookbooks/vendor/ark/libraries/tar_command_builder.rb new file mode 100644 index 0000000..291dbb9 --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/tar_command_builder.rb @@ -0,0 +1,56 @@ +module Ark + class TarCommandBuilder + def unpack + "#{tar_binary} #{args} #{resource.release_file}#{strip_args}" + end + + def dump + "tar -mxf \"#{resource.release_file}\" -C \"#{resource.path}\"" + end + + def cherry_pick + "#{tar_binary} #{args} #{resource.release_file} -C #{resource.path} #{resource.creates}#{strip_args}" + end + + def initialize(resource) + @resource = resource + end + + private + + attr_reader :resource + + def node + resource.run_context.node + end + + def tar_binary + @tar_binary ||= node['ark']['tar'] || case node['platform_family'] + when 'mac_os_x', 'freebsd' + '/usr/bin/tar' + when 'smartos' + '/bin/gtar' + else + '/bin/tar' + end + end + + def args + case resource.extension + when /^(tar)$/ then 'xf' + when /^(tar.gz|tgz)$/ then 'xzf' + when /^(tar.bz2|tbz)$/ then 'xjf' + when /^(tar.xz|txz)$/ then 'xJf' + else raise unsupported_extension + end + end + + def strip_args + resource.strip_components > 0 ? " --strip-components=#{resource.strip_components}" : '' + end + + def unsupported_extension + "Don't know how to expand #{resource.url} (extension: #{resource.extension})" + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/unzip_command_builder.rb b/ops/cookbooks/vendor/ark/libraries/unzip_command_builder.rb new file mode 100644 index 0000000..7605f5c --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/unzip_command_builder.rb @@ -0,0 +1,48 @@ +module Ark + class UnzipCommandBuilder + def unpack + if resource.strip_components > 0 + unzip_with_strip_components + else + "unzip -q -o #{resource.release_file} -d #{resource.path}" + end + end + + def dump + "unzip -j -q -o \"#{resource.release_file}\" -d \"#{resource.path}\"" + end + + def cherry_pick + cmd = "unzip -t #{resource.release_file} \"*/#{resource.creates}\" ; stat=$? ;" + cmd += 'if [ $stat -eq 11 ] ; then ' + cmd += "unzip -j -o #{resource.release_file} \"#{resource.creates}\" -d #{resource.path} ;" + cmd += 'elif [ $stat -ne 0 ] ; then false ;' + cmd += 'else ' + cmd += "unzip -j -o #{resource.release_file} \"*/#{resource.creates}\" -d #{resource.path} ;" + cmd += 'fi' + cmd + end + + def initialize(resource) + @resource = resource + end + + private + + attr_reader :resource + + def unzip_with_strip_components + tmpdir = make_temp_directory + strip_dir = '*/' * resource.strip_components + cmd = "unzip -q -o #{resource.release_file} -d #{tmpdir}" + cmd += " && rsync -a #{tmpdir}/#{strip_dir} #{resource.path}" + cmd += " && rm -rf #{tmpdir}" + cmd + end + + def make_temp_directory + require 'tmpdir' + Dir.mktmpdir + end + end +end diff --git a/ops/cookbooks/vendor/ark/libraries/windows_owner.rb b/ops/cookbooks/vendor/ark/libraries/windows_owner.rb new file mode 100644 index 0000000..f548b34 --- /dev/null +++ b/ops/cookbooks/vendor/ark/libraries/windows_owner.rb @@ -0,0 +1,13 @@ +module Ark + class WindowsOwner + def initialize(resource) + @resource = resource + end + + attr_reader :resource + + def command + "#{ENV.fetch('SystemRoot')}\\System32\\icacls \"#{resource.path}\\*\" /setowner \"#{resource.owner}\"" + end + end +end diff --git a/ops/cookbooks/vendor/ark/metadata.json b/ops/cookbooks/vendor/ark/metadata.json new file mode 100644 index 0000000..b69b91c --- /dev/null +++ b/ops/cookbooks/vendor/ark/metadata.json @@ -0,0 +1 @@ +{"name":"ark","version":"4.0.0","description":"Provides a custom resource for installing runtime artifacts in a predictable fashion","long_description":"# ark cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/ark.svg?branch=master)](https://travis-ci.org/chef-cookbooks/ark) [![Cookbook Version](https://img.shields.io/cookbook/v/ark.svg)](https://supermarket.chef.io/cookbooks/ark)\n\n## Overview\n\nThis cookbook provides `ark`, a resource for managing software archives. It manages the fetch-unpack-configure-build-install process common to installing software from source, or from binary distributions that are not fully fledged OS packages.\n\nThis cookbook started its life as a modified version of Infochimp's install_from cookbook. It has since been heavily refactored and extended to meet different use cases.\n\nGiven a simple project archive available at a url:\n\n```ruby\nark 'pig' do\n url 'http://apache.org/pig/pig-0.8.0.tar.gz'\nend\n```\n\nThe `ark` resource will:\n\n- fetch it to to `/var/cache/chef/`\n- unpack it to the default path (`/usr/local/pig-0.8.0`)\n- create a symlink for `:home_dir` (`/usr/local/pig`) pointing to path\n- add specified binary commands to the environment `PATH` variable\n\nBy default, the ark will not run again if the `:path` is not empty. Ark provides many actions to accommodate different use cases, such as `:dump`, `:cherry_pick`, `:put`, and `:install_with_make`.\n\nAt this time ark only handles files available from URLs using the [remote_file](http://docs.chef.io/resource_remote_file.html) provider. It does handle local files using the `file://` protocol.\n\n## Requirements\n\n### Platforms\n\n- Debian/Ubuntu\n- RHEL/CentOS/Scientific/Oracle\n- Fedora\n- FreeBSD\n- SmartOS\n- Mac OS X\n- openSUSE / SUSE Linux Enterprises\n- Windows\n\nShould work on common Unix/Linux systems with typical userland utilities like tar, gzip, etc. May require the installation of build tools for compiling from source, but that installation is outside the scope of this cookbook.\n\n### Chef\n\n- Chef 13.4+\n\n### Cookbooks\n\n- build-essential\n- seven_zip\n\n## Attributes\n\nCustomize the attributes to suit site specific conventions and defaults.\n\n- `node['ark']['apache_mirror']` - if the URL is an apache mirror, use the attribute as the default. default: `http://apache.mirrors.tds.net`\n- `node['ark']['prefix_root']` - default base location if the `prefix_root` is not passed into the resource. default: `/usr/local`\n- `node['ark']['prefix_bin']` - default binary location if the `prefix_bin` is not passed into the resource. default: `/usr/local/bin`\n- `node['ark']['prefix_home']` - default home location if the `prefix_home` is not passed into the resource. default: `/usr/local`\n- `node['ark']['package_dependencies']` - prerequisite system packages that need to be installed to support ark. default: varies based on platform\n- `node['ark']['tar']` - allows overriding the default path to the tar binary, which varies based on platform\n- `node['ark']['sevenzip_binary']` - allows overriding the default path to the 7zip binary, which is determined based on registry key value\n\n## Resources\n\n- `ark` - does the extract/build/configure\n\n### Actions\n\n- `:install`: extracts the file and creates a 'friendly' symbolic link to the extracted directory path\n- `:configure`: configure ahead of the install action\n- `:install_with_make`: extracts the archive to a path, runs `configure`, `make`, and `make install`.\n- `:dump`: strips all directories from the archive and dumps the contained files into a specified path\n- `:cherry_pick`: extract a specified file from an archive and places in specified path\n- `:put`: extract the archive to a specified path, does not create any symbolic links\n- `:remove`: removes the extracted directory and related symlink #TODO\n- `:setup_py`: runs the command \"python setup.py\" in the extracted directory\n- `:setup_py_build`: runs the command \"python setup.py build\" in the extracted directory\n- `:setup_py_install`: runs the command \"python setup.py install\" in the extracted directory\n\n### :cherry_pick\n\nExtract a specified file from an archive and places in specified path.\n\n#### Relevant Attribute Parameters for :cherry_pick\n\n- `path`: directory to place file in.\n- `creates`: specific file to cherry-pick.\n\n### :dump\n\nStrips all directories from the archive and dumps the contained files into a specified path.\n\nNOTE: This currently only works for zip archives\n\n#### Attribute Parameters for :dump\n\n- `path`: path to dump files to.\n- `mode`: file mode for `app_home`, as an integer.\n\n - Example: `0775`\n\n- `creates`: if you are appending files to a given directory, ark needs a condition to test whether the file has already been extracted. You can specify with creates, a file whose existence indicates the ark has previously been extracted and does not need to be extracted again.\n\n### :put\n\nExtract the archive to a specified path, does not create any symbolic links.\n\n#### Attribute Parameters for :put\n\n- `path`: path to extract to.\n\n - Default: `/usr/local`\n\n- `append_env_path`: boolean, if true, append the `./bin` directory of the extracted directory to the global `PATH` variable for all users.\n\n### Attribute Parameters\n\n- `name`: name of the package, defaults to the resource name.\n- `url`: url for tarball, `.tar.gz`, `.bin` (oracle-specific), `.war`, and `.zip` currently supported. Also supports special syntax\n- `:name:version:apache_mirror:` that will auto-magically construct download url from the apache mirrors site.\n- `version`: software version, defaults to `1`.\n- `mode`: file mode for `app_home`, is an integer.\n- `prefix_root`: default `prefix_root`, for use with `:install*` actions.\n- `prefix_home`: default directory prefix for a friendly symlink to the path.\n\n - Example: `/usr/local/maven` -> `/usr/local/maven-2.2.1`\n\n- `prefix_bin`: default directory to place a symlink to a binary command.\n\n - Example: `/opt/bin/mvn` -> `/opt/maven-2.2.1/bin/mvn`, where the `prefix_bin` is `/opt/bin`\n\n- `path`: path to extract the ark to. The `:install*` actions overwrite any user-provided values for `:path`.\n\n - Default: `/usr/local/-` for the `:install`, `:install_with_make` actions\n\n- `home_dir`: symbolic link to the path `:prefix_root/:name-:version`, does not apply to `:dump`, `:put`, or `:cherry_pick` actions.\n\n - Default: `:prefix_root/:name`\n\n- `has_binaries`: array of binary commands to symlink into `/usr/local/bin/`, you must specify the relative path.\n\n - Example: `[ 'bin/java', 'bin/javaws' ]`\n\n- `append_env_path`: boolean, similar to `has_binaries` but less granular. If true, append the `./bin` directory of the extracted directory to. the `PATH` environment variable for all users, by placing a file in `/etc/profile.d/`. The commands are symbolically linked into `/usr/bin/*`. This option provides more granularity than the boolean option.\n\n - Example: `mvn`, `java`, `javac`, etc.\n\n- `environment`: hash of environment variables to pass to invoked shell commands like `tar`, `unzip`, `configure`, and `make`.\n\n- `strip_components`: number of components in path to strip when extracting archive. With default value of `1`, ark strips the leading directory from an archive, which is the default for both `unzip` and `tar` commands.\n\n- `autoconf_opts`: an array of command line options for use with the GNU `autoconf` script.\n\n - Example: `[ '--include=/opt/local/include', '--force' ]`\n\n- `make_opts`: an array of command line options for use with `make`.\n\n - Example: `[ '--warn-undefined-variables', '--load-average=2' ]`\n\n- `owner`: owner of extracted directory.\n\n - Default: `root`\n\n- `group`: group of extracted directory.\n\n - Default: `root`\n\n- `backup`: The number of backups to be kept in /var/chef/backup (for UNIX- and Linux-based platforms) or C:/chef/backup (for the Microsoft Windows platform). Set to false to prevent backups from being kept.\n\n - Default: `5`\n\n#### Examples\n\nThis example copies `ivy.tar.gz` to `/var/cache/chef/ivy-2.2.0.tar.gz`, unpacks its contents to `/usr/local/ivy-2.2.0/` -- stripping the leading directory, and symlinks `/usr/local/ivy` to `/usr/local/ivy-2.2.0`\n\n```ruby\n # install Apache Ivy dependency resolution tool\n ark \"ivy\" do\n url 'http://someurl.example.com/ivy.tar.gz'\n version '2.2.0'\n checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5'\n action :install\n end\n```\n\nThis example copies `jdk-7u2-linux-x64.tar.gz` to `/var/cache/chef/jdk-7.2.tar.gz`, unpacks its contents to `/usr/local/jvm/jdk-7.2/` -- stripping the leading directory, symlinks `/usr/local/jvm/default` to `/usr/local/jvm/jdk-7.2`, and adds `/usr/local/jvm/jdk-7.2/bin/` to the global `PATH` for all users. The user 'foobar' is the owner of the `/usr/local/jvm/jdk-7.2` directory:\n\n```ruby\n ark 'jdk' do\n url 'http://download.example.com/jdk-7u2-linux-x64.tar.gz'\n version '7.2'\n path \"/usr/local/jvm/\"\n home_dir \"/usr/local/jvm/default\"\n checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5'\n append_env_path true\n owner 'foobar'\n end\n```\n\nInstall Apache Ivy dependency resolution tool in `/resource_name` in this case `/usr/local/ivy`, do not symlink, and strip any leading directory if one exists in the tarball:\n\n```ruby\n ark \"ivy\" do\n url 'http://someurl.example.com/ivy.tar.gz'\n checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5'\n action :put\n end\n```\n\nInstall Apache Ivy dependency resolution tool in `/home/foobar/ivy`, strip any leading directory if one exists, don't keep backup copies of `ivy.tar.gz`:\n\n```ruby\n ark \"ivy\" do\n path \"/home/foobar\"\n url 'http://someurl.example.com/ivy.tar.gz'\n checksum '89ba5fde0c596db388c3bbd265b63007a9cc3df3a8e6d79a46780c1a39408cb5'\n action :put\n backup false\n end\n```\n\nStrip all directories and dump files into path specified by the path attribute. You must specify the `creates` attribute in order to keep the extraction from running every time. The directory path will be created if it doesn't already exist:\n\n```ruby\n ark \"my_jars\" do\n url \"http://example.com/bunch_of_jars.zip\"\n path \"/usr/local/tomcat/lib\"\n creates \"mysql.jar\"\n owner \"tomcat\"\n action :dump\n end\n```\n\nExtract specific files from a tarball (currently only handles one named file):\n\n```ruby\n ark 'mysql-connector-java' do\n url 'http://oracle.com/mysql-connector.zip'\n creates 'mysql-connector-java-5.0.8-bin.jar'\n path '/usr/local/tomcat/lib'\n action :cherry_pick\n end\n```\n\nBuild and install haproxy and use alternative values for `prefix_root`, `prefix_home`, and `prefix_bin`:\n\n```ruby\n ark \"haproxy\" do\n url \"http://haproxy.1wt.eu/download/1.5/src/snapshot/haproxy-ss-20120403.tar.gz\"\n version \"1.5\"\n checksum 'ba0424bf7d23b3a607ee24bbb855bb0ea347d7ffde0bec0cb12a89623cbaf911'\n make_opts [ 'TARGET=linux26' ]\n prefix_root '/opt'\n prefix_home '/opt'\n prefix_bin '/opt/bin'\n action :install_with_make\n end\n```\n\nYou can also supply the file extension in case the file extension can not be determined by the URL:\n\n```ruby\n ark \"test_autogen\" do\n url 'https://github.com/zeromq/libzmq/tarball/master'\n extension \"tar.gz\"\n action :install_with_make\n end\n```\n\n## License & Authors\n\n- Author: Philip (flip) Kromer - Infochimps, Inc([coders@infochimps.com](mailto:coders@infochimps.com))\n- Author: Bryan W. Berry ([bryan.berry@gmail.com](mailto:bryan.berry@gmail.com))\n- Author: Denis Barishev ([denis.barishev@gmail.com](mailto:denis.barishev@gmail.com))\n- Author: Sean OMeara ([someara@chef.io](mailto:someara@chef.io))\n- Author: John Bellone ([jbellone@bloomberg.net](mailto:jbellone@bloomberg.net))\n- Copyright: 2011, Philip (flip) Kromer - Infochimps, Inc\n- Copyright: 2012, Bryan W. Berry\n- Copyright: 2012, Denis Barishev\n- Copyright: 2013-2017, Chef Software, Inc\n- Copyright: 2014, Bloomberg L.P.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","amazon":">= 0.0.0","windows":">= 0.0.0","mac_os_x":">= 0.0.0","smartos":">= 0.0.0","freebsd":">= 0.0.0"},"dependencies":{"build-essential":">= 0.0.0","seven_zip":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"ark::default":"Installs packages needed by the custom resource"},"source_url":"https://github.com/chef-cookbooks/ark","issues_url":"https://github.com/chef-cookbooks/ark/issues","chef_version":[[">= 13.4"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/ark/recipes/default.rb b/ops/cookbooks/vendor/ark/recipes/default.rb new file mode 100644 index 0000000..9a482aa --- /dev/null +++ b/ops/cookbooks/vendor/ark/recipes/default.rb @@ -0,0 +1,23 @@ +# +# Cookbook:: ark +# Recipe:: default +# +# Author:: Bryan W. Berry +# Copyright:: 2012-2017, Bryan W. Berry +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package node['ark']['package_dependencies'] unless %w(windows mac_os_x).include?(node['platform_family']) + +include_recipe 'seven_zip' if node['platform_family'] == 'windows' diff --git a/ops/cookbooks/vendor/ark/resources/default.rb b/ops/cookbooks/vendor/ark/resources/default.rb new file mode 100644 index 0000000..fbbd9c0 --- /dev/null +++ b/ops/cookbooks/vendor/ark/resources/default.rb @@ -0,0 +1,536 @@ +# +# Cookbook:: ark +# Resource:: Ark +# +# Author:: Bryan W. Berry +# Copyright:: 2012-2017, Bryan W. Berry +# Copyright:: 2016-2017, Chef Software Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :owner, String +property :group, [String, Integer], default: 0 +property :url, String, required: true +property :path, String +property :full_path, String +property :append_env_path, [true, false], default: false +property :checksum, regex: /^[a-zA-Z0-9]{64}$/, default: nil +property :has_binaries, Array, default: [] +property :creates, String +property :release_file, String, default: '' +property :strip_leading_dir, [true, false, NilClass] +property :strip_components, Integer, default: 1 +property :mode, [Integer, String], default: 0755 +property :prefix_root, String +property :prefix_home, String +property :prefix_bin, String +property :version, String +property :home_dir, String +property :win_install_dir, String +property :environment, Hash, default: {} +property :autoconf_opts, Array, default: [] +property :make_opts, Array, default: [] +property :home_dir, String +property :autoconf_opts, Array, default: [] +property :extension, String +property :backup, [FalseClass, Integer], default: 5 + +################# +# action :install +################# +action :install do + show_deprecations + set_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + remote_file new_resource.release_file do + Chef::Log.debug('DEBUG: new_resource.release_file') + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + backup new_resource.backup + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end + + if node['platform_family'] == 'windows' + # usually on windows there is no central directory with executables where the applications are linked + # so ignore has_binaries for now + + # Add to PATH permanently on Windows if append_env_path + windows_path "#{new_resource.path}/bin" do + action :add + only_if { new_resource.append_env_path } + end + else + # symlink binaries + new_resource.has_binaries.each do |bin| + link ::File.join(new_resource.prefix_bin, ::File.basename(bin)) do + to ::File.join(new_resource.path, bin) + end + end + + # action_link_paths + link new_resource.home_dir do + to new_resource.path + end + + # Add to path for interactive bash sessions + template "/etc/profile.d/#{new_resource.name}.sh" do + cookbook 'ark' + source 'add_to_path.sh.erb' + owner 'root' + group node['root_group'] + mode '0755' + cookbook 'ark' + variables(directory: "#{new_resource.path}/bin") + only_if { new_resource.append_env_path } + end + end + + # Add to path for the current chef-client converge. + bin_path = ::File.join(new_resource.path, 'bin') + ruby_block "adding '#{bin_path}' to chef-client ENV['PATH']" do + block do + ENV['PATH'] = bin_path + ':' + ENV['PATH'] + end + only_if do + new_resource.append_env_path && ENV['PATH'].scan(bin_path).empty? + end + end +end + +############## +# action :put +############## +action :put do + show_deprecations + set_put_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # download + remote_file new_resource.release_file do + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + backup new_resource.backup + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end +end + +########################### +# action :dump +########################### +action :dump do + show_deprecations + set_dump_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # download + remote_file new_resource.release_file do + Chef::Log.debug("DEBUG: new_resource.release_file #{new_resource.release_file}") + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command dump_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end +end + +########################### +# action :unzip +########################### +action :unzip do + show_deprecations + set_dump_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # download + remote_file new_resource.release_file do + Chef::Log.debug("DEBUG: new_resource.release_file #{new_resource.release_file}") + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unzip_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end +end + +##################### +# action :cherry_pick +##################### +action :cherry_pick do + show_deprecations + set_dump_paths + Chef::Log.debug("DEBUG: new_resource.creates #{new_resource.creates}") + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[cherry_pick #{new_resource.creates} from #{new_resource.release_file}]" + end + + # download + remote_file new_resource.release_file do + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[cherry_pick #{new_resource.creates} from #{new_resource.release_file}]" + end + + execute "cherry_pick #{new_resource.creates} from #{new_resource.release_file}" do + command cherry_pick_command + creates "#{new_resource.path}/#{new_resource.creates}" + notifies :run, "execute[set owner on #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end +end + +########################### +# action :install_with_make +########################### +action :install_with_make do + show_deprecations + set_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + remote_file new_resource.release_file do + Chef::Log.debug('DEBUG: new_resource.release_file') + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + notifies :run, "execute[autogen #{new_resource.path}]" + notifies :run, "execute[configure #{new_resource.path}]" + notifies :run, "execute[make #{new_resource.path}]" + notifies :run, "execute[make install #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end + + execute "autogen #{new_resource.path}" do + command './autogen.sh' + only_if { ::File.exist? "#{new_resource.path}/autogen.sh" } + cwd new_resource.path + environment new_resource.environment + action :nothing + ignore_failure true + end + + execute "configure #{new_resource.path}" do + command "./configure #{new_resource.autoconf_opts.join(' ')}" + only_if { ::File.exist? "#{new_resource.path}/configure" } + cwd new_resource.path + environment new_resource.environment + action :nothing + end + + execute "make #{new_resource.path}" do + command "make #{new_resource.make_opts.join(' ')}" + cwd new_resource.path + environment new_resource.environment + action :nothing + end + + execute "make install #{new_resource.path}" do + command "make install #{new_resource.make_opts.join(' ')}" + cwd new_resource.path + environment new_resource.environment + action :nothing + end +end + +action :setup_py_build do + show_deprecations + set_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + remote_file new_resource.release_file do + Chef::Log.debug('DEBUG: new_resource.release_file') + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + notifies :run, "execute[python setup.py build #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end + + execute "python setup.py build #{new_resource.path}" do + command "python setup.py build #{new_resource.make_opts.join(' ')}" + cwd new_resource.path + environment new_resource.environment + action :nothing + end +end + +action :setup_py_install do + show_deprecations + set_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + remote_file new_resource.release_file do + Chef::Log.debug('DEBUG: new_resource.release_file') + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + notifies :run, "execute[python setup.py install #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end + + execute "python setup.py install #{new_resource.path}" do + command "python setup.py install #{new_resource.make_opts.join(' ')}" + cwd new_resource.path + environment new_resource.environment + action :nothing + end +end + +action :setup_py do + show_deprecations + set_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + remote_file new_resource.release_file do + Chef::Log.debug('DEBUG: new_resource.release_file') + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + notifies :run, "execute[python setup.py #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end + + execute "python setup.py #{new_resource.path}" do + command "python setup.py #{new_resource.make_opts.join(' ')}" + cwd new_resource.path + environment new_resource.environment + action :nothing + end +end + +action :configure do + show_deprecations + set_paths + + directory new_resource.path do + recursive true + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + remote_file new_resource.release_file do + Chef::Log.debug('DEBUG: new_resource.release_file') + source new_resource.url + checksum new_resource.checksum if new_resource.checksum + action :create + notifies :run, "execute[unpack #{new_resource.release_file}]" + end + + # unpack based on file extension + execute "unpack #{new_resource.release_file}" do + command unpack_command + cwd new_resource.path + environment new_resource.environment + notifies :run, "execute[set owner on #{new_resource.path}]" + notifies :run, "execute[autogen #{new_resource.path}]" + notifies :run, "execute[configure #{new_resource.path}]" + action :nothing + end + + # set_owner + execute "set owner on #{new_resource.path}" do + command owner_command + action :nothing + end + + execute "autogen #{new_resource.path}" do + command './autogen.sh' + only_if { ::File.exist? "#{new_resource.path}/autogen.sh" } + cwd new_resource.path + environment new_resource.environment + action :nothing + ignore_failure true + end + + execute "configure #{new_resource.path}" do + command "./configure #{new_resource.autoconf_opts.join(' ')}" + only_if { ::File.exist? "#{new_resource.path}/configure" } + cwd new_resource.path + environment new_resource.environment + action :nothing + end +end + +action_class do + include ::Ark::ProviderHelpers +end diff --git a/ops/cookbooks/vendor/ark/templates/add_to_path.sh.erb b/ops/cookbooks/vendor/ark/templates/add_to_path.sh.erb new file mode 100644 index 0000000..ffc4e31 --- /dev/null +++ b/ops/cookbooks/vendor/ark/templates/add_to_path.sh.erb @@ -0,0 +1 @@ +export PATH=<%= @directory -%>:$PATH diff --git a/ops/cookbooks/vendor/build-essential/CHANGELOG.md b/ops/cookbooks/vendor/build-essential/CHANGELOG.md new file mode 100644 index 0000000..95c1a29 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/CHANGELOG.md @@ -0,0 +1,285 @@ +# build-essential Cookbook CHANGELOG + +This file is used to list changes made in each version of the build-essential cookbook. + +## 8.2.1 (2018-09-04) + +- Add a note that this cookbook is no longer maintained as the build_essential resource was moved directly into the chef-client making this cookbook no longer necessary. + +## 8.2.0 (2018-08-28) + +- Simplify the if installed logic for macos +- Remove support for FreeBSD < 10 which is VERY much EOL +- Avoid ChefSpec deprecation warnings +- Avoid deprecation warnings in Chef 14.3+ by not loading resources already in Chef + +## 8.1.1 (2018-03-17) + +- Make sure we install the last available xcode command line tool package so we get the latest version + +## 8.1.0 (2018-03-17) + +- Support Amazon Linux 2.0 +- Remove the ChefSpec matchers which are autogenerated now in recent ChefDK releaeses. If your specs fail because of this you need to update to a more recent ChefDK release. +- Swap Debian 7 testing for Amazon 2 & Ubuntu 18.04 testing since Debian 7 is EOL in May + +## 8.0.4 (2017-11-29) + +- Install gcc-c and gcc-c++ for solaris 11 +- Fix dokken's amazonlinux configuration +- Update chef dependency in metadata.rb to Chef 12.7 +- Clean up testing + +## 8.0.3 (2017-05-30) + +- Fix solaris metadata in metadata.rb +- Remove mac_os_x_server from metata as it's not a platform + +## 8.0.2 (2017-05-06) + +- Remove buggy action_class.class_eval usage + +## 8.0.1 (2017-04-14) + +- Test with local delivery and not Rake +- Ensure compatibility with Chef 12.5 +- Update apache2 license string +- Ensure compatibility with Amazon Linux on Chef 13 + +## 8.0.0 (2017-02-14) + +- Require 12.5 or later and remove compat_resource cookbook dependency + +## 7.0.3 (2016-12-22) + +- Require the latest compat_resource +- Cookstyle fixes + +## 7.0.2 (2016-11-07) + +- Fix softwareupdate issue from -v to --verbose + +## 7.0.1 (2016-10-06) + +- Install gcc 4.8 on SUSE < 12 + +## 7.0.0 (2016-09-30) + +- Remove support for OS X < 10.9 and add support for OS X 10.12 +- Refactor the xcode installer resource as a custom resource that does not require updates for each new OS X update +- Use a test recipe with apt_update to avoid needing apt + +## 6.0.6 (2016-09-19) + +- Remove chef 11 compatibility in the metadata +- Solaris 11 needs both make and gnu make + +## 6.0.5 (2016-09-07) + +- Testing updates +- Require the latest compat_resource + +## 6.0.4 (2016-08-19) + +- Install CLTools from dmg with -allowUntrusted on old OSX +- Switch to cookstyle for ruby linting +- Add OS X hosts to the kitchen config +- Remove chefdk included gems from the Gemfile +- Better handle kitchen failures in the Rakefile +- Perform all unit/linting in a single travis job + +## v6.0.3 (2016-07-26) + +- Fix how gcc version specified for Solaris 11 + +## v6.0.2 (2016-07-22) + +- Properly warn on Solaris 10 +- Specify the verson of gcc to install on Solaris 11 + +## v6.0.1 (2016-07-19) + +- Clarify that this cookbook actually required Chef 12.1 or later not 12.0 or later +- Add chef_version metadata + +## v6.0.0 (2016-06-03) + +This cookbook now uses the new msys2 based compiler toolchain on windows. Both 32-bit DW2 and 64-bit SEH based toolchains are available based on the gcc 5.3x series compiler. By default these are located in C:\msys2\mingw32 and C:\msys2\mingw64 + +## v5.0.0 (2016-06-03) + +The cookbook now ships with a 12.5+ style custom resource 'build_essential' which performs the same work that the existing default.rb recipe. The default.rb recipe has been converted to consume that resource to provide backwards compatibility for users that use build-essential::default in their run lists or cookbooks. In converting to this custom resource support for EOL omnios has been removed and warning messages for Solaris 10 users have been removed. See the readme for usage information on the new resource. + +## v4.0.0 (2016-05-12) + +### Breaking change + +This cookbook now requires Chef 12 or later as it includes the new mingw cookbook for installing Windows compilers. Mingw includes 12.5 style custom resources, which will fail to compile on Chef 11\. If you are not running Chef 12 you'll need to pin to 3.x in your environment. + +## v3.2.0 (2016-03-25) + +This version backs out a change in the 3.0 release which attempted to install the version of kernel-devel for the current running kernel on RHEL systems. This change had several unintended consequences and we believe the best solution is to back to change out until a better solution for the original problem is developed. Several of the issues could be resolved by code updates to build-essential, but not all, which complicates rolling forward vs. a roll back. The change caused issues which Chefspec runs on cookbooks where build-essential is a dependency as Fauxhai, used by Chefspec, does not mock out node['virtualization']. Fauxhai is being updated to mock out node['virtualization'], but we'd like to make sure a ChefDK release ships with this new Fauxhai before depending on that change. + +## v3.1.0 (2016-03-23) + +- Install GCC 4.8 if running on OmniOS >= 151008 + +## v3.0.0 (2016-03-23) + +- Install GCC 4.9 on FreeBSD < 10 +- Install the version of kernel-devel that matches the running Kernel on RHEL +- Remove suggests 'pkgutil' from the metadata as suggests does nothing +- Properly warn the user that build-essential does not support Solaris 10 instead of just silently continuing on +- Updated specs to run against more recent OS releases +- Removed the warning for OmniOS users from the Readme as the upstream issue has been resolved +- Switch from 7-zip to seven_zip cookbook as 7-zip has been deprecated +- Add 7-zip to the system path on Windows hosts so the recipe will work out of the box +- Switch from the deprecated 7-zip cookbook to seven_zip + +## v2.4.0 (2016-03-21) + +- Add gettext package to RHEL / FreeBSD to match other platforms +- Fix OS X version detection logic to properly detect OS X 10.10 and 10.11 + +## v2.3.1 (2016-02-18) + +- Restore Chef 11 compatibility and add Travis / Test Kitchen testing for Chef 11 + +## v2.3.0 (2016-02-17) + +- Add mingw/msys based build tools for Windows + +## v2.2.4 (2015-10-06) + +- Add patch package on Fedora systems +- Add additional platforms to Kitchen CI +- Use Chef standard Rubocop file and resolve several issues +- Update contributing and testing docs +- Update Gemfile with the latest testing and development deps +- Add maintainers.md and maintainers.toml files +- Add chefignore file to limit the files uploaded to the Chef server +- Add source_url and issues_url metadata for Supermarket + +## v2.2.3 (2015-04-15) + +- Don't install omnibus-build-essential on Solaris 10 - We decided it's easier to use the old GCC that ships with Solaris 10. +- Use ChefDK for all Travis testing. + +## v2.2.2 (2015-03-27) + +- Update Solar 10's omnibus-build-essential to 0.0.5 + +## v2.2.1 (2015-03-23) + +- Install GNU Patch on Solaris 11 + +## v2.2.0 (2015-03-18) + +- [solaris] Differentiate between Solaris 10 and 11 +- [solaris] Add ucb compat package +- [solaris] Solaris 10 build essential setup +- Fix metadata to use a string instead of a bool (see #56, #57) + +## v2.1.3 (2014-11-18) + +- Update metadata for supported versions of OS X (10.7+) as noted from +- v2.0.0 previously (#38) +- Clarify requirement to have apt package cache updated in README. (#41) +- Fix Xcode CLI installation on OS X (#50) + +## v2.1.2 (2014-10-14) + +- Mac OS X 10.10 Yosemite support + +## v2.1.0 (2014-10-14) + +- Use fully-qualified names when installing FreeBSD package + +## v2.0.6 (2014-08-11) + +- Use the resource form of `remote_file` to prevent context issues + +## v2.0.4 (2014-06-06) + +- [COOK-4661] added patch package to _rhel recipe + +## v2.0.2 (2014-05-02) + +- Updated documentation about older Chef versions +- Added new SVG badges to the README +- Fix a bug where `potentially_at_compile_time` fails on non-resources + +## v2.0.0 (2014-03-13) + +- Updated tested harnesses to use latest ecosystem tools +- Added support for FreeBSD +- Added support for installing XCode Command Line Tools on OSX (10.7, 10.8, 10.9) +- Created a DSL method for wrapping compile_time vs runtime execution +- Install additional developement tools on some platforms +- Add nicer log and warning messages with helpful information + +**Potentially Breaking Changes** + +- Dropped support for OSX 10.6 +- OSX no longer downloads OSX GCC and uses XCode CLI tools instead +- `build_essential` -> `build-essential` in node attributes +- `compiletime` -> `compile_time` in node attributes +- Cookbook version 2.x no longer supports Chef 10.x + +## v1.4.4 (2014-02-27) + +- [COOK-4245] Wrong package name used for developer tools on OS X 10.9 + +## v1.4.2 + +### Bug + +- **[COOK-3318](https://tickets.chef.io/browse/COOK-3318)** - Use Mixlib::ShellOut instead of Chef::ShellOut + +### New Feature + +- **[COOK-3093](https://tickets.chef.io/browse/COOK-3093)** - Add OmniOS support + +### Improvement + +- **[COOK-3024](https://tickets.chef.io/browse/COOK-3024)** - Use newer package on SmartOS + +## v1.4.0 + +This version splits up the default recipe into recipes included based on the node's platform_family. + +- [COOK-2505] - backport omnibus builder improvements + +## v1.3.4 + +- [COOK-2272] - Complete `platform_family` conversion in build-essential + +## v1.3.2 + +- [COOK-2069] - build-essential will install osx-gcc-installer when XCode is present + +## v1.3.0 + +- [COOK-1895] - support smartos + +## v1.2.0 + +- Add test-kitchen support (source repo only) +- [COOK-1677] - build-essential cookbook support for OpenSuse and SLES +- [COOK-1718] - build-essential cookbook metadata should include scientific +- [COOK-1768] - The apt-get update in build-essentials needs to be renamed + +## v1.1.2 + +- [COOK-1620] - support OS X 10.8 + +## v1.1.0 + +- [COOK-1098] - support amazon linux +- [COOK-1149] - support Mac OS X +- [COOK-1296] - allow for compile-time installation of packages through an attribute (see README) + +## v1.0.2 + +- [COOK-1098] - Add Amazon Linux platform support +- [COOK-1149] - Add OS X platform support diff --git a/ops/cookbooks/vendor/build-essential/CONTRIBUTING.md b/ops/cookbooks/vendor/build-essential/CONTRIBUTING.md new file mode 100644 index 0000000..ef2f2b8 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/CONTRIBUTING.md @@ -0,0 +1,2 @@ +Please refer to +https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/ops/cookbooks/vendor/build-essential/README.md b/ops/cookbooks/vendor/build-essential/README.md new file mode 100644 index 0000000..10037ef --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/README.md @@ -0,0 +1,138 @@ +# build-essential Cookbook + +[![Cookbook Version](http://img.shields.io/cookbook/v/build-essential.svg)][cookbook] [![Build Status](https://travis-ci.org/chef-cookbooks/build-essential.svg?branch=master)](https://travis-ci.org/chef-cookbooks/build-essential) + +Installs packages required for compiling C software from source. Use this cookbook if you wish to compile C programs, or install RubyGems with native extensions. Contains a resource, 'build_essential', as as well as a default recipe that simply calls that same resource. + +Note: The functionality of this cookbook is now built into Chef 14+ in the [build_essential resource](https://docs.chef.io/resource_build_essential.html). This cookbook is no longer being maintained and all future changes will be done directly in the chef-client. We highly recommend you update your chef-client to the latest release and if possible migrate to using the build_essential resources instead of the recipe in this cookbook. + +## Requirements + +### Platforms + +- Debian/Ubuntu +- RHEL/CentOS/Scientific/Amazon/Oracle +- openSUSE / SUSE Enterprise Linux +- SmartOS +- Fedora +- Mac OS X 10.9+ +- FreeBSD + +### Chef + +- Chef 12.7+ + +### Cookbooks + +- seven_zip +- mingw + +**Note for Debian platform family:** On Debian platform-family systems, it is recommended that `apt-get update` be run, to ensure that the package cache is updated. It's not in the scope of this cookbook to do that, as it can [create a duplicate resource](https://tickets.chef.io/browse/CHEF-3694). We recommend using the [apt](https://supermarket.chef.io/cookbooks/apt) cookbook to do this. + +## Attributes + +Attribute | Default | Description +------------------------------------------ | :---------------------------: | ----------------------------------------------------- +`node['build-essential']['compile_time']` | `false` | Execute resources at compile time +`node['build-essential']['msys2']['path']` | `#{ENV['SYSTEMDRIVE']\\msys2` | Destination for msys2 build tool chain (Windows only) + +## Usage + +### Recipe Usage + +The recipe simply calls the build_essential resource, but it ideal for adding to roles or node run lists. + +Include the build-essential recipe in your run list: + +```sh +knife node run_list add NODE "recipe[build-essential::default]" +``` + +or add the build-essential recipe as a dependency and include it from inside another cookbook: + +```ruby +include_recipe 'build-essential::default' +``` + +### Gems with C extensions + +For RubyGems that include native C extensions you wish to use with Chef, you should do the following. + +- Set the `compile_time` attribute to true in your wrapper cookbook or role: + + ```ruby + # Wrapper attribute + default['build-essential']['compile_time'] = true + ``` + + ```ruby + # Role + default_attributes( + 'build-essential' => { + 'compile_time' => true + } + ) + ``` + +- Ensure that the C libraries, which include files and other assorted "dev" + + type packages, are installed in the compile phase after the build-essential + + recipe is executed. For example: + + ```ruby + include_recipe 'build-essential::default' + + package('mypackage-devel') { action :nothing }.run_action(:install) + ``` + +- Use the `chef_gem` resource in your recipe to install the gem with the native + + extension: + + ```ruby + chef_gem 'gem-with-native-extension' + ``` + +### Resource Usage + +The cookbook includes a resource 'build_essential' that can be included in your cookbook to install the necessary build-essential packages + +Simple package installation during the client run: + +```ruby +build_essential 'some name you choose' +``` + +Package installation during the compile phase: + +```ruby +build_essential 'some name you choose' do + compile_time false +end +``` + +## Maintainers + +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) + +## License + +**Copyright:** 2009-2016, Chef Software, Inc. + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` + +[cookbook]: https://supermarket.chef.io/cookbooks/build-essential +[travis]: http://travis-ci.org/chef-cookbooks/build-essential diff --git a/ops/cookbooks/vendor/build-essential/attributes/default.rb b/ops/cookbooks/vendor/build-essential/attributes/default.rb new file mode 100644 index 0000000..e2bf233 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/attributes/default.rb @@ -0,0 +1,21 @@ +# +# Cookbook:: build-essential +# Attributes:: default +# +# Copyright:: 2008-2017, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['build-essential']['compile_time'] = false +default['build-essential']['msys2']['path'] = "#{ENV['SYSTEMDRIVE']}\\msys2" diff --git a/ops/cookbooks/vendor/build-essential/metadata.json b/ops/cookbooks/vendor/build-essential/metadata.json new file mode 100644 index 0000000..ea34df1 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/metadata.json @@ -0,0 +1 @@ +{"name":"build-essential","version":"8.2.1","description":"Installs C compiler / build tools","long_description":"# build-essential Cookbook\n\n[![Cookbook Version](http://img.shields.io/cookbook/v/build-essential.svg)][cookbook] [![Build Status](https://travis-ci.org/chef-cookbooks/build-essential.svg?branch=master)](https://travis-ci.org/chef-cookbooks/build-essential)\n\nInstalls packages required for compiling C software from source. Use this cookbook if you wish to compile C programs, or install RubyGems with native extensions. Contains a resource, 'build_essential', as as well as a default recipe that simply calls that same resource.\n\nNote: The functionality of this cookbook is now built into Chef 14+ in the [build_essential resource](https://docs.chef.io/resource_build_essential.html). This cookbook is no longer being maintained and all future changes will be done directly in the chef-client. We highly recommend you update your chef-client to the latest release and if possible migrate to using the build_essential resources instead of the recipe in this cookbook.\n\n## Requirements\n\n### Platforms\n\n- Debian/Ubuntu\n- RHEL/CentOS/Scientific/Amazon/Oracle\n- openSUSE / SUSE Enterprise Linux\n- SmartOS\n- Fedora\n- Mac OS X 10.9+\n- FreeBSD\n\n### Chef\n\n- Chef 12.7+\n\n### Cookbooks\n\n- seven_zip\n- mingw\n\n**Note for Debian platform family:** On Debian platform-family systems, it is recommended that `apt-get update` be run, to ensure that the package cache is updated. It's not in the scope of this cookbook to do that, as it can [create a duplicate resource](https://tickets.chef.io/browse/CHEF-3694). We recommend using the [apt](https://supermarket.chef.io/cookbooks/apt) cookbook to do this.\n\n## Attributes\n\nAttribute | Default | Description\n------------------------------------------ | :---------------------------: | -----------------------------------------------------\n`node['build-essential']['compile_time']` | `false` | Execute resources at compile time\n`node['build-essential']['msys2']['path']` | `#{ENV['SYSTEMDRIVE']\\\\msys2` | Destination for msys2 build tool chain (Windows only)\n\n## Usage\n\n### Recipe Usage\n\nThe recipe simply calls the build_essential resource, but it ideal for adding to roles or node run lists.\n\nInclude the build-essential recipe in your run list:\n\n```sh\nknife node run_list add NODE \"recipe[build-essential::default]\"\n```\n\nor add the build-essential recipe as a dependency and include it from inside another cookbook:\n\n```ruby\ninclude_recipe 'build-essential::default'\n```\n\n### Gems with C extensions\n\nFor RubyGems that include native C extensions you wish to use with Chef, you should do the following.\n\n- Set the `compile_time` attribute to true in your wrapper cookbook or role:\n\n ```ruby\n # Wrapper attribute\n default['build-essential']['compile_time'] = true\n ```\n\n ```ruby\n # Role\n default_attributes(\n 'build-essential' => {\n 'compile_time' => true\n }\n )\n ```\n\n- Ensure that the C libraries, which include files and other assorted \"dev\"\n\n type packages, are installed in the compile phase after the build-essential\n\n recipe is executed. For example:\n\n ```ruby\n include_recipe 'build-essential::default'\n\n package('mypackage-devel') { action :nothing }.run_action(:install)\n ```\n\n- Use the `chef_gem` resource in your recipe to install the gem with the native\n\n extension:\n\n ```ruby\n chef_gem 'gem-with-native-extension'\n ```\n\n### Resource Usage\n\nThe cookbook includes a resource 'build_essential' that can be included in your cookbook to install the necessary build-essential packages\n\nSimple package installation during the client run:\n\n```ruby\nbuild_essential 'some name you choose'\n```\n\nPackage installation during the compile phase:\n\n```ruby\nbuild_essential 'some name you choose' do\n compile_time false\nend\n```\n\n## Maintainers\n\nThis cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)\n\n## License\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n[cookbook]: https://supermarket.chef.io/cookbooks/build-essential\n[travis]: http://travis-ci.org/chef-cookbooks/build-essential\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","freebsd":">= 0.0.0","mac_os_x":">= 10.9.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","smartos":">= 0.0.0","solaris2":">= 0.0.0","suse":">= 0.0.0","ubuntu":">= 0.0.0","windows":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{"seven_zip":">= 0.0.0","mingw":">= 1.1"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"build-essential":"Installs packages required for compiling C software from source."},"source_url":"https://github.com/chef-cookbooks/build-essential","issues_url":"https://github.com/chef-cookbooks/build-essential/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/build-essential/recipes/_windows.rb b/ops/cookbooks/vendor/build-essential/recipes/_windows.rb new file mode 100644 index 0000000..6d317f9 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/recipes/_windows.rb @@ -0,0 +1,53 @@ +# +# Cookbook:: build-essential +# Recipe:: _windows +# +# Copyright:: 2016-2017, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +node.default['seven_zip']['syspath'] = true +include_recipe 'seven_zip::default' + +tool_path = node['build-essential']['msys2']['path'] + +directory tool_path do + action :create + recursive true +end + +[ + 'base-devel', # Brings down msys based bash/make/awk/patch/stuff.. + 'mingw-w64-x86_64-toolchain', # Puts 64-bit SEH mingw toolchain in msys2\mingw64 + 'mingw-w64-i686-toolchain' # Puts 32-bit DW2 mingw toolchain in msys2\ming32 +].each do |package| + msys2_package package do + root tool_path + end +end + +# Certain build steps assume that a tar command is available on the +# system path. The default tar present in msys2\usr\bin is an msys GNU tar +# that expects forward slashes and consider ':' to be a remote tape separator +# or something weird like that. We therefore drop bat file in msys2\bin that +# redirect to the underlying executables without mucking around with +# msys2's /usr/bin itself. +{ + 'bsdtar.exe' => 'tar.bat', + 'patch.exe' => 'patch.bat', +}.each do |reference, link| + file "#{tool_path}\\bin\\#{link}" do + content "@%~dp0..\\usr\\bin\\#{reference} %*" + end +end diff --git a/ops/cookbooks/vendor/build-essential/recipes/default.rb b/ops/cookbooks/vendor/build-essential/recipes/default.rb new file mode 100644 index 0000000..a5dfed3 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/recipes/default.rb @@ -0,0 +1,24 @@ +# +# Cookbook:: build-essential +# Recipe:: default +# +# Copyright:: 2008-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Call the build-essential custom resource +# This can also be called directly in your cookbooks anywhere you want +build_essential 'install_packages' do + compile_time node['build-essential']['compile_time'] +end diff --git a/ops/cookbooks/vendor/build-essential/resources/build_essential.rb b/ops/cookbooks/vendor/build-essential/resources/build_essential.rb new file mode 100644 index 0000000..21898a4 --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/resources/build_essential.rb @@ -0,0 +1,107 @@ +# +# Cookbook:: build-essential +# resource:: build_essential +# +# Copyright:: 2008-2018, Chef Software Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) +provides :build_essential +resource_name :build_essential + +property :compile_time, [true, false], default: false + +action :install do + case node['platform_family'] + when 'debian' + package %w( autoconf binutils-doc bison build-essential flex gettext ncurses-dev ) + when 'amazon', 'fedora', 'rhel' + package %w( autoconf bison flex gcc gcc-c++ gettext kernel-devel make m4 ncurses-devel patch ) + + # Ensure GCC 4 is available on older pre-6 EL + package %w( gcc44 gcc44-c++ ) if !platform?('amazon') && node['platform_version'].to_i < 6 + when 'freebsd' + package 'devel/gmake' + package 'devel/autoconf' + package 'devel/m4' + package 'devel/gettext' + when 'mac_os_x' + xcode_command_line_tools 'install' + when 'omnios' + package 'developer/gcc48' + package 'developer/object-file' + package 'developer/linker' + package 'developer/library/lint' + package 'developer/build/gnu-make' + package 'system/header' + package 'system/library/math/header-math' + + # Per OmniOS documentation, the gcc bin dir isn't in the default + # $PATH, so add it to the running process environment + # http://omnios.omniti.com/wiki.php/DevEnv + ENV['PATH'] = "#{ENV['PATH']}:/opt/gcc-4.7.2/bin" + when 'solaris2' + if node['platform_version'].to_f == 5.10 + Chef::Log.warn('build-essential does not support Solaris 10. You will need to install SUNWbison, SUNWgcc, SUNWggrp, SUNWgmake, and SUNWgtar from the Solaris DVD') + elsif node['platform_version'].to_f == 5.11 + package 'autoconf' + package 'automake' + package 'bison' + package 'gnu-coreutils' + package 'flex' + # lock gcc versions because we don't use 5 yet + %w(gcc gcc-c gcc-c++).each do |pkg| + package pkg do # ~FC009 + accept_license true + version '4.8.2' + end + end + package 'gnu-grep' + package 'gnu-make' + package 'gnu-patch' + package 'gnu-tar' + package 'make' + package 'pkg-config' + package 'ucb' + end + when 'smartos' + package 'autoconf' + package 'binutils' + package 'build-essential' + package 'gcc47' + package 'gmake' + package 'pkg-config' + when 'suse' + package %w( autoconf bison flex gcc gcc-c++ kernel-default-devel make m4 ) + package %w( gcc48 gcc48-c++ ) if node['platform_version'].to_i < 12 + when 'windows' + include_recipe 'build-essential::_windows' + else + Chef::Log.warn <<-EOH + A build-essential recipe does not exist for '#{node['platform_family']}'. This + means the build-essential cookbook does not have support for the + #{node['platform_family']} family. If you are not compiling gems with native + extensions or building packages from source, this will likely not affect you. + EOH + end +end + +# this resource forces itself to run at compile_time +def after_created + return unless compile_time + Array(action).each do |action| + run_action(action) + end +end diff --git a/ops/cookbooks/vendor/build-essential/resources/xcode_command_line_tools.rb b/ops/cookbooks/vendor/build-essential/resources/xcode_command_line_tools.rb new file mode 100644 index 0000000..44dbfae --- /dev/null +++ b/ops/cookbooks/vendor/build-essential/resources/xcode_command_line_tools.rb @@ -0,0 +1,57 @@ +# +# Cookbook:: build-essential +# Resource:: xcode_command_line_tools +# +# Copyright:: 2014-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +resource_name :xcode_command_line_tools + +action :install do + if installed? + Chef::Log.debug("#{new_resource} already installed - skipping") + else + converge_by("Install #{new_resource}") do + # This script was graciously borrowed and modified from Tim Sutton's + # osx-vm-templates at https://github.com/timsutton/osx-vm-templates/blob/b001475df54a9808d3d56d06e71b8fa3001fff42/scripts/xcode-cli-tools.sh + execute 'install XCode Command Line tools' do + command <<-EOH.gsub(/^ {14}/, '') + # create the placeholder file that's checked by CLI updates' .dist code + # in Apple's SUS catalog + touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress + # find the CLI Tools update + PROD=$(softwareupdate -l | grep "\*.*Command Line" | tail -n 1 | awk -F"*" '{print $2}' | sed -e 's/^ *//' | tr -d '\n') + # install it + softwareupdate -i "$PROD" --verbose + # Remove the placeholder to prevent perpetual appearance in the update utility + rm -f /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress + EOH + end + end + end +end + +action_class do + # + # Determine if the XCode Command Line Tools are installed + # + # @return [true, false] + # + def installed? + cmd = Mixlib::ShellOut.new('pkgutil --pkgs=com.apple.pkg.CLTools_Executables') + cmd.run_command + cmd.error? ? false : true + end +end diff --git a/ops/cookbooks/vendor/change-me/Berksfile b/ops/cookbooks/vendor/change-me/Berksfile new file mode 100644 index 0000000..361bfaf --- /dev/null +++ b/ops/cookbooks/vendor/change-me/Berksfile @@ -0,0 +1,6 @@ +source 'https://supermarket.chef.io' + # cookbook 'mysql', '~> 8.5.1' +metadata + +cookbook 'app', path: 'app' +cookbook 't42-common', git: 'https://git.theta42.com/theta42/t42-common.git' \ No newline at end of file diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/.kitchen.yml b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/.kitchen.yml new file mode 100644 index 0000000..bc6e264 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/.kitchen.yml @@ -0,0 +1,21 @@ +--- +driver: + name: vagrant + synced_folders: + - [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data'] + +provisioner: + name: chef_zero + encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton' + data_bags_path: './data_bags' + product_name: chefdk + +platforms: + - name: ubuntu-16.04 + - name: centos-7 + +suites: + - name: default + run_list: + - recipe[test] + attributes: diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/Berksfile b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/Berksfile new file mode 100644 index 0000000..61dab72 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/Berksfile @@ -0,0 +1,7 @@ +source 'https://supermarket.chef.io' + +metadata + +group :delivery do + cookbook 'test', path: './test/fixtures/cookbooks/test' +end diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/LICENSE b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/README.md b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/README.md new file mode 100644 index 0000000..297af5a --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/README.md @@ -0,0 +1,146 @@ +# build_cookbook + +A build cookbook for running the parent project through Chef Delivery + +This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline. + +## .delivery/config.json + +In the parent directory to this build_cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration. + +## Test Kitchen - Local Verify Testing + +This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project. + +Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build_cookbook`), and run: + +``` +kitchen test +``` + +## Recipes + +Each of the recipes in this build_cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section. + +## Making Changes - Cookbook Example + +When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent. + +First, create a new branch for the changes. + +``` +git checkout -b testing-build-cookbook +``` + +Next, increment the version in the metadata.rb. This should be in the _parent_, not in this, the build_cookbook. If this is not done, the verify phase will fail. + +``` +% git diff + +-version '0.1.0' ++version '0.1.1' +``` + +The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`. + +```ruby +require 'spec_helper' + +describe 'godzilla::default' do + context 'When all attributes are default, on Ubuntu 16.04' do + let(:chef_run) do + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.converge(described_recipe) + end + + it 'installs zsh' do + expect(chef_run).to install_package('zsh') + end + end +end +``` + +Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository. + +``` +git add ../.. +git commit -m 'WIP: Testing changes' +``` + +From _this_ directory (`.delivery/build_cookbook`, relative to the parent cookbook project), run + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`. + +``` +cd ../../ +$EDITOR/recipes/default.rb +``` + +It should look like this: + +``` +package 'zsh' +``` + +Create another commit. + +``` +git add . +git commit -m 'WIP: Install zsh in default recipe' +``` + +Now rerun kitchen from the build_cookbook. + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break. + +``` +Recipe: test::default + +- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen + * execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run + - execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen + + - execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen + +Running handlers: +Running handlers complete +Chef Client finished, 3/32 resources updated in 54.665445968 seconds +Finished converging (1m26.83s). +``` + +Victory is ours! Our verify phase passed on the build nodes. + +We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added. + +``` +cd ../.. +delivery review +``` + +## FAQ + +### Why don't I just run rspec and foodcritic/rubocop on my local system? + +An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery. + +### Why do I have to make a commit every time? + +When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery. + +### What do I do next? + +Make changes in the cookbook project as required for organizational goals and needs. Modify the `build_cookbook` as necessary for the pipeline phases that the cookbook should go through. + +### What if I get stuck? + +Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck. diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/chefignore b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json new file mode 100644 index 0000000..af375ea --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json @@ -0,0 +1 @@ +{"id": "delivery_builder_keys"} \ No newline at end of file diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/metadata.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/metadata.rb new file mode 100644 index 0000000..fc26412 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/metadata.rb @@ -0,0 +1,8 @@ +name 'build_cookbook' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'all_rights' +version '0.1.0' +chef_version '>= 13.0' + +depends 'delivery-truck' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/default.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/default.rb new file mode 100644 index 0000000..5bb9df3 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/default.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::default' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/deploy.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/deploy.rb new file mode 100644 index 0000000..43af83c --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/deploy.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: deploy +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::deploy' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/functional.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/functional.rb new file mode 100644 index 0000000..66001fe --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/functional.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: functional +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::functional' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/lint.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/lint.rb new file mode 100644 index 0000000..0188770 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/lint.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: lint +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::lint' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/provision.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/provision.rb new file mode 100644 index 0000000..ac44c47 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/provision.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: provision +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::provision' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/publish.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/publish.rb new file mode 100644 index 0000000..618b3f4 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/publish.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: publish +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::publish' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/quality.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/quality.rb new file mode 100644 index 0000000..7b2ad5d --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/quality.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: quality +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::quality' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/security.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/security.rb new file mode 100644 index 0000000..00096dd --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/security.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: security +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::security' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/smoke.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/smoke.rb new file mode 100644 index 0000000..332646f --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/smoke.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: smoke +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::smoke' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/syntax.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/syntax.rb new file mode 100644 index 0000000..4052638 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/syntax.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: syntax +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::syntax' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/unit.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/unit.rb new file mode 100644 index 0000000..fde68b8 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/recipes/unit.