wmantly/vpn-p2p
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vagrant and chef install everything

Browse Source
This commit is contained in:
William Mantly
2019-09-02 16:48:23 -04:00
parent 4fb554add5
commit f1809bef83
268 changed files with 16021 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/.kitchen.yml vendored Normal file
View File

@ -0,0 +1,21 @@
---
driver:
name: vagrant
synced_folders:
- [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data']
provisioner:
name: chef_zero
encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton'
data_bags_path: './data_bags'
product_name: chefdk
platforms:
- name: ubuntu-16.04
- name: centos-7
suites:
- name: default
run_list:
- recipe[test]
attributes:

7
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/Berksfile vendored Normal file
View File

@ -0,0 +1,7 @@
source 'https://supermarket.chef.io'
metadata
group :delivery do
cookbook 'test', path: './test/fixtures/cookbooks/test'
end

3
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/LICENSE vendored Normal file
View File

@ -0,0 +1,3 @@
Copyright 2019 The Authors
All rights reserved, do not redistribute.

146
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/README.md vendored Normal file
View File

@ -0,0 +1,146 @@
# build_cookbook
A build cookbook for running the parent project through Chef Delivery
This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline.
## .delivery/config.json
In the parent directory to this build_cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration.
## Test Kitchen - Local Verify Testing
This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project.
Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build_cookbook`), and run:
```
kitchen test
```
## Recipes
Each of the recipes in this build_cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section.
## Making Changes - Cookbook Example
When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent.
First, create a new branch for the changes.
```
git checkout -b testing-build-cookbook
```
Next, increment the version in the metadata.rb. This should be in the _parent_, not in this, the build_cookbook. If this is not done, the verify phase will fail.
```
% git diff
<SNIP>
-version '0.1.0'
+version '0.1.1'
```
The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`.
```ruby
require 'spec_helper'
describe 'godzilla::default' do
context 'When all attributes are default, on Ubuntu 16.04' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04')
runner.converge(described_recipe)
end
it 'installs zsh' do
expect(chef_run).to install_package('zsh')
end
end
end
```
Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository.
```
git add ../..
git commit -m 'WIP: Testing changes'
```
From _this_ directory (`.delivery/build_cookbook`, relative to the parent cookbook project), run
```
cd .delivery/build_cookbook
kitchen converge
```
This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`.
```
cd ../../
$EDITOR/recipes/default.rb
```
It should look like this:
```
package 'zsh'
```
Create another commit.
```
git add .
git commit -m 'WIP: Install zsh in default recipe'
```
Now rerun kitchen from the build_cookbook.
```
cd .delivery/build_cookbook
kitchen converge
```
This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break.
```
Recipe: test::default
- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen
* execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run
- execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen
- execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen
Running handlers:
Running handlers complete
Chef Client finished, 3/32 resources updated in 54.665445968 seconds
Finished converging <default-centos-71> (1m26.83s).
```
Victory is ours! Our verify phase passed on the build nodes.
We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added.
```
cd ../..
delivery review
```
## FAQ
### Why don't I just run rspec and foodcritic/rubocop on my local system?
An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery.
### Why do I have to make a commit every time?
When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery.
### What do I do next?
Make changes in the cookbook project as required for organizational goals and needs. Modify the `build_cookbook` as necessary for the pipeline phases that the cookbook should go through.
### What if I get stuck?
Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck.

