From 467d0873de03be801f01a99b4524ffd1c979c2a6 Mon Sep 17 00:00:00 2001 From: jjhua Date: Tue, 12 Nov 2013 10:24:04 -0500 Subject: [PATCH] add the openstack-chef-cookbook for grizzly --- .../cookbooks/apache2/.rubocop.yml | 15 + .../cookbooks/apache2/.travis.yml | 9 + .../grizzly-xcat/cookbooks/apache2/Berksfile | 7 + .../cookbooks/apache2/CHANGELOG.md | 198 + .../cookbooks/apache2/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/apache2/Gemfile | 23 + .../grizzly-xcat/cookbooks/apache2/LICENSE | 201 + .../grizzly-xcat/cookbooks/apache2/README.md | 586 ++ .../grizzly-xcat/cookbooks/apache2/TESTING.md | 53 + .../cookbooks/apache2/attributes/default.rb | 177 + .../apache2/attributes/mod_auth_cas.rb | 21 + .../apache2/attributes/mod_auth_openid.rb | 33 + .../apache2/attributes/mod_fastcgi.rb | 20 + .../cookbooks/apache2/attributes/mod_ssl.rb | 20 + .../apache2/definitions/apache_conf.rb | 26 + .../apache2/definitions/apache_module.rb | 51 + .../apache2/definitions/apache_site.rb | 43 + .../cookbooks/apache2/definitions/web_app.rb | 48 + .../default/apache2_module_conf_generate.pl | 41 + .../default/tests/minitest/default_test.rb | 76 + .../tests/minitest/god_monitor_test.rb | 34 + .../default/tests/minitest/mod_apreq2_test.rb | 19 + .../tests/minitest/mod_auth_cas_test.rb | 10 + .../tests/minitest/mod_auth_openid_test.rb | 36 + .../default/tests/minitest/mod_cgi_test.rb | 12 + .../tests/minitest/mod_dav_svn_test.rb | 13 + .../default/tests/minitest/mod_fastcgi.rb | 10 + .../tests/minitest/mod_include_test.rb | 14 + .../default/tests/minitest/mod_perl_test.rb | 17 + .../default/tests/minitest/mod_php5_test.rb | 13 + .../default/tests/minitest/mod_python_test.rb | 9 + .../default/tests/minitest/mod_ssl_test.rb | 27 + .../default/tests/minitest/support/helpers.rb | 66 + .../cookbooks/apache2/metadata.rb | 225 + .../cookbooks/apache2/recipes/default.rb | 212 + .../cookbooks/apache2/recipes/god_monitor.rb | 33 + .../cookbooks/apache2/recipes/iptables.rb | 20 + .../cookbooks/apache2/recipes/logrotate.rb | 31 + .../cookbooks/apache2/recipes/mod_actions.rb | 20 + .../cookbooks/apache2/recipes/mod_alias.rb | 22 + .../cookbooks/apache2/recipes/mod_apreq2.rb | 51 + .../apache2/recipes/mod_auth_basic.rb | 20 + .../cookbooks/apache2/recipes/mod_auth_cas.rb | 73 + .../apache2/recipes/mod_auth_digest.rb | 20 + .../apache2/recipes/mod_auth_openid.rb | 123 + .../apache2/recipes/mod_authn_file.rb | 20 + .../apache2/recipes/mod_authnz_ldap.rb | 20 + .../apache2/recipes/mod_authz_default.rb | 20 + .../apache2/recipes/mod_authz_groupfile.rb | 20 + .../apache2/recipes/mod_authz_host.rb | 20 + .../apache2/recipes/mod_authz_user.rb | 20 + .../apache2/recipes/mod_autoindex.rb | 22 + .../cookbooks/apache2/recipes/mod_cgi.rb | 20 + .../apache2/recipes/mod_cloudflare.rb | 30 + .../cookbooks/apache2/recipes/mod_dav.rb | 20 + .../cookbooks/apache2/recipes/mod_dav_fs.rb | 21 + .../cookbooks/apache2/recipes/mod_dav_svn.rb | 39 + .../cookbooks/apache2/recipes/mod_deflate.rb | 22 + .../cookbooks/apache2/recipes/mod_dir.rb | 22 + .../cookbooks/apache2/recipes/mod_env.rb | 20 + .../cookbooks/apache2/recipes/mod_expires.rb | 20 + .../cookbooks/apache2/recipes/mod_fastcgi.rb | 52 + .../cookbooks/apache2/recipes/mod_fcgid.rb | 53 + .../cookbooks/apache2/recipes/mod_filter.rb | 20 + .../cookbooks/apache2/recipes/mod_headers.rb | 20 + .../cookbooks/apache2/recipes/mod_include.rb | 22 + .../cookbooks/apache2/recipes/mod_info.rb | 22 + .../cookbooks/apache2/recipes/mod_ldap.rb | 20 + .../apache2/recipes/mod_log_config.rb | 24 + .../cookbooks/apache2/recipes/mod_logio.rb | 24 + .../cookbooks/apache2/recipes/mod_mime.rb | 22 + .../apache2/recipes/mod_negotiation.rb | 22 + .../cookbooks/apache2/recipes/mod_perl.rb | 40 + .../cookbooks/apache2/recipes/mod_php5.rb | 69 + .../cookbooks/apache2/recipes/mod_proxy.rb | 22 + .../apache2/recipes/mod_proxy_ajp.rb | 21 + .../apache2/recipes/mod_proxy_balancer.rb | 20 + .../apache2/recipes/mod_proxy_connect.rb | 20 + .../apache2/recipes/mod_proxy_http.rb | 20 + .../cookbooks/apache2/recipes/mod_python.rb | 34 + .../cookbooks/apache2/recipes/mod_rewrite.rb | 20 + .../cookbooks/apache2/recipes/mod_setenvif.rb | 22 + .../cookbooks/apache2/recipes/mod_ssl.rb | 42 + .../cookbooks/apache2/recipes/mod_status.rb | 22 + .../cookbooks/apache2/recipes/mod_userdir.rb | 20 + .../cookbooks/apache2/recipes/mod_wsgi.rb | 34 + .../apache2/recipes/mod_xsendfile.rb | 34 + .../apache2/templates/default/a2dismod.erb | 22 + .../apache2/templates/default/a2dissite.erb | 29 + .../apache2/templates/default/a2enmod.erb | 37 + .../apache2/templates/default/a2ensite.erb | 38 + .../templates/default/apache2.conf.erb | 238 + .../apache2/templates/default/apache2.god.erb | 19 + .../apache2/templates/default/charset.erb | 6 + .../templates/default/default-site.erb | 55 + .../templates/default/etc-sysconfig-httpd.erb | 31 + .../apache2/templates/default/mods/README | 2 + .../templates/default/mods/alias.conf.erb | 23 + .../templates/default/mods/auth_cas.conf.erb | 1 + .../templates/default/mods/auth_cas.load.erb | 1 + .../default/mods/authopenid.load.erb | 1 + .../templates/default/mods/autoindex.conf.erb | 100 + .../templates/default/mods/deflate.conf.erb | 16 + .../templates/default/mods/dir.conf.erb | 3 + .../templates/default/mods/fastcgi.conf.erb | 5 + .../templates/default/mods/fcgid.conf.erb | 10 + .../templates/default/mods/include.conf.erb | 4 + .../templates/default/mods/include.erb | 4 + .../templates/default/mods/info.conf.erb | 14 + .../templates/default/mods/mime.conf.erb | 199 + .../default/mods/negotiation.conf.erb | 17 + .../templates/default/mods/php5.conf.erb | 16 + .../templates/default/mods/proxy.conf.erb | 19 + .../templates/default/mods/setenvif.conf.erb | 26 + .../templates/default/mods/ssl.conf.erb | 76 + .../templates/default/mods/status.conf.erb | 25 + .../apache2/templates/default/port_apache.erb | 3 + .../apache2/templates/default/ports.conf.erb | 9 + .../apache2/templates/default/security.erb | 46 + .../templates/default/web_app.conf.erb | 47 + .../apache2/test/features/alias_paths.feature | 12 + .../test/features/authenticate_basic.feature | 20 + .../test/features/authenticate_digest.feature | 20 + .../test/features/authenticate_openid.feature | 11 + .../test/features/authorize_groupfile.feature | 16 + .../test/features/authorize_host.feature | 17 + .../test/features/authorize_ldap.feature | 16 + .../test/features/authorize_users.feature | 16 + .../test/features/basic_web_app.feature | 11 + .../test/features/basic_webserver.feature | 16 + .../features/compress_server_response.feature | 16 + .../test/features/control_caching.feature | 11 + .../test/features/directory_listing.feature | 19 + .../test/features/host_cgi_scripts.feature | 11 + .../features/host_perl_applications.feature | 11 + .../features/host_php_applications.feature | 11 + .../features/host_python_applications.feature | 11 + .../host_source_control_repositories.feature | 12 + .../features/proxy_java_applications.feature | 12 + .../test/features/secure_requests.feature | 11 + .../features/step_definitions/svn_steps.rb | 19 + .../step_definitions/webserver_steps.rb | 160 + .../apache2/test/features/support/env.rb | 3 + .../test/features/support/svn_helpers.rb | 24 + .../test/features/support/web_helpers.rb | 86 + .../features/support_older_browsers.feature | 11 + .../apache2/test/kitchen/Kitchenfile | 50 + .../apache2/test/kitchen/cookbooks/Cheffile | 4 + .../kitchen/cookbooks/apache2_test/README.md | 82 + .../apache2_test/attributes/default.rb | 35 + .../files/default/ssl/ldap.example.com.pem | 49 + .../default/tests/minitest/modules_test.rb | 34 + .../default/tests/minitest/support/helpers.rb | 50 + .../cookbooks/apache2_test/metadata.rb | 88 + .../apache2_test/recipes/basic_web_app.rb | 38 + .../cookbooks/apache2_test/recipes/default.rb | 20 + .../apache2_test/recipes/god_monitor.rb | 19 + .../apache2_test/recipes/mod_auth_basic.rb | 35 + .../apache2_test/recipes/mod_auth_digest.rb | 37 + .../apache2_test/recipes/mod_auth_openid.rb | 29 + .../apache2_test/recipes/mod_authnz_ldap.rb | 63 + .../recipes/mod_authz_groupfile.rb | 46 + .../recipes/mod_authz_listed_host.rb | 30 + .../recipes/mod_authz_unlisted_host.rb | 30 + .../apache2_test/recipes/mod_authz_user.rb | 41 + .../cookbooks/apache2_test/recipes/mod_cgi.rb | 35 + .../apache2_test/recipes/mod_dav_svn.rb | 45 + .../apache2_test/recipes/mod_expires.rb | 30 + .../apache2_test/recipes/mod_perl.rb | 66 + .../apache2_test/recipes/mod_php5.rb | 50 + .../apache2_test/recipes/mod_proxy_ajp.rb | 44 + .../apache2_test/recipes/mod_python.rb | 54 + .../cookbooks/apache2_test/recipes/mod_ssl.rb | 54 + .../apache2_test/recipes/mod_status_remote.rb | 25 + .../cookbooks/apache2_test/recipes/modules.rb | 43 + .../cookbooks/apache2_test/recipes/setup.rb | 18 + .../templates/default/auth_basic.conf.erb | 6 + .../templates/default/auth_digest.conf.erb | 7 + .../templates/default/auth_openid.conf.erb | 8 + .../templates/default/authnz_ldap.conf.erb | 9 + .../default/authz_groupfile.conf.erb | 7 + .../templates/default/authz_host.conf.erb | 4 + .../templates/default/authz_user.conf.erb | 6 + .../templates/default/cache_test.conf.erb | 4 + .../templates/default/entries.ldif.erb | 18 + .../templates/default/java_env.conf.erb | 6 + .../templates/default/perl_env.conf.erb | 9 + .../templates/default/php_env.conf.erb | 7 + .../templates/default/python_env.conf.erb | 8 + .../templates/default/ssl.conf.erb | 13 + .../templates/default/status.conf.erb | 9 + .../templates/default/svn_repo.conf.erb | 6 + .../grizzly-xcat/cookbooks/apt/.kitchen.yml | 33 + .../grizzly-xcat/cookbooks/apt/Berksfile | 8 + .../grizzly-xcat/cookbooks/apt/Berksfile.lock | 4 + .../grizzly-xcat/cookbooks/apt/CHANGELOG.md | 79 + .../grizzly-xcat/cookbooks/apt/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/apt/LICENSE | 201 + .../grizzly-xcat/cookbooks/apt/README.md | 238 + .../grizzly-xcat/cookbooks/apt/TESTING.md | 25 + .../cookbooks/apt/attributes/default.rb | 3 + .../apt/files/default/apt-proxy-v2.conf | 50 + .../grizzly-xcat/cookbooks/apt/metadata.json | 34 + .../grizzly-xcat/cookbooks/apt/metadata.rb | 14 + .../cookbooks/apt/providers/preference.rb | 61 + .../cookbooks/apt/providers/repository.rb | 138 + .../cookbooks/apt/recipes/cacher-client.rb | 59 + .../cookbooks/apt/recipes/cacher-ng.rb | 38 + .../cookbooks/apt/recipes/default.rb | 68 + .../cookbooks/apt/resources/preference.rb | 30 + .../cookbooks/apt/resources/repository.rb | 40 + .../apt/templates/default/01proxy.erb | 2 + .../apt/templates/default/acng.conf.erb | 276 + .../apt/templates/ubuntu-10.04/acng.conf.erb | 270 + .../grizzly-xcat/cookbooks/aws/CHANGELOG.md | 55 + .../grizzly-xcat/cookbooks/aws/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/aws/LICENSE | 201 + .../grizzly-xcat/cookbooks/aws/README.md | 279 + .../cookbooks/aws/attributes/default.rb | 22 + .../cookbooks/aws/libraries/ec2.rb | 80 + .../grizzly-xcat/cookbooks/aws/metadata.json | 30 + .../grizzly-xcat/cookbooks/aws/metadata.rb | 8 + .../cookbooks/aws/providers/ebs_raid.rb | 384 + .../cookbooks/aws/providers/ebs_volume.rb | 264 + .../cookbooks/aws/providers/elastic_ip.rb | 90 + .../cookbooks/aws/providers/elastic_lb.rb | 34 + .../cookbooks/aws/providers/resource_tag.rb | 95 + .../cookbooks/aws/recipes/default.rb | 25 + .../cookbooks/aws/resources/ebs_raid.rb | 12 + .../cookbooks/aws/resources/ebs_volume.rb | 20 + .../cookbooks/aws/resources/elastic_ip.rb | 11 + .../cookbooks/aws/resources/elastic_lb.rb | 10 + .../cookbooks/aws/resources/resource_tag.rb | 11 + .../cookbooks/build-essential/.kitchen.yml | 42 + .../cookbooks/build-essential/Berksfile | 3 + .../cookbooks/build-essential/CHANGELOG.md | 42 + .../cookbooks/build-essential/CONTRIBUTING | 29 + .../cookbooks/build-essential/LICENSE | 201 + .../cookbooks/build-essential/README.md | 139 + .../cookbooks/build-essential/TESTING.md | 25 + .../build-essential/attributes/default.rb | 33 + .../cookbooks/build-essential/metadata.json | 44 + .../cookbooks/build-essential/metadata.rb | 16 + .../build-essential/recipes/debian.rb | 45 + .../build-essential/recipes/default.rb | 24 + .../build-essential/recipes/fedora.rb | 36 + .../build-essential/recipes/mac_os_x.rb | 40 + .../cookbooks/build-essential/recipes/rhel.rb | 43 + .../build-essential/recipes/smartos.rb | 36 + .../build-essential/recipes/solaris2.rb | 42 + .../cookbooks/build-essential/recipes/suse.rb | 36 + .../cookbooks/chef_handler/CHANGELOG.md | 28 + .../cookbooks/chef_handler/CONTRIBUTING | 29 + .../cookbooks/chef_handler/LICENSE | 201 + .../cookbooks/chef_handler/README.md | 103 + .../chef_handler/attributes/default.rb | 30 + .../files/default/handlers/README | 1 + .../cookbooks/chef_handler/metadata.rb | 7 + .../chef_handler/providers/default.rb | 93 + .../cookbooks/chef_handler/recipes/default.rb | 33 + .../chef_handler/recipes/json_file.rb | 28 + .../chef_handler/resources/default.rb | 34 + .../cookbooks/database/CHANGELOG.md | 92 + .../cookbooks/database/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/database/LICENSE | 201 + .../grizzly-xcat/cookbooks/database/README.md | 495 ++ .../libraries/provider_database_mysql.rb | 104 + .../libraries/provider_database_mysql_user.rb | 85 + .../libraries/provider_database_postgresql.rb | 131 + .../provider_database_postgresql_user.rb | 83 + .../libraries/provider_database_sql_server.rb | 111 + .../provider_database_sql_server_user.rb | 124 + .../database/libraries/resource_database.rb | 119 + .../libraries/resource_database_user.rb | 99 + .../libraries/resource_mysql_database.rb | 34 + .../libraries/resource_mysql_database_user.rb | 34 + .../libraries/resource_postgresql_database.rb | 35 + .../resource_postgresql_database_user.rb | 35 + .../libraries/resource_sql_server_database.rb | 34 + .../resource_sql_server_database_user.rb | 44 + .../cookbooks/database/metadata.rb | 22 + .../cookbooks/database/recipes/default.rb | 20 + .../cookbooks/database/recipes/ebs_backup.rb | 89 + .../cookbooks/database/recipes/ebs_volume.rb | 204 + .../cookbooks/database/recipes/master.rb | 78 + .../cookbooks/database/recipes/mysql.rb | 20 + .../cookbooks/database/recipes/postgresql.rb | 20 + .../cookbooks/database/recipes/snapshot.rb | 62 + .../templates/default/app_grants.sql.erb | 8 + .../database/templates/default/aws_config.erb | 3 + .../chef-solo-database-snapshot.cron.erb | 6 + .../chef-solo-database-snapshot.json.erb | 1 + .../chef-solo-database-snapshot.rb.erb | 6 + .../templates/default/ebs-backup-cron.erb | 2 + .../templates/default/ebs-db-backup.sh.erb | 8 + .../templates/default/ebs-db-restore.sh.erb | 10 + .../database/templates/default/s3cfg.erb | 27 + .../grizzly-xcat/cookbooks/dmg/CHANGELOG.md | 39 + .../cookbooks/dmg/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/dmg/LICENSE | 201 + .../grizzly-xcat/cookbooks/dmg/README.md | 143 + .../grizzly-xcat/cookbooks/dmg/TODO.md | 12 + .../cookbooks/dmg/attributes/default.rb | 20 + .../grizzly-xcat/cookbooks/dmg/metadata.rb | 8 + .../cookbooks/dmg/providers/package.rb | 86 + .../cookbooks/dmg/recipes/default.rb | 18 + .../cookbooks/dmg/resources/package.rb | 37 + .../cookbooks/erlang/.kitchen.yml | 53 + .../grizzly-xcat/cookbooks/erlang/Berksfile | 8 + .../cookbooks/erlang/CHANGELOG.md | 31 + .../cookbooks/erlang/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/erlang/LICENSE | 201 + .../grizzly-xcat/cookbooks/erlang/README.md | 86 + .../grizzly-xcat/cookbooks/erlang/TESTING.md | 25 + .../cookbooks/erlang/attributes/default.rb | 25 + .../grizzly-xcat/cookbooks/erlang/chefignore | 96 + .../default/tests/minitest/default_test.rb | 39 + .../files/default/tests/minitest/esl_test.rb | 35 + .../default/tests/minitest/gui_tools_test.rb | 30 + .../default/tests/minitest/support/helpers.rb | 29 + .../cookbooks/erlang/metadata.json | 44 + .../grizzly-xcat/cookbooks/erlang/metadata.rb | 19 + .../cookbooks/erlang/recipes/default.rb | 23 + .../cookbooks/erlang/recipes/esl.rb | 92 + .../cookbooks/erlang/recipes/package.rb | 49 + .../cookbooks/erlang/recipes/source.rb | 56 + .../grizzly-xcat/cookbooks/git/.kitchen.yml | 46 + .../grizzly-xcat/cookbooks/git/Berksfile | 8 + .../grizzly-xcat/cookbooks/git/CHANGELOG.md | 87 + .../grizzly-xcat/cookbooks/git/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/git/Gemfile | 3 + .../grizzly-xcat/cookbooks/git/LICENSE | 201 + .../grizzly-xcat/cookbooks/git/README.md | 115 + .../grizzly-xcat/cookbooks/git/TESTING.md | 25 + .../cookbooks/git/attributes/default.rb | 40 + .../grizzly-xcat/cookbooks/git/metadata.rb | 35 + .../cookbooks/git/recipes/default.rb | 53 + .../cookbooks/git/recipes/server.rb | 58 + .../cookbooks/git/recipes/source.rb | 49 + .../cookbooks/git/recipes/windows.rb | 37 + .../git/templates/default/git-xinetd.d.erb | 10 + .../default/sv-git-daemon-log-run.erb | 2 + .../templates/default/sv-git-daemon-run.erb | 3 + .../cookbooks/jdatabase/CHANGELOG.md | 69 + .../cookbooks/jdatabase/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/jdatabase/LICENSE | 201 + .../cookbooks/jdatabase/README.md | 510 ++ .../libraries/provider_database_mysql.rb | 103 + .../libraries/provider_database_mysql_user.rb | 84 + .../libraries/provider_database_postgresql.rb | 131 + .../provider_database_postgresql_user.rb | 83 + .../libraries/provider_database_sql_server.rb | 109 + .../provider_database_sql_server_user.rb | 106 + .../jdatabase/libraries/resource_database.rb | 119 + .../libraries/resource_database_user.rb | 90 + .../libraries/resource_mysql_database.rb | 34 + .../libraries/resource_mysql_database_user.rb | 34 + .../libraries/resource_postgresql_database.rb | 35 + .../resource_postgresql_database_user.rb | 35 + .../libraries/resource_sql_server_database.rb | 34 + .../resource_sql_server_database_user.rb | 34 + .../cookbooks/jdatabase/metadata.json | 46 + .../cookbooks/jdatabase/metadata.rb | 22 + .../cookbooks/jdatabase/recipes/default.rb | 20 + .../cookbooks/jdatabase/recipes/ebs_backup.rb | 89 + .../cookbooks/jdatabase/recipes/ebs_volume.rb | 204 + .../cookbooks/jdatabase/recipes/master.rb | 78 + .../cookbooks/jdatabase/recipes/mysql.rb | 20 + .../cookbooks/jdatabase/recipes/postgresql.rb | 20 + .../cookbooks/jdatabase/recipes/snapshot.rb | 62 + .../templates/default/app_grants.sql.erb | 8 + .../templates/default/aws_config.erb | 3 + .../chef-solo-database-snapshot.cron.erb | 6 + .../chef-solo-database-snapshot.json.erb | 1 + .../chef-solo-database-snapshot.rb.erb | 6 + .../templates/default/ebs-backup-cron.erb | 2 + .../templates/default/ebs-db-backup.sh.erb | 8 + .../templates/default/ebs-db-restore.sh.erb | 10 + .../jdatabase/templates/default/s3cfg.erb | 27 + .../cookbooks/memcached/CHANGELOG.md | 37 + .../cookbooks/memcached/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/memcached/Gemfile | 3 + .../grizzly-xcat/cookbooks/memcached/LICENSE | 201 + .../cookbooks/memcached/README.md | 74 + .../cookbooks/memcached/attributes/default.rb | 24 + .../definitions/memcached_instance.rb | 36 + .../cookbooks/memcached/metadata.rb | 35 + .../cookbooks/memcached/recipes/default.rb | 86 + .../templates/default/memcached.conf.erb | 50 + .../templates/default/memcached.default.erb | 2 + .../templates/default/memcached.sysconfig.erb | 13 + .../default/sv-memcached-log-run.erb | 2 + .../templates/default/sv-memcached-run.erb | 3 + .../memcached/test/kitchen/Kitchenfile | 4 + .../memcached/test/kitchen/cookbooks/Cheffile | 1 + .../cookbooks/memcached_test/README.md | 1 + .../cookbooks/memcached_test/metadata.rb | 6 + .../memcached_test/recipes/default.rb | 20 + .../memcached_test/recipes/instance.rb | 28 + .../grizzly-xcat/cookbooks/mysql/.kitchen.yml | 45 + .../grizzly-xcat/cookbooks/mysql/Berksfile | 11 + .../grizzly-xcat/cookbooks/mysql/CHANGELOG.md | 154 + .../grizzly-xcat/cookbooks/mysql/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/mysql/LICENSE | 201 + .../grizzly-xcat/cookbooks/mysql/README.md | 250 + .../grizzly-xcat/cookbooks/mysql/TESTING.md | 25 + .../cookbooks/mysql/attributes/client.rb | 52 + .../mysql/attributes/percona_repo.rb | 3 + .../cookbooks/mysql/attributes/server.rb | 255 + .../cookbooks/mysql/libraries/helpers.rb | 33 + .../cookbooks/mysql/metadata.json | 418 ++ .../grizzly-xcat/cookbooks/mysql/metadata.rb | 140 + .../cookbooks/mysql/recipes/client.rb | 59 + .../cookbooks/mysql/recipes/default.rb | 20 + .../cookbooks/mysql/recipes/percona_repo.rb | 48 + .../cookbooks/mysql/recipes/ruby.rb | 36 + .../cookbooks/mysql/recipes/server.rb | 221 + .../cookbooks/mysql/recipes/server_ec2.rb | 51 + .../mysql/templates/default/debian.cnf.erb | 12 + .../mysql/templates/default/grants.sql.erb | 34 + .../mysql/templates/default/my.cnf.erb | 317 + .../templates/default/mysql-server.seed.erb | 10 + .../mysql/templates/default/port_mysql.erb | 3 + .../mysql/templates/windows/my.cnf.erb | 61 + .../cookbooks/nodejs/.kitchen.yml | 48 + .../grizzly-xcat/cookbooks/nodejs/.travis.yml | 6 + .../grizzly-xcat/cookbooks/nodejs/Berksfile | 5 + .../cookbooks/nodejs/CHANGELOG.md | 56 + .../grizzly-xcat/cookbooks/nodejs/Gemfile | 10 + .../grizzly-xcat/cookbooks/nodejs/README.md | 80 + .../grizzly-xcat/cookbooks/nodejs/Rakefile | 36 + .../cookbooks/nodejs/attributes/default.rb | 38 + .../grizzly-xcat/cookbooks/nodejs/metadata.rb | 22 + .../cookbooks/nodejs/recipes/default.rb | 25 + .../nodejs/recipes/install_from_binary.rb | 80 + .../nodejs/recipes/install_from_package.rb | 52 + .../nodejs/recipes/install_from_source.rb | 68 + .../cookbooks/nodejs/recipes/npm.rb | 38 + .../integration/package/bats/package.bats | 9 + .../test/integration/source/bats/source.bats | 9 + .../cookbooks/nodejs/test/support/Gemfile | 5 + .../cookbooks/openssh/CHANGELOG.md | 23 + .../cookbooks/openssh/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/openssh/Gemfile | 3 + .../grizzly-xcat/cookbooks/openssh/LICENSE | 201 + .../grizzly-xcat/cookbooks/openssh/README.md | 122 + .../cookbooks/openssh/attributes/default.rb | 125 + .../default/tests/minitest/config_test.rb | 38 + .../default/tests/minitest/default_test.rb | 13 + .../default/tests/minitest/support/helpers.rb | 13 + .../cookbooks/openssh/metadata.json | 38 + .../cookbooks/openssh/metadata.rb | 12 + .../cookbooks/openssh/recipes/default.rb | 73 + .../openssh/templates/default/port_ssh.erb | 2 + .../openssh/templates/default/ssh_config.erb | 11 + .../openssh/templates/default/sshd_config.erb | 11 + .../cookbooks/openssl/CHANGELOG.md | 3 + .../cookbooks/openssl/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/openssl/LICENSE | 201 + .../grizzly-xcat/cookbooks/openssl/README.md | 37 + .../openssl/libraries/secure_password.rb | 37 + .../cookbooks/openssl/metadata.json | 30 + .../cookbooks/openssl/metadata.rb | 9 + .../cookbooks/openssl/recipes/default.rb | 19 + .../cookbooks/openstack-block-storage/.tailor | 25 + .../openstack-block-storage/Berksfile | 8 + .../openstack-block-storage/Berksfile.lock | 68 + .../openstack-block-storage/CHANGELOG.md | 18 + .../cookbooks/openstack-block-storage/Gemfile | 9 + .../openstack-block-storage/Gemfile.lock | 223 + .../openstack-block-storage/README.md | 130 + .../openstack-block-storage/Strainerfile | 5 + .../attributes/default.rb | 187 + .../openstack-block-storage/metadata.rb | 24 + .../openstack-block-storage/recipes/api.rb | 84 + .../recipes/cinder-common.rb | 63 + .../recipes/default.rb | 18 + .../recipes/identity_registration.rb | 85 + .../recipes/scheduler.rb | 77 + .../openstack-block-storage/recipes/volume.rb | 111 + .../spec/api-opensuse_spec.rb | 38 + .../spec/api-redhat_spec.rb | 33 + .../openstack-block-storage/spec/api_spec.rb | 139 + .../spec/cinder_common-opensuse_spec.rb | 18 + .../spec/cinder_common-redhat_spec.rb | 18 + .../spec/cinder_common_spec.rb | 110 + .../spec/default_spec.rb | 4 + .../spec/identity_registration_spec.rb | 82 + .../spec/scheduler-opensuse_spec.rb | 44 + .../spec/scheduler-redhat_spec.rb | 44 + .../spec/scheduler_spec.rb | 110 + .../spec/spec_helper.rb | 81 + .../spec/volume-opensuse_spec.rb | 65 + .../spec/volume-redhat_spec.rb | 61 + .../spec/volume_spec.rb | 121 + .../templates/default/api-paste.ini.erb | 61 + .../templates/default/cinder.conf.erb | 802 +++ .../templates/default/policy.json.erb | 34 + .../templates/default/shares.conf.erb | 4 + .../templates/default/targets.conf.erb | 9 + .../cookbooks/openstack-common/.tailor | 25 + .../cookbooks/openstack-common/Berksfile | 1 + .../cookbooks/openstack-common/CHANGELOG.md | 76 + .../cookbooks/openstack-common/Gemfile | 9 + .../cookbooks/openstack-common/Gemfile.lock | 207 + .../cookbooks/openstack-common/LICENSE | 176 + .../cookbooks/openstack-common/README.md | 190 + .../cookbooks/openstack-common/Strainerfile | 5 + .../openstack-common/attributes/default.rb | 322 + .../openstack-common/libraries/database.rb | 102 + .../openstack-common/libraries/endpoints.rb | 86 + .../openstack-common/libraries/network.rb | 34 + .../openstack-common/libraries/parse.rb | 63 + .../openstack-common/libraries/passwords.rb | 71 + .../openstack-common/libraries/search.rb | 79 + .../openstack-common/libraries/uri.rb | 56 + .../cookbooks/openstack-common/metadata.rb | 17 + .../openstack-common/recipes/default.rb | 88 + .../openstack-common/recipes/logging.rb | 32 + .../openstack-common/spec/database_spec.rb | 39 + .../spec/default-suse_spec.rb | 9 + .../openstack-common/spec/default_spec.rb | 24 + .../openstack-common/spec/endpoints_spec.rb | 133 + .../openstack-common/spec/logging_spec.rb | 56 + .../openstack-common/spec/network_spec.rb | 46 + .../openstack-common/spec/parse_spec.rb | 79 + .../openstack-common/spec/password_spec.rb | 90 + .../openstack-common/spec/search_spec.rb | 140 + .../openstack-common/spec/spec_helper.rb | 11 + .../openstack-common/spec/uri_spec.rb | 85 + .../templates/default/logging.conf.erb | 136 + .../cookbooks/openstack-compute/.tailor | 25 + .../cookbooks/openstack-compute/Berksfile | 12 + .../openstack-compute/Berksfile.lock | 65 + .../cookbooks/openstack-compute/Gemfile | 9 + .../cookbooks/openstack-compute/Gemfile.lock | 214 + .../cookbooks/openstack-compute/README.md | 256 + .../cookbooks/openstack-compute/Strainerfile | 5 + .../openstack-compute/attributes/default.rb | 337 + .../attributes/default.rb.ave | 333 + .../files/default/add_floaters.py | 148 + .../files/default/nova-compute.conf | 5 + .../files/default/nova_plugin.py | 135 + .../files/default/policy.json | 3 + .../cookbooks/openstack-compute/metadata.rb | 33 + .../openstack-compute/recipes/api-ec2.rb | 83 + .../openstack-compute/recipes/api-metadata.rb | 86 + .../recipes/api-os-compute.rb | 87 + .../openstack-compute/recipes/compute.rb | 78 + .../openstack-compute/recipes/conductor.rb | 37 + .../openstack-compute/recipes/default.rb | 18 + .../recipes/identity_registration.rb | 116 + .../openstack-compute/recipes/libvirt.rb | 206 + .../openstack-compute/recipes/network.rb | 52 + .../openstack-compute/recipes/nova-cert.rb | 38 + .../openstack-compute/recipes/nova-common.rb | 208 + .../openstack-compute/recipes/nova-setup.rb | 134 + .../openstack-compute/recipes/scheduler.rb | 47 + .../openstack-compute/recipes/vncproxy.rb | 56 + .../spec/api-ec2-redhat_spec.rb | 19 + .../openstack-compute/spec/api-ec2_spec.rb | 27 + .../spec/api-metadata-redhat_spec.rb | 19 + .../spec/api-metadata_spec.rb | 27 + .../spec/api-os-compute-redhat_spec.rb | 19 + .../spec/api-os-compute_spec.rb | 45 + .../spec/compute-opensuse_spec.rb | 16 + .../spec/compute-redhat_spec.rb | 45 + .../openstack-compute/spec/compute_spec.rb | 84 + .../spec/conductor_redhat_spec.rb | 25 + .../openstack-compute/spec/conductor_spec.rb | 25 + .../openstack-compute/spec/default_spec.rb | 4 + .../spec/identity_registration_spec.rb | 124 + .../spec/libvirt-opensuse_spec.rb | 96 + .../spec/libvirt-redhat_spec.rb | 60 + .../openstack-compute/spec/libvirt_spec.rb | 97 + .../spec/network-redhat_spec.rb | 21 + .../openstack-compute/spec/network_spec.rb | 34 + .../spec/nova-cert-redhat_spec.rb | 19 + .../openstack-compute/spec/nova-cert_spec.rb | 21 + .../spec/nova-common-redhat_spec.rb | 42 + .../spec/nova-common_spec.rb | 341 + .../openstack-compute/spec/nova-setup_spec.rb | 71 + .../spec/scheduler-redhat_spec.rb | 24 + .../openstack-compute/spec/scheduler_spec.rb | 27 + .../openstack-compute/spec/spec_helper.rb | 111 + .../spec/vncproxy-redhat_spec.rb | 25 + .../openstack-compute/spec/vncproxy_spec.rb | 35 + .../templates/default/api-paste.ini.erb | 113 + .../default/collectd-plugin-mysql.conf.erb | 18 + .../templates/default/libvirt-bin.erb | 13 + .../templates/default/libvirtd.conf.erb | 395 + .../templates/default/libvirtd.erb | 26 + .../templates/default/nova.conf.erb | 238 + .../templates/default/openrc.erb | 23 + .../templates/default/rootwrap.conf.erb | 29 + .../rootwrap.d/api-metadata.filters.erb | 15 + .../default/rootwrap.d/compute.filters.erb | 203 + .../default/rootwrap.d/network.filters.erb | 77 + .../cookbooks/openstack-dashboard/.tailor | 25 + .../cookbooks/openstack-dashboard/Berksfile | 4 + .../cookbooks/openstack-dashboard/Gemfile | 9 + .../openstack-dashboard/Gemfile.lock | 207 + .../cookbooks/openstack-dashboard/README.md | 93 + .../openstack-dashboard/Strainerfile | 5 + .../openstack-dashboard/attributes/default.rb | 114 + .../files/default/css/folsom.css | 6363 +++++++++++++++++ .../files/default/horizon.key | 28 + .../files/default/horizon.pem | 17 + .../cookbooks/openstack-dashboard/metadata.rb | 16 + .../openstack-dashboard/recipes/default.rb | 18 + .../openstack-dashboard/recipes/server.rb | 200 + .../openstack-dashboard/spec/default_spec.rb | 4 + .../spec/server-fedora_spec.rb | 56 + .../spec/server-opensuse_spec.rb | 65 + .../spec/server-redhat_spec.rb | 138 + .../openstack-dashboard/spec/server_spec.rb | 247 + .../openstack-dashboard/spec/spec_helper.rb | 30 + .../templates/default/dash-site.erb | 58 + .../default/default_stylesheets.html.erb | 7 + .../templates/default/local_settings.py.erb | 258 + .../templates/default/rs_stylesheets.html.erb | 7 + .../cookbooks/openstack-identity/.tailor | 25 + .../cookbooks/openstack-identity/Berksfile | 4 + .../openstack-identity/Berksfile.lock | 37 + .../cookbooks/openstack-identity/Gemfile | 9 + .../cookbooks/openstack-identity/Gemfile.lock | 223 + .../cookbooks/openstack-identity/README.md | 290 + .../cookbooks/openstack-identity/Strainerfile | 5 + .../openstack-identity/attributes/default.rb | 202 + .../cookbooks/openstack-identity/metadata.rb | 16 + .../openstack-identity/providers/register.rb | 301 + .../openstack-identity/recipes/default.rb | 18 + .../recipes/registration.rb | 171 + .../openstack-identity/recipes/server.rb | 169 + .../openstack-identity/resources/register.rb | 61 + .../openstack-identity/spec/default_spec.rb | 4 + .../openstack-identity/spec/register_spec.rb | 215 + .../spec/registration_spec.rb | 190 + .../spec/server-opensuse_spec.rb | 115 + .../spec/server-redhat_spec.rb | 36 + .../openstack-identity/spec/server_spec.rb | 312 + .../openstack-identity/spec/spec_helper.rb | 30 + .../default/default_catalog.templates.erb | 29 + .../templates/default/keystone.conf.erb | 289 + .../cookbooks/openstack-image/.tailor | 25 + .../cookbooks/openstack-image/Berksfile | 6 + .../cookbooks/openstack-image/Berksfile.lock | 41 + .../cookbooks/openstack-image/Gemfile | 9 + .../cookbooks/openstack-image/Gemfile.lock | 214 + .../cookbooks/openstack-image/README.md | 166 + .../cookbooks/openstack-image/Strainerfile | 5 + .../openstack-image/attributes/default.rb | 160 + .../files/default/glance_plugin.py | 117 + .../cookbooks/openstack-image/metadata.rb | 16 + .../openstack-image/providers/image.rb | 108 + .../cookbooks/openstack-image/recipes/api.rb | 244 + .../recipes/identity_registration.rb | 99 + .../openstack-image/recipes/registry.rb | 123 + .../openstack-image/resources/image.rb | 35 + .../openstack-image/spec/api-redhat_spec.rb | 15 + .../openstack-image/spec/api_spec.rb | 340 + .../openstack-image/spec/default_spec.rb | 4 + .../spec/identity_registration_spec.rb | 91 + .../spec/registry-redhat_spec.rb | 36 + .../openstack-image/spec/registry_spec.rb | 144 + .../openstack-image/spec/spec_helper.rb | 87 + .../default/glance-api-paste.ini.erb | 59 + .../templates/default/glance-api.conf.erb | 267 + .../default/glance-cache-paste.ini.erb | 17 + .../templates/default/glance-cache.conf.erb | 59 + .../default/glance-registry-paste.ini.erb | 23 + .../default/glance-registry.conf.erb | 74 + .../default/glance-scrubber-paste.ini.erb | 5 + .../default/glance-scrubber.conf.erb | 38 + .../templates/default/policy.json.erb | 4 + .../cookbooks/openstack-metering/Berksfile | 6 + .../openstack-metering/Berksfile.lock | 41 + .../cookbooks/openstack-metering/CHANGELOG.md | 23 + .../cookbooks/openstack-metering/Gemfile | 9 + .../cookbooks/openstack-metering/Gemfile.lock | 214 + .../cookbooks/openstack-metering/README.md | 81 + .../cookbooks/openstack-metering/Strainerfile | 5 + .../openstack-metering/attributes/default.rb | 73 + .../files/default/policy.json | 3 + .../cookbooks/openstack-metering/metadata.rb | 21 + .../recipes/agent-central.rb | 30 + .../recipes/agent-compute.rb | 40 + .../openstack-metering/recipes/api.rb | 37 + .../openstack-metering/recipes/collector.rb | 47 + .../openstack-metering/recipes/common.rb | 85 + .../recipes/identity_registration.rb | 51 + .../spec/agent-central-opensuse_spec.rb | 19 + .../spec/agent-central_spec.rb | 21 + .../spec/agent-compute-opensuse_spec.rb | 19 + .../spec/agent-compute_spec.rb | 21 + .../spec/api-opensuse_spec.rb | 19 + .../openstack-metering/spec/api_spec.rb | 35 + .../spec/collector-opensuse_spec.rb | 19 + .../openstack-metering/spec/collector_spec.rb | 26 + .../spec/common-opensuse_spec.rb | 15 + .../openstack-metering/spec/common_spec.rb | 88 + .../spec/identity_registration_spec.rb | 42 + .../openstack-metering/spec/spec_helper.rb | 37 + .../templates/default/ceilometer.conf.erb | 36 + .../cookbooks/openstack-network/Berksfile | 6 + .../openstack-network/Berksfile.lock | 41 + .../cookbooks/openstack-network/CHANGELOG.md | 15 + .../cookbooks/openstack-network/Gemfile | 11 + .../cookbooks/openstack-network/Gemfile.lock | 223 + .../cookbooks/openstack-network/README.md | 100 + .../cookbooks/openstack-network/Strainerfile | 5 + .../openstack-network/attributes/default.rb | 832 +++ .../attributes/default.rb.save | 828 +++ .../files/default/disable-eth-offload.sh | 78 + .../etc/quantum/rootwrap.d/debug.filters | 14 + .../etc/quantum/rootwrap.d/dhcp.filters | 40 + .../rootwrap.d/iptables-firewall.filters | 21 + .../default/etc/quantum/rootwrap.d/l3.filters | 43 + .../quantum/rootwrap.d/lbaas-haproxy.filters | 29 + .../rootwrap.d/linuxbridge-plugin.filters | 21 + .../etc/quantum/rootwrap.d/nec-plugin.filters | 15 + .../rootwrap.d/openvswitch-plugin.filters | 29 + .../etc/quantum/rootwrap.d/ryu-plugin.filters | 25 + .../files/default/ovs-dpctl-top | 1687 +++++ .../files/default/quantum-ha-tool.py | 443 ++ .../cookbooks/openstack-network/metadata.rb | 19 + .../openstack-network/recipes/balancer.rb | 48 + .../openstack-network/recipes/bigswitch.rb | 20 + .../openstack-network/recipes/brocade.rb | 20 + .../recipes/build_openvswitch_source.rb | 96 + .../openstack-network/recipes/cisco.rb | 20 + .../openstack-network/recipes/common.rb | 385 + .../openstack-network/recipes/dhcp_agent.rb | 131 + .../recipes/dhcp_agent.rb.bak | 121 + .../openstack-network/recipes/hyperv.rb | 20 + .../recipes/identity_registration.rb | 88 + .../openstack-network/recipes/l3_agent.rb | 67 + .../openstack-network/recipes/linuxbridge.rb | 35 + .../recipes/metadata_agent.rb | 55 + .../openstack-network/recipes/metaplugin.rb | 20 + .../openstack-network/recipes/midonet.rb | 20 + .../openstack-network/recipes/nec.rb | 20 + .../openstack-network/recipes/nicira.rb | 20 + .../openstack-network/recipes/openvswitch.rb | 152 + .../openstack-network/recipes/plumgrid.rb | 20 + .../openstack-network/recipes/ryu.rb | 20 + .../openstack-network/recipes/server.rb | 86 + .../openstack-network/spec/balancer_spec.rb | 32 + .../spec/build_openvswitch_source_spec.rb | 46 + .../openstack-network/spec/common_spec.rb | 19 + .../spec/dhcp_agent-opensuse_spec.rb | 37 + .../openstack-network/spec/dhcp_agent_spec.rb | 91 + .../spec/identity_registration_spec.rb | 89 + .../openstack-network/spec/l3_agent_spec.rb | 90 + .../spec/linuxbridge-opensuse_spec.rb | 23 + .../spec/linuxbridge-redhat_spec.rb | 23 + .../spec/linuxbridge_spec.rb | 42 + .../spec/metadata_agent_spec.rb | 65 + .../spec/openvswitch-opensuse_spec.rb | 26 + .../spec/openvswitch_spec.rb | 117 + .../spec/server-opensuse_spec.rb | 63 + .../spec/server-redhat_spec.rb | 28 + .../openstack-network/spec/server_spec.rb | 224 + .../openstack-network/spec/spec_helper.rb | 69 + .../templates/default/api-paste.ini.erb | 34 + .../templates/default/dhcp_agent.ini.erb | 55 + .../templates/default/dnsmasq.conf.erb | 7 + .../templates/default/l3_agent.ini.erb | 58 + .../templates/default/lbaas_agent.ini.erb | 37 + .../templates/default/metadata_agent.ini.erb | 30 + .../plugins/bigswitch/restproxy.ini.erb | 39 + .../default/plugins/brocade/brocade.ini.erb | 57 + .../plugins/cisco/cisco_plugins.ini.erb | 36 + .../hyperv/hyperv_quantum_plugin.ini.erb | 68 + .../linuxbridge/linuxbridge_conf.ini.erb | 67 + .../plugins/metaplugin/metaplugin.ini.erb | 40 + .../default/plugins/midonet/midonet.ini.erb | 43 + .../templates/default/plugins/nec/nec.ini.erb | 56 + .../default/plugins/nicira/nvp.ini.erb | 116 + .../openvswitch/ovs_quantum_plugin.ini.erb | 155 + .../default/plugins/plumgrid/plumgrid.ini.erb | 38 + .../templates/default/plugins/ryu/ryu.ini.erb | 58 + .../templates/default/policy.json.erb | 75 + .../templates/default/quantum-server.erb | 6 + .../templates/default/quantum.conf.erb | 325 + .../templates/default/quantum.sysconfig.erb | 5 + .../templates/default/rootwrap.conf.erb | 6 + .../openstack-object-storage/Berksfile | 4 + .../openstack-object-storage/Berksfile.lock | 42 + .../openstack-object-storage/Gemfile | 9 + .../openstack-object-storage/Gemfile.lock | 211 + .../openstack-object-storage/README.md | 269 + .../openstack-object-storage/Strainerfile | 4 + .../attributes/default.rb | 194 + .../files/default/5EDB1B62EC4926EA | 53 + .../files/default/cluster_stats.py | 88 + .../files/default/git-daemon.default | 16 + .../files/default/rsync.init | 44 + .../files/default/rsync.service | 11 + .../files/default/swift_stats.py | 98 + .../libraries/drive_utils.rb | 34 + .../libraries/ip_utils.rb | 45 + .../openstack-object-storage/metadata.rb | 20 + .../providers/disk.rb | 264 + .../providers/mounts.rb | 168 + .../providers/ring_script.rb | 262 + .../recipes/account-server.rb | 96 + .../recipes/common.rb | 110 + .../recipes/container-server.rb | 93 + .../openstack-object-storage/recipes/disks.rb | 66 + .../recipes/management-server.rb | 55 + .../recipes/memcached.rb | 20 + .../recipes/object-server.rb | 101 + .../recipes/proxy-server.rb | 116 + .../recipes/ring-repo.rb | 183 + .../openstack-object-storage/recipes/rsync.rb | 85 + .../openstack-object-storage/recipes/setup.rb | 58 + .../recipes/storage-common.rb | 41 + .../resources/disk.rb | 44 + .../resources/mounts.rb | 71 + .../resources/ring_script.rb | 44 + .../openstack-object-storage/run_tests.bash | 23 + .../spec/account_spec.rb | 67 + .../spec/common_spec.rb | 92 + .../spec/container_spec.rb | 63 + .../spec/disks_spec.rb | 43 + .../spec/management_spec.rb | 47 + .../spec/object_spec.rb | 71 + .../spec/proxy_spec.rb | 60 + .../spec/ring-repo_spec.rb | 43 + .../spec/rsync_spec.rb | 51 + .../spec/spec_helper.rb | 49 + .../spec/storage-common_spec.rb | 58 + .../templates/default/account-server.conf.erb | 78 + .../default/container-server.conf.erb | 88 + .../templates/default/dispersion.conf.erb | 13 + .../templates/default/drive-audit.conf.erb | 5 + .../templates/default/object-server.conf.erb | 104 + .../templates/default/proxy-server.conf.erb | 262 + .../templates/default/pull-rings.sh.erb | 29 + .../templates/default/rsyncd.conf.erb | 24 + .../default/simple-redhat-init-config.erb | 77 + .../default/simple-systemd-config.erb | 11 + .../cookbooks/openstack-ops-database/.tailor | 25 + .../openstack-ops-database/Berksfile | 18 + .../openstack-ops-database/Berksfile.lock | 94 + .../openstack-ops-database/CHANGELOG.md | 4 + .../cookbooks/openstack-ops-database/Gemfile | 9 + .../openstack-ops-database/Gemfile.lock | 223 + .../cookbooks/openstack-ops-database/LICENSE | 201 + .../openstack-ops-database/README.md | 121 + .../openstack-ops-database/Strainerfile | 5 + .../attributes/default.rb | 33 + .../openstack-ops-database/metadata.rb | 30 + .../openstack-ops-database/recipes/client.rb | 21 + .../recipes/mysql-client.rb | 26 + .../recipes/mysql-server.rb | 69 + .../recipes/openstack-db.rb | 64 + .../recipes/postgresql-client.rb | 27 + .../recipes/postgresql-server.rb | 32 + .../openstack-ops-database/recipes/server.rb | 21 + .../spec/client_spec.rb | 24 + .../spec/mysql-client-opensuse_spec.rb | 15 + .../spec/mysql-client_spec.rb | 20 + .../spec/mysql-server_spec.rb | 78 + .../spec/openstack-db_spec.rb | 59 + .../spec/postgresql-server_spec.rb | 21 + .../spec/server_spec.rb | 34 + .../spec/spec_helper.rb | 24 + .../cookbooks/openstack-ops-messaging/.tailor | 25 + .../openstack-ops-messaging/Berksfile | 4 + .../openstack-ops-messaging/Berksfile.lock | 46 + .../openstack-ops-messaging/CHANGELOG.md | 4 + .../cookbooks/openstack-ops-messaging/Gemfile | 9 + .../openstack-ops-messaging/Gemfile.lock | 223 + .../cookbooks/openstack-ops-messaging/LICENSE | 201 + .../openstack-ops-messaging/README.md | 84 + .../openstack-ops-messaging/Strainerfile | 5 + .../attributes/default.rb | 21 + .../openstack-ops-messaging/metadata.rb | 16 + .../recipes/rabbitmq-server.rb | 88 + .../openstack-ops-messaging/recipes/server.rb | 22 + .../spec/rabbitmq-server_spec.rb | 130 + .../spec/server_spec.rb | 14 + .../spec/spec_helper.rb | 30 + .../cookbooks/postgresql/.kitchen.yml | 78 + .../cookbooks/postgresql/Berksfile | 7 + .../cookbooks/postgresql/CHANGELOG.md | 102 + .../cookbooks/postgresql/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/postgresql/LICENSE | 201 + .../cookbooks/postgresql/README.md | 438 ++ .../cookbooks/postgresql/TESTING.md | 25 + .../postgresql/attributes/default.rb | 419 ++ .../minitest/apt_pgdg_postgresql_test.rb | 39 + .../default/tests/minitest/default_test.rb | 27 + .../files/default/tests/minitest/ruby_test.rb | 28 + .../default/tests/minitest/server_test.rb | 43 + .../default/tests/minitest/support/helpers.rb | 29 + .../cookbooks/postgresql/libraries/default.rb | 352 + .../cookbooks/postgresql/metadata.json | 47 + .../cookbooks/postgresql/metadata.rb | 25 + .../postgresql/recipes/apt_pgdg_postgresql.rb | 18 + .../cookbooks/postgresql/recipes/client.rb | 34 + .../postgresql/recipes/config_initdb.rb | 148 + .../postgresql/recipes/config_pgtune.rb | 280 + .../cookbooks/postgresql/recipes/contrib.rb | 42 + .../cookbooks/postgresql/recipes/default.rb | 20 + .../cookbooks/postgresql/recipes/ruby.rb | 101 + .../cookbooks/postgresql/recipes/server.rb | 90 + .../postgresql/recipes/server_debian.rb | 34 + .../postgresql/recipes/server_redhat.rb | 59 + .../postgresql/recipes/yum_pgdg_postgresql.rb | 60 + .../templates/default/pg_hba.conf.erb | 35 + .../templates/default/postgresql.conf.erb | 20 + .../grizzly-xcat/cookbooks/pull.sh | 11 + .../cookbooks/python/.kitchen.yml | 41 + .../grizzly-xcat/cookbooks/python/Berksfile | 8 + .../cookbooks/python/CHANGELOG.md | 56 + .../cookbooks/python/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/python/LICENSE | 201 + .../grizzly-xcat/cookbooks/python/README.md | 173 + .../grizzly-xcat/cookbooks/python/TESTING.md | 25 + .../cookbooks/python/attributes/default.rb | 42 + .../cookbooks/python/metadata.json | 43 + .../grizzly-xcat/cookbooks/python/metadata.rb | 19 + .../cookbooks/python/providers/pip.rb | 168 + .../cookbooks/python/providers/virtualenv.rb | 74 + .../cookbooks/python/recipes/default.rb | 23 + .../cookbooks/python/recipes/package.rb | 43 + .../cookbooks/python/recipes/pip.rb | 46 + .../cookbooks/python/recipes/source.rb | 56 + .../cookbooks/python/recipes/virtualenv.rb | 25 + .../cookbooks/python/resources/pip.rb | 36 + .../cookbooks/python/resources/virtualenv.rb | 34 + .../cookbooks/rabbitmq/.kitchen.yml | 192 + .../grizzly-xcat/cookbooks/rabbitmq/Berksfile | 10 + .../cookbooks/rabbitmq/CHANGELOG.md | 124 + .../cookbooks/rabbitmq/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/rabbitmq/LICENSE | 201 + .../grizzly-xcat/cookbooks/rabbitmq/README.md | 176 + .../cookbooks/rabbitmq/TESTING.md | 39 + .../cookbooks/rabbitmq/attributes/default.rb | 102 + .../cookbooks/rabbitmq/metadata.rb | 104 + .../cookbooks/rabbitmq/providers/plugin.rb | 55 + .../cookbooks/rabbitmq/providers/policy.rb | 92 + .../cookbooks/rabbitmq/providers/user.rb | 173 + .../cookbooks/rabbitmq/providers/vhost.rb | 55 + .../cookbooks/rabbitmq/recipes/default.rb | 186 + .../rabbitmq/recipes/mgmt_console.rb | 31 + .../rabbitmq/recipes/plugin_management.rb | 36 + .../rabbitmq/recipes/policy_management.rb | 40 + .../rabbitmq/recipes/user_management.rb | 47 + .../recipes/virtualhost_management.rb | 37 + .../cookbooks/rabbitmq/resources/plugin.rb | 23 + .../cookbooks/rabbitmq/resources/policy.rb | 28 + .../cookbooks/rabbitmq/resources/user.rb | 31 + .../cookbooks/rabbitmq/resources/vhost.rb | 27 + .../templates/default/doterlang.cookie.erb | 1 + .../templates/default/rabbitmq-env.conf.erb | 22 + .../templates/default/rabbitmq.config.erb | 45 + .../default/rabbitmq.upstart.conf.erb | 11 + .../test/cookbooks/rabbitmq_test/README.md | 1 + .../default/tests/minitest/cluster_test.rb | 29 + .../default/tests/minitest/cook-1684_test.rb | 41 + .../default/tests/minitest/cook-1724_test.rb | 31 + .../tests/minitest/cook-2151-3489_test.rb | 37 + .../default/tests/minitest/default_test.rb | 61 + .../default/tests/minitest/lwrps_test.rb | 61 + .../tests/minitest/mgmt_console_test.rb | 30 + .../files/default/tests/minitest/ssl_test.rb | 18 + .../default/tests/minitest/support/helpers.rb | 45 + .../test/cookbooks/rabbitmq_test/metadata.rb | 7 + .../rabbitmq_test/recipes/cluster.rb | 21 + .../rabbitmq_test/recipes/cook-2151-3489.rb | 14 + .../rabbitmq_test/recipes/default.rb | 29 + .../cookbooks/rabbitmq_test/recipes/lwrps.rb | 38 + .../rabbitmq_test/recipes/mgmt_console.rb | 29 + .../cookbooks/rabbitmq_test/recipes/ssl.rb | 18 + .../grizzly-xcat/cookbooks/runit/.kitchen.yml | 33 + .../grizzly-xcat/cookbooks/runit/Berksfile | 10 + .../grizzly-xcat/cookbooks/runit/CHANGELOG.md | 81 + .../cookbooks/runit/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/runit/Gemfile | 14 + .../grizzly-xcat/cookbooks/runit/LICENSE | 201 + .../grizzly-xcat/cookbooks/runit/README.md | 448 ++ .../grizzly-xcat/cookbooks/runit/Rakefile | 17 + .../grizzly-xcat/cookbooks/runit/Vagrantfile | 6 + .../cookbooks/runit/attributes/default.rb | 77 + .../runit/files/default/runit-2.1.1.tar.gz | Bin 0 -> 4014 bytes .../cookbooks/runit/files/default/runit.seed | 1 + .../cookbooks/runit/files/default/runsvdir | 0 .../runit/files/ubuntu-6.10/runsvdir | 6 + .../runit/files/ubuntu-7.04/runsvdir | 7 + .../runit/files/ubuntu-7.10/runsvdir | 7 + .../runit/files/ubuntu-8.04/runsvdir | 7 + .../cookbooks/runit/libraries/default.rb | 0 .../runit/libraries/provider_runit_service.rb | 434 ++ .../runit/libraries/resource_runit_service.rb | 185 + .../grizzly-xcat/cookbooks/runit/metadata.rb | 16 + .../cookbooks/runit/recipes/default.rb | 117 + .../runit/templates/debian/init.d.erb | 66 + .../runit/templates/gentoo/runit-start.sh.erb | 32 + .../cookbooks/runit/test/kitchen/Kitchenfile | 4 + .../cookbooks/runit-other_test/README.md | 1 + .../cookbooks/runit-other_test/metadata.rb | 6 + .../sv-other-cookbook-templates-log-run.erb | 2 + .../sv-other-cookbook-templates-run.erb | 3 + .../kitchen/cookbooks/runit_test/README.md | 1 + .../default/tests/minitest/default_test.rb | 30 + .../default/tests/minitest/service_test.rb | 120 + .../default/tests/minitest/support/helpers.rb | 29 + .../kitchen/cookbooks/runit_test/metadata.rb | 6 + .../cookbooks/runit_test/recipes/default.rb | 20 + .../cookbooks/runit_test/recipes/service.rb | 145 + .../templates/default/sv-calabash-run.erb | 3 + .../default/sv-control-signals-log-run.erb | 2 + .../default/sv-control-signals-run.erb | 3 + .../default/sv-control-signals-u.erb | 2 + .../default/sv-default-svlog-run.erb | 3 + .../default/sv-downed-service-log-run.erb | 2 + .../default/sv-downed-service-run.erb | 3 + .../default/sv-env-files-log-run.erb | 2 + .../templates/default/sv-env-files-run.erb | 3 + .../default/sv-exist-disabled-log-run.erb | 2 + .../default/sv-exist-disabled-run.erb | 3 + .../templates/default/sv-finisher-finish.erb | 9 + .../templates/default/sv-finisher-log-run.erb | 2 + .../templates/default/sv-finisher-run.erb | 3 + .../default/sv-floyds-app-log-run.erb | 2 + .../templates/default/sv-floyds-app-run.erb | 3 + .../templates/default/sv-no-svlog-run.erb | 3 + .../default/sv-plain-defaults-log-run.erb | 2 + .../default/sv-plain-defaults-run.erb | 3 + .../default/sv-runsvdir-floyd-log-run.erb | 2 + .../default/sv-runsvdir-floyd-run.erb | 3 + .../default/sv-template-options-log-run.erb | 2 + .../default/sv-template-options-run.erb | 4 + .../default/sv-yerba-matte-finish.erb | 9 + .../default/sv-yerba-matte-log-run.erb | 2 + .../templates/default/sv-yerba-run.erb | 3 + .../libraries/provider_runit_service_spec.rb | 416 ++ .../libraries/resource_runit_service_spec.rb | 231 + .../cookbooks/runit/test/spec/spec_helper.rb | 26 + .../cookbooks/selinux/CHANGELOG.md | 17 + .../cookbooks/selinux/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/selinux/LICENSE | 201 + .../grizzly-xcat/cookbooks/selinux/README.md | 51 + .../cookbooks/selinux/metadata.json | 29 + .../cookbooks/selinux/metadata.rb | 7 + .../cookbooks/selinux/recipes/default.rb | 18 + .../cookbooks/selinux/recipes/disabled.rb | 35 + .../cookbooks/selinux/recipes/enforcing.rb | 33 + .../cookbooks/selinux/recipes/permissive.rb | 35 + .../templates/default/sysconfig/selinux.erb | 11 + .../grizzly-xcat/cookbooks/statsd/README.md | 69 + .../cookbooks/statsd/attributes/default.rb | 32 + .../statsd/files/default/upstart.conf | 16 + .../grizzly-xcat/cookbooks/statsd/metadata.rb | 12 + .../cookbooks/statsd/recipes/default.rb | 110 + .../statsd/templates/default/config.js.erb | 1 + .../templates/default/upstart.start.erb | 6 + .../cookbooks/sysctl/.kitchen.yml | 46 + .../grizzly-xcat/cookbooks/sysctl/.tailor | 107 + .../grizzly-xcat/cookbooks/sysctl/.travis.yml | 6 + .../grizzly-xcat/cookbooks/sysctl/Berksfile | 20 + .../cookbooks/sysctl/Berksfile.lock | 7 + .../cookbooks/sysctl/CHANGELOG.md | 27 + .../cookbooks/sysctl/CONTRIBUTING.md | 105 + .../grizzly-xcat/cookbooks/sysctl/Gemfile | 9 + .../cookbooks/sysctl/Gemfile.lock | 134 + .../grizzly-xcat/cookbooks/sysctl/README.md | 81 + .../grizzly-xcat/cookbooks/sysctl/Thorfile | 24 + .../grizzly-xcat/cookbooks/sysctl/Vagrantfile | 82 + .../cookbooks/sysctl/attributes/default.rb | 8 + .../grizzly-xcat/cookbooks/sysctl/chefignore | 96 + .../cookbooks/sysctl/libraries/sysctl.rb | 17 + .../cookbooks/sysctl/metadata.json | 33 + .../grizzly-xcat/cookbooks/sysctl/metadata.rb | 10 + .../cookbooks/sysctl/providers/param.rb | 47 + .../cookbooks/sysctl/recipes/default.rb | 47 + .../cookbooks/sysctl/resources/param.rb | 5 + .../templates/default/procps.init-rhel.erb | 30 + .../sysctl/templates/default/sysctl.conf.erb | 4 + .../cookbooks/windows/CHANGELOG.md | 217 + .../cookbooks/windows/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/windows/LICENSE | 201 + .../grizzly-xcat/cookbooks/windows/README.md | 626 ++ .../grizzly-xcat/cookbooks/windows/TODO.md | 6 + .../cookbooks/windows/attributes/default.rb | 23 + .../handlers/windows_reboot_handler.rb | 76 + .../windows/libraries/feature_base.rb | 41 + .../cookbooks/windows/libraries/helper.rb | 88 + .../windows/libraries/registry_helper.rb | 357 + .../cookbooks/windows/libraries/version.rb | 206 + .../windows/libraries/windows_privileged.rb | 94 + .../cookbooks/windows/metadata.rb | 9 + .../cookbooks/windows/providers/auto_run.rb | 32 + .../cookbooks/windows/providers/batch.rb | 62 + .../windows/providers/feature_dism.rb | 49 + .../providers/feature_servermanagercmd.rb | 47 + .../cookbooks/windows/providers/package.rb | 252 + .../cookbooks/windows/providers/pagefile.rb | 153 + .../cookbooks/windows/providers/path.rb | 35 + .../cookbooks/windows/providers/printer.rb | 100 + .../windows/providers/printer_port.rb | 102 + .../cookbooks/windows/providers/reboot.rb | 31 + .../cookbooks/windows/providers/registry.rb | 72 + .../cookbooks/windows/providers/shortcut.rb | 56 + .../cookbooks/windows/providers/task.rb | 130 + .../cookbooks/windows/providers/zipfile.rb | 91 + .../cookbooks/windows/recipes/default.rb | 34 + .../windows/recipes/reboot_handler.rb | 32 + .../cookbooks/windows/resources/auto_run.rb | 30 + .../cookbooks/windows/resources/batch.rb | 36 + .../cookbooks/windows/resources/feature.rb | 40 + .../cookbooks/windows/resources/package.rb | 46 + .../cookbooks/windows/resources/pagefile.rb | 29 + .../cookbooks/windows/resources/path.rb | 28 + .../cookbooks/windows/resources/printer.rb | 41 + .../windows/resources/printer_port.rb | 40 + .../cookbooks/windows/resources/reboot.rb | 29 + .../cookbooks/windows/resources/registry.rb | 34 + .../cookbooks/windows/resources/shortcut.rb | 35 + .../cookbooks/windows/resources/task.rb | 50 + .../cookbooks/windows/resources/zipfile.rb | 33 + .../grizzly-xcat/cookbooks/xfs/CHANGELOG.md | 3 + .../grizzly-xcat/cookbooks/xfs/CONTRIBUTING | 29 + .../grizzly-xcat/cookbooks/xfs/LICENSE | 201 + .../grizzly-xcat/cookbooks/xfs/README.md | 30 + .../grizzly-xcat/cookbooks/xfs/metadata.json | 37 + .../grizzly-xcat/cookbooks/xfs/metadata.rb | 13 + .../cookbooks/xfs/recipes/default.rb | 28 + .../grizzly-xcat/cookbooks/yum/.kitchen.yml | 22 + .../grizzly-xcat/cookbooks/yum/Berksfile | 7 + .../grizzly-xcat/cookbooks/yum/CHANGELOG.md | 110 + .../cookbooks/yum/CONTRIBUTING.md | 257 + .../grizzly-xcat/cookbooks/yum/LICENSE | 201 + .../grizzly-xcat/cookbooks/yum/README.md | 272 + .../cookbooks/yum/attributes/default.rb | 30 + .../cookbooks/yum/attributes/elrepo.rb | 24 + .../cookbooks/yum/attributes/epel.rb | 39 + .../cookbooks/yum/attributes/remi.rb | 30 + .../default/tests/minitest/default_test.rb | 28 + .../default/tests/minitest/support/helpers.rb | 37 + .../files/default/tests/minitest/test_test.rb | 66 + .../grizzly-xcat/cookbooks/yum/metadata.json | 1 + .../grizzly-xcat/cookbooks/yum/metadata.rb | 37 + .../cookbooks/yum/providers/key.rb | 79 + .../cookbooks/yum/providers/repository.rb | 125 + .../cookbooks/yum/recipes/default.rb | 18 + .../cookbooks/yum/recipes/elrepo.rb | 31 + .../cookbooks/yum/recipes/epel.rb | 35 + .../grizzly-xcat/cookbooks/yum/recipes/ius.rb | 42 + .../cookbooks/yum/recipes/remi.rb | 35 + .../cookbooks/yum/recipes/repoforge.rb | 41 + .../cookbooks/yum/recipes/test.rb | 39 + .../grizzly-xcat/cookbooks/yum/recipes/yum.rb | 23 + .../cookbooks/yum/resources/key.rb | 29 + .../cookbooks/yum/resources/repository.rb | 42 + .../cookbooks/yum/templates/default/repo.erb | 41 + .../yum/templates/default/yum-rhel5.conf.erb | 33 + .../yum/templates/default/yum-rhel6.conf.erb | 36 + .../environments/grizzly_allinone.rb.tmpl | 158 + ...nant_routers_with_private_networks.rb.tmpl | 156 + .../grizzly-xcat/roles/allinone-compute.rb | 6 + .../grizzly-xcat/roles/os-base.rb | 6 + .../roles/os-block-storage-api.rb | 6 + .../os-block-storage-endpoint-registration.rb | 6 + .../roles/os-block-storage-scheduler.rb | 6 + .../roles/os-block-storage-worker.rb | 6 + .../grizzly-xcat/roles/os-block-storage.rb | 6 + .../grizzly-xcat/roles/os-compute-api-ec2.rb | 6 + .../roles/os-compute-api-metadata.rb | 6 + .../roles/os-compute-api-os-compute.rb | 6 + .../grizzly-xcat/roles/os-compute-api.rb | 7 + .../grizzly-xcat/roles/os-compute-cert.rb | 6 + .../roles/os-compute-endpoint-registration.rb | 6 + .../roles/os-compute-scheduler.rb | 6 + .../grizzly-xcat/roles/os-compute-setup.rb | 7 + .../roles/os-compute-single-controller.rb | 22 + .../grizzly-xcat/roles/os-compute-vncproxy.rb | 7 + .../grizzly-xcat/roles/os-compute-worker.rb | 7 + .../grizzly-xcat/roles/os-computer.rb | 8 + .../grizzly-xcat/roles/os-dashboard.rb | 6 + .../roles/os-identity-api-admin.rb | 7 + .../grizzly-xcat/roles/os-identity-api.rb | 6 + .../grizzly-xcat/roles/os-identity.rb | 7 + .../grizzly-xcat/roles/os-image-api.rb | 7 + .../roles/os-image-endpoint-registration.rb | 6 + .../grizzly-xcat/roles/os-image-registry.rb | 7 + .../grizzly-xcat/roles/os-image.rb | 6 + .../grizzly-xcat/roles/os-infra-caching.rb | 6 + .../grizzly-xcat/roles/os-l2-l3-networker.rb | 8 + .../grizzly-xcat/roles/os-l2-networker.rb | 7 + .../roles/os-network-dhcp-agent.rb | 7 + .../roles/os-network-endpoint-registration.rb | 6 + .../grizzly-xcat/roles/os-network-l3-agent.rb | 7 + .../roles/os-network-openvswitch.rb | 7 + .../grizzly-xcat/roles/os-network-server.rb | 7 + .../grizzly-xcat/roles/os-network.rb | 9 + .../roles/os-object-storage-account.rb | 6 + .../roles/os-object-storage-container.rb | 6 + .../roles/os-object-storage-management.rb | 6 + .../roles/os-object-storage-object.rb | 6 + .../roles/os-object-storage-proxy.rb | 6 + .../grizzly-xcat/roles/os-object-storage.rb | 6 + .../grizzly-xcat/roles/os-ops-database.rb | 7 + .../grizzly-xcat/roles/os-ops-messaging.rb | 6 + .../roles/os-single-controller.rb | 22 + 1209 files changed, 83604 insertions(+) create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.rubocop.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.travis.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_cas.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_openid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_fastcgi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_ssl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_conf.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_module.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_site.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/web_app.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/apache2_module_conf_generate.pl create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/god_monitor_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_apreq2_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_cgi_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_fastcgi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_include_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_perl_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_php5_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_python_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_ssl_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/god_monitor.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/iptables.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/logrotate.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_actions.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_alias.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_apreq2.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_basic.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_cas.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_digest.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_openid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authn_file.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authnz_ldap.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_groupfile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_host.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_autoindex.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cgi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cloudflare.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_fs.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_svn.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_deflate.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dir.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_env.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_expires.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fastcgi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fcgid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_filter.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_headers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_include.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_info.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ldap.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_log_config.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_logio.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_mime.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_negotiation.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_perl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_php5.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_ajp.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_balancer.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_connect.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_http.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_python.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_rewrite.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_setenvif.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ssl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_status.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_userdir.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_wsgi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_xsendfile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dismod.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dissite.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2enmod.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2ensite.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.god.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/charset.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/default-site.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/etc-sysconfig-httpd.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/README create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/alias.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.load.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/authopenid.load.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/autoindex.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/deflate.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/dir.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fastcgi.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fcgid.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/info.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/mime.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/negotiation.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/php5.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/proxy.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/setenvif.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/ssl.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/status.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/port_apache.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/ports.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/security.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/web_app.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/alias_paths.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_basic.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_digest.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_openid.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_groupfile.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_host.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_ldap.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_users.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_web_app.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_webserver.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/compress_server_response.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/control_caching.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/directory_listing.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_cgi_scripts.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_perl_applications.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_php_applications.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_python_applications.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_source_control_repositories.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/proxy_java_applications.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/secure_requests.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/svn_steps.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/webserver_steps.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/env.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/svn_helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/web_helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support_older_browsers.feature create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/Kitchenfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/Cheffile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/ssl/ldap.example.com.pem create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/modules_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/basic_web_app.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/god_monitor.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_basic.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_digest.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_openid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authnz_ldap.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_groupfile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_listed_host.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_unlisted_host.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_cgi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_dav_svn.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_expires.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_perl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_php5.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_proxy_ajp.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_python.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_ssl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_status_remote.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/modules.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/setup.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_basic.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_digest.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_openid.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authnz_ldap.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_groupfile.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_host.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_user.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/cache_test.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/entries.ldif.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/java_env.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/perl_env.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/php_env.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/python_env.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/ssl.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/status.