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: unit +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::unit' diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/secrets/fakey-mcfakerton b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/secrets/fakey-mcfakerton new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb new file mode 100644 index 0000000..1725039 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb @@ -0,0 +1,2 @@ +name 'test' +version '0.1.0' \ No newline at end of file diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb new file mode 100644 index 0000000..2fd58de --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true +%w(unit lint syntax).each do |phase| + # TODO: This works on Linux/Unix. Not Windows. + execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do + cwd '/tmp/repo-data' + user 'vagrant' + environment('GIT_DISCOVERY_ACROSS_FILESYSTEM' => '1') + end +end diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/config.json b/ops/cookbooks/vendor/change-me/app/.delivery/config.json new file mode 100644 index 0000000..987952b --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/config.json @@ -0,0 +1,17 @@ +{ + "version": "2", + "build_cookbook": { + "name": "build_cookbook", + "path": ".delivery/build_cookbook" + }, + "delivery-truck": { + "lint": { + "enable_cookstyle": true + } + }, + "skip_phases": [], + "job_dispatch": { + "version": "v2" + }, + "dependencies": [] +} diff --git a/ops/cookbooks/vendor/change-me/app/.delivery/project.toml b/ops/cookbooks/vendor/change-me/app/.delivery/project.toml new file mode 100644 index 0000000..9f54c5e --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.delivery/project.toml @@ -0,0 +1,36 @@ +# Delivery Prototype for Local Phases Execution +# +# The purpose of this file is to prototype a new way to execute +# phases locally on your workstation. The delivery-cli will read +# this file and execute the command(s) that are configured for +# each phase. You can customize them by just modifying the phase +# key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# +# As this is still a prototype we are not modifying the current +# config.json file and it will continue working as usual. + +[local_phases] +unit = "chef exec rspec spec/" +lint = "chef exec cookstyle" +# Foodcritic includes rules only appropriate for community cookbooks +# uploaded to Supermarket. We turn off any rules tagged "supermarket" +# by default. If you plan to share this cookbook you should remove +# '-t ~supermarket' below to enable supermarket rules. +syntax = "chef exec foodcritic . -t ~supermarket" +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Specify a remote URI location for the `project.toml` file. +# This is useful for teams that wish to centrally manage the behavior +# of the `delivery local` command across many different projects. +# +# remote_file = "https://url/project.toml" diff --git a/ops/cookbooks/vendor/change-me/app/.gitignore b/ops/cookbooks/vendor/change-me/app/.gitignore new file mode 100644 index 0000000..13e41c4 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +.kitchen.local.yml + +# Chef +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/ops/cookbooks/vendor/change-me/app/.kitchen.yml b/ops/cookbooks/vendor/change-me/app/.kitchen.yml new file mode 100644 index 0000000..bc0455f --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/.kitchen.yml @@ -0,0 +1,26 @@ +--- +driver: + name: vagrant + +provisioner: + name: chef_zero + # You may wish to disable always updating cookbooks in CI or other testing environments. + # For example: + # always_update_cookbooks: <%= !ENV['CI'] %> + always_update_cookbooks: true + +verifier: + name: inspec + +platforms: + - name: ubuntu-16.04 + - name: centos-7 + +suites: + - name: default + run_list: + - recipe[django-bakend::default] + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/ops/cookbooks/vendor/change-me/app/Berksfile b/ops/cookbooks/vendor/change-me/app/Berksfile new file mode 100644 index 0000000..2a72827 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/Berksfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true +source 'https://supermarket.chef.io' + # cookbook 'mysql', '~> 8.5.1' + cookbook "library-cookbook", "~> 0.1.1", git: "https://github.com/example/library-cookbook.git" +metadata diff --git a/ops/cookbooks/vendor/change-me/app/CHANGELOG.md b/ops/cookbooks/vendor/change-me/app/CHANGELOG.md new file mode 100644 index 0000000..fa2cdb1 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/CHANGELOG.md @@ -0,0 +1,11 @@ +# django-bakend CHANGELOG + +This file is used to list changes made in each version of the django-bakend cookbook. + +# 0.1.0 + +Initial release. + +- change 0 +- change 1 + diff --git a/ops/cookbooks/vendor/change-me/app/LICENSE b/ops/cookbooks/vendor/change-me/app/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/vendor/change-me/app/README.md b/ops/cookbooks/vendor/change-me/app/README.md new file mode 100644 index 0000000..0bbe0ca --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/README.md @@ -0,0 +1,4 @@ +# django-backend + +TODO: Enter the cookbook description here. + diff --git a/ops/cookbooks/vendor/change-me/app/chefignore b/ops/cookbooks/vendor/change-me/app/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/change-me/app/metadata.rb b/ops/cookbooks/vendor/change-me/app/metadata.rb new file mode 100644 index 0000000..be8b94b --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/metadata.rb @@ -0,0 +1,22 @@ +name 'app' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'All Rights Reserved' +description 'Installs/Configures django-backend' +long_description 'Installs/Configures django-backend' +version '0.1.0' +chef_version '>= 13.0' + +depends 't42-common' + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//django-backend/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//django-backend' diff --git a/ops/cookbooks/vendor/change-me/app/recipes/default.rb b/ops/cookbooks/vendor/change-me/app/recipes/default.rb new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/change-me/app/spec/spec_helper.rb b/ops/cookbooks/vendor/change-me/app/spec/spec_helper.rb new file mode 100644 index 0000000..052d78a --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/spec/spec_helper.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true +require 'chefspec' +require 'chefspec/berkshelf' diff --git a/ops/cookbooks/vendor/change-me/app/spec/unit/recipes/default_spec.rb b/ops/cookbooks/vendor/change-me/app/spec/unit/recipes/default_spec.rb new file mode 100644 index 0000000..9b42aab --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/spec/unit/recipes/default_spec.rb @@ -0,0 +1,35 @@ +# +# Cookbook:: app +# Spec:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. + +require 'spec_helper' + +describe 'app::default' do + context 'When all attributes are default, on Ubuntu 16.04' do + let(:chef_run) do + # for a complete list of available platforms and versions see: + # https://github.com/customink/fauxhai/blob/master/PLATFORMS.md + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.converge(described_recipe) + end + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end + + context 'When all attributes are default, on CentOS 7.4.1708' do + let(:chef_run) do + # for a complete list of available platforms and versions see: + # https://github.com/customink/fauxhai/blob/master/PLATFORMS.md + runner = ChefSpec::ServerRunner.new(platform: 'centos', version: '7.4.1708') + runner.converge(described_recipe) + end + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end +end diff --git a/ops/cookbooks/vendor/change-me/app/test/integration/default/default_test.rb b/ops/cookbooks/vendor/change-me/app/test/integration/default/default_test.rb new file mode 100644 index 0000000..2f46d3c --- /dev/null +++ b/ops/cookbooks/vendor/change-me/app/test/integration/default/default_test.rb @@ -0,0 +1,16 @@ +# InSpec test for recipe django-bakend::default + +# The InSpec reference, with examples and extensive documentation, can be +# found at http://inspec.io/docs/reference/resources/ + +unless os.windows? + # This is an example test, replace with your own test. + describe user('root'), :skip do + it { should exist } + end +end + +# This is an example test, replace it with your own test. +describe port(80), :skip do + it { should_not be_listening } +end diff --git a/ops/cookbooks/vendor/change-me/metadata.json b/ops/cookbooks/vendor/change-me/metadata.json new file mode 100644 index 0000000..3e90b54 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/metadata.json @@ -0,0 +1,33 @@ +{ + "name": "change-me", + "description": "", + "long_description": "", + "maintainer": "", + "maintainer_email": "", + "license": "All rights reserved", + "platforms": { + + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "0.0.0", + "source_url": "", + "issues_url": "", + "privacy": false, + "chef_versions": [ + + ], + "ohai_versions": [ + + ], + "gems": [ + + ] +} diff --git a/ops/cookbooks/vendor/change-me/metadata.rb b/ops/cookbooks/vendor/change-me/metadata.rb new file mode 100644 index 0000000..3b84b32 --- /dev/null +++ b/ops/cookbooks/vendor/change-me/metadata.rb @@ -0,0 +1,3 @@ +name 'change-me' + +depnds 'app' \ No newline at end of file diff --git a/ops/cookbooks/vendor/mingw/CHANGELOG.md b/ops/cookbooks/vendor/mingw/CHANGELOG.md new file mode 100644 index 0000000..a1671ec --- /dev/null +++ b/ops/cookbooks/vendor/mingw/CHANGELOG.md @@ -0,0 +1,58 @@ +# mingw Cookbook CHANGELOG + +This file is used to list changes made in each version of the mingw cookbook. + +## 2.1.0 (2018-07-24) + +- refactor msys2 package source and checksum to attributes + +## 2.0.2 (2018-02-15) + +- Remove kind_of usage in the custom resources (FC117) + +## 2.0.1 (2017-04-26) + +- Test with Local Delivery instead of Rake +- Add chef_version to the metadata +- Use standardize Apache 2 license string + +## 2.0.0 (2017-02-27) + +- Require Chef 12.5 and remove compat_resource dependency + +## 1.2.5 (2017-01-18) + +- Require a working compat_resource + +## v1.2.4 (2016-07-26) + +- New msys2 shells do not inherit PATH from windows. Provide a way for + clients to do this. + +## v1.2.3 (2016-07-25) + +- If PKG_CONFIG_PATH is already defined, honor it in the msys2 shell. + +## v1.2.2 (2016-06-24) + +- Download msys2 from the primary download url (instead of a specific mirror). + +## v1.2.1 (2016-06-23) + +- Fix msys2 initial install/upgrade steps that dependended on file modification time. +- Make msys2_package :install idempotent - it should not reinstall packages. +- Do not allow bash.exe to be called if MSYSTEM is undefined. + +## v1.2.0 (2016-06-03) +- Updating to fix the issue where msys2 bash does not inherit the cwd correctly + +## v1.1.0 (2016-06-03) +- Add msys2 based compiler support using the new msys2_package resource + +## v1.0.0 (2016-05-11) + +- Remove unnecessary default_action from the resources +- Depend on compat_resource cookbook to add Chef 12.1 - 12.4 compatbility +- Add this changelog file +- Fix license metadata in metadata.rb +- Disable FC016 check diff --git a/ops/cookbooks/vendor/mingw/CONTRIBUTING.md b/ops/cookbooks/vendor/mingw/CONTRIBUTING.md new file mode 100644 index 0000000..ef2f2b8 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/CONTRIBUTING.md @@ -0,0 +1,2 @@ +Please refer to +https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/ops/cookbooks/vendor/mingw/README.md b/ops/cookbooks/vendor/mingw/README.md new file mode 100644 index 0000000..16da102 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/README.md @@ -0,0 +1,138 @@ +# mingw Cookbook + +[![Cookbook Version](http://img.shields.io/cookbook/v/mingw.svg)][cookbook] [![Build Status](http://img.shields.io/travis/chef-cookbooks/mingw.svg?branch=master)][travis] + +Installs a mingw/msys based compiler tools chain on windows. This is required for compiling C software from source. + +## Requirements + +### Platforms + +- Windows + +### Chef + +- Chef 12.5+ + +### Cookbooks + +- seven_zip + +## Usage + +Add this cookbook as a dependency to your cookbook in its `metadata.rb` and include the default recipe in one of your recipes. + +```ruby +# metadata.rb +depends 'mingw' +``` + +```ruby +# your recipe.rb +include_recipe 'mingw::default' +``` + +Use the `msys2_package` resource in any recipe to fetch msys2 based packages. Use the `mingw_get` resource in any recipe to fetch mingw packages. Use the `mingw_tdm_gcc` resource to fetch a version of the TDM GCC compiler. + +By default, you should prefer the msys2 packages as they are newer and better supported. C/C++ compilers on windows use various different exception formats and you need to pick the right one for your task. In the 32-bit world, you have SJLJ (set-jump/long-jump) based exception handling and DWARF-2 (shortened to DW2) based exception handling. SJLJ produces code that can happily throw exceptions across stack frames of code compiled by MSVC. DW2 involves more extensive metadata but produces code that cannot unwind MSVC generated stack-frames - hence you need to ensure that you don't have any code that throws across a "system call". Certain languages and runtimes have specific requirements as to the exception format supported. As an example, if you are building code for Rust, you will probably need a modern gcc from msys2 with DW2 support as that's what the panic/exception formatter in Rust depends on. In a 64-bit world, you may still use SJLJ but compilers all commonly support SEH (structured exception handling). + +Of course, to further complicate matters, different versions of different compilers support different exception handling. The default compilers that come with mingw_get are 32-bit only compilers and support DW2\. The TDM compilers come in 3 flavors: a 32-bit only version with SJLJ support, a 32-bit only version with DW2 support and a "multilib" compiler which supports only SJLJ in 32-bit mode but can produce 64-bit SEH code. The standard library support varies drastically between these various compiler flavors (even within the same version). In msys2, you can install a mingw-w64 based compilers for either 32-bit DW2 support or 64-bit SEH support. If all this hurts your brain, I can only apologize. + +## Resources + +### msys2_package + +- ':install' - Installs an msys2 package using pacman. +- ':remove' - Uninstalls any existing msys2 package. +- ':upgrade' - Upgrades the specified package using pacman. + +All options also automatically attempt to install a 64-bit based msys2 base file system at the root path specified. Note that you probably won't need a "32-bit" msys2 unless you are actually on a 32-bit only platform. You can still install both 32 and 64-bit compilers and libraries in a 64-bit msys2 base file system. + +#### Attributes + +- `node['msys2']['url']` - overrides the url from which to download the package. +- `node['msys2']['checksum']` - overrides the checksum used to verify the downloaded package. + +#### Parameters + +- `package` - An msys2 pacman package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute. +- `root` - The root directory where msys2 tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles. + +#### Examples + +To get the core msys2 developer tools in `C:\msys2` + +```ruby +msys2_package 'base-devel' do + root 'C:\msys2' +end +``` + +### mingw_get + +#### Actions + +- `:install` - Installs a mingw package from sourceforge using mingw-get.exe. +- `:remove` - Uninstalls a mingw package. +- `:upgrade` - Upgrades a mingw package (even to a lower version). + +#### Parameters + +- `package` - A mingw-get package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute. +- `root` - The root directory where msys and mingw tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles. + +#### Examples + +To get the core msys developer tools in `C:\mingw32` + +```ruby +mingw_get 'msys-base=2013072300-msys-bin.meta' do + root 'C:\mingw32' +end +``` + +### mingw_tdm_gcc + +#### Actions + +- `:install` - Installs the TDM compiler toolchain at the given path. This only gives you a compiler. If you need any support tooling such as make/grep/awk/bash etc., see `mingw_get`. + +#### Parameters + +- `flavor` - Either `:sjlj_32` or `:seh_sjlj_64`. TDM-64 is a 32/64-bit multi-lib "cross-compiler" toolchain that builds 64-bit by default. It uses structured exception handling (SEH) in 64-bit code and setjump-longjump exception handling (SJLJ) in 32-bit code. TDM-32 only builds 32-bit binaries and uses SJLJ. +- `root` - The root directory where compiler tools and runtime will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles. +- `version` - The version of the compiler to fetch and install. This is the name attribute. Currently, '5.1.0' is supported. + +#### Examples + +To get the 32-bit TDM GCC compiler in `C:\mingw32` + +```ruby +mingw_tdm_gcc '5.1.0' do + flavor :sjlj_32 + root 'C:\mingw32' +end +``` + +## License & Authors + +**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) + +**Copyright:** 2009-2016, Chef Software, Inc. + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` + +[cookbook]: https://supermarket.chef.io/cookbooks/mingw +[travis]: http://travis-ci.org/chef-cookbooks/mingw diff --git a/ops/cookbooks/vendor/mingw/attributes/default.rb b/ops/cookbooks/vendor/mingw/attributes/default.rb new file mode 100644 index 0000000..9176ec3 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/attributes/default.rb @@ -0,0 +1,3 @@ +# override these attributes to pull the msys2 package from a custom url +default['msys2']['url'] = 'http://downloads.sourceforge.net/project/msys2/Base/x86_64/msys2-base-x86_64-20160205.tar.xz' +default['msys2']['checksum'] = '7e97e2af042e1b6f62cf0298fe84839014ef3d4a3e7825cffc6931c66cc0fc20' diff --git a/ops/cookbooks/vendor/mingw/files/default/bash.bat b/ops/cookbooks/vendor/mingw/files/default/bash.bat new file mode 100644 index 0000000..97a7f99 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/files/default/bash.bat @@ -0,0 +1,17 @@ +@echo off +set HOME=/home/%USERNAME% + +IF "%MSYSTEM%"=="" ( + echo MSYSTEM is NOT defined + exit +) + +rem Ask MSYS to initialize with a minimal path by default. +rem This will put only the windows system paths into the msys path. +set MSYS2_PATH_TYPE=minimal + +rem See /etc/profile - it should invoke post-install step 05-home-dir.post +rem which uses this environment variable to change directories. +set CHERE_INVOKING=1 + +%~dp0..\usr\bin\bash.exe -l %* diff --git a/ops/cookbooks/vendor/mingw/files/default/custom-upgrade.sh b/ops/cookbooks/vendor/mingw/files/default/custom-upgrade.sh new file mode 100644 index 0000000..db729eb --- /dev/null +++ b/ops/cookbooks/vendor/mingw/files/default/custom-upgrade.sh @@ -0,0 +1,23 @@ +declare -r CRITICAL_PACKAGES="bash pacman msys2-runtime" +declare -r OPTIONAL_PACKAGES="msys2-runtime-devel" + +# set pacman command if not already defined +PACMAN=${PACMAN:-pacman} +# save full path to command as PATH may change when sourcing /etc/profile +PACMAN_PATH=$(type -P $PACMAN) + +run_pacman() { + local cmd + cmd=("$PACMAN_PATH" "$@") + "${cmd[@]}" +} + +if ! run_pacman -Sy; then + exit 1 +fi + +run_pacman -Qu ${CRITICAL_PACKAGES} + +if ! run_pacman -S --noconfirm --needed ${CRITICAL_PACKAGES} ${OPTIONAL_PACKAGES}; then + exit 1 +fi diff --git a/ops/cookbooks/vendor/mingw/files/default/custom_prefix.sh b/ops/cookbooks/vendor/mingw/files/default/custom_prefix.sh new file mode 100644 index 0000000..85a1e2e --- /dev/null +++ b/ops/cookbooks/vendor/mingw/files/default/custom_prefix.sh @@ -0,0 +1,13 @@ +# Prepend values from the parent environment to msys2 environment variables. + +export PKG_CONFIG_PATH="${PREMSYS2_PKG_CONFIG_PATH:+${PREMSYS2_PKG_CONFIG_PATH}:}${PKG_CONFIG_PATH}" + +# Instead of placing our entire windows path into msys2, we can selectively +# prepend just the important parts that we need. This also ensures that +# we don't accidentally add other unnecessary chef or git msys2 library +# files in the path. +export PATH="${PREMSYS2_PATH:+${PREMSYS2_PATH}:}${PATH}" + +# TODO: If there are other variabled we want to control like MANPATH or ACLOCALPATH, +# add those here. + diff --git a/ops/cookbooks/vendor/mingw/files/default/pthread.h b/ops/cookbooks/vendor/mingw/files/default/pthread.h new file mode 100644 index 0000000..ac8fb37 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/files/default/pthread.h @@ -0,0 +1,719 @@ +/* + Copyright (c) 2011-2013 mingw-w64 project + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. +*/ + +/* + * Parts of this library are derived by: + * + * Posix Threads library for Microsoft Windows + * + * Use at own risk, there is no implied warranty to this code. + * It uses undocumented features of Microsoft Windows that can change + * at any time in the future. + * + * (C) 2010 Lockless Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of Lockless Inc. nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AN + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef WIN_PTHREADS_H +#define WIN_PTHREADS_H + +#include +#include +#include + +#include +#include +#include + +#include + +#include "pthread_compat.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define __WINPTHREADS_VERSION_MAJOR 0 +#define __WINPTHREADS_VERSION_MINOR 5 +#define __WINPTHREADS_VERSION_PATCHLEVEL 0 + +/* MSB 8-bit major version, 8-bit minor version, 16-bit patch level. */ +#define __WINPTHREADS_VERSION 0x00050000 + +#if defined DLL_EXPORT && !defined WINPTHREAD_STATIC +#ifdef IN_WINPTHREAD +#define WINPTHREAD_API __declspec(dllexport) +#else +#define WINPTHREAD_API __declspec(dllimport) +#endif +#else +#define WINPTHREAD_API +#endif + +/* #define WINPTHREAD_DBG 1 */ + +/* Compatibility stuff: */ +#define RWLS_PER_THREAD 8 + +/* Error-codes. */ +#ifndef ETIMEDOUT +#define ETIMEDOUT 138 +#endif +#ifndef ENOTSUP +#define ENOTSUP 129 +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK 140 +#endif + +/* pthread specific defines. */ + +#define PTHREAD_CANCEL_DISABLE 0 +#define PTHREAD_CANCEL_ENABLE 0x01 + +#define PTHREAD_CANCEL_DEFERRED 0 +#define PTHREAD_CANCEL_ASYNCHRONOUS 0x02 + +#define PTHREAD_CREATE_JOINABLE 0 +#define PTHREAD_CREATE_DETACHED 0x04 + +#define PTHREAD_EXPLICIT_SCHED 0 +#define PTHREAD_INHERIT_SCHED 0x08 + +#define PTHREAD_SCOPE_PROCESS 0 +#define PTHREAD_SCOPE_SYSTEM 0x10 + +#define PTHREAD_DEFAULT_ATTR (PTHREAD_CANCEL_ENABLE) + +#define PTHREAD_CANCELED ((void *) (intptr_t) 0xDEADBEEF) + +#define _PTHREAD_NULL_THREAD ((pthread_t) 0) + +#define PTHREAD_ONCE_INIT 0 + +#define PTHREAD_DESTRUCTOR_ITERATIONS 256 +#define PTHREAD_KEYS_MAX (1<<20) + +#define PTHREAD_MUTEX_NORMAL 0 +#define PTHREAD_MUTEX_ERRORCHECK 1 +#define PTHREAD_MUTEX_RECURSIVE 2 +#define PTHREAD_MUTEX_DEFAULT PTHREAD_MUTEX_NORMAL + +#define PTHREAD_MUTEX_SHARED 1 +#define PTHREAD_MUTEX_PRIVATE 0 + +#define PTHREAD_PRIO_NONE 0 +#define PTHREAD_PRIO_INHERIT 8 +#define PTHREAD_PRIO_PROTECT 16 +#define PTHREAD_PRIO_MULT 32 +#define PTHREAD_PROCESS_SHARED 1 +#define PTHREAD_PROCESS_PRIVATE 0 + +#define PTHREAD_MUTEX_FAST_NP PTHREAD_MUTEX_NORMAL +#define PTHREAD_MUTEX_TIMED_NP PTHREAD_MUTEX_FAST_NP +#define PTHREAD_MUTEX_ADAPTIVE_NP PTHREAD_MUTEX_FAST_NP +#define PTHREAD_MUTEX_ERRORCHECK_NP PTHREAD_MUTEX_ERRORCHECK +#define PTHREAD_MUTEX_RECURSIVE_NP PTHREAD_MUTEX_RECURSIVE + +void * WINPTHREAD_API pthread_timechange_handler_np(void * dummy); +/* int WINPTHREAD_API pthread_delay_np (const struct timespec *interval); */ +int WINPTHREAD_API pthread_num_processors_np(void); +int WINPTHREAD_API pthread_set_num_processors_np(int n); + +#define PTHREAD_BARRIER_SERIAL_THREAD 1 + +/* maximum number of times a read lock may be obtained */ +#define MAX_READ_LOCKS (INT_MAX - 1) + +/* No fork() in windows - so ignore this */ +#define pthread_atfork(F1,F2,F3) 0 + +/* unsupported stuff: */ +#define pthread_mutex_getprioceiling(M, P) ENOTSUP +#define pthread_mutex_setprioceiling(M, P) ENOTSUP +#define pthread_getcpuclockid(T, C) ENOTSUP +#define pthread_attr_getguardsize(A, S) ENOTSUP +#define pthread_attr_setgaurdsize(A, S) ENOTSUP + +typedef long pthread_once_t; +typedef unsigned pthread_mutexattr_t; +typedef unsigned pthread_key_t; +typedef void *pthread_barrierattr_t; +typedef int pthread_condattr_t; +typedef int pthread_rwlockattr_t; + +/* +struct _pthread_v; + +typedef struct pthread_t { + struct _pthread_v *p; + int x; +} pthread_t; +*/ + +typedef uintptr_t pthread_t; + +typedef struct _pthread_cleanup _pthread_cleanup; +struct _pthread_cleanup +{ + void (*func)(void *); + void *arg; + _pthread_cleanup *next; +}; + +#define pthread_cleanup_push(F, A)\ +{\ + const _pthread_cleanup _pthread_cup = {(F), (A), *pthread_getclean()};\ + __sync_synchronize();\ + *pthread_getclean() = (_pthread_cleanup *) &_pthread_cup;\ + __sync_synchronize() + +/* Note that if async cancelling is used, then there is a race here */ +#define pthread_cleanup_pop(E)\ + (*pthread_getclean() = _pthread_cup.next, (E?_pthread_cup.func((pthread_once_t *)_pthread_cup.arg):0));} + +/* ------------------------------------------------------------------- + * CHEF PATCHES + * + * PREVENT REDECLERATION OF timespec + * + * The original header here assumed that struct timespec was not + * available on windows under mingw. So it redeclared timespec itself. + * + * This currently generates and error. With recent binutils, timespec + * is declared in time.h but in a slightly different manner from the + * traditional posix definition (it involves unions) to account for + * MSVC related issues. + * + * They need to go through a lot of hoops to declare the exact size + * and layout of timespec because MSVC uses a slightly more loltastic + * definition of time_t than everyone else in the universe. + * Traditionally, time_t was an integral quantity that represents the + * number of seconds since the unix epoch and it's 32-bits wide. + * This leads to the Y2038 problem where the timestamp will overflow. + * MSVC "solves" this by changing the definition of time_t to 64-bit + * on 64-bit platforms which wreaks havoc on a large number of + * structs that need to deal with the new layout (including timespec). + * Thankfully, we are using a compiler that sticks to the older + * definition of time_t - so as long as we don't attempt to link it + * to any MSVC generated libraries, we should be ok. The winpthreads + * compatibility layer that ships with TDM GCC was patched and + * compiled under these assumptions. + * + * Since we are assuming that we aren't going to generally be mixing + * MSVC generated and mingw generated dlls and TDM GCC provides us with + * good old-fashioned system libraries and dlls, we can simply delete + * the declaration of timespec here and use parts/time.h from mingwrt + * instead. + */ + +#define __need_time_t +#define __need_struct_timespec +#define _FAKE_TIME_H_SOURCED 1 +#include + +/* END OF CHEF PATCHES + * ------------------------------------------------------------------- + */ + +#ifndef SCHED_OTHER +/* Some POSIX realtime extensions, mostly stubbed */ +#define SCHED_OTHER 0 +#define SCHED_FIFO 1 +#define SCHED_RR 2 +#define SCHED_MIN SCHED_OTHER +#define SCHED_MAX SCHED_RR + +struct sched_param { + int sched_priority; +}; + +int WINPTHREAD_API sched_yield(void); +int WINPTHREAD_API sched_get_priority_min(int pol); +int WINPTHREAD_API sched_get_priority_max(int pol); +int WINPTHREAD_API sched_getscheduler(pid_t pid); +int WINPTHREAD_API sched_setscheduler(pid_t pid, int pol, const struct sched_param *param); + +#endif + +typedef struct pthread_attr_t pthread_attr_t; +struct pthread_attr_t +{ + unsigned p_state; + void *stack; + size_t s_size; + struct sched_param param; +}; + +int WINPTHREAD_API pthread_attr_setschedparam(pthread_attr_t *attr, const struct sched_param *param); +int WINPTHREAD_API pthread_attr_getschedparam(const pthread_attr_t *attr, struct sched_param *param); +int WINPTHREAD_API pthread_getschedparam(pthread_t thread, int *pol, struct sched_param *param); +int WINPTHREAD_API pthread_setschedparam(pthread_t thread, int pol, const struct sched_param *param); +int WINPTHREAD_API pthread_attr_setschedpolicy (pthread_attr_t *attr, int pol); +int WINPTHREAD_API pthread_attr_getschedpolicy (pthread_attr_t *attr, int *pol); + +/* synchronization objects */ +typedef void *pthread_spinlock_t; +typedef void *pthread_mutex_t; +typedef void *pthread_cond_t; +typedef void *pthread_rwlock_t; +typedef void *pthread_barrier_t; + +#define PTHREAD_MUTEX_NORMAL 0 +#define PTHREAD_MUTEX_ERRORCHECK 1 +#define PTHREAD_MUTEX_RECURSIVE 2 + +#define GENERIC_INITIALIZER ((void *) (size_t) -1) +#define GENERIC_ERRORCHECK_INITIALIZER ((void *) (size_t) -2) +#define GENERIC_RECURSIVE_INITIALIZER ((void *) (size_t) -3) +#define GENERIC_NORMAL_INITIALIZER ((void *) (size_t) -1) +#define PTHREAD_MUTEX_INITIALIZER (pthread_mutex_t)GENERIC_INITIALIZER +#define PTHREAD_RECURSIVE_MUTEX_INITIALIZER (pthread_mutex_t)GENERIC_RECURSIVE_INITIALIZER +#define PTHREAD_ERRORCHECK_MUTEX_INITIALIZER (pthread_mutex_t)GENERIC_ERRORCHECK_INITIALIZER +#define PTHREAD_NORMAL_MUTEX_INITIALIZER (pthread_mutex_t)GENERIC_NORMAL_INITIALIZER +#define PTHREAD_DEFAULT_MUTEX_INITIALIZER PTHREAD_NORMAL_MUTEX_INITIALIZER +#define PTHREAD_COND_INITIALIZER (pthread_cond_t)GENERIC_INITIALIZER +#define PTHREAD_RWLOCK_INITIALIZER (pthread_rwlock_t)GENERIC_INITIALIZER +#define PTHREAD_SPINLOCK_INITIALIZER (pthread_spinlock_t)GENERIC_INITIALIZER + +extern void WINPTHREAD_API (**_pthread_key_dest)(void *); +int WINPTHREAD_API pthread_key_create(pthread_key_t *key, void (* dest)(void *)); +int WINPTHREAD_API pthread_key_delete(pthread_key_t key); +void * WINPTHREAD_API pthread_getspecific(pthread_key_t key); +int WINPTHREAD_API pthread_setspecific(pthread_key_t key, const void *value); + +pthread_t WINPTHREAD_API pthread_self(void); +int WINPTHREAD_API pthread_once(pthread_once_t *o, void (*func)(void)); +void WINPTHREAD_API pthread_testcancel(void); +int WINPTHREAD_API pthread_equal(pthread_t t1, pthread_t t2); +void WINPTHREAD_API pthread_tls_init(void); +void WINPTHREAD_API _pthread_cleanup_dest(pthread_t t); +int WINPTHREAD_API pthread_get_concurrency(int *val); +int WINPTHREAD_API pthread_set_concurrency(int val); +void WINPTHREAD_API pthread_exit(void *res); +void WINPTHREAD_API _pthread_invoke_cancel(void); +int WINPTHREAD_API pthread_cancel(pthread_t t); +int WINPTHREAD_API pthread_kill(pthread_t t, int sig); +unsigned WINPTHREAD_API _pthread_get_state(const pthread_attr_t *attr, unsigned flag); +int WINPTHREAD_API _pthread_set_state(pthread_attr_t *attr, unsigned flag, unsigned val); +int WINPTHREAD_API pthread_setcancelstate(int state, int *oldstate); +int WINPTHREAD_API pthread_setcanceltype(int type, int *oldtype); +int WINPTHREAD_API pthread_create_wrapper(void *args); +int WINPTHREAD_API pthread_create(pthread_t *th, const pthread_attr_t *attr, void *(* func)(void *), void *arg); +int WINPTHREAD_API pthread_join(pthread_t t, void **res); +int WINPTHREAD_API pthread_detach(pthread_t t); + +int WINPTHREAD_API pthread_rwlock_init(pthread_rwlock_t *rwlock_, const pthread_rwlockattr_t *attr); +int WINPTHREAD_API pthread_rwlock_wrlock(pthread_rwlock_t *l); +int WINPTHREAD_API pthread_rwlock_timedwrlock(pthread_rwlock_t *rwlock, const struct timespec *ts); +int WINPTHREAD_API pthread_rwlock_rdlock(pthread_rwlock_t *l); +int WINPTHREAD_API pthread_rwlock_timedrdlock(pthread_rwlock_t *l, const struct timespec *ts); +int WINPTHREAD_API pthread_rwlock_unlock(pthread_rwlock_t *l); +int WINPTHREAD_API pthread_rwlock_tryrdlock(pthread_rwlock_t *l); +int WINPTHREAD_API pthread_rwlock_trywrlock(pthread_rwlock_t *l); +int WINPTHREAD_API pthread_rwlock_destroy (pthread_rwlock_t *l); + +int WINPTHREAD_API pthread_cond_init(pthread_cond_t *cv, const pthread_condattr_t *a); +int WINPTHREAD_API pthread_cond_destroy(pthread_cond_t *cv); +int WINPTHREAD_API pthread_cond_signal (pthread_cond_t *cv); +int WINPTHREAD_API pthread_cond_broadcast (pthread_cond_t *cv); +int WINPTHREAD_API pthread_cond_wait (pthread_cond_t *cv, pthread_mutex_t *external_mutex); +int WINPTHREAD_API pthread_cond_timedwait(pthread_cond_t *cv, pthread_mutex_t *external_mutex, const struct timespec *t); +int WINPTHREAD_API pthread_cond_timedwait_relative_np(pthread_cond_t *cv, pthread_mutex_t *external_mutex, const struct timespec *t); + +int WINPTHREAD_API pthread_mutex_lock(pthread_mutex_t *m); +int WINPTHREAD_API pthread_mutex_timedlock(pthread_mutex_t *m, const struct timespec *ts); +int WINPTHREAD_API pthread_mutex_unlock(pthread_mutex_t *m); +int WINPTHREAD_API pthread_mutex_trylock(pthread_mutex_t *m); +int WINPTHREAD_API pthread_mutex_init(pthread_mutex_t *m, const pthread_mutexattr_t *a); +int WINPTHREAD_API pthread_mutex_destroy(pthread_mutex_t *m); + +int WINPTHREAD_API pthread_barrier_destroy(pthread_barrier_t *b); +int WINPTHREAD_API pthread_barrier_init(pthread_barrier_t *b, const void *attr, unsigned int count); +int WINPTHREAD_API pthread_barrier_wait(pthread_barrier_t *b); + +int WINPTHREAD_API pthread_spin_init(pthread_spinlock_t *l, int pshared); +int WINPTHREAD_API pthread_spin_destroy(pthread_spinlock_t *l); +/* No-fair spinlock due to lack of knowledge of thread number. */ +int WINPTHREAD_API pthread_spin_lock(pthread_spinlock_t *l); +int WINPTHREAD_API pthread_spin_trylock(pthread_spinlock_t *l); +int WINPTHREAD_API pthread_spin_unlock(pthread_spinlock_t *l); + +int WINPTHREAD_API pthread_attr_init(pthread_attr_t *attr); +int WINPTHREAD_API pthread_attr_destroy(pthread_attr_t *attr); +int WINPTHREAD_API pthread_attr_setdetachstate(pthread_attr_t *a, int flag); +int WINPTHREAD_API pthread_attr_getdetachstate(const pthread_attr_t *a, int *flag); +int WINPTHREAD_API pthread_attr_setinheritsched(pthread_attr_t *a, int flag); +int WINPTHREAD_API pthread_attr_getinheritsched(const pthread_attr_t *a, int *flag); +int WINPTHREAD_API pthread_attr_setscope(pthread_attr_t *a, int flag); +int WINPTHREAD_API pthread_attr_getscope(const pthread_attr_t *a, int *flag); +int WINPTHREAD_API pthread_attr_getstackaddr(pthread_attr_t *attr, void **stack); +int WINPTHREAD_API pthread_attr_setstackaddr(pthread_attr_t *attr, void *stack); +int WINPTHREAD_API pthread_attr_getstacksize(const pthread_attr_t *attr, size_t *size); +int WINPTHREAD_API pthread_attr_setstacksize(pthread_attr_t *attr, size_t size); + +int WINPTHREAD_API pthread_mutexattr_init(pthread_mutexattr_t *a); +int WINPTHREAD_API pthread_mutexattr_destroy(pthread_mutexattr_t *a); +int WINPTHREAD_API pthread_mutexattr_gettype(const pthread_mutexattr_t *a, int *type); +int WINPTHREAD_API pthread_mutexattr_settype(pthread_mutexattr_t *a, int type); +int WINPTHREAD_API pthread_mutexattr_getpshared(const pthread_mutexattr_t *a, int *type); +int WINPTHREAD_API pthread_mutexattr_setpshared(pthread_mutexattr_t * a, int type); +int WINPTHREAD_API pthread_mutexattr_getprotocol(const pthread_mutexattr_t *a, int *type); +int WINPTHREAD_API pthread_mutexattr_setprotocol(pthread_mutexattr_t *a, int type); +int WINPTHREAD_API pthread_mutexattr_getprioceiling(const pthread_mutexattr_t *a, int * prio); +int WINPTHREAD_API pthread_mutexattr_setprioceiling(pthread_mutexattr_t *a, int prio); +int WINPTHREAD_API pthread_getconcurrency(void); +int WINPTHREAD_API pthread_setconcurrency(int new_level); + +int WINPTHREAD_API pthread_condattr_destroy(pthread_condattr_t *a); +int WINPTHREAD_API pthread_condattr_init(pthread_condattr_t *a); +int WINPTHREAD_API pthread_condattr_getpshared(const pthread_condattr_t *a, int *s); +int WINPTHREAD_API pthread_condattr_setpshared(pthread_condattr_t *a, int s); + +#ifndef __clockid_t_defined +typedef int clockid_t; +#define __clockid_t_defined 1 +#endif /* __clockid_t_defined */ + +int WINPTHREAD_API pthread_condattr_getclock (const pthread_condattr_t *attr, + clockid_t *clock_id); +int WINPTHREAD_API pthread_condattr_setclock(pthread_condattr_t *attr, + clockid_t clock_id); +int WINPTHREAD_API __pthread_clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); + +int WINPTHREAD_API pthread_barrierattr_init(void **attr); +int WINPTHREAD_API pthread_barrierattr_destroy(void **attr); +int WINPTHREAD_API pthread_barrierattr_setpshared(void **attr, int s); +int WINPTHREAD_API pthread_barrierattr_getpshared(void **attr, int *s); + +/* Private extensions for analysis and internal use. */ +struct _pthread_cleanup ** WINPTHREAD_API pthread_getclean (void); +void * WINPTHREAD_API pthread_gethandle (pthread_t t); +void * WINPTHREAD_API pthread_getevent (); + +unsigned long long WINPTHREAD_API _pthread_rel_time_in_ms(const struct timespec *ts); +unsigned long long WINPTHREAD_API _pthread_time_in_ms(void); +unsigned long long WINPTHREAD_API _pthread_time_in_ms_from_timespec(const struct timespec *ts); +int WINPTHREAD_API _pthread_tryjoin (pthread_t t, void **res); +int WINPTHREAD_API pthread_rwlockattr_destroy(pthread_rwlockattr_t *a); +int WINPTHREAD_API pthread_rwlockattr_getpshared(pthread_rwlockattr_t *a, int *s); +int WINPTHREAD_API pthread_rwlockattr_init(pthread_rwlockattr_t *a); +int WINPTHREAD_API pthread_rwlockattr_setpshared(pthread_rwlockattr_t *a, int s); + +#ifndef SIG_BLOCK +#define SIG_BLOCK 0 +#endif +#ifndef SIG_UNBLOCK +#define SIG_UNBLOCK 1 +#endif +#ifndef SIG_SETMASK +#define SIG_SETMASK 2 +#endif + +#include + +#undef _POSIX_THREAD_DESTRUCTOR_ITERATIONS +#define _POSIX_THREAD_DESTRUCTOR_ITERATIONS PTHREAD_DESTRUCTOR_ITERATIONS + +#undef _POSIX_THREAD_KEYS_MAX +#define _POSIX_THREAD_KEYS_MAX PTHREAD_KEYS_MAX + +#undef PTHREAD_THREADS_MAX +#define PTHREAD_THREADS_MAX 2019 + +#undef _POSIX_SEM_NSEMS_MAX +#define _POSIX_SEM_NSEMS_MAX 256 + +#undef SEM_NSEMS_MAX +#define SEM_NSEMS_MAX 1024 + +/* Wrap cancellation points. */ +#ifdef __WINPTRHEAD_ENABLE_WRAP_API +#define accept(...) (pthread_testcancel(), accept(__VA_ARGS__)) +#define aio_suspend(...) (pthread_testcancel(), aio_suspend(__VA_ARGS__)) +#define clock_nanosleep(...) (pthread_testcancel(), clock_nanosleep(__VA_ARGS__)) +#define close(...) (pthread_testcancel(), close(__VA_ARGS__)) +#define connect(...) (pthread_testcancel(), connect(__VA_ARGS__)) +#define creat(...) (pthread_testcancel(), creat(__VA_ARGS__)) +#define fcntl(...) (pthread_testcancel(), fcntl(__VA_ARGS__)) +#define fdatasync(...) (pthread_testcancel(), fdatasync(__VA_ARGS__)) +#define fsync(...) (pthread_testcancel(), fsync(__VA_ARGS__)) +#define getmsg(...) (pthread_testcancel(), getmsg(__VA_ARGS__)) +#define getpmsg(...) (pthread_testcancel(), getpmsg(__VA_ARGS__)) +#define lockf(...) (pthread_testcancel(), lockf(__VA_ARGS__)) +#define mg_receive(...) (pthread_testcancel(), mg_receive(__VA_ARGS__)) +#define mg_send(...) (pthread_testcancel(), mg_send(__VA_ARGS__)) +#define mg_timedreceive(...) (pthread_testcancel(), mg_timedreceive(__VA_ARGS__)) +#define mg_timessend(...) (pthread_testcancel(), mg_timedsend(__VA_ARGS__)) +#define msgrcv(...) (pthread_testcancel(), msgrecv(__VA_ARGS__)) +#define msgsnd(...) (pthread_testcancel(), msgsnd(__VA_ARGS__)) +#define msync(...) (pthread_testcancel(), msync(__VA_ARGS__)) +#define nanosleep(...) (pthread_testcancel(), nanosleep(__VA_ARGS__)) +#define open(...) (pthread_testcancel(), open(__VA_ARGS__)) +#define pause(...) (pthread_testcancel(), pause(__VA_ARGS__)) +#define poll(...) (pthread_testcancel(), poll(__VA_ARGS__)) +#define pread(...) (pthread_testcancel(), pread(__VA_ARGS__)) +#define pselect(...) (pthread_testcancel(), pselect(__VA_ARGS__)) +#define putmsg(...) (pthread_testcancel(), putmsg(__VA_ARGS__)) +#define putpmsg(...) (pthread_testcancel(), putpmsg(__VA_ARGS__)) +#define pwrite(...) (pthread_testcancel(), pwrite(__VA_ARGS__)) +#define read(...) (pthread_testcancel(), read(__VA_ARGS__)) +#define readv(...) (pthread_testcancel(), readv(__VA_ARGS__)) +#define recv(...) (pthread_testcancel(), recv(__VA_ARGS__)) +#define recvfrom(...) (pthread_testcancel(), recvfrom(__VA_ARGS__)) +#define recvmsg(...) (pthread_testcancel(), recvmsg(__VA_ARGS__)) +#define select(...) (pthread_testcancel(), select(__VA_ARGS__)) +#define sem_timedwait(...) (pthread_testcancel(), sem_timedwait(__VA_ARGS__)) +#define sem_wait(...) (pthread_testcancel(), sem_wait(__VA_ARGS__)) +#define send(...) (pthread_testcancel(), send(__VA_ARGS__)) +#define sendmsg(...) (pthread_testcancel(), sendmsg(__VA_ARGS__)) +#define sendto(...) (pthread_testcancel(), sendto(__VA_ARGS__)) +#define sigpause(...) (pthread_testcancel(), sigpause(__VA_ARGS__)) +#define sigsuspend(...) (pthread_testcancel(), sigsuspend(__VA_ARGS__)) +#define sigwait(...) (pthread_testcancel(), sigwait(__VA_ARGS__)) +#define sigwaitinfo(...) (pthread_testcancel(), sigwaitinfo(__VA_ARGS__)) +#define sleep(...) (pthread_testcancel(), sleep(__VA_ARGS__)) +//#define Sleep(...) (pthread_testcancel(), Sleep(__VA_ARGS__)) +#define system(...) (pthread_testcancel(), system(__VA_ARGS__)) +#define access(...) (pthread_testcancel(), access(__VA_ARGS__)) +#define asctime(...) (pthread_testcancel(), asctime(__VA_ARGS__)) +#define catclose(...) (pthread_testcancel(), catclose(__VA_ARGS__)) +#define catgets(...) (pthread_testcancel(), catgets(__VA_ARGS__)) +#define catopen(...) (pthread_testcancel(), catopen(__VA_ARGS__)) +#define closedir(...) (pthread_testcancel(), closedir(__VA_ARGS__)) +#define closelog(...) (pthread_testcancel(), closelog(__VA_ARGS__)) +#define ctermid(...) (pthread_testcancel(), ctermid(__VA_ARGS__)) +#define ctime(...) (pthread_testcancel(), ctime(__VA_ARGS__)) +#define dbm_close(...) (pthread_testcancel(), dbm_close(__VA_ARGS__)) +#define dbm_delete(...) (pthread_testcancel(), dbm_delete(__VA_ARGS__)) +#define dbm_fetch(...) (pthread_testcancel(), dbm_fetch(__VA_ARGS__)) +#define dbm_nextkey(...) (pthread_testcancel(), dbm_nextkey(__VA_ARGS__)) +#define dbm_open(...) (pthread_testcancel(), dbm_open(__VA_ARGS__)) +#define dbm_store(...) (pthread_testcancel(), dbm_store(__VA_ARGS__)) +#define dlclose(...) (pthread_testcancel(), dlclose(__VA_ARGS__)) +#define dlopen(...) (pthread_testcancel(), dlopen(__VA_ARGS__)) +#define endgrent(...) (pthread_testcancel(), endgrent(__VA_ARGS__)) +#define endhostent(...) (pthread_testcancel(), endhostent(__VA_ARGS__)) +#define endnetent(...) (pthread_testcancel(), endnetent(__VA_ARGS__)) +#define endprotoent(...) (pthread_testcancel(), endprotoend(__VA_ARGS__)) +#define endpwent(...) (pthread_testcancel(), endpwent(__VA_ARGS__)) +#define endservent(...) (pthread_testcancel(), endservent(__VA_ARGS__)) +#define endutxent(...) (pthread_testcancel(), endutxent(__VA_ARGS__)) +#define fclose(...) (pthread_testcancel(), fclose(__VA_ARGS__)) +#define fflush(...) (pthread_testcancel(), fflush(__VA_ARGS__)) +#define fgetc(...) (pthread_testcancel(), fgetc(__VA_ARGS__)) +#define fgetpos(...) (pthread_testcancel(), fgetpos(__VA_ARGS__)) +#define fgets(...) (pthread_testcancel(), fgets(__VA_ARGS__)) +#define fgetwc(...) (pthread_testcancel(), fgetwc(__VA_ARGS__)) +#define fgetws(...) (pthread_testcancel(), fgetws(__VA_ARGS__)) +#define fmtmsg(...) (pthread_testcancel(), fmtmsg(__VA_ARGS__)) +#define fopen(...) (pthread_testcancel(), fopen(__VA_ARGS__)) +#define fpathconf(...) (pthread_testcancel(), fpathconf(__VA_ARGS__)) +#define fprintf(...) (pthread_testcancel(), fprintf(__VA_ARGS__)) +#define fputc(...) (pthread_testcancel(), fputc(__VA_ARGS__)) +#define fputs(...) (pthread_testcancel(), fputs(__VA_ARGS__)) +#define fputwc(...) (pthread_testcancel(), fputwc(__VA_ARGS__)) +#define fputws(...) (pthread_testcancel(), fputws(__VA_ARGS__)) +#define fread(...) (pthread_testcancel(), fread(__VA_ARGS__)) +#define freopen(...) (pthread_testcancel(), freopen(__VA_ARGS__)) +#define fscanf(...) (pthread_testcancel(), fscanf(__VA_ARGS__)) +#define fseek(...) (pthread_testcancel(), fseek(__VA_ARGS__)) +#define fseeko(...) (pthread_testcancel(), fseeko(__VA_ARGS__)) +#define fsetpos(...) (pthread_testcancel(), fsetpos(__VA_ARGS__)) +#define fstat(...) (pthread_testcancel(), fstat(__VA_ARGS__)) +#define ftell(...) (pthread_testcancel(), ftell(__VA_ARGS__)) +#define ftello(...) (pthread_testcancel(), ftello(__VA_ARGS__)) +#define ftw(...) (pthread_testcancel(), ftw(__VA_ARGS__)) +#define fwprintf(...) (pthread_testcancel(), fwprintf(__VA_ARGS__)) +#define fwrite(...) (pthread_testcancel(), fwrite(__VA_ARGS__)) +#define fwscanf(...) (pthread_testcancel(), fwscanf(__VA_ARGS__)) +#define getaddrinfo(...) (pthread_testcancel(), getaddrinfo(__VA_ARGS__)) +#define getc(...) (pthread_testcancel(), getc(__VA_ARGS__)) +#define getc_unlocked(...) (pthread_testcancel(), getc_unlocked(__VA_ARGS__)) +#define getchar(...) (pthread_testcancel(), getchar(__VA_ARGS__)) +#define getchar_unlocked(...) (pthread_testcancel(), getchar_unlocked(__VA_ARGS__)) +#define getcwd(...) (pthread_testcancel(), getcwd(__VA_ARGS__)) +#define getdate(...) (pthread_testcancel(), getdate(__VA_ARGS__)) +#define getgrent(...) (pthread_testcancel(), getgrent(__VA_ARGS__)) +#define getgrgid(...) (pthread_testcancel(), getgrgid(__VA_ARGS__)) +#define getgrgid_r(...) (pthread_testcancel(), getgrgid_r(__VA_ARGS__)) +#define gergrnam(...) (pthread_testcancel(), getgrnam(__VA_ARGS__)) +#define getgrnam_r(...) (pthread_testcancel(), getgrnam_r(__VA_ARGS__)) +#define gethostbyaddr(...) (pthread_testcancel(), gethostbyaddr(__VA_ARGS__)) +#define gethostbyname(...) (pthread_testcancel(), gethostbyname(__VA_ARGS__)) +#define gethostent(...) (pthread_testcancel(), gethostent(__VA_ARGS__)) +#define gethostid(...) (pthread_testcancel(), gethostid(__VA_ARGS__)) +#define gethostname(...) (pthread_testcancel(), gethostname(__VA_ARGS__)) +#define getlogin(...) (pthread_testcancel(), getlogin(__VA_ARGS__)) +#define getlogin_r(...) (pthread_testcancel(), getlogin_r(__VA_ARGS__)) +#define getnameinfo(...) (pthread_testcancel(), getnameinfo(__VA_ARGS__)) +#define getnetbyaddr(...) (pthread_testcancel(), getnetbyaddr(__VA_ARGS__)) +#define getnetbyname(...) (pthread_testcancel(), getnetbyname(__VA_ARGS__)) +#define getnetent(...) (pthread_testcancel(), getnetent(__VA_ARGS__)) +#define getopt(...) (pthread_testcancel(), getopt(__VA_ARGS__)) +#define getprotobyname(...) (pthread_testcancel(), getprotobyname(__VA_ARGS__)) +#define getprotobynumber(...) (pthread_testcancel(), getprotobynumber(__VA_ARGS__)) +#define getprotoent(...) (pthread_testcancel(), getprotoent(__VA_ARGS__)) +#define getpwent(...) (pthread_testcancel(), getpwent(__VA_ARGS__)) +#define getpwnam(...) (pthread_testcancel(), getpwnam(__VA_ARGS__)) +#define getpwnam_r(...) (pthread_testcancel(), getpwnam_r(__VA_ARGS__)) +#define getpwuid(...) (pthread_testcancel(), getpwuid(__VA_ARGS__)) +#define getpwuid_r(...) (pthread_testcancel(), getpwuid_r(__VA_ARGS__)) +#define gets(...) (pthread_testcancel(), gets(__VA_ARGS__)) +#define getservbyname(...) (pthread_testcancel(), getservbyname(__VA_ARGS__)) +#define getservbyport(...) (pthread_testcancel(), getservbyport(__VA_ARGS__)) +#define getservent(...) (pthread_testcancel(), getservent(__VA_ARGS__)) +#define getutxent(...) (pthread_testcancel(), getutxent(__VA_ARGS__)) +#define getutxid(...) (pthread_testcancel(), getutxid(__VA_ARGS__)) +#define getutxline(...) (pthread_testcancel(), getutxline(__VA_ARGS__)) +#undef getwc +#define getwc(...) (pthread_testcancel(), getwc(__VA_ARGS__)) +#undef getwchar +#define getwchar(...) (pthread_testcancel(), getwchar(__VA_ARGS__)) +#define getwd(...) (pthread_testcancel(), getwd(__VA_ARGS__)) +#define glob(...) (pthread_testcancel(), glob(__VA_ARGS__)) +#define iconv_close(...) (pthread_testcancel(), iconv_close(__VA_ARGS__)) +#define iconv_open(...) (pthread_testcancel(), iconv_open(__VA_ARGS__)) +#define ioctl(...) (pthread_testcancel(), ioctl(__VA_ARGS__)) +#define link(...) (pthread_testcancel(), link(__VA_ARGS__)) +#define localtime(...) (pthread_testcancel(), localtime(__VA_ARGS__)) +#define lseek(...) (pthread_testcancel(), lseek(__VA_ARGS__)) +#define lstat(...) (pthread_testcancel(), lstat(__VA_ARGS__)) +#define mkstemp(...) (pthread_testcancel(), mkstemp(__VA_ARGS__)) +#define nftw(...) (pthread_testcancel(), nftw(__VA_ARGS__)) +#define opendir(...) (pthread_testcancel(), opendir(__VA_ARGS__)) +#define openlog(...) (pthread_testcancel(), openlog(__VA_ARGS__)) +#define pathconf(...) (pthread_testcancel(), pathconf(__VA_ARGS__)) +#define pclose(...) (pthread_testcancel(), pclose(__VA_ARGS__)) +#define perror(...) (pthread_testcancel(), perror(__VA_ARGS__)) +#define popen(...) (pthread_testcancel(), popen(__VA_ARGS__)) +#define posix_fadvise(...) (pthread_testcancel(), posix_fadvise(__VA_ARGS__)) +#define posix_fallocate(...) (pthread_testcancel(), posix_fallocate(__VA_ARGS__)) +#define posix_madvise(...) (pthread_testcancel(), posix_madvise(__VA_ARGS__)) +#define posix_openpt(...) (pthread_testcancel(), posix_openpt(__VA_ARGS__)) +#define posix_spawn(...) (pthread_testcancel(), posix_spawn(__VA_ARGS__)) +#define posix_spawnp(...) (pthread_testcancel(), posix_spawnp(__VA_ARGS__)) +#define posix_trace_clear(...) (pthread_testcancel(), posix_trace_clear(__VA_ARGS__)) +#define posix_trace_close(...) (pthread_testcancel(), posix_trace_close(__VA_ARGS__)) +#define posix_trace_create(...) (pthread_testcancel(), posix_trace_create(__VA_ARGS__)) +#define posix_trace_create_withlog(...) (pthread_testcancel(), posix_trace_create_withlog(__VA_ARGS__)) +#define posix_trace_eventtypelist_getne(...) (pthread_testcancel(), posix_trace_eventtypelist_getne(__VA_ARGS__)) +#define posix_trace_eventtypelist_rewin(...) (pthread_testcancel(), posix_trace_eventtypelist_rewin(__VA_ARGS__)) +#define posix_trace_flush(...) (pthread_testcancel(), posix_trace_flush(__VA_ARGS__)) +#define posix_trace_get_attr(...) (pthread_testcancel(), posix_trace_get_attr(__VA_ARGS__)) +#define posix_trace_get_filter(...) (pthread_testcancel(), posix_trace_get_filter(__VA_ARGS__)) +#define posix_trace_get_status(...) (pthread_testcancel(), posix_trace_get_status(__VA_ARGS__)) +#define posix_trace_getnext_event(...) (pthread_testcancel(), posix_trace_getnext_event(__VA_ARGS__)) +#define posix_trace_open(...) (pthread_testcancel(), posix_trace_open(__VA_ARGS__)) +#define posix_trace_rewind(...) (pthread_testcancel(), posix_trace_rewind(__VA_ARGS__)) +#define posix_trace_setfilter(...) (pthread_testcancel(), posix_trace_setfilter(__VA_ARGS__)) +#define posix_trace_shutdown(...) (pthread_testcancel(), posix_trace_shutdown(__VA_ARGS__)) +#define posix_trace_timedgetnext_event(...) (pthread_testcancel(), posix_trace_timedgetnext_event(__VA_ARGS__)) +#define posix_typed_mem_open(...) (pthread_testcancel(), posix_typed_mem_open(__VA_ARGS__)) +#define printf(...) (pthread_testcancel(), printf(__VA_ARGS__)) +#define putc(...) (pthread_testcancel(), putc(__VA_ARGS__)) +#define putc_unlocked(...) (pthread_testcancel(), putc_unlocked(__VA_ARGS__)) +#define putchar(...) (pthread_testcancel(), putchar(__VA_ARGS__)) +#define putchar_unlocked(...) (pthread_testcancel(), putchar_unlocked(__VA_ARGS__)) +#define puts(...) (pthread_testcancel(), puts(__VA_ARGS__)) +#define pututxline(...) (pthread_testcancel(), pututxline(__VA_ARGS__)) +#undef putwc +#define putwc(...) (pthread_testcancel(), putwc(__VA_ARGS__)) +#undef putwchar +#define putwchar(...) (pthread_testcancel(), putwchar(__VA_ARGS__)) +#define readdir(...) (pthread_testcancel(), readdir(__VA_ARSG__)) +#define readdir_r(...) (pthread_testcancel(), readdir_r(__VA_ARGS__)) +#define remove(...) (pthread_testcancel(), remove(__VA_ARGS__)) +#define rename(...) (pthread_testcancel(), rename(__VA_ARGS__)) +#define rewind(...) (pthread_testcancel(), rewind(__VA_ARGS__)) +#define rewinddir(...) (pthread_testcancel(), rewinddir(__VA_ARGS__)) +#define scanf(...) (pthread_testcancel(), scanf(__VA_ARGS__)) +#define seekdir(...) (pthread_testcancel(), seekdir(__VA_ARGS__)) +#define semop(...) (pthread_testcancel(), semop(__VA_ARGS__)) +#define setgrent(...) (pthread_testcancel(), setgrent(__VA_ARGS__)) +#define sethostent(...) (pthread_testcancel(), sethostemt(__VA_ARGS__)) +#define setnetent(...) (pthread_testcancel(), setnetent(__VA_ARGS__)) +#define setprotoent(...) (pthread_testcancel(), setprotoent(__VA_ARGS__)) +#define setpwent(...) (pthread_testcancel(), setpwent(__VA_ARGS__)) +#define setservent(...) (pthread_testcancel(), setservent(__VA_ARGS__)) +#define setutxent(...) (pthread_testcancel(), setutxent(__VA_ARGS__)) +#define stat(...) (pthread_testcancel(), stat(__VA_ARGS__)) +#define strerror(...) (pthread_testcancel(), strerror(__VA_ARGS__)) +#define strerror_r(...) (pthread_testcancel(), strerror_r(__VA_ARGS__)) +#define strftime(...) (pthread_testcancel(), strftime(__VA_ARGS__)) +#define symlink(...) (pthread_testcancel(), symlink(__VA_ARGS__)) +#define sync(...) (pthread_testcancel(), sync(__VA_ARGS__)) +#define syslog(...) (pthread_testcancel(), syslog(__VA_ARGS__)) +#define tmpfile(...) (pthread_testcancel(), tmpfile(__VA_ARGS__)) +#define tmpnam(...) (pthread_testcancel(), tmpnam(__VA_ARGS__)) +#define ttyname(...) (pthread_testcancel(), ttyname(__VA_ARGS__)) +#define ttyname_r(...) (pthread_testcancel(), ttyname_r(__VA_ARGS__)) +#define tzset(...) (pthread_testcancel(), tzset(__VA_ARGS__)) +#define ungetc(...) (pthread_testcancel(), ungetc(__VA_ARGS__)) +#define ungetwc(...) (pthread_testcancel(), ungetwc(__VA_ARGS__)) +#define unlink(...) (pthread_testcancel(), unlink(__VA_ARGS__)) +#define vfprintf(...) (pthread_testcancel(), vfprintf(__VA_ARGS__)) +#define vfwprintf(...) (pthread_testcancel(), vfwprintf(__VA_ARGS__)) +#define vprintf(...) (pthread_testcancel(), vprintf(__VA_ARGS__)) +#define vwprintf(...) (pthread_testcancel(), vwprintf(__VA_ARGS__)) +#define wcsftime(...) (pthread_testcancel(), wcsftime(__VA_ARGS__)) +#define wordexp(...) (pthread_testcancel(), wordexp(__VA_ARGS__)) +#define wprintf(...) (pthread_testcancel(), wprintf(__VA_ARGS__)) +#define wscanf(...) (pthread_testcancel(), wscanf(__VA_ARGS__)) +#endif + +/* We deal here with a gcc issue for posix threading on Windows. + We would need to change here gcc's gthr-posix.h header, but this + got rejected. So we deal it within this header. */ +#ifdef _GTHREAD_USE_MUTEX_INIT_FUNC +#undef _GTHREAD_USE_MUTEX_INIT_FUNC +#endif +#define _GTHREAD_USE_MUTEX_INIT_FUNC 1 + +#ifdef __cplusplus +} +#endif + +#endif /* WIN_PTHREADS_H */ diff --git a/ops/cookbooks/vendor/mingw/files/default/time.h b/ops/cookbooks/vendor/mingw/files/default/time.h new file mode 100644 index 0000000..1800b43 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/files/default/time.h @@ -0,0 +1,297 @@ +/* + * time.h + * + * Type definitions and function declarations relating to date and time. + * + * $Id: time.h,v ffe8d63c87e3 2015/05/18 12:49:39 keithmarshall $ + * + * Written by Rob Savoye + * Copyright (C) 1997-2007, 2011, 2015, MinGW.org Project. + * + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice, this permission notice, and the following + * disclaimer shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +#ifndef _TIME_H +#define _TIME_H + +/* All the headers include this file. */ +#include <_mingw.h> + +/* Number of clock ticks per second. A clock tick is the unit by which + * processor time is measured and is returned by 'clock'. + */ +#define CLOCKS_PER_SEC ((clock_t)(1000)) +#define CLK_TCK CLOCKS_PER_SEC + +#ifndef RC_INVOKED +/* + * Some elements declared in time.h may also be required by other + * header files, without necessarily including time.h itself; such + * elements are declared in the local parts/time.h system header file. + * Declarations for such elements must be selected prior to inclusion: + */ +#define __need_time_t +#define __need_struct_timespec +#include + +/* time.h is also required to duplicate the following type definitions, + * which are nominally defined in stddef.h + */ +#define __need_NULL +#define __need_wchar_t +#define __need_size_t +#include + +/* A type for measuring processor time in clock ticks; (no need to + * guard this, since it isn't defined elsewhere). + */ +typedef long clock_t; + +#ifndef _TM_DEFINED +/* + * A structure for storing all kinds of useful information about the + * current (or another) time. + */ +struct tm +{ + int tm_sec; /* Seconds: 0-59 (K&R says 0-61?) */ + int tm_min; /* Minutes: 0-59 */ + int tm_hour; /* Hours since midnight: 0-23 */ + int tm_mday; /* Day of the month: 1-31 */ + int tm_mon; /* Months *since* january: 0-11 */ + int tm_year; /* Years since 1900 */ + int tm_wday; /* Days since Sunday (0-6) */ + int tm_yday; /* Days since Jan. 1: 0-365 */ + int tm_isdst; /* +1 Daylight Savings Time, 0 No DST, + * -1 don't know */ +}; +#define _TM_DEFINED +#endif + +_BEGIN_C_DECLS + +_CRTIMP clock_t __cdecl __MINGW_NOTHROW clock (void); +#if __MSVCRT_VERSION__ < 0x0800 +_CRTIMP time_t __cdecl __MINGW_NOTHROW time (time_t*); +_CRTIMP double __cdecl __MINGW_NOTHROW difftime (time_t, time_t); +_CRTIMP time_t __cdecl __MINGW_NOTHROW mktime (struct tm*); +#endif + +/* + * These functions write to and return pointers to static buffers that may + * be overwritten by other function calls. Yikes! + * + * NOTE: localtime, and perhaps the others of the four functions grouped + * below may return NULL if their argument is not 'acceptable'. Also note + * that calling asctime with a NULL pointer will produce an Invalid Page + * Fault and crap out your program. Guess how I know. Hint: stat called on + * a directory gives 'invalid' times in st_atime etc... + */ +_CRTIMP char* __cdecl __MINGW_NOTHROW asctime (const struct tm*); +#if __MSVCRT_VERSION__ < 0x0800 +_CRTIMP char* __cdecl __MINGW_NOTHROW ctime (const time_t*); +_CRTIMP struct tm* __cdecl __MINGW_NOTHROW gmtime (const time_t*); +_CRTIMP struct tm* __cdecl __MINGW_NOTHROW localtime (const time_t*); +#endif + +_CRTIMP size_t __cdecl __MINGW_NOTHROW strftime (char*, size_t, const char*, const struct tm*); + +#ifndef __STRICT_ANSI__ + +extern _CRTIMP void __cdecl __MINGW_NOTHROW _tzset (void); + +#ifndef _NO_OLDNAMES +extern _CRTIMP void __cdecl __MINGW_NOTHROW tzset (void); +#endif + +_CRTIMP char* __cdecl __MINGW_NOTHROW _strdate(char*); +_CRTIMP char* __cdecl __MINGW_NOTHROW _strtime(char*); + +/* These require newer versions of msvcrt.dll (6.10 or higher). */ +#if __MSVCRT_VERSION__ >= 0x0601 +_CRTIMP __time64_t __cdecl __MINGW_NOTHROW _time64( __time64_t*); +_CRTIMP __time64_t __cdecl __MINGW_NOTHROW _mktime64 (struct tm*); +_CRTIMP char* __cdecl __MINGW_NOTHROW _ctime64 (const __time64_t*); +_CRTIMP struct tm* __cdecl __MINGW_NOTHROW _gmtime64 (const __time64_t*); +_CRTIMP struct tm* __cdecl __MINGW_NOTHROW _localtime64 (const __time64_t*); +#endif /* __MSVCRT_VERSION__ >= 0x0601 */ + +/* These require newer versions of msvcrt.dll (8.00 or higher). */ +#if __MSVCRT_VERSION__ >= 0x0800 +_CRTIMP __time32_t __cdecl __MINGW_NOTHROW _time32 (__time32_t*); +_CRTIMP double __cdecl __MINGW_NOTHROW _difftime32 (__time32_t, __time32_t); +_CRTIMP double __cdecl __MINGW_NOTHROW _difftime64 (__time64_t, __time64_t); +_CRTIMP __time32_t __cdecl __MINGW_NOTHROW _mktime32 (struct tm*); +_CRTIMP __time32_t __cdecl __MINGW_NOTHROW _mkgmtime32 (struct tm*); +_CRTIMP __time64_t __cdecl __MINGW_NOTHROW _mkgmtime64 (struct tm*); +_CRTIMP char* __cdecl __MINGW_NOTHROW _ctime32 (const __time32_t*); +_CRTIMP struct tm* __cdecl __MINGW_NOTHROW _gmtime32 (const __time32_t*); +_CRTIMP struct tm* __cdecl __MINGW_NOTHROW _localtime32 (const __time32_t*); +#ifndef _USE_32BIT_TIME_T +_CRTALIAS time_t __cdecl __MINGW_NOTHROW time (time_t* _v) { return(_time64 (_v)); } +_CRTALIAS double __cdecl __MINGW_NOTHROW difftime (time_t _v1, time_t _v2) { return(_difftime64 (_v1,_v2)); } +_CRTALIAS time_t __cdecl __MINGW_NOTHROW mktime (struct tm* _v) { return(_mktime64 (_v)); } +_CRTALIAS time_t __cdecl __MINGW_NOTHROW _mkgmtime (struct tm* _v) { return(_mkgmtime64 (_v)); } +_CRTALIAS char* __cdecl __MINGW_NOTHROW ctime (const time_t* _v) { return(_ctime64 (_v)); } +_CRTALIAS struct tm* __cdecl __MINGW_NOTHROW gmtime (const time_t* _v) { return(_gmtime64 (_v)); } +_CRTALIAS struct tm* __cdecl __MINGW_NOTHROW localtime (const time_t* _v) { return(_localtime64 (_v)); } +#else +_CRTALIAS time_t __cdecl __MINGW_NOTHROW time (time_t* _v) { return(_time32 (_v)); } +_CRTALIAS double __cdecl __MINGW_NOTHROW difftime (time_t _v1, time_t _v2) { return(_difftime32 (_v1,_v2)); } +_CRTALIAS time_t __cdecl __MINGW_NOTHROW mktime (struct tm* _v) { return(_mktime32 (_v)); } +_CRTALIAS time_t __cdecl __MINGW_NOTHROW _mkgmtime (struct tm* _v) { return(_mkgmtime32 (_v)); } +_CRTALIAS char* __cdecl __MINGW_NOTHROW ctime (const time_t* _v) { return(_ctime32 (_v)); } +_CRTALIAS struct tm* __cdecl __MINGW_NOTHROW gmtime (const time_t* _v) { return(_gmtime32 (_v)); } +_CRTALIAS struct tm* __cdecl __MINGW_NOTHROW localtime (const time_t* _v) { return(_localtime32 (_v)); } +#endif /* !_USE_32BIT_TIME_T */ +#endif /* __MSVCRT_VERSION__ >= 0x0800 */ + +/* _daylight: non zero if daylight savings time is used. + * _timezone: difference in seconds between GMT and local time. + * _tzname: standard/daylight savings time zone names (an array with two + * elements). + */ +#ifdef __MSVCRT__ + +/* These are for compatibility with pre-VC 5.0 suppied MSVCRT. */ +extern _CRTIMP int* __cdecl __MINGW_NOTHROW __p__daylight (void); +extern _CRTIMP long* __cdecl __MINGW_NOTHROW __p__timezone (void); +extern _CRTIMP char** __cdecl __MINGW_NOTHROW __p__tzname (void); + +__MINGW_IMPORT int _daylight; +__MINGW_IMPORT long _timezone; +__MINGW_IMPORT char *_tzname[2]; + +#else /* not __MSVCRT (ie. crtdll) */ + +#ifndef __DECLSPEC_SUPPORTED + +extern int* _imp___daylight_dll; +extern long* _imp___timezone_dll; +extern char** _imp___tzname; + +#define _daylight (*_imp___daylight_dll) +#define _timezone (*_imp___timezone_dll) +#define _tzname (*_imp___tzname) + +#else /* __DECLSPEC_SUPPORTED */ + +__MINGW_IMPORT int _daylight_dll; +__MINGW_IMPORT long _timezone_dll; +__MINGW_IMPORT char* _tzname[2]; + +#define _daylight _daylight_dll +#define _timezone _timezone_dll + +#endif /* __DECLSPEC_SUPPORTED */ +#endif /* ! __MSVCRT__ */ +#endif /* ! __STRICT_ANSI__ */ + +#ifndef _NO_OLDNAMES +#ifdef __MSVCRT__ + +/* These go in the oldnames import library for MSVCRT. + */ +__MINGW_IMPORT int daylight; +__MINGW_IMPORT long timezone; +__MINGW_IMPORT char *tzname[2]; + +#else /* ! __MSVCRT__ */ +/* + * CRTDLL is royally messed up when it comes to these macros. + * TODO: import and alias these via oldnames import library instead + * of macros. + */ +#define daylight _daylight +/* + * NOTE: timezone not defined as a macro because it would conflict with + * struct timezone in sys/time.h. Also, tzname used to a be macro, but + * now it's in moldname. + */ +__MINGW_IMPORT char *tzname[2]; + +#endif /* ! __MSVCRT__ */ +#endif /* ! _NO_OLDNAMES */ + +#ifndef _WTIME_DEFINED +/* wide function prototypes, also declared in wchar.h */ +#ifndef __STRICT_ANSI__ +#ifdef __MSVCRT__ +_CRTIMP wchar_t* __cdecl __MINGW_NOTHROW _wasctime(const struct tm*); +#if __MSVCRT_VERSION__ < 0x0800 +_CRTIMP wchar_t* __cdecl __MINGW_NOTHROW _wctime(const time_t*); +#endif +_CRTIMP wchar_t* __cdecl __MINGW_NOTHROW _wstrdate(wchar_t*); +_CRTIMP wchar_t* __cdecl __MINGW_NOTHROW _wstrtime(wchar_t*); +#if __MSVCRT_VERSION__ >= 0x0601 +_CRTIMP wchar_t* __cdecl __MINGW_NOTHROW _wctime64 (const __time64_t*); +#endif +#if __MSVCRT_VERSION__ >= 0x0800 +_CRTIMP wchar_t* __cdecl __MINGW_NOTHROW _wctime32 (const __time32_t*); +#ifndef _USE_32BIT_TIME_T +_CRTALIAS wchar_t* __cdecl __MINGW_NOTHROW _wctime (const time_t* _v) { return(_wctime64 (_v)); } +#else +_CRTALIAS wchar_t* __cdecl __MINGW_NOTHROW _wctime (const time_t* _v) { return(_wctime32 (_v)); } +#endif +#endif /* __MSVCRT_VERSION__ >= 0x0800 */ +#endif /* __MSVCRT__ */ +#endif /* __STRICT_ANSI__ */ +_CRTIMP size_t __cdecl __MINGW_NOTHROW wcsftime (wchar_t*, size_t, const wchar_t*, const struct tm*); +#define _WTIME_DEFINED +#endif /* _WTIME_DEFINED */ + +_END_C_DECLS + +/* ------------------------------------------------------------------- + * CHEF PATCHES + * + * PROVIDE clock_gettime ETC. IN time.h FOR POSIX COMPLIANCE. + * + * This code was copied from the 64-bit TDM gcc compiler headers. It + * is here to allow certain libraries (like libxslt) to compile + * because they assume that they are only going to be built on a POSIX + * system. The C99 standards do not require that these functions be + * available but most POSIX systems provide them unless strict x-play + * compatibility is requested. + * + * On windows, configure could possibly identify that these functions + * are unavailable but since it tests for function availability to + * attempting to link a binary with said functions, these tests + * succeed with our TDM mingw runtime (because we indeed support these + * posix compatibility methods). Hence we pretend like we are a POSIX + * compliant system and export these methods. + */ + +/* POSIX 2008 says clock_gettime and timespec are defined in time.h header, + but other systems - like Linux, Solaris, etc - tend to declare such + recent extensions only if the following guards are met. */ +#if !defined(IN_WINPTHREAD) && \ + ((!defined(_STRICT_STDC) && !defined(__XOPEN_OR_POSIX)) || \ + (_POSIX_C_SOURCE > 2) || defined(__EXTENSIONS__)) +#include +#endif + +/* END OF CHEF PATCHES + * ------------------------------------------------------------------- + */ + +#endif /* ! RC_INVOKED */ +#endif /* ! _TIME_H: $RCSfile: time.h,v $: end of file */ diff --git a/ops/cookbooks/vendor/mingw/libraries/_helper.rb b/ops/cookbooks/vendor/mingw/libraries/_helper.rb new file mode 100644 index 0000000..4a90fa4 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/libraries/_helper.rb @@ -0,0 +1,38 @@ +# +# Cookbook:: mingw +# Library:: _helper +# +# Copyright:: 2016, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Mingw + module Helper + def win_friendly_path(path) + path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR || '\\') if path + end + + def archive_name(source) + url = ::URI.parse(source) + ::File.basename(::URI.unescape(url.path)) + end + + def tar_name(source) + aname = archive_name(source) + ::File.basename(aname, ::File.extname(aname)) + end + end +end + +Chef::Resource.send(:include, Mingw::Helper) diff --git a/ops/cookbooks/vendor/mingw/metadata.json b/ops/cookbooks/vendor/mingw/metadata.json new file mode 100644 index 0000000..b2cccf0 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/metadata.json @@ -0,0 +1 @@ +{"name":"mingw","version":"2.1.0","description":"Installs a mingw/msys based toolchain on windows","long_description":"# mingw Cookbook\n\n[![Cookbook Version](http://img.shields.io/cookbook/v/mingw.svg)][cookbook] [![Build Status](http://img.shields.io/travis/chef-cookbooks/mingw.svg?branch=master)][travis]\n\nInstalls a mingw/msys based compiler tools chain on windows. This is required for compiling C software from source.