104
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/chefignore vendored Normal file
View File

@ -0,0 +1,104 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
kitchen.yml*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
# Vagrant #
###########
.vagrant
Vagrantfile

1
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json vendored Normal file
View File

@ -0,0 +1 @@
{"id": "delivery_builder_keys"}

8
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/metadata.rb vendored Normal file
View File

@ -0,0 +1,8 @@
name 'build_cookbook'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'all_rights'
version '0.1.0'
chef_version '>= 13.0'
depends 'delivery-truck'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/default.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: default
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::default'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/deploy.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: deploy
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::deploy'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/functional.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: functional
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::functional'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/lint.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: lint
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::lint'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/provision.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: provision
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::provision'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/publish.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: publish
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::publish'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/quality.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: quality
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::quality'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/security.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: security
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::security'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/smoke.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: smoke
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::smoke'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/syntax.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: syntax
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::syntax'

6
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/recipes/unit.rb vendored Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: unit
#
# Copyright:: 2019, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::unit'

0
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/secrets/fakey-mcfakerton vendored Normal file
View File

2
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb vendored Normal file
View File

@ -0,0 +1,2 @@
name 'test'
version '0.1.0'

9
ops/cookbooks/vendor/t42-common/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb vendored Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
%w(unit lint syntax).each do |phase|
# TODO: This works on Linux/Unix. Not Windows.
execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do
cwd '/tmp/repo-data'
user 'vagrant'
environment('GIT_DISCOVERY_ACROSS_FILESYSTEM' => '1')
end
end

17
ops/cookbooks/vendor/t42-common/.delivery/config.json vendored Normal file
View File

@ -0,0 +1,17 @@
{
"version": "2",
"build_cookbook": {
"name": "build_cookbook",
"path": ".delivery/build_cookbook"
},
"delivery-truck": {
"lint": {
"enable_cookstyle": true
}
},
"skip_phases": [],
"job_dispatch": {
"version": "v2"
},
"dependencies": []
}

36
ops/cookbooks/vendor/t42-common/.delivery/project.toml vendored Normal file
View File

@ -0,0 +1,36 @@
# Delivery Prototype for Local Phases Execution
#
# The purpose of this file is to prototype a new way to execute
# phases locally on your workstation. The delivery-cli will read
# this file and execute the command(s) that are configured for
# each phase. You can customize them by just modifying the phase
# key on this file.
#
# By default these phases are configured for Cookbook Workflow only
#
# As this is still a prototype we are not modifying the current
# config.json file and it will continue working as usual.
[local_phases]
unit = "chef exec rspec spec/"
lint = "chef exec cookstyle"
# Foodcritic includes rules only appropriate for community cookbooks
# uploaded to Supermarket. We turn off any rules tagged "supermarket"
# by default. If you plan to share this cookbook you should remove
# '-t ~supermarket' below to enable supermarket rules.
syntax = "chef exec foodcritic . -t ~supermarket"
provision = "chef exec kitchen create"
deploy = "chef exec kitchen converge"
smoke = "chef exec kitchen verify"
# The functional phase is optional, you can define it by uncommenting
# the line below and running the command: `delivery local functional`
# functional = ""
cleanup = "chef exec kitchen destroy"
# Remote project.toml file
#
# Specify a remote URI location for the `project.toml` file.
# This is useful for teams that wish to centrally manage the behavior
# of the `delivery local` command across many different projects.
#
# remote_file = "https://url/project.toml"

3
ops/cookbooks/vendor/t42-common/LICENSE vendored Normal file
View File

@ -0,0 +1,3 @@
Copyright 2019 The Authors
All rights reserved, do not redistribute.

4
ops/cookbooks/vendor/t42-common/README.md vendored Normal file
View File

@ -0,0 +1,4 @@
# t42-common
TODO: Enter the cookbook description here.

0
ops/cookbooks/vendor/t42-common/attributes/apache.rb vendored Normal file
View File

6
ops/cookbooks/vendor/t42-common/attributes/mysql.rb vendored Normal file
View File

@ -0,0 +1,6 @@
require 'securerandom'
node.default['db']['name'] = "#{node['app']['name']}"
node.default['db']['user'] = "#{node['app']['name']}"
node.default['db']['root_password'] = SecureRandom.hex(13)
node.default['db']['password'] = SecureRandom.hex(13)

5
ops/cookbooks/vendor/t42-common/attributes/nodejs.rb vendored Normal file
View File