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/svn_repo.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/files/default/apt-proxy-v2.conf create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/preference.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/repository.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-ng.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/preference.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/repository.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/01proxy.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/acng.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/ubuntu-10.04/acng.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/libraries/ec2.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_raid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_volume.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_ip.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_lb.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/resource_tag.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_raid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_volume.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_ip.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_lb.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/resource_tag.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/debian.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/fedora.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/mac_os_x.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/rhel.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/smartos.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/solaris2.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/suse.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/files/default/handlers/README create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/providers/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/json_file.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/resources/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_backup.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_volume.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/master.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/mysql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/postgresql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/snapshot.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/app_grants.sql.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/aws_config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.cron.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.json.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.rb.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-backup-cron.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-backup.sh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-restore.sh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/s3cfg.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/TODO.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/providers/package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/resources/package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/chefignore create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/esl_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/gui_tools_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/esl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/source.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/source.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/windows.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/git-xinetd.d.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database_user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_backup.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_volume.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/master.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/mysql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/postgresql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/snapshot.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/app_grants.sql.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/aws_config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.cron.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.json.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.rb.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-backup-cron.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-backup.sh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-restore.sh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/s3cfg.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/definitions/memcached_instance.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.default.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.sysconfig.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/Kitchenfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/Cheffile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/instance.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/percona_repo.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/libraries/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/percona_repo.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/ruby.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server_ec2.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/debian.cnf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/grants.sql.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/my.cnf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/mysql-server.seed.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/port_mysql.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/windows/my.cnf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.travis.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Rakefile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_binary.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_source.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/npm.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/package/bats/package.bats create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/source/bats/source.bats create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/support/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/config_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/port_ssh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/ssh_config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/sshd_config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/libraries/secure_password.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/cinder-common.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/identity_registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/scheduler.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/volume.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/default_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/identity_registration_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/api-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/cinder.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/policy.json.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/shares.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/targets.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/endpoints.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/network.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/parse.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/passwords.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/search.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/uri.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/logging.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/database_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default-suse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/endpoints_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/logging_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/network_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/parse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/password_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/search_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/uri_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/templates/default/logging.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb.ave create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/add_floaters.py create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova-compute.conf create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova_plugin.py create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/policy.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-ec2.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-os-compute.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/compute.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/conductor.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/identity_registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/libvirt.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/network.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-cert.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-common.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-setup.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/scheduler.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/vncproxy.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/default_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/identity_registration_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-setup_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/api-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/collectd-plugin-mysql.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirt-bin.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/nova.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/openrc.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/api-metadata.filters.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/compute.filters.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/network.filters.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/css/folsom.css create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.key create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.pem create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/default_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-fedora_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/dash-site.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/default_stylesheets.html.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/local_settings.py.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/rs_stylesheets.html.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/providers/register.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/resources/register.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/default_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/register_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/registration_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/default_catalog.templates.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/keystone.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/files/default/glance_plugin.py create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/providers/image.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/identity_registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/registry.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/resources/image.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/default_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/identity_registration_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/policy.json.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/files/default/policy.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-central.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-compute.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/collector.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/common.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/identity_registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/identity_registration_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/templates/default/ceilometer.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb.save create mode 100755 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/disable-eth-offload.sh create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/debug.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/dhcp.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/iptables-firewall.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/l3.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/lbaas-haproxy.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/linuxbridge-plugin.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/nec-plugin.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/openvswitch-plugin.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/ryu-plugin.filters create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/ovs-dpctl-top create mode 100755 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/quantum-ha-tool.py create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/balancer.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/bigswitch.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/brocade.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/build_openvswitch_source.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/cisco.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/common.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb.bak create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/hyperv.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/identity_registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/l3_agent.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/linuxbridge.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metadata_agent.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metaplugin.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/midonet.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nicira.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/openvswitch.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/plumgrid.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/ryu.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/balancer_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/build_openvswitch_source_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/common_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/identity_registration_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/l3_agent_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/metadata_agent_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-redhat_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/api-paste.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dhcp_agent.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dnsmasq.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/l3_agent.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/lbaas_agent.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/metadata_agent.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/bigswitch/restproxy.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/brocade/brocade.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/cisco/cisco_plugins.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/hyperv/hyperv_quantum_plugin.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/linuxbridge/linuxbridge_conf.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/metaplugin/metaplugin.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/midonet/midonet.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nec/nec.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nicira/nvp.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/openvswitch/ovs_quantum_plugin.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/plumgrid/plumgrid.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/ryu/ryu.ini.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/policy.json.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum-server.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.sysconfig.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/rootwrap.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/5EDB1B62EC4926EA create mode 100755 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/cluster_stats.py create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/git-daemon.default create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.init create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.service create mode 100755 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/swift_stats.py create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/drive_utils.