\n\n## Requirements\n\n### Platforms\n\n- Windows\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- seven_zip\n\n## Usage\n\nAdd this cookbook as a dependency to your cookbook in its `metadata.rb` and include the default recipe in one of your recipes.\n\n```ruby\n# metadata.rb\ndepends 'mingw'\n```\n\n```ruby\n# your recipe.rb\ninclude_recipe 'mingw::default'\n```\n\nUse the `msys2_package` resource in any recipe to fetch msys2 based packages. Use the `mingw_get` resource in any recipe to fetch mingw packages. Use the `mingw_tdm_gcc` resource to fetch a version of the TDM GCC compiler.\n\nBy default, you should prefer the msys2 packages as they are newer and better supported. C/C++ compilers on windows use various different exception formats and you need to pick the right one for your task. In the 32-bit world, you have SJLJ (set-jump/long-jump) based exception handling and DWARF-2 (shortened to DW2) based exception handling. SJLJ produces code that can happily throw exceptions across stack frames of code compiled by MSVC. DW2 involves more extensive metadata but produces code that cannot unwind MSVC generated stack-frames - hence you need to ensure that you don't have any code that throws across a \"system call\". Certain languages and runtimes have specific requirements as to the exception format supported. As an example, if you are building code for Rust, you will probably need a modern gcc from msys2 with DW2 support as that's what the panic/exception formatter in Rust depends on. In a 64-bit world, you may still use SJLJ but compilers all commonly support SEH (structured exception handling).\n\nOf course, to further complicate matters, different versions of different compilers support different exception handling. The default compilers that come with mingw_get are 32-bit only compilers and support DW2\\. The TDM compilers come in 3 flavors: a 32-bit only version with SJLJ support, a 32-bit only version with DW2 support and a \"multilib\" compiler which supports only SJLJ in 32-bit mode but can produce 64-bit SEH code. The standard library support varies drastically between these various compiler flavors (even within the same version). In msys2, you can install a mingw-w64 based compilers for either 32-bit DW2 support or 64-bit SEH support. If all this hurts your brain, I can only apologize.\n\n## Resources\n\n### msys2_package\n\n- ':install' - Installs an msys2 package using pacman.\n- ':remove' - Uninstalls any existing msys2 package.\n- ':upgrade' - Upgrades the specified package using pacman.\n\nAll options also automatically attempt to install a 64-bit based msys2 base file system at the root path specified. Note that you probably won't need a \"32-bit\" msys2 unless you are actually on a 32-bit only platform. You can still install both 32 and 64-bit compilers and libraries in a 64-bit msys2 base file system.\n\n#### Attributes\n\n- `node['msys2']['url']` - overrides the url from which to download the package.\n- `node['msys2']['checksum']` - overrides the checksum used to verify the downloaded package.\n\n#### Parameters\n\n- `package` - An msys2 pacman package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys2 tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys2 developer tools in `C:\\msys2`\n\n```ruby\nmsys2_package 'base-devel' do\n root 'C:\\msys2'\nend\n```\n\n### mingw_get\n\n#### Actions\n\n- `:install` - Installs a mingw package from sourceforge using mingw-get.exe.\n- `:remove` - Uninstalls a mingw package.\n- `:upgrade` - Upgrades a mingw package (even to a lower version).\n\n#### Parameters\n\n- `package` - A mingw-get package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys and mingw tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys developer tools in `C:\\mingw32`\n\n```ruby\nmingw_get 'msys-base=2013072300-msys-bin.meta' do\n root 'C:\\mingw32'\nend\n```\n\n### mingw_tdm_gcc\n\n#### Actions\n\n- `:install` - Installs the TDM compiler toolchain at the given path. This only gives you a compiler. If you need any support tooling such as make/grep/awk/bash etc., see `mingw_get`.\n\n#### Parameters\n\n- `flavor` - Either `:sjlj_32` or `:seh_sjlj_64`. TDM-64 is a 32/64-bit multi-lib \"cross-compiler\" toolchain that builds 64-bit by default. It uses structured exception handling (SEH) in 64-bit code and setjump-longjump exception handling (SJLJ) in 32-bit code. TDM-32 only builds 32-bit binaries and uses SJLJ.\n- `root` - The root directory where compiler tools and runtime will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n- `version` - The version of the compiler to fetch and install. This is the name attribute. Currently, '5.1.0' is supported.\n\n#### Examples\n\nTo get the 32-bit TDM GCC compiler in `C:\\mingw32`\n\n```ruby\nmingw_tdm_gcc '5.1.0' do\n flavor :sjlj_32\n root 'C:\\mingw32'\nend\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n[cookbook]: https://supermarket.chef.io/cookbooks/mingw\n[travis]: http://travis-ci.org/chef-cookbooks/mingw\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"seven_zip":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/mingw","issues_url":"https://github.com/chef-cookbooks/mingw/issues","chef_version":[[">= 12.5"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/mingw/recipes/default.rb b/ops/cookbooks/vendor/mingw/recipes/default.rb new file mode 100644 index 0000000..33426f0 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/recipes/default.rb @@ -0,0 +1,19 @@ +# +# Cookbook:: mingw +# Recipe:: default +# +# Copyright:: 2016, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe 'seven_zip::default' diff --git a/ops/cookbooks/vendor/mingw/resources/get.rb b/ops/cookbooks/vendor/mingw/resources/get.rb new file mode 100644 index 0000000..bd77efe --- /dev/null +++ b/ops/cookbooks/vendor/mingw/resources/get.rb @@ -0,0 +1,56 @@ +# +# Cookbook:: mingw +# Resource:: get +# +# Copyright:: 2016, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Installs the core msys utilities needed for mingw/git/any other posix +# based toolchain at a desired location using mingw-get.exe. + +property :package, String, name_property: true +property :root, String, required: true + +resource_name :mingw_get + +action_class do + def mingw_do_action(action_cmd) + seven_zip_archive "fetching mingw-get to #{win_friendly_path(root)}" do + source 'http://iweb.dl.sourceforge.net/project/mingw/Installer/mingw-get/mingw-get-0.6.2-beta-20131004-1/mingw-get-0.6.2-mingw32-beta-20131004-1-bin.zip' + path root + checksum '2e0e9688d42adc68c5611759947e064156e169ff871816cae52d33ee0655826d' + not_if do + ::File.exist?(::File.join(root, 'bin/mingw-get.exe')) + end + end + + execute "performing #{action_cmd} for #{package}" do + command ".\\bin\\mingw-get.exe -v #{action_cmd} #{package}" + cwd root + end + end +end + +action :install do + mingw_do_action('install') +end + +action :upgrade do + mingw_do_action('upgrade') +end + +action :remove do + mingw_do_action('remove') +end diff --git a/ops/cookbooks/vendor/mingw/resources/msys2_package.rb b/ops/cookbooks/vendor/mingw/resources/msys2_package.rb new file mode 100644 index 0000000..ddad055 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/resources/msys2_package.rb @@ -0,0 +1,139 @@ +# +# Cookbook:: mingw +# Resource:: msys2_package +# +# Copyright:: 2016, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Installs msys2 base system and installs/upgrades packages within in. +# +# Where's the version flag? Where's idempotence you say? Well f*** you +# for trying to version your product. This is arch. They live on the edge. +# You never get anything but the latest version. And if that's broken... +# well that's your problem isn't it? And they don't believe in preserving +# older versions. Good luck! + +property :package, String, name_property: true +property :root, String, required: true + +resource_name :msys2_package + +action_class do + # + # Runs a command through a bash login shell made by our shim .bat file. + # The bash.bat file defaults %HOME% to #{root}/home/%USERNAME% and requests + # that the command be run in the current working directory. + # + def msys2_exec(comment, cmd) + f_root = win_friendly_path(root) + execute comment do + command ".\\bin\\bash.bat -c '#{cmd}'" + cwd f_root + live_stream true + environment('MSYSTEM' => 'MSYS') + end + end + + def msys2_init + cache_dir = ::File.join(root, '.cache') + f_cache_dir = win_friendly_path(cache_dir) + base_url = node['msys2']['url'] + base_checksum = node['msys2']['checksum'] + + unless ::File.exist?(::File.join(root, 'msys2.exe')) + seven_zip_archive "cache msys2 base to #{f_cache_dir}" do + source base_url + path f_cache_dir + checksum base_checksum + overwrite true + end + + seven_zip_archive "extract msys2 base archive to #{f_cache_dir}" do + source "#{f_cache_dir}\\#{tar_name(base_url)}" + path f_cache_dir + overwrite true + end + + ruby_block 'copy msys2 base files to root' do + block do + # Oh my god msys2 and pacman are picky as hell when it comes to + # updating core files. They use the mtime on certain files to + # determine if they need to updated or not and simply skip various + # steps otherwise. + ::FileUtils.cp_r(::Dir.glob("#{cache_dir}/msys64/*"), root, preserve: true) + end + end + end + + pacman_key_dir = ::File.join(root, 'etc/pacman.d/gnupg') + bin_dir = ::File.join(root, 'bin') + + directory win_friendly_path(bin_dir) + + cookbook_file win_friendly_path("#{bin_dir}/bash.bat") do + source 'bash.bat' + cookbook 'mingw' + end + + cookbook_file win_friendly_path(::File.join(root, 'custom-upgrade.sh')) do + source 'custom-upgrade.sh' + cookbook 'mingw' + end + + cookbook_file win_friendly_path(::File.join(root, 'etc/profile.d/custom_prefix.sh')) do + source 'custom_prefix.sh' + cookbook 'mingw' + end + + # $HOME is using files from /etc/skel. The home-directory creation step + # will automatically be performed if other users log in - so if you wish + # to globally modify user first time setup, edit /etc/skel or add + # "post-setup" steps to /etc/post-install/ + # The first-time init shell must be restarted and cannot be reused. + msys2_exec('msys2 first time init', 'exit') unless ::File.exist?(pacman_key_dir) + + # Update pacman and msys base packages. + if ::File.exist?(::File.join(root, 'usr/bin/update-core')) || !::File.exist?(::File.join(root, 'custom-upgrade.sh')) + msys2_exec('upgrade msys2 core', '/custom-upgrade.sh') + msys2_exec('upgrade msys2 core: part 2', 'pacman -Suu --noconfirm') + # Now we can actually upgrade everything ever. + msys2_exec('upgrade entire msys2 system: 1', 'pacman -Syuu --noconfirm') + # Might need to do it once more to pick up a few stragglers. + msys2_exec('upgrade entire msys2 system: 2', 'pacman -Syuu --noconfirm') + end + end + + def msys2_do_action(comment, action_cmd) + msys2_init + msys2_exec(comment, action_cmd) + end +end + +action :install do + msys2_do_action("installing #{package}", "pacman -S --needed --noconfirm #{package}") +end + +# Package name is ignored. This is arch. Why would you ever upgrade a single +# package and its deps? That'll just break everything else that ever depended +# on a different version of that dep. Because arch is wonderful like that. +# So you only get the choice to move everything to latest or not... it's the +# most agile development possible! +action :upgrade do + msys2_do_action("upgrading #{package}", "pacman -Syu --noconfirm #{package}") +end + +action :remove do + msys2_do_action("removing #{package}", "pacman -R --noconfirm #{package}") +end diff --git a/ops/cookbooks/vendor/mingw/resources/tdm_gcc.rb b/ops/cookbooks/vendor/mingw/resources/tdm_gcc.rb new file mode 100644 index 0000000..085eee3 --- /dev/null +++ b/ops/cookbooks/vendor/mingw/resources/tdm_gcc.rb @@ -0,0 +1,114 @@ +# +# Cookbook:: mingw +# Resource:: tdm_gcc +# +# Copyright:: 2016, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Installs a gcc based C/C++ compiler and runtime from TDM GCC. + +property :flavor, Symbol, is: [:sjlj_32, :seh_sjlj_64], default: :seh_sjlj_64 +property :root, String, required: true +property :version, String, is: ['5.1.0'], name_property: true + +resource_name :mingw_tdm_gcc + +tdm_gcc_64 = { + 'http://iweb.dl.sourceforge.net/project/tdm-gcc/TDM-GCC%205%20series/5.1.0-tdm64-1/gcc-5.1.0-tdm64-1-core.tar.lzma' => + '29393aac890847089ad1e93f81a28f6744b1609c00b25afca818f3903e42e4bd', + 'http://iweb.dl.sourceforge.net/project/tdm-gcc/MinGW-w64%20runtime/GCC%205%20series/mingw64runtime-v4-git20150618-gcc5-tdm64-1.tar.lzma' => + '29186e0bb36824b10026d78bdcf238d631d8fc1d90718d2ebbd9ec239b6f94dd', + 'http://iweb.dl.sourceforge.net/project/tdm-gcc/GNU%20binutils/binutils-2.25-tdm64-1.tar.lzma' => + '4722bb7b4d46cef714234109e25e5d1cfd29f4e53365b6d615c8a00735f60e40', + 'http://iweb.dl.sourceforge.net/project/tdm-gcc/TDM-GCC%205%20series/5.1.0-tdm64-1/gcc-5.1.0-tdm64-1-c%2B%2B.tar.lzma' => + '17fd497318d1ac187a113e8665330d746ad9607a0406ab2374db0d8e6f4094d1', +} + +tdm_gcc_32 = { + 'http://iweb.dl.sourceforge.net/project/tdm-gcc/TDM-GCC%205%20series/5.1.0-tdm-1%20SJLJ/gcc-5.1.0-tdm-1-core.tar.lzma' => + '9199e6ecbce956ff4704b52098beb38e313176ace610285fb93758a08752870e', + 'http://iweb.dl.sourceforge.net/project/tdm-gcc/TDM-GCC%205%20series/5.1.0-tdm-1%20SJLJ/gcc-5.1.0-tdm-1-c%2B%2B.tar.lzma' => + '19fe46819ce43531d066b438479300027bbf06da57e8a10be5100466f80c28fc', +} + +action :install do + cache_dir = ::File.join(root, '.cache') + f_root = win_friendly_path(root) + + if flavor == :sjlj_32 + [ + 'binutils-bin=2.25.1', + 'libintl-dll=0.18.3.2', + 'mingwrt-dll=3.21.1', + 'mingwrt-dev=3.21.1', + 'w32api-dev=3.17', + ].each do |package_fragment| + mingw_get "install #{package_fragment} at #{f_root}" do + package "mingw32-#{package_fragment}-*" + root new_resource.root + end + end + end + + to_fetch = + case flavor + when :sjlj_32 + tdm_gcc_32 + when :seh_sjlj_64 + tdm_gcc_64 + else + raise "Unknown flavor: #{flavor}" + end + + to_fetch.each do |url, hash| + seven_zip_archive "cache #{archive_name(url)} to #{win_friendly_path(cache_dir)}" do + source url + path cache_dir + checksum hash + overwrite true + end + + seven_zip_archive "extract #{tar_name(url)} to #{f_root}" do + source ::File.join(cache_dir, tar_name(url)) + path root + overwrite true + end + end + + # Patch time.h headers for compatibility with winpthreads. + # These patches were made for binutils 2.25.1 for 32-bit TDM GCC only. + if flavor == :sjlj_32 + include_dir = win_friendly_path(::File.join(root, 'include')) + cookbook_file "#{include_dir}\\pthread.h" do + cookbook 'mingw' + source 'pthread.h' + end + + cookbook_file "#{include_dir}\\time.h" do + cookbook 'mingw' + source 'time.h' + end + end +end + +def archive_name(source) + url = ::URI.parse(source) + ::File.basename(::URI.unescape(url.path)) +end + +def tar_name(source) + aname = archive_name(source) + ::File.basename(aname, ::File.extname(aname)) +end diff --git a/ops/cookbooks/vendor/mysql/.foodcritic b/ops/cookbooks/vendor/mysql/.foodcritic new file mode 100644 index 0000000..913f038 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/.foodcritic @@ -0,0 +1 @@ +~FC005 diff --git a/ops/cookbooks/vendor/mysql/CHANGELOG.md b/ops/cookbooks/vendor/mysql/CHANGELOG.md new file mode 100644 index 0000000..92291b9 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/CHANGELOG.md @@ -0,0 +1,692 @@ +# mysql Cookbook CHANGELOG + +This file is used to list changes made in each version of the mysql cookbook. + +## 8.5.1 (2017-08-23) + +- Fix the remainder of the namespace collision deprecation warnings +- Remove the class_eval in the action class as this causes issues with some releases of Chef 12 + +## 8.5.0 (2017-08-23) + +- Require Chef 12.7+ since 12.5/12.6 has custom resource action_class issues +- Resolve several Chef 14 deprecation warnings + +## 8.4.0 (2017-05-30) + +- Fix client/server install on Amazon Linux and add testing +- Remove support for Ubuntu Precise since it's EOL +- Add Amazon Linux testing + +## 8.3.1 (2017-04-04) + +- Fix an ignoring of 'cookbook' attribute by 'mysql_config' resource +- Remove unused helper method +- Call out the supported platform versions in the metadata +- Switch to Delivery Local and rename the docked config +- Remove mention of the EOL opensuse 13.x in the readme + +## 8.3.0 (2017-03-20) +- Refactor mysql_service_manager_upstart.rb to eliminate use of cloned resource + +## 8.2.0 (2016-12-03) + +- Include client development packages on RHEL/SUSE platforms + +## 8.1.1 (2016-10-31) +- Fixing CVE-2016-6662 - Reverting execure bit on mysql config + +## 8.1.0 (2016-10-29) + +- Drop hardcoded, specific package version logic that broke many users + +## 8.0.4 (2016-09-26) +- Bump debian version +- Updated packages for 12.04 and 14.04 too +- Add chef_version metadata +- Update platforms in the kitchen file +- Add selinux to the Berksfile for testing +- Make sure yum repos are setup in local Test Kitchen + +## 8.0.3 (2016-09-14) +- [GH-390] Fix #390 incorrect escaping of initial_root_password +- Updated package versions for Ubuntu 16.04 +- Testing updates + +# v8.0.2 (2016-08-25) +- Various bug fixed and updates to package version strings + +# v8.0.1 (2016-07-20) +- Fixed a regression in the mysql_client resource where the action was changed from create to install in the 8.0 release +- Added oracle, opensuse, and opensuseleap as supported platforms in the metadata + +# v8.0.0 (2016-07-11) + +- Converting from LWRP to custom resources +- Removing yum-mysql and other dependencies. +- ^ BREAKING CHANGE: RHELish users are now responsible + for including a recipe from the "yum-mysql" or equivalent + cookbook before utilizing the mysql_* resources. +- More thoughtful ChefSpec +- Renaming "replication" test suite to "smoke" +- Moving to Inspec + +## v7.2.0 (2016-06-30) + +- Support openeSUSE leap +- Support Fedora 24 + +## v7.1.2 (2016-06-30) + +- Avoid deprecation warnings on the upcoming Chef 12.12 release + +## v7.1.1 (2016-06-03) + +- Fix apparmor blocking writes to non-default tmp_dirs +- Updated apparmor config to allow read & write to sock.lock file +- Use cookstyle instead of Rubocop directly + +## v7.1.0 (2016-05-11) + +- Added support for Ubuntu 16.04 + +## v7.0.0 (2016-04-19) + +- Removed support for legacy distros: Ubuntu 10.04/13.04/14.10/15.04, Fedora 20/21, OmniOS r151006, opensuse 11.3/12.0 +- Added support for Fedora 23, suse 13.X, and Ubuntu 16.04 +- Updated the systemd support to create unit files in /etc/systemd and not /usr/lib/systemd +- Adding umask to bash resource that sets root password PR #386 @gziskind +- Cleaned up the Test Kitchen config to test the right platform version + mysql pairings +- Added Travis CI Test Kitchen testing on Fedora 22/23 and removed Fedora 21 +- Updated the platforms used in the specs + +## v6.1.3 (2016-03-14) + +- Added support for Ubuntu 15.10 +- Added support for Amazon Linux 2016-03 +- Updated Kitchen testing configs + +## v6.1.2 (2015-10-05) + +- Added support for Amazon Linux 2015.09 + +## v6.1.1 (2015-09-24) + +- Completing ChefSpec matchers + +## v6.1.0 (2015-07-17) + +- Adding tunables for tmp_dir, error_log, and pid_file +- Adding mysqld_options hash interface for main my.cnf template + +## v6.0.31 (2015-07-13) + +- Reverting create_stop_system_service checks + +## v6.0.30 (2015-07-13) + +- Ubuntu 15.04 support +- Check for scripts and unit files during create_stop_system_service + +## v6.0.29 (2015-07-12) + +- Patch to allow blank root password +- Adding package information for Suse 12.0 + +## v6.0.28 (2015-07-10) + +- Fixes for 12.4.x + +## v6.0.27 (2015-07-09) + +- Allowing integer value for port number + +## v6.0.26 (2015-07-07) + +- Reverting breaking changes introduced in 6.0.25 + +## v6.0.25 (2015-07-06) + +- Fixes for 12.4.1 + +## v6.0.24 (2015-06-27) + +- 341 - Changing default GRANT for root from '%' to 'localhost' and '127.0.0.1' + +## v6.0.23 (2015-06-21) + +- 354 Better handling of long MySQL startup times + +## v6.0.22 (2015-05-07) + +- Debian 8 (Jessie) support + +## v6.0.21 (2015-04-08) + +- Fix to Upstart prestart script when using custom socket +- Adding --explicit_defaults_for_timestamp mysql_install_db_cmd for +- 5.6 and above + +## v6.0.20 (2015-03-27) + +- 318 - Fixing Upstart pre-start script to handle custom socket paths + +## v6.0.19 (2015-03-25) + +- Adding support for Amazon Linux 2015.03 + +## v6.0.18 (2015-03-24) + +- Adding support for 5.6 and 5.7 packages from dotdeb repos on Debian 7 + +## v6.0.17 (2015-03-13) + +- Updated for MySQL 5.7.6. +- Handing removal of mysql_install_db and mysqld_safe + +## v6.0.16 (2015-03-10) + +- Moved --defaults-file as first option to mysql_install_db_script + +## v6.0.15 (2015-02-26) + +- Updating docker detection fix to pass specs + +## v6.0.14 (2015-02-26) + +- Fixed debian system service :disable action. Now survives reboot +- Fixing centos-7 instance :enable action. Now survives +- Not applying Apparmor policy if running in a Docker container + +## v6.0.13 (2015-02-15) + +- Adding support for special characters in initial_root_password +- Fixing failure status bug in sysvinit script + +## v6.0.12 (2015-02-30) + +- No changes. Released a 6.0.11 that was identical to 6.0.10. +- Git before coffee. + +## v6.0.11 (2015-02-30) + +- Adding support for configurable socket files + +## v6.0.10 (2015-01-19) + +- Fix #282 - Fixing up data_dir template variable + +## v6.0.9 (2015-01-19) + +- Fix #282 - undefined method `parsed_data_dir' bug + +## v6.0.8 (2015-01-19) + +- Refactoring helper methods out of resource classes + +## v6.0.7 (2015-01-14) + +- Fixing timing issue with Upstart provider :restart and :reload +- actions where service returns before being available + +## v6.0.6 (2014-12-26) + +- Fixing subtle bug where MysqlCookbook::Helper methods were polluting Chef::Resource + +## v6.0.5 (2014-12-25) + +- Using 'include_recipe' instead of 'recipe_eval' in LWRP +- Fixing type checking on package_name attribute in mysql_client resource. + +## v6.0.4 (2014-12-21) + +- Suggest available versions if current is not available for current platform. + +## v6.0.3 (2014-12-17) + +- Adding bind_address parameter to mysql_service resource + +## v6.0.2 (2014-12-17) + +- Fixing sysvinit provider to survive reboots + +## v6.0.1 (2014-12-16) + +- Fixing Upstart template to survive reboots + +## v6.0.0 (2014-12-15) + +- Major version update +- Cookbook now provides LWRPs instead of recipes +- Platform providers re-factored into init system providers +- Separated :create and :start actions for use in recipes that build containers +- mysql_service now supports multiple instances on the same machine +- mysql_service no longer attempts to manage user records +- Removal of debian-sys-maint +- Unified Sysvinit script that works on all platforms +- mysql_config resource introduced +- mysql_client fixed up +- Refactored acceptance tests +- Temporarily dropped FreeBSD support + +## v5.6.1 (2014-10-29) + +- Use Gem::Version instead of Chef::Version + +## v5.6.0 (2014-10-29) + +- Changing default charset to utf8 +- Quoting passwords in debian.cnf.erb +- Amazon 2014.09 support +- Ubuntu 14.10 support +- Only hide passwords from STDOUT via "sensitive true" in chef-client higher than 11.14 +- Updating test harness + +## v5.5.4 (2014-10-07) + +- Adding sensitive flag to execute resources to protect passwords from logs + +## v5.5.3 (2014-09-24) + +- Reverting back to Upstart on Ubuntu 14.04 + +## v5.5.2 (2014-09-8) + +- Reverting commit that broke Debian pass_string + +## v5.5.1 (2014-09-2) + +- Switching Ubuntu service provider to use SysVinit instead of Upstart + +## v5.5.0 (2014-08-27) + +- Adding package version and action parameters to mysql_service resource +- Fixing Debian pass_string + +## v5.4.4 (2014-08-27) + +- Changing module namespace to MysqlCookbook + +## v5.4.3 (2014-08-25) + +- More refactoring. Moving helper function bits into resource parsed_parameters + +## v5.4.2 (2014-08-25) + +- Moving provider local variables into definitions for RHEL provider + +## v5.4.1 (2014-08-25) + +- Refactoring resources into the LWRP style with parsed parameters +- Moving provider local variables into definitions + +## v5.4.0 (2014-08-25) + +- 212 - support for centos-7 (mysql55 and mysql56) +- Adding (untested) Debian-6 support +- Adding Suse support to metadata.rb +- Adding ability to change MySQL root password +- Added libmysqlclient-devel package to SuSE client provider +- Appeasing AppArmor +- Reducing duplication in client provider + +## v5.3.6 (2014-06-18) + +- Fixing pid path location. Updating tests to include real RHEL + +## v5.3.4 (2014-06-16) + +- Fixing specs for Amazon Linux server package names + +## v5.3.2 (2014-06-16) + +- Fixing Amazon Linux support + +## v5.3.0 (2014-06-11) + +- 189 - Fix server_repl_password description +- 191 - Adding support for server55 and server56 on el-6 +- 193 - Fix syntax in mysql_service example +- 199 - Adding Suse support + +## v5.2.12 (2014-05-19) + +PR #192 - recipes/server.rb should honor parameter node['mysql']['version'] + +## v5.2.10 (2014-05-15) + +- COOK-4394 - restore freebsd support + +## v5.2.8 (2014-05-15) + +- [COOK-4653] - Missing mySQL 5.6 support for Ubuntu 14.04 + +## v5.2.6 (2014-05-07) + +- [COOK-4625] - Fix password resource parameter consumption on Debian and Ubuntu +- Fix up typos and version numbers in PLATFORMS.md +- Fix up specs from COOK-4613 changes + +## v5.2.4 (2014-05-02) + +- [COOK-4613] - Fix permissions on mysql data_dir to allow global access to mysql.sock + +## v5.2.2 (2014-04-24) + +- [COOK-4564] - Using positive tests for datadir move + +## v5.2.0 (2014-04-22) + +- [COOK-4551] - power grants.sql from resource parameters + +## v5.1.12 (2014-04-21) + +- [COOK-4554] - Support for Debian Sid + +## v5.1.10 (2014-04-21) + +- [COOK-4565] Support for Ubuntu 14.04 +- [COOK-4565] Adding Specs and TK platform +- Removing non-LTS 13.10 specs and TK platform + +## v5.1.8 (2014-04-12) + +Adding Ubuntu 13.04 to Platforminfo + +## v5.1.6 (2014-04-11) + +- [COOK-4548] - Add template[/etc/mysql/debian.cnf] to Ubuntu provider + +## v5.1.4 (2014-04-11) + +- [COOK-4547] - Shellescape server_root_password + +## v5.1.2 (2014-04-09) + +- [COOK-4519] - Fix error in run_dir for Ubuntu +- [COOK-4531] - Fix pid and run_dir for Debian + +## v5.1.0 (2014-04-08) + +[COOK-4523] - Allow for both :restart and :reload + +## v5.0.6 (2014-04-07) + +- [COOK-4519] - Updating specs to reflect pid file change on Ubuntu + +## v5.0.4 (2014-04-07) + +- [COOK-4519] - Fix path to pid file on Ubuntu + +## v5.0.2 (2014-04-01) + +- Moving server_deprecated into recipes directory + +## v5.0.0 (2014-03-31) + +- Rewriting as a library cookbook +- Exposing mysql_service and mysql_client resources +- User now needs to supply configuration +- Moving attribute driven recipe to server-deprecated + +## v4.1.2 (2014-02-28) + +- [COOK-4349] - Fix invalid platform check +- [COOK-4184] - Better handling of Ubuntu upstart service +- [COOK-2100] - Changing innodb_log_file_size tunable results in inability to start MySQL + +## v4.1.1 (2014-02-25) + +- **[COOK-2966] - Address foodcritic failures' +- **[COOK-4182] - Template parse failure in /etc/init/mysql.conf (data_dir)' +- **[COOK-4198] - Added missing tunable' +- **[COOK-4206] - create root@127.0.0.1, as well as root@localhost' + +## v4.0.20 (2014-01-18) + +- [COOK-3931] - MySQL Server Recipe Regression for Non-LTS Ubuntu Versions +- [COOK-3945] - MySQL cookbook fails on Ubuntu 13.04/13.10 +- [COOK-3966] - mysql::server recipe can't find a template with debian 7.x +- [COOK-3985] - Missing /etc/mysql/debian.cnf template on mysql::_server_debian.rb recipe (mysql 4.0.4) +- [COOK-3974] - debian.cnf not updated +- [COOK-4001] - Pull request: Fixes for broken mysql::server on Debian +- [COOK-4071] - Mysql cookbook doesn't work on debian 7.2 + +## v4.0.14 + +Fixing style cops + +## v4.0.12 + +### Bug + +- **[COOK-4068](https://tickets.chef.io/browse/COOK-4068)** - rework MySQL Windows recipe + +### Improvement + +- **[COOK-3801](https://tickets.chef.io/browse/COOK-3801)** - Add innodb_adaptive_flushing_method and innodb_adaptive_checkpoint + +## v4.0.10 + +fixing metadata version error. locking to 3.0 + +## v4.0.8 + +Locking yum dependency to '< 3' + +## v4.0.6 + +# Bug + +- [COOK-3943] Notifying service restart on grants update + +## v4.0.4 + +[COOK-3952] - Adding 'recursive true' to directory resources + +## v4.0.2 + +### BUGS + +- Adding support for Amazon Linux in attributes/server_rhel.rb +- Fixing bug where unprivileged users cannot connect over a local socket. Adding integration test. +- Fixing bug in mysql_grants_cmd generation + +## v4.0.0 + +- [COOK-3928] Heavily refactoring for readability. Moving platform implementation into separate recipes +- Moving integration tests from minitest to serverspec, removing "improper" tests +- Moving many attributes into the ['mysql']['server']['whatever'] namespace +- [COOK-3481] - Merged Lucas Welsh's Windows bits and moved into own recipe +- [COOK-3697] - Adding security hardening attributes +- [COOK-3780] - Fixing data_dir on Debian and Ubuntu +- [COOK-3807] - Don't use execute[assign-root-password] on Debian and Ubuntu +- [COOK-3881] - Fixing /etc being owned by mysql user + +## v3.0.12 + +### Bug + +- **[COOK-3752](https://tickets.chef.io/browse/COOK-3752)** - mysql service fails to start in mysql::server recipe + +## v3.0.10 + +- Fix a failed release attempt for v3.0.8 + +## v3.0.8 + +### Bug + +- **[COOK-3749](https://tickets.chef.io/browse/COOK-3749)** - Fix a regression with Chef 11-specific features + +## v3.0.6 + +### Bug + +- **[COOK-3674](https://tickets.chef.io/browse/COOK-3674)** - Fix an issue where the MySQL server fails to set the root password correctly when `data_dir` is a non-default value +- **[COOK-3647](https://tickets.chef.io/browse/COOK-3647)** - Fix README typo (databas => database) +- **[COOK-3477](https://tickets.chef.io/browse/COOK-3477)** - Fix log-queries-not-using-indexes not working +- **[COOK-3436](https://tickets.chef.io/browse/COOK-3436)** - Pull percona repo in compilation phase +- **[COOK-3208](https://tickets.chef.io/browse/COOK-3208)** - Fix README typo (LitenPort => ListenPort) +- **[COOK-3149](https://tickets.chef.io/browse/COOK-3149)** - Create my.cnf before installing +- **[COOK-2681](https://tickets.chef.io/browse/COOK-2681)** - Fix log_slow_queries for 5.5+ +- **[COOK-2606](https://tickets.chef.io/browse/COOK-2606)** - Use proper bind address on cloud providers + +### Improvement + +- **[COOK-3498](https://tickets.chef.io/browse/COOK-3498)** - Add support for replicate_* variables in my.cnf + +## v3.0.4 + +### Bug + +- **[COOK-3310](https://tickets.chef.io/browse/COOK-3310)** - Fix missing `GRANT` option +- **[COOK-3233](https://tickets.chef.io/browse/COOK-3233)** - Fix escaping special characters +- **[COOK-3156](https://tickets.chef.io/browse/COOK-3156)** - Fix GRANTS file when `remote_root_acl` is specified +- **[COOK-3134](https://tickets.chef.io/browse/COOK-3134)** - Fix Chef 11 support +- **[COOK-2318](https://tickets.chef.io/browse/COOK-2318)** - Remove redundant `if` block around `node.mysql.tunable.log_bin` + +## v3.0.2 + +### Bug + +- [COOK-2158]: apt-get update is run twice at compile time +- [COOK-2832]: mysql grants.sql file has errors depending on attrs +- [COOK-2995]: server.rb is missing a platform_family comparison value + +### Sub-task + +- [COOK-2102]: `innodb_flush_log_at_trx_commit` value is incorrectly set based on CPU count + +## v3.0.0 + +**Note** This is a backwards incompatible version with previous versions of the cookbook. Tickets that introduce incompatibility are COOK-2615 and COOK-2617. + +- [COOK-2478] - Duplicate 'read_only' server attribute in base and tunable +- [COOK-2471] - Add tunable to set slave_compressed_protocol for reduced network traffic +- [COOK-1059] - Update attributes in mysql cookbook to support missing options for my.cnf usable by Percona +- [COOK-2590] - Typo in server recipe to do with conf_dir and confd_dir +- [COOK-2602] - Add `lower_case_table_names` tunable +- [COOK-2430] - Add a tunable to create a network ACL when allowing `remote_root_access` +- [COOK-2619] - mysql: isamchk deprecated +- [COOK-2515] - Better support for SUSE distribution for mysql cookbook +- [COOK-2557] - mysql::percona_repo attributes missing and key server typo +- [COOK-2614] - Duplicate `innodb_file_per_table` +- [COOK-2145] - MySQL cookbook should remove anonymous and password less accounts +- [COOK-2553] - Enable include directory in my.cnf template for any platform +- [COOK-2615] - Rename `key_buffer` to `key_buffer_size` +- [COOK-2626] - Percona repo URL is being constructed incorrectly +- [COOK-2616] - Unneeded attribute thread_cache +- [COOK-2618] - myisam-recover not using attribute value +- [COOK-2617] - open-files is a duplicate of open-files-limit + +## v2.1.2 + +- [COOK-2172] - Mysql cookbook duplicates `binlog_format` configuration + +## v2.1.0 + +- [COOK-1669] - Using platform("ubuntu") in default attributes always returns true +- [COOK-1694] - Added additional my.cnf fields and reorganized cookbook to avoid race conditions with mysql startup and sql script execution +- [COOK-1851] - Support server-id and binlog_format settings +- [COOK-1929] - Update msyql server attributes file because setting attributes without specifying a precedence is deprecated +- [COOK-1999] - Add read_only tunable useful for replication slave servers + +## v2.0.2 + +- [COOK-1967] - mysql: trailing comma in server.rb platform family + +## v2.0.0 + +**Important note for this release** + +Under Chef Solo, you must set the node attributes for the root, debian and repl passwords or the run will completely fail. See COOK-1737 for background on this. + +- [COOK-1390] - MySQL service cannot start after reboot +- [COOK-1610] - Set root password outside preseed (blocker for drop-in mysql replacements) +- [COOK-1624] - Mysql cookbook fails to even compile on windows +- [COOK-1669] - Using platform("ubuntu") in default attributes always returns true +- [COOK-1686] - Add mysql service start +- [COOK-1687] - duplicate `innodb_buffer_pool_size` attribute +- [COOK-1704] - mysql cookbook fails spec tests when minitest-handler cookbook enabled +- [COOK-1737] - Fail a chef-solo run when `server_root_password`, `server_debian_password`, and/or `server_repl_password` is not set +- [COOK-1769] - link to database recipe in mysql README goes to old chef/cookbooks repo instead of chef-cookbook organization +- [COOK-1963] - use `platform_family` + +## v1.3.0 + +**Important note for this release** + +This version no longer installs Ruby bindings in the client recipe by default. Use the ruby recipe if you'd like the RubyGem. If you'd like packages from your distribution, use them in your application's specific cookbook/recipe, or modify the client packages attribute. This resolves the following tickets: + +- COOK-932 +- COOK-1009 +- COOK-1384 + +Additionally, this cookbook now has tests (COOK-1439) for use under test-kitchen. + +The following issues are also addressed in this release. + +- [COOK-1443] - MySQL (>= 5.1.24) does not support `innodb_flush_method` = fdatasync +- [COOK-1175] - Add Mac OS X support +- [COOK-1289] - handle additional tunable attributes +- [COOK-1305] - add auto-increment-increment and auto-increment-offset attributes +- [COOK-1397] - make the port an attribute +- [COOK-1439] - Add MySQL cookbook tests for test-kitchen support +- [COOK-1236] - Move package names into attributes to allow percona to free-ride +- [COOK-934] - remove deprecated mysql/libraries/database.rb, use the database cookbook instead. +- [COOK-1475] - fix restart on config change + +## v1.2.6 + +- [COOK-1113] - Use an attribute to determine if upstart is used +- [COOK-1121] - Add support for Windows +- [COOK-1140] - Fix conf.d on Debian +- [COOK-1151] - Fix server_ec2 handling /var/lib/mysql bind mount +- [COOK-1321] - Document setting password attributes for solo + +## v1.2.4 + +- [COOK-992] - fix FATAL nameerror +- [COOK-827] - `mysql:server_ec2` recipe can't mount `data_dir` +- [COOK-945] - FreeBSD support + +## v1.2.2 + +- [COOK-826] mysql::server recipe doesn't quote password string +- [COOK-834] Add 'scientific' and 'amazon' platforms to mysql cookbook + +## v1.2.1 + +- [COOK-644] Mysql client cookbook 'package missing' error message is confusing +- [COOK-645] RHEL6/CentOS6 - mysql cookbook contains 'skip-federated' directive which is unsupported on MySQL 5.1 + +## v1.2.0 + +- [COOK-684] remove mysql_database LWRP + +## v1.0.8 + +- [COOK-633] ensure "cloud" attribute is available + +## v1.0.7 + +- [COOK-614] expose all mysql tunable settings in config +- [COOK-617] bind to private IP if available + +## v1.0.6 + +- [COOK-605] install mysql-client package on ubuntu/debian + +## v1.0.5 + +- [COOK-465] allow optional remote root connections to mysql +- [COOK-455] improve platform version handling +- externalize conf_dir attribute for easier cross platform support +- change datadir attribute to data_dir for consistency + +## v1.0.4 + +- fix regressions on debian platform +- [COOK-578] wrap root password in quotes +- [COOK-562] expose all tunables in my.cnf diff --git a/ops/cookbooks/vendor/mysql/CONTRIBUTING.md b/ops/cookbooks/vendor/mysql/CONTRIBUTING.md new file mode 100644 index 0000000..ef2f2b8 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/CONTRIBUTING.md @@ -0,0 +1,2 @@ +Please refer to +https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/ops/cookbooks/vendor/mysql/README.md b/ops/cookbooks/vendor/mysql/README.md new file mode 100644 index 0000000..63dba0f --- /dev/null +++ b/ops/cookbooks/vendor/mysql/README.md @@ -0,0 +1,424 @@ +# MySQL Cookbook + +[![Build Status](https://travis-ci.org/chef-cookbooks/mysql.svg?branch=master)](https://travis-ci.org/chef-cookbooks/mysql) [![Cookbook Version](https://img.shields.io/cookbook/v/mysql.svg)](https://supermarket.chef.io/cookbooks/mysql) + +The MySQL Cookbook is a library cookbook that provides resource primitives (LWRPs) for use in recipes. It is designed to be a reference example for creating highly reusable cross-platform cookbooks. + +## Scope + +This cookbook is concerned with the "MySQL Community Server", particularly those shipped with F/OSS Unix and Linux distributions. It does not address forks or value-added repackaged MySQL distributions like MariaDB or Percona. + +## Requirements + +- Chef 12.7 or higher +- Network accessible package repositories +- 'recipe[selinux::disabled]' on RHEL platforms + +## Platform Support + +The following platforms have been tested with Test Kitchen: + +``` +|----------------+-----+-----+-----+-----| +| | 5.1 | 5.5 | 5.6 | 5.7 | +|----------------+-----+-----+-----+-----| +| debian-7 | | X | | | +|----------------+-----+-----+-----+-----| +| debian-8 | | X | | | +|----------------+-----+-----+-----+-----| +| ubuntu-14.04 | | X | X | | +|----------------+-----+-----+-----+-----| +| ubuntu-16.04 | | | | X | +|----------------+-----+-----+-----+-----| +| centos-6 | X | X | X | X | +|----------------+-----+-----+-----+-----| +| centos-7 | | X | X | X | +|----------------+-----+-----+-----+-----| +| fedora | | | X | X | +|----------------+-----+-----+-----+-----| +| openSUSE Leap | | | X | | +|----------------+-----+-----+-----+-----| +``` + +## Cookbook Dependencies + +There are no hard coupled dependencies. However, there is a loose dependency on `yum-mysql-community` for RHEL/CentOS platforms. As of the 8.0 version of this cookbook, configuration of the package repos is now the responsibility of the user. + +## Usage + +Place a dependency on the mysql cookbook in your cookbook's metadata.rb + +```ruby +depends 'mysql', '~> 8.0' +``` + +Then, in a recipe: + +```ruby +mysql_service 'foo' do + port '3306' + version '5.5' + initial_root_password 'change me' + action [:create, :start] +end +``` + +The service name on the OS is `mysql-foo`. You can manually start and stop it with `service mysql-foo start` and `service mysql-foo stop`. + +The configuration file is at `/etc/mysql-foo/my.cnf`. It contains the minimum options to get the service running. It looks like this. + +``` +# Chef generated my.cnf for instance mysql-foo + +[client] +default-character-set = utf8 +port = 3306 +socket = /var/run/mysql-foo/mysqld.sock + +[mysql] +default-character-set = utf8 + +[mysqld] +user = mysql +pid-file = /var/run/mysql-foo/mysqld.pid +socket = /var/run/mysql-foo/mysqld.sock +port = 3306 +datadir = /var/lib/mysql-foo +tmpdir = /tmp +log-error = /var/log/mysql-foo/error.log +!includedir /etc/mysql-foo/conf.d + +[mysqld_safe] +socket = /var/run/mysql-foo/mysqld.sock +``` + +You can put extra configuration into the conf.d directory by using the `mysql_config` resource, like this: + +```ruby +mysql_service 'foo' do + port '3306' + version '5.5' + initial_root_password 'change me' + action [:create, :start] +end + +mysql_config 'foo' do + source 'my_extra_settings.erb' + notifies :restart, 'mysql_service[foo]' + action :create +end +``` + +You are responsible for providing `my_extra_settings.erb` in your own cookbook's templates folder. + +## Connecting with the mysql CLI command + +Logging into the machine and typing `mysql` with no extra arguments will fail. You need to explicitly connect over the socket with `mysql -S /var/run/mysql-foo/mysqld.sock`, or over the network with `mysql -h 127.0.0.1` + +## Upgrading from older version of the mysql cookbook + +- It is strongly recommended that you rebuild the machine from scratch. This is easy if you have your `data_dir` on a dedicated mount point. If you _must_ upgrade in-place, follow the instructions below. +- The 6.x series supports multiple service instances on a single machine. It dynamically names the support directories and service names. `/etc/mysql becomes /etc/mysql-instance_name`. Other support directories in `/var` `/run` etc work the same way. Make sure to specify the `data_dir` property on the `mysql_service` resource to point to the old `/var/lib/mysql` directory. + +## Resources Overview + +### mysql_service + +The `mysql_service` resource manages the basic plumbing needed to get a MySQL server instance running with minimal configuration. + +The `:create` action handles package installation, support directories, socket files, and other operating system level concerns. The internal configuration file contains just enough to get the service up and running, then loads extra configuration from a conf.d directory. Further configurations are managed with the `mysql_config` resource. + +- If the `data_dir` is empty, a database will be initialized, and a +- root user will be set up with `initial_root_password`. If this +- directory already contains database files, no action will be taken. + +The `:start` action starts the service on the machine using the appropriate provider for the platform. The `:start` action should be omitted when used in recipes designed to build containers. + +#### Example + +```ruby +mysql_service 'default' do + version '5.7' + bind_address '0.0.0.0' + port '3306' + data_dir '/data' + initial_root_password 'Ch4ng3me' + action [:create, :start] +end +``` + +Please note that when using `notifies` or `subscribes`, the resource to reference is `mysql_service[name]`, not `service[mysql]`. + +#### Parameters + +- `charset` - specifies the default character set. Defaults to `utf8`. +- `data_dir` - determines where the actual data files are kept on the machine. This is useful when mounting external storage. When omitted, it will default to the platform's native location. +- `error_log` - Tunable location of the error_log +- `initial_root_password` - allows the user to specify the initial root password for mysql when initializing new databases. This can be set explicitly in a recipe, driven from a node attribute, or from data_bags. When omitted, it defaults to `ilikerandompasswords`. Please be sure to change it. +- `instance` - A string to identify the MySQL service. By convention, to allow for multiple instances of the `mysql_service`, directories and files on disk are named `mysql-`. Defaults to the resource name. +- `package_action` - Defaults to `:install`. +- `package_name` - Defaults to a value looked up in an internal map. +- `package_version` - Specific version of the package to install,passed onto the underlying package manager. Defaults to `nil`. +- `bind_address` - determines the listen IP address for the mysqld service. When omitted, it will be determined by MySQL. If the address is "regular" IPv4/IPv6address (e.g 127.0.0.1 or ::1), the server accepts TCP/IP connections only for that particular address. If the address is "0.0.0.0" (IPv4) or "::" (IPv6), the server accepts TCP/IP connections on all IPv4 or IPv6 interfaces. +- `mysqld_options` - A key value hash of options to be rendered into the main my.cnf. WARNING - It is highly recommended that you use the `mysql_config` resource instead of sending extra config into a `mysql_service` resource. This will allow you to set up notifications and subscriptions between the service and its configuration. That being said, this can be useful for adding extra options needed for database initialization at first run. +- `port` - determines the listen port for the mysqld service. When omitted, it will default to '3306'. +- `run_group` - The name of the system group the `mysql_service` should run as. Defaults to 'mysql'. +- `run_user` - The name of the system user the `mysql_service` should run as. Defaults to 'mysql'. +- `pid_file` - Tunable location of the pid file. +- `socket` - determines where to write the socket file for the `mysql_service` instance. Useful when configuring clients on the same machine to talk over socket and skip the networking stack. Defaults to a calculated value based on platform and instance name. +- `tmp_dir` - Tunable location of the tmp_dir +- `version` - allows the user to select from the versions available for the platform, where applicable. When omitted, it will install the default MySQL version for the target platform. Available version numbers are `5.0`, `5.1`, `5.5`, `5.6`, and `5.7`, depending on platform. + +#### Actions + +- `:create` - Configures everything but the underlying operating system service. +- `:delete` - Removes everything but the package and data_dir. +- `:start` - Starts the underlying operating system service +- `:stop`- Stops the underlying operating system service +- `:restart` - Restarts the underlying operating system service +- `:reload` - Reloads the underlying operating system service + +#### Providers + +Chef selects the appropriate provider based on platform and version, but you can specify one if your platform support it. + +```ruby +mysql_service[instance-1] do + port '1234' + data_dir '/mnt/lottadisk' + provider Chef::Provider::MysqlServiceSysvinit + action [:create, :start] +end +``` + +- `Chef::Provider::MysqlServiceBase` - Configures everything needed to run a MySQL service except the platform service facility. This provider should never be used directly. The `:start`, `:stop`, `:restart`, and `:reload` actions are stubs meant to be overridden by the providers below. +- `Chef::Provider::MysqlServiceSmf` - Starts a `mysql_service` using the Service Management Facility, used by Solaris and Illumos. Manages the FMRI and method script. +- `Chef::Provider::MysqlServiceSystemd` - Starts a `mysql_service` using SystemD. Manages the unit file and activation state +- `Chef::Provider::MysqlServiceSysvinit` - Starts a `mysql_service` using SysVinit. Manages the init script and status. +- `Chef::Provider::MysqlServiceUpstart` - Starts a `mysql_service` using Upstart. Manages job definitions and status. + +### mysql_config + +The `mysql_config` resource is a wrapper around the core Chef `template` resource. Instead of a `path` parameter, it uses the `instance` parameter to calculate the path on the filesystem where file is rendered. + +#### Example + +```ruby +mysql_config[default] do + source 'site.cnf.erb' + action :create +end +``` + +#### Parameters + +- `config_name` - The base name of the configuration file to be rendered into the conf.d directory on disk. Defaults to the resource name. +- `cookbook` - The name of the cookbook to look for the template source. Defaults to nil +- `group` - System group for file ownership. Defaults to 'mysql'. +- `instance` - Name of the `mysql_service` instance the config is meant for. Defaults to 'default'. +- `owner` - System user for file ownership. Defaults to 'mysql'. +- `source` - Template in cookbook to be rendered. +- `variables` - Variables to be passed to the underlying `template` resource. +- `version` - Version of the `mysql_service` instance the config is meant for. Used to calculate path. Only necessary when using packages with unique configuration paths, such as RHEL Software Collections or OmniOS. Defaults to 'nil' + +#### Actions + +- `:create` - Renders the template to disk at a path calculated using the instance parameter. +- `:delete` - Deletes the file from the conf.d directory calculated using the instance parameter. + +#### More Examples + +```ruby +mysql_service 'instance-1' do + action [:create, :start] +end + +mysql_service 'instance-2' do + action [:create, :start] +end + +mysql_config 'logging' do + instance 'instance-1' + source 'logging.cnf.erb' + action :create + notifies :restart, 'mysql_service[instance-1]' +end + +mysql_config 'security settings for instance-2' do + config_name 'security' + instance 'instance-2' + source 'security_stuff.cnf.erb' + variables(:foo => 'bar') + action :create + notifies :restart, 'mysql_service[instance-2]' +end +``` + +### mysql_client + +The `mysql_client` resource manages the MySQL client binaries and development libraries. + +It is an example of a "singleton" resource. Declaring two `mysql_client` resources on a machine usually won't yield two separate copies of the client binaries, except for platforms that support multiple versions (RHEL SCL, OmniOS). + +#### Example + +```ruby +mysql_client 'default' do + action :create +end +``` + +#### Properties + +- `package_name` - An array of packages to be installed. Defaults to a value looked up in an internal map. +- `package_version` - Specific versions of the package to install, passed onto the underlying package manager. Defaults to `nil`. +- `version` - Major MySQL version number of client packages. Only valid on for platforms that support multiple versions, such as RHEL via Software Collections and OmniOS. + +#### Actions + +- `:create` - Installs the client software +- `:delete` - Removes the client software + +## Advanced Usage Examples + +There are a number of configuration scenarios supported by the use of resource primitives in recipes. For example, you might want to run multiple MySQL services, as different users, and mount block devices that contain pre-existing databases. + +### Multiple Instances as Different Users + +```ruby +# instance-1 +user 'alice' do + action :create +end + +directory '/mnt/data/mysql/instance-1' do + owner 'alice' + action :create +end + +mount '/mnt/data/mysql/instance-1' do + device '/dev/sdb1' + fstype 'ext4' + action [:mount, :enable] +end + +mysql_service 'instance-1' do + port '3307' + run_user 'alice' + data_dir '/mnt/data/mysql/instance-1' + action [:create, :start] +end + +mysql_config 'site config for instance-1' do + instance 'instance-1' + source 'instance-1.cnf.erb' + notifies :restart, 'mysql_service[instance-1]' +end + +# instance-2 +user 'bob' do + action :create +end + +directory '/mnt/data/mysql/instance-2' do + owner 'bob' + action :create +end + +mount '/mnt/data/mysql/instance-2' do + device '/dev/sdc1' + fstype 'ext3' + action [:mount, :enable] +end + +mysql_service 'instance-2' do + port '3308' + run_user 'bob' + data_dir '/mnt/data/mysql/instance-2' + action [:create, :start] +end + +mysql_config 'site config for instance-2' do + instance 'instance-2' + source 'instance-2.cnf.erb' + notifies :restart, 'mysql_service[instance-2]' +end +``` + +### Replication Testing + +Use multiple `mysql_service` instances to test a replication setup. This particular example serves as a smoke test in Test Kitchen because it exercises different resources and requires service restarts. + + + +## Frequently Asked Questions + +### How do I run this behind my firewall? + +On Linux, the `mysql_service` resource uses the platform's underlying package manager to install software. For this to work behind firewalls, you'll need to either: + +- Configure the system yum/apt utilities to use a proxy server that +- can reach the Internet +- Host a package repository on a network that the machine can talk to + +On the RHEL platform_family, applying the `yum::default` recipe will allow you to drive the `yum_globalconfig` resource with attributes to change the global yum proxy settings. + +If hosting repository mirrors, applying one of the following recipes and adjust the settings with node attributes. + +- `recipe[yum-centos::default]` from the Supermarket + + + + + +- `recipe[yum-mysql-community::default]` from the Supermarket + + + + + +### The mysql command line doesn't work + +If you log into the machine and type `mysql`, you may see an error like this one: + +`Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'` + +This is because MySQL is hardcoded to read the defined default my.cnf file, typically at /etc/my.cnf, and this LWRP deletes it to prevent overlap among multiple MySQL configurations. + +To connect to the socket from the command line, check the socket in the relevant my.cnf file and use something like this: + +`mysql -S /var/run/mysql-foo/mysqld.sock -Pwhatever` + +Or to connect over the network, use something like this: connect over the network.. + +`mysql -h 127.0.0.1 -Pwhatever` + +These network or socket ssettings can also be put in you $HOME/.my.cnf, if preferred. + +### What about MariaDB, Percona, etc. + +MySQL forks are purposefully out of scope for this cookbook. This is mostly to reduce the testing matrix to a manageable size. Cookbooks for these technologies can easily be created by copying and adapting this cookbook. However, there will be differences. + +Package repository locations, package version names, software major version numbers, supported platform matrices, and the availability of software such as XtraDB and Galera are the main reasons that creating multiple cookbooks to make sense. + +## Maintainers + +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) + +## License + +```text +Copyright:: 2009-2017 Chef Software, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/ops/cookbooks/vendor/mysql/libraries/helpers.rb b/ops/cookbooks/vendor/mysql/libraries/helpers.rb new file mode 100644 index 0000000..e60d21d --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/helpers.rb @@ -0,0 +1,291 @@ +module MysqlCookbook + module HelpersBase + require 'shellwords' + + def el6? + return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 6 + false + end + + def el7? + return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7 + false + end + + def wheezy? + return true if node['platform'] == 'debian' && node['platform_version'].to_i == 7 + false + end + + def jessie? + return true if node['platform'] == 'debian' && node['platform_version'].to_i == 8 + false + end + + def stretch? + return true if node['platform'] == 'debian' && node['platform_version'].to_i == 9 + false + end + + def trusty? + return true if node['platform'] == 'ubuntu' && node['platform_version'] == '14.04' + return true if node['platform'] == 'linuxmint' && node['platform_version'] =~ /^17\.[0-9]$/ + false + end + + def xenial? + return true if node['platform'] == 'ubuntu' && node['platform_version'] == '16.04' + false + end + + def defaults_file + "#{etc_dir}/my.cnf" + end + + def default_data_dir + return "/var/lib/#{mysql_name}" if node['os'] == 'linux' + return "/opt/local/lib/#{mysql_name}" if node['os'] == 'solaris2' + return "/var/db/#{mysql_name}" if node['os'] == 'freebsd' + end + + def default_error_log + "#{log_dir}/error.log" + end + + def default_pid_file + "#{run_dir}/mysqld.pid" + end + + def default_major_version + # rhelish + return '5.1' if el6? + return '5.6' if el7? + return '5.6' if node['platform'] == 'amazon' + + # debian + return '5.5' if wheezy? + return '5.5' if jessie? + + # ubuntu + return '5.5' if trusty? + return '5.7' if xenial? + + # misc + return '5.6' if node['platform'] == 'freebsd' + return '5.6' if node['platform'] == 'fedora' + return '5.6' if node['platform_family'] == 'suse' + end + + def major_from_full(v) + v.split('.').shift(2).join('.') + end + + def mysql_name + "mysql-#{instance}" + end + + def default_socket_file + "#{run_dir}/mysqld.sock" + end + + def default_client_package_name + return ['mysql', 'mysql-devel'] if major_version == '5.1' && el6? + return ['mysql55', 'mysql55-devel.x86_64'] if major_version == '5.5' && node['platform'] == 'amazon' + return ['mysql56', 'mysql56-devel.x86_64'] if major_version == '5.6' && node['platform'] == 'amazon' + return ['mysql-client-5.5', 'libmysqlclient-dev'] if major_version == '5.5' && node['platform_family'] == 'debian' + return ['mysql-client-5.6', 'libmysqlclient-dev'] if major_version == '5.6' && node['platform_family'] == 'debian' + return ['mysql-client-5.7', 'libmysqlclient-dev'] if major_version == '5.7' && node['platform_family'] == 'debian' + return 'mysql-community-server-client' if major_version == '5.6' && node['platform_family'] == 'suse' + ['mysql-community-client', 'mysql-community-devel'] + end + + def default_server_package_name + return 'mysql-server' if major_version == '5.1' && el6? + return 'mysql55-server' if major_version == '5.5' && node['platform'] == 'amazon' + return 'mysql56-server' if major_version == '5.6' && node['platform'] == 'amazon' + return 'mysql-server-5.5' if major_version == '5.5' && node['platform_family'] == 'debian' + return 'mysql-server-5.6' if major_version == '5.6' && node['platform_family'] == 'debian' + return 'mysql-server-5.7' if major_version == '5.7' && node['platform_family'] == 'debian' + return 'mysql-community-server' if major_version == '5.6' && node['platform_family'] == 'suse' + 'mysql-community-server' + end + + def socket_dir + File.dirname(socket) + end + + def run_dir + return "#{prefix_dir}/var/run/#{mysql_name}" if node['platform_family'] == 'rhel' + return "/run/#{mysql_name}" if node['platform_family'] == 'debian' + "/var/run/#{mysql_name}" + end + + def prefix_dir + return "/opt/mysql#{pkg_ver_string}" if node['platform_family'] == 'omnios' + return '/opt/local' if node['platform_family'] == 'smartos' + return "/opt/rh/#{scl_name}/root" if scl_package? + end + + def scl_name + return unless node['platform_family'] == 'rhel' + return 'mysql51' if version == '5.1' && node['platform_version'].to_i == 5 + return 'mysql55' if version == '5.5' && node['platform_version'].to_i == 5 + end + + def scl_package? + return unless node['platform_family'] == 'rhel' + return true if version == '5.1' && node['platform_version'].to_i == 5 + return true if version == '5.5' && node['platform_version'].to_i == 5 + false + end + + def etc_dir + return "/opt/mysql#{pkg_ver_string}/etc/#{mysql_name}" if node['platform_family'] == 'omnios' + return "#{prefix_dir}/etc/#{mysql_name}" if node['platform_family'] == 'smartos' + "#{prefix_dir}/etc/#{mysql_name}" + end + + def base_dir + prefix_dir || '/usr' + end + + def system_service_name + return 'mysql51-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql51' + return 'mysql55-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql55' + return 'mysqld' if node['platform_family'] == 'rhel' + return 'mysqld' if node['platform_family'] == 'fedora' + 'mysql' # not one of the above + end + + def v56plus + return false if version.split('.')[0].to_i < 5 + return false if version.split('.')[1].to_i < 6 + true + end + + def v57plus + return false if version.split('.')[0].to_i < 5 + return false if version.split('.')[1].to_i < 7 + true + end + + def default_include_dir + "#{etc_dir}/conf.d" + end + + def log_dir + return "/var/adm/log/#{mysql_name}" if node['platform_family'] == 'omnios' + "#{prefix_dir}/var/log/#{mysql_name}" + end + + def lc_messages_dir; end + + def init_records_script + # Note: shell-escaping passwords in a SQL file may cause corruption - eg + # mysql will read \& as &, but \% as \%. Just escape bare-minimum \ and ' + sql_escaped_password = root_password.gsub('\\') { '\\\\' }.gsub("'") { '\\\'' } + + <<-EOS + set -e + rm -rf /tmp/#{mysql_name} + mkdir /tmp/#{mysql_name} + + cat > /tmp/#{mysql_name}/my.sql <<-'EOSQL' +UPDATE mysql.user SET #{password_column_name}=PASSWORD('#{sql_escaped_password}')#{password_expired} WHERE user = 'root'; +DELETE FROM mysql.user WHERE USER LIKE ''; +DELETE FROM mysql.user WHERE user = 'root' and host NOT IN ('127.0.0.1', 'localhost'); +FLUSH PRIVILEGES; +DELETE FROM mysql.db WHERE db LIKE 'test%'; +DROP DATABASE IF EXISTS test ; +EOSQL + + #{db_init} + #{record_init} + + while [ ! -f #{pid_file} ] ; do sleep 1 ; done + kill `cat #{pid_file}` + while [ -f #{pid_file} ] ; do sleep 1 ; done + rm -rf /tmp/#{mysql_name} + EOS + end + + def password_column_name + return 'authentication_string' if v57plus + 'password' + end + + def root_password + if initial_root_password == '' + Chef::Log.info('Root password is empty') + return '' + end + initial_root_password + end + + def password_expired + return ", password_expired='N'" if v57plus + '' + end + + def db_init + return mysqld_initialize_cmd if v57plus + mysql_install_db_cmd + end + + def mysql_install_db_bin + return "#{base_dir}/scripts/mysql_install_db" if node['platform_family'] == 'omnios' + return "#{prefix_dir}/bin/mysql_install_db" if node['platform_family'] == 'smartos' + 'mysql_install_db' + end + + def mysql_install_db_cmd + cmd = mysql_install_db_bin + cmd << " --defaults-file=#{etc_dir}/my.cnf" + cmd << " --datadir=#{data_dir}" + cmd << ' --explicit_defaults_for_timestamp' if v56plus && !v57plus + return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? + cmd + end + + def mysqladmin_bin + return "#{prefix_dir}/bin/mysqladmin" if node['platform_family'] == 'smartos' + return 'mysqladmin' if scl_package? + "#{prefix_dir}/usr/bin/mysqladmin" + end + + def mysqld_bin + return "#{prefix_dir}/libexec/mysqld" if node['platform_family'] == 'smartos' + return "#{base_dir}/bin/mysqld" if node['platform_family'] == 'omnios' + return '/usr/sbin/mysqld' if node['platform_family'] == 'fedora' && v56plus + return '/usr/libexec/mysqld' if node['platform_family'] == 'fedora' + return 'mysqld' if scl_package? + "#{prefix_dir}/usr/sbin/mysqld" + end + + def mysqld_initialize_cmd + cmd = mysqld_bin + cmd << " --defaults-file=#{etc_dir}/my.cnf" + cmd << ' --initialize' + cmd << ' --explicit_defaults_for_timestamp' if v56plus + return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? + cmd + end + + def mysqld_safe_bin + return "#{prefix_dir}/bin/mysqld_safe" if node['platform_family'] == 'smartos' + return "#{base_dir}/bin/mysqld_safe" if node['platform_family'] == 'omnios' + return 'mysqld_safe' if scl_package? + "#{prefix_dir}/usr/bin/mysqld_safe" + end + + def record_init + cmd = v56plus ? mysqld_bin : mysqld_safe_bin + cmd << " --defaults-file=#{etc_dir}/my.cnf" + cmd << " --init-file=/tmp/#{mysql_name}/my.sql" + cmd << ' --explicit_defaults_for_timestamp' if v56plus + cmd << ' &' + return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? + cmd + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/matchers.rb b/ops/cookbooks/vendor/mysql/libraries/matchers.rb new file mode 100644 index 0000000..adf5e73 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/matchers.rb @@ -0,0 +1,71 @@ +if defined?