@ -0,0 +1,5 @@
default['nodejs']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/node"
default['NodeJS']['install_version'] = 12
default['NodeJS']['working-dir'] = 'src/nodejs'
default['NodeJS']['exec_file'] = 'app.js'
default['NodeJS']['port'] = '8001'

5
ops/cookbooks/vendor/t42-common/attributes/postgres.rb vendored Normal file
View File

@ -0,0 +1,5 @@
require 'securerandom'
default['db']['name'] = node['app']['name']
default['db']['user'] = node['app']['name']
default['db']['password'] = SecureRandom.hex(13)

3
ops/cookbooks/vendor/t42-common/attributes/python.rb vendored Normal file
View File

@ -0,0 +1,3 @@
default['python']['env_path'] = "/opt/theta42/#{node['app']['name']}/env/python"
default['python']['version'] = '3.6'
default['python']['pip_requirements_path'] = 'requirements.txt'

1
ops/cookbooks/vendor/t42-common/attributes/redis.rb vendored Normal file
View File

@ -0,0 +1 @@
default['redis']['unix']['path'] = '/var/run/redis/redis.sock'

104
ops/cookbooks/vendor/t42-common/chefignore vendored Normal file
View File

@ -0,0 +1,104 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
kitchen.yml*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
# Vagrant #
###########
.vagrant
Vagrantfile

37
ops/cookbooks/vendor/t42-common/metadata.json vendored Normal file
View File

@ -0,0 +1,37 @@
{
"name": "t42-common",
"description": "Installs/Configures t42-common",
"long_description": "Installs/Configures t42-common",
"maintainer": "The Authors",
"maintainer_email": "you@example.com",
"license": "All Rights Reserved",
"platforms": {
},
"dependencies": {
"nodejs": ">= 0.0.0",
"postgresql": ">= 0.0.0",
"mysql": ">= 0.0.0"
},
"providing": {
},
"recipes": {
},
"version": "0.4.8",
"source_url": "",
"issues_url": "",
"privacy": false,
"chef_versions": [
[
">= 13.0"
]
],
"ohai_versions": [
],
"gems": [
]
}

24
ops/cookbooks/vendor/t42-common/metadata.rb vendored Normal file
View File

@ -0,0 +1,24 @@
name 't42-common'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'All Rights Reserved'
description 'Installs/Configures t42-common'
long_description 'Installs/Configures t42-common'
version '0.4.8'
chef_version '>= 13.0'
depends 'nodejs'
depends 'postgresql'
depends 'mysql'
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/t42-common/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/t42-common'

52
ops/cookbooks/vendor/t42-common/recipes/apache.rb vendored Normal file
View File

@ -0,0 +1,52 @@
[
'apache2',
'apache2-dev',
'libapache2-mod-wsgi-py3',
].each do |pkg|
apt_package pkg
end
file '/etc/apache2/sites-enabled/000-default.conf' do
action :delete
end
execute 'enable apache mods' do
command 'a2enmod expires'
end
if node['web']['do_ssl']
apt_repository 'certbot apt repo' do
uri 'ppa:certbot/certbot'
repo_name 'ppa-certbot'
deb_src true
action :add
end
apt_update
[
'software-properties-common',
'certbot',
'python-certbot-apache',
].each do |pkg|
apt_package pkg
end
execute 'apache certbot' do
command "sudo certbot certonly --standalone -d #{node['app']['domain']} --non-interactive --agree-tos --email #{node['web']['admin_email']}"
end
end
if node['web']['socket.io']
execute 'enable apache mods' do
command 'a2enmod rewrite; a2enmod proxy_wstunnel; a2enmod proxy_http'
end
end
template '/etc/apache2/sites-enabled/000-server.conf' do
source 'apache/vhost.conf.erb'
end
systemd_unit 'apache2.service' do
action :restart
end

21
ops/cookbooks/vendor/t42-common/recipes/mysql.rb vendored Normal file
View File