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/ip_utils.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/disk.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/mounts.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/ring_script.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/account-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/common.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/container-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/disks.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/management-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/memcached.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/ring-repo.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/rsync.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/setup.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/storage-common.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/disk.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/mounts.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/ring_script.rb create mode 100755 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/run_tests.bash create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/account_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/common_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/container_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/disks_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/management_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/object_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/proxy_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/ring-repo_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/rsync_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/storage-common_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/account-server.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/container-server.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/dispersion.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/drive-audit.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/object-server.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/pull-rings.sh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-redhat-init-config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-systemd-config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/openstack-db.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/client_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client-opensuse_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/openstack-db_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/postgresql-server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Strainerfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/rabbitmq-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/rabbitmq-server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/server_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/apt_pgdg_postgresql_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/ruby_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/server_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/libraries/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/client.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_initdb.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_pgtune.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/contrib.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/ruby.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_debian.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_redhat.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/pg_hba.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/postgresql.conf.erb create mode 100755 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/pull.sh create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/pip.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/virtualenv.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/pip.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/source.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/virtualenv.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/pip.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/virtualenv.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/TESTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/plugin.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/policy.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/vhost.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/mgmt_console.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/plugin_management.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/policy_management.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/user_management.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/virtualhost_management.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/plugin.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/policy.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/user.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/vhost.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.upstart.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cluster_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1684_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1724_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-2151-3489_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/lwrps_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/mgmt_console_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/ssl_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cluster.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cook-2151-3489.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/lwrps.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/mgmt_console.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/ssl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Rakefile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Vagrantfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit-2.1.1.tar.gz create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit.seed create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runsvdir create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-6.10/runsvdir create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.04/runsvdir create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.10/runsvdir create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-8.04/runsvdir create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/provider_runit_service.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/resource_runit_service.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/debian/init.d.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/gentoo/runit-start.sh.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/Kitchenfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/service_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/service.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-calabash-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-u.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-default-svlog-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-finish.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-no-svlog-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-finish.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-log-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-run.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/provider_runit_service_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/resource_runit_service_spec.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/spec_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/disabled.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/enforcing.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/permissive.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/templates/default/sysconfig/selinux.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/files/default/upstart.conf create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/templates/default/config.js.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/templates/default/upstart.start.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.tailor create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.travis.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile.lock create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Thorfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Vagrantfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/chefignore create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/libraries/sysctl.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/providers/param.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/resources/param.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/procps.init-rhel.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/sysctl.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/TODO.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/files/default/handlers/windows_reboot_handler.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/feature_base.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/registry_helper.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/version.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/windows_privileged.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/auto_run.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/batch.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_dism.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_servermanagercmd.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/pagefile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/path.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer_port.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/reboot.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/registry.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/shortcut.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/task.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/zipfile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/reboot_handler.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/auto_run.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/batch.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/feature.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/package.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/pagefile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/path.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer_port.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/reboot.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/registry.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/shortcut.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/task.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/zipfile.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CONTRIBUTING create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/.kitchen.yml create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/Berksfile create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CHANGELOG.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CONTRIBUTING.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/LICENSE create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/README.md create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/elrepo.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/epel.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/remi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/default_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/support/helpers.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/test_test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.json create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/key.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/repository.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/default.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/elrepo.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/epel.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/ius.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/remi.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/repoforge.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/test.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/yum.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/key.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/repository.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/repo.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel5.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel6.conf.erb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_allinone.rb.tmpl create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_per-tenant_routers_with_private_networks.rb.tmpl create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/allinone-compute.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-base.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-endpoint-registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-scheduler.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-worker.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-ec2.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-metadata.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-os-compute.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-cert.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-endpoint-registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-scheduler.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-setup.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-single-controller.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-vncproxy.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-worker.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-computer.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-dashboard.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api-admin.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-api.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-endpoint-registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-registry.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-infra-caching.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-l3-networker.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-networker.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-dhcp-agent.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-endpoint-registration.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-l3-agent.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-openvswitch.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-server.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-account.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-container.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-management.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-object.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-proxy.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-database.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-messaging.rb create mode 100644 xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-single-controller.rb diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.rubocop.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.rubocop.yml new file mode 100644 index 000000000..88077b4cc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.rubocop.yml @@ -0,0 +1,15 @@ +AllCops: + Excludes: + - test/** + - vendor/** + +AlignParameters: + Enabled: false +Encoding: + Enabled: false +HashSyntax: + Enabled: false +LineLength: + Enabled: false +MethodLength: + Max: 30 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.travis.