(ChefSpec) + ChefSpec.define_matcher :mysql_config + ChefSpec.define_matcher :mysql_service + ChefSpec.define_matcher :mysql_client + + # mysql_client_client_installation_package + def install_mysql_client_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client_installation_package, :create, resource_name) + end + + def remove_mysql_client_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client_installation_package, :remove, resource_name) + end + + # mysql_server_server_installation_package + def install_mysql_server_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_server_installation_package, :install, resource_name) + end + + def remove_mysql_server_installation_package(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_server_installation_package, :remove, resource_name) + end + + ##### + # old + ##### + + # client + def create_mysql_client(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :create, resource_name) + end + + def delete_mysql_client(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :delete, resource_name) + end + + # mysql_config + def create_mysql_config(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_config, :create, resource_name) + end + + def delete_mysql_config(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_config, :delete, resource_name) + end + + # service + def create_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :create, resource_name) + end + + def delete_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :delete, resource_name) + end + + def start_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :start, resource_name) + end + + def stop_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :stop, resource_name) + end + + def restart_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :restart, resource_name) + end + + def reload_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :reload, resource_name) + end + +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_base.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_base.rb new file mode 100644 index 0000000..2db0c16 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_base.rb @@ -0,0 +1,30 @@ +module MysqlCookbook + class MysqlBase < Chef::Resource + require_relative 'helpers' + + # All resources are composites + def whyrun_supported? + true + end + + ################ + # Type Constants + ################ + + Boolean = property_type( + is: [true, false], + default: false + ) unless defined?(Boolean) + + ################### + # Common Properties + ################### + property :run_group, String, default: 'mysql', desired_state: false + property :run_user, String, default: 'mysql', desired_state: false + property :version, String, default: lazy { default_major_version }, desired_state: false + property :include_dir, String, default: lazy { default_include_dir }, desired_state: false + property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false + + action_class + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_client_installation_package.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_client_installation_package.rb new file mode 100644 index 0000000..1dc87f5 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_client_installation_package.rb @@ -0,0 +1,31 @@ +module MysqlCookbook + class MysqlClientInstallationPackage < MysqlBase + # helper methods + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + # Resource properties + resource_name :mysql_client_installation_package + provides :mysql_client_installation, os: 'linux' + provides :mysql_client, os: 'linux' + + property :package_name, [String, Array], default: lazy { default_client_package_name }, desired_state: false + property :package_options, [String, nil], desired_state: false + property :package_version, [String, nil], default: nil, desired_state: false + + # Actions + action :create do + package new_resource.package_name do + version new_resource.package_version if new_resource.package_version + options new_resource.package_options if new_resource.package_options + action :install + end + end + + action :delete do + package new_resource.package_name do + action :remove + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_config.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_config.rb new file mode 100644 index 0000000..d4a52c9 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_config.rb @@ -0,0 +1,56 @@ +module MysqlCookbook + class MysqlConfig < MysqlBase + resource_name :mysql_config + + property :config_name, String, name_property: true, desired_state: false + property :cookbook, String, desired_state: false + property :group, String, default: 'mysql', desired_state: false + property :instance, String, default: 'default', desired_state: false + property :owner, String, default: 'mysql', desired_state: false + property :source, String, desired_state: false + property :variables, [Hash], desired_state: false + property :version, String, default: lazy { default_major_version }, desired_state: false + + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + provides :mysql_config + + action :create do + # hax because group property + g = Chef::Resource::Group.new(new_resource.group, run_context) + g.system true if new_resource.name == 'mysql' + resource_collection.insert g + + user new_resource.owner do + gid new_resource.owner + system true if new_resource.name == 'mysql' + action :create + end + + directory new_resource.include_dir do + owner new_resource.owner + group new_resource.group + mode '0750' + recursive true + action :create + end + + template "#{new_resource.include_dir}/#{new_resource.config_name}.cnf" do + owner new_resource.owner + group new_resource.group + mode '0640' + variables(new_resource.variables) + source new_resource.source + cookbook new_resource.cookbook + action :create + end + end + + action :delete do + file "#{new_resource.include_dir}/#{new_resource.config_name}.cnf" do + action :delete + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_server_installation_package.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_server_installation_package.rb new file mode 100644 index 0000000..bf46c8d --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_server_installation_package.rb @@ -0,0 +1,42 @@ +module MysqlCookbook + class MysqlServerInstallationPackage < MysqlBase + # Resource properties + resource_name :mysql_server_installation_package + provides :mysql_server_installation, os: 'linux' + + property :package_name, String, default: lazy { default_server_package_name }, desired_state: false + property :package_options, [String, nil], desired_state: false + property :package_version, [String, nil], default: nil, desired_state: false + + # helper methods + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + # Actions + action :install do + package new_resource.package_name do + version new_resource.package_version if new_resource.package_version + options new_resource.package_options if new_resource.package_options + notifies :install, 'package[perl-Sys-Hostname-Long]', :immediately if platform_family?('suse') + notifies :run, 'execute[Initial DB setup script]', :immediately if platform_family?('suse') + action :install + end + + package 'perl-Sys-Hostname-Long' do + action :nothing + end + + execute 'Initial DB setup script' do + environment 'INSTANCE' => new_resource.name + command '/usr/lib/mysql/mysql-systemd-helper install' + action :nothing + end + end + + action :delete do + package new_resource.package_name do + action :remove + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_service.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_service.rb new file mode 100644 index 0000000..aa969bd --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_service.rb @@ -0,0 +1,105 @@ +module MysqlCookbook + require_relative 'mysql_service_base' + class MysqlService < MysqlServiceBase + resource_name :mysql_service + + # installation type and service_manager + property :install_method, %w(package auto), default: 'auto', desired_state: false + property :service_manager, %w(sysvinit upstart systemd auto), default: 'auto', desired_state: false + + # mysql_server_installation + property :version, String, default: lazy { default_major_version }, desired_state: false + property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false + property :package_name, String, default: lazy { default_package_name }, desired_state: false + property :package_options, [String, nil], desired_state: false + property :package_version, [String, nil], default: nil, desired_state: false + + ################ + # Helper Methods + ################ + + def copy_properties_to(to, *properties) + properties = self.class.properties.keys if properties.empty? + properties.each do |p| + # If the property is set on from, and exists on to, set the + # property on to + if to.class.properties.include?(p) && property_is_set?(p) + to.send(p, send(p)) + end + end + end + + action_class do + def installation(&block) + case new_resource.install_method + when 'auto' + install = mysql_server_installation(new_resource.name, &block) + when 'package' + install = mysql_server_installation_package(new_resource.name, &block) + when 'none' + Chef::Log.info('Skipping MySQL installation. Assuming it was handled previously.') + return + end + copy_properties_to(install) + install + end + + def svc_manager(&block) + case new_resource.service_manager + when 'auto' + svc = mysql_service_manager(new_resource.name, &block) + when 'sysvinit' + svc = mysql_service_manager_sysvinit(new_resource.name, &block) + when 'upstart' + svc = mysql_service_manager_upstart(new_resource.name, &block) + when 'systemd' + svc = mysql_service_manager_systemd(new_resource.name, &block) + end + copy_properties_to(svc) + svc + end + end + + ######### + # Actions + ######### + + action :create do + installation do + action :install + end + + svc_manager do + action :create + end + end + + action :start do + svc_manager do + action :start + end + end + + action :delete do + svc_manager do + action :delete + end + + installation do + action :delete + end + end + + action :restart do + svc_manager do + action :restart + end + end + + action :stop do + svc_manager do + action :stop + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_service_base.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_service_base.rb new file mode 100644 index 0000000..a03b5aa --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_service_base.rb @@ -0,0 +1,203 @@ +module MysqlCookbook + class MysqlServiceBase < MysqlBase + property :bind_address, String, desired_state: false + property :charset, String, default: 'utf8', desired_state: false + property :data_dir, String, default: lazy { default_data_dir }, desired_state: false + property :error_log, String, default: lazy { default_error_log }, desired_state: false + property :initial_root_password, String, default: 'ilikerandompasswords', desired_state: false + property :instance, String, name_property: true, desired_state: false + property :mysqld_options, Hash, default: {}, desired_state: false + property :pid_file, String, default: lazy { default_pid_file }, desired_state: false + property :port, [String, Integer], default: '3306', desired_state: false + property :socket, String, default: lazy { default_socket_file }, desired_state: false + property :tmp_dir, String, desired_state: false + + alias socket_file socket + + require_relative 'helpers' + include MysqlCookbook::HelpersBase + + # action class methods are available within the actions and work as if the coded + # was inline the action. No messing with classes or passing in the new_resource + action_class do + def create_system_user + group 'mysql' do + action :create + end + + user 'mysql' do + gid 'mysql' + action :create + end + end + + def create_config + # require 'pry' ; binding.pry + + # Yak shaving secion. Account for random errata. + # + # Turns out that mysqld is hard coded to try and read + # /etc/mysql/my.cnf, and its presence causes problems when + # setting up multiple services. + file "#{prefix_dir}/etc/mysql/my.cnf" do + action :delete + end + + file "#{prefix_dir}/etc/my.cnf" do + action :delete + end + + # mysql_install_db is broken on 5.6.13 + link "#{prefix_dir}/usr/share/my-default.cnf" do + to "#{etc_dir}/my.cnf" + not_if { ::File.exist? "#{prefix_dir}/usr/share/my-default.cnf" } # FIXME: Chef bug? + action :create + end + + # Support directories + directory etc_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + directory new_resource.include_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + directory run_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0755' + recursive true + action :create + end + + directory log_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + directory new_resource.data_dir do + owner new_resource.run_user + group new_resource.run_group + mode '0750' + recursive true + action :create + end + + # Main configuration file + template "#{etc_dir}/my.cnf" do + source 'my.cnf.erb' + cookbook 'mysql' + owner new_resource.run_user + group new_resource.run_group + mode '0600' + variables(config: new_resource) + action :create + end + end + + def initialize_database + # initialize database and create initial records + bash "#{new_resource.name} initial records" do + code init_records_script + umask '022' + returns [0, 1, 2] # facepalm + not_if "/usr/bin/test -f #{new_resource.data_dir}/mysql/user.frm" + action :run + end + end + + def delete_support_directories + # Stop the service before removing support directories + delete_stop_service + + directory etc_dir do + recursive true + action :delete + end + + directory run_dir do + recursive true + action :delete + end + + directory log_dir do + recursive true + action :delete + end + end + + # + # Platform specific bits + # + def configure_apparmor + # Do not add these resource if inside a container + # Only valid on Ubuntu + return if ::File.exist?('/.dockerenv') || ::File.exist?('/.dockerinit') || node['platform'] != 'ubuntu' + + # Apparmor + package 'apparmor' do + action :install + end + + directory '/etc/apparmor.d/local/mysql' do + owner 'root' + group 'root' + mode '0755' + recursive true + action :create + end + + template '/etc/apparmor.d/local/usr.sbin.mysqld' do + cookbook 'mysql' + source 'apparmor/usr.sbin.mysqld-local.erb' + owner 'root' + group 'root' + mode '0644' + action :create + notifies :restart, "service[#{new_resource.instance} apparmor]", :immediately + end + + template '/etc/apparmor.d/usr.sbin.mysqld' do + cookbook 'mysql' + source 'apparmor/usr.sbin.mysqld.erb' + owner 'root' + group 'root' + mode '0644' + action :create + notifies :restart, "service[#{new_resource.instance} apparmor]", :immediately + end + + template "/etc/apparmor.d/local/mysql/#{new_resource.instance}" do + cookbook 'mysql' + source 'apparmor/usr.sbin.mysqld-instance.erb' + owner 'root' + group 'root' + mode '0644' + variables( + config: new_resource, + mysql_name: mysql_name + ) + action :create + notifies :restart, "service[#{new_resource.instance} apparmor]", :immediately + end + + service "#{new_resource.instance} apparmor" do + service_name 'apparmor' + action :nothing + end + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_systemd.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_systemd.rb new file mode 100644 index 0000000..5c6880a --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_systemd.rb @@ -0,0 +1,142 @@ +module MysqlCookbook + class MysqlServiceManagerSystemd < MysqlServiceBase + resource_name :mysql_service_manager_systemd + + provides :mysql_service_manager, os: 'linux' do |_node| + Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) + end + + action :create do + # from base + create_system_user + stop_system_service + create_config + configure_apparmor + initialize_database + end + + action :start do + # Needed for Debian / Ubuntu + directory '/usr/libexec' do + owner 'root' + group 'root' + mode '0755' + action :create + end + + # this script is called by the main systemd unit file, and + # spins around until the service is actually up and running. + template "/usr/libexec/#{mysql_name}-wait-ready" do + path "/usr/libexec/#{mysql_name}-wait-ready" + source 'systemd/mysqld-wait-ready.erb' + owner 'root' + group 'root' + mode '0755' + variables(socket_file: socket_file) + cookbook 'mysql' + action :create + end + + # this is the main systemd unit file + template "/etc/systemd/system/#{mysql_name}.service" do + path "/etc/systemd/system/#{mysql_name}.service" + source 'systemd/mysqld.service.erb' + owner 'root' + group 'root' + mode '0644' + variables( + config: new_resource, + etc_dir: etc_dir, + base_dir: base_dir, + mysqld_bin: mysqld_bin + ) + cookbook 'mysql' + notifies :run, "execute[#{new_resource.instance} systemctl daemon-reload]", :immediately + action :create + end + + # avoid 'Unit file changed on disk' warning + execute "#{new_resource.instance} systemctl daemon-reload" do + command '/bin/systemctl daemon-reload' + action :nothing + end + + # tmpfiles.d config so the service survives reboot + template "/usr/lib/tmpfiles.d/#{mysql_name}.conf" do + path "/usr/lib/tmpfiles.d/#{mysql_name}.conf" + source 'tmpfiles.d.conf.erb' + owner 'root' + group 'root' + mode '0644' + variables( + run_dir: run_dir, + run_user: new_resource.run_user, + run_group: new_resource.run_group + ) + cookbook 'mysql' + action :create + end + + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports restart: true, status: true + action [:enable, :start] + end + end + + action :stop do + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } + end + end + + action :restart do + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports restart: true + action :restart + end + end + + action :reload do + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + action :reload + end + end + + action_class do + def stop_system_service + # service management resource + service 'mysql' do + service_name system_service_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:stop, :disable] + end + end + + def delete_stop_service + # service management resource + service mysql_name.to_s do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } + end + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_sysvinit.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_sysvinit.rb new file mode 100644 index 0000000..5608dec --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_sysvinit.rb @@ -0,0 +1,79 @@ +module MysqlCookbook + class MysqlServiceManagerSysvinit < MysqlServiceBase + resource_name :mysql_service_manager_sysvinit + + provides :mysql_service_manager, os: 'linux' + + action :create do + # from base + create_system_user + stop_system_service + create_config + initialize_database + configure_apparmor + end + + action :start do + template "/etc/init.d/#{mysql_name}" do + source 'sysvinit/mysqld.erb' + owner 'root' + group 'root' + mode '0755' + variables( + config: new_resource, + defaults_file: defaults_file, + error_log: new_resource.error_log, + mysql_name: mysql_name, + mysqladmin_bin: mysqladmin_bin, + mysqld_safe_bin: mysqld_safe_bin, + pid_file: new_resource.pid_file, + scl_name: scl_name + ) + cookbook 'mysql' + action :create + end + + service mysql_name do + supports restart: true, status: true + action [:enable, :start] + end + end + + action :stop do + service mysql_name do + supports restart: true, status: true + action [:stop] + end + end + + action :restart do + service mysql_name do + supports restart: true + action :restart + end + end + + action :reload do + service mysql_name do + action :reload + end + end + + action_class do + def stop_system_service + service system_service_name do + supports status: true + action [:stop, :disable] + end + end + + def delete_stop_service + service mysql_name do + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("#{etc_dir}/init.d/#{mysql_name}") } + end + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_upstart.rb b/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_upstart.rb new file mode 100644 index 0000000..f8f28c2 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/libraries/mysql_service_manager_upstart.rb @@ -0,0 +1,103 @@ +module MysqlCookbook + class MysqlServiceManagerUpstart < MysqlServiceBase + resource_name :mysql_service_manager_upstart + + provides :mysql_service_manager, platform_family: 'debian' do |_node| + Chef::Platform::ServiceHelpers.service_resource_providers.include?(:upstart) && + !Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) && + !Chef::Platform::ServiceHelpers.service_resource_providers.include?(:redhat) && + ::File.exist?('/sbin/status') # Fix for Docker, in 7 and 8 images /sbin/status doesn't exists and Upstart provider doesn't work + end + + action :create do + # from base + create_system_user + stop_system_service + create_config + configure_apparmor + initialize_database + end + + action :start do + template "/usr/sbin/#{mysql_name}-wait-ready" do + source 'upstart/mysqld-wait-ready.erb' + owner 'root' + group 'root' + mode '0755' + variables(socket_file: socket_file) + cookbook 'mysql' + action :create + end + + template "/etc/init/#{mysql_name}.conf" do + source 'upstart/mysqld.erb' + owner 'root' + group 'root' + mode '0644' + variables( + defaults_file: defaults_file, + mysql_name: mysql_name, + run_group: new_resource.run_group, + run_user: new_resource.run_user, + socket_dir: new_resource.socket_dir + ) + cookbook 'mysql' + action :create + end + + service mysql_name do + provider Chef::Provider::Service::Upstart + supports status: true + action [:start] + end + end + + action :stop do + service mysql_name do + provider Chef::Provider::Service::Upstart + supports restart: true, status: true + action [:stop] + end + end + + action :restart do + # With Upstart, restarting the service doesn't behave "as expected". + # We want the post-start stanzas, which wait until the + # service is available before returning + # + # http://upstart.ubuntu.com/cookbook/#restart + service mysql_name do + provider Chef::Provider::Service::Upstart + action [:stop, :start] + end + end + + action :reload do + # With Upstart, reload just sends a HUP signal to the process. + # As far as I can tell, this doesn't work the way it's + # supposed to, so we need to actually restart the service. + service mysql_name do + provider Chef::Provider::Service::Upstart + action [:stop, :start] + end + end + + action_class do + def stop_system_service + service system_service_name do + provider Chef::Provider::Service::Upstart + supports status: true + action [:stop, :disable] + end + end + + def delete_stop_service + service mysql_name do + provider Chef::Provider::Service::Upstart + action [:disable, :stop] + only_if { ::File.exist?("#{etc_dir}/init/#{mysql_name}") } + end + end + end + end +end diff --git a/ops/cookbooks/vendor/mysql/metadata.json b/ops/cookbooks/vendor/mysql/metadata.json new file mode 100644 index 0000000..f847f3b --- /dev/null +++ b/ops/cookbooks/vendor/mysql/metadata.json @@ -0,0 +1 @@ +{"name":"mysql","version":"8.5.1","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"redhat":">= 6.0","centos":">= 6.0","scientific":">= 6.0","oracle":">= 6.0","amazon":">= 0.0.0","fedora":">= 0.0.0","debian":">= 7.0","ubuntu":">= 12.04","opensuse":">= 13.0","opensuseleap":">= 0.0.0","suse":">= 12.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/mysql","issues_url":"https://github.com/chef-cookbooks/mysql/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb b/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb new file mode 100644 index 0000000..130beb7 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb @@ -0,0 +1,14 @@ +/etc/<%= @mysql_name %>/*.pem r, +/etc/<%= @mysql_name %>/conf.d/ r, +/etc/<%= @mysql_name %>/conf.d/* r, +/etc/<%= @mysql_name %>/my.cnf r, +<%= @config.log_dir %>/ r, +<%= @config.log_dir %>/* rw, +<%= @config.data_dir %>/ r, +<%= @config.data_dir %>/** rwk, +<%= @config.run_dir %>/** rw, +<%= @config.pid_file %> rw, +<%= @config.socket_file %> rw, +/tmp/<%= @mysql_name %>/ r, +/tmp/<%= @mysql_name %>/my.sql r, +<%= @config.tmp_dir %>/* rw, diff --git a/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb b/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb new file mode 100644 index 0000000..b261920 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb @@ -0,0 +1 @@ +#include diff --git a/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld.erb b/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld.erb new file mode 100644 index 0000000..19ddbf5 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld.erb @@ -0,0 +1,47 @@ +# vim:syntax=apparmor +# Last Modified: Tue Jun 19 17:37:30 2007 +#include + +/usr/sbin/mysqld { + #include + #include + #include + #include + #include + + capability dac_override, + capability sys_resource, + capability setgid, + capability setuid, + + network tcp, + + /etc/hosts.allow r, + /etc/hosts.deny r, + + /etc/mysql/*.pem r, + /etc/mysql/conf.d/ r, + /etc/mysql/conf.d/* r, + /etc/mysql/*.cnf r, + /usr/lib/mysql/plugin/ r, + /usr/lib/mysql/plugin/*.so* mr, + /usr/sbin/mysqld mr, + /usr/share/mysql/** r, + /var/log/mysql.log rw, + /var/log/mysql.err rw, + /var/lib/mysql/ r, + /var/lib/mysql/** rwk, + /var/log/mysql/ r, + /var/log/mysql/* rw, + /var/run/mysqld/mysqld.pid rw, + /var/run/mysqld/mysqld.sock w, + /var/run/mysqld/mysqld.sock.lock rw, + /run/mysqld/mysqld.pid rw, + /run/mysqld/mysqld.sock w, + /run/mysqld/mysqld.sock.lock rw, + + /sys/devices/system/cpu/ r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/ops/cookbooks/vendor/mysql/templates/default/my.cnf.erb b/ops/cookbooks/vendor/mysql/templates/default/my.cnf.erb new file mode 100644 index 0000000..ff10156 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/my.cnf.erb @@ -0,0 +1,57 @@ +# Chef generated my.cnf for instance mysql-<%= @config.name %> + +[client] +<% if @config.charset %> +default-character-set = <%= @config.charset %> +<% end %> +<% if @config.port %> +port = <%= @config.port %> +<% end %> +<% if @config.socket_file %> +socket = <%= @config.socket_file %> +<% end %> + +[mysql] +<% if @config.charset %> +default-character-set = <%= @config.charset %> +<% end %> + +[mysqld] +<% if @config.run_user %> +user = <%= @config.run_user %> +<% end %> +<% if @config.pid_file %> +pid-file = <%= @config.pid_file %> +<% end %> +<% if @config.socket_file %> +socket = <%= @config.socket_file %> +<% end %> +<% if @config.bind_address %> +bind-address = <%= @config.bind_address %> +<% end %> +<% if @config.port %> +port = <%= @config.port %> +<% end %> +<% if @config.data_dir %> +datadir = <%= @config.data_dir %> +<% end %> +<% if @config.tmp_dir %> +tmpdir = <%= @config.tmp_dir %> +<% end %> +<% @config.mysqld_options.each do |option,value| %> +<%= option %> = <%= value %> +<% end %> +<% if @config.lc_messages_dir %> +lc-messages-dir = <%= @config.lc_messages_dir %> +<% end %> +<% if @config.error_log %> +log-error = <%= @config.error_log %> +<% end %> +<% if @config.include_dir %> +!includedir <%= @config.include_dir %> +<% end %> + +[mysqld_safe] +<% if @config.socket_file %> +socket = <%= @config.socket_file %> +<% end %> diff --git a/ops/cookbooks/vendor/mysql/templates/default/smf/svc.method.mysqld.erb b/ops/cookbooks/vendor/mysql/templates/default/smf/svc.method.mysqld.erb new file mode 100644 index 0000000..5cc178a --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/smf/svc.method.mysqld.erb @@ -0,0 +1,28 @@ +#!/sbin/sh +# +# Generated by Chef +# + +. /lib/svc/share/smf_include.sh + +ulimit -n 10240 + +case "$1" in +start) + <%= @mysqld_bin %> \ + --defaults-file=<%= @defaults_file %> \ + --basedir=<%= @base_dir %> \ + --datadir=<%= @data_dir %> \ + --pid-file=<%= @pid_file %> \ + --log-error=<%= @error_log %> & + ;; +stop) + [ -f <%= @pid_file %> ] && kill `/usr/bin/head -1 <%= @pid_file %>` + ;; +*) + echo "Usage: $0 {start|stop}" >&2 + exit 1 + ;; +esac + +exit $SMF_EXIT_OK diff --git a/ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld-wait-ready.erb b/ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld-wait-ready.erb new file mode 100644 index 0000000..a566bf3 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld-wait-ready.erb @@ -0,0 +1,30 @@ +#!/bin/sh + +daemon_pid="$1" + +# Wait for the server to come up or for the mysqld process to disappear +ret=0 +while /bin/true; do + RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="<%= @socket_file %>" --user=UNKNOWN_MYSQL_USER ping 2>&1` + mret=$? + if [ $mret -eq 0 ]; then + break + fi + # exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected, + # anything else suggests a configuration error + if [ $mret -ne 1 -a $mret -ne 11 ]; then + ret=1 + break + fi + # "Access denied" also means the server is alive + echo "$RESPONSE" | grep -q "Access denied for user" && break + + # Check process still exists + if ! /bin/kill -0 $daemon_pid 2>/dev/null; then + ret=1 + break + fi + sleep 1 +done + +exit $ret diff --git a/ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld.service.erb b/ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld.service.erb new file mode 100644 index 0000000..f1fb6c1 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/systemd/mysqld.service.erb @@ -0,0 +1,16 @@ +[Unit] +Description=mysql_service[mysql-<%= @config.instance %>] +After=syslog.target +After=network.target + +[Service] +Type=simple +User=<%= @config.run_user %> +Group=<%= @config.run_group %> +ExecStart=<%= @mysqld_bin %> --defaults-file=<%= @etc_dir %>/my.cnf --basedir=<%= @base_dir %> +ExecStartPost=/usr/libexec/mysql-<%= @config.instance %>-wait-ready $MAINPID +TimeoutSec=300 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/ops/cookbooks/vendor/mysql/templates/default/sysvinit/mysqld.erb b/ops/cookbooks/vendor/mysql/templates/default/sysvinit/mysqld.erb new file mode 100644 index 0000000..45b952d --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/sysvinit/mysqld.erb @@ -0,0 +1,279 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: <%= @mysql_name %> +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network $time +# Should-Stop: $network $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop the mysql database server daemon +# Description: Controls the main MySQL database server daemon "mysqld" +# and its wrapper script "mysqld_safe". +### END INIT INFO + +# set -e +# set -u + +### Exit code reference +# http://fedoraproject.org/wiki/Packaging:SysVInitScript +# http://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html + +# Source functions +<% if node['platform_family'] == 'rhel' %> +# Source RHEL function library. +. /etc/rc.d/init.d/functions +<% end %> + +#### +# Variables +#### + +STARTTIMEOUT=900 +STOPTIMEOUT=900 +PID_DELAY=60 + +#### +# Helper functions +### + +# Boolean function to see if MYSQL_PID exists and is a number +pid_exists() { + PID_EXISTS=1 + if [ -f <%= @pid_file %> ]; then + MYSQLD_PID=`cat <%= @pid_file %> 2>/dev/null` + if [ -n "$MYSQLD_PID" ] && [ -d "/proc/$MYSQLD_PID" ] ; then + PID_EXISTS=0 + fi + fi + return $PID_EXISTS +} + +# Use mysqladmin to ping the service as an invalid user over a socket +running() { + RUNNING=1 + RESPONSE=`<%= @mysqladmin_bin %> --defaults-file=<%= @defaults_file %> --user=UNKNOWN_MYSQL_USER ping 2>&1` + local mret=$? + if pid_exists \ + && [ $mret -eq 0 ] \ + || [ `echo $RESPONSE | grep -q "Access denied for user"` ]; then + RUNNING=0 + fi + return $RUNNING +} + +writable_error_log() { + WRITABLE_ERROR_LOG=1 + touch "<%= @error_log %>" 2>/dev/null + touchret=$? + if [ $touchret -eq 0 ]; then + chown <%= @config.run_user %>:<%= @config.run_group %> <%= @error_log %> + return 0 + else + return $WRITABLE_ERROR_LOG + fi +} + +print_start_success() { + <% if node['platform_family'] == 'rhel' %> + action $"Starting <%= @mysql_name %>: " /bin/true + <% else %> + echo "Staring MySQL instance <%= @mysql_name %>" + <% end %> + return 0; +} + +print_start_failure() { + <% if node['platform_family'] == 'rhel' %> + action $"Starting <%= @mysql_name %>: " /bin/false + <% else %> + echo "Could not start MySQL instance <%= @mysql_name %>" + <% end %> + return 0; +} + +print_reload_success() { + <% if node['platform_family'] == 'rhel' %> + action $"Reloading <%= @mysql_name %>" /bin/true + <% else %> + echo "Reload success for <%= @mysql_name %>" + <% end %> + return 0; +} + +print_reload_failure() { + <% if node['platform_family'] == 'rhel' %> + action $"Reloading <%= @mysql_name %>" /bin/false + <% else %> + echo "Reload failed for <%= @mysql_name %>" + <% end %> + return 0; +} + +print_stop_success() { + <% if node['platform_family'] == 'rhel' %> + action $"Stopping <%= @mysql_name %>: " /bin/true + <% else %> + echo "Stopping MySQL instance <%= @mysql_name %>" + <% end %> + return 0; +} + +print_stop_failure() { + <% if node['platform_family'] == 'rhel' %> + action $"Stopping <%= @mysql_name %>: " /bin/false + <% else %> + echo "Could not stop MySQL instance <%= @mysql_name %>" + <% end %> + return 0; +} + +start_command() { + # Attempt to start <%= @mysql_name %> + echo "Starting MySQL instance <%= @mysql_name %>" + + local scl_name="<%= @scl_name %>" + + if [ -z $scl_name ]; then + <%= @mysqld_safe_bin %> \ + --defaults-file=<%= @defaults_file %> \ + >/dev/null 2>&1 & + local pid=$! + else + scl enable $scl_name "<%= @mysqld_safe_bin %> \ + --defaults-file=<%= @defaults_file %> \ + >/dev/null 2>&1 &" + local pid=$! + fi + + return $pid +} + +#### +# Init script actions +### + +# Start <%= @mysql_name %> +start() { + # exit 0 if already running. + if running; then + print_start_success + return 0; + fi + + # exit 4 if we can't write to error_log + if ! writable_error_log; then + print_start_failure + return 4 + fi + + # run program + start_command; + start_pid=$? + + # Timeout loop + local TIMEOUT=$STARTTIMEOUT + while [ $TIMEOUT -gt 0 ]; do + if running; then + break + fi + + let CURRENT_DELAY=${STARTTIMEOUT}-${TIMEOUT} + if [ $CURRENT_DELAY -gt $PID_DELAY ] \ + && ! pid_exists; then + break + fi + + sleep 1 + let TIMEOUT=${TIMEOUT}-1 + done + + if running; then + # successbaby.gif + print_start_success + return 0 + elif ! pid_exists; then + # Handle startup failure + print_start_failure + return 3 + elif [ $TIMEOUT -eq 0 ]; then + # Handle timeout + print_start_failure + # clean up + kill $start_pid 2>/dev/null + return 1 + fi +} + +# Reload <%= @mysql_name %> +reload() { + <%= @mysqladmin_bin %> reload + local ret=$? + if [ $ret -eq 0 ]; then + print_reload_success; + else + print_reload_failure; + fi + return $ret +} + +# Status of <%= @mysql_name %> +status() { + if running; then + echo "<%= @mysql_name %> is running" + return 0 + else + echo "<%= @mysql_name %> is not running" + return 1 + fi +} + +# Stop <%= @mysql_name %> +stop() { + if running; then + echo "Stopping MySQL instance <%= @mysql_name %>" + if [ -f <%= @pid_file %> ]; then + /bin/kill `cat <%= @pid_file %> 2>/dev/null` + kstat=$? + fi + + # Timeout loop + local TIMEOUT=$STARTTIMEOUT + while [ $TIMEOUT -gt 0 ]; do + if [ -e <%= @pid_file %> ]; then + sleep 1 + fi + let TIMEOUT=${TIMEOUT}-1 + done + + return $kstat + else + echo "MySQL instance <%= @mysql_name %> Stopped." + return 0 + fi +} + +# main() +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status + ;; + restart) + stop ; start + ;; + reload) + reload + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|reload}" + exit 2 +esac + +exit $? diff --git a/ops/cookbooks/vendor/mysql/templates/default/tmpfiles.d.conf.erb b/ops/cookbooks/vendor/mysql/templates/default/tmpfiles.d.conf.erb new file mode 100644 index 0000000..59d0426 --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/tmpfiles.d.conf.erb @@ -0,0 +1 @@ +d <%= @run_dir %> 0755 <%= @run_user %> <%= @run_group %> - diff --git a/ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld-wait-ready.erb b/ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld-wait-ready.erb new file mode 100644 index 0000000..f99308f --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld-wait-ready.erb @@ -0,0 +1,22 @@ +#!/bin/sh + +# Wait for the server to come up +ret=0 +while /bin/true; do + RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="<%= @socket_file %>" --user=UNKNOWN_MYSQL_USER ping 2>&1` + mret=$? + if [ $mret -eq 0 ]; then + break + fi + # exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected, + # anything else suggests a configuration error + if [ $mret -ne 1 -a $mret -ne 11 ]; then + ret=1 + break + fi + # "Access denied" also means the server is alive + echo "$RESPONSE" | grep -q "Access denied for user" && break + sleep 1 +done + +exit $ret diff --git a/ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld.erb b/ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld.erb new file mode 100644 index 0000000..4ac214c --- /dev/null +++ b/ops/cookbooks/vendor/mysql/templates/default/upstart/mysqld.erb @@ -0,0 +1,26 @@ +# <%= @mysql_name %> Service + +description "MySQL service <%= @mysql_name %>" +author "chef-client" + +start on runlevel [2345] +stop on starting rc RUNLEVEL=[016] + +respawn +respawn limit 2 5 + +env HOME=/etc/<%= @mysql_name %> +umask 007 + +kill timeout 300 + +pre-start script +[ -d /run/<%= @mysql_name %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d /run/<%= @mysql_name %> +[ -d <%= @socket_dir %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d <%= @socket_dir %> +end script + +exec /usr/sbin/mysqld --defaults-file=<%= @defaults_file %> + +post-start script +/usr/sbin/<%= @mysql_name %>-wait-ready +end script diff --git a/ops/cookbooks/vendor/nodejs/CHANGELOG.md b/ops/cookbooks/vendor/nodejs/CHANGELOG.md new file mode 100644 index 0000000..0b1c31e --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/CHANGELOG.md @@ -0,0 +1,166 @@ +# NodeJS Cookbook Changelog + +## 6.0.0 (2018-10-11) + +- Use the build_essential resource in the source install recipe instead of the build-essential::default recipe. This way we can use the new built-in build_essential resource in Chef 14+ +- Set default version to Node.js v8.12.0 + +## 5.0.0 (2017-11-15) + +- nodejs_npm resource has been converted to a custom resource and renamed to npm_package. The existing resource name will continue to function, but over time code should be updated for the new name. This name change has been made so we can eventually merge this resource into the chef-client. +- compat_resource cookbook dependency has been removed and this cookbook instead requires Chef 12.14 or later +- Chef 13 compatibility has been resolved +- The npm_package resource now properly installs packages when the 'package' property is setA +- Speed up npm operations by only returning a list of the desired package instead of every npm package +- Speed up source installation by using multipackage install for the dependencies +- Remove the broken url_valid? helper which didn't work + +## 4.0.0 (2017-07-11) + +- Updated the cookbook to require Chef 12.1+ and the compat_resource cookbook +- Removed support for io.js which has merged back into the node.js project +- Removed the dependency on homebrew, yum-epel, and apt cookbooks +- Added node['nodejs']['manage_node'] attribute to use only cookbook's LWRP (required to manage node by nvm) +- Updated the default repository URLs to be the 6.X repos +- Added initial support for Suse and Amazon Linux +- Improved architecture detection to support aarch64 +- Improved readme with examples for fetching your own binaries +- Added installation of openssl and xz utilities that are needed for the binary install recipe +- Updated the cookbook license string to be an SPDX compliant string +- Set the minimum version of the ark cookbook to 2.0.2 in order to support Suse +- Updated the default version from 6.9.1 to 6.10.2 +- Switched to Delivery local mode for testing +- Added Integration testing in Travis CI with kitchen-dokken and ChefDK + +## 3.0.0 (2016-11-02) + +- Updated the default release to the nodejs 6.9.1\. This requires C++11 extensions to compile, which are only present in GCC 4.8+. Due to this RHEL 5/6 and Ubuntu 12.04 are not supported if using this version. +- Switched the download URLs to the .xz packages since the .tar.gz packages are no longer being created +- Improvements to the readme examples and requirements sections +- Removed installation of apt-transport-https and instead rely on an apt cookbook that will do the same +- Fixed the ChefSpec matchers +- Added Scientific, Oracle, and Amazon as supported distros in the metadata +- Added chef_version metadata +- Removed conflicts and suggests metadata which aren't implemented or recommended for use +- Removed Chef 10 compatibility code +- Switched Integration testing to Inspec from bats +- Added the Apache 2.0 license file to the repo +- Expanded Test Kitchen testing +- Switched from Rubocop to Cookstyle and resolved all warnings +- Switched Travis to testing using ChefDK + +## 2.4.4 + +- Use HTTPS prefix URLs for node download #98 +- Update NPM symlink when installing from source #105 +- Add support for NPM private modules #107 + +## v2.4.2 + +- Fix check version +- Support iojs package install + +## v2.4.0 + +- Move `npm_packages` to his own recipe +- Fix different race conditions when using direct recipe call +- Fix npm recipe + +## v2.3.2 + +- Fix package recipe + +## v2.3.0 + +- Support io.js. Use node['nodejs']['engine']. +- Add MacOS support via homebrew + +## v2.2.0 + +- Add node['nodejs']['keyserver'] +- Update arm checksum +- Fix `npm_packages` JSON + +## v2.1.0 + +- Use official nodesource repository +- Add node['nodejs']['npm_packages'] to install npm package with `default` recipe + +## v2.0.0 + +- Travis integration +- Gems updated +- Rewrite cookbook dependencies +- Added complete test-kitchen integration : Rake, rubocop, foodcritic, vagrant, bats testing ... +- Added NodeJS `install_method` option (sources, bins or packages) +- Added NPM `install_method` option (sources or packages) +- NPM version can now be chosen independently from nodejs' embedded version +- Added a `nodejs_npm` LWRP to manage, install and resolve NPM packages + +## v1.3.0 + +- update default versions to the latest: node - v0.10.15 and npm - v1.3.5 +- default to package installation of nodejs on smartos ([@wanelo-pair]) +- Add Raspberry pi support ([@robertkowalski]) + +## v1.2.0 + +- implement installation from package on RedHat - ([@vaskas]) + +## v1.1.3: + +- update default version of node to 0.10.13 - and npm - v1.3.4 ([@jodosha][]) + +## v1.1.2: + +- update default version of node to 0.10.2 - ([@bakins]) +- fully migrated to test-kitchen 1.alpha and vagrant 1.1.x/berkshelf 1.3.1 + +## v1.1.1: + +- update default versions to the latest: node - v0.10.0 and npm - v1.2.14 +- `make_thread` is now a real attribute - ([@ChrisLundquist]) + +## v1.1.0: + +- rewrite the package install; remove rpm support since there are no longer any packages available anywhere +- add support to install `legacy_packages` from ubuntu repo as well as the latest 0.10.x branch (this is default). + +## v1.0.4: + +- add support for binary installation method ([@JulesAU]) + +## v1.0.3: + +- unreleased + +## v1.0.2: + +- add smartos support for package install ([@sax]) +- support to compile with all processors available (default 2 if unknown) - ([@ChrisLundquist]) +- moved to `platform_family` syntax +- ensure npm recipe honours the 'source' or 'package' setting - ([@markbirbeck]) +- updated the default versions to the latest stable node/npm + +## v1.0.1: + +- fixed bug that prevented overwritting the node/npm versions (moved the `src_url`s as local variables instead of attributes) - ([@johannesbecker]) +- updated the default versions to the latest node/npm + +## v1.0.0: + +- added packages installation support ([@smith]) + +[@bakins]: https://github.com/bakins +[@chrislundquist]: https://github.com/ChrisLundquist +[@gmccue]: https://github.com/gmccue +[@johannesbecker]: https://github.com/johannesbecker +[@julesau]: https://github.com/JulesAU +[@markbirbeck]: https://github.com/markbirbeck +[@predominant]: https://github.com/predominant +[@robertkowalski]: https://github.com/robertkowalski +[@sax]: https://github.com/sax +[@sjlu]: https://github.com/sjlu +[@smith]: https://github.com/smith +[@vaskas]: https://github.com/vaskas +[@wanelo-pair]: https://github.com/wanelo-pair diff --git a/ops/cookbooks/vendor/nodejs/README.md b/ops/cookbooks/vendor/nodejs/README.md new file mode 100644 index 0000000..6aa7fc2 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/README.md @@ -0,0 +1,199 @@ +# [nodejs-cookbook](https://github.com/redguide/nodejs) + +[![CK Version](http://img.shields.io/cookbook/v/nodejs.svg?branch=master)](https://supermarket.chef.io/cookbooks/nodejs) [![Build Status](https://img.shields.io/travis/redguide/nodejs.svg)](https://travis-ci.org/redguide/nodejs) [![Gitter chat](https://badges.gitter.im/redguide/nodejs.svg)](https://gitter.im/redguide/nodejs) + +Installs node.js/npm and includes a resource for managing npm packages + +## Requirements + +### Platforms + +- Debian/Ubuntu +- RHEL/CentOS/Scientific/Amazon/Oracle +- openSUSE + +Note: Source installs require GCC 4.8+, which is not included on older distro releases + +### Chef + +- Chef 12.14+ + +### Cookbooks + +- build-essential +- ark + +## Usage + +Include the nodejs recipe to install node on your system based on the default installation method: + +```chef +include_recipe "nodejs" +``` + +### Install methods + +#### Package + +Install node from packages: + +```chef +node['nodejs']['install_method'] = 'package' # Not necessary because it's the default +include_recipe "nodejs" +# Or +include_recipe "nodejs::nodejs_from_package" +``` + +By default this will setup deb/rpm repositories from nodesource.com, which include up to date NodeJS packages. If you prefer to use distro provided package you can disable this behavior by setting `node['nodejs']['install_repo']` to `false`. + +#### Binary + +Install node from official prebuilt binaries: + +```chef +node['nodejs']['install_method'] = 'binary' +include_recipe "nodejs" + +# Or +include_recipe "nodejs::nodejs_from_binary" + +# Or set a specific version of nodejs to be installed +node.default['nodejs']['install_method'] = 'binary' +node.default['nodejs']['version'] = '5.9.0' +node.default['nodejs']['binary']['checksum'] = '99c4136cf61761fac5ac57f80544140a3793b63e00a65d4a0e528c9db328bf40' + +# Or fetch the binary from your own location +node.default['nodejs']['install_method'] = 'binary' +node.default['nodejs']['binary']['url'] = 'https://s3.amazonaws.com/my-bucket/node-v7.8.0-linux-x64.tar.gz' +node.default['nodejs']['binary']['checksum'] = '0bd86f2a39221b532172c7d1acb57f0b0cba88c7b82ea74ba9d1208b9f6f9697' +``` + +#### Source + +Install node from sources: + +```chef +node['nodejs']['install_method'] = 'source' +include_recipe "nodejs" +# Or +include_recipe "nodejs::nodejs_from_source" +``` + +## NPM + +Npm is included in nodejs installs by default. By default, we are using it and call it `embedded`. Adding recipe `nodejs::npm` assure you to have npm installed and let you choose install method with `node['nodejs']['npm']['install_method']` + +```chef +include_recipe "nodejs::npm" +``` + +_Warning:_ This recipe will include the `nodejs` recipe, which by default includes `nodejs::nodejs_from_package` if you did not set `node['nodejs']['install_method']`. + +## Resources + +### npm_package + +note: This resource was previously named nodejs_npm. Calls to that resource name will still function, but cookbooks should be updated for the new npm_package resource name. + +`npm_package` let you install npm packages from various sources: + +- npm registry: + + - name: `property :package` + - version: `property :version` (optional) + +- url: `property :url` + + - for git use `git://{your_repo}` + +- from a json (package.json by default): `property :json` + + - use `true` for default + - use a `String` to specify json file + +Packages can be installed globally (by default) or in a directory (by using `attribute :path`) + +You can specify an `NPM_TOKEN` environment variable for accessing [NPM private modules](https://docs.npmjs.com/private-modules/intro) by using `attribute :npm_token` + +You can append more specific options to npm command with `attribute :options` array : + +- use an array of options (w/ dash), they will be added to npm call. +- ex: `['--production','--force']` or `['--force-latest']` + +This LWRP attempts to use vanilla npm as much as possible (no custom wrapper). + +### Packages + +```ruby +npm_package 'express' + +npm_package 'async' do + version '0.6.2' +end + +npm_package 'request' do + url 'github mikeal/request' +end + +npm_package 'grunt' do + path '/home/random/grunt' + json true + user 'random' +end + +npm_package 'my_private_module' do + path '/home/random/myproject' # The root path to your project, containing a package.json file + json true + npm_token '12345-abcde-e5d4c3b2a1' + user 'random' + options ['--production'] # Only install dependencies. Skip devDependencies +end +``` + +[Working Examples](test/cookbooks/nodejs_test/recipes/npm.rb) + +Or add packages via attributes (which accept the same attributes as the LWRP above): + +```json +"nodejs": { + "npm_packages": [ + { + "name": "express" + }, + { + "name": "async", + "version": "0.6.2" + }, + { + "name": "request", + "url": "github mikeal/request" + } + { + "name": "grunt", + "path": "/home/random/grunt", + "json": true, + "user": "random" + } + ] +} +``` + +## License & Authors + +**Author:** Marius Ducea (marius@promethost.com) **Author:** Nathan L Smith (nlloyds@gmail.com) **Author:** Guilhem Lettron (guilhem@lettron.fr) **Author:** Barthelemy Vessemont (bvessemont@gmail.com) + +**Copyright:** 2008-2017, Chef Software, Inc. + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/ops/cookbooks/vendor/nodejs/attributes/default.rb b/ops/cookbooks/vendor/nodejs/attributes/default.rb new file mode 100644 index 0000000..88357a6 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/attributes/default.rb @@ -0,0 +1,41 @@ +# +# Cookbook:: nodejs +# Attributes:: nodejs +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when 'smartos', 'rhel', 'debian', 'fedora', 'mac_os_x', 'suse', 'amazon' + default['nodejs']['install_method'] = 'package' +else + default['nodejs']['install_method'] = 'source' +end + +default['nodejs']['version'] = '8.12.0' + +default['nodejs']['prefix_url']['node'] = 'https://nodejs.org/dist/' + +default['nodejs']['source']['url'] = nil # Auto generated +default['nodejs']['source']['checksum'] = 'b4797843136edd9195c28221a1680ae52c29d867fc5fc1c99f7d6e2f2126a67b' + +default['nodejs']['binary']['url'] = nil # Auto generated +default['nodejs']['binary']['checksum']['linux_x64'] = '3df19b748ee2b6dfe3a03448ebc6186a3a86aeab557018d77a0f7f3314594ef6' +default['nodejs']['binary']['checksum']['linux_x86'] = '56ecffbd8a656991f71e4b53ab00af333c97453062cadc20a2103b933088d24d' +default['nodejs']['binary']['checksum']['linux_arm64'] = '781ecf1ecb14b4c671ef0732988636282d6fb7071c4bd52567f663b008796bc9' + +default['nodejs']['make_threads'] = node['cpu'] ? node['cpu']['total'].to_i : 2 + +default['nodejs']['manage_node'] = true diff --git a/ops/cookbooks/vendor/nodejs/attributes/npm.rb b/ops/cookbooks/vendor/nodejs/attributes/npm.rb new file mode 100644 index 0000000..97ee5d3 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/attributes/npm.rb @@ -0,0 +1,2 @@ +default['nodejs']['npm']['install_method'] = 'embedded' +default['nodejs']['npm']['version'] = 'latest' diff --git a/ops/cookbooks/vendor/nodejs/attributes/packages.rb b/ops/cookbooks/vendor/nodejs/attributes/packages.rb new file mode 100644 index 0000000..169e28a --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/attributes/packages.rb @@ -0,0 +1,11 @@ +include_attribute 'nodejs::default' +include_attribute 'nodejs::repo' + +default['nodejs']['packages'] = value_for_platform_family( + 'debian' => node['nodejs']['install_repo'] ? ['nodejs'] : ['nodejs', 'npm', 'nodejs-dev'], + %w(rhel fedora amazon) => node['nodejs']['install_repo'] ? ['nodejs', 'nodejs-devel'] : ['nodejs', 'npm', 'nodejs-dev'], + 'suse' => node['platform_version'].to_i < 42 ? ['nodejs', 'nodejs-devel'] : ['nodejs4', 'npm4', 'nodejs4-devel'], + 'mac_os_x' => ['node'], + 'freebsd' => %w(node npm), + 'default' => ['nodejs'] +) diff --git a/ops/cookbooks/vendor/nodejs/attributes/repo.rb b/ops/cookbooks/vendor/nodejs/attributes/repo.rb new file mode 100644 index 0000000..fa95c19 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/attributes/repo.rb @@ -0,0 +1,12 @@ +case node['platform_family'] +when 'debian' + default['nodejs']['install_repo'] = true + default['nodejs']['repo'] = 'https://deb.nodesource.com/node_6.x' + default['nodejs']['keyserver'] = 'keyserver.ubuntu.com' + default['nodejs']['key'] = '1655a0ab68576280' +when 'rhel', 'amazon' + default['nodejs']['install_repo'] = true + release_ver = platform?('amazon') ? 6 : node['platform_version'].to_i + default['nodejs']['repo'] = "https://rpm.nodesource.com/pub_6.x/el/#{release_ver}/$basearch" + default['nodejs']['key'] = 'https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL' +end diff --git a/ops/cookbooks/vendor/nodejs/libraries/nodejs_helper.rb b/ops/cookbooks/vendor/nodejs/libraries/nodejs_helper.rb new file mode 100644 index 0000000..d566065 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/libraries/nodejs_helper.rb @@ -0,0 +1,40 @@ +module NodeJs + module Helper + def npm_dist + if node['nodejs']['npm']['url'] + { 'url' => node['nodejs']['npm']['url'] } + else + + require 'open-uri' + require 'json' + result = JSON.parse(URI.parse("https://registry.npmjs.org/npm/#{node['nodejs']['npm']['version']}").read, max_nesting: false) + ret = { 'url' => result['dist']['tarball'], 'version' => result['_npmVersion'], 'shasum' => result['dist']['shasum'] } + Chef::Log.debug("Npm dist #{ret}") + ret + end + end + + def npm_list(package, path = nil, environment = {}) + require 'json' + cmd = if path + Mixlib::ShellOut.new("npm list #{package} -json", cwd: path, environment: environment) + else + Mixlib::ShellOut.new("npm list #{package} -global -json", environment: environment) + end + + JSON.parse(cmd.run_command.stdout, max_nesting: false) + end + + def version_valid?(list, package, version) + (version ? list[package]['version'] == version : true) + end + + def npm_package_installed?(package, version = nil, path = nil, npm_token = nil) + environment = { 'NPM_TOKEN' => npm_token } if npm_token + + list = npm_list(package, path, environment)['dependencies'] + # Return true if package installed and installed to good version + !list.nil? && list.key?(package) && version_valid?(list, package, version) + end + end +end diff --git a/ops/cookbooks/vendor/nodejs/metadata.json b/ops/cookbooks/vendor/nodejs/metadata.json new file mode 100644 index 0000000..b24d20c --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/metadata.json @@ -0,0 +1 @@ +{"name":"nodejs","version":"6.0.0","description":"Installs/Configures node.js","long_description":"# [nodejs-cookbook](https://github.com/redguide/nodejs)\n\n[![CK Version](http://img.shields.io/cookbook/v/nodejs.svg?branch=master)](https://supermarket.chef.io/cookbooks/nodejs) [![Build Status](https://img.shields.io/travis/redguide/nodejs.svg)](https://travis-ci.org/redguide/nodejs) [![Gitter chat](https://badges.gitter.im/redguide/nodejs.svg)](https://gitter.im/redguide/nodejs)\n\nInstalls node.js/npm and includes a resource for managing npm packages\n\n## Requirements\n\n### Platforms\n\n- Debian/Ubuntu\n- RHEL/CentOS/Scientific/Amazon/Oracle\n- openSUSE\n\nNote: Source installs require GCC 4.8+, which is not included on older distro releases\n\n### Chef\n\n- Chef 12.14+\n\n### Cookbooks\n\n- build-essential\n- ark\n\n## Usage\n\nInclude the nodejs recipe to install node on your system based on the default installation method:\n\n```chef\ninclude_recipe \"nodejs\"\n```\n\n### Install methods\n\n#### Package\n\nInstall node from packages:\n\n```chef\nnode['nodejs']['install_method'] = 'package' # Not necessary because it's the default\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_package\"\n```\n\nBy default this will setup deb/rpm repositories from nodesource.com, which include up to date NodeJS packages. If you prefer to use distro provided package you can disable this behavior by setting `node['nodejs']['install_repo']` to `false`.\n\n#### Binary\n\nInstall node from official prebuilt binaries:\n\n```chef\nnode['nodejs']['install_method'] = 'binary'\ninclude_recipe \"nodejs\"\n\n# Or\ninclude_recipe \"nodejs::nodejs_from_binary\"\n\n# Or set a specific version of nodejs to be installed\nnode.default['nodejs']['install_method'] = 'binary'\nnode.default['nodejs']['version'] = '5.9.0'\nnode.default['nodejs']['binary']['checksum'] = '99c4136cf61761fac5ac57f80544140a3793b63e00a65d4a0e528c9db328bf40'\n\n# Or fetch the binary from your own location\nnode.default['nodejs']['install_method'] = 'binary'\nnode.default['nodejs']['binary']['url'] = 'https://s3.amazonaws.com/my-bucket/node-v7.8.0-linux-x64.tar.gz'\nnode.default['nodejs']['binary']['checksum'] = '0bd86f2a39221b532172c7d1acb57f0b0cba88c7b82ea74ba9d1208b9f6f9697'\n```\n\n#### Source\n\nInstall node from sources:\n\n```chef\nnode['nodejs']['install_method'] = 'source'\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_source\"\n```\n\n## NPM\n\nNpm is included in nodejs installs by default. By default, we are using it and call it `embedded`. Adding recipe `nodejs::npm` assure you to have npm installed and let you choose install method with `node['nodejs']['npm']['install_method']`\n\n```chef\ninclude_recipe \"nodejs::npm\"\n```\n\n_Warning:_ This recipe will include the `nodejs` recipe, which by default includes `nodejs::nodejs_from_package` if you did not set `node['nodejs']['install_method']`.\n\n## Resources\n\n### npm_package\n\nnote: This resource was previously named nodejs_npm. Calls to that resource name will still function, but cookbooks should be updated for the new npm_package resource name.\n\n`npm_package` let you install npm packages from various sources:\n\n- npm registry:\n\n - name: `property :package`\n - version: `property :version` (optional)\n\n- url: `property :url`\n\n - for git use `git://{your_repo}`\n\n- from a json (package.json by default): `property :json`\n\n - use `true` for default\n - use a `String` to specify json file\n\nPackages can be installed globally (by default) or in a directory (by using `attribute :path`)\n\nYou can specify an `NPM_TOKEN` environment variable for accessing [NPM private modules](https://docs.npmjs.com/private-modules/intro) by using `attribute :npm_token`\n\nYou can append more specific options to npm command with `attribute :options` array :\n\n- use an array of options (w/ dash), they will be added to npm call.\n- ex: `['--production','--force']` or `['--force-latest']`\n\nThis LWRP attempts to use vanilla npm as much as possible (no custom wrapper).\n\n### Packages\n\n```ruby\nnpm_package 'express'\n\nnpm_package 'async' do\n version '0.6.2'\nend\n\nnpm_package 'request' do\n url 'github mikeal/request'\nend\n\nnpm_package 'grunt' do\n path '/home/random/grunt'\n json true\n user 'random'\nend\n\nnpm_package 'my_private_module' do\n path '/home/random/myproject' # The root path to your project, containing a package.json file\n json true\n npm_token '12345-abcde-e5d4c3b2a1'\n user 'random'\n options ['--production'] # Only install dependencies. Skip devDependencies\nend\n```\n\n[Working Examples](test/cookbooks/nodejs_test/recipes/npm.rb)\n\nOr add packages via attributes (which accept the same attributes as the LWRP above):\n\n```json\n\"nodejs\": {\n \"npm_packages\": [\n {\n \"name\": \"express\"\n },\n {\n \"name\": \"async\",\n \"version\": \"0.6.2\"\n },\n {\n \"name\": \"request\",\n \"url\": \"github mikeal/request\"\n }\n {\n \"name\": \"grunt\",\n \"path\": \"/home/random/grunt\",\n \"json\": true,\n \"user\": \"random\"\n }\n ]\n}\n```\n\n## License & Authors\n\n**Author:** Marius Ducea (marius@promethost.com) **Author:** Nathan L Smith (nlloyds@gmail.com) **Author:** Guilhem Lettron (guilhem@lettron.fr) **Author:** Barthelemy Vessemont (bvessemont@gmail.com)\n\n**Copyright:** 2008-2017, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"redguide","maintainer_email":"guilhem@lettron.fr","license":"Apache-2.0","platforms":{"debian":">= 0.0.0","ubuntu":">= 0.0.0","centos":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","amazon":">= 0.0.0","smartos":">= 0.0.0","mac_os_x":">= 0.0.0","opensuseleap":">= 0.0.0","suse":">= 0.0.0"},"dependencies":{"build-essential":">= 5.0","ark":">= 2.0.2"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/redguide/nodejs","issues_url":"https://github.com/redguide/nodejs/issues","chef_version":[[">= 12.14"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/nodejs/recipes/default.rb b/ops/cookbooks/vendor/nodejs/recipes/default.rb new file mode 100644 index 0000000..a4234be --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/default.rb @@ -0,0 +1,23 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: default +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'nodejs::install' if node['nodejs']['manage_node'] +include_recipe 'nodejs::npm' if node['nodejs']['manage_node'] +include_recipe 'nodejs::npm_packages' if node['nodejs']['manage_node'] diff --git a/ops/cookbooks/vendor/nodejs/recipes/install.rb b/ops/cookbooks/vendor/nodejs/recipes/install.rb new file mode 100644 index 0000000..bb4b529 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/install.rb @@ -0,0 +1,21 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: install +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "nodejs::nodejs_from_#{node['nodejs']['install_method']}" diff --git a/ops/cookbooks/vendor/nodejs/recipes/iojs.rb b/ops/cookbooks/vendor/nodejs/recipes/iojs.rb new file mode 100644 index 0000000..a1244b0 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/iojs.rb @@ -0,0 +1 @@ +Chef::Log.fatal('The nodejs::iojs recipe has been deprecated. If you need iojs installation pin to cookbook version 3.0.1.') diff --git a/ops/cookbooks/vendor/nodejs/recipes/nodejs.rb b/ops/cookbooks/vendor/nodejs/recipes/nodejs.rb new file mode 100644 index 0000000..368b88d --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/nodejs.rb @@ -0,0 +1,21 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: nodejs +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Log.fatal('The nodejs::nodejs recipe is no longer used. Use nodejs::install to install nodejs instead.') diff --git a/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_binary.rb b/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_binary.rb new file mode 100644 index 0000000..640e12c --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_binary.rb @@ -0,0 +1,65 @@ +# +# Author:: Julian Wilde (jules@jules.com.au) +# Cookbook:: nodejs +# Recipe:: install_from_binary +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Recipe.send(:include, NodeJs::Helper) + +# Shamelessly borrowed from http://docs.chef.io/dsl_recipe_method_platform.html +# Surely there's a more canonical way to get arch? +arch = if node['kernel']['machine'] =~ /armv6l/ + # FIXME: This should really check the version of node we're looking for + # as it seems that they haven't build an `arm-pi` version in a while... + # if it's old, return this, otherwise just return `node['kernel']['machine']` + 'arm-pi' # assume a raspberry pi + elsif node['kernel']['machine'] =~ /aarch64/ + 'arm64' + elsif node['kernel']['machine'] =~ /x86_64/ + 'x64' + elsif node['kernel']['machine'] =~ /\d86/ + 'x86' + else + node['kernel']['machine'] + end + +# needed to uncompress the binary +package 'tar' if platform_family?