@ -0,0 +1,21 @@
mysql_service node['app']['name'] do
# version '5.7'
bind_address node['db']['bind_address']
port node['db']['port']
# data_dir '/data'
initial_root_password node['db']['root_password']
action [:create, :start]
end
bash 'Make mysql Database and User' do
code <<~EOH
mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "CREATE DATABASE '#{node['db']['name']}' /*\!40100 DEFAULT CHARACTER SET utf8 */;"
mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "CREATE USER '#{node['db']['user']}'@localhost IDENTIFIED BY '#{node['db']['password']}';"
mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "GRANT ALL PRIVILEGES ON '#{node['db']['name']}'.* TO '#{node['db']['user']}'@'%';"
mysql -h 127.0.0.1 -uroot -p"#{node['db']['root_password']}" -e "FLUSH PRIVILEGES;"
EOH
not_if "mysql -h 127.0.0.1 -uroot -p\"#{node['db']['root_password']}\" -e 'use #{node['db']['name']}'"
end

66
ops/cookbooks/vendor/t42-common/recipes/nodejs.rb vendored Normal file
View File

@ -0,0 +1,66 @@
version_map = {
8 => {
'version' => '8.16.1',
'url' => 'https://nodejs.org/dist/v8.16.1/node-v8.16.1-linux-x64.tar.gz',
'checksum' => '8ef575b64edbb6c04e506d8c8e0c5f92b90f4752841892c5adbb3a1e02863f46'
},
10 => {
'version' => '10.16.3',
'url' => 'https://nodejs.org/dist/v10.16.3/node-v10.16.3-linux-x64.tar.gz',
'checksum' => '2f0397bb81c1d0c9901b9aff82a933257bf60f3992227b86107111a75b9030d9'
},
12 => {
'version' => '12.9.1',
'url' => 'https://nodejs.org/dist/v12.9.1/node-v12.9.1-linux-x64.tar.gz',
'checksum' => '5488e9d9e860eb344726aabdc8f90d09e36602da38da3d16a7ee852fd9fbd91f'
}
}
unless node['nodejs']['working-dir'][0] == '/'
node.override['nodejs']['working-dir'] = "#{node['working-dir']}/#{node['nodejs']['working-dir']}"
end
unless version_map.key?(node['nodejs']['install_version'])
raise <<~EOH
Unsupported NodeJS version #{node['nodejs']['install_version']}.
Supports #{version_map.keys}.
EOH
end
set_version = version_map[node['nodejs']['install_version']]
node.default['nodejs']['install_method'] = 'binary'
node.default['nodejs']['version'] = set_version['version'].to_str
node.default['nodejs']['binary']['url'] = set_version['url']
node.default['nodejs']['binary']['checksum'] = set_version['checksum']
node.default['nodejs']['env_path'] = "/home/#{node['app']['run_user']}/app/#{node['app']['name']}/env/node"
include_recipe "nodejs"
directory node['nodejs']['env_path'] do
owner node['app']['run_user']
group node['app']['run_user']
mode 0755
recursive true
end
file "#{node['nodejs']['env_path']}/package.json" do
owner node['app']['run_user']
group node['app']['run_user']
mode 0755
content ::File.open("#{node['nodejs']['working-dir']}/package.json").read
action :create
end
execute 'Install NPM package.json' do
cwd node['nodejs']['env_path']
user node['app']['run_user']
group node['app']['run_user']
environment ({'HOME' => "/home/#{node['app']['run_user']}"})
command "npm --prefix #{node['nodejs']['env_path']} --python=\"`which python2.7`\" install #{node['nodejs']['env_path']}"
end
directory "/var/log/node/#{node['app']['name']}" do
recursive true
end

64
ops/cookbooks/vendor/t42-common/recipes/openresty.rb vendored Normal file
View File