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.travis.yml new file mode 100644 index 000000000..6b50eead1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/.travis.yml @@ -0,0 +1,9 @@ +rvm: + - 1.9.3 + - 2.0.0 +before_script: + - bundle exec berks install +script: + - bundle exec foodcritic -f any . --tags ~FC007 --tags ~FC015 --tags ~FC023 + # - bundle exec rspec --color --format progress + - bundle exec rubocop diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Berksfile new file mode 100644 index 000000000..54c9d8839 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Berksfile @@ -0,0 +1,7 @@ +site :opscode +metadata + +group :integration do + cookbook 'apt', '~> 2.0' + cookbook 'yum', '~> 2.0' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CHANGELOG.md new file mode 100644 index 000000000..d7d45204d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CHANGELOG.md @@ -0,0 +1,198 @@ +apache2 Cookbook Changelog +========================== +This file is used to list changes made in each version of the apache2 cookbook. + +v1.8.4 +------ +### Bug +- **[COOK-3769](https://tickets.opscode.com/browse/COOK-3769)** - Fix a critical bug where the `apache_module` could not enable modules + + +v1.8.2 +------ +### Bug +- **[COOK-3766](https://tickets.opscode.com/browse/COOK-3766)** - Fix an issue where the `mod_ssl` recipe fails due to a missing attribute + + +v1.8.0 +------ +### Bug +- **[COOK-3680](https://tickets.opscode.com/browse/COOK-3680)** - Update template paths +- **[COOK-3570](https://tickets.opscode.com/browse/COOK-3570)** - Apache cookbook breaks on RHEL / CentOS 6 +- **[COOK-2944](https://tickets.opscode.com/browse/COOK-2944)** - Fix foodcritic failures +- **[COOK-2893](https://tickets.opscode.com/browse/COOK-2893)** - Improve mod_auth_openid recipe with guards and idempotency +- **[COOK-2758](https://tickets.opscode.com/browse/COOK-2758)** - Fix use of non-existent attribute + +### New Feature +- **[COOK-3665](https://tickets.opscode.com/browse/COOK-3665)** - Add recipe for mod_userdir +- **[COOK-3646](https://tickets.opscode.com/browse/COOK-3646)** - Add recipe for mod_cloudflare +- **[COOK-3213](https://tickets.opscode.com/browse/COOK-3213)** - Add recipe for mod_info + +### Improvement +- **[COOK-3656](https://tickets.opscode.com/browse/COOK-3656)** - Parameterize apache2 binary +- **[COOK-3562](https://tickets.opscode.com/browse/COOK-3562)** - Allow mod_proxy settings to be configured as attributes +- **[COOK-3326](https://tickets.opscode.com/browse/COOK-3326)** - Fix default_test to use ServerTokens attribute +- **[COOK-2635](https://tickets.opscode.com/browse/COOK-2635)** - Add support for SVG mime types +- **[COOK-2598](https://tickets.opscode.com/browse/COOK-2598)** - FastCGI Module only works on Debian-based platforms +- **[COOK-1984](https://tickets.opscode.com/browse/COOK-1984)** - Add option to configure the address apache listens to + + +v1.7.0 +------ +### Improvement + +- [COOK-3073]: make access.log location configurable per-platform +- [COOK-3074]: don't hardcode the error.log location in the default site config +- [COOK-3268]: don't hardcode DocumentRoot and cgi-bin locations in `default_site` + +### New Feature + +- [COOK-3184]: Add `mod_filter` recipe to Apache2-cookbook +- [COOK-3236]: Add `mod_action` recipe to Apache2-cookbook + +v1.6.6 +------ +1.6.4 had a missed step in the automated release, long live 1.6.6. + +### Bug + +- [COOK-3018]: apache2_module does duplicate delayed restart of apache2 service when conf = true +- [COOK-3027]: Default site enable true, then false, does not disable default site +- [COOK-3109]: fix apache lib_dir arch attribute regexp + +v1.6.2 +------ +- [COOK-2535] - `mod_auth_openid` requires libtool to run autogen.sh +- [COOK-2667] - Typo in usage documentation +- [COOK-2461] - `apache2::mod_auth_openid` fails on some ubuntu systems +- [COOK-2720] - Apache2 minitest helper function `ran_recipe` is not portable + +v1.6.0 +------ +- [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default to 16) + +v1.5.0 +------ +The `mod_auth_openid` attributes are changed. The upstream maintainer deprecated the older release versions, and the source repository has releases available at specific SHA1SUM references. The new attribute, `node['apache']['mod_auth_openid']['ref']` is used to set this. + +- [COOK-2198] - `apache::mod_auth_openid` compiles from source, but does not install make on debian/ubuntu +- [COOK-2224] - version conflict between cucumber and other gems +- [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without ensuring package 'which' is installed +- [COOK-2269] - Set allow list for mod_status incase external monitor scripts need +- [COOK-2276] - cookbook apache2 documentation regarding listening ports doesn't match default attributes +- [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the version I need for features and fixes +- [COOK-2323] - Add Oracle linux support + +v1.4.2 +------ +- [COOK-1721] - fix logrotate recipe + +v1.4.0 +------ +- [COOK-1456] - iptables enhancements +- [COOK-1473] - apache2 does not disable default site when setting "`default_site_enabled`" back to false +- [COOK-1824] - the apache2 cookbook needs to specify which binary is used on rhel platform +- [COOK-1916] - Download location wrong for apache2 `mod_auth_openid` >= 0.7 +- [COOK-1917] - Improve `mod_auth_openid` recipe to handle module upgrade more gracefully +- [COOK-2029] - apache2 restarts on every run on RHEL and friends, generate-module-list on every run. +- [COOK-2036] - apache2: Cookbook style + +v1.3.2 +------ +- [COOK-1804] - fix `web_app` definition parameter so site can be disabled. + +v1.3.0 +------ +- [COOK-1738] - Better configuration for `mod_include` and some overrides in `web_app` definition +- [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack + +v1.2.0 +------ +- [COOK-692] - delete package conf.d files in module recipes, for EL +- [COOK-1693] - Foodcritic finding for unnecessary string interpolation +- [COOK-1757] - platform_family and better style / usage practices + +v1.1.16 +------- +re-releasing as .16 due to error on tag 1.1.14 + +- [COOK-1466] - add `mod_auth_cas` recipe +- [COOK-1609] - apache2 changes ports.conf twice per run when using apache2::mod_ssl + +v1.1.12 +------- +- [COOK-1436] - restore apache2 web_app definition +- [COOK-1356] - allow ExtendedStatus via attribute +- [COOK-1403] - add mod_fastcgi recipe + +v1.1.10 +------- +- [COOK-1315] - allow the default site to not be enabled +- [COOK-1328] - cookbook tests (minitest, cucumber) + +v1.1.8 +------ +- Some platforms with minimal installations that don't have perl won't have a `node['languages']['perl']` attribute, so remove the conditional and rely on the power of idempotence in the package resource. +- [COOK-1214] - address foodcritic warnings +- [COOK-1180] - add `mod_logio` and fix `mod_proxy` + +v1.1.6 +------ +FreeBSD users: This release requires the `freebsd` cookbook. See README.md. + +- [COOK-1025] - freebsd support in mod_php5 recipe + +v1.1.4 +------ +- [COOK-1100] - support amazon linux + +v1.1.2 +------ +- [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches +- [COOK-1083] - return string for v_f_p and use correct value for default + +v1.1.0 +------ +- [COOK-861] - Add `mod_perl` and apreq2 +- [COOK-941] - fix `mod_auth_openid` on FreeBSD +- [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy +- [COOK-1022] - consistency for icondir attribute +- [COOK-1023] - fix platform test for attributes +- [COOK-1024] - fix a2enmod script so it runs cleanly on !bash +- [COOK-1026] - fix `error_log` location on FreeBSD + +v1.0.8 +------ +- COOK-548 - directory resource doesn't have backup parameter + +v1.0.6 +------ +- COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below. +- COOK-548 - Add support for FreeBSD. + +v1.0.4 +------ +- COOK-859 - don't hardcode module paths + +v1.0.2 +------ +- Tickets resolved in this release: COOK-788, COOK-782, COOK-780 + +v1.0.0 +------ +- Red Hat family support is greatly improved, all recipes except `god_monitor` converge. +- Recipe `mod_auth_openid` now works on RHEL family distros +- Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's. +- Added `php5.conf.erb` template for `mod_php5` recipe. +- Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6. +- New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions. +- New attribute `node['apache']['group']`. +- Scientific Linux support added. +- Use a file resource instead of the generate-module-list executed perl script on RHEL family. +- "default" site can now be disabled. +- web_app now has an "enable" parameter. +- Support for dav_fs apache module. +- Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518 +- Fix node references in template for a2dissite +- Use proper user and group attributes on files and templates. +- Replace the anemic README.rdoc with this new and improved superpowered README.md :). diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Gemfile new file mode 100644 index 000000000..057b3404a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/Gemfile @@ -0,0 +1,23 @@ +# source "https://rubygems.org" + +# gem 'cucumber', '~> 1.2.0' +# gem 'httparty', '~> 0.8.3' +# gem 'minitest', '~> 3.0.0' +# gem 'nokogiri', '~> 1.5.0' + +# group :kitchen do +# gem 'test-kitchen', '< 1.0' +# end + + +source 'https://rubygems.org' + +gem 'berkshelf', '~> 2.0' +gem 'chefspec', '~> 2.0' +gem 'foodcritic', '~> 3.0' +gem 'rubocop', '~> 0.12' + +group :integration do + gem 'test-kitchen', '~> 1.0.0.beta' + gem 'kitchen-vagrant', '~> 0.11' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/README.md new file mode 100644 index 000000000..9215c88a1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/README.md @@ -0,0 +1,586 @@ +apache2 Cookbook +================ +[![Build Status](https://secure.travis-ci.org/opscode-cookbooks/apache2.png?branch=master)](http://travis-ci.org/opscode-cookbooks/apache2) + + +This cookbook provides a complete Debian/Ubuntu style Apache HTTPD +configuration. Non-Debian based distributions such as Red Hat/CentOS, +ArchLinux and others supported by this cookbook will have a +configuration that mimics Debian/Ubuntu style as it is easier to +manage with Chef. + +Debian-style Apache configuration uses scripts to manage modules and +sites (vhosts). The scripts are: + +* a2ensite +* a2dissite +* a2enmod +* a2dismod + +This cookbook ships with templates of these scripts for non +Debian/Ubuntu platforms. The scripts are used in the __Definitions__ +below. + +Requirements +============ + +## Ohai and Chef: + +* Ohai: 0.6.12+ +* Chef: 0.10.10+ + +As of v1.2.0, this cookbook makes use of `node['platform_family']` to +simplify platform selection logic. This attribute was introduced in +Ohai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If +you must run an older version of Chef or Ohai, use [version 1.1.16 of +this cookbook](http://community.opscode.com/cookbooks/apache2/versions/1_1_16/downloads). + +## Cookbooks: + +This cookbook doesn't have direct dependencies on other cookbooks, as +none are needed for the default recipe or the general use cases. + +Depending on your OS configuration and security policy, you may need +additional recipes or cookbooks for this cookbook's recipes to +converge on the node. In particular, the following Operating System +settings may affect the behavior of this cookbook: + +* apt cache outdated +* SELinux enabled +* IPtables +* Compile tools +* 3rd party repositories + +On Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package +cache is updated so Chef can install packages, or consider putting +apt-get in your bootstrap process or +[knife bootstrap template](http://wiki.opscode.com/display/chef/Knife+Bootstrap). + +On RHEL, SELinux is enabled by default. The `selinux` cookbook +contains a `permissive` recipe that can be used to set SELinux to +"Permissive" state. Otherwise, additional recipes need to be created +by the user to address SELinux permissions. + +The easiest but **certainly not ideal way** to deal with IPtables is +to flush all rules. Opscode does provide an `iptables` cookbook but is +migrating from the approach used there to a more robust solution +utilizing a general "firewall" LWRP that would have an "iptables" +provider. Alternately, you can use ufw, with Opscode's `ufw` and +`firewall` cookbooks to set up rules. See those cookbooks' READMEs for +documentation. + +Build/compile tools may not be installed on the system by default. +Some recipes (e.g., `apache2::mod_auth_openid`) build the module from +source. Use Opscode's `build-essential` cookbook to get essential +build packages installed. + +On ArchLinux, if you are using the `apache2::mod_auth_openid` recipe, +you also need the `pacman` cookbook for the `pacman_aur` LWRP. Put +`recipe[pacman]` on the node's expanded run list (on the node or in a +role). This is not an explicit dependency because it is only required +for this single recipe and platform; the pacman default recipe +performs `pacman -Sy` to keep pacman's package cache updated. + +The `apache2::god_monitor` recipe uses a definition from the `god` +cookbook. Include `recipe[god]` in the node's expanded run list to +ensure that the cookbook is available to the node, and to set up `god`. + +## Platforms: + +The following platforms and versions are tested and supported using +Opscode's [test-kitchen](http://github.com/opscode/test-kitchen). + +* Ubuntu 10.04, 12.04 +* CentOS 5.8, 6.3 + +The following platform families are supported in the code, and are +assumed to work based on the successful testing on Ubuntu and CentOS. + +* Debian +* Red Hat (rhel) +* Fedora +* Amazon Linux + +The following platforms are also supported in the code, have been +tested manually but are not tested under test-kitchen. + +* SUSE/OpenSUSE +* ArchLinux +* FreeBSD + +### Notes for RHEL Family: + +On Red Hat Enterprise Linux and derivatives, the EPEL repository may +be necessary to install packages used in certain recipes. The +`apache2::default` recipe, however, does not require any additional +repositories. Opscode's `yum` cookbook contains a recipe to add the +EPEL repository. See __Examples__ for more information. + +### Notes for FreeBSD: + +The `apache2::mod_php5` recipe depends on the `freebsd` cookbook, +which it uses to set the correct options for compiling the `php5` port +from sources. You need to ensure the `freebsd` is in the expanded run +list, or this recipe will fail. We don't set an explicit dependency +because we feel the `freebsd` cookbook is something users would want +on their nodes, and due to the generality of this cookbook we don't +want additional specific dependencies. + +Tests +===== + +This cookbook in the +[source repository](https://github.com/opscode-cookbooks/apache2) +contains minitest and cucumber tests. This is an initial proof of +concept that will be fleshed out with more supporting infrastructure +at a future time. + +Please see the CONTRIBUTING file for information on how to add tests +for your contributions. + +Attributes +========== + +This cookbook uses many attributes, broken up into a few different +kinds. + +Platform specific +----------------- + +In order to support the broadest number of platforms, several +attributes are determined based on the node's platform. See the +attributes/default.rb file for default values in the case statement at +the top of the file. + +* `node['apache']['dir']` - Location for the Apache configuration +* `node['apache']['log_dir']` - Location for Apache logs +* `node['apache']['error_log']` - Location for the default error log +* `node['apache']['access_log']` - Location for the default access log +* `node['apache']['user']` - User Apache runs as +* `node['apache']['group']` - Group Apache runs as +* `node['apache']['binary']` - Apache httpd server daemon +* `node['apache']['icondir']` - Location for icons +* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes +* `node['apache']['pid_file']` - Location of the PID file for Apache httpd +* `node['apache']['lib_dir']` - Location for shared libraries +* `node['apache']['default_site_enabled']` - Default site enabled. Default is false. +* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status` + +General settings +---------------- + +These are general settings used in recipes and templates. Default +values are noted. + +* `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any ("*"). +* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80. +* `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com". +* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300. +* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On. +* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100. +* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5. +* `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`". + +The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`. + +Prefork attributes +------------------ + +Prefork attributes are used for tuning the Apache HTTPD prefork MPM +configuration. + +* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16. +* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16. +* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32. +* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400. +* `node['apache']['prefork']['maxclients']` - Maximum number of simultaneous connections. +* `node['apache']['prefork']['maxrequestsperchild']` - Maximum number of request a child process will handle. Default 10000. + +Worker attributes +----------------- + +Worker attributes are used for tuning the Apache HTTPD worker MPM +configuration. + +* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4 +* `node['apache']['worker']['serverlimit']` - upper limit on configurable server