('rhel', 'fedora', 'amazon', 'suse') + +# package_stub is for example: "node-v6.9.1-linux-x64.tar.gz" +version = "v#{node['nodejs']['version']}/" +prefix = node['nodejs']['prefix_url']['node'] + +filename = "node-v#{node['nodejs']['version']}-linux-#{arch}.tar.gz" +archive_name = 'nodejs-binary' +binaries = ['bin/node'] + +binaries.push('bin/npm') if node['nodejs']['npm']['install_method'] == 'embedded' + +if node['nodejs']['binary']['url'] + nodejs_bin_url = node['nodejs']['binary']['url'] + checksum = node['nodejs']['binary']['checksum'] +else + nodejs_bin_url = ::URI.join(prefix, version, filename).to_s + checksum = node['nodejs']['binary']['checksum']["linux_#{arch}"] +end + +ark archive_name do + url nodejs_bin_url + version node['nodejs']['version'] + checksum checksum + has_binaries binaries + action :install +end diff --git a/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_package.rb b/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_package.rb new file mode 100644 index 0000000..6bd995d --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_package.rb @@ -0,0 +1,33 @@ +# +# Author:: Nathan L Smith (nlloyds@gmail.com) +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: package +# +# Copyright:: 2012-2017, Cramer Development, Inc. +# Copyright:: 2013-2017, Opscale +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'nodejs::repo' if node['nodejs']['install_repo'] + +unless node['nodejs']['packages'] + Chef::Log.error 'No package for nodejs' + Chef::Log.warn 'Please use the source or binary method to install node' + return +end + +node['nodejs']['packages'].each do |node_pkg| + package node_pkg +end diff --git a/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_source.rb b/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_source.rb new file mode 100644 index 0000000..5771912 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/nodejs_from_source.rb @@ -0,0 +1,45 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: source +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Recipe.send(:include, NodeJs::Helper) + +build_essential 'install build tools' + +case node['platform_family'] +when 'rhel', 'fedora', 'amazon' + package %w(openssl-devel tar) +when 'debian' + package 'libssl-dev' +end + +version = "v#{node['nodejs']['version']}/" +prefix = node['nodejs']['prefix_url']['node'] +filename = "node-v#{node['nodejs']['version']}.tar.gz" +archive_name = 'nodejs-source' + +nodejs_src_url = node['nodejs']['source']['url'] || ::URI.join(prefix, version, filename).to_s + +ark archive_name do + url nodejs_src_url + version node['nodejs']['version'] + checksum node['nodejs']['source']['checksum'] + make_opts ["-j #{node['nodejs']['make_threads']}"] + action :install_with_make +end diff --git a/ops/cookbooks/vendor/nodejs/recipes/npm.rb b/ops/cookbooks/vendor/nodejs/recipes/npm.rb new file mode 100644 index 0000000..9d049fc --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/npm.rb @@ -0,0 +1,28 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: npm +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['nodejs']['npm']['install_method'] +when 'embedded' + include_recipe 'nodejs::install' +when 'source' + include_recipe 'nodejs::npm_from_source' +else + Chef::Log.error('No install method found for npm') +end diff --git a/ops/cookbooks/vendor/nodejs/recipes/npm_from_source.rb b/ops/cookbooks/vendor/nodejs/recipes/npm_from_source.rb new file mode 100644 index 0000000..bfe6871 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/npm_from_source.rb @@ -0,0 +1,32 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook:: nodejs +# Recipe:: npm +# +# Copyright:: 2010-2017, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Recipe.send(:include, NodeJs::Helper) + +include_recipe 'nodejs::nodejs_from_source' + +dist = npm_dist + +ark 'npm' do + url dist['url'] + checksum dist['checksum'] + version dist['version'] + action :install_with_make +end diff --git a/ops/cookbooks/vendor/nodejs/recipes/npm_packages.rb b/ops/cookbooks/vendor/nodejs/recipes/npm_packages.rb new file mode 100644 index 0000000..3331fb3 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/npm_packages.rb @@ -0,0 +1,11 @@ +node['nodejs']['npm_packages'].each do |pkg| + pkg_action = pkg.key?('action') ? pkg['action'] : :install + f = npm_package "nodejs_npm-#{pkg['name']}-#{pkg_action}" do + action :nothing + package pkg['name'] + end + pkg.each do |key, value| + f.send(key, value) unless key == 'name' || key == 'action' + end + f.action(pkg_action) +end if node['nodejs'].key?('npm_packages') diff --git a/ops/cookbooks/vendor/nodejs/recipes/repo.rb b/ops/cookbooks/vendor/nodejs/recipes/repo.rb new file mode 100644 index 0000000..6ac4ca2 --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/recipes/repo.rb @@ -0,0 +1,20 @@ +case node['platform_family'] +when 'debian' + package 'nodejs-apt-transport-https' do + package_name 'apt-transport-https' + end + + apt_repository 'node.js' do + uri node['nodejs']['repo'] + distribution node['lsb']['codename'] + components ['main'] + keyserver node['nodejs']['keyserver'] + key node['nodejs']['key'] + end +when 'rhel', 'amazon' + yum_repository 'node.js' do + description 'nodesource.com nodejs repository' + baseurl node['nodejs']['repo'] + gpgkey node['nodejs']['key'] + end +end diff --git a/ops/cookbooks/vendor/nodejs/resources/npm_package.rb b/ops/cookbooks/vendor/nodejs/resources/npm_package.rb new file mode 100644 index 0000000..7bd170a --- /dev/null +++ b/ops/cookbooks/vendor/nodejs/resources/npm_package.rb @@ -0,0 +1,100 @@ +# +# Cookbook:: nodejs +# Resource:: npm +# +# Author:: Sergey Balbeko +# +# Copyright:: 2012-2017, Sergey Balbeko +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +resource_name :npm_package + +# backwards compatibility for the old resource name +provides :nodejs_npm + +property :package, name_property: true +property :version, String +property :path, String +property :url, String +property :json, [String, true] +property :npm_token, String +property :options, Array, default: [] +property :user, String +property :group, String + +def initialize(*args) + super + @run_context.include_recipe 'nodejs::npm' if node['nodejs']['manage_node'] +end + +action :install do + execute "install NPM package #{new_resource.package}" do + cwd new_resource.path + command "npm install #{npm_options}" + user new_resource.user + group new_resource.group + environment npm_env_vars + not_if { package_installed? } + end +end + +action :uninstall do + execute "uninstall NPM package #{new_resource.package}" do + cwd new_resource.path + command "npm uninstall #{npm_options}" + user new_resource.user + group new_resource.group + environment npm_env_vars + only_if { package_installed? } + end +end + +action_class do + include NodeJs::Helper + + def npm_env_vars + env_vars = {} + env_vars['HOME'] = ::Dir.home(new_resource.user) if new_resource.user + env_vars['USER'] = new_resource.user if new_resource.user + env_vars['NPM_TOKEN'] = new_resource.npm_token if new_resource.npm_token + + env_vars + end + + def package_installed? + new_resource.package && npm_package_installed?(new_resource.package, new_resource.version, new_resource.path, new_resource.npm_token) + end + + def npm_options + options = '' + options << ' -global' unless new_resource.path + new_resource.options.each do |option| + options << " #{option}" + end + options << " #{npm_package}" + end + + def npm_package + if new_resource.json + new_resource.json.is_a?(String) ? new_resource.json : nil + elsif new_resource.url + new_resource.url + elsif new_resource.package + new_resource.version ? "#{new_resource.package}@#{new_resource.version}" : new_resource.package + else + Chef::Log.error("No good options found to install #{new_resource.package}") + end + end +end diff --git a/ops/cookbooks/vendor/postgresql/CHANGELOG.md b/ops/cookbooks/vendor/postgresql/CHANGELOG.md new file mode 100644 index 0000000..95af871 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/CHANGELOG.md @@ -0,0 +1,153 @@ +# postgresql Cookbook CHANGELOG + +This file is used to list changes made in the last 3 major versions of the postgresql cookbook. + +## Unreleased + +## v7.1.4 (28-03-2019) + +- Fix installation of extensions. + +## v7.1.3 (15-01-2019) + +- Added support for dash in database role name. + +## v7.1.2 (06-01-2019) + +- Cleanup and update the user resource documentation and code. Removed extraneous 'sensitive' property which is a common property in all Chef resources. +- Change default permissions on the postgres.conf to be world readable so that psql can work. + +## v7.1.1 (26-09-2018) + +- Rename slave to follower +- Use CircleCI for testing +- Simplyfy extension resource + +## v7.1.0 (22-06-2018) + +- Update the `initdb` script to use initdb rather than a service. #542 +- Refactor database commands to use the common connect method. #535 +- Increase the unit test coverage. + +## v7.0.0 (25-05-2018) + +_Breaking Change_ Please see UPGRADING.md and the README.md for information how to use. + +- Add custom resources for: + + - `postgresql_client_install` + - `postgresql_server_install` + - `postgresql_repository` + - `postgresql_pg_gem` + +- Deprecate recipes: + + - `apt_pgdg_postgresql` + - `config_initdb` + - `config_pgtune` + - `contrib` + - `ruby` + - `yum_pgdg_postgresql` + +- Remove deprecated tests + +## v6.1.3 (2018-04-18) + +- Fix recipes referencing the old helpers + +## v6.1.2 (2018-04-16) + +**this will be the last release of the 6.0 series before all recipes are removed from the cookbook** + +- Deprecate all recipes + +## v6.1.1 (2017-03-08) + +- Fix pg gem installation on non-omnibus chef runs +- Resolve resource cloning deprecation warnings in the ruby recipe +- Fix issues resolving the timezone on CentOS 7 and probably other distros +- Test with Delivery local instead of Rake + +## v6.1.0 (2017-02-18) + +- Fix a method name conflict that caused errors if Chef Sugar was also being used on the run list +- Revert a previous PR that added support for Postgresql 9.6 as it introduced incorrect configuration values +- Added Fedora 25 support for pgdg packages +- Added RHEL 5 support for Postgresql 9.4 pgdg packages +- Removed testing for RHEL 5 and Ubuntu 12.04 as they are scheduled for EoL in the near future +- Improvements to Test Kitchen testing to allow more extensive testing in Travis CI +- Fixed the client recipe on Fedora +- Added Inspec tests for client installs + +## v6.0.1 (2017-01-04 + +- Fix systemd unit file template + +## v6.0.0 (2017-01-03) + +- This cookbook now requires Chef 12.1 or later +- Removed the dependency on the apt cookbook as this functionality is built into modern chef client releases +- Added a new custom resource for installing extensions. This acts as a replacement for the contrib recipe with minimal backwards compatibility. You can now install / remove extensions into any database. This adds the compat_resource cookbook dependency so we can continue to support Chef 12.1-12.4, which lack custom resource support. +- The unused get_result_orig helper has been removed. If you utilized this you'll want to move it to your own wrapper cookbook +- Updates for compatibility with Postgresql 9.5 and 9.6 +- Fixed client package installation on openSUSE Leap 42.2 +- ca-certificates recipe has been deprecated. If ca-certificates package needs to be upgraded the user should do so prior to including this recipe. Package upgrades in community cookbooks are generally a bad idea as this bring in updated packages to production systems. The recipe currently warns if used and will be removed with the next major cookbook release. +- Fixed RHEL platform detection in the Ruby recipe +- systemd fixes for RHEL systems +- Fix systemd service file include when using pgdg packages +- Package installation now uses multi-package installs to speed up converge times +- Added integration testing in Travis of the client recipe using a new test cookbook. This will be expanded in the future to cover server installation as well +- Expanded the specs to test converges on multiple platforms + +## v5.2.0 (2016-12-30) + +- Updated contacts and links to point to Sous Chefs now +- Added a Code of Conduct (the Chef CoC) +- Removed duplicate platforms in the metadata +- Fix Chef runs with local mode in the server recipe +- Fix the ruby recipe to not fail when you specify enabling both the apt and yum repos for mixed distro environments +- Set the postgresql data directory to 700 permissions +- Added node['postgresql']['pg_gem']['version'] to specify the version of the pg gem to install +- Cookstyle fixes for the latest cookstyle release +- Removed test deps from the Gemfile. Rely on ChefDK for base testing deps instead + +## v5.1.0 (2016-11-01) + +- Maintenance of this cookbook has been migrated from Heavy Water to Sous Chefs - +- Add support for Chef-Zero (local mode) +- Don't hardcode the UID / GID on RHEL/Amazon/Suse platforms +- Add PGDG yum RPMs for 9.5 / 9.6 + +## v5.0.0 (2016-10-25) + +### Breaking changes + +- Switched from Librarian to Berkshelf +- Remove support for the following platforms + + - SLES < 12 + - openSUSE < 13 + - Debian < 7 + - Ubuntu < 12.04 + - RHEL < 6 + - Amazon < 2013 + - Unsupported (EOL) Fedora releases + +### Other changes + +- Added support for Ubuntu 16.04 +- Loosened cookbook dependencies to not prevent pulling in the latest community cookbooks +- Added chef_version metadata +- Switched from rubocop to cookstyle and fix all warnings +- Removed minitests and the minitest handler +- Added support for opensuse / opensuseleap +- Added support for Fedora 23/24 +- Added a chefignore file to limit the files uploaded to the chef server +- Updated Test Kitchen config to test on modern platform releases +- Added a Rakefile and updated Travis to test with ChefDK and that rakefile +- Avoid installing packages included in build-essential twice in the ruby recipe +- Require at least build-essential 2.0 +- Don't cleanup the old PPA files in the apt_pgdg_postgresql recipe anymore. These should be long gone everywhere +- Remove logic in the apt_pgdg_postgresql recipe that made Chef fail when new distro releases came out +- Avoid node.set deprecation warnings +- Avoid managed_home deprecation warnings in server_redhat recipe diff --git a/ops/cookbooks/vendor/postgresql/CONTRIBUTING.md b/ops/cookbooks/vendor/postgresql/CONTRIBUTING.md new file mode 100644 index 0000000..e28e2a6 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/CONTRIBUTING.md @@ -0,0 +1,21 @@ +# Contributing + +## Branches + +### `master` branch + +The master branch is the current committed changes. These changes may not yet be released although we try to release often. + +## Tags + +All releases are tagged in git. To see the releases available to you see the changelog or the tags directly. + +## Pull requests + +- + +## Issues + +Need to report an issue? Use the github issues: + +- diff --git a/ops/cookbooks/vendor/postgresql/README.md b/ops/cookbooks/vendor/postgresql/README.md new file mode 100644 index 0000000..d25d75e --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/README.md @@ -0,0 +1,433 @@ +# PostgreSQL cookbook + +[![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql) +[![Build Status](https://img.shields.io/circleci/project/github/sous-chefs/postgresql/master.svg)](https://circleci.com/gh/sous-chefs/postgresql) +[![pullreminders](https://pullreminders.com/badge.svg)](https://pullreminders.com?ref=badge) + +Installs and configures PostgreSQL as a client or a server. + +## Upgrading + +If you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see upgrading.md for a full description. + +## Requirements + +### Platforms + +- Amazon Linux +- Debian 7+ +- Ubuntu 14.04+ +- Red Hat/CentOS/Scientific 6+ +- Fedora + +### PostgreSQL version + +We follow the currently supported versions listed on + +### Chef + +- Chef 13.8+ + +### Cookbook Dependencies + +None. + +## Resources + +### postgresql_client_install + +This resource installs PostgreSQL client packages. + +#### Actions + +- `install` - (default) Install client packages + +#### Properties + +Name | Types | Description | Default | Required? +------------------- | ----------------- | ------------------------------------------------------------- | ----------------------------------------- | --------- +`version` | String | Version of PostgreSQL to install | '9.6' | no +`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no +`hba_file` | String | | `#{conf_dir}/main/pg_hba.conf` | no +`ident_file` | String | | `#{conf_dir}/main/pg_ident.conf` | no +`external_pid_file` | String | | `/var/run/postgresql/#{version}-main.pid` | no +`password` | String, nil | Pass in a password, or have the cookbook generate one for you | | no + +#### Examples + +To install version 9.5: + +```ruby +postgresql_client_install 'My PostgreSQL Client install' do + version '9.5' +end +``` + +### postgresql_server_install + +This resource installs PostgreSQL client and server packages. + +#### Actions + +- `install` - (default) Install client and server packages +- `create` - Initialize the database + +#### Properties + +Name | Types | Description | Default | Required? +------------------- | --------------- | --------------------------------------------- | -------------------------------------------------- | --------- +`version` | String | Version of PostgreSQL to install | '9.6' | no +`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no +`hba_file` | String | Path of pg_hba.conf file | `/pg_hba.conf'` | no +`ident_file` | String | Path of pg_ident.conf file | `/pg_ident.conf` | no +`external_pid_file` | String | Path of PID file | `/var/run/postgresql/-main.pid` | no +`password` | String, nil | Set PostgreSQL user password | 'generate' | no +`port` | Integer | Set listen port of PostgreSQL service | 5432 | no +`initdb_locale` | String | Locale to initialise the database with | 'C' | no + +#### Examples + +To install PostgreSQL server, set your own postgres password using non-default service port. + +```ruby +postgresql_server_install 'My PostgreSQL Server install' do + action :install +end + +postgresql_server_install 'Setup my PostgreSQL 9.6 server' do + password 'MyP4ssw0rd' + port 5433 + action :create +end +``` + +#### Known issues + +On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the +same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555). + +### postgresql_server_conf + +This resource manages postgresql.conf configuration file. + +#### Actions + +- `modify` - (default) Manager PostgreSQL configuration file (postgresql.conf) + +#### Properties + +Name | Types | Description | Default | Required? +---------------------- | ------- | --------------------------------------- | --------------------------------------------------- | --------- +`version` | String | Version of PostgreSQL to install | '9.6' | no +`data_directory` | String | Path of PostgreSQL data directory | `` | no +`hba_file` | String | Path of pg_hba.conf file | `/pg_hba.conf` | no +`ident_file` | String | Path of pg_ident.conf file | `/pg_ident.conf` | no +`external_pid_file` | String | Path of PID file | `/var/run/postgresql/-main.pid` | no +`stats_temp_directory` | String | Path of stats file | `/var/run/postgresql/version>-main.pg_stat_tmp` | no +`port` | Integer | Set listen port of PostgreSQL service | 5432 | no +`additional_config` | Hash | Extra configuration for the config file | {} | no + +#### Examples + +To setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too. + +```ruby +postgresql_server_conf 'My PostgreSQL Config' do + version '9.5' + data_directory '/data/postgresql/9.5/main' + notifies :reload, 'service[postgresql]' +end +``` + +### postgresql_extension + +This resource manages PostgreSQL extensions for a given database. + +#### Actions + +- `create` - (default) Creates an extension in a given database +- `drop` - Drops an extension from the database + +#### Properties + +Name | Types | Description | Default | Required? +------------- | ------ | -------------------------------------------------------------------------------- | ---------------- | --------- +`database` | String | Name of the database to install the extension into | | yes +`extension` | String | Name of the extension to install the database | Name of resource | yes +`version` | String | Version of the extension to install | | no +`old_version` | String | Older module name for new extension replacement. Appends FROM to extension query | | no + +#### Examples + +To install the `adminpack` extension: + +```ruby +# Add the contrib package in Ubuntu/Debian +package 'postgresql-contrib-9.6' + +# Install adminpack extension +postgresql_extension 'postgres adminpack' do + database 'postgres' + extension 'adminpack' +end +``` + +### postgresql_access + +This resource uses the accumulator pattern to build up the `pg_hba.conf` file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final `pg_hba.conf` + +#### Actions + +- `grant` - (default) Creates an access line inside of `pg_hba.conf` + +#### Properties + +Name | Types | Description | Default | Required? +--------------- | ------ | ----------------------------------------------------------------------------------------- | ----------------- | --------- +`name` | String | Name of the access resource, this is left as a comment inside the `pg_hba` config | Resource name | yes +`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_hba.conf.erb' | yes +`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | yes +`comment` | String | A comment to leave above the entry in `pg_hba` | nil | no +`access_type` | String | The type of access, e.g. local or host | 'local' | yes +`access_db` | String | The database to access. Can use 'all' for all databases | 'all' | yes +`access_user` | String | The user accessing the database. Can use 'all' for any user | 'all' | yes +`access_addr` | String | The address(es) allowed access. Can be nil if method ident is used since it is local then | nil | no +`access_method` | String | Authentication method to use | 'ident' | yes + +#### Examples + +To grant access to the PostgreSQL user with ident authentication: + +```ruby +postgresql_access 'local_postgres_superuser' do + comment 'Local postgres superuser access' + access_type 'local' + access_db 'all' + access_user 'postgres' + access_addr nil + access_method 'ident' +end +``` + +This generates the following line in the `pg_hba.conf`: + +``` +# Local postgres superuser access +local all postgres ident +``` + +**Note**: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this: + +``` +# "local" is for Unix domain socket connections only +local all all peer +``` + +### postgresql_ident + +This resource generate `pg_ident.conf` configuration file to manage user mapping between system and PostgreSQL users. + +#### Actions + +- `create` - (default) Creates an mapping line inside of `pg_ident.conf` + +#### Properties + +Name | Types | Description | Default | Required? +-------------- | ----------- | -------------------------------------------------------------------------- | ------------------- | --------- +`mapname` | String | Name of the user mapping | Resource name | yes +`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_ident.conf.erb' | no +`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | no +`comment` | String, nil | A comment to leave above the entry in `pg_ident` | nil | no +`system_user` | String | System user or regexp used for the mapping | None | yes +`pg_user` | String | Pg user or regexp used for the mapping | None | yes + +#### Examples + +Creates a `mymapping` mapping that map `john` system user to `user1` PostgreSQL user: + +```ruby +postgresql_ident 'Map john to user1' do + comment 'John Mapping' + mapname 'mymapping' + system_user 'john' + pg_user 'user1' +end +``` + +This generates the following line in the `pg_ident.conf`: + +``` +# MAPNAME SYSTEM-USERNAME PG-USERNAME + +# John Mapping +mymapping john user1 +``` + +To grant access to the foo user with password authentication: + +```ruby +postgresql_access 'local_foo_user' do + comment 'Foo user access' + access_type 'host' + access_db 'all' + access_user 'foo' + access_addr '127.0.0.1/32' + access_method 'md5' +end +``` + +This generates the following line in the `pg_hba.conf`: + +``` +# Local postgres superuser access +host all foo 127.0.0.1/32 ident +``` + +### postgresql_database + +This resource manages PostgreSQL databases. + +#### Actions + +- `create` - (default) Creates the given database. +- `drop` - Drops the given database. + +#### Properties + +Name | Types | Description | Default | Required? +---------- | ------- | ------------------------------------------------------------------- | ------------------- | --------- +`database` | String | Name of the database to create | Resource name | yes +`user` | String | User which run psql command | 'postgres' | no +`template` | String | Template used to create the new database | 'template1' | no +`host` | String | Define the host server where the database creation will be executed | Not set (localhost) | no +`port` | Integer | Define the port of PostgreSQL server | 5432 | no +`encoding` | String | Define database encoding | 'UTF-8' | no +`locale` | String | Define database locale | 'en_US.UTF-8' | no +`owner` | String | Define the owner of the database | Not set | no + +#### Examples + +To create database named 'my_app' with owner 'user1': + +```ruby +postgresql_database 'my_app' do + owner 'user1' +end +``` + +#### Known issues + +On some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the +same as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555). + +### postgresql_user + +This resource manage PostgreSQL users. + +#### Actions + +- `create` - (default) Creates the given user with default or given privileges. +- `update` - Update user privilieges. +- `drop` - Deletes the given user. + +#### Properties + +Name | Types | Description | Default | Required? +-------------------- | ------- | ----------------------------------------------- | -------- | --------- +`create_user` | String | User to create (defaults to the resource name) | | Yes +`superuser` | Boolean | Define if user needs superuser role | false | no +`createdb` | Boolean | Define if user needs createdb role | false | no +`createrole` | Boolean | Define if user needs createrole role | false | no +`inherit` | Boolean | Define if user inherits the privileges of roles | true | no +`replication` | Boolean | Define if user needs replication role | false | no +`login` | Boolean | Define if user can login | true | no +`password` | String | Set user's password | | no +`encrypted_password` | String | Set user's password with an hashed password | | no +`valid_until` | String | Define an account expiration date | | no +`attributes` | Hash | Additional attributes for :update action | {} | no +`user` | String | User for command | postgres | no +`database` | String | Database for command | | no +`host` | String | Hostname for command | | no +`port` | Integer | Port number to connect to postgres | 5432 | no + +#### Examples + +Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21. + +```ruby +postgresql_user 'user1' do + password 'UserP4ssword' + createdb true + valid_until '2018-12-31' +end +``` + +Create a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21. + +```ruby +postgresql_user 'user1' do + password 'UserP4ssword' + createdb true + valid_until '2018-12-31' +end +``` + +## Usage + +To install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters. + +More examples can be found in `test/cookbooks/test/recipes` + +## Example Usage + +```ruby +# cookbooks/my_postgresql/recipes/default.rb + +postgresql_client_install 'PostgreSQL Client' do + setup_repo false + version '10.6' +end + +postgresql_server_install 'PostgreSQL Server' do + version '10.6' + setup_repo false + password 'P0stgresP4ssword' +end + +postgresql_server_conf 'PostgreSQL Config' do + notifies :reload, 'service[postgresql]' +end +``` + +## Contributing + +Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow. + +1. **Fork** the repo on GitHub +2. **Clone** the project to your own machine +3. **Commit** changes to your own branch +4. **Push** your work back up to your fork +5. Submit a **Pull request** so that we can review your changes + +NOTE: Be sure to merge the latest from "upstream" before making a pull request! + +[Contribution informations for this project](CONTRIBUTING.md) + +## License + +Copyright 2010-2017, Chef Software, Inc. + +```text +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/ops/cookbooks/vendor/postgresql/libraries/helpers.rb b/ops/cookbooks/vendor/postgresql/libraries/helpers.rb new file mode 100644 index 0000000..431d5dd --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/libraries/helpers.rb @@ -0,0 +1,247 @@ +# +# Cookbook:: postgresql +# Library:: helpers +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module PostgresqlCookbook + module Helpers + include Chef::Mixin::ShellOut + + require 'securerandom' + + def psql_command_string(new_resource, query, grep_for: nil, value_only: false) + cmd = "/usr/bin/psql -c \"#{query}\"" + cmd << " -d #{new_resource.database}" if new_resource.database + cmd << " -U #{new_resource.user}" if new_resource.user + cmd << " --host #{new_resource.host}" if new_resource.host + cmd << " --port #{new_resource.port}" if new_resource.port + cmd << ' --tuples-only' if value_only + cmd << " | grep #{grep_for}" if grep_for + cmd + end + + def execute_sql(new_resource, query) + # If we don't pass in a user to the resource + # default to the postgres user + user = new_resource.user ? new_resource.user : 'postgres' + + # Query could be a String or an Array of Strings + statement = query.is_a?(String) ? query : query.join("\n") + + cmd = shell_out(statement, user: user) + + # Pass back cmd so we can decide what to do with it in the calling method. + cmd + end + + def database_exists?(new_resource) + sql = %(SELECT datname from pg_database WHERE datname='#{new_resource.database}') + + exists = psql_command_string(new_resource, sql, grep_for: new_resource.database) + + cmd = execute_sql(new_resource, exists) + cmd.exitstatus == 0 + end + + def user_exists?(new_resource) + sql = %(SELECT rolname FROM pg_roles WHERE rolname='#{new_resource.create_user}';) + + exists = psql_command_string(new_resource, sql, grep_for: new_resource.create_user) + + cmd = execute_sql(new_resource, exists) + cmd.exitstatus == 0 + end + + def extension_installed?(new_resource) + query = %(SELECT extversion FROM pg_extension WHERE extname='#{new_resource.extension}';) + check_extension_version = psql_command_string(new_resource, query, value_only: true) + version_result = execute_sql(new_resource, check_extension_version) + if new_resource.version + version_result.stdout == new_resource.version + else + !version_result.stdout.chomp.empty? + end + end + + def alter_role_sql(new_resource) + sql = %(ALTER ROLE postgres ENCRYPTED PASSWORD '#{postgres_password(new_resource)}';) + psql_command_string(new_resource, sql) + end + + def create_extension_sql(new_resource) + sql = "CREATE EXTENSION IF NOT EXISTS #{new_resource.extension}" + sql << " FROM \"#{new_resource.old_version}\"" if new_resource.old_version + + psql_command_string(new_resource, sql) + end + + def user_has_password?(new_resource) + sql = %(SELECT rolpassword from pg_authid WHERE rolname='postgres' AND rolpassword IS NOT NULL;) + cmd = psql_command_string(new_resource, sql) + + res = execute_sql(new_resource, cmd) + res.stdout =~ /1 row/ ? true : false + end + + def role_sql(new_resource) + sql = %(\\"#{new_resource.create_user}\\" WITH ) + + %w(superuser createdb createrole inherit replication login).each do |perm| + sql << "#{'NO' unless new_resource.send(perm)}#{perm.upcase} " + end + + sql << if new_resource.encrypted_password + "ENCRYPTED PASSWORD '#{new_resource.encrypted_password}'" + elsif new_resource.password + "PASSWORD '#{new_resource.password}'" + else + '' + end + + sql << if new_resource.valid_until + " VALID UNTIL '#{new_resource.valid_until}'" + else + '' + end + end + + def create_user_sql(new_resource) + sql = %(CREATE ROLE #{role_sql(new_resource)}) + psql_command_string(new_resource, sql) + end + + def update_user_sql(new_resource) + sql = %(ALTER ROLE #{role_sql(new_resource)}) + psql_command_string(new_resource, sql) + end + + def update_user_with_attributes_sql(new_resource, value) + sql = %(ALTER ROLE '#{new_resource.create_user}' SET #{attr} = #{value}) + psql_command_string(new_resource, sql) + end + + def drop_user_sql(new_resource) + sql = %(DROP ROLE IF EXISTS '#{new_resource.create_user}') + psql_command_string(new_resource, sql) + end + + def data_dir(version = node.run_state['postgresql']['version']) + case node['platform_family'] + when 'rhel', 'fedora' + "/var/lib/pgsql/#{version}/data" + when 'amazon' + if node['virtualization']['system'] == 'docker' + "/var/lib/pgsql#{version.delete('.')}/data" + else + "/var/lib/pgsql/#{version}/data" + end + when 'debian' + "/var/lib/postgresql/#{version}/main" + end + end + + def conf_dir(version = node.run_state['postgresql']['version']) + case node['platform_family'] + when 'rhel', 'fedora' + "/var/lib/pgsql/#{version}/data" + when 'amazon' + if node['virtualization']['system'] == 'docker' + "/var/lib/pgsql#{version.delete('.')}/data" + else + "/var/lib/pgsql/#{version}/data" + end + when 'debian' + "/etc/postgresql/#{version}/main" + end + end + + # determine the platform specific service name + def platform_service_name(version = node.run_state['postgresql']['version']) + case node['platform_family'] + when 'rhel', 'fedora' + "postgresql-#{version}" + when 'amazon' + if node['virtualization']['system'] == 'docker' + "postgresql#{version.delete('.')}" + else + "postgresql-#{version}" + end + else + 'postgresql' + end + end + + def follower? + ::File.exist? "#{data_dir}/recovery.conf" + end + + def initialized? + return true if ::File.exist?("#{conf_dir}/PG_VERSION") + false + end + + def secure_random + r = SecureRandom.hex + Chef::Log.debug "Generated password: #{r}" + r + end + + # determine the platform specific server package name + def server_pkg_name + platform_family?('debian') ? "postgresql-#{new_resource.version}" : "postgresql#{new_resource.version.delete('.')}-server" + end + + # determine the appropriate DB init command to run based on RHEL/Fedora/Amazon release + # initdb defaults to the execution environment. + # https://www.postgresql.org/docs/9.5/static/locale.html + def rhel_init_db_command(new_resource) + cmd = if platform_family?('amazon') + '/usr/bin/initdb' + else + "/usr/pgsql-#{new_resource.version}/bin/initdb" + end + cmd << " --locale '#{new_resource.initdb_locale}'" if new_resource.initdb_locale + cmd << " -D '#{data_dir(new_resource.version)}'" + end + + # Given the base URL build the complete URL string for a yum repo + def yum_repo_url(base_url) + "#{base_url}/#{new_resource.version}/#{yum_repo_platform_family_string}/#{yum_repo_platform_string}" + end + + # The postgresql yum repos URLs are organized into redhat and fedora directories.s + # route things to the right place based on platform_family + def yum_repo_platform_family_string + platform_family?('fedora') ? 'fedora' : 'redhat' + end + + # Build the platform string that makes up the final component of the yum repo URL + def yum_repo_platform_string + platform = platform?('fedora') ? 'fedora' : 'rhel' + release = platform?('amazon') ? '6' : '$releasever' + "#{platform}-#{release}-$basearch" + end + + # On Amazon use the RHEL 6 packages. Otherwise use the releasever yum variable + def yum_releasever + platform?('amazon') ? '6' : '$releasever' + end + + # Generate a password if the value is set to generate. + def postgres_password(new_resource) + new_resource.password == 'generate' ? secure_random : new_resource.password + end + end +end diff --git a/ops/cookbooks/vendor/postgresql/metadata.json b/ops/cookbooks/vendor/postgresql/metadata.json new file mode 100644 index 0000000..52a549a --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/metadata.json @@ -0,0 +1 @@ +{"name":"postgresql","version":"7.1.4","description":"Installs and configures postgresql for clients or servers","long_description":"# PostgreSQL cookbook\n\n[![Cookbook Version](https://img.shields.io/cookbook/v/postgresql.svg)](https://supermarket.chef.io/cookbooks/postgresql)\n[![Build Status](https://img.shields.io/circleci/project/github/sous-chefs/postgresql/master.svg)](https://circleci.com/gh/sous-chefs/postgresql)\n[![pullreminders](https://pullreminders.com/badge.svg)](https://pullreminders.com?ref=badge)\n\nInstalls and configures PostgreSQL as a client or a server.\n\n## Upgrading\n\nIf you are wondering where all the recipes went in v7.0+, or how on earth I use this new cookbook please see upgrading.md for a full description.\n\n## Requirements\n\n### Platforms\n\n- Amazon Linux\n- Debian 7+\n- Ubuntu 14.04+\n- Red Hat/CentOS/Scientific 6+\n- Fedora\n\n### PostgreSQL version\n\nWe follow the currently supported versions listed on \n\n### Chef\n\n- Chef 13.8+\n\n### Cookbook Dependencies\n\nNone.\n\n## Resources\n\n### postgresql_client_install\n\nThis resource installs PostgreSQL client packages.\n\n#### Actions\n\n- `install` - (default) Install client packages\n\n#### Properties\n\nName | Types | Description | Default | Required?\n------------------- | ----------------- | ------------------------------------------------------------- | ----------------------------------------- | ---------\n`version` | String | Version of PostgreSQL to install | '9.6' | no\n`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no\n`hba_file` | String | | `#{conf_dir}/main/pg_hba.conf` | no\n`ident_file` | String | | `#{conf_dir}/main/pg_ident.conf` | no\n`external_pid_file` | String | | `/var/run/postgresql/#{version}-main.pid` | no\n`password` | String, nil | Pass in a password, or have the cookbook generate one for you | | no\n\n#### Examples\n\nTo install version 9.5:\n\n```ruby\npostgresql_client_install 'My PostgreSQL Client install' do\n version '9.5'\nend\n```\n\n### postgresql_server_install\n\nThis resource installs PostgreSQL client and server packages.\n\n#### Actions\n\n- `install` - (default) Install client and server packages\n- `create` - Initialize the database\n\n#### Properties\n\nName | Types | Description | Default | Required?\n------------------- | --------------- | --------------------------------------------- | -------------------------------------------------- | ---------\n`version` | String | Version of PostgreSQL to install | '9.6' | no\n`setup_repo` | Boolean | Define if you want to add the PostgreSQL repo | true | no\n`hba_file` | String | Path of pg_hba.conf file | `/pg_hba.conf'` | no\n`ident_file` | String | Path of pg_ident.conf file | `/pg_ident.conf` | no\n`external_pid_file` | String | Path of PID file | `/var/run/postgresql/-main.pid` | no\n`password` | String, nil | Set PostgreSQL user password | 'generate' | no\n`port` | Integer | Set listen port of PostgreSQL service | 5432 | no\n`initdb_locale` | String | Locale to initialise the database with | 'C' | no\n\n#### Examples\n\nTo install PostgreSQL server, set your own postgres password using non-default service port.\n\n```ruby\npostgresql_server_install 'My PostgreSQL Server install' do\n action :install\nend\n\npostgresql_server_install 'Setup my PostgreSQL 9.6 server' do\n password 'MyP4ssw0rd'\n port 5433\n action :create\nend\n```\n\n#### Known issues\n\nOn some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the\nsame as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).\n\n### postgresql_server_conf\n\nThis resource manages postgresql.conf configuration file.\n\n#### Actions\n\n- `modify` - (default) Manager PostgreSQL configuration file (postgresql.conf)\n\n#### Properties\n\nName | Types | Description | Default | Required?\n---------------------- | ------- | --------------------------------------- | --------------------------------------------------- | ---------\n`version` | String | Version of PostgreSQL to install | '9.6' | no\n`data_directory` | String | Path of PostgreSQL data directory | `` | no\n`hba_file` | String | Path of pg_hba.conf file | `/pg_hba.conf` | no\n`ident_file` | String | Path of pg_ident.conf file | `/pg_ident.conf` | no\n`external_pid_file` | String | Path of PID file | `/var/run/postgresql/-main.pid` | no\n`stats_temp_directory` | String | Path of stats file | `/var/run/postgresql/version>-main.pg_stat_tmp` | no\n`port` | Integer | Set listen port of PostgreSQL service | 5432 | no\n`additional_config` | Hash | Extra configuration for the config file | {} | no\n\n#### Examples\n\nTo setup your PostgreSQL configuration with a specific data directory. If you have installed a specific version of PostgreSQL (different from 9.6), you must specify version in this resource too.\n\n```ruby\npostgresql_server_conf 'My PostgreSQL Config' do\n version '9.5'\n data_directory '/data/postgresql/9.5/main'\n notifies :reload, 'service[postgresql]'\nend\n```\n\n### postgresql_extension\n\nThis resource manages PostgreSQL extensions for a given database.\n\n#### Actions\n\n- `create` - (default) Creates an extension in a given database\n- `drop` - Drops an extension from the database\n\n#### Properties\n\nName | Types | Description | Default | Required?\n------------- | ------ | -------------------------------------------------------------------------------- | ---------------- | ---------\n`database` | String | Name of the database to install the extension into | | yes\n`extension` | String | Name of the extension to install the database | Name of resource | yes\n`version` | String | Version of the extension to install | | no\n`old_version` | String | Older module name for new extension replacement. Appends FROM to extension query | | no\n\n#### Examples\n\nTo install the `adminpack` extension:\n\n```ruby\n# Add the contrib package in Ubuntu/Debian\npackage 'postgresql-contrib-9.6'\n\n# Install adminpack extension\npostgresql_extension 'postgres adminpack' do\n database 'postgres'\n extension 'adminpack'\nend\n```\n\n### postgresql_access\n\nThis resource uses the accumulator pattern to build up the `pg_hba.conf` file via chef resources instead of piling on a mountain of chef attributes to make this cookbook more reusable. It directly mirrors the configuration options of the postgres hba file in the resource and by default notifies the server with a reload to avoid a full restart, causing a potential outage of service. To revoke access, simply remove the resource and the access change won't be computed into the final `pg_hba.conf`\n\n#### Actions\n\n- `grant` - (default) Creates an access line inside of `pg_hba.conf`\n\n#### Properties\n\nName | Types | Description | Default | Required?\n--------------- | ------ | ----------------------------------------------------------------------------------------- | ----------------- | ---------\n`name` | String | Name of the access resource, this is left as a comment inside the `pg_hba` config | Resource name | yes\n`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_hba.conf.erb' | yes\n`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | yes\n`comment` | String | A comment to leave above the entry in `pg_hba` | nil | no\n`access_type` | String | The type of access, e.g. local or host | 'local' | yes\n`access_db` | String | The database to access. Can use 'all' for all databases | 'all' | yes\n`access_user` | String | The user accessing the database. Can use 'all' for any user | 'all' | yes\n`access_addr` | String | The address(es) allowed access. Can be nil if method ident is used since it is local then | nil | no\n`access_method` | String | Authentication method to use | 'ident' | yes\n\n#### Examples\n\nTo grant access to the PostgreSQL user with ident authentication:\n\n```ruby\npostgresql_access 'local_postgres_superuser' do\n comment 'Local postgres superuser access'\n access_type 'local'\n access_db 'all'\n access_user 'postgres'\n access_addr nil\n access_method 'ident'\nend\n```\n\nThis generates the following line in the `pg_hba.conf`:\n\n```\n# Local postgres superuser access\nlocal all postgres ident\n```\n\n**Note**: The template by default generates a local access for Unix domain sockets only to support running the SQL execute resources. In Postgres version 9.1 and higher, the method is 'peer' instead of 'ident' which is identical. It looks like this:\n\n```\n# \"local\" is for Unix domain socket connections only\nlocal all all peer\n```\n\n### postgresql_ident\n\nThis resource generate `pg_ident.conf` configuration file to manage user mapping between system and PostgreSQL users.\n\n#### Actions\n\n- `create` - (default) Creates an mapping line inside of `pg_ident.conf`\n\n#### Properties\n\nName | Types | Description | Default | Required?\n-------------- | ----------- | -------------------------------------------------------------------------- | ------------------- | ---------\n`mapname` | String | Name of the user mapping | Resource name | yes\n`source` | String | The cookbook template filename if you want to use your own custom template | 'pg_ident.conf.erb' | no\n`cookbook` | String | The cookbook to look in for the template source | 'postgresql' | no\n`comment` | String, nil | A comment to leave above the entry in `pg_ident` | nil | no\n`system_user` | String | System user or regexp used for the mapping | None | yes\n`pg_user` | String | Pg user or regexp used for the mapping | None | yes\n\n#### Examples\n\nCreates a `mymapping` mapping that map `john` system user to `user1` PostgreSQL user:\n\n```ruby\npostgresql_ident 'Map john to user1' do\n comment 'John Mapping'\n mapname 'mymapping'\n system_user 'john'\n pg_user 'user1'\nend\n```\n\nThis generates the following line in the `pg_ident.conf`:\n\n```\n# MAPNAME SYSTEM-USERNAME PG-USERNAME\n\n# John Mapping\nmymapping john user1\n```\n\nTo grant access to the foo user with password authentication:\n\n```ruby\npostgresql_access 'local_foo_user' do\n comment 'Foo user access'\n access_type 'host'\n access_db 'all'\n access_user 'foo'\n access_addr '127.0.0.1/32'\n access_method 'md5'\nend\n```\n\nThis generates the following line in the `pg_hba.conf`:\n\n```\n# Local postgres superuser access\nhost all foo 127.0.0.1/32 ident\n```\n\n### postgresql_database\n\nThis resource manages PostgreSQL databases.\n\n#### Actions\n\n- `create` - (default) Creates the given database.\n- `drop` - Drops the given database.\n\n#### Properties\n\nName | Types | Description | Default | Required?\n---------- | ------- | ------------------------------------------------------------------- | ------------------- | ---------\n`database` | String | Name of the database to create | Resource name | yes\n`user` | String | User which run psql command | 'postgres' | no\n`template` | String | Template used to create the new database | 'template1' | no\n`host` | String | Define the host server where the database creation will be executed | Not set (localhost) | no\n`port` | Integer | Define the port of PostgreSQL server | 5432 | no\n`encoding` | String | Define database encoding | 'UTF-8' | no\n`locale` | String | Define database locale | 'en_US.UTF-8' | no\n`owner` | String | Define the owner of the database | Not set | no\n\n#### Examples\n\nTo create database named 'my_app' with owner 'user1':\n\n```ruby\npostgresql_database 'my_app' do\n owner 'user1'\nend\n```\n\n#### Known issues\n\nOn some platforms (e.g. Ubuntu 18.04), your `initdb_locale` should be set to the\nsame as the template database [GH-555](https://github.com/sous-chefs/postgresql/issues/555).\n\n### postgresql_user\n\nThis resource manage PostgreSQL users.\n\n#### Actions\n\n- `create` - (default) Creates the given user with default or given privileges.\n- `update` - Update user privilieges.\n- `drop` - Deletes the given user.\n\n#### Properties\n\nName | Types | Description | Default | Required?\n-------------------- | ------- | ----------------------------------------------- | -------- | ---------\n`create_user` | String | User to create (defaults to the resource name) | | Yes\n`superuser` | Boolean | Define if user needs superuser role | false | no\n`createdb` | Boolean | Define if user needs createdb role | false | no\n`createrole` | Boolean | Define if user needs createrole role | false | no\n`inherit` | Boolean | Define if user inherits the privileges of roles | true | no\n`replication` | Boolean | Define if user needs replication role | false | no\n`login` | Boolean | Define if user can login | true | no\n`password` | String | Set user's password | | no\n`encrypted_password` | String | Set user's password with an hashed password | | no\n`valid_until` | String | Define an account expiration date | | no\n`attributes` | Hash | Additional attributes for :update action | {} | no\n`user` | String | User for command | postgres | no\n`database` | String | Database for command | | no\n`host` | String | Hostname for command | | no\n`port` | Integer | Port number to connect to postgres | 5432 | no\n\n#### Examples\n\nCreate a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.\n\n```ruby\npostgresql_user 'user1' do\n password 'UserP4ssword'\n createdb true\n valid_until '2018-12-31'\nend\n```\n\nCreate a user `user1` with a password, with `createdb` role and set an expiration date to 2018, Dec 21.\n\n```ruby\npostgresql_user 'user1' do\n password 'UserP4ssword'\n createdb true\n valid_until '2018-12-31'\nend\n```\n\n## Usage\n\nTo install and configure your PostgreSQL instance you need to create your own cookbook and call needed resources with your own parameters.\n\nMore examples can be found in `test/cookbooks/test/recipes`\n\n## Example Usage\n\n```ruby\n# cookbooks/my_postgresql/recipes/default.rb\n\npostgresql_client_install 'PostgreSQL Client' do\n setup_repo false\n version '10.6'\nend\n\npostgresql_server_install 'PostgreSQL Server' do\n version '10.6'\n setup_repo false\n password 'P0stgresP4ssword'\nend\n\npostgresql_server_conf 'PostgreSQL Config' do\n notifies :reload, 'service[postgresql]'\nend\n```\n\n## Contributing\n\nPlease refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the \"fork-and-pull\" Git workflow.\n\n1. **Fork** the repo on GitHub\n2. **Clone** the project to your own machine\n3. **Commit** changes to your own branch\n4. **Push** your work back up to your fork\n5. Submit a **Pull request** so that we can review your changes\n\nNOTE: Be sure to merge the latest from \"upstream\" before making a pull request!\n\n[Contribution informations for this project](CONTRIBUTING.md)\n\n## License\n\nCopyright 2010-2017, Chef Software, Inc.\n\n```text\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Sous Chefs","maintainer_email":"help@sous-chefs.org","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","amazon":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/postgresql","issues_url":"https://github.com/sous-chefs/postgresql/issues","chef_version":[[">= 13.8"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/postgresql/metadata.rb b/ops/cookbooks/vendor/postgresql/metadata.rb new file mode 100644 index 0000000..9fb54ac --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/metadata.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true +name 'postgresql' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Installs and configures postgresql for clients or servers' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '7.1.4' +source_url 'https://github.com/sous-chefs/postgresql' +issues_url 'https://github.com/sous-chefs/postgresql/issues' +chef_version '>= 13.8' + +%w(ubuntu debian fedora amazon redhat centos scientific oracle).each do |os| + supports os +end diff --git a/ops/cookbooks/vendor/postgresql/resources/access.rb b/ops/cookbooks/vendor/postgresql/resources/access.rb new file mode 100644 index 0000000..56d69cc --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/access.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true +# +# Cookbook:: postgresql +# Resource:: access +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :access_type, String, required: true, default: 'local' +property :access_db, String, required: true, default: 'all' +property :access_user, String, required: true, default: 'postgres' +property :access_method, String, required: true, default: 'ident' +property :cookbook, String, default: 'postgresql' +property :source, String, default: 'pg_hba.conf.erb' +property :access_addr, String +property :comment, String + +action :grant do + config_resource = new_resource + with_run_context :root do # ~FC037 + edit_resource(:template, "#{conf_dir}/pg_hba.conf") do |new_resource| + source new_resource.source + cookbook new_resource.cookbook + owner 'postgres' + group 'postgres' + mode '0600' + variables[:pg_hba] ||= {} + variables[:pg_hba][new_resource.name] = { + comment: new_resource.comment, + type: new_resource.access_type, + db: new_resource.access_db, + user: new_resource.access_user, + addr: new_resource.access_addr, + method: new_resource.access_method, + } + action :nothing + delayed_action :create + notifies :trigger, config_resource, :immediately + end + end +end + +action :trigger do + new_resource.updated_by_last_action(true) # ~FC085 +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/client_install.rb b/ops/cookbooks/vendor/postgresql/resources/client_install.rb new file mode 100644 index 0000000..2698d00 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/client_install.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true +# +# Cookbook:: postgresql +# Resource:: client_install +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :version, String, default: '9.6' +property :setup_repo, [true, false], default: true + +action :install do + postgresql_repository 'Add downloads.postgresql.org repository' do + version new_resource.version + only_if { new_resource.setup_repo } + end + + case node['platform_family'] + when 'debian' + package "postgresql-client-#{new_resource.version}" + when 'rhel', 'fedora', 'amazon' + ver = new_resource.version.delete('.') + package "postgresql#{ver}" + end +end diff --git a/ops/cookbooks/vendor/postgresql/resources/database.rb b/ops/cookbooks/vendor/postgresql/resources/database.rb new file mode 100644 index 0000000..be2a813 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/database.rb @@ -0,0 +1,67 @@ +# +# Cookbook:: postgresql +# Resource:: database +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :template, String, default: 'template1' +property :encoding, String, default: 'UTF-8' +property :locale, String, default: 'en_US.UTF-8' +property :owner, String + +# Connection prefernces +property :user, String, default: 'postgres' +property :database, String, name_property: true +property :host, [String, nil], default: nil +property :port, Integer, default: 5432 + +action :create do + createdb = 'createdb' + createdb << " -E #{new_resource.encoding}" if new_resource.encoding + createdb << " -l #{new_resource.locale}" if new_resource.locale + createdb << " -T #{new_resource.template}" unless new_resource.template.empty? + createdb << " -O #{new_resource.owner}" if new_resource.owner + createdb << " -U #{new_resource.user}" if new_resource.user + createdb << " -h #{new_resource.host}" if new_resource.host + createdb << " -p #{new_resource.port}" if new_resource.port + createdb << " #{new_resource.database}" + + bash "Create Database #{new_resource.database}" do + code createdb + user new_resource.user + not_if { follower? } + not_if { database_exists?(new_resource) } + end +end + +action :drop do + converge_by "Drop PostgreSQL Database #{new_resource.database}" do + dropdb = 'dropdb' + dropdb << " -U #{new_resource.user}" if new_resource.user + dropdb << " --host #{new_resource.host}" if new_resource.host + dropdb << " --port #{new_resource.port}" if new_resource.port + dropdb << " #{new_resource.database}" + + bash "drop postgresql database #{new_resource.database})" do + user 'postgres' + code dropdb + not_if { follower? } + only_if { database_exists?(new_resource) } + end + end +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/extension.rb b/ops/cookbooks/vendor/postgresql/resources/extension.rb new file mode 100644 index 0000000..fb104dd --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/extension.rb @@ -0,0 +1,49 @@ +# +# Cookbook:: postgresql +# Resource:: extension +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :extension, String, name_property: true +property :old_version, String +property :version, String + +# Connection prefernces +property :user, String, default: 'postgres' +property :database, String, required: true +property :host, [String, nil] +property :port, Integer, default: 5432 + +action :create do + bash "CREATE EXTENSION #{new_resource.name}" do + code create_extension_sql(new_resource) + user 'postgres' + action :run + not_if { follower? || extension_installed?(new_resource) } + end +end + +action :drop do + bash "DROP EXTENSION #{new_resource.name}" do + code psql_command_string(new_resource, "DROP EXTENSION IF EXISTS \"#{new_resource.extension}\"") + user 'postgres' + action :run + not_if { follower? } + only_if { extension_installed?(new_resource) } + end +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/ident.rb b/ops/cookbooks/vendor/postgresql/resources/ident.rb new file mode 100644 index 0000000..ba677f0 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/ident.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true +# +# Cookbook:: postgresql +# Resource:: access +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :mapname, String, required: true +property :source, String, default: 'pg_ident.conf.erb' +property :cookbook, String, default: 'postgresql' +property :system_user, String, required: true +property :pg_user, String, required: true +property :comment, [String, nil], default: nil + +action :create do + ident_resource = new_resource + with_run_context :root do # ~FC037 + edit_resource(:template, "#{conf_dir}/pg_ident.conf") do |new_resource| + source new_resource.source + cookbook new_resource.cookbook + owner 'postgres' + group 'postgres' + mode '0640' + variables[:pg_ident] ||= {} + variables[:pg_ident][new_resource.name] = { + comment: new_resource.comment, + mapname: new_resource.mapname, + system_user: new_resource.system_user, + pg_user: new_resource.pg_user, + } + action :nothing + delayed_action :create + notifies :trigger, ident_resource, :immediately + end + end +end + +action :trigger do + new_resource.updated_by_last_action(true) # ~FC085 +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/repository.rb b/ops/cookbooks/vendor/postgresql/resources/repository.rb new file mode 100644 index 0000000..7040c6b --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/repository.rb @@ -0,0 +1,90 @@ +# frozen_string_literal: true +# +# Cookbook:: postgresql +# Resource:: repository +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :version, String, default: '9.6' +property :enable_pgdg, [true, false], default: true +property :enable_pgdg_source, [true, false], default: false +property :enable_pgdg_updates_testing, [true, false], default: false +property :enable_pgdg_source_updates_testing, [true, false], default: false +property :yum_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG' +property :apt_gpg_key_uri, String, default: 'https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc' + +action :add do + case node['platform_family'] + + when 'rhel', 'fedora', 'amazon' + remote_file "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" do + source new_resource.yum_gpg_key_uri + end + + yum_repository "PostgreSQL #{new_resource.version}" do # ~FC005 + repositoryid "pgdg#{new_resource.version}" + description "PostgreSQL.org #{new_resource.version}" + baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum') + enabled new_resource.enable_pgdg + gpgcheck true + gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" + end + + yum_repository "PostgreSQL #{new_resource.version} - source " do + repositoryid "pgdg#{new_resource.version}-source" + description "PostgreSQL.org #{new_resource.version} Source" + baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms') + enabled new_resource.enable_pgdg_source + gpgcheck true + gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" + end + + yum_repository "PostgreSQL #{new_resource.version} - updates testing" do + repositoryid "pgdg#{new_resource.version}-updates-testing" + description "PostgreSQL.org #{new_resource.version} Updates Testing" + baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/testing') + enabled new_resource.enable_pgdg_updates_testing + gpgcheck true + gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" + end + + yum_repository "PostgreSQL #{new_resource.version} - source - updates testing" do + repositoryid "pgdg#{new_resource.version}-source-updates-testing" + description "PostgreSQL.org #{new_resource.version} Source Updates Testing" + baseurl yum_repo_url('https://download.postgresql.org/pub/repos/yum/srpms/testing') + enabled new_resource.enable_pgdg_source_updates_testing + gpgcheck true + gpgkey "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-#{new_resource.version}" + end + + when 'debian' + apt_update + + package 'apt-transport-https' + + apt_repository 'postgresql_org_repository' do + uri 'https://download.postgresql.org/pub/repos/apt/' + components ['main', new_resource.version.to_s] + distribution "#{node['lsb']['codename']}-pgdg" + key new_resource.apt_gpg_key_uri + cache_rebuild true + end + else + raise "The platform_family '#{node['platform_family']}' or platform '#{node['platform']}' is not supported by the postgresql_repository resource. If you believe this platform can/should be supported by this resource please file and issue or open a pull request at https://github.com/sous-chefs/postgresql" + end +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/server_conf.rb b/ops/cookbooks/vendor/postgresql/resources/server_conf.rb new file mode 100644 index 0000000..3c44c22 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/server_conf.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: true +# +# Cookbook:: postgresql +# Resource:: server_conf +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include PostgresqlCookbook::Helpers + +property :version, String, default: '9.6' +property :data_directory, String, default: lazy { data_dir } +property :hba_file, String, default: lazy { "#{conf_dir}/pg_hba.conf" } +property :ident_file, String, default: lazy { "#{conf_dir}/pg_ident.conf" } +property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" } +property :stats_temp_directory, String, default: lazy { "/var/run/postgresql/#{version}-main.pg_stat_tmp" } +property :port, Integer, default: 5432 +property :additional_config, Hash, default: {} +property :cookbook, String, default: 'postgresql' + +action :modify do + template "#{conf_dir}/postgresql.conf" do + cookbook new_resource.cookbook + source 'postgresql.conf.erb' + owner 'postgres' + group 'postgres' + mode '0644' + variables( + data_dir: new_resource.data_directory, + hba_file: new_resource.hba_file, + ident_file: new_resource.ident_file, + external_pid_file: new_resource.external_pid_file, + stats_temp_directory: new_resource.stats_temp_directory, + port: new_resource.port, + additional_config: new_resource.additional_config + ) + end +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/server_install.rb b/ops/cookbooks/vendor/postgresql/resources/server_install.rb new file mode 100644 index 0000000..3c66c67 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/server_install.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true +# +# Cookbook:: postgresql +# Resource:: server_install +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include PostgresqlCookbook::Helpers + +property :version, String, default: '9.6' +property :setup_repo, [true, false], default: true +property :hba_file, String, default: lazy { "#{conf_dir}/main/pg_hba.conf" } +property :ident_file, String, default: lazy { "#{conf_dir}/main/pg_ident.conf" } +property :external_pid_file, String, default: lazy { "/var/run/postgresql/#{version}-main.pid" } +property :password, [String, nil], default: 'generate' # Set to nil if we do not want to set a password +property :port, Integer, default: 5432 +property :initdb_locale, String + +# Connection preferences +property :user, String, default: 'postgres' +property :database, String +property :host, [String, nil] + +action :install do + node.run_state['postgresql'] ||= {} + node.run_state['postgresql']['version'] = new_resource.version + + postgresql_client_install 'Install PostgreSQL Client' do + version new_resource.version + setup_repo new_resource.setup_repo + end + + package server_pkg_name +end + +action :create do + execute 'init_db' do + command rhel_init_db_command(new_resource) + user new_resource.user + not_if { initialized? } + only_if { platform_family?