@ -0,0 +1,64 @@
# apt_repository 'open resty repo' do
# uri 'http://openresty.org/package/ubuntu'
# key 'https://openresty.org/package/pubkey.gpg'
# components ['main']
# end
apt_package 'software-properties-common'
execute 'add key' do
command 'wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -'
end
execute 'add repo' do
command 'add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"; apt update'
end
apt_package 'openresty'
if node['web']['do_ssl']
apt_package 'luarocks'
execute 'install lua-resty-auto-ssl' do
command 'luarocks install lua-resty-auto-ssl'
end
directory '/etc/ssl' do
mode '0755'
action :create
end
execute 'defualt ssl' do
command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt"
end
execute 'defualt ssl' do
command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt"
end
template '/etc/openresty/autossl.conf' do
source 'autossl.conf.erb'
end
end
template '/etc/openresty/nginx.conf' do
source 'nginx.conf.erb'
end
directory '/etc/openresty/sites-enabled' do
mode '0755'
action :create
end
directory '/var/log/nginx/' do
mode '0775'
action :create
end
template '/etc/openresty/sites-enabled/host.conf' do
source 'host.conf.erb'
end
systemd_unit 'openresty' do
action :reload
end

14
ops/cookbooks/vendor/t42-common/recipes/php.rb vendored Normal file
View File

@ -0,0 +1,14 @@
unless node['php']['working-dir'][0] == '/'
node.override['php']['working-dir'] = "#{node['working-dir']}/#{node['php']['working-dir']}"
end
[
'php',
'libapache2-mod-php',
].each do |pkg|
apt_package pkg
end
systemd_unit 'apache2.service' do
action :restart
end

49
ops/cookbooks/vendor/t42-common/recipes/postgres.rb vendored Normal file
View File

@ -0,0 +1,49 @@
execute 'add key' do
command 'wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -'
end
execute 'add repo' do
command 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
end
apt_update 'update' do
end.run_action(:update) if platform_family?('debian')
postgresql_server_install 'My PostgreSQL Server install' do
initdb_locale 'en_US.utf8'
action :install
end
postgresql_server_install 'Setup my PostgreSQL 9.6 server' do
initdb_locale 'en_US.utf8'
action :create
end
postgresql_access 'local_postgres_superuser' do
comment 'Local postgres superuser access'
access_type 'local'
access_db 'all'
access_user 'postgres'
access_addr nil
access_method 'ident'
end
postgresql_user 'DB user' do
create_user node['db']['user']
password node['db']['password']
createrole true
end
# Hack for creating a database, this cook book is broken with debian...
execute 'add database' do
command "createdb #{node['db']['name']}"
user 'postgres'
not_if "psql -lqt | grep -w \"#{node['db']['name']}\"", :user => 'postgres'
end
execute 'Grant DB user' do
command "echo \"grant all privileges on database #{node['db']['name']} to #{node['db']['user']} ;\" | psql"
user 'postgres'
end

40
ops/cookbooks/vendor/t42-common/recipes/python.rb vendored Normal file
View File

@ -0,0 +1,40 @@
apt_repository 'Python apt repo' do
uri 'ppa:deadsnakes/ppa'
repo_name 'ppa-deadsnakes'
deb_src true
action :add
end
apt_update
pip_version = node['python']['version'][0] == 2 ? '' : '3'
[
"python#{node['python']['version']}",
"python#{node['python']['version']}-dev",
"python#{pip_version}-pip",
].each do |pkg|
apt_package pkg
end
if node['python']['working-dir']
unless node['python']['working-dir'][0] == '/'
node.override['python']['working-dir'] = "#{node['working-dir']}/#{node['python']['working-dir']}"
end
execute 'Install virtual' do
command "pip#{node['python']['version'][0]} install virtualenv"
end
bash 'Install python requirements file' do
# user 'root'
# cwd '/mydir'
code <<~EOH
virtualenv #{node['python']['env_path']}
source #{node['python']['env_path']}/bin/activate
pip install -r #{node['python']['working-dir']}/#{node['python']['pip_requirements_path']}
EOH
end
end