('rhel', 'fedora', 'amazon') } + end + + # We use to use find_resource here. + # But that required the user to do the same in their recipe. + # This also seemed to never trigger notifications, therefore requiring a log resource + # to notify the enable/start on the service, which always fires (Check v7.0 tag for more) + service 'postgresql' do + service_name platform_service_name + supports restart: true, status: true, reload: true + action [:enable, :start] + end + + # Generate a random password or set it as per new_resource.password. + bash 'generate-postgres-password' do + user 'postgres' + code alter_role_sql(new_resource) + not_if { user_has_password?(new_resource) } + not_if { new_resource.password.nil? } + end +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/resources/user.rb b/ops/cookbooks/vendor/postgresql/resources/user.rb new file mode 100644 index 0000000..05da73b --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/resources/user.rb @@ -0,0 +1,87 @@ +# +# Cookbook:: postgresql +# Resource:: user +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :create_user, String, name_property: true +property :superuser, [true, false], default: false +property :createdb, [true, false], default: false +property :createrole, [true, false], default: false +property :inherit, [true, false], default: true +property :replication, [true, false], default: false +property :login, [true, false], default: true +property :password, String +property :encrypted_password, String +property :valid_until, String +property :attributes, Hash, default: {} + +# Connection prefernces +property :user, String, default: 'postgres' +property :database, String +property :host, String +property :port, Integer, default: 5432 + +action :create do + Chef::Log.warn('You cannot use "attributes" property with create action.') unless new_resource.attributes.empty? + + execute "create postgresql user #{new_resource.create_user}" do # ~FC009 + user 'postgres' + command create_user_sql(new_resource) + sensitive new_resource.sensitive + not_if { follower? || user_exists?(new_resource) } + end +end + +action :update do + if new_resource.attributes.empty? + execute "update postgresql user #{new_resource.create_user}" do + user 'postgres' + command update_user_sql(new_resource) + sensitive true + not_if { follower? } + only_if { user_exists?(new_resource) } + end + else + new_resource.attributes.each do |attr, value| + v = if value.is_a?(TrueClass) || value.is_a?(FalseClass) + value.to_s + else + "'#{value}'" + end + + execute "Update postgresql user #{new_resource.create_user} to set #{attr}" do + user 'postgres' + command update_user_with_attributes_sql(new_resource, v) + sensitive true + not_if { follower? } + only_if { user_exists?(new_resource) } + end + end + end +end + +action :drop do + execute "drop postgresql user #{new_resource.create_user}" do + user 'postgres' + command drop_user_sql(new_resource) + sensitive true + not_if { follower? } + only_if { user_exists?(new_resource) } + end +end + +action_class do + include PostgresqlCookbook::Helpers +end diff --git a/ops/cookbooks/vendor/postgresql/templates/pg_hba.conf.erb b/ops/cookbooks/vendor/postgresql/templates/pg_hba.conf.erb new file mode 100644 index 0000000..9eab8a9 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/templates/pg_hba.conf.erb @@ -0,0 +1,33 @@ +# This file was automatically generated and dropped off by Chef! + +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. + +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +# IPv6 local connections: +host all all ::1/128 md5 + +########### +# From the postgresql_access resources +########### +<% @pg_hba.each do |k,v| -%> +# <%= k %> +<% if v[:comment] -%> +# <%= v[:comment] %> +<% end -%> +<% if v[:addr] %> +<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:addr].ljust(23) %> <%= v[:method] %> +<% else %> +<%= v[:type].ljust(7) %> <%= v[:db].ljust(15) %> <%= v[:user].ljust(15) %> <%= v[:method] %> +<% end %> +<% end %> diff --git a/ops/cookbooks/vendor/postgresql/templates/pg_ident.conf.erb b/ops/cookbooks/vendor/postgresql/templates/pg_ident.conf.erb new file mode 100644 index 0000000..f3ba499 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/templates/pg_ident.conf.erb @@ -0,0 +1,49 @@ +# PostgreSQL User Name Maps +# ========================= +# +# Refer to the PostgreSQL documentation, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls PostgreSQL user name mapping. It maps external +# user names to their corresponding PostgreSQL user names. Records +# are of the form: +# +# MAPNAME SYSTEM-USERNAME PG-USERNAME +# +# (The uppercase quantities must be replaced by actual values.) +# +# MAPNAME is the (otherwise freely chosen) map name that was used in +# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the +# client. PG-USERNAME is the requested PostgreSQL user name. The +# existence of a record specifies that SYSTEM-USERNAME may connect as +# PG-USERNAME. +# +# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a +# regular expression. Optionally this can contain a capture (a +# parenthesized subexpression). The substring matching the capture +# will be substituted for \1 (backslash-one) if present in +# PG-USERNAME. +# +# Multiple maps may be specified in this file and used by pg_hba.conf. +# +# No map names are defined in the default configuration. If all +# system user names and PostgreSQL user names are the same, you don't +# need anything in this file. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- + +# MAPNAME SYSTEM-USERNAME PG-USERNAME +<% @pg_ident.each do |k,v| -%> + <% if v[:comment] -%> + +# <%= v[:comment] %> + <% end -%> +<%= v[:mapname].ljust(15) %> <%= v[:system_user].ljust(23) %> <%= v[:pg_user].ljust(15) %> +<% end %> diff --git a/ops/cookbooks/vendor/postgresql/templates/pgsql.sysconfig.erb b/ops/cookbooks/vendor/postgresql/templates/pgsql.sysconfig.erb new file mode 100644 index 0000000..2740356 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/templates/pgsql.sysconfig.erb @@ -0,0 +1,2 @@ +PGDATA=<%= @postgresql_dir %> +PGPORT=<%= @port %> diff --git a/ops/cookbooks/vendor/postgresql/templates/postgresql.conf.erb b/ops/cookbooks/vendor/postgresql/templates/postgresql.conf.erb new file mode 100644 index 0000000..7656770 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/templates/postgresql.conf.erb @@ -0,0 +1,26 @@ +# PostgreSQL configuration file +# This file was automatically generated and dropped off by chef! +# Please refer to the PostgreSQL documentation for details on +# configuration settings. + +data_directory = '<%= @data_dir %>' +hba_file = '<%= @hba_file %>' +ident_file = '<%= @ident_file %>' +external_pid_file = '<%= @external_pid_file %>' +stats_temp_directory = '<%= @stats_temp_directory %>' +port = <%= @port %> +<% @additional_config.sort.each do |key, value| %> +<% next if value.nil? -%> +<%= key %> = <%= + case value + when String + "'#{value}'" + when TrueClass + 'on' + when FalseClass + 'off' + else + value + end +%> +<% end %> diff --git a/ops/cookbooks/vendor/postgresql/templates/postgresql.service.erb b/ops/cookbooks/vendor/postgresql/templates/postgresql.service.erb new file mode 100644 index 0000000..688e7d5 --- /dev/null +++ b/ops/cookbooks/vendor/postgresql/templates/postgresql.service.erb @@ -0,0 +1,6 @@ +[Service] +.include /usr/lib/systemd/system/<%= @svc_name %>.service + +Environment= +Environment=PGPORT=<%= @port %> +Environment=PGDATA=<%= @data_dir %> diff --git a/ops/cookbooks/vendor/seven_zip/Gemfile b/ops/cookbooks/vendor/seven_zip/Gemfile new file mode 100644 index 0000000..b6ba658 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/Gemfile @@ -0,0 +1,8 @@ +source 'http://rubygems.org' + +gem 'cookstyle' +gem 'foodcritic' +gem 'rspec-expectations' +gem 'rspec-mocks' +gem 'rubocop' +gem 'stove' diff --git a/ops/cookbooks/vendor/seven_zip/LICENSE b/ops/cookbooks/vendor/seven_zip/LICENSE new file mode 100644 index 0000000..11069ed --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/ops/cookbooks/vendor/seven_zip/README.md b/ops/cookbooks/vendor/seven_zip/README.md new file mode 100644 index 0000000..7e04831 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/README.md @@ -0,0 +1,114 @@ +[![Cookbook Version](http://img.shields.io/cookbook/v/seven_zip.svg)](https://supermarket.chef.io/cookbooks/seven_zip) +[![Build status](https://ci.appveyor.com/api/projects/status/y1lsnlkd2b3q6gfd/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks65871/seven-zip/branch/master) + +# seven_zip Cookbook +[7-Zip](http://www.7-zip.org/) is a file archiver with a high compression ratio. This cookbook installs the full 7-Zip suite of tools (GUI and CLI). This cookbook replaces the older [7-Zip cookbook](https://github.com/sneal/7-zip). + +# Requirements +## Platforms +- Windows XP +- Windows Vista +- Windows 7 +- Windows 8, 8.1 +- Windows 10 +- Windows Server 2003 R2 +- Windows Server 2008 (R1, R2) +- Windows Server 2012 (R1, R2) + +## Chef +- Chef >= 13.0 + +## Cookbooks +- windows + +# Attributes +## Optional + +| Key | Type | Description | Default | +|-----|------|-------------|---------| +| `['seven_zip']['home']` | String | 7-Zip installation directory. | | +| `['seven_zip']['syspath']` | Boolean | If true, adds 7-Zip directory to system PATH environment variable. | | +| `['seven_zip']['default_extract_timeout']` | Integer | The default timeout for an extract operation in seconds. This can be overridden by a resource attribute. | `600` | + +# Usage +## default + +Add `seven_zip::default` to your run\_list which will download and install 7-Zip for the current Windows platform. + +# Resource/Provider +## seven_zip_archive +Extracts a 7-Zip compatible archive (iso, zip, 7z, etc.) to the specified destination directory. + +#### Actions +- `:extract` - Extract a 7-Zip compatible archive. + +#### Attribute Parameters +- `path` - Name attribute. The destination to extract to. +- `source` - The file path to the archive to extract. +- `overwrite` - Defaults to false. If true, the destination files will be overwritten. +- `checksum` - The archive file checksum. +- `timeout` - The extract action timeout in seconds, defaults to `node['seven_zip']['default_extract_timeout']`. + +#### Examples +Extract 7-Zip source files to `C:\seven_zip_source`. + +```ruby +seven_zip_archive 'seven_zip_source' do + path 'C:\seven_zip_source' + source 'https://www.7-zip.org/a/7z1805-src.7z' + overwrite true + checksum 'd9acfcbbdcad078435586e00f73909358ed8d714d106e064dcba52fa73e75d83' + timeout 30 +end +``` + +## seven_zip_tool +Download and install 7-zip for the current Windows platform. + +#### Actions +- `:install` - Installs 7-zip +- `:add_to_path` - Add 7-zip to the PATH + +#### Attribute Parameters +- `package` - The name of the package. +- `path` - The install directory of 7-zip. +- `source` - The source URL of the 7-zip package. +- `checksum` - The 7-zip package checksum. + +#### Examples +Install 7-zip in `C:\7z` and add it to the path. + +```ruby +seven_zip_tool '7z 15.14 install' do + action [:install, :add_to_path] + package '7-Zip 15.14' + path 'C:\7z' + source 'http://www.7-zip.org/a/7z1514.msi' + checksum 'eaf58e29941d8ca95045946949d75d9b5455fac167df979a7f8e4a6bf2d39680' +end +``` + +# Recipes +## default + +Installs 7-Zip and adds it to your system PATH. + +# License & Authors +- Author:: Seth Chisamore () +- Author:: Shawn Neal () + +```text +Copyright:: 2011-2016, Chef Software, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/ops/cookbooks/vendor/seven_zip/appveyor.yml b/ops/cookbooks/vendor/seven_zip/appveyor.yml new file mode 100644 index 0000000..321b270 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/appveyor.yml @@ -0,0 +1,42 @@ +version: "3.1.1.{build}-{branch}" + +image: Visual Studio 2013 +platform: x64 + +environment: + machine_user: vagrant + machine_pass: vagrant + KITCHEN_YAML: .kitchen.appveyor.yml + +branches: + only: + - master + +# Do not build on tags (GitHub only) +skip_tags: true + +#faster cloning +clone_depth: 1 + +install: + - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel stable -version 3.10.1 + - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version' + - ps: $PSVersionTable + - c:\opscode\chefdk\bin\chef.bat exec ruby --version + - ps: secedit /export /cfg $env:temp/export.cfg + - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg + - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg + - ps: secedit /configure /db $env:windir/security/new.sdb /cfg $env:temp/export.cfg /areas SECURITYPOLICY + - ps: net user /add $env:machine_user $env:machine_pass + - ps: net localgroup administrators $env:machine_user /add + +build_script: + - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version + +test_script: + - c:\opscode\chefdk\bin\cookstyle --version + - c:\opscode\chefdk\bin\chef.bat exec foodcritic --version + - c:\opscode\chefdk\bin\chef.bat exec rake + - c:\opscode\chefdk\bin\chef.bat exec kitchen verify + +deploy: off diff --git a/ops/cookbooks/vendor/seven_zip/attributes/default.rb b/ops/cookbooks/vendor/seven_zip/attributes/default.rb new file mode 100644 index 0000000..443a28b --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/attributes/default.rb @@ -0,0 +1,31 @@ +# +# Author:: Seth Chisamore () +# Cookbook:: seven_zip +# Attribute:: default +# +# Copyright:: 2011-2017, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if node['kernel']['machine'] == 'x86_64' + default['seven_zip']['url'] = 'https://www.7-zip.org/a/7z1805-x64.msi' + default['seven_zip']['checksum'] = '898c1ca0015183fe2ba7d55cacf0a1dea35e873bf3f8090f362a6288c6ef08d7' + default['seven_zip']['package_name'] = '7-Zip 18.05 (x64 edition)' +else + default['seven_zip']['url'] = 'https://www.7-zip.org/a/7z1805.msi' + default['seven_zip']['checksum'] = 'c554238bee18a03d736525e06d9258c9ecf7f64ead7c6b0d1eb04db2c0de30d0' + default['seven_zip']['package_name'] = '7-Zip 18.05' +end + +default['seven_zip']['default_extract_timeout'] = 600 diff --git a/ops/cookbooks/vendor/seven_zip/chefignore b/ops/cookbooks/vendor/seven_zip/chefignore new file mode 100644 index 0000000..9c2bd55 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/chefignore @@ -0,0 +1,98 @@ +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* +MAINTAINERS.toml + +# Strainer # +############ +Colanderfile +Strainerfile +.colander +.strainer + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/seven_zip/libraries/matchers.rb b/ops/cookbooks/vendor/seven_zip/libraries/matchers.rb new file mode 100644 index 0000000..6dd4dca --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/libraries/matchers.rb @@ -0,0 +1,33 @@ +# +# Author:: Shawn Neal () +# Cookbook:: visualstudio +# +# Copyright:: 2015-2017, Shawn Neal +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if defined?(ChefSpec) + chefspec_version = Gem.loaded_specs['chefspec'].version + define_method = if chefspec_version < Gem::Version.new('4.1.0') + ChefSpec::Runner.method(:define_runner_method) + else + ChefSpec.method(:define_matcher) + end + + define_method.call :seven_zip_archive + + def extract_seven_zip_archive(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:seven_zip_archive, :extract, resource_name) + end +end diff --git a/ops/cookbooks/vendor/seven_zip/metadata.json b/ops/cookbooks/vendor/seven_zip/metadata.json new file mode 100644 index 0000000..cf13785 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/metadata.json @@ -0,0 +1,38 @@ +{ + "name": "seven_zip", + "description": "Installs/Configures 7-Zip", + "long_description": "[![Cookbook Version](http://img.shields.io/cookbook/v/seven_zip.svg)](https://supermarket.chef.io/cookbooks/seven_zip)\n[![Build status](https://ci.appveyor.com/api/projects/status/y1lsnlkd2b3q6gfd/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks65871/seven-zip/branch/master)\n\n# seven_zip Cookbook\n[7-Zip](http://www.7-zip.org/) is a file archiver with a high compression ratio. This cookbook installs the full 7-Zip suite of tools (GUI and CLI). This cookbook replaces the older [7-Zip cookbook](https://github.com/sneal/7-zip).\n\n# Requirements\n## Platforms\n- Windows XP\n- Windows Vista\n- Windows 7\n- Windows 8, 8.1\n- Windows 10\n- Windows Server 2003 R2\n- Windows Server 2008 (R1, R2)\n- Windows Server 2012 (R1, R2)\n\n## Chef\n- Chef >= 13.0\n\n## Cookbooks\n- windows\n\n# Attributes\n## Optional\n\n| Key | Type | Description | Default |\n|-----|------|-------------|---------|\n| `['seven_zip']['home']` | String | 7-Zip installation directory. | |\n| `['seven_zip']['syspath']` | Boolean | If true, adds 7-Zip directory to system PATH environment variable. | |\n| `['seven_zip']['default_extract_timeout']` | Integer | The default timeout for an extract operation in seconds. This can be overridden by a resource attribute. | `600` |\n\n# Usage\n## default\n\nAdd `seven_zip::default` to your run\\_list which will download and install 7-Zip for the current Windows platform.\n\n# Resource/Provider\n## seven_zip_archive\nExtracts a 7-Zip compatible archive (iso, zip, 7z, etc.) to the specified destination directory.\n\n#### Actions\n- `:extract` - Extract a 7-Zip compatible archive.\n\n#### Attribute Parameters\n- `path` - Name attribute. The destination to extract to.\n- `source` - The file path to the archive to extract.\n- `overwrite` - Defaults to false. If true, the destination files will be overwritten.\n- `checksum` - The archive file checksum.\n- `timeout` - The extract action timeout in seconds, defaults to `node['seven_zip']['default_extract_timeout']`.\n\n#### Examples\nExtract 7-Zip source files to `C:\\seven_zip_source`.\n\n```ruby\nseven_zip_archive 'seven_zip_source' do\n path 'C:\\seven_zip_source'\n source 'https://www.7-zip.org/a/7z1805-src.7z'\n overwrite true\n checksum 'd9acfcbbdcad078435586e00f73909358ed8d714d106e064dcba52fa73e75d83'\n timeout 30\nend\n```\n\n## seven_zip_tool\nDownload and install 7-zip for the current Windows platform.\n\n#### Actions\n- `:install` - Installs 7-zip\n- `:add_to_path` - Add 7-zip to the PATH\n\n#### Attribute Parameters\n- `package` - The name of the package.\n- `path` - The install directory of 7-zip.\n- `source` - The source URL of the 7-zip package.\n- `checksum` - The 7-zip package checksum.\n\n#### Examples\nInstall 7-zip in `C:\\7z` and add it to the path.\n\n```ruby\nseven_zip_tool '7z 15.14 install' do\n action [:install, :add_to_path]\n package '7-Zip 15.14'\n path 'C:\\7z'\n source 'http://www.7-zip.org/a/7z1514.msi'\n checksum 'eaf58e29941d8ca95045946949d75d9b5455fac167df979a7f8e4a6bf2d39680'\nend\n```\n\n# Recipes\n## default\n\nInstalls 7-Zip and adds it to your system PATH.\n\n# License & Authors\n- Author:: Seth Chisamore ()\n- Author:: Shawn Neal ()\n\n```text\nCopyright:: 2011-2016, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", + "maintainer": "Shawn Neal", + "maintainer_email": "sneal@sneal.net", + "license": "Apache-2.0", + "platforms": { + "windows": ">= 0.0.0" + }, + "dependencies": { + "windows": ">= 0.0.0" + }, + "providing": { + + }, + "attributes": { + + }, + "recipes": { + + }, + "version": "3.1.1", + "source_url": "https://github.com/windowschefcookbooks/seven_zip", + "issues_url": "https://github.com/windowschefcookbooks/seven_zip/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 13.0" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ] +} diff --git a/ops/cookbooks/vendor/seven_zip/metadata.rb b/ops/cookbooks/vendor/seven_zip/metadata.rb new file mode 100644 index 0000000..d840292 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/metadata.rb @@ -0,0 +1,12 @@ +name 'seven_zip' +maintainer 'Shawn Neal' +maintainer_email 'sneal@sneal.net' +source_url 'https://github.com/windowschefcookbooks/seven_zip' +issues_url 'https://github.com/windowschefcookbooks/seven_zip/issues' +chef_version '>= 13.0' if respond_to?(:chef_version) +license 'Apache-2.0' +description 'Installs/Configures 7-Zip' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '3.1.1' +supports 'windows' +depends 'windows' diff --git a/ops/cookbooks/vendor/seven_zip/providers/archive.rb b/ops/cookbooks/vendor/seven_zip/providers/archive.rb new file mode 100644 index 0000000..c935569 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/providers/archive.rb @@ -0,0 +1,64 @@ +# +# Author:: Shawn Neal () +# Cookbook:: seven_zip +# Provider:: archive +# +# Copyright:: 2013-2017, Daptiv Solutions LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'fileutils' +require 'chef/mixin/shell_out' +require 'chef/util/path_helper' + +include Chef::Mixin::ShellOut +include Windows::Helper + +def whyrun_supported? + true +end + +action :extract do + converge_by("Extract #{@new_resource.source} => #{@new_resource.path} (overwrite=#{@new_resource.overwrite})") do + FileUtils.mkdir_p(@new_resource.path) unless Dir.exist?(@new_resource.path) + local_source = cached_file(@new_resource.source, @new_resource.checksum) + overwrite_file = @new_resource.overwrite ? ' -y' : ' -aos' + cmd = "\"#{seven_zip_exe}\" x" + cmd << overwrite_file + cmd << " -o\"#{Chef::Util::PathHelper.cleanpath(@new_resource.path)}\"" + cmd << " \"#{local_source}\"" + Chef::Log.debug(cmd) + shell_out!(cmd, timeout: extract_timeout) + end +end + +def seven_zip_exe + path = node['seven_zip']['home'] || seven_zip_exe_from_registry + Chef::Log.debug("Using 7-zip home: #{path}") + Chef::Util::PathHelper.cleanpath(::File.join(path, '7z.exe')) +end + +def seven_zip_exe_from_registry + require 'win32/registry' + # Read path from recommended Windows App Paths registry location + # docs: https://msdn.microsoft.com/en-us/library/windows/desktop/ee872121 + ::Win32::Registry::HKEY_LOCAL_MACHINE.open( + 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe', + ::Win32::Registry::KEY_READ + ).read_s('Path') +end + +def extract_timeout + @new_resource.timeout || node['seven_zip']['default_extract_timeout'] +end diff --git a/ops/cookbooks/vendor/seven_zip/rakefile.rb b/ops/cookbooks/vendor/seven_zip/rakefile.rb new file mode 100644 index 0000000..6eab0cc --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/rakefile.rb @@ -0,0 +1,27 @@ +require 'cookstyle' +require 'foodcritic' +require 'rspec/core/rake_task' +require 'rubocop/rake_task' + +task default: [:rubocop, :foodcritic, :spec] + +FoodCritic::Rake::LintTask.new do |t| + t.options = { + cookbook_paths: '.', + search_gems: true, + } +end + +RSpec::Core::RakeTask.new do |task| + task.pattern = 'spec/**/*_spec.rb' + task.rspec_opts = ['--color', '-f documentation', '-tunit'] +end + +RuboCop::RakeTask.new + +begin + require 'stove/rake_task' + Stove::RakeTask.new +rescue LoadError => e + puts ">>> Gem load error: #{e}, omitting #{task.name}" unless ENV['CI'] +end diff --git a/ops/cookbooks/vendor/seven_zip/recipes/default.rb b/ops/cookbooks/vendor/seven_zip/recipes/default.rb new file mode 100644 index 0000000..b013889 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/recipes/default.rb @@ -0,0 +1,24 @@ +# +# Author:: Seth Chisamore () +# Cookbook:: seven_zip +# Recipe:: default +# +# Copyright:: 2011-2017, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Install 7z and optionally add it to path +seven_zip_tool 'install seven_zip' do + action [:install, :add_to_path] if node['seven_zip']['syspath'] +end diff --git a/ops/cookbooks/vendor/seven_zip/resources/archive.rb b/ops/cookbooks/vendor/seven_zip/resources/archive.rb new file mode 100644 index 0000000..5558f14 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/resources/archive.rb @@ -0,0 +1,29 @@ +# +# Author:: Shawn Neal () +# Cookbook:: seven_zip +# Resource:: archive +# +# Copyright:: 2013-2017, Daptiv Solutions LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default_action :extract + +actions :extract + +attribute :path, kind_of: String, name_attribute: true +attribute :source, kind_of: String +attribute :overwrite, kind_of: [TrueClass, FalseClass], default: false +attribute :checksum, kind_of: String +attribute :timeout, kind_of: Integer diff --git a/ops/cookbooks/vendor/seven_zip/resources/tool.rb b/ops/cookbooks/vendor/seven_zip/resources/tool.rb new file mode 100644 index 0000000..4e27965 --- /dev/null +++ b/ops/cookbooks/vendor/seven_zip/resources/tool.rb @@ -0,0 +1,47 @@ +# +# Author:: Annih () +# Cookbook:: seven_zip +# Resource:: tool +# +# Copyright:: 2018, Baptiste Courtois +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +property :package, ::String, default: lazy { node['seven_zip']['package_name'] } +property :source, ::String, default: lazy { node['seven_zip']['url'] } +property :checksum, [::NilClass, ::String], default: lazy { node['seven_zip']['checksum'] } +property :path, [::NilClass, ::String], default: lazy { node['seven_zip']['home'] } + +action :install do + windows_package new_resource.package do + action :install + source new_resource.source + checksum new_resource.checksum unless new_resource.checksum.nil? + options "INSTALLDIR=\"#{new_resource.path}\"" unless new_resource.path.nil? + end +end + +action :add_to_path do + windows_path 'seven_zip' do + action :add + path new_resource.path || registry_path + end +end + +action_class do + REG_PATH = 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe'.freeze + + def registry_path + ::Win32::Registry::HKEY_LOCAL_MACHINE.open(REG_PATH, ::Win32::Registry::KEY_READ).read_s('Path') + end +end diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/.kitchen.yml b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/.kitchen.yml new file mode 100644 index 0000000..bc6e264 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/.kitchen.yml @@ -0,0 +1,21 @@ +--- +driver: + name: vagrant + synced_folders: + - [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data'] + +provisioner: + name: chef_zero + encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton' + data_bags_path: './data_bags' + product_name: chefdk + +platforms: + - name: ubuntu-16.04 + - name: centos-7 + +suites: + - name: default + run_list: + - recipe[test] + attributes: diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/Berksfile b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/Berksfile new file mode 100644 index 0000000..61dab72 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/Berksfile @@ -0,0 +1,7 @@ +source 'https://supermarket.chef.io' + +metadata + +group :delivery do + cookbook 'test', path: './test/fixtures/cookbooks/test' +end diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/LICENSE b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/README.md b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/README.md new file mode 100644 index 0000000..297af5a --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/README.md @@ -0,0 +1,146 @@ +# build_cookbook + +A build cookbook for running the parent project through Chef Delivery + +This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline. + +## .delivery/config.json + +In the parent directory to this build_cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration. + +## Test Kitchen - Local Verify Testing + +This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project. + +Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build_cookbook`), and run: + +``` +kitchen test +``` + +## Recipes + +Each of the recipes in this build_cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section. + +## Making Changes - Cookbook Example + +When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent. + +First, create a new branch for the changes. + +``` +git checkout -b testing-build-cookbook +``` + +Next, increment the version in the metadata.rb. This should be in the _parent_, not in this, the build_cookbook. If this is not done, the verify phase will fail. + +``` +% git diff + +-version '0.1.0' ++version '0.1.1' +``` + +The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`. + +```ruby +require 'spec_helper' + +describe 'godzilla::default' do + context 'When all attributes are default, on Ubuntu 16.04' do + let(:chef_run) do + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.converge(described_recipe) + end + + it 'installs zsh' do + expect(chef_run).to install_package('zsh') + end + end +end +``` + +Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository. + +``` +git add ../.. +git commit -m 'WIP: Testing changes' +``` + +From _this_ directory (`.delivery/build_cookbook`, relative to the parent cookbook project), run + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`. + +``` +cd ../../ +$EDITOR/recipes/default.rb +``` + +It should look like this: + +``` +package 'zsh' +``` + +Create another commit. + +``` +git add . +git commit -m 'WIP: Install zsh in default recipe' +``` + +Now rerun kitchen from the build_cookbook. + +``` +cd .delivery/build_cookbook +kitchen converge +``` + +This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break. + +``` +Recipe: test::default + +- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen + * execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run + - execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen + + - execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen + +Running handlers: +Running handlers complete +Chef Client finished, 3/32 resources updated in 54.665445968 seconds +Finished converging (1m26.83s). +``` + +Victory is ours! Our verify phase passed on the build nodes. + +We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added. + +``` +cd ../.. +delivery review +``` + +## FAQ + +### Why don't I just run rspec and foodcritic/rubocop on my local system? + +An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery. + +### Why do I have to make a commit every time? + +When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery. + +### What do I do next? + +Make changes in the cookbook project as required for organizational goals and needs. Modify the `build_cookbook` as necessary for the pipeline phases that the cookbook should go through. + +### What if I get stuck? + +Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck. diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/chefignore b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json new file mode 100644 index 0000000..af375ea --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json @@ -0,0 +1 @@ +{"id": "delivery_builder_keys"} \ No newline at end of file diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/metadata.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/metadata.rb new file mode 100644 index 0000000..fc26412 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/metadata.rb @@ -0,0 +1,8 @@ +name 'build_cookbook' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'all_rights' +version '0.1.0' +chef_version '>= 13.0' + +depends 'delivery-truck' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/default.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/default.rb new file mode 100644 index 0000000..5bb9df3 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/default.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::default' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/deploy.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/deploy.rb new file mode 100644 index 0000000..43af83c --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/deploy.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: deploy +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::deploy' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/functional.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/functional.rb new file mode 100644 index 0000000..66001fe --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/functional.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: functional +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::functional' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/lint.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/lint.rb new file mode 100644 index 0000000..0188770 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/lint.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: lint +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::lint' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/provision.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/provision.rb new file mode 100644 index 0000000..ac44c47 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/provision.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: provision +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::provision' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/publish.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/publish.rb new file mode 100644 index 0000000..618b3f4 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/publish.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: publish +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::publish' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/quality.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/quality.rb new file mode 100644 index 0000000..7b2ad5d --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/quality.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: quality +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::quality' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/security.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/security.rb new file mode 100644 index 0000000..00096dd --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/security.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: security +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::security' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/smoke.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/smoke.rb new file mode 100644 index 0000000..332646f --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/smoke.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: smoke +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::smoke' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/syntax.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/syntax.rb new file mode 100644 index 0000000..4052638 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/syntax.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: syntax +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::syntax' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/unit.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/unit.rb new file mode 100644 index 0000000..fde68b8 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/unit.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: build_cookbook +# Recipe:: unit +# +# Copyright:: 2019, The Authors, All Rights Reserved. +include_recipe 'delivery-truck::unit' diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/secrets/fakey-mcfakerton b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/secrets/fakey-mcfakerton new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb new file mode 100644 index 0000000..1725039 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb @@ -0,0 +1,2 @@ +name 'test' +version '0.1.0' \ No newline at end of file diff --git a/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb new file mode 100644 index 0000000..2fd58de --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true +%w(unit lint syntax).each do |phase| + # TODO: This works on Linux/Unix. Not Windows. + execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do + cwd '/tmp/repo-data' + user 'vagrant' + environment('GIT_DISCOVERY_ACROSS_FILESYSTEM' => '1') + end +end diff --git a/ops/cookbooks/vendor/t42-common/.delivery/config.json b/ops/cookbooks/vendor/t42-common/.delivery/config.json new file mode 100644 index 0000000..987952b --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/config.json @@ -0,0 +1,17 @@ +{ + "version": "2", + "build_cookbook": { + "name": "build_cookbook", + "path": ".delivery/build_cookbook" + }, + "delivery-truck": { + "lint": { + "enable_cookstyle": true + } + }, + "skip_phases": [], + "job_dispatch": { + "version": "v2" + }, + "dependencies": [] +} diff --git a/ops/cookbooks/vendor/t42-common/.delivery/project.toml b/ops/cookbooks/vendor/t42-common/.delivery/project.toml new file mode 100644 index 0000000..9f54c5e --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/.delivery/project.toml @@ -0,0 +1,36 @@ +# Delivery Prototype for Local Phases Execution +# +# The purpose of this file is to prototype a new way to execute +# phases locally on your workstation. The delivery-cli will read +# this file and execute the command(s) that are configured for +# each phase. You can customize them by just modifying the phase +# key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# +# As this is still a prototype we are not modifying the current +# config.json file and it will continue working as usual. + +[local_phases] +unit = "chef exec rspec spec/" +lint = "chef exec cookstyle" +# Foodcritic includes rules only appropriate for community cookbooks +# uploaded to Supermarket. We turn off any rules tagged "supermarket" +# by default. If you plan to share this cookbook you should remove +# '-t ~supermarket' below to enable supermarket rules. +syntax = "chef exec foodcritic . -t ~supermarket" +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Specify a remote URI location for the `project.toml` file. +# This is useful for teams that wish to centrally manage the behavior +# of the `delivery local` command across many different projects. +# +# remote_file = "https://url/project.toml" diff --git a/ops/cookbooks/vendor/t42-common/LICENSE b/ops/cookbooks/vendor/t42-common/LICENSE new file mode 100644 index 0000000..10b5688 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/LICENSE @@ -0,0 +1,3 @@ +Copyright 2019 The Authors + +All rights reserved, do not redistribute. diff --git a/ops/cookbooks/vendor/t42-common/README.md b/ops/cookbooks/vendor/t42-common/README.md new file mode 100644 index 0000000..33b6dc0 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/README.md @@ -0,0 +1,4 @@ +# t42-common + +TODO: Enter the cookbook description here. + diff --git a/ops/cookbooks/vendor/t42-common/attributes/apache.rb b/ops/cookbooks/vendor/t42-common/attributes/apache.rb new file mode 100644 index 0000000..e69de29 diff --git a/ops/cookbooks/vendor/t42-common/attributes/mysql.rb b/ops/cookbooks/vendor/t42-common/attributes/mysql.rb new file mode 100644 index 0000000..28422de --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/attributes/mysql.rb @@ -0,0 +1,6 @@ +require 'securerandom' + +node.default['db']['name'] = "#{node['app']['name']}" +node.default['db']['user'] = "#{node['app']['name']}" +node.default['db']['root_password'] = SecureRandom.hex(13) +node.default['db']['password'] = SecureRandom.hex(13) diff --git a/ops/cookbooks/vendor/t42-common/attributes/nodejs.rb b/ops/cookbooks/vendor/t42-common/attributes/nodejs.rb new file mode 100644 index 0000000..f9d8c4e --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/attributes/nodejs.rb @@ -0,0 +1,5 @@ +default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node" +default['NodeJS']['version'] = 8 +default['NodeJS']['working-dir'] = 'src/nodejs' +default['NodeJS']['exec_file'] = 'app.js' +default['NodeJS']['port'] = '8001' diff --git a/ops/cookbooks/vendor/t42-common/attributes/postgres.rb b/ops/cookbooks/vendor/t42-common/attributes/postgres.rb new file mode 100644 index 0000000..ff207c3 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/attributes/postgres.rb @@ -0,0 +1,5 @@ +require 'securerandom' + +default['db']['name'] = node['app']['name'] +default['db']['user'] = node['app']['name'] +default['db']['password'] = SecureRandom.hex(13) diff --git a/ops/cookbooks/vendor/t42-common/attributes/python.rb b/ops/cookbooks/vendor/t42-common/attributes/python.rb new file mode 100644 index 0000000..5d8bcf3 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/attributes/python.rb @@ -0,0 +1,3 @@ +default['python']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/python" +default['python']['version'] = '3.6' +default['python']['pip_requirements_path'] = 'requirements.txt' diff --git a/ops/cookbooks/vendor/t42-common/attributes/redis.rb b/ops/cookbooks/vendor/t42-common/attributes/redis.rb new file mode 100644 index 0000000..ce39b86 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/attributes/redis.rb @@ -0,0 +1 @@ +default['redis']['unix']['path'] = '/var/run/redis/redis.sock' diff --git a/ops/cookbooks/vendor/t42-common/chefignore b/ops/cookbooks/vendor/t42-common/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/ops/cookbooks/vendor/t42-common/metadata.json b/ops/cookbooks/vendor/t42-common/metadata.json new file mode 100644 index 0000000..a7b611c --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/metadata.json @@ -0,0 +1,37 @@ +{ + "name": "t42-common", + "description": "Installs/Configures t42-common", + "long_description": "Installs/Configures t42-common", + "maintainer": "The Authors", + "maintainer_email": "you@example.com", + "license": "All Rights Reserved", + "platforms": { + + }, + "dependencies": { + "nodejs": ">= 0.0.0", + "postgresql": ">= 0.0.0", + "mysql": ">= 0.0.0" + }, + "providing": { + + }, + "recipes": { + + }, + "version": "0.1.5", + "source_url": "", + "issues_url": "", + "privacy": false, + "chef_versions": [ + [ + ">= 13.0" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ] +} diff --git a/ops/cookbooks/vendor/t42-common/metadata.rb b/ops/cookbooks/vendor/t42-common/metadata.rb new file mode 100644 index 0000000..3172552 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/metadata.rb @@ -0,0 +1,24 @@ +name 't42-common' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'All Rights Reserved' +description 'Installs/Configures t42-common' +long_description 'Installs/Configures t42-common' +version '0.1.5' +chef_version '>= 13.0' + +depends 'nodejs' +depends 'postgresql' +depends 'mysql' + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//t42-common/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//t42-common' diff --git a/ops/cookbooks/vendor/t42-common/recipes/apache.rb b/ops/cookbooks/vendor/t42-common/recipes/apache.rb new file mode 100644 index 0000000..38fdc1a --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/apache.rb @@ -0,0 +1,52 @@ +[ + 'apache2', + 'apache2-dev', + 'libapache2-mod-wsgi-py3', +].each do |pkg| + apt_package pkg +end + +file '/etc/apache2/sites-enabled/000-default.conf' do + action :delete +end + +execute 'enable apache mods' do + command 'a2enmod expires' +end + +if node['web']['do_ssl'] + apt_repository 'certbot apt repo' do + uri 'ppa:certbot/certbot' + repo_name 'ppa-certbot' + deb_src true + action :add + end + + apt_update + + [ + 'software-properties-common', + 'certbot', + 'python-certbot-apache', + ].each do |pkg| + apt_package pkg + end + + execute 'apache certbot' do + command "sudo certbot certonly --standalone -d #{node['app']['domain']} --non-interactive --agree-tos --email #{node['web']['admin_email']}" + end +end + +if node['web']['socket.io'] + execute 'enable apache mods' do + command 'a2enmod rewrite; a2enmod proxy_wstunnel; a2enmod proxy_http' + end +end + +template '/etc/apache2/sites-enabled/000-server.conf' do + source 'apache/vhost.conf.erb' +end + +systemd_unit 'apache2.service' do + action :restart +end diff --git a/ops/cookbooks/vendor/t42-common/recipes/mysql.rb b/ops/cookbooks/vendor/t42-common/recipes/mysql.rb new file mode 100644 index 0000000..47c33fd --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/mysql.rb @@ -0,0 +1,21 @@ +mysql_service node['db']['name'] do + # version '5.7' + bind_address '127.0.0.1' + port '3306' + # data_dir '/data' + initial_root_password node['db']['root_password'] + + action [:create, :start] +end + + +bash 'Make mysql Database and User' do + code <<~EOH + mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "CREATE DATABASE #{node['db']['user']} /*\!40100 DEFAULT CHARACTER SET utf8 */;" + mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "CREATE USER #{node['db']['user']}@localhost IDENTIFIED BY '#{node['db']['password']}';" + mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "GRANT ALL PRIVILEGES ON #{node['db']['user']}.* TO '#{node['db']['user']}'@'localhost';" + mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "FLUSH PRIVILEGES;" + + EOH + not_if "mysql -h 127.0.0.1 -uroot -p\"#{node['db']['root_password']}\" -e 'use #{node['db']['name']}'" +end diff --git a/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb b/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb new file mode 100644 index 0000000..a1cd956 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb @@ -0,0 +1,59 @@ +version = { + 8 => { + 'version' => '8.16.0', + 'url' => 'https://nodejs.org/dist/latest-v8.x/node-v8.16.0-linux-x64.tar.gz', + 'checksum' => 'b391450e0fead11f61f119ed26c713180cfe64b363cd945bac229130dfab64fa' + }, + 10 => { + 'version' => '10.15.3', + 'url' => 'https://nodejs.org/dist/latest-v10.x/node-v10.15.3-linux-x64.tar.gz', + 'checksum' => '6c35b85a7cd4188ab7578354277b2b2ca43eacc864a2a16b3669753ec2369d52' + } +} + +unless node['nodejs']['working-dir'][0] == '/' + node.override['nodejs']['working-dir'] = "#{node['working-dir']}/#{node['nodejs']['working-dir']}" +end + +unless node['nodejs']['install_version'] + node.default['nodejs']['install_version'] = 8 +end + +unless version.key?(node['nodejs']['install_version']) + raise <<~EOH + Unsupported NodeJS version #{node['nodejs']['install_version']}. + Supports #{version.keys}. + EOH +end + +set_version = version[node['nodejs']['install_version']] + +node.default['nodejs']['install_method'] = 'binary' +node.default['nodejs']['version'] = set_version['version'].to_str +node.default['nodejs']['binary']['url'] = set_version['url'] +node.default['nodejs']['binary']['checksum'] = set_version['checksum'] + +node.default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node" + +include_recipe "nodejs" + +directory node['nodejs']['env_path'] do + recursive true +end + +file "#{node['nodejs']['env_path']}/package.json" do + owner 'root' + group 'root' + mode 0755 + content ::File.open("#{node['nodejs']['working-dir']}/package.json").read + action :create +end + +execute 'Install NPM package.json' do + cwd node['nodejs']['env_path'] + command "npm --prefix #{node['nodejs']['env_path']} install #{node['nodejs']['env_path']}" +end + +directory "/var/log/node/#{node['app']['name']}" do + recursive true +end diff --git a/ops/cookbooks/vendor/t42-common/recipes/openresty.rb b/ops/cookbooks/vendor/t42-common/recipes/openresty.rb new file mode 100644 index 0000000..bf0d30b --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/openresty.rb @@ -0,0 +1,64 @@ +# apt_repository 'open resty repo' do +# uri 'http://openresty.org/package/ubuntu' +# key 'https://openresty.org/package/pubkey.gpg' +# components ['main'] +# end + +apt_package 'software-properties-common' + +execute 'add key' do + command 'wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -' +end + +execute 'add repo' do + command 'add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"; apt update' +end + +apt_package 'openresty' + +if node['web']['do_ssl'] + apt_package 'luarocks' + + execute 'install lua-resty-auto-ssl' do + command 'luarocks install lua-resty-auto-ssl' + end + + directory '/etc/ssl' do + mode '0755' + action :create + end + + execute 'defualt ssl' do + command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt" + end + + execute 'defualt ssl' do + command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt" + end + + template '/etc/openresty/autossl.conf' do + source 'autossl.conf.erb' + end +end + +template '/etc/openresty/nginx.conf' do + source 'nginx.conf.erb' +end + +directory '/etc/openresty/sites-enabled' do + mode '0755' + action :create +end + +directory '/var/log/nginx/' do + mode '0775' + action :create +end + +template '/etc/openresty/sites-enabled/host.conf' do + source 'host.conf.erb' +end + +systemd_unit 'openresty' do + action :reload +end \ No newline at end of file diff --git a/ops/cookbooks/vendor/t42-common/recipes/php.rb b/ops/cookbooks/vendor/t42-common/recipes/php.rb new file mode 100644 index 0000000..ebb0e80 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/php.rb @@ -0,0 +1,6 @@ +[ + 'php', + 'libapache2-mod-php', +].each do |pkg| + apt_package pkg +end diff --git a/ops/cookbooks/vendor/t42-common/recipes/postgres.rb b/ops/cookbooks/vendor/t42-common/recipes/postgres.rb new file mode 100644 index 0000000..b9853ab --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/postgres.rb @@ -0,0 +1,49 @@ +execute 'add key' do + command 'wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -' +end + +execute 'add repo' do + command 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' +end + + +apt_update 'update' do +end.run_action(:update) if platform_family?('debian') + +postgresql_server_install 'My PostgreSQL Server install' do + initdb_locale 'en_US.utf8' + action :install +end + +postgresql_server_install 'Setup my PostgreSQL 9.6 server' do + initdb_locale 'en_US.utf8' + action :create +end + +postgresql_access 'local_postgres_superuser' do + comment 'Local postgres superuser access' + access_type 'local' + access_db 'all' + access_user 'postgres' + access_addr nil + access_method 'ident' +end + +postgresql_user 'DB user' do + create_user node['db']['user'] + password node['db']['password'] + createrole true +end + +# Hack for creating a database, this cook book is broken with debian... + +execute 'add database' do + command "createdb #{node['db']['name']}" + user 'postgres' + not_if "psql -lqt | grep -w \"#{node['db']['name']}\"", :user => 'postgres' +end + +execute 'Grant DB user' do + command "echo \"grant all privileges on database #{node['db']['name']} to #{node['db']['user']} ;\" | psql" + user 'postgres' +end diff --git a/ops/cookbooks/vendor/t42-common/recipes/python.rb b/ops/cookbooks/vendor/t42-common/recipes/python.rb new file mode 100644 index 0000000..12843b4 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/python.rb @@ -0,0 +1,42 @@ +# +# Cookbook:: django-bakend +# Recipe:: default +# +# Copyright:: 2019, The Authors, All Rights Reserved. + +unless node['python']['working-dir'][0] == '/' + node.override['python']['working-dir'] = "#{node['working-dir']}/#{node['python']['working-dir']}" +end + + +apt_repository 'Python apt repo' do + uri 'ppa:deadsnakes/ppa' + repo_name 'ppa-deadsnakes' + deb_src true + action :add +end + +apt_update + +[ + "python#{node['python']['version']}", + "python#{node['python']['version']}-dev", + "python#{node['python']['version'][0]}-pip", + +].each do |pkg| + apt_package pkg +end + +execute 'Install virtual' do + command "pip#{node['python']['version'][0]} install virtualenv" +end + +bash 'Install python requirements file' do + # user 'root' + # cwd '/mydir' + code <<~EOH + virtualenv #{node['python']['env_path']} + source #{node['python']['env_path']}/bin/activate + pip install -r #{node['python']['working-dir']}/#{node['python']['pip_requirements_path']} + EOH +end diff --git a/ops/cookbooks/vendor/t42-common/recipes/redis.rb b/ops/cookbooks/vendor/t42-common/recipes/redis.rb new file mode 100644 index 0000000..095d7a2 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/recipes/redis.rb @@ -0,0 +1,19 @@ +apt_package 'redis-server' + +template '/etc/redis/local.conf' do + source 'redis/local.conf' +end + +if node['redis']['unix']['perm'] + bash 'append_to_config' do + user 'root' + code <<~EOF + echo "include /etc/redis/local.conf" >> /etc/redis/redis.conf + EOF + not_if 'grep -q "/etc/redis/local.conf" /etc/redis/redis.conf' + end +end + +systemd_unit 'redis-server.service' do + action :restart +end diff --git a/ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb b/ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb new file mode 100644 index 0000000..bab179c --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb @@ -0,0 +1,76 @@ + + ServerName www.<%= node['app']['domain'] %> + Redirect permanent / http://<%= node['app']['domain'] %>/ + + +<% if node['web']['do_ssl'] %> + + ServerName www.<%= node['app']['domain'] %> + Redirect permanent / https://<%= node['app']['domain'] %>/ + + Include /etc/letsencrypt/options-ssl-apache.conf + SSLCertificateFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/privkey.pem + + + + Include /etc/letsencrypt/options-ssl-apache.conf + SSLCertificateFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/privkey.pem + + + SetHandler server-status + Order Deny,Allow + Allow from all + + + + SetHandler server-info + Order Deny,Allow + Allow from all + +<% else %> + +<% end %> + ServerName <%= node['app']['domain'] %> + + + + ExpiresActive On + ExpiresDefault "access plus 1 week" + + + + <% if node['web']['static'] %> + <% node['web']['static'].each do |static| -%> + Alias <%= static['uri'] %> <%= node['working-dir'] %>/<%= static['path'] %> + + <% end -%> + <% end -%> + + <% if node['web']['wsgi'] %> + + WSGIDaemonProcess <%= node['app']['name'] %> python-path=<%= node['python']['working-dir'] %> python-home=<%= node['python']['env_path'] %> + WSGIProcessGroup <%= node['app']['name'] %> + WSGIScriptAlias / <%= node['working-dir'] %>/<%= node['web']['wsgi']['wsgi_path'] %> + + "> + Require all granted + + + <% end %> + + <% if node['web']['socket.io'] %> + + # socket.io conf + RewriteEngine On + RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] + RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] + RewriteRule .* ws://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>%{REQUEST_URI} [P] + RewriteCond %{REQUEST_URI} ^/socket.io/$1/websocket [NC] + RewriteRule socket.io/(.*) ws://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io/$1 [P,L] + ProxyPass /socket.io http://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io + ProxyPassReverse /socket.io http://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io + + <% end %> + diff --git a/ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb b/ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb new file mode 100644 index 0000000..275df72 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb @@ -0,0 +1,17 @@ + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + + ssl_certificate_by_lua_block { + auto_ssl:ssl_certificate() + } + + location /.well-known/acme-challenge/ { + content_by_lua_block { + auto_ssl:challenge_server() + } + } + + ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt; + ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key; + \ No newline at end of file diff --git a/ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb b/ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb new file mode 100644 index 0000000..29e97db --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb @@ -0,0 +1,75 @@ +#user nobody; +worker_processes 4; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + client_max_body_size 4g; + + + lua_shared_dict auto_ssl 100m; + lua_shared_dict auto_ssl_settings 64k; + + resolver 8.8.4.4 8.8.8.8; + + init_by_lua_block { + auto_ssl = (require "resty.auto-ssl").new() + auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis") + auto_ssl:set("allow_domain", function(domain) + return true + end) + auto_ssl:init() + } + + init_worker_by_lua_block { + auto_ssl:init_worker() + } + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server { + listen 127.0.0.1:8999; + + # Increase the body buffer size, to ensure the internal POSTs can always + # parse the full POST contents into memory. + client_body_buffer_size 128k; + client_max_body_size 128k; + + location / { + content_by_lua_block { + auto_ssl:hook_server() + } + } + } + + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + include sites-enabled/*; + +} diff --git a/ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb b/ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb new file mode 100644 index 0000000..6482164 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb @@ -0,0 +1,28 @@ +server { + listen 80; + <% if node['web']['do_ssl'] %> + listen 443 ssl; + <% end %> + server_name <%= node['app']['domain'] %>; + + <% if node['web']['do_ssl'] %> + include autossl.conf; + <% end %> + + proxy_set_header X-Forwarded-For $remote_addr; + + location / { + proxy_pass http://localhost:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + } + + access_log /var/log/nginx/<%= node['app']['name'] %>.access.log; + error_log /var/log/nginx/<%= node['app']['name'] %>.error.log; +} diff --git a/ops/cookbooks/vendor/t42-common/templates/redis/local.conf b/ops/cookbooks/vendor/t42-common/templates/redis/local.conf new file mode 100644 index 0000000..4ed4830 --- /dev/null +++ b/ops/cookbooks/vendor/t42-common/templates/redis/local.conf @@ -0,0 +1,7 @@ +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# + +unixsocket <%= node['redis']['unix']['path'] %> +unixsocketperm <%= node['redis']['unix']['perm'] %> diff --git a/ops/cookbooks/vendor/windows/CHANGELOG.md b/ops/cookbooks/vendor/windows/CHANGELOG.md new file mode 100644 index 0000000..d88694c --- /dev/null +++ b/ops/cookbooks/vendor/windows/CHANGELOG.md @@ -0,0 +1,846 @@ +# windows Cookbook CHANGELOG + +This file is used to list changes made in each version of the windows cookbook. + +## 6.0.0 (2019-04-25) + +### Breaking Changes + +- This cookbook now requires Chef 14 or later. As of April 2019 Chef 13 is EOL. If you are still running Chef 13 we highly suggest you begin your migration. Chef 14 provides a greatly improved Windows experience with built in resources for Windows clients. +- Resources that are built into Chef 14 and later have been removed from this cookbook: + - windows_auto_run + - windows_feature + - windows_font + - windows_pagefile + - windows_printer_port + - windows_printer + - windows_shortcut + +## 5.3.1 (2019-04-25) + +- Resolved failures on Chef 14.11 or later +- Removed OS detectio support in the helpers for Windows 2003 + +## 5.3.0 (2019-03-06) + +- Expanded certificate testing to cover more scenarios - [@Xorima](https://github.com/Xorima) +- Updated windows_share to better compare the current and desired path in order to prevent converging on each Chef run - [@Xorima](https://github.com/Xorima) +- Backported all windows_certificate fixes from Chef 14.8 - 14.11 including improvements to importing the types of certificates that can be imported, suppport for nested certs, and support for importing private keys with certs. + +## 5.2.4 (2019-02-28) + +- Fix http_acl regex to properly capture SDDL - [@Annih](https://github.com/Annih) +- Updated windows_share to create share if the share is deleted, and to sanitize paths using Chef::Util::PathHelper.cleanpath (#607) - [@Xorima](https://github.com/Xorima) + +## 5.3.3 (2019-01-30) + +- Updated windows_certificate code to match that in Chef 14.10. This increases the requirement of the win32_certstore gem to the latest and resolves multiple issues with the previous implementation. + +## 5.2.2 (2018-11-20) + +- windows_share: Accounts to be revoked should be provided as an individually quoted string array + +## 5.2.1 (2018-11-19) + +- windows_share: Fix idempotency by not adding everyone by default + +## 5.2.0 (2018-11-14) + +- Support installing deleted features in windows_feature_dism + +## 5.1.6 (2018-11-13) + +- Add a warning to the readme regarding windows_share and windows_certificate now being included in Chef 14.7 +- Deprecated win_friendly_path helper in favor of built-in helpers + +## 5.1.5 (2018-11-07) + +- Avoid deprecation warnings in windows_share and windows_certificate on Chef 14.7+ as these are now included in the chef-client itself. + +## 5.1.4 (2018-10-30) + +- Note the :verify action for windows_certificate in the readme +- certificate resource: auto set sensitive is passing password + +## 5.1.3 (2018-10-11) + +- Remove docs and test suite for windows tasks +- Changed variable name in log message for retrieving SMB share access +- Don't load the windows helper in windows_certificate + +## 5.1.2 (2018-10-08) + +- Fix typo in windows_feature_dism resource name + +## 5.1.1 (2018-09-06) + +- Require the win32-certstore gem and upgrade the gem as the resource runs so we get the most up to date version +- Remove redundant helper methods from the windows_certificate resource + +## 5.1.0 (2018-08-29) + +- Add an action to windows_user_privilege to remove a privilege +- Fix failing appveyor tests +- Require win32-certstore 0.1.8 which resolves several issues with the windows_certificate resource +- Avoid deprecation warnings with Chef 14.3+ by not loading resources that are now built into Chef + +## 5.0.0 (2018-07-24) + +### Breaking Changes + +This release removes the windows_task and windows_path resources from this cookbook. This resources shipped in Chef 13.0 and 13.4 This raises the required version of chef-client for this cookbook to 13.4 or later. + +## 4.3.4 (2018-07-18) + +- Fix error message typo in windows_feature_powershell +- Use win32-certstore 0.1.7 for bugfixes + +## 4.3.3 (2018-07-05) + +- Fix failures on PS 3.0 in windows_feature_powershell + +## 4.3.2 (2018-06-13) + +- Don't error in windows_feature_dism when providing a source + +## 4.3.1 (2018-06-11) + +- Make sure to quote each individual user to grant share access to + +## 4.3.0 (2018-06-11) + +- Add the windows_user_privilege resource which can grant privileges like Logon As a Service +- Add windows_feature_powershell support for Windows 2008 R2 by not downcasing the feature names there and modifying the shell_out commands to make older output look like the 2012+ output +- windows_certificate resource has been reworked to use the new win32-certstore gem. This gem abstracts away much of the logic and will allow us to better support certificates on Windows, especially on non-english systems. +- Convert pester tests to InSpec for easier testing with ChefDK out of the box +- Added additional tests for better testing in AppVeyor +- Stop importing the servermanager module in windows_feature_powershell since we require PowerShell 3.0 and we don't need to do this there +- Improve the error messages in Windows feature to get the Windows versions right +- Increase readability in version logic with helpers in windows_feature resources + +## 4.2.5 (2018-05-28) + +- Add quoting to Path when creating new Share + +## 4.2.4 (2018-05-14) + +- Fix the platform version check in windows_share + +## 4.2.3 (2018-05-07) + +- Include the helper in the action class to prevent failures with the zipfile resource + +## 4.2.2 (2018-04-24) + +- Properly fail in windows_share on Windows 2008 R2 since we lack the cmdlets to manipulates shares on those systems. + +## 4.2.1 (2018-04-17) + +- Make sure shares can have spaces in the share name + +## 4.2.0 (2018-04-16) + +- Initial rewrite of windows_share to use PowerShell for share creation. This introduces multiple new properties and resolves a good number of longstanding issues. Please be sure to report any issues you see with this so we can stabilize this resource and include it in Chef 15! +- Resolve failures in windows_certificate + +## 4.1.4 (2018-03-29) + +- Raise in windows_feature_powershell if we're on PS < 3.0 + +## 4.1.3 (2018-03-28) + +- Restore support for Windows 2008 R2 in windows_feature_dism + +## 4.1.2 (2018-03-27) + +- Improve creation messaging for shares +- Allow feature names to be case insensitive in windows_feature + +## 4.1.1 (2018-03-23) + +- Simplify delete action slightly in windows_pagefile +- Don't use win_friendly_path helper in windows_pagefile since we already coerce the path value + +## 4.1.0 (2018-03-21) + +- Adds Caching for WIndows Feature Powershell resource using the same sort of logic we use on windows_feature_dism. This gives us a 3.5X speedup when no features need to be changed (subsequent runs after the change) +- Warn if we're on w2k12 and trying to use source/management properties in windows_feature_powershell since that doesn't work. +- Properly parse features into arrays so installing an array of features works in dism/powershell. This is the preferred way to install a number of features and will be faster than a large number of feature resources +- Fix description of properties for pagefile in the readme + +## 4.0.2 (2018-03-20) + +- Enable FC016 testing +- Enable FC059 testing +- Properly calculate available packages if source is passed in windows_feature_dism resource + +## 4.0.1 (2018-03-07) + +Fix the previous update to windows_feature_dism to use 'override' level of attributes not the normal level which persists to the node. Thanks to @Annih for pointing out the mistake here. + +## 4.0.0 (2018-03-05) + +### WARNING + +This release contains a complete rewrite to windows_feature_dism resource and includes several behavior changes to windows_feature resource. Make sure to read the complete list of changes below before deploying this to production systems. + +#### DISM feature caching Ohai plugin replacement + +In the 3.X cookbook we installed an Ohai plugin that cached the state of features on the node, and we reloaded that plugin anytime we installed/removed a feature from the system. This greatly sped up Chef runs where no features were actually installed/removed (2nd run and later). Without the caching each resource would take about 1 second longer while it queried current feature state. Using Ohai to cache this data was problematic though due to incompatibilities with Chef Solo, the reliance on the ohai cookbook, and the addition of extra node data which had to be stored on the Chef Server. + +In the 4.0 release instead of caching data via an Ohai plugin we just write directly to the node within the resource. This avoids the need to load in the ohai plugin and the various issues that come with that. In the end it's basically the exact same thing, but less impacting on end users and faster when the data needs to be updated. + +#### Fail when feature is missing in windows_feature_dism + +The windows_feature_dism resource had a rather un-Chef behavior in which it just warned you if a feature wasn't available on your platform and then continued on silently. This isn't how we handle missing packages in any of our package resource and because of that it's not going to be what anyone expects out of the box. If someone really wants SNMP installed and we can't install it we should fail instead of continuing on as if we did install it. So we'll now do the following things: + +- When installing a feature that doesn't exist: fail +- When removing a feature that doesn't exist: continue since it is technically removed +- When deleting a feature that doesn't exist: continue since it is technically deleted + +For some users, particularly those writing community cookbooks, this is going to be a breaking change. I'd highly recommend putting logic within your cookbooks to only install features on supported releases of Windows. If you'd just like it to continue even with a failure you can also use `ignore_failure true` on your resource although this produces a lot of failure messaging in logs. + +#### Properly support features as an array in windows_feature_dism + +We claimed to support installing features as an array in the windows_feature_dism resource previously, but it didn't actually work. The actual result was a warning that the array of features wasn't available on your platform since we compared the array to available features as if it was a string. We now properly support installation as a array and we do validation on each feature in the array to make sure the features are available on your Windows release. + +#### Install as the default action in windows_feature_powershell + +Due to some previous refactoring the :install action was not the default action for windows_feature_powershell. For all other package resources in Chef install is the default so this would likely lead to some unexpected behavior in cookbooks. This is technically a breaking change, but I suspect everyone assumed :install was always the default. + +#### servermanagercmd.exe Support Removal + +This cookbook previously supported servermanagercmd.exe, which was necessary for feature installation on Windows 2003 / 2008 (not R2) systems. Windows 2003 went full EOL in 2015 and 2008 went into extended support in 2015\. Neither releases are supported platforms for Chef or this cookbook so we've chosen to simplify the code and remove support entirely. + +#### Remove the undocumented node['windows']['rubyzipversion'] attribute + +This attribute was a workaround for a bug in the rubyzip gem YEARS ago that's just not necessary anymore. We also never documented this attribute and a resource shouldn't change behavior based on attributes. + +## 3.5.2 (2018-03-01) + +- Remove value_for_feature_provider helper which wasn't being used and was using deprecated methods +- Add all the Windows Core editions to the version helper +- Simplify / speedup how we find the font directory in windows_font +- Don't bother enabling why-run mode in the resources since it's enabled by default +- Don't include mixlib-shellout in the resources since it's included by default +- Fix installation messaging for windows_feature_powershell to properly show all features being installed +- Use powershell for the share creation / deletion in windows_share. This speeds up the runs and fixes some of the failures. + +## 3.5.1 (2018-02-23) + +- Add a new `shortcut_name` property to `windows_shortcut` +- Use Chef's built in registry_key_exists helper in `windows_printer_port` +- Fix the `source` coerce in `windows_font` + +## 3.5.0 (2018-02-23) + +- Add Windows 2016 to the supported releases in the readme +- Add Windows 10 detection to the version helper +- Remove the Chefspec matchers. These are auto generated by ChefSpec now. If this causes your specs to fail upgrade ChefDK +- In `certificate_binding` support `hostnameport` option if address is a hostname +- Convert several tests to InSpec tests and add additional test scenarios +- Remove `required: true` on the name_properties, which serves no purpose and will be a Foodcritic rule in the next Foodcritic release +- Fix `windows_feature` logging to work when the user provides an array of features +- Don't both coercing a symbol into a symbol in the `windows_auto_run` resource. +- Switch `windows_font` over to the built in path helper in Chef, which a much more robust +- Don't coerce forward slashes to backslashes in the `windows_font` `source` property if the source is a URI +- Add a new `path` property to `windows_pagefile` for properly overriding the resource name +- Coerce backslashes to forward slashes in `windows_pagefile`'s `path` property so we do the right thing even if a user gives bad input +- Add a new `program_name` property in windows_auto_run for overriding the resource name +- Rename `program` property to `path` in windows_auto_run. The legacy name will continue to work, but cookbooks should be updated +- Coerce the `path` property to use backslashes in `windows_auto_run` so it works no matter what format of path the user provides +- Avoid writing out an extra space in `windows_auto_run`'s registry entry when the user doesn't specify an arg +- Added yard comments to many of the helper methods + +## 3.4.4 (2018-01-19) + +- Fix undefined method for 'ipv4_address' in windows_printer_port + +## 3.4.3 (2018-01-04) + +- Added missing parentheses around PersistKeySet flag that was preventing PowerShell from creating X509Certificate2 object + +## 3.4.2 (2018-01-02) + +- Add deprecation warnings for windows_path and windows_task which are now included in Chef 13\. These will be removed from this cookbook in Sept 2018. + +## 3.4.1 (2017-12-06) + +- Fix long-running filtering by replace LIKE with equality sign in the share resource +- Use logical OR instead of AND when trying to detect share permissions changing in the share resource +- Remove extra new_resource.updated_by_last_action in the windows_task resource that resulted in a Foodcritic warning + +## 3.4.0 (2017-11-14) + +- Add a root key property for the auto_run resource +- Fix a resource typo where a name_property was still written name_attribute +- Resolve FC108 warnings + +## 3.3.0 (2017-11-06) + +- Add new dns resource. See readme for examples +- Add BUILTIN\Users to SYSTEM_USERS for windows_task + +## 3.2.0 (2017-10-17) + +- Add management_tools property to windows_feature powershell provider which installs the various management tools +- Fix deprecations_namespace_collisions +- Add additional certificate store names +- Add the ability to define a timeout on windows_feature +- Multiple improvements to the font resource + + - Improved logging, particularly debug logging + - Allow pulling the font from a remote location using remote_file + - Fix some failures in fetching local fonts + - Added a font_name property that allows you specify the local name of the font, which can be different from the name of the chef resource. This allows you to create more friendly resource names for your converge. + - Handle font resources with backslashes in their source + +- Remove source property from servermanagercmd provider as it does not support it. + +- Remove converge_by around inner powershell_script resource to stop it always reporting as changed + +- Change install feature guards to work on Windows 2008r2 + +- Allow dism feature installs to work on non-English systems + +## 3.1.3 (2017-09-18) + +### windows_task and windows_path deprecation + +s of chef-client 13.0+ and 13.4+ windows_task and windows_path are now included in the Chef client. windows_task underwent a full rewrite that greatly improved the functionality and idempotency of the resource. We highly recommend using these new resources by upgrading to Chef 13.4 or later. If you are running these more recent Chef releases the windows_task and windows_path resources within chef-client will take precedence over those in this cookbook. In September 2018 we will release a new major version of this cookbook that removes windows_task and windows_path. + +## 3.1.2 (2017-08-14) + +- Revert "Require path in the share resource instead of raising if it's missing" which was causing failures due to a bug in the chef-client + +## 3.1.1 (2017-06-13) + +- Replace Windows 7 testing with Windows 10 testing +- Expand debug logging in the pagefile resource +- Require path in the share resource instead of raising if it's missing +- Make pagefile properly fail the run if the command fails to run + +## 3.1.0 (2017-05-30) + +- Updated resource documentation for windows_pagefile +- Declare windows_feature as why-runnable +- Remove action_class.class_eval usage and require 12.7+ as class_eval is causing issues with later versions of Chef + +## 3.0.5 (2017-04-07) + +- Add support for windows_task resource to run on non-English editions of Windows +- Ensure chef-client 12.6 compatibility with action_class.class_eval + +## 3.0.4 (2017-03-29) + +- restoring the `cached_file` helper as downstream cookbooks use it. + +## 3.0.3 (2017-03-28) + +- Correct a typo in a Log message + +## 3.0.2 (2017-03-21) + +- Fix `windows_zipfile` resource to properly download and cache the zip archives + +## 3.0.1 (2017-03-17) + +- Fix `windows_share` to be fully idempotent. Fixes #447 + +## 3.0.0 (2017-03-15) + +**Warning** This release includes multiple breaking changes as we refactored all existing resources and resolved many longstanding bugs. We highly recommend exercising caution and fully testing this new version before rolling it out to a production environment. + +### Breaking changes + +- This cookbook now requires Chef 12.6 or later and we highly recommend even more recent Chef 12 releases as they resolve critical Windows bugs and include new Windows specific functionality. +- The windows_package resource has been removed as it is built into chef-client 12.6+ and the built in version is faster / more robust. +- The powershell out helper has been removed as it is now included in chef-client 12.6+ +- The default recipe no longer installs the various Windows rubygems required for non-omnibus chef-client installs. This was a leftover from Chef 10 and is no longer necessary, or desired, as we ship these gems in every Windows chef release. +- windows_feature has been heavily refactored and in doing so the method used to control the underlying providers has changed. You can no longer specify which windows_feature provider to use by setting `node['windows']['feature_provider']` or by setting the `provider` property on the resource itself. Instead you must set `install_method` to specify the correct underlying installation method. You can also now reference the resources directly by using `windows_feature_servermanagercmd`, `windows_feature_powershell` or `windows_feature_dism` instead of `windows_feature` + +- Windows_font's `file` property has been renamed to `name` to avoid collisions with the Chef file resource. + +### Other Changes + +- All LWRPs in this cookbook have been refactored to be custom resources +- windows_path, windows_shortcut, and windows_zipfile have been updated to be idempotent with support for why-run mode and proper notification when the resources actually update +- windows_pagefile now validates the name of the pagefile to avoid cryptic error messages +- A new `share` resource has been added for setting up Windows shares +- TrustedPeople certificate store has been added to the list of allowed store_names in the certificate resources +- version helper constant definitions has been improved +- A new `all` property has been added to the Windows feature resource to install all dependent features. See the windows feature test recipe for usage examples. +- Windows feature now accepts an array of features, which greatly speeds up feature installs and simplifies recipe code +- The path resource now accepts paths with either forward slashes or backslashes and correctly adds the path using Windows style backslash. +- The powershell provider for windows_feature resource has been fixed to properly import ServerManager in the :remove action +- Testing has been switched from a Rakefile to the new Delivery local mode +- Several issues with testing the resources on non-Windows hosts in ChefSpec have been resolved +- A new `source` property has been added to the windows_feature_powershell resource +- Additional test suites have been added to Test Kitchen to cover all resources and those test suites are now being executed in AppVeyer on every PR +- Travis CI testing has been removed and all testing is being performed in AppVeyer + +## 2.1.1 (2016-11-23) + +- Make sure the ohai plugin is available when installing features + +## 2.1.0 (2016-11-22) + +- Reduce expensive executions of dism in windows_feature by using a new Ohai plugin +- Add guard around chef_version metadata for Opsworks and older Chef 12 clients +- Update the rakefile to the latest +- Add deprecation dates for the windows_package and powershell functionality that has been moved to core Chef. These will be removed 4/17 when we release Chef 13 +- Provide helper method to get windows version info +- Allow defining http acl using SDDL + +## 2.0.2 (2016-09-07) + +- Added the powershell_out mixin back to allow for Chef 12.1-12.3 compatibility +- Set the dependency back to Chef 12.1 + +## 2.0.1 (2016-09-07) + +- Clarify the platforms we support in the readme +- Require Chef 12.4 which included powershell_out + +## 2.0.0 (2016-09-07) + +This cookbook now requires Chef 12.1+. Resources (lwrps) that have been moved into the chef-client have been removed from this cookbook. While the functionality in the chef-client is similar, and in many cases improved, the names and properties have changed in some cases. Make sure to check for full documentation on each of these resources, and as usual carefully test your cookbooks before upgrading to this new release. + +### Removed resources and helpers: + +- windows_reboot provider +- windows_batch provider +- windows_registry provider +- Powershell out for only_if / not_if statements +- Windows Architecture Helper +- Reboot handler and the dependency on the chef_handler cookbook + +#### Changes resource behavior + +- For Chef clients 12.6 and later the windows_package provider will no longer be used as windows_package logic is now included in Chef. Chef 12.1 - 12.5.1 clients will continue to default to the windows_package provider in this cookbook for full compatibility. + +#### Additional changes + +- Updated and expanded testing +- Fixed the windows_feature powershell provider to run on Windows 2008 / 2008 R2 +- Added TrustedPublisher as a valid cert store_name +- Updated the certificate_binding resource to respect the app_id property +- Added why-run support to the auto_run resource + +## 1.44.3 (2016-08-16) + +- Remove support for ChefSpec <4.1 in the matchers +- Add missing Chefspec matchers + +## 1.44.2 (2016-08-15) + +- Add missing windows_font matcher +- Add chef_version to the metadata +- Switch from Rubocop to Cookstyle and use our improved Rakefile +- Remove test deps from the Gemfile that are in ChefDK + +## v1.44.1 + +- [PR 375](https://github.com/chef-cookbooks/windows/pull/375) - Fix comparison of string to number in platform_version +- [PR 376](https://github.com/chef-cookbooks/windows/pull/376) - Switch to cookstyle, update gem deps and other minor stuff +- [PR 377](https://github.com/chef-cookbooks/windows/pull/377) - add test and check for feature installation through powershell + +## v1.44.0 + +- [PR 372](https://github.com/chef-cookbooks/windows/pull/372) - Support Server 2008 for feature installs via PowerShell + +## v1.43.0 + +- [PR 369](https://github.com/chef-cookbooks/windows/pull/369) - Add a enable_windows_task matcher + +## v1.42.0 + +- [PR 365](https://github.com/chef-cookbooks/windows/pull/365) - Escape command quotes when passing to schtasks + +## v1.41.0 + +- [PR 364](https://github.com/chef-cookbooks/windows/pull/364) - Configurable font source + +## v1.40.0 + +- [PR 357](https://github.com/chef-cookbooks/windows/pull/357) - Fixes for schtasks +- [PR 359](https://github.com/chef-cookbooks/windows/pull/359) - take bundler out of the appveyor build +- [PR 356](https://github.com/chef-cookbooks/windows/pull/356) - Misc fixes and updates +- [PR 355](https://github.com/chef-cookbooks/windows/pull/355) - bump and pin rubocop, fix broken cop +- [PR 348](https://github.com/chef-cookbooks/windows/pull/348) - Make notify work for `windows_task` + +## v1.39.2 + +- [PR 329](https://github.com/chef-cookbooks/windows/pull/329) - Silence `compile_time` warning for `chef_gem` +- [PR 338](https://github.com/chef-cookbooks/windows/pull/338) - ChefSpec matchers for `windows_certificate` +- [PR 341](https://github.com/chef-cookbooks/windows/pull/341) - Updated rubocop and FoodCritic compliance +- [PR 336](https://github.com/chef-cookbooks/windows/pull/336) - Fixed where clause compliance with PS v1/v2 + +## v1.39.1 + +- [PR 325](https://github.com/chef-cookbooks/windows/pull/325) - Raise an error if a bogus feature is given to the powershell `windows_feature` provider +- [PR 326](https://github.com/chef-cookbooks/windows/pull/326) - Fix `windows_font` and copy the font file before installation + +## v1.39.0 + +- [PR 305](https://github.com/chef-cookbooks/windows/pull/305) - Added `months` attribute to `windows_task` and allow `frequency_modifier` to accept values 'FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', and 'LASTDAY' for monthly frequency +- [PR 310](https://github.com/chef-cookbooks/windows/pull/310) - Fix `windows_task` breaks when there is a space in the user name +- [PR 314](https://github.com/chef-cookbooks/windows/pull/314) - fixes reboot handling on some chef versions below 11.12 +- [PR 317](https://github.com/chef-cookbooks/windows/pull/317) - Adds a `disable_windows_task` matcher +- [PR 311](https://github.com/chef-cookbooks/windows/pull/311) - Implements the `cwd` attribute of `windows_task` +- [PR 318](https://github.com/chef-cookbooks/windows/pull/318) - Use dsl instead of manual resource instanciation +- [PR 303](https://github.com/chef-cookbooks/windows/pull/303) - Fix `http_acl` idempotency when user name contains a space +- [PR 257](https://github.com/chef-cookbooks/windows/pull/257) - Speed up windows_feature dism provider +- [PR 319](https://github.com/chef-cookbooks/windows/pull/319) - Add a `.kitchen.cloud.yml` for kitchen testing on Azure +- [PR 315](https://github.com/chef-cookbooks/windows/pull/315) - Deprecate `windows_package` and forward to `Chef::Provider::Package::Windows` when running 12.6 or higher + +## v1.38.4 + +- [PR 295](https://github.com/chef-cookbooks/windows/pull/295) - Escape `http_acl` username +- [PR 293](https://github.com/chef-cookbooks/windows/pull/293) - Separating assignments to `code_script` and `guard_script` as they should be different scripts and not hold the same reference +- [Issue 298](https://github.com/chef-cookbooks/windows/issues/298) - `windows_certificate_binding` is ignoring `store_name` attribute and always saving to `MY` +- [Issue 296](https://github.com/chef-cookbooks/windows/pull/302) - Fixes `windows_certificate` idempotentcy on chef 11 clients + +## v1.38.3 + +- Make `windows_task` resource idempotent (double quotes need to be single when comparing) +- [Issue 245](https://github.com/chef-cookbooks/windows/issues/256) - Fix `No resource, method, or local variable named`password' for `Chef::Provider::WindowsTask'` when `interactive_enabled` is `true` + +## v1.38.2 + +- Lazy-load windows-pr gem library files. Chef 12.5 no longer includes the windows-pr gem. Earlier versions of this cookbook will not compile on Chef 12.5. + +## v1.38.1 (2015-07-28) + +- Publishing without extended metadata + +## v1.38.0 (2015-07-27) + +- Do not set new_resource.password to nil, Fixes #219, Fixes #220 +- Add `windows_certificate` resource #212 +- Add `windows_http_acl` resource #214 + +## v1.37.0 (2015-05-14) + +- fix `windows_package` `Chef.set_resource_priority_array` warning +- update `windows_task` to support tasks in folders +- fix `windows_task` delete action +- replace `windows_task` name attribute with 'task_name' +- add :end action to 'windows_task' +- Tasks created with the `windows_task` resource default to the SYSTEM account +- The force attribute for `windows_task` makes the :create action update the definition. +- `windows_task` :create action will force an update of the task if the user or command differs from the currently configured setting. +- add default provider for `windows_feature` +- add a helper to make sure `WindowsRebootHandler` works in ChefSpec +- added a source and issues url to the metadata for Supermarket +- updated the Gemfile and .kitchen.yml to reflect the latest test-kitchen windows guest support +- started tests using the kitchen-pester verifier + +## v1.36.6 (2014-12-18) + +- reverting all chef_gem compile_time work + +## v1.36.5 (2014-12-18) + +- Fix zipfile provider + +## v1.36.4 (2014-12-18) + +- Fix Chef chef_gem with Chef::Resource::ChefGem.method_defined?(:compile_time) + +## v1.36.3 (2014-12-18) + +- Fix Chef chef_gem below 12.1.0 + +## v1.36.2 (2014-12-17) + +- Being explicit about usage of the chef_gem's compile_time property. +- Eliminating future deprecation warnings in Chef 12.1.0 + +## v1.36.1 (2014-12-17) + +- [PR 160](https://github.com/chef-cookbooks/windows/pull/160) - Fix Chef 11.10 / versions without windows_package in core + +## v1.36.0 (2014-12-16) + +- [PR 145](https://github.com/chef-cookbooks/windows/pull/145) - do not fail on non-existant task +- [PR 144](https://github.com/chef-cookbooks/windows/pull/144) - Add a zip example to the README +- [PR 110](https://github.com/chef-cookbooks/windows/pull/110) - More zip documentation +- [PR 148](https://github.com/chef-cookbooks/windows/pull/148) - Add an LWRP for font installation +- [PR 151](https://github.com/chef-cookbooks/windows/pull/151) - Fix windows_package on Chef 12, add integration tests +- [PR 129](https://github.com/chef-cookbooks/windows/pull/129) - Add enable/disable actions to task LWRP +- [PR 115](https://github.com/chef-cookbooks/windows/pull/115) - require Chef::Mixin::PowershellOut before using it +- [PR 88](https://github.com/chef-cookbooks/windows/pull/88) - Code 1003 from servermanagercmd.exe is valid + +## v1.34.8 (2014-10-31) + +- [Issue 137](https://github.com/chef-cookbooks/windows/issues/137) - windows_path resource breaks with ruby 2.x + +## v1.34.6 (2014-09-22) + +- [Chef-2009](https://github.com/chef/chef/issues/2009) - Patch to work around a regression in [Chef](https://github.com/chef/chef) + +## v1.34.2 (2014-08-12) + +- [Issue 99](https://github.com/chef-cookbooks/windows/issues/99) - Remove rubygems / Internet wmi-lite dependency (PR #108) + +## v1.34.0 (2014-08-04) + +- [Issue 99](https://github.com/chef-cookbooks/windows/issues/99) - Use wmi-lite to fix Chef 11.14.2 break in rdp-ruby-wmi dependency + +## v1.32.1 (2014-07-15) + +- Fixes broken cookbook release + +## v1.32.0 (2014-07-11) + +- Add ChefSpec resource methods to allow notification testing (@sneal) +- Add use_inline_resources to providers (@micgo) +- [COOK-4728] - Allow reboot handler to be used as an exception handler +- [COOK-4620] - Ensure win_friendly_path doesn't error out when ALT_SEPARATOR is nil + +## v1.31.0 (2014-05-07) + +- [COOK-2934] - Add windows_feature support for 2 new DISM attributes: all, source + +## v1.30.2 (2014-04-02) + +- [COOK-4414] - Adding ChefSpec matchers + +## v1.30.0 (2014-02-14) + +- [COOK-3715] - Unable to create a startup task with no login +- [COOK-4188] - Add powershell_version method to return Powershell version + +## v1.12.8 (2014-01-21) + +- [COOK-3988] Don't unescape URI before constructing it. + +## v1.12.6 (2014-01-03) + +- [COOK-4168] Circular dep on powershell - moving powershell libraries into windows. removing dependency on powershell + +## v1.12.4 + +Fixing depend/depends typo in metadata.rb + +## v1.12.2 + +### Bug + +- **[COOK-4110](https://tickets.chef.io/browse/COOK-4110)** - feature_servermanager installed? method regex bug + +## v1.12.0 + +### Bug + +- **[COOK-3793](https://tickets.chef.io/browse/COOK-3793)** - parens inside parens of README.md don't render + +### New Feature + +- **[COOK-3714](https://tickets.chef.io/browse/COOK-3714)** - Powershell features provider and delete support. + +## v1.11.0 + +### Improvement + +- **[COOK-3724](https://tickets.chef.io/browse/COOK-3724)** - Rrecommend built-in resources over cookbook resources +- **[COOK-3515](https://tickets.chef.io/browse/COOK-3515)** - Remove unprofessional comment from library +- **[COOK-3455](https://tickets.chef.io/browse/COOK-3455)** - Add Windows Server 2012R2 to windows cookbook version helper + +### Bug + +- **[COOK-3542](https://tickets.chef.io/browse/COOK-3542)** - Fix an issue where `windows_zipfile` fails with LoadError +- **[COOK-3447](https://tickets.chef.io/browse/COOK-3447)** - Allow Overriding Of The Default Reboot Timeout In windows_reboot_handler +- **[COOK-3382](https://tickets.chef.io/browse/COOK-3382)** - Allow windows_task to create `on_logon` tasks +- **[COOK-2098](https://tickets.chef.io/browse/COOK-2098)** - Fix and issue where the `windows_reboot` handler is ignoring the reboot time + +### New Feature + +- **[COOK-3458](https://tickets.chef.io/browse/COOK-3458)** - Add support for `start_date` and `start_time` in `windows_task` + +## v1.10.0 + +### Improvement + +- [COOK-3126]: `windows_task` should support the on start frequency +- [COOK-3127]: Support the force option on task create and delete + +## v1.9.0 + +### Bug + +- [COOK-2899]: windows_feature fails when a feature install requires a reboot +- [COOK-2914]: Foodcritic failures in Cookbooks +- [COOK-2983]: windows cookbook has foodcritic failures + +### Improvement + +- [COOK-2686]: Add Windows Server 2012 to version.rb so other depending chef scripts can detect Windows Server 2012 + +## v1.8.10 + +When using Windows qualified filepaths (C:/foo), the #absolute? method for URI returns true, because "C" is the scheme. + +This change checks that the URI is http or https scheme, so it can be passed off to remote_file appropriately. + +- [COOK-2729] - allow only http, https URI schemes + +## v1.8.8 + +- [COOK-2729] - helper should use URI rather than regex and bare string + +## v1.8.6 + +- [COOK-968] - `windows_package` provider should gracefully handle paths with spaces +- [COOK-222] - `windows_task` resource does not declare :change action +- [COOK-241] - Windows cookbook should check for redefined constants +- [COOK-248] - Windows package install type is case sensitive + +## v1.8.4 + +- [COOK-2336] - MSI That requires reboot returns with RC 3010 and causes chef run failure +- [COOK-2368] - `version` attribute of the `windows_package` provider should be documented + +## v1.8.2 + +**Important**: Use powershell in nodes expanded run lists to ensure powershell is downloaded, as powershell has a dependency on this cookbook; v1.8.0 created a circular dependency. + +- [COOK-2301] - windows 1.8.0 has circular dependency on powershell + +## v1.8.0 + +- [COOK-2126] - Add checksum attribute to `windows_zipfile` +- [COOK-2142] - Add printer and `printer_port` LWRPs +- [COOK-2149] - Chef::Log.debug Windows Package command line +- [COOK-2155] -`windows_package` does not send checksum to `cached_file` in `installer_type` + +## v1.7.0 + +- [COOK-1745] - allow for newer versions of rubyzip + +## v1.6.0 + +- [COOK-2048] - undefined method for Falseclass on task :change when action is :nothing (and task doesn't exist) +- [COOK-2049] - Add `windows_pagefile` resource + +## v1.5.0 + +- [COOK-1251] - Fix LWRP "NotImplementedError" +- [COOK-1921] - Task LWRP will return true for resource exists when no other scheduled tasks exist +- [COOK-1932] - Include :change functionality to windows task lwrp + +## v1.4.0: + +- [COOK-1571] - `windows_package` resource (with msi provider) does not accept spaces in filename +- [COOK-1581] - Windows cookbook needs a scheduled tasks LWRP +- [COOK-1584] - `windows_registry` should support all registry types + +## v1.3.4 + +- [COOK-1173] - `windows_registry` throws Win32::Registry::Error for action :remove on a nonexistent key +- [COOK-1182] - windows package sets start window title instead of quoting a path +- [COOK-1476] - zipfile lwrp should support :zip action +- [COOK-1485] - package resource fails to perform install correctly when "source" contains quote +- [COOK-1519] - add action :remove for path lwrp + +## v1.3.2 + +- [COOK-1033] - remove the `libraries/ruby_19_patches.rb` file which causes havoc on non-Windows systems. +- [COOK-811] - add a timeout parameter attribute for `windows_package` + +## v1.3.0 + +- [COOK-1323] - Update for changes in Chef 0.10.10. + + - Setting file mode doesn't make sense on Windows (package provider + - and `reboot_handler` recipe) + - Prefix ::Win32 to avoid namespace collision with Chef::Win32 + - (`registry_helper` library) + - Use chef_gem instead of gem_package so gems get installed correctly under the Ruby environment Chef runs in (reboot_handler recipe, zipfile provider) + +## v1.2.12 + +- [COOK-1037] - specify version for rubyzip gem +- [COOK-1007] - `windows_feature` does not work to remove features with dism +- [COOK-667] - shortcut resource + provider for Windows platforms + +## v1.2.10 + +- [COOK-939] - add `type` parameter to `windows_registry` to allow binary registry keys. +- [COOK-940] - refactor logic so multiple values get created. + +## v1.2.8 + +- FIX: Older Windows (Windows Server 2003) sometimes return 127 on successful forked commands +- FIX: `windows_package`, ensure we pass the WOW* registry redirection flags into reg.open + +## v1.2.6 + +- patch to fix [CHEF-2684], Open4 is named Open3 in Ruby 1.9 +- Ruby 1.9's Open3 returns 0 and 42 for successful commands +- retry keyword can only be used in a rescue block in Ruby 1.9 + +## v1.2.4 + +- `windows_package` - catch Win32::Registry::Error that pops up when searching certain keys + +## v1.2.2 + +- combined numerous helper libarires for easier sharing across libaries/LWRPs +- renamed Chef::Provider::WindowsFeature::Base file to the more descriptive `feature_base.rb` +- refactored `windows_path` LWRP + + - :add action should MODIFY the the underlying ENV variable (vs CREATE) + - deleted greedy :remove action until it could be made more idempotent + +- added a `windows_batch` resource/provider for running batch scripts remotely + +## v1.2.0 + +- [COOK-745] gracefully handle required server restarts on Windows platform + + - WindowsRebootHandler for requested and pending reboots + - `windows_reboot` LWRP for requesting (receiving notifies) reboots + - `reboot_handler` recipe for enabling WindowsRebootHandler as a report handler + +- [COOK-714] Correct initialize misspelling + +- RegistryHelper - new `get_values` method which returns all values for a particular key. + +## v1.0.8 + +- [COOK-719] resource/provider for managing windows features +- [COOK-717] remove `windows_env_vars` resource as env resource exists in core chef +- new `Windows::Version` helper class +- refactored `Windows::Helper` mixin + +## v1.0.6 + +- added `force_modify` action to `windows_registry` resource +- add `win_friendly_path` helper +- re-purpose default recipe to install useful supporting windows related gems + +## v1.0.4 + +- [COOK-700] new resources and improvements to the `windows_registry` provider (thanks Paul Morton!) + + - Open the registry in the bitednes of the OS + - Provide convenience methods to check if keys and values exit + - Provide convenience method for reading registry values + - NEW - `windows_auto_run` resource/provider + - NEW - `windows_env_vars` resource/provider + - NEW - `windows_path` resource/provider + +- re-write of the `windows_package` logic for determining current installed packages + +- new checksum attribute for `windows_package` resource...useful for remote packages + +## v1.0.2 + +- [COOK-647] account for Wow6432Node registry redirecter +- [COOK-656] begin/rescue on win32/registry + +## v1.0.0 + +- [COOK-612] initial release diff --git a/ops/cookbooks/vendor/windows/CONTRIBUTING.md b/ops/cookbooks/vendor/windows/CONTRIBUTING.md new file mode 100644 index 0000000..ef2f2b8 --- /dev/null +++ b/ops/cookbooks/vendor/windows/CONTRIBUTING.md @@ -0,0 +1,2 @@ +Please refer to +https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/ops/cookbooks/vendor/windows/README.md b/ops/cookbooks/vendor/windows/README.md new file mode 100644 index 0000000..b849fbf --- /dev/null +++ b/ops/cookbooks/vendor/windows/README.md @@ -0,0 +1,517 @@ +# Windows Cookbook + +[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows) + +Provides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform. + +## Requirements + +### Platforms + +- Windows 7 +- Windows Server 2008 R2 +- Windows 8, 8.1 +- Windows Server 2012 (R1, R2) +- Windows Server 2016 + +### Chef + +- Chef 14+ + +## Resources + +### Deprecated Resources Note + +As of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources. + +### windows_certificate + +`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource. + +Installs a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work. + +#### Actions + +- `:create` - creates or updates a certificate. +- `:delete` - deletes a certificate. +- `:acl_add` - adds read-only entries to a certificate's private key ACL. +- `:verify` - logs whether or not a certificate is valid + +#### Properties + +- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete). +- `pfx_password` - the password to access the source if it is a pfx file. +- `private_key_acl` - array of 'domain\account' entries to be granted read-only access to the certificate's private key. This is not idempotent. +- `store_name` - the certificate store to manipulate. One of: + - MY (Personal) + - CA (Intermediate Certification Authorities) + - ROOT (Trusted Root Certification Authorities) + - TRUSTEDPUBLISHER (Trusted Publishers) + - CLIENTAUTHISSUER (Client Authentication Issuers) + - REMOTE DESKTOP (Remote Desktop) + - TRUSTEDDEVICES (Trusted Devices) + - WEBHOSTING (Web Hosting) + - AUTHROOT (Third-Party Root Certification Authorities) + - TRUSTEDPEOPLE (Trusted People) + - SMARTCARDROOT (Smart Card Trusted Roots) + - TRUST (Enterprise Trust) + - DISALLOWED (Untrusted Certificates) +- `user_store` - if false (default) then use the local machine store; if true then use the current user's store. + +#### Examples + +```ruby +# Add PFX cert to local machine personal store and grant accounts read-only access to private key +windows_certificate "c:/test/mycert.pfx" do + pfx_password "password" + private_key_acl ["acme\fred", "pc\jane"] +end +``` + +```ruby +# Add cert to trusted intermediate store +windows_certificate "c:/test/mycert.cer" do + store_name "CA" +end +``` + +```ruby +# Remove all certificates matching the subject +windows_certificate "me.acme.com" do + action :delete +end +``` + +### windows_certificate_binding + +Binds a certificate to an HTTP port in order to enable TLS communication. + +#### Actions + +- `:create` - creates or updates a binding. +- `:delete` - deletes a binding. + +#### Properties + +- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound. +- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash. +- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of: + - IP v4 address `1.2.3.4` + - IP v6 address `[::1]` + - Host name `www.foo.com` +- `port` - the port to bind against. Default is 443. +- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS. +- `store_name` - the store to locate the certificate in. One of: + - MY (Personal) + - CA (Intermediate Certification Authorities) + - ROOT (Trusted Root Certification Authorities) + - TRUSTEDPUBLISHER (Trusted Publishers) + - CLIENTAUTHISSUER (Client Authentication Issuers) + - REMOTE DESKTOP (Remote Desktop) + - TRUSTEDDEVICES (Trusted Devices) + - WEBHOSTING (Web Hosting) + - AUTHROOT (Third-Party Root Certification Authorities) + - TRUSTEDPEOPLE (Trusted People) + - SMARTCARDROOT (Smart Card Trusted Roots) + - TRUST (Enterprise Trust) + +#### Examples + +```ruby +# Bind the first certificate matching the subject to the default TLS port +windows_certificate_binding "me.acme.com" do +end +``` + +```ruby +# Bind a cert from the CA store with the given hash to port 4334 +windows_certificate_binding "me.acme.com" do + cert_name "d234567890a23f567c901e345bc8901d34567890" + name_kind :hash + store_name "CA" + port 4334 +end +``` + +### windows_dns + +Configures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools. + +#### Actions + +- :create: creates/updates the DNS entry +- :delete: deletes the DNS entry + +#### Properties + +- host_name: name attribute. FQDN of the entry to act on. +- dns_server: the DNS server to update. Default is local machine (.) +- record_type: the type of record to create. One of A (default) or CNAME +- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias +- ttl: if > 0 then set the time to live of the record + +#### Examples + +```ruby +# Create A record linked to 2 addresses with a 10 minute ttl +windows_dns "m1.chef.test" do + target ['10.9.8.7', '1.2.3.4'] + ttl 600 +end +``` + +```ruby +# Delete records. target is mandatory although not used +windows_dns "m1.chef.test" do + action :delete + target [] +end +``` + +```ruby +# Set an alias against the node in a role +nodes = search( :node, "role:my_service" ) +windows_dns "myservice.chef.test" do + record_type 'CNAME' + target nodes[0]['fqdn'] +end +``` + +### windows_http_acl + +Sets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints. + +#### Actions + +- `:create` - creates or updates the ACL for a URL. +- `:delete` - deletes the ACL from a URL. + +#### Properties + +- `url` - the name of the url to be created/deleted. +- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`. +- `user` - the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist. + +#### Examples + +```ruby +windows_http_acl 'http://+:50051/' do + user 'pc\\fred' +end +``` + +```ruby +# Grant access to users "NT SERVICE\WinRM" and "NT SERVICE\Wecsvc" via sddl +windows_http_acl 'http://+:5985/' do + sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)' +end +``` + +```ruby +windows_http_acl 'http://+:50051/' do + action :delete +end +``` + +### windows_share + +`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource. + +Creates, modifies and removes Windows shares. All properties are idempotent. + +`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8. + +#### Actions + +- `:create`: creates/modifies a share +- `:delete`: deletes a share + +#### Properties + +property | type | default | description +------------------------ | ---------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- +`share_name` | String | resource name | the share to assign to the share +`path` | String | | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created. +`description` | String | | description to be applied to the share +`full_users` | Array | [] | users which should have "Full control" permissions +`change_users` | Array | [] | Users are granted modify permission to access the share. +`read_users` | Array | [] | users which should have "Read" permissions +`temporary` | True/False | false | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer +`scope_name` | String | '*' | The scope name of the share. +`ca_timeout` | Integer | 0 | The continuous availability time-out for the share. +`continuously_available` | True/False | false | Indicates that the share is continuously available. +`concurrent_user_limit` | Integer | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate +`encrypt_data` | True/False | false | Indicates that the share is encrypted. + +#### Examples + +```ruby +windows_share "foo" do + action :create + path "C:\\foo" + full_users ["DOMAIN_A\\some_user", "DOMAIN_B\\some_other_user"] + read_users ["DOMAIN_C\\Domain users"] +end +``` + +```ruby +windows_share "foo" do + action :delete +end +``` + +### windows_user_privilege + +Adds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`). + +#### Actions + +- `:add` - add the specified privileges to the `principal` +- `:remove` - remove the specified privilege of the `principal` + +#### Properties + +- `principal` - Name attribute, Required, String. The user or group to be granted privileges. +- `privilege` - Required, String/Array. The privilege(s) to be granted. + +#### Examples + +Grant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege. + +```ruby +windows_user_privilege 'Administrator' do + privilege %w(SeBatchLogonRight SeServiceLogonRight) +end +``` + +Remove `Logon as a batch job` privilege of Administrator. + +```ruby +windows_user_privilege 'Administrator' do + privilege %w(SeBatchLogonRight) + action :remove +end +``` + +#### Available Privileges + +``` +SeTrustedCredManAccessPrivilege Access Credential Manager as a trusted caller +SeNetworkLogonRight Access this computer from the network +SeTcbPrivilege Act as part of the operating system +SeMachineAccountPrivilege Add workstations to domain +SeIncreaseQuotaPrivilege Adjust memory quotas for a process +SeInteractiveLogonRight Allow log on locally +SeRemoteInteractiveLogonRight Allow log on through Remote Desktop Services +SeBackupPrivilege Back up files and directories +SeChangeNotifyPrivilege Bypass traverse checking +SeSystemtimePrivilege Change the system time +SeTimeZonePrivilege Change the time zone +SeCreatePagefilePrivilege Create a pagefile +SeCreateTokenPrivilege Create a token object +SeCreateGlobalPrivilege Create global objects +SeCreatePermanentPrivilege Create permanent shared objects +SeCreateSymbolicLinkPrivilege Create symbolic links +SeDebugPrivilege Debug programs +SeDenyNetworkLogonRight Deny access this computer from the network +SeDenyBatchLogonRight Deny log on as a batch job +SeDenyServiceLogonRight Deny log on as a service +SeDenyInteractiveLogonRight Deny log on locally +SeDenyRemoteInteractiveLogonRight Deny log on through Remote Desktop Services +SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation +SeRemoteShutdownPrivilege Force shutdown from a remote system +SeAuditPrivilege Generate security audits +SeImpersonatePrivilege Impersonate a client after authentication +SeIncreaseWorkingSetPrivilege Increase a process working set +SeIncreaseBasePriorityPrivilege Increase scheduling priority +SeLoadDriverPrivilege Load and unload device drivers +SeLockMemoryPrivilege Lock pages in memory +SeBatchLogonRight Log on as a batch job +SeServiceLogonRight Log on as a service +SeSecurityPrivilege Manage auditing and security log +SeRelabelPrivilege Modify an object label +SeSystemEnvironmentPrivilege Modify firmware environment values +SeManageVolumePrivilege Perform volume maintenance tasks +SeProfileSingleProcessPrivilege Profile single process +SeSystemProfilePrivilege Profile system performance +SeUnsolicitedInputPrivilege "Read unsolicited input from a terminal device" +SeUndockPrivilege Remove computer from docking station +SeAssignPrimaryTokenPrivilege Replace a process level token +SeRestorePrivilege Restore files and directories +SeShutdownPrivilege Shut down the system +SeSyncAgentPrivilege Synchronize directory service data +SeTakeOwnershipPrivilege Take ownership of files or other objects +``` + +### windows_zipfile + +Most version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run. + +#### Actions + +- `:unzip` - unzip a compressed file +- `:zip` - zip a directory (recursively) + +#### Properties + +- `path` - name attribute. The path where files will be (un)zipped to. +- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip. +- `overwrite` - force an overwrite of the files if they already exist. +- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it. + +#### Examples + +Unzip a remote zip file locally + +```ruby +windows_zipfile 'c:/bin' do + source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip' + action :unzip + not_if {::File.exists?('c:/bin/PsExec.exe')} +end +``` + +Unzip a local zipfile + +```ruby +windows_zipfile 'c:/the_codez' do + source 'c:/foo/baz/the_codez.zip' + action :unzip +end +``` + +Create a local zipfile + +```ruby +windows_zipfile 'c:/foo/baz/the_codez.zip' do + source 'c:/the_codez' + action :zip +end +``` + +## Libraries + +### WindowsHelper + +Helper that allows you to use helpful functions in windows + +#### installed_packages + +Returns a hash of all DisplayNames installed + +```ruby +# usage in a recipe +::Chef::Recipe.send(:include, Windows::Helper) +hash_of_installed_packages = installed_packages +``` + +#### is_package_installed? + +- `package_name` - The name of the package you want to query to see if it is installed +- `returns` - true if the package is installed, false if it the package is not installed + +Download a file if a package isn't installed + +```ruby +# usage in a recipe to not download a file if package is already installed +::Chef::Recipe.send(:include, Windows::Helper) +is_win_sdk_installed = is_package_installed?('Windows Software Development Kit') + +remote_file 'C:\windows\temp\windows_sdk.zip' do + source 'http://url_to_download/windows_sdk.zip' + action :create_if_missing + not_if {is_win_sdk_installed} +end +``` + +Do something if a package is installed + +```ruby +# usage in a provider +include Windows::Helper +if is_package_installed?('Windows Software Development Kit') + # do something if package is installed +end +``` + +### Windows::VersionHelper + +Helper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux. + +#### core_version? + +Determines whether given node is running on a windows Core. + +```ruby +if ::Windows::VersionHelper.core_version? node + fail 'Windows Core is not supported' +end +``` + +#### workstation_version? + +Determines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10) + +```ruby +if ::Windows::VersionHelper.workstation_version? node + fail 'Only server version of windows are supported' +end +``` + +#### server_version? + +Determines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016) + +```ruby +if ::Windows::VersionHelper.server_version? node + puts 'Server version of windows are cool' +end +``` + +#### nt_version + +Determines NT version of the given node + +```ruby +case ::Windows::VersionHelper.nt_version node + when '6.0' then 'Windows vista or Server 2008' + when '6.1' then 'Windows 7 or Server 2008R2' + when '6.2' then 'Windows 8 or Server 2012' + when '6.3' then 'Windows 8.1 or Server 2012R2' + when '10.0' then 'Windows 10' +end +``` + +## Usage + +Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook. + +```ruby +depends 'windows' +``` + +## License & Authors + +- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io)) +- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com)) +- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com)) +- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com)) + +```text +Copyright 2011-2018, Chef Software, Inc. +Copyright 2010, VMware, Inc. +Copyright 2011, Business Intelligence Associates, Inc +Copyright 2012, Nordstrom, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/ops/cookbooks/vendor/windows/libraries/powershell_helper.rb b/ops/cookbooks/vendor/windows/libraries/powershell_helper.rb new file mode 100644 index 0000000..be021a3 --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/powershell_helper.rb @@ -0,0 +1,53 @@ +# +# Author:: Seth Chisamore () +# Cookbook:: windows +# Library:: powershell_helper +# +# Copyright:: 2011-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/shell_out' + +module Powershell + module Helper + include Chef::Mixin::ShellOut + + def powershell_installed? + !powershell_version.nil? + end + + def interpreter + # force 64-bit powershell from 32-bit ruby process + if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe") + "#{ENV['WINDIR']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe" + elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe") + "#{ENV['WINDIR']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe" + else + 'powershell.exe' + end + end + + def powershell_version + cmd = shell_out("#{interpreter} -InputFormat none -Command \"& echo $PSVersionTable.psversion.major\"") + if cmd.stdout.empty? # PowerShell 1.0 doesn't have a $PSVersionTable + 1 + else + Regexp.last_match(1).to_i if cmd.stdout =~ /^(\d+)/ + end + rescue Errno::ENOENT + nil + end + end +end diff --git a/ops/cookbooks/vendor/windows/libraries/registry_helper.rb b/ops/cookbooks/vendor/windows/libraries/registry_helper.rb new file mode 100644 index 0000000..3ca2254 --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/registry_helper.rb @@ -0,0 +1,356 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Author:: Paul Morton () +# Cookbook:: windows +# Library:: registry_helper +# +# Copyright:: 2010-2017, VMware, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. +# Copyright:: 2011-2017, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'win32/registry' + require_relative 'wmi_helper' +end + +module Windows + module RegistryHelper + @@native_registry_constant = if ENV['PROCESSOR_ARCHITECTURE'] == 'AMD64' || + ENV['PROCESSOR_ARCHITEW6432'] == 'AMD64' + 0x0100 + else + 0x0200 + end + + def get_hive_name(path) + Chef::Log.debug('Resolving registry shortcuts to full names') + + reg_path = path.split('\\') + hive_name = reg_path.shift + + hkey = { + 'HKLM' => 'HKEY_LOCAL_MACHINE', + 'HKCU' => 'HKEY_CURRENT_USER', + 'HKU' => 'HKEY_USERS', + }[hive_name] || hive_name + + Chef::Log.debug("Hive resolved to #{hkey}") + hkey + end + + def get_hive(path) + Chef::Log.debug("Getting hive for #{path}") + reg_path = path.split('\\') + hive_name = reg_path.shift + + hkey = get_hive_name(path) + + hive = { + 'HKEY_LOCAL_MACHINE' => ::Win32::Registry::HKEY_LOCAL_MACHINE, + 'HKEY_USERS' => ::Win32::Registry::HKEY_USERS, + 'HKEY_CURRENT_USER' => ::Win32::Registry::HKEY_CURRENT_USER, + }[hkey] + + unless hive + Chef::Application.fatal!("Unsupported registry hive '#{hive_name}'") + end + + Chef::Log.debug("Registry hive resolved to #{hkey}") + hive + end + + def unload_hive(path) + hive = get_hive(path) + if hive == ::Win32::Registry::HKEY_USERS + reg_path = path.split('\\') + priv = Chef::WindowsPrivileged.new + begin + priv.reg_unload_key(reg_path[1]) + rescue + end + end + end + + def set_value(mode, path, values, type = nil) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key_name = reg_path.join('\\') + + Chef::Log.debug("Creating #{path}") + + create_key(path) unless key_exists?(path, true) + + hive.send(mode, key_name, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg| + changed_something = false + values.each do |k, val| + key = k.to_s # wtf. avoid "can't modify frozen string" in win32/registry.rb + cur_val = nil + begin + cur_val = reg[key] + rescue + # subkey does not exist (ok) + end + + next unless cur_val != val + + Chef::Log.debug("setting #{key}=#{val}") + + type = :string if type.nil? + + reg_type = { + binary: ::Win32::Registry::REG_BINARY, + string: ::Win32::Registry::REG_SZ, + multi_string: ::Win32::Registry::REG_MULTI_SZ, + expand_string: ::Win32::Registry::REG_EXPAND_SZ, + dword: ::Win32::Registry::REG_DWORD, + dword_big_endian: ::Win32::Registry::REG_DWORD_BIG_ENDIAN, + qword: ::Win32::Registry::REG_QWORD, + }[type] + + reg.write(key, reg_type, val) + + ensure_hive_unloaded(hive_loaded) + + changed_something = true + end + return changed_something + end + false + end + + def get_value(path, value) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join('\\') + + hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg| + begin + return reg[value] + rescue + return nil + ensure + ensure_hive_unloaded(hive_loaded) + end + end + end + + def get_values(path) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join('\\') + hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg| + values = [] + begin + reg.each_value do |name, type, data| + values << [name, type, data] + end + rescue + ensure + ensure_hive_unloaded(hive_loaded) + end + values + end + end + + def delete_value(path, values) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join('\\') + Chef::Log.debug("Deleting values in #{path}") + hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg| + values.each_key do |key| + name = key.to_s + # Ensure delete operation is idempotent. + if value_exists?(path, key) + Chef::Log.debug("Deleting value #{name} in #{path}") + reg.delete_value(name) + else + Chef::Log.debug("Value #{name} in #{path} does not exist, skipping.") + end + end + end + end + + def create_key(path) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join('\\') + Chef::Log.debug("Creating registry key #{path}") + hive.create(key) + end + + def value_exists?(path, value) + if key_exists?(path, true) + + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join('\\') + + Chef::Log.debug("Attempting to open #{key}") + Chef::Log.debug("Native Constant #{@@native_registry_constant}") + Chef::Log.debug("Hive #{hive}") + + hive.open(key, ::Win32::Registry::KEY_READ | @@native_registry_constant) do |reg| + begin + rtn_value = reg[value] + return true + rescue + return false + ensure + ensure_hive_unloaded(hive_loaded) + end + end + + end + false + end + + # TODO: Does not load user registry... + def key_exists?(path, load_hive = false) + if load_hive + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join('\\') + else + hive = get_hive(path) + reg_path = path.split('\\') + hive_name = reg_path.shift + root_key = reg_path[0] + key = reg_path.join('\\') + hive_loaded = false + end + + begin + hive.open(key, ::Win32::Registry::Constants::KEY_READ | @@native_registry_constant) + return true + rescue + return false + ensure + ensure_hive_unloaded(hive_loaded) + end + end + + def get_user_hive_location(sid) + reg_key = "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\#{sid}" + Chef::Log.debug("Looking for profile at #{reg_key}") + if key_exists?(reg_key) + return get_value(reg_key, 'ProfileImagePath') + else + return nil + end + end + + def resolve_user_to_sid(username) + user_query = execute_wmi_query("select * from Win32_UserAccount where Name='#{username}'") + sid = nil + + user_query.each do |user| + sid = wmi_object_property(user, 'sid') + break + end + + Chef::Log.debug("Resolved user SID to #{sid}") + sid + rescue + nil + end + + def hive_loaded?(path) + hive = get_hive(path) + reg_path = path.split('\\') + hive_name = reg_path.shift + user_hive = path[0] + + if user_hive?(hive) + return key_exists?("#{hive_name}\\#{user_hive}") + else + return true + end + end + + def user_hive?(hive) + hive == ::Win32::Registry::HKEY_USERS + end + + def get_reg_path_info(path) + hive = get_hive(path) + reg_path = path.split('\\') + hive_name = reg_path.shift + root_key = reg_path[0] + hive_loaded = false + + if user_hive?(hive) && !key_exists?("#{hive_name}\\#{root_key}") + reg_path, hive_loaded = load_user_hive(hive, reg_path, root_key) + root_key = reg_path[0] + Chef::Log.debug("Resolved user (#{path}) to (#{reg_path.join('/')})") + end + + [hive, reg_path, hive_name, root_key, hive_loaded] + end + + def load_user_hive(hive, reg_path, user_hive) + Chef::Log.debug("Reg Path #{reg_path}") + # See if the hive is loaded. Logged in users will have a key that is named their SID + # if the user has specified the a path by SID and the user is logged in, this function + # should not be executed. + if user_hive?(hive) && !key_exists?("HKU\\#{user_hive}") + Chef::Log.debug('The user is not logged in and has not been specified by SID') + sid = resolve_user_to_sid(user_hive) + Chef::Log.debug("User SID resolved to (#{sid})") + # Now that the user has been resolved to a SID, check and see if the hive exists. + # If this exists by SID, the user is logged in and we should use that key. + # TODO: Replace the username with the sid and send it back because the username + # does not exist as the key location. + load_reg = false + if key_exists?("HKU\\#{sid}") + reg_path[0] = sid # use the active profile (user is logged on) + Chef::Log.debug("HKEY_USERS Mapped: #{user_hive} -> #{sid}") + else + Chef::Log.debug('User is not logged in') + load_reg = true + end + + # The user is not logged in, so we should load the registry from disk + if load_reg + profile_path = get_user_hive_location(sid) + unless profile_path.nil? + ntuser_dat = "#{profile_path}\\NTUSER.DAT" + if ::File.exist?(ntuser_dat) + priv = Chef::WindowsPrivileged.new + if priv.reg_load_key(sid, ntuser_dat) + Chef::Log.debug("RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})") + reg_path[0] = sid + else + Chef::Log.debug("Failed RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})") + end + end + end + end + end + + [reg_path, load_reg] + end + + private + + def ensure_hive_unloaded(hive_loaded = false) + if hive_loaded + Chef::Log.debug('Hive was loaded, we really should unload it') + unload_hive(path) + end + end + end +end + +module Registry + module_function # rubocop: disable Lint/UselessAccessModifier + + extend Windows::RegistryHelper +end diff --git a/ops/cookbooks/vendor/windows/libraries/version.rb b/ops/cookbooks/vendor/windows/libraries/version.rb new file mode 100644 index 0000000..48ff13f --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/version.rb @@ -0,0 +1,189 @@ +# +# Author:: Seth Chisamore () +# Cookbook:: windows +# Library:: version +# +# Copyright:: 2011-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require_relative 'wmi_helper' +end + +module Windows + class Version + # http://msdn.microsoft.com/en-us/library/ms724833(v=vs.85).aspx + + # Suite Masks + # Microsoft BackOffice components are installed. + VER_SUITE_BACKOFFICE = 0x00000004 unless defined?(VER_SUITE_BACKOFFICE) + # Windows Server 2008 Datacenter, Windows Server 2003, Datacenter Edition, or Windows 2000 Datacenter Server is installed. + VER_SUITE_DATACENTER = 0x00000080 unless defined?(VER_SUITE_DATACENTER) + # Windows Server 2008 Enterprise, Windows Server 2003, Enterprise Edition, or Windows 2000 Advanced Server is installed. Refer to the Remarks section for more information about this bit flag. + VER_SUITE_ENTERPRISE = 0x00000002 unless defined?(VER_SUITE_ENTERPRISE) + # Windows XP Embedded is installed. + VER_SUITE_EMBEDDEDNT = 0x00000040 unless defined?(VER_SUITE_EMBEDDEDNT) + # Windows Vista Home Premium, Windows Vista Home Basic, or Windows XP Home Edition is installed. + VER_SUITE_PERSONAL = 0x00000200 unless defined?(VER_SUITE_PERSONAL) + # Remote Desktop is supported, but only one interactive session is supported. This value is set unless the system is running in application server mode. + VER_SUITE_SINGLEUSERTS = 0x00000100 unless defined?(VER_SUITE_SINGLEUSERTS) + # Microsoft Small Business Server was once installed on the system, but may have been upgraded to another version of Windows. Refer to the Remarks section for more information about this bit flag. + VER_SUITE_SMALLBUSINESS = 0x00000001 unless defined?(VER_SUITE_SMALLBUSINESS) + # Microsoft Small Business Server is installed with the restrictive client license in force. Refer to the Remarks section for more information about this bit flag. + VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020 unless defined?(VER_SUITE_SMALLBUSINESS_RESTRICTED) + # Terminal Services is installed. This value is always set. + # If VER_SUITE_TERMINAL is set but VER_SUITE_SINGLEUSERTS is not set, the system is running in application server mode. + VER_SUITE_TERMINAL = 0x00000010 unless defined?(VER_SUITE_TERMINAL) + # Windows Home Server is installed. + VER_SUITE_WH_SERVER = 0x00008000 unless defined?(VER_SUITE_WH_SERVER) + + # Product Type + # The system is a domain controller and the operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server. + VER_NT_DOMAIN_CONTROLLER = 0x0000002 unless defined?(VER_NT_DOMAIN_CONTROLLER) + # The operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server. + # Note that a server that is also a domain controller is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER. + VER_NT_SERVER = 0x0000003 unless defined?(VER_NT_SERVER) + # The operating system is Windows 7, Windows Vista, Windows XP Professional, Windows XP Home Edition, or Windows 2000 Professional. + VER_NT_WORKSTATION = 0x0000001 unless defined?(VER_NT_WORKSTATION) + + # http://msdn.microsoft.com/en-us/library/ms724358(v=vs.85).aspx + SKU = { + 0x00000006 => { ms_const: 'PRODUCT_BUSINESS', name: 'Business' }, + 0x00000010 => { ms_const: 'PRODUCT_BUSINESS_N', name: 'Business N' }, + 0x00000012 => { ms_const: 'PRODUCT_CLUSTER_SERVER', name: 'HPC Edition' }, + 0x00000008 => { ms_const: 'PRODUCT_DATACENTER_SERVER', name: 'Server Datacenter (full installation)' }, + 0x0000000C => { ms_const: 'PRODUCT_DATACENTER_SERVER_CORE', name: 'Server Datacenter (core installation)' }, + 0x00000027 => { ms_const: 'PRODUCT_DATACENTER_SERVER_CORE_V', name: 'Server Datacenter without Hyper-V (core installation)' }, + 0x00000025 => { ms_const: 'PRODUCT_DATACENTER_SERVER_V', name: 'Server Datacenter without Hyper-V (full installation)' }, + 0x00000004 => { ms_const: 'PRODUCT_ENTERPRISE', name: 'Enterprise' }, + 0x00000046 => { ms_const: 'PRODUCT_ENTERPRISE_E', name: 'Not supported' }, + 0x0000001B => { ms_const: 'PRODUCT_ENTERPRISE_N', name: 'Enterprise N' }, + 0x0000000A => { ms_const: 'PRODUCT_ENTERPRISE_SERVER', name: 'Server Enterprise (full installation)' }, + 0x0000000E => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_CORE', name: 'Server Enterprise (core installation)' }, + 0x00000029 => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_CORE_V', name: 'Server Enterprise without Hyper-V (core installation)' }, + 0x0000000F => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_IA64', name: 'Server Enterprise for Itanium-based Systems' }, + 0x00000026 => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_V', name: 'Server Enterprise without Hyper-V (full installation)' }, + 0x00000002 => { ms_const: 'PRODUCT_HOME_BASIC', name: 'Home Basic' }, + 0x00000043 => { ms_const: 'PRODUCT_HOME_BASIC_E', name: 'Not supported' }, + 0x00000005 => { ms_const: 'PRODUCT_HOME_BASIC_N', name: 'Home Basic N' }, + 0x00000003 => { ms_const: 'PRODUCT_HOME_PREMIUM', name: 'Home Premium' }, + 0x00000044 => { ms_const: 'PRODUCT_HOME_PREMIUM_E', name: 'Not supported' }, + 0x0000001A => { ms_const: 'PRODUCT_HOME_PREMIUM_N', name: 'Home Premium N' }, + 0x0000002A => { ms_const: 'PRODUCT_HYPERV', name: 'Microsoft Hyper-V Server' }, + 0x0000001E => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT', name: 'Windows Essential Business Server Management Server' }, + 0x00000020 => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING', name: 'Windows Essential Business Server Messaging Server' }, + 0x0000001F => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY', name: 'Windows Essential Business Server Security Server' }, + 0x00000030 => { ms_const: 'PRODUCT_PROFESSIONAL', name: 'Professional' }, + 0x00000045 => { ms_const: 'PRODUCT_PROFESSIONAL_E', name: 'Not supported' }, + 0x00000031 => { ms_const: 'PRODUCT_PROFESSIONAL_N', name: 'Professional N' }, + 0x00000067 => { ms_const: 'PRODUCT_PROFESSIONAL_WMC', name: 'Professional with Media Center' }, + 0x00000018 => { ms_const: 'PRODUCT_SERVER_FOR_SMALLBUSINESS', name: 'Windows Server 2008 for Windows Essential Server Solutions' }, + 0x00000023 => { ms_const: 'PRODUCT_SERVER_FOR_SMALLBUSINESS_V', name: 'Windows Server 2008 without Hyper-V for Windows Essential Server Solutions' }, + 0x00000021 => { ms_const: 'PRODUCT_SERVER_FOUNDATION', name: 'Server Foundation' }, + 0x00000022 => { ms_const: 'PRODUCT_HOME_PREMIUM_SERVER', name: 'Windows Home Server 2011' }, + 0x00000032 => { ms_const: 'PRODUCT_SB_SOLUTION_SERVER', name: 'Windows Small Business Server 2011 Essentials' }, + 0x00000013 => { ms_const: 'PRODUCT_HOME_SERVER', name: 'Windows Storage Server 2008 R2 Essentials' }, + 0x00000009 => { ms_const: 'PRODUCT_SMALLBUSINESS_SERVER', name: 'Windows Small Business Server' }, + 0x00000038 => { ms_const: 'PRODUCT_SOLUTION_EMBEDDEDSERVER', name: 'Windows MultiPoint Server' }, + 0x00000007 => { ms_const: 'PRODUCT_STANDARD_SERVER', name: 'Server Standard (full installation)' }, + 0x0000000D => { ms_const: 'PRODUCT_STANDARD_SERVER_CORE', name: 'Server Standard (core installation)' }, + 0x00000028 => { ms_const: 'PRODUCT_STANDARD_SERVER_CORE_V', name: 'Server Standard without Hyper-V (core installation)' }, + 0x00000024 => { ms_const: 'PRODUCT_STANDARD_SERVER_V', name: 'Server Standard without Hyper-V (full installation)' }, + 0x0000000B => { ms_const: 'PRODUCT_STARTER', name: 'Starter' }, + 0x00000042 => { ms_const: 'PRODUCT_STARTER_E', name: 'Not supported' }, + 0x0000002F => { ms_const: 'PRODUCT_STARTER_N', name: 'Starter N' }, + 0x00000017 => { ms_const: 'PRODUCT_STORAGE_ENTERPRISE_SERVER', name: 'Storage Server Enterprise' }, + 0x00000014 => { ms_const: 'PRODUCT_STORAGE_EXPRESS_SERVER', name: 'Storage Server Express' }, + 0x00000015 => { ms_const: 'PRODUCT_STORAGE_STANDARD_SERVER', name: 'Storage Server Standard' }, + 0x00000016 => { ms_const: 'PRODUCT_STORAGE_WORKGROUP_SERVER', name: 'Storage Server Workgroup' }, + 0x00000000 => { ms_const: 'PRODUCT_UNDEFINED', name: 'An unknown product' }, + 0x00000001 => { ms_const: 'PRODUCT_ULTIMATE', name: 'Ultimate' }, + 0x00000047 => { ms_const: 'PRODUCT_ULTIMATE_E', name: 'Not supported' }, + 0x0000001C => { ms_const: 'PRODUCT_ULTIMATE_N', name: 'Ultimate N' }, + 0x00000011 => { ms_const: 'PRODUCT_WEB_SERVER', name: 'Web Server (full installation)' }, + 0x0000001D => { ms_const: 'PRODUCT_WEB_SERVER_CORE', name: 'Web Server (core installation)' }, + }.freeze unless defined?