19
ops/cookbooks/vendor/t42-common/recipes/redis.rb vendored Normal file
View File

@ -0,0 +1,19 @@
apt_package 'redis-server'
template '/etc/redis/local.conf' do
source 'redis/local.conf'
end
if node['redis']['unix']['perm']
bash 'append_to_config' do
user 'root'
code <<~EOF
echo "include /etc/redis/local.conf" >> /etc/redis/redis.conf
EOF
not_if 'grep -q "/etc/redis/local.conf" /etc/redis/redis.conf'
end
end
systemd_unit 'redis-server.service' do
action :restart
end

85
ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb vendored Normal file
View File

@ -0,0 +1,85 @@
<VirtualHost *:80>
ServerName www.<%= node['app']['domain'] %>
Redirect permanent / http://<%= node['app']['domain'] %>/
</VirtualHost>
<% if node['web']['do_ssl'] %>
<VirtualHost *:443>
ServerName www.<%= node['app']['domain'] %>
Redirect permanent / https://<%= node['app']['domain'] %>/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/privkey.pem
</VirtualHost>
<VirtualHost *:443>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/privkey.pem
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Allow from all
</Location>
<Location /server-info>
SetHandler server-info
Order Deny,Allow
Allow from all
</Location>
<% else %>
<VirtualHost *:80>
<% end %>
ServerName <%= node['app']['domain'] %>
<IfModule mod_expires.c>
<FilesMatch "\.(jpe?g|png|gif|js|css)$">
ExpiresActive On
ExpiresDefault "access plus 1 week"
</FilesMatch>
</IfModule>
<% if node['web']['root'] %>
DocumentRoot <%= node['web']['root'] %>
<Directory <%= node['web']['root'] %>/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<% end -%>
<% if node['web']['static'] %>
<% node['web']['static'].each do |static| -%>
Alias <%= static['uri'] %> <%= node['working-dir'] %>/<%= static['path'] %>
<% end -%>
<% end -%>
<% if node['web']['wsgi'] %>
WSGIDaemonProcess <%= node['app']['name'] %> python-path=<%= node['python']['working-dir'] %> python-home=<%= node['python']['env_path'] %>
WSGIProcessGroup <%= node['app']['name'] %>
WSGIScriptAlias / <%= node['working-dir'] %>/<%= node['web']['wsgi']['wsgi_path'] %>
<Directory "<%= node['working-dir'] %>">
Require all granted
</Directory>
<% end %>
<% if node['web']['socket.io'] %>
# socket.io conf
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>%{REQUEST_URI} [P]
RewriteCond %{REQUEST_URI} ^/socket.io/$1/websocket [NC]
RewriteRule socket.io/(.*) ws://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io/$1 [P,L]
ProxyPass /socket.io http://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io
ProxyPassReverse /socket.io http://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io
<% end %>
</VirtualHost>

17
ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb vendored Normal file
View File

@ -0,0 +1,17 @@
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

75
ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb vendored Normal file
View File

@ -0,0 +1,75 @@
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
client_max_body_size 4g;
lua_shared_dict auto_ssl 100m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.4.4 8.8.8.8;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 127.0.0.1:8999;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include sites-enabled/*;
}

28
ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb vendored Normal file
View File

@ -0,0 +1,28 @@
server {
listen 80;
<% if node['web']['do_ssl'] %>
listen 443 ssl;
<% end %>
server_name <%= node['app']['domain'] %>;
<% if node['web']['do_ssl'] %>
include autossl.conf;
<% end %>
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
}
access_log /var/log/nginx/<%= node['app']['name'] %>.access.log;
error_log /var/log/nginx/<%= node['app']['name'] %>.error.log;
}

7
ops/cookbooks/vendor/t42-common/templates/redis/local.conf vendored Normal file
View File

@ -0,0 +1,7 @@
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket <%= node['redis']['unix']['path'] %>
unixsocketperm <%= node['redis']['unix']['perm'] %>