(SKU) + + attr_reader :major_version, :minor_version, :build_number, :service_pack_major_version, :service_pack_minor_version + attr_reader :version, :product_type, :product_suite, :sku + + def initialize + unless RUBY_PLATFORM =~ /mswin|mingw32|windows/ + raise NotImplementedError, 'only valid on Windows platform' + end + @version, @product_type, @product_suite, @sku, @service_pack_major_version, @service_pack_minor_version = get_os_info + @major_version, @minor_version, @build_number = version.split('.').map(&:to_i) + end + + WIN_VERSIONS = { + 'Windows 10' => { major: 10, minor: 0, callable: -> { @product_type != VER_NT_WORKSTATION } }, + 'Windows Server 2012 R2' => { major: 6, minor: 3, callable: -> { @product_type != VER_NT_WORKSTATION } }, + 'Windows 8' => { major: 6, minor: 2, callable: -> { @product_type == VER_NT_WORKSTATION } }, + 'Windows Server 2012' => { major: 6, minor: 2, callable: -> { @product_type != VER_NT_WORKSTATION } }, + 'Windows 7' => { major: 6, minor: 1, callable: -> { @product_type == VER_NT_WORKSTATION } }, + 'Windows Server 2008 R2' => { major: 6, minor: 1, callable: -> { @product_type != VER_NT_WORKSTATION } }, + 'Windows Server 2008' => { major: 6, minor: 0, callable: -> { @product_type != VER_NT_WORKSTATION } }, + 'Windows Vista' => { major: 6, minor: 0, callable: -> { @product_type == VER_NT_WORKSTATION } }, + 'Windows Home Server' => { major: 5, minor: 2, callable: -> { (@product_suite & VER_SUITE_WH_SERVER) == VER_SUITE_WH_SERVER } }, + 'Windows XP' => { major: 5, minor: 1 }, + 'Windows 2000' => { major: 5, minor: 0 }, + }.freeze unless defined?(WIN_VERSIONS) + + marketing_names = [] + + # General Windows checks + WIN_VERSIONS.each do |k, v| + method_name = "#{k.gsub(/\s/, '_').downcase}?" + define_method(method_name) do + (@major_version == v[:major]) && + (@minor_version == v[:minor]) && + (v[:callable] ? v[:callable].call : true) + end + marketing_names << [k, method_name] + end + + define_method(:marketing_name) do + marketing_names.each do |mn| + break mn[0] if send(mn[1]) + end + end + + # Server Type checks + %w( core full datacenter ).each do |m| + define_method("server_#{m}?") do + if @sku + !(SKU[@sku][:name] =~ /#{m}/i).nil? + else + false + end + end + end + + private + + # query WMI Win32_OperatingSystem for required OS info + def get_os_info + cols = %w( Version ProductType OSProductSuite OperatingSystemSKU ServicePackMajorVersion ServicePackMinorVersion ) + os_info = execute_wmi_query('select * from Win32_OperatingSystem').each.next + cols.map do |c| + begin + wmi_object_property(os_info, c) + rescue # OperatingSystemSKU doesn't exist in all versions of Windows + nil + end + end + end + end +end diff --git a/ops/cookbooks/vendor/windows/libraries/version_helper.rb b/ops/cookbooks/vendor/windows/libraries/version_helper.rb new file mode 100644 index 0000000..fcb0aa7 --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/version_helper.rb @@ -0,0 +1,93 @@ +# +# Cookbook:: windows +# Library:: version_helper +# Author:: Baptiste Courtois () +# +# Copyright:: 2015-2017, Criteo +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +module Windows + # Module based on windows ohai kernel.cs_info providing version helpers + module VersionHelper + # Module referencing CORE SKU contants from product type + # see. https://msdn.microsoft.com/windows/desktop/ms724358#PRODUCT_DATACENTER_SERVER_CORE + # n.b. Prefix - PRODUCT_ - and suffix - _CORE- have been removed + module CoreSKU + # Server Datacenter Core + DATACENTER_SERVER = 0x0C unless constants.include?(:DATACENTER_SERVER) + # Server Datacenter without Hyper-V Core + DATACENTER_SERVER_V = 0x27 unless constants.include?(:DATACENTER_SERVER_V) + # Server Enterprise Core + ENTERPRISE_SERVER = 0x0E unless constants.include?(:ENTERPRISE_SERVER) + # Server Enterprise without Hyper-V Core + ENTERPRISE_SERVER_V = 0x29 unless constants.include?(:ENTERPRISE_SERVER_V) + # Server Standard Core + STANDARD_SERVER = 0x0D unless constants.include?(:STANDARD_SERVER) + # Server Standard without Hyper-V Core + STANDARD_SERVER_V = 0x28 unless constants.include?(:STANDARD_SERVER_V) + # Small Business Server Premium Core + PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE = 0x3F unless constants.include?(:PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE) + # Server Solutions Premium Core + STANDARD_SERVER_SOLUTIONS = 0x35 unless constants.include?(:STANDARD_SERVER_SOLUTIONS) + # Storage Server Enterprise Core + STORAGE_ENTERPRISE_SERVER = 0x2E unless constants.include?(:STORAGE_ENTERPRISE_SERVER) + # Storage Server Express Core + STORAGE_EXPRESS_SERVER = 0x2B unless constants.include?(:STORAGE_EXPRESS_SERVER) + # Storage Server Standard Core + STORAGE_STANDARD_SERVER = 0x2C unless constants.include?(:STORAGE_STANDARD_SERVER) + # Storage Server Workgroup Core + STORAGE_WORKGROUP_SERVER = 0x2D unless constants.include?(:STORAGE_WORKGROUP_SERVER) + # Web Server Core + WEB_SERVER = 0x1D unless constants.include?(:WEB_SERVER) + end + + # Module referencing product type contants + # see. https://msdn.microsoft.com/windows/desktop/ms724833#VER_NT_SERVER + # n.b. Prefix - VER_NT_ - has been removed + module ProductType + WORKSTATION = 0x1 unless constants.include?(:WORKSTATION) + DOMAIN_CONTROLLER = 0x2 unless constants.include?(:DOMAIN_CONTROLLER) + SERVER = 0x3 unless constants.include?(:SERVER) + end + + # Determines whether current node is running a windows Core version + def self.core_version?(node) + validate_platform node + + CoreSKU.constants.any? { |c| CoreSKU.const_get(c) == node['kernel']['os_info']['operating_system_sku'] } + end + + # Determines whether current node is a workstation version + def self.workstation_version?(node) + validate_platform node + node['kernel']['os_info']['product_type'] == ProductType::WORKSTATION + end + + # Determines whether current node is a server version + def self.server_version?(node) + !workstation_version?(node) + end + + # Determines NT version of the current node + def self.nt_version(node) + validate_platform node + + node['platform_version'].to_f + end + + def self.validate_platform(node) + raise 'Windows helper are only supported on windows platform!' unless node['platform'] == 'windows' + end + end +end diff --git a/ops/cookbooks/vendor/windows/libraries/windows_helper.rb b/ops/cookbooks/vendor/windows/libraries/windows_helper.rb new file mode 100644 index 0000000..97ec431 --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/windows_helper.rb @@ -0,0 +1,165 @@ +# +# Author:: Seth Chisamore () +# Cookbook:: windows +# Library:: windows_helper +# +# Copyright:: 2011-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'uri' +require 'chef/exceptions' +require 'openssl' +require 'chef/mixin/powershell_out' +require 'chef/mixin/windows_env_helper' +require 'chef/util/path_helper' + +module Windows + module Helper + AUTO_RUN_KEY = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.freeze unless defined?(AUTO_RUN_KEY) + ENV_KEY = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment'.freeze unless defined?(ENV_KEY) + include Chef::Mixin::WindowsEnvHelper + + # returns windows friendly version of the provided path, + # ensures backslashes are used everywhere + def win_friendly_path(path) + Chef::Log.warn('The win_friendly_path helper has been deprecated and will be removed from the next major release of the windows cookbook. Please update any cookbooks using this helper to instead require `chef/util/path_helper` and then use `Chef::Util::PathHelper.cleanpath`.') + path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR || '\\') if path + end + + # account for Window's wacky File System Redirector + # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx + # especially important for 32-bit processes (like Ruby) on a + # 64-bit instance of Windows. + def locate_sysnative_cmd(cmd) + if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\#{cmd}") + "#{ENV['WINDIR']}\\sysnative\\#{cmd}" + elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\#{cmd}") + "#{ENV['WINDIR']}\\system32\\#{cmd}" + else + cmd + end + end + + # singleton instance of the Windows Version checker + def win_version + @win_version ||= Windows::Version.new + end + + # Helper function to properly parse a URI + def as_uri(source) + URI.parse(source) + rescue URI::InvalidURIError + Chef::Log.warn("#{source} was an invalid URI. Trying to escape invalid characters") + URI.parse(URI.escape(source)) + end + + # if a file is local it returns a windows friendly path version + # if a file is remote it caches it locally + def cached_file(source, checksum = nil, windows_path = true) + @installer_file_path ||= begin + + if source =~ %r{^(file|ftp|http|https):\/\/} + uri = as_uri(source) + cache_file_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}" + Chef::Log.debug("Caching a copy of file #{source} at #{cache_file_path}") + remote_file cache_file_path do + source source + backup false + checksum checksum unless checksum.nil? + end.run_action(:create) + else + cache_file_path = source + end + + windows_path ? Chef::Util::PathHelper.cleanpath(cache_file_path) : cache_file_path + end + end + + # Expands the environment variables + def expand_env_vars(path) + # The windows Env provider does not correctly expand variables in + # the PATH environment variable. Ruby expects these to be expanded. + # Using Chef::Mixin::WindowsEnvHelper + expand_path(path) + end + + def is_package_installed?(package_name) # rubocop:disable Naming/PredicateName + installed_packages.include?(package_name) + end + + def installed_packages + @installed_packages || begin + installed_packages = {} + # Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE)) # rescue nil + # 64-bit registry view + # Computer\HKEY_LOCAL_MACHINE\Software\Wow6464Node\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0100))) # rescue nil + # 32-bit registry view + # Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0200))) # rescue nil + # Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_CURRENT_USER)) # rescue nil + installed_packages + end + end + + # Returns an array + def to_array(var) + var = var.is_a?(Array) ? var : [var] + var.reject(&:nil?) + end + + private + + def extract_installed_packages_from_key(hkey = ::Win32::Registry::HKEY_LOCAL_MACHINE, desired = ::Win32::Registry::Constants::KEY_READ) + uninstall_subkey = 'Software\Microsoft\Windows\CurrentVersion\Uninstall' + packages = {} + begin + ::Win32::Registry.open(hkey, uninstall_subkey, desired) do |reg| + reg.each_key do |key, _wtime| + begin + k = reg.open(key, desired) + display_name = begin + k['DisplayName'] + rescue + nil + end + version = begin + k['DisplayVersion'] + rescue + 'NO VERSION' + end + uninstall_string = begin + k['UninstallString'] + rescue + nil + end + if display_name + packages[display_name] = { name: display_name, + version: version, + uninstall_string: uninstall_string } + end + rescue ::Win32::Registry::Error + end + end + end + rescue ::Win32::Registry::Error + end + packages + end + end +end + +Chef::Recipe.send(:include, Windows::Helper) diff --git a/ops/cookbooks/vendor/windows/libraries/windows_privileged.rb b/ops/cookbooks/vendor/windows/libraries/windows_privileged.rb new file mode 100644 index 0000000..68d96c3 --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/windows_privileged.rb @@ -0,0 +1,103 @@ +# +# Author:: Doug MacEachern +# Author:: Paul Morton () +# Cookbook:: windows +# Library:: windows_privileged +# +# Copyright:: 2010-2017, VMware, Inc. +# Copyright:: 2011-2017, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# helpers for Windows API calls that require privilege adjustments +class Chef + class WindowsPrivileged + # File -> Load Hive... in regedit.exe + def reg_load_key(name, file) + load_deps + + run(SE_BACKUP_NAME, SE_RESTORE_NAME) do + rc = RegLoadKey(HKEY_USERS, name.to_s, file) + if rc == ERROR_SUCCESS + return true + elsif rc == ERROR_SHARING_VIOLATION + return false + else + raise get_last_error(rc) + end + end + end + + # File -> Unload Hive... in regedit.exe + def reg_unload_key(name) + load_deps + + run(SE_BACKUP_NAME, SE_RESTORE_NAME) do + rc = RegUnLoadKey(HKEY_USERS, name.to_s) + raise get_last_error(rc) if rc != ERROR_SUCCESS + end + end + + def run(*privileges) + load_deps + + token = [0].pack('L') + + unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, token) + raise get_last_error + end + token = token.unpack1('L') + + privileges.each do |name| + unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED) + raise get_last_error + end + end + + begin + yield + ensure # disable privs + privileges.each do |name| + adjust_privilege(token, name, 0) + end + end + end + + def adjust_privilege(token, priv, attr = 0) + load_deps + + luid = [0, 0].pack('Ll') + if LookupPrivilegeValue(nil, priv, luid) + new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL') + AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0) + end + end + + private + + def load_deps + if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'windows/error' + require 'windows/registry' + require 'windows/process' + require 'windows/security' + + include Windows::Error + include Windows::Registry + include Windows::Process + include Windows::Security + end + end + end +end diff --git a/ops/cookbooks/vendor/windows/libraries/wmi_helper.rb b/ops/cookbooks/vendor/windows/libraries/wmi_helper.rb new file mode 100644 index 0000000..2acdc38 --- /dev/null +++ b/ops/cookbooks/vendor/windows/libraries/wmi_helper.rb @@ -0,0 +1,34 @@ +# +# Author:: Adam Edwards () +# Cookbook:: windows +# Library:: wmi_helper +# +# Copyright:: 2014-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'win32ole' + + def execute_wmi_query(wmi_query) + wmi = ::WIN32OLE.connect('winmgmts://') + result = wmi.ExecQuery(wmi_query) + return nil unless result.each.count > 0 + result + end + + def wmi_object_property(wmi_object, wmi_property) + wmi_object.send(wmi_property) + end +end diff --git a/ops/cookbooks/vendor/windows/metadata.json b/ops/cookbooks/vendor/windows/metadata.json new file mode 100644 index 0000000..33a7cfd --- /dev/null +++ b/ops/cookbooks/vendor/windows/metadata.json @@ -0,0 +1 @@ +{"name":"windows","version":"6.0.0","description":"Provides a set of useful Windows-specific primitives.","long_description":"# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## Requirements\n\n### Platforms\n\n- Windows 7\n- Windows Server 2008 R2\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n- Windows Server 2016\n\n### Chef\n\n- Chef 14+\n\n## Resources\n\n### Deprecated Resources Note\n\nAs of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources.\n\n### windows_certificate\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n\n- `:create` - creates or updates a certificate.\n- `:delete` - deletes a certificate.\n- `:acl_add` - adds read-only entries to a certificate's private key ACL.\n- `:verify` - logs whether or not a certificate is valid\n\n#### Properties\n\n- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).\n- `pfx_password` - the password to access the source if it is a pfx file.\n- `private_key_acl` - array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- `store_name` - the certificate store to manipulate. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n - DISALLOWED (Untrusted Certificates)\n- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n pfx_password \"password\"\n private_key_acl [\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n store_name \"CA\"\nend\n```\n\n```ruby\n# Remove all certificates matching the subject\nwindows_certificate \"me.acme.com\" do\n action :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:\n - IP v4 address `1.2.3.4`\n - IP v6 address `[::1]`\n - Host name `www.foo.com`\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n cert_name \"d234567890a23f567c901e345bc8901d34567890\"\n name_kind :hash\n store_name \"CA\"\n port 4334\nend\n```\n\n### windows_dns\n\nConfigures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.\n\n#### Actions\n\n- :create: creates/updates the DNS entry\n- :delete: deletes the DNS entry\n\n#### Properties\n\n- host_name: name attribute. FQDN of the entry to act on.\n- dns_server: the DNS server to update. Default is local machine (.)\n- record_type: the type of record to create. One of A (default) or CNAME\n- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias\n- ttl: if > 0 then set the time to live of the record\n\n#### Examples\n\n```ruby\n# Create A record linked to 2 addresses with a 10 minute ttl\nwindows_dns \"m1.chef.test\" do\n target ['10.9.8.7', '1.2.3.4']\n ttl 600\nend\n```\n\n```ruby\n# Delete records. target is mandatory although not used\nwindows_dns \"m1.chef.test\" do\n action :delete\n target []\nend\n```\n\n```ruby\n# Set an alias against the node in a role\nnodes = search( :node, \"role:my_service\" )\nwindows_dns \"myservice.chef.test\" do\n record_type 'CNAME'\n target nodes[0]['fqdn']\nend\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n action :delete\nend\n```\n\n### windows_share\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreates, modifies and removes Windows shares. All properties are idempotent.\n\n`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8.\n\n#### Actions\n\n- `:create`: creates/modifies a share\n- `:delete`: deletes a share\n\n#### Properties\n\nproperty | type | default | description\n------------------------ | ---------- | ------------- | -----------------------------------------------------------------------------------------------------------------------------------------------------------\n`share_name` | String | resource name | the share to assign to the share\n`path` | String | | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.\n`description` | String | | description to be applied to the share\n`full_users` | Array | [] | users which should have \"Full control\" permissions\n`change_users` | Array | [] | Users are granted modify permission to access the share.\n`read_users` | Array | [] | users which should have \"Read\" permissions\n`temporary` | True/False | false | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer\n`scope_name` | String | '*' | The scope name of the share.\n`ca_timeout` | Integer | 0 | The continuous availability time-out for the share.\n`continuously_available` | True/False | false | Indicates that the share is continuously available.\n`concurrent_user_limit` | Integer | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate\n`encrypt_data` | True/False | false | Indicates that the share is encrypted.\n\n#### Examples\n\n```ruby\nwindows_share \"foo\" do\n action :create\n path \"C:\\\\foo\"\n full_users [\"DOMAIN_A\\\\some_user\", \"DOMAIN_B\\\\some_other_user\"]\n read_users [\"DOMAIN_C\\\\Domain users\"]\nend\n```\n\n```ruby\nwindows_share \"foo\" do\n action :delete\nend\n```\n\n### windows_user_privilege\n\nAdds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`).\n\n#### Actions\n\n- `:add` - add the specified privileges to the `principal`\n- `:remove` - remove the specified privilege of the `principal`\n\n#### Properties\n\n- `principal` - Name attribute, Required, String. The user or group to be granted privileges.\n- `privilege` - Required, String/Array. The privilege(s) to be granted.\n\n#### Examples\n\nGrant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight SeServiceLogonRight)\nend\n```\n\nRemove `Logon as a batch job` privilege of Administrator.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight)\n action :remove\nend\n```\n\n#### Available Privileges\n\n```\nSeTrustedCredManAccessPrivilege Access Credential Manager as a trusted caller\nSeNetworkLogonRight Access this computer from the network\nSeTcbPrivilege Act as part of the operating system\nSeMachineAccountPrivilege Add workstations to domain\nSeIncreaseQuotaPrivilege Adjust memory quotas for a process\nSeInteractiveLogonRight Allow log on locally\nSeRemoteInteractiveLogonRight Allow log on through Remote Desktop Services\nSeBackupPrivilege Back up files and directories\nSeChangeNotifyPrivilege Bypass traverse checking\nSeSystemtimePrivilege Change the system time\nSeTimeZonePrivilege Change the time zone\nSeCreatePagefilePrivilege Create a pagefile\nSeCreateTokenPrivilege Create a token object\nSeCreateGlobalPrivilege Create global objects\nSeCreatePermanentPrivilege Create permanent shared objects\nSeCreateSymbolicLinkPrivilege Create symbolic links\nSeDebugPrivilege Debug programs\nSeDenyNetworkLogonRight Deny access this computer from the network\nSeDenyBatchLogonRight Deny log on as a batch job\nSeDenyServiceLogonRight Deny log on as a service\nSeDenyInteractiveLogonRight Deny log on locally\nSeDenyRemoteInteractiveLogonRight Deny log on through Remote Desktop Services\nSeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation\nSeRemoteShutdownPrivilege Force shutdown from a remote system\nSeAuditPrivilege Generate security audits\nSeImpersonatePrivilege Impersonate a client after authentication\nSeIncreaseWorkingSetPrivilege Increase a process working set\nSeIncreaseBasePriorityPrivilege Increase scheduling priority\nSeLoadDriverPrivilege Load and unload device drivers\nSeLockMemoryPrivilege Lock pages in memory\nSeBatchLogonRight Log on as a batch job\nSeServiceLogonRight Log on as a service\nSeSecurityPrivilege Manage auditing and security log\nSeRelabelPrivilege Modify an object label\nSeSystemEnvironmentPrivilege Modify firmware environment values\nSeManageVolumePrivilege Perform volume maintenance tasks\nSeProfileSingleProcessPrivilege Profile single process\nSeSystemProfilePrivilege Profile system performance\nSeUnsolicitedInputPrivilege \"Read unsolicited input from a terminal device\"\nSeUndockPrivilege Remove computer from docking station\nSeAssignPrimaryTokenPrivilege Replace a process level token\nSeRestorePrivilege Restore files and directories\nSeShutdownPrivilege Shut down the system\nSeSyncAgentPrivilege Synchronize directory service data\nSeTakeOwnershipPrivilege Take ownership of files or other objects\n```\n\n### windows_zipfile\n\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.\n\n#### core_version?\n\nDetermines whether given node is running on a windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n when '6.0' then 'Windows vista or Server 2008'\n when '6.1' then 'Windows 7 or Server 2008R2'\n when '6.2' then 'Windows 8 or Server 2012'\n when '6.3' then 'Windows 8.1 or Server 2012R2'\n when '10.0' then 'Windows 10'\nend\n```\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2018, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 14"]],"ohai_version":[]} \ No newline at end of file diff --git a/ops/cookbooks/vendor/windows/metadata.rb b/ops/cookbooks/vendor/windows/metadata.rb new file mode 100644 index 0000000..f65f147 --- /dev/null +++ b/ops/cookbooks/vendor/windows/metadata.rb @@ -0,0 +1,11 @@ +name 'windows' +maintainer 'Chef Software, Inc.' +maintainer_email 'cookbooks@chef.io' +license 'Apache-2.0' +description 'Provides a set of useful Windows-specific primitives.' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '6.0.0' +supports 'windows' +source_url 'https://github.com/chef-cookbooks/windows' +issues_url 'https://github.com/chef-cookbooks/windows/issues' +chef_version '>= 14' diff --git a/ops/cookbooks/vendor/windows/providers/dns.rb b/ops/cookbooks/vendor/windows/providers/dns.rb new file mode 100644 index 0000000..f6a8b31 --- /dev/null +++ b/ops/cookbooks/vendor/windows/providers/dns.rb @@ -0,0 +1,153 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook:: windows +# Provider:: dns +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# See this for info on DNSCMD +# https://technet.microsoft.com/en-gb/library/cc772069.aspx#BKMK_10 + +include Windows::Helper + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + if @current_resource.exists + needs_change = (@new_resource.record_type != @current_resource.record_type) || + (@new_resource.ttl > 0 && @new_resource.ttl != @current_resource.ttl) || + (@new_resource.target.is_a?(String) && @new_resource.target != @current_resource.target) || + (@new_resource.target.is_a?(Array) && !(@new_resource.target - @current_resource.target).empty?) + + if needs_change + converge_by("Changing #{@new_resource.host_name}") do + update_dns + end + else + Chef::Log.debug("#{@new_resource.host_name} already exists - nothing to do") + end + else + converge_by("Creating #{@new_resource.host_name}") do + update_dns + end + end +end + +action :delete do + if @current_resource.exists + converge_by("Deleting #{@current_resource.host_name}") do + execute_command! 'recorddelete', "#{@current_resource.record_type} /f" + end + else + Chef::Log.debug("#{@new_resource.host_name} does not exist - nothing to do") + end +end + +def load_current_resource + # validate the new resource params : A records should be an array + if @new_resource.record_type == 'A' && @new_resource.target.is_a?(String) + raise 'target property must be an array for record_type A' + end + + @current_resource = Chef::Resource::WindowsDns.new(@new_resource.name) + @current_resource.host_name(@new_resource.host_name) + @current_resource.dns_server(@new_resource.dns_server) + + parts = @current_resource.host_name.scan(/(\w+)\.(.*)/) + @host = parts[0][0] + @domain = parts[0][1] + + fetch_attributes +end + +private + +def fetch_attributes + @command = locate_sysnative_cmd('dnscmd.exe') + cmd = shell_out("#{@command} #{@current_resource.dns_server} /enumrecords #{@domain} #{@host}") + Chef::Log.debug "dnscmd reports: #{cmd.stdout}" + + # extract values from returned text + if cmd.stdout.include?('DNS_ERROR_NAME_DOES_NOT_EXIST') + @current_resource.exists = false + @current_resource.target([]) + elsif cmd.exitstatus == 0 + @current_resource.exists = true + + m = cmd.stdout.scan(/(\d+)\s(A)\s+(\d+\.\d+\.\d+\.\d+)/) + if m.empty? + m = cmd.stdout.scan(/(\d+)\s(CNAME)\s+((?:\w+\.)+)/) + if m.empty? + @current_resource.exists = false + @current_resource.target([]) + else + # We have a cname record + @current_resource.record_type('CNAME') + @current_resource.ttl(m[0][0].to_i) + @current_resource.target(m[0][2].chomp('.')) + end + else + # we have A entries + @current_resource.record_type('A') + @current_resource.ttl(m[0][0].to_i) + addresses = [] + m.each do |match| + addresses.push(match[2]) + end + @current_resource.target(addresses) + end + else + raise "dnscmd returned error #{cmd.exitstatus} : #{cmd.stderr} #{cmd.stdout}" + end +end + +def update_dns + ttl = @new_resource.ttl if @new_resource.ttl > 0 + + if @current_resource.record_type != @new_resource.record_type + # delete current record(s) as we're changing the type + execute_command! 'recorddelete', "#{@current_resource.record_type} /f" + end + + if @new_resource.record_type == 'A' + # delete existing records that are no longer defined + (@current_resource.target - @new_resource.target).each do |address| + Chef::Log.info "Deleting #{address}" + execute_command! 'recorddelete', "A #{address} /f" + end + + # add new records that don't exist + # if ttl has changed then update all records + addresses = if @current_resource.ttl == @new_resource.ttl + (@new_resource.target - @current_resource.target) + else + @new_resource.target + end + addresses.each do |address| + Chef::Log.info "Adding/Changing #{address}" + execute_command! 'recordadd', "#{ttl} A #{address}" + end + else + execute_command! 'recordadd', "#{ttl} CNAME #{@new_resource.target}" + end +end + +def execute_command!(mode, options) + shell_out!("#{@command} #{@current_resource.dns_server} /#{mode} #{@domain} #{@host} #{options}") +end diff --git a/ops/cookbooks/vendor/windows/recipes/default.rb b/ops/cookbooks/vendor/windows/recipes/default.rb new file mode 100644 index 0000000..73845f6 --- /dev/null +++ b/ops/cookbooks/vendor/windows/recipes/default.rb @@ -0,0 +1,21 @@ +# +# Author:: Seth Chisamore () +# Cookbook:: windows +# Recipe:: default +# +# Copyright:: 2011-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Log.warn('The windows::default recipe has been deprecated. The gems previously installed in this recipe ship in the Chef MSI.') diff --git a/ops/cookbooks/vendor/windows/resources/certificate.rb b/ops/cookbooks/vendor/windows/resources/certificate.rb new file mode 100644 index 0000000..4003fbb --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/certificate.rb @@ -0,0 +1,301 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook:: windows +# Resource:: certificate +# +# Copyright:: 2015-2017, Calastone Ltd. +# Copyright:: 2018-2019, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/util/path_helper' + +chef_version_for_provides '< 14.7' if respond_to?(:chef_version_for_provides) +resource_name :windows_certificate + +property :source, String, name_property: true +property :pfx_password, String +property :private_key_acl, Array +property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'TrustedPublisher', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST', 'DISALLOWED'] +property :user_store, [TrueClass, FalseClass], default: false +property :cert_path, String +property :sensitive, [ TrueClass, FalseClass ], default: lazy { |r| r.pfx_password ? true : false } + +action :create do + load_gem + + # Extension of the certificate + ext = ::File.extname(new_resource.source) + cert_obj = fetch_cert_object(ext) # Fetch OpenSSL::X509::Certificate object + thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint + + # Need to check if return value is Boolean:true + # If not then the given certificate should be added in certstore + if verify_cert(thumbprint) == true + Chef::Log.debug('Certificate is already present') + else + converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do + if ext == '.pfx' + add_pfx_cert + else + add_cert(cert_obj) + end + end + end +end + +# acl_add is a modify-if-exists operation : not idempotent +action :acl_add do + if ::File.exist?(new_resource.source) + hash = '$cert.GetCertHashString()' + code_script = cert_script(false) + guard_script = cert_script(false) + else + # make sure we have no spaces in the hash string + hash = "\"#{new_resource.source.gsub(/\s/, '')}\"" + code_script = '' + guard_script = '' + end + code_script << acl_script(hash) + guard_script << cert_exists_script(hash) + + powershell_script "setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}" do + guard_interpreter :powershell_script + convert_boolean_return true + code code_script + only_if guard_script + sensitive if new_resource.sensitive + end +end + +action :delete do + load_gem + + cert_obj = fetch_cert + if cert_obj + converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do + delete_cert + end + else + Chef::Log.debug('Certificate not found') + end +end + +action :fetch do + load_gem + + cert_obj = fetch_cert + if cert_obj + show_or_store_cert(cert_obj) + else + Chef::Log.debug('Certificate not found') + end +end + +action :verify do + load_gem + + out = verify_cert + if !!out == out + out = out ? 'Certificate is valid' : 'Certificate not valid' + end + Chef::Log.info(out.to_s) +end + +action_class do + require 'openssl' + + # load the gem and rescue a gem install if it fails to load + def load_gem + gem 'win32-certstore', '>= 0.2.4' + require 'win32-certstore' # until this is in core chef + rescue LoadError + Chef::Log.debug('Did not find win32-certstore >= 0.2.4 gem installed. Installing now') + chef_gem 'win32-certstore' do + compile_time true + action :upgrade + end + + require 'win32-certstore' + end + + def add_cert(cert_obj) + store = ::Win32::Certstore.open(new_resource.store_name) + store.add(cert_obj) + end + + def add_pfx_cert + store = ::Win32::Certstore.open(new_resource.store_name) + store.add_pfx(new_resource.source, new_resource.pfx_password) + end + + def delete_cert + store = ::Win32::Certstore.open(new_resource.store_name) + store.delete(new_resource.source) + end + + def fetch_cert + store = ::Win32::Certstore.open(new_resource.store_name) + store.get(new_resource.source) + end + + # Checks whether a certificate with the given thumbprint + # is already present and valid in certificate store + # If the certificate is not present, verify_cert returns a String: "Certificate not found" + # But if it is present but expired, it returns a Boolean: false + # Otherwise, it returns a Boolean: true + def verify_cert(thumbprint = new_resource.source) + store = ::Win32::Certstore.open(new_resource.store_name) + store.valid?(thumbprint) + end + + def show_or_store_cert(cert_obj) + if new_resource.cert_path + export_cert(cert_obj, new_resource.cert_path) + if ::File.size(new_resource.cert_path) > 0 + Chef::Log.info("Certificate export in #{new_resource.cert_path}") + else + ::File.delete(new_resource.cert_path) + end + else + Chef::Log.info(cert_obj.display) + end + end + + def export_cert(cert_obj, cert_path) + out_file = ::File.new(cert_path, 'w+') + case ::File.extname(cert_path) + when '.pem' + out_file.puts(cert_obj.to_pem) + when '.der' + out_file.puts(cert_obj.to_der) + when '.cer' + cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout + out_file.puts(cert_out) + when '.crt' + cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout + out_file.puts(cert_out) + when '.pfx' + cert_out = powershell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout + out_file.puts(cert_out) + when '.p7b' + cert_out = powershell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout + out_file.puts(cert_out) + else + Chef::Log.info('Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b') + end + out_file.close + end + + def cert_location + @location ||= new_resource.user_store ? 'CurrentUser' : 'LocalMachine' + end + + def cert_script(persist) + cert_script = '$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2' + file = Chef::Util::PathHelper.cleanpath(new_resource.source) + cert_script << " \"#{file}\"" + if ::File.extname(file.downcase) == '.pfx' + cert_script << ", \"#{new_resource.pfx_password}\"" + if persist && new_resource.user_store + cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)' + elsif persist + cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeyset)' + end + end + cert_script << "\n" + end + + def cert_exists_script(hash) + <<-EOH +$hash = #{hash} +Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" + EOH + end + + def within_store_script + inner_script = yield '$store' + <<-EOH +$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location}) +$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) +#{inner_script} +$store.Close() + EOH + end + + def acl_script(hash) + return '' if new_resource.private_key_acl.nil? || new_resource.private_key_acl.empty? + + # this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx + # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx + set_acl_script = <<-EOH +$hash = #{hash} +$storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" +if ($storeCert -eq $null) { throw 'no key exists.' } +$keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName +if ($keyname -eq $null) { throw 'no private key exists.' } +if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore) +{ + $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname" +} +else +{ + $currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName) + $userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value + $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname" +} + EOH + new_resource.private_key_acl.each do |name| + set_acl_script << "$uname='#{name}'; icacls $fullpath /grant $uname`:RX\n" + end + set_acl_script + end + + # Method returns an OpenSSL::X509::Certificate object + # + # Based on its extension, the certificate contents are used to initialize + # PKCS12 (PFX), PKCS7 (P7B) objects which contains OpenSSL::X509::Certificate. + # + # @note Other then PEM, all the certificates are usually in binary format, and hence + # their contents are loaded by using File.binread + # + # @param ext [String] Extension of the certificate + # + # @return [OpenSSL::X509::Certificate] Object containing certificate's attributes + # + # @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate + # + def fetch_cert_object(ext) + contents = if binary_cert? + ::File.binread(new_resource.source) + else + ::File.read(new_resource.source) + end + + case ext + when '.pfx' + OpenSSL::PKCS12.new(contents, new_resource.pfx_password).certificate + when '.p7b' + OpenSSL::PKCS7.new(contents).certificates.first + else + OpenSSL::X509::Certificate.new(contents) + end + end + + # @return [Boolean] Whether the certificate file is binary encoded or not + # + def binary_cert? + powershell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == 'binary' + end +end diff --git a/ops/cookbooks/vendor/windows/resources/certificate_binding.rb b/ops/cookbooks/vendor/windows/resources/certificate_binding.rb new file mode 100644 index 0000000..df0aa44 --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/certificate_binding.rb @@ -0,0 +1,135 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook:: windows +# Resource:: certificate_binding +# +# Copyright:: 2015-2017, Calastone Ltd. +# Copyright:: 2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Chef::Mixin::PowershellOut +include Windows::Helper + +property :cert_name, String, name_property: true +property :name_kind, Symbol, equal_to: [:hash, :subject], default: :subject +property :address, String, default: '0.0.0.0' +property :port, Integer, default: 443 +property :app_id, String, default: '{4dc3e181-e14b-4a21-b022-59fc669b0914}' +property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST'] +property :exists, [true, false], desired_state: true + +load_current_value do |desired| + mode = desired.address.match(/(\d+\.){3}\d+|\[.+\]/).nil? ? 'hostnameport' : 'ipport' + cmd = shell_out("#{locate_sysnative_cmd('netsh.exe')} http show sslcert #{mode}=#{desired.address}:#{desired.port}") + Chef::Log.debug "netsh reports: #{cmd.stdout}" + + address desired.address + port desired.port + store_name desired.store_name + app_id desired.app_id + + if cmd.exitstatus == 0 + m = cmd.stdout.scan(/Certificate Hash\s+:\s?([A-Fa-f0-9]{40})/) + raise "Failed to extract hash from command output #{cmd.stdout}" if m.empty? + cert_name m[0][0] + name_kind :hash + exists true + else + exists false + end +end + +action :create do + hash = new_resource.name_kind == :subject ? hash_from_subject : new_resource.cert_name + + if current_resource.exists + needs_change = (hash.casecmp(current_resource.cert_name) != 0) + + if needs_change + converge_by("Changing #{current_resource.address}:#{current_resource.port}") do + delete_binding + add_binding hash + end + else + Chef::Log.debug("#{new_resource.address}:#{new_resource.port} already bound to #{hash} - nothing to do") + end + else + converge_by("Binding #{new_resource.address}:#{new_resource.port}") do + add_binding hash + end + end +end + +action :delete do + if current_resource.exists + converge_by("Deleting #{current_resource.address}:#{current_resource.port}") do + delete_binding + end + else + Chef::Log.debug("#{current_resource.address}:#{current_resource.port} not bound - nothing to do") + end +end + +action_class do + def netsh_command + locate_sysnative_cmd('netsh.exe') + end + + def add_binding(hash) + cmd = "#{netsh_command} http add sslcert" + mode = address_mode(current_resource.address) + cmd << " #{mode}=#{current_resource.address}:#{current_resource.port}" + cmd << " certhash=#{hash}" + cmd << " appid=#{current_resource.app_id}" + cmd << " certstorename=#{current_resource.store_name}" + check_hash hash + + shell_out!(cmd) + end + + def delete_binding + mode = address_mode(current_resource.address) + shell_out!("#{netsh_command} http delete sslcert #{mode}=#{current_resource.address}:#{current_resource.port}") + end + + def check_hash(hash) + p = powershell_out!("Test-Path \"cert:\\LocalMachine\\#{current_resource.store_name}\\#{hash}\"") + + unless p.stderr.empty? && p.stdout =~ /True/i + raise "A Cert with hash of #{hash} doesn't exist in keystore LocalMachine\\#{current_resource.store_name}" + end + nil + end + + def hash_from_subject + # escape wildcard subject name (*.acme.com) + subject = new_resource.cert_name.sub(/\*/, '`*') + ps_script = "& { gci cert:\\localmachine\\#{new_resource.store_name} | where { $_.subject -like '*#{subject}*' } | select -first 1 -expandproperty Thumbprint }" + + Chef::Log.debug "Running PS script #{ps_script}" + p = powershell_out!(ps_script) + + raise "#{ps_script} failed with #{p.stderr}" if !p.stderr.nil? && !p.stderr.empty? + raise "Couldn't find thumbprint for subject #{new_resource.cert_name}" if p.stdout.nil? || p.stdout.empty? + + # seem to get a UTF-8 string with BOM returned sometimes! Strip any such BOM + hash = p.stdout.strip + hash[0].ord == 239 ? hash.force_encoding('UTF-8').delete!("\xEF\xBB\xBF".force_encoding('UTF-8')) : hash + end + + def address_mode(address) + address.match(/(\d+\.){3}\d+|\[.+\]/).nil? ? 'hostnameport' : 'ipport' + end +end diff --git a/ops/cookbooks/vendor/windows/resources/dns.rb b/ops/cookbooks/vendor/windows/resources/dns.rb new file mode 100644 index 0000000..35b0274 --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/dns.rb @@ -0,0 +1,30 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Resource:: dns +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create, :delete +default_action :create + +attribute :host_name, kind_of: String, name_property: true, required: true +attribute :record_type, kind_of: String, default: 'A', regex: /^(?:A|CNAME)$/ +attribute :dns_server, kind_of: String, default: '.' +attribute :target, kind_of: [Array, String], required: true +attribute :ttl, kind_of: Integer, required: false, default: 0 + +attr_accessor :exists diff --git a/ops/cookbooks/vendor/windows/resources/http_acl.rb b/ops/cookbooks/vendor/windows/resources/http_acl.rb new file mode 100644 index 0000000..c675043 --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/http_acl.rb @@ -0,0 +1,109 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook:: windows +# Resource:: http_acl +# +# Copyright:: 2015-2017, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Windows::Helper + +property :url, String, name_property: true +property :user, String +property :sddl, String +property :exists, [true, false], desired_state: true + +# See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info + +load_current_value do |desired| + cmd_out = shell_out!("#{locate_sysnative_cmd('netsh.exe')} http show urlacl url=#{desired.url}").stdout + Chef::Log.debug "netsh reports: #{cmd_out}" + + if cmd_out.include? desired.url + exists true + url desired.url + # Checks first for sddl, because it generates user(s) + sddl_match = cmd_out.match(/SDDL:\s*(?\S+)/) + if sddl_match + sddl sddl_match['sddl'] + else + # if no sddl, tries to find a single user + user_match = cmd_out.match(/User:\s*(?.+)/) + user user_match['user'] + end + else + exists false + end +end + +action :create do + raise '`user` xor `sddl` can\'t be used together' if new_resource.user && new_resource.sddl + raise 'When provided user property can\'t be empty' if new_resource.user && new_resource.user.empty? + raise 'When provided sddl property can\'t be empty' if new_resource.sddl && new_resource.sddl.empty? + + if current_resource.exists + sddl_changed = ( + new_resource.sddl && + current_resource.sddl && + current_resource.sddl.casecmp(new_resource.sddl) != 0 + ) + user_changed = ( + new_resource.user && + current_resource.user && + current_resource.user.casecmp(new_resource.user) != 0 + ) + + if sddl_changed || user_changed + converge_by("Changing #{new_resource.url}") do + delete_acl + apply_acl + end + else + Chef::Log.debug("#{new_resource.url} already set - nothing to do") + end + else + converge_by("Setting #{new_resource.url}") do + apply_acl + end + end +end + +action :delete do + if current_resource.exists + converge_by("Deleting #{new_resource.url}") do + delete_acl + end + else + Chef::Log.debug("#{new_resource.url} does not exist - nothing to do") + end +end + +action_class do + def netsh_command + locate_sysnative_cmd('netsh.exe') + end + + def apply_acl + if current_resource.sddl + shell_out!("#{netsh_command} http add urlacl url=#{new_resource.url} sddl=\"#{new_resource.sddl}\"") + else + shell_out!("#{netsh_command} http add urlacl url=#{new_resource.url} user=\"#{new_resource.user}\"") + end + end + + def delete_acl + shell_out!("#{netsh_command} http delete urlacl url=#{new_resource.url}") + end +end diff --git a/ops/cookbooks/vendor/windows/resources/share.rb b/ops/cookbooks/vendor/windows/resources/share.rb new file mode 100644 index 0000000..9e5196b --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/share.rb @@ -0,0 +1,288 @@ +# +# Author:: Sölvi Páll Ásgeirsson () +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Author:: Tim Smith (tsmith@chef.io) +# Cookbook:: windows +# Resource:: share +# +# Copyright:: 2014-2017, Sölvi Páll Ásgeirsson. +# Copyright:: 2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_version_for_provides '< 14.7' if respond_to?(:chef_version_for_provides) +resource_name :windows_share + +require 'chef/json_compat' +require 'chef/util/path_helper' + +# Specifies a name for the SMB share. The name may be composed of any valid file name characters, but must be less than 80 characters long. The names pipe and mailslot are reserved for use by the computer. +property :share_name, String, name_property: true + +# Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted. +property :path, String + +# Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters. +property :description, String, default: '' + +# Specifies which accounts are granted full permission to access the share. Use a comma-separated list to specify multiple accounts. An account may not be specified more than once in the FullAccess, ChangeAccess, or ReadAccess parameter lists, but may be specified once in the FullAccess, ChangeAccess, or ReadAccess parameter list and once in the NoAccess parameter list. +property :full_users, Array, default: [], coerce: proc { |u| u.sort } + +# Specifies which users are granted modify permission to access the share +property :change_users, Array, default: [], coerce: proc { |u| u.sort } + +# Specifies which users are granted read permission to access the share. Multiple users can be specified by supplying a comma-separated list. +property :read_users, Array, default: [], coerce: proc { |u| u.sort } + +# Specifies the lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer. By default, new SMB shares are persistent, and non-temporary. +property :temporary, [true, false], default: false + +# Specifies the scope name of the share. +property :scope_name, String, default: '*' + +# Specifies the continuous availability time-out for the share. +property :ca_timeout, Integer, default: 0 + +# Indicates that the share is continuously available. +property :continuously_available, [true, false], default: false + +# Specifies the caching mode of the offline files for the SMB share. +# property :caching_mode, String, equal_to: %w(None Manual Documents Programs BranchCache) + +# Specifies the maximum number of concurrently connected users that the new SMB share may accommodate. If this parameter is set to zero (0), then the number of users is unlimited. +property :concurrent_user_limit, Integer, default: 0 + +# Indicates that the share is encrypted. +property :encrypt_data, [true, false], default: false + +# Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items. +# property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted) + +include Chef::Mixin::PowershellOut + +load_current_value do |desired| + # this command selects individual objects because EncryptData & CachingMode have underlying + # types that get converted to their Integer values by ConvertTo-Json & we need to make sure + # those get written out as strings + share_state_cmd = "Get-SmbShare -Name '#{desired.share_name}' | Select-Object Name,Path, Description, Temporary, CATimeout, ContinuouslyAvailable, ConcurrentUserLimit, EncryptData | ConvertTo-Json" + + Chef::Log.debug("Running '#{share_state_cmd}' to determine share state'") + ps_results = powershell_out(share_state_cmd) + + # detect a failure without raising and then set current_resource to nil + if ps_results.error? + Chef::Log.debug("Error fetching share state: #{ps_results.stderr}") + current_value_does_not_exist! + end + + Chef::Log.debug("The Get-SmbShare results were #{ps_results.stdout}") + results = Chef::JSONCompat.from_json(ps_results.stdout) + + path results['Path'] + description results['Description'] + temporary results['Temporary'] + ca_timeout results['CATimeout'] + continuously_available results['ContinuouslyAvailable'] + # caching_mode results['CachingMode'] + concurrent_user_limit results['ConcurrentUserLimit'] + encrypt_data results['EncryptData'] + # folder_enumeration_mode results['FolderEnumerationMode'] + + perm_state_cmd = %(Get-SmbShareAccess -Name "#{desired.share_name}" | Select-Object AccountName,AccessControlType,AccessRight | ConvertTo-Json) + + Chef::Log.debug("Running '#{perm_state_cmd}' to determine share permissions state'") + ps_perm_results = powershell_out(perm_state_cmd) + + # we raise here instead of warning like above because we'd only get here if the above Get-SmbShare + # command was successful and that continuing would leave us with 1/2 known state + raise "Could not determine #{desired.share_name} share permissions by running '#{perm_state_cmd}'" if ps_perm_results.error? + + Chef::Log.debug("The Get-SmbShareAccess results were #{ps_perm_results.stdout}") + + f_users, c_users, r_users = parse_permissions(ps_perm_results.stdout) + + full_users f_users + change_users c_users + read_users r_users +end + +def after_created + raise 'The windows_share resource relies on PowerShell cmdlets not present in Windows releases prior to 8/2012. Cannot continue!' if node['platform_version'].to_f < 6.3 +end + +# given the string output of Get-SmbShareAccess parse out +# arrays of full access users, change users, and read only users +def parse_permissions(results_string) + json_results = Chef::JSONCompat.from_json(results_string) + json_results = [json_results] unless json_results.is_a?(Array) # single result is not an array + + f_users = [] + c_users = [] + r_users = [] + + json_results.each do |perm| + next unless perm['AccessControlType'] == 0 # allow + case perm['AccessRight'] + when 0 then f_users << stripped_account(perm['AccountName']) # 0 full control + when 1 then c_users << stripped_account(perm['AccountName']) # 1 == change + when 2 then r_users << stripped_account(perm['AccountName']) # 2 == read + end + end + [f_users, c_users, r_users] +end + +# local names are returned from Get-SmbShareAccess in the full format MACHINE\\NAME +# but users of this resource would simply say NAME so we need to strip the values for comparison +def stripped_account(name) + name.slice!("#{node['hostname']}\\") + name +end + +action :create do + # we do this here instead of requiring the property because :delete doesn't need path set + raise 'No path property set' unless new_resource.path + + converge_if_changed do + # you can't actually change the path so you have to delete the old share first + if different_path? + Chef::Log.debug('The path has changed so we will delete and recreate share') + delete_share + create_share + elsif current_resource.nil? + # powershell cmdlet for create is different than updates + Chef::Log.debug('The current resource is nil so we will create a new share') + create_share + else + Chef::Log.debug('The current resource was not nil so we will update an existing share') + update_share + end + + # creating the share does not set permissions so we need to update + update_permissions + end +end + +action :delete do + if current_resource.nil? + Chef::Log.debug("#{new_resource.share_name} does not exist - nothing to do") + else + converge_by("delete #{new_resource.share_name}") do + delete_share + end + end +end + +action_class do + def different_path? + return false if current_resource.nil? # going from nil to something isn't different for our concerns + return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path) + true + end + + def delete_share + delete_command = "Remove-SmbShare -Name '#{new_resource.share_name}' -Force" + + Chef::Log.debug("Running '#{delete_command}' to remove the share") + powershell_out!(delete_command) + end + + def update_share + update_command = "Set-SmbShare -Name '#{new_resource.share_name}' -Description '#{new_resource.description}' -Force" + + Chef::Log.debug("Running '#{update_command}' to update the share") + powershell_out!(update_command) + end + + def create_share + raise "#{new_resource.path} is missing or not a directory. Shares cannot be created if the path doesn't first exist." unless ::File.directory? new_resource.path + + share_cmd = "New-SmbShare -Name '#{new_resource.share_name}' -Path '#{Chef::Util::PathHelper.cleanpath(new_resource.path)}' -Description '#{new_resource.description}' -ConcurrentUserLimit #{new_resource.concurrent_user_limit} -CATimeout #{new_resource.ca_timeout} -EncryptData:#{bool_string(new_resource.encrypt_data)} -ContinuouslyAvailable:#{bool_string(new_resource.continuously_available)}" + share_cmd << " -ScopeName #{new_resource.scope_name}" unless new_resource.scope_name == '*' # passing * causes the command to fail + share_cmd << " -Temporary:#{bool_string(new_resource.temporary)}" if new_resource.temporary # only set true + + Chef::Log.debug("Running '#{share_cmd}' to create the share") + powershell_out!(share_cmd) + + # New-SmbShare adds the "Everyone" user with read access no matter what so we need to remove it + # before we add our permissions + revoke_user_permissions(['Everyone']) + end + + # determine what users in the current state don't exist in the desired state + # users/groups will have their permissions updated with the same command that + # sets it, but removes must be performed with Revoke-SmbShareAccess + def users_to_revoke + @users_to_revoke ||= begin + # if the resource doesn't exist then nothing needs to be revoked + if current_resource.nil? + [] + else # if it exists then calculate the current to new resource diffs + (current_resource.full_users + current_resource.change_users + current_resource.read_users) - (new_resource.full_users + new_resource.change_users + new_resource.read_users) + end + end + end + + # update existing permissions on a share + def update_permissions + # revoke any users that had something, but now has nothing + revoke_user_permissions(users_to_revoke) unless users_to_revoke.empty? + + # set permissions for each of the permission types + %w(full read change).each do |perm_type| + # set permissions for a brand new share OR + # update permissions if the current state and desired state differ + next unless permissions_need_update?(perm_type) + grant_command = "Grant-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{new_resource.send("#{perm_type}_users").join('","')}\" -Force -AccessRight #{perm_type}" + + Chef::Log.debug("Running '#{grant_command}' to update the share permissions") + powershell_out!(grant_command) + end + end + + # determine if permissions need to be updated. + # Brand new share with no permissions defined: no + # Brand new share with permissions defined: yes + # Existing share with differing permissions: yes + # + # @param [String] type the permissions type (Full, Read, or Change) + def permissions_need_update?(type) + property_name = "#{type}_users" + + # brand new share, but nothing to set + return false if current_resource.nil? && new_resource.send(property_name).empty? + + # brand new share with new permissions to set + return true if current_resource.nil? && !new_resource.send(property_name).empty? + + # there's a difference between the current and desired state + return true unless (new_resource.send(property_name) - current_resource.send(property_name)).empty? + + # anything else + false + end + + # revoke user permissions from a share + # @param [Array] users + def revoke_user_permissions(users) + revoke_command = "Revoke-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{users.join('","')}\" -Force" + Chef::Log.debug("Running '#{revoke_command}' to revoke share permissions") + powershell_out!(revoke_command) + end + + # convert True/False into "$True" & "$False" + def bool_string(bool) + # bool ? 1 : 0 + bool ? '$true' : '$false' + end +end diff --git a/ops/cookbooks/vendor/windows/resources/user_privilege.rb b/ops/cookbooks/vendor/windows/resources/user_privilege.rb new file mode 100644 index 0000000..2264ded --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/user_privilege.rb @@ -0,0 +1,40 @@ +# +# Author:: Jared Kauppila () +# Cookbook:: windows +# Resource:: user_privilege +# + +property :principal, String, name_property: true +property :privilege, [Array, String], required: true, coerce: proc { |v| [*v].sort } + +action :add do + ([*new_resource.privilege] - [*current_resource.privilege]).each do |user_right| + converge_by("adding user privilege #{user_right}") do + Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal, user_right) + end + end +end + +action :remove do + if Gem::Version.new(Chef::VERSION) < Gem::Version.new('14.4.10') + Chef::Log.warn('Chef 14.4.10 is required to use windows_privilege remove action') + else + curr_res_privilege = current_resource.privilege + new_res_privilege = new_resource.privilege + missing_res_privileges = (new_res_privilege - curr_res_privilege) + + if missing_res_privileges + Chef::Log.info("Privilege: #{missing_res_privileges.join(', ')} not present. Unable to delete") + end + + (new_res_privilege - missing_res_privileges).each do |user_right| + converge_by("removing user privilege #{user_right}") do + Chef::ReservedNames::Win32::Security.remove_account_right(new_resource.principal, user_right) + end + end + end +end + +load_current_value do |desired| + privilege Chef::ReservedNames::Win32::Security.get_account_right(desired.principal) +end diff --git a/ops/cookbooks/vendor/windows/resources/zipfile.rb b/ops/cookbooks/vendor/windows/resources/zipfile.rb new file mode 100644 index 0000000..424717b --- /dev/null +++ b/ops/cookbooks/vendor/windows/resources/zipfile.rb @@ -0,0 +1,127 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Author:: Wade Peacock () +# Cookbook:: windows +# Resource:: zipfile +# +# Copyright:: 2010-2017, VMware, Inc. +# Copyright:: 2011-2018, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/util/path_helper' + +property :path, String, name_property: true +property :source, String +property :overwrite, [true, false], default: false +property :checksum, String + +action :unzip do + ensure_rubyzip_gem_installed + Chef::Log.debug("unzip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})") + + cache_file_path = if new_resource.source =~ %r{^(file|ftp|http|https):\/\/} # http://rubular.com/r/DGoIWjLfGI + uri = as_uri(new_resource.source) + local_cache_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}" + Chef::Log.debug("Caching a copy of file #{new_resource.source} at #{cache_file_path}") + + remote_file local_cache_path do + source new_resource.source + backup false + checksum new_resource.checksum unless new_resource.checksum.nil? + end + + local_cache_path + else + new_resource.source + end + + cache_file_path = Chef::Util::PathHelper.cleanpath(cache_file_path) + + converge_by("unzip #{new_resource.source}") do + ruby_block 'Unzipping' do + block do + Zip::File.open(cache_file_path) do |zip| + zip.each do |entry| + path = ::File.join(new_resource.path, entry.name) + FileUtils.mkdir_p(::File.dirname(path)) + if new_resource.overwrite && ::File.exist?(path) && !::File.directory?(path) + FileUtils.rm(path) + end + zip.extract(entry, path) unless ::File.exist?(path) + end + end + end + action :run + end + end +end + +action :zip do + ensure_rubyzip_gem_installed + # sanitize paths for windows. + new_resource.source.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR) + new_resource.path.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR) + Chef::Log.debug("zip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})") + + if new_resource.overwrite == false && ::File.exist?(new_resource.path) + Chef::Log.info("file #{new_resource.path} already exists and overwrite is set to false, exiting") + else + # delete the archive if it already exists, because we are recreating it. + if ::File.exist?(new_resource.path) + converge_by("delete existing file at #{new_resource.path}") do + ::File.unlink(new_resource.path) + end + end + + # only supporting compression of a single directory (recursively). + if ::File.directory?(new_resource.source) + converge_by("zipping #{new_resource.source} to #{new_resource.path}") do + z = Zip::File.new(new_resource.path, true) + unless new_resource.source =~ /::File::ALT_SEPARATOR$/ + new_resource.source << ::File::ALT_SEPARATOR + end + Find.find(new_resource.source) do |f| + f.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR) + # don't add root directory to the zipfile. + next if f == new_resource.source + # strip the root directory from the filename before adding it to the zipfile. + zip_fname = f.sub(new_resource.source, '') + Chef::Log.debug("adding #{zip_fname} to archive, sourcefile is: #{f}") + z.add(zip_fname, f) + end + z.close + end + else + Chef::Log.info("Single directory must be specified for compression, and #{new_resource.source} does not meet that criteria.") + end + end +end + +action_class do + include Windows::Helper + require 'find' + + def ensure_rubyzip_gem_installed + require 'zip' + rescue LoadError + Chef::Log.info("Missing gem 'rubyzip'...installing now.") + chef_gem 'rubyzip' do + action :install + compile_time true + end + require 'zip' + end +end diff --git a/ops/roles/common.rb b/ops/roles/common.rb new file mode 100644 index 0000000..a468dbc --- /dev/null +++ b/ops/roles/common.rb @@ -0,0 +1,13 @@ +name :common +description "A basic role" + +run_list( + # "recipe[t42-common::postgres]", + # "recipe[t42-common::redis]", + # "recipe[t42-common::nodejs]", + # "recipe[t42-common::python]", + "recipe[t42-common::apache]", + # "recipe[t42-common::openresty]", + "recipe[t42-common::php]", + "recipe[t42-common::mysql]", +) \ No newline at end of file