processes. Default 16. +* `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024. +* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64 +* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192. +* `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle. + +mod\_auth\_openid attributes +---------------------------- + +The following attributes are in the `attributes/mod_auth_openid.rb` +file. Like all Chef attributes files, they are loaded as well, but +they're logistically unrelated to the others, being specific to the +`mod_auth_openid` recipe. + +* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source. +* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid +* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource. +* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default. +* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module. + +mod\_ssl attributes +------------------- + +* `node['apache']['mod_ssl']['cipher_suite']` - sets the + SSLCiphersuite value to the specified string. The default is + considered "sane" but you may need to change it for your local + security policy, e.g. if you have PCI-DSS requirements. Additional + commentary on the + [original pull request](https://github.com/opscode-cookbooks/apache2/pull/15#commitcomment-1605406). + +Recipes +======= + +Most of the recipes in the cookbook are for enabling Apache modules. +Where additional configuration or behavior is used, it is documented +below in more detail. + +The following recipes merely enable the specified module: `mod_alias`, +`mod_basic`, `mod_digest`, `mod_authn_file`, `mod_authnz_ldap`, +`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`, +`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`, +`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`, +`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`, +`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`, +`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`, +`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`. + +On RHEL Family distributions, certain modules ship with a config file +with the package. The recipes here may delete those configuration +files to ensure they don't conflict with the settings from the +cookbook, which will use per-module configuration in +`/etc/httpd/mods-enabled`. + +default +------- + +The default recipe does a number of things to set up Apache HTTPd. It +also includes a number of modules based on the attribute +`node['apache']['default_modules']` as recipes. + +logrotate +--------- + +Logrotate adds a logrotate entry for your apache2 logs. This recipe +requires the `logrotate` cookbook; ensure that `recipe[logrotate]` is +in the node's expanded run list. + +mod\_auth\_cas +-------------- + +This recipe installs the proper package and enables the `auth_cas` +module. It can install from source or package. Package is the default, +set the attribute `node['apache']['mod_auth_cas']['from_source']` to +true to enable source installation. Modify the version to install by +changing the attribute +`node['apache']['mod_auth_cas']['source_revision']`. It is a version +tag by default, but could be master, or another tag, or branch. + +The module configuration is written out with the `CASCookiePath` set, +otherwise an error loading the module may cause Apache to not start. + +**Note**: This recipe does not work on EL 6 platforms unless +epel-testing repository is enabled (outside the scope of this +cookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise +available to the system due to this bug: + +https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550 + +mod\_auth\_openid +----------------- + +**Changed via COOK-915** + +This recipe compiles the module from source. In addition to +`build-essential`, some other packages are included for installation +like the GNU C++ compiler and development headers. + +To use the module in your own cookbooks to authenticate systems using +OpenIDs, specify an array of OpenIDs that are allowed to authenticate +with the attribute `node['apache']['allowed_openids']`. Use the +following in a vhost to protect with OpenID authentication: + + AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %> + AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %> + +Change the DBLocation with the attribute as required; this file is in +a different location than previous versions, see below. It should be a +sane default for most platforms, though, see +`attributes/mod_auth_openid.rb`. + +### Changes from COOK-915: + +* `AuthType OpenID` instead of `AuthOpenIDEnabled On`. +* `require user` instead of `AuthOpenIDUserProgram`. +* A bug(?) in `mod_auth_openid` causes it to segfault when attempting + to update the database file if the containing directory is not + writable by the HTTPD process owner (e.g., www-data), even if the + file is writable. In order to not interfere with other settings from + the default recipe in this cookbook, the db file is moved. + +mod\_fastcgi +------------ + +Install the fastcgi package and enable the module. + +Only work on Debian/Ubuntu + +mod\_fcgid +---------- + +Installs the fcgi package and enables the module. Requires EPEL on +RHEL family. + +On RHEL family, this recipe will delete the fcgid.conf and on version +6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the +emergency error: + + [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes + +mod\_php5 +-------- + +Simply installs the appropriate package on Debian, Ubuntu and +ArchLinux. + +On Red Hat family distributions including Fedora, the php.conf that +comes with the package is removed. On RHEL platforms less than v6, the +`php53` package is used. + +mod\_ssl +-------- + +Besides installing and enabling `mod_ssl`, this recipe will append +port 443 to the `node['apache']['listen_ports']` attribute array and +update the ports.conf. + +god\_monitor +------------ + +Sets up a `god` monitor for Apache. External requirements are the +`god` and `runit` cookbooks from Opscode. When using this recipe, +include `recipe[god]` in the node's expanded run list to ensure the +client downloads it; `god` depends on runit so that will also be +downloaded. + +**Note** This recipe is not tested under test-kitchen yet and is + pending fix in COOK-744. + +Definitions +=========== + +The cookbook provides a few definitions. At some point in the future +these definitions may be refactored into lightweight resources and +providers as suggested by +[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015). + +apache\_conf +------------ + +Sets up configuration file for an Apache module from a template. The +template should be in the same cookbook where the definition is used. +This is used by the `apache_module` definition and is not often used +directly. + +This will use a template resource to write the module's configuration +file in the `mods-available` under the Apache configuration directory +(`node['apache']['dir']`). This is a platform-dependent location. See +__apache\_module__. + +### Parameters: + +* `name` - Name of the template. When used from the `apache_module`, + it will use the same name as the module. + +### Examples: + +Create `#{node['apache']['dir']}/mods-available/alias.conf`. + + apache_conf "alias" + +apache\_module +-------------- + +Enable or disable an Apache module in +`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or +`a2dismod` to manage the symbolic link in +`#{node['apache']['dir']}/mods-enabled`. If the module has a +configuration file, a template should be created in the cookbook where +the definition is used. See __Examples__. + +### Parameters: + +* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts. +* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`. +* `conf` - Default false. Set to true if the module has a config file, which will use `apache_conf` for the file. +* `filename` - specify the full name of the file, e.g. + +### Examples: + +Enable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`. + + apache_module "ssl" do + conf true + end + +Enable the php5 module, which has a different filename than the module default: + + apache_module "php5" do + filename "libphp5.so" + end + +Disable a module: + + apache_module "disabled_module" do + enable false + end + +See the recipes directory for many more examples of `apache_module`. + +apache\_site +------------ + +Enable or disable a VirtualHost in +`#{node['apache']['dir']}/sites-available` by calling a2ensite or +a2dissite to manage the symbolic link in +`#{node['apache']['dir']}/sites-enabled`. + +The template for the site must be managed as a separate resource. To +combine the template with enabling a site, see `web_app`. + +### Parameters: + +* `name` - Name of the site. +* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`. + +web\_app +-------- + +Manage a template resource for a VirtualHost site, and enable it with +`apache_site`. This is commonly done for managing web applications +such as Ruby on Rails, PHP or Django, and the default behavior +reflects that. However it is flexible. + +This definition includes some recipes to make sure the system is +configured to have Apache and some sane default modules: + +* `apache2` +* `apache2::mod_rewrite` +* `apache2::mod_deflate` +* `apache2::mod_headers` + +It will then configure the template (see __Parameters__ and +__Examples__ below), and enable or disable the site per the `enable` +parameter. + +### Parameters: + +Current parameters used by the definition: + +* `name` - The name of the site. The template will be written to + `#{node['apache']['dir']}/sites-available/#{params['name']}.conf` +* `cookbook` - Optional. Cookbook where the source template is. If + this is not defined, Chef will use the named template in the + cookbook where the definition is used. +* `template` - Default `web_app.conf.erb`, source template file. +* `enable` - Default true. Passed to the `apache_site` definition. + +Additional parameters can be defined when the definition is called in +a recipe, see __Examples__. + +### Examples: + +All parameters are passed into the template. You can use whatever you +like. The apache2 cookbook comes with a `web_app.conf.erb` template as +an example. The following parameters are used in the template: + +* `server_name` - ServerName directive. +* `server_aliases` - ServerAlias directive. Must be an array of aliases. +* `docroot` - DocumentRoot directive. +* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter. +* `directory_index` - Allow overriding the default DirectoryIndex setting, optional +* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional. +* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication. + +To use the default web_app, for example: + + web_app "my_site" do + server_name node['hostname'] + server_aliases [node['fqdn'], "my-site.example.com"] + docroot "/srv/www/my_site" + end + +The parameters specified will be used as: + +* `@params[:server_name]` +* `@params[:server_aliases]` +* `@params[:docroot]` + +In the template. When you write your own, the `@` is significant. + +For more information about Definitions and parameters, see the +[Chef Wiki](http://wiki.opscode.com/display/chef/Definitions) + +Usage +===== + +Using this cookbook is relatively straightforward. Add the desired +recipes to the run list of a node, or create a role. Depending on your +environment, you may have multiple roles that use different recipes +from this cookbook. Adjust any attributes as desired. For example, to +create a basic role for web servers that provide both HTTP and HTTPS: + + % cat roles/webserver.rb + name "webserver" + description "Systems that serve HTTP and HTTPS" + run_list( + "recipe[apache2]", + "recipe[apache2::mod_ssl]" + ) + default_attributes( + "apache" => { + "listen_ports" => ["80", "443"] + } + ) + +For examples of using the definitions in your own recipes, see their +respective sections above. + +License and Authors +=================== + +* Author:: Adam Jacob +* Author:: Joshua Timberman +* Author:: Bryan McLellan +* Author:: Dave Esposito +* Author:: David Abdemoulaie +* Author:: Edmund Haselwanter +* Author:: Eric Rochester +* Author:: Jim Browne +* Author:: Matthew Kent +* Author:: Nathen Harvey +* Author:: Ringo De Smet +* Author:: Sean OMeara +* Author:: Seth Chisamore +* Author:: Gilles Devaux + +* Copyright:: 2009-2012, Opscode, Inc +* Copyright:: 2011, Atriso +* Copyright:: 2011, CustomInk, LLC. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/TESTING.md new file mode 100644 index 000000000..b4102e321 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/TESTING.md @@ -0,0 +1,53 @@ +This cookbook uses a variety of testing components: + +- Unit tests: [ChefSpec](https://github.com/acrmp/chefspec) +- Integration tests: [Test Kitchen](https://github.com/opscode/test-kitchen) +- Chef Style lints: [Foodcritic](https://github.com/acrmp/foodcritic) +- Ruby Style lints: [Rubocop](https://github.com/bbatsov/rubocop) + + +Prerequisites +------------- +To develop on this cookbook, you must have a sane Ruby 1.9+ environment. Given the nature of this installation process (and it's variance across multiple operating systems), we will leave this installation process to the user. + +You must also have `bundler` installed: + + $ gem install bundler + +You must also have Vagrant and VirtualBox installed: + +- [Vagrant](https://vagrantup.com) +- [VirtualBox](https://virtualbox.org) + +Once installed, you must install the `vagrant-berkshelf` plugin: + + $ vagrant plugin install vagrant-berkshelf + + +Development +----------- +1. Clone the git repository from GitHub: + + $ git clone git@github.com:opscode-cookbooks/COOKBOOK.git + +2. Install the dependencies using bundler: + + $ bundle install + +3. Create a branch for your changes: + + $ git checkout -b my_bug_fix + +4. Make any changes +5. Write tests to support those changes. It is highly recommended you write both unit and integration tests. +6. Run the tests: + - `bundle exec rspec` + - `bundle exec foodcritic .` + - `bundle exec rubocop` + - `bundle exec kitchen test` + +7. Assuming the tests pass, open a Pull Request on GitHub +8. Open a JIRA ticket for this compontent, linking the JIRA ticket to the Pull Request and visa versa. +9. Mark the JIRA ticket as "Fix Provided" + +For more information, see [Opscode's Contribution Guidelines](https://wiki.opscode.com/display/chef/How+to+Contribute). diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/default.rb new file mode 100644 index 000000000..4f04320bb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/default.rb @@ -0,0 +1,177 @@ +# +# Cookbook Name:: apache2 +# Attributes:: apache +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['root_group'] = 'root' + +# Where the various parts of apache are +case node['platform'] +when 'redhat', 'centos', 'scientific', 'fedora', 'suse', 'amazon', 'oracle' + default['apache']['package'] = 'httpd' + default['apache']['dir'] = '/etc/httpd' + default['apache']['log_dir'] = '/var/log/httpd' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'apache' + default['apache']['group'] = 'apache' + default['apache']['binary'] = '/usr/sbin/httpd' + default['apache']['docroot_dir'] = '/var/www/html' + default['apache']['cgibin_dir'] = '/var/www/cgi-bin' + default['apache']['icondir'] = '/var/www/icons' + default['apache']['cache_dir'] = '/var/cache/httpd' + default['apache']['pid_file'] = if node['platform_version'].to_f >= 6 + '/var/run/httpd/httpd.pid' + else + '/var/run/httpd.pid' + end + default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/httpd' : '/usr/lib64/httpd' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['default_site_enabled'] = false +when 'debian', 'ubuntu' + default['apache']['package'] = 'apache2' + default['apache']['dir'] = '/etc/apache2' + default['apache']['log_dir'] = '/var/log/apache2' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'www-data' + default['apache']['group'] = 'www-data' + default['apache']['binary'] = '/usr/sbin/apache2' + default['apache']['docroot_dir'] = '/var/www' + default['apache']['cgibin_dir'] = '/usr/lib/cgi-bin' + default['apache']['icondir'] = '/usr/share/apache2/icons' + default['apache']['cache_dir'] = '/var/cache/apache2' + default['apache']['pid_file'] = '/var/run/apache2.pid' + default['apache']['lib_dir'] = '/usr/lib/apache2' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['default_site_enabled'] = false +when 'arch' + default['apache']['package'] = 'apache' + default['apache']['dir'] = '/etc/httpd' + default['apache']['log_dir'] = '/var/log/httpd' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'http' + default['apache']['group'] = 'http' + default['apache']['binary'] = '/usr/sbin/httpd' + default['apache']['docroot_dir'] = '/srv/http' + default['apache']['cgibin_dir'] = '/usr/share/httpd/cgi-bin' + default['apache']['icondir'] = '/usr/share/httpd/icons' + default['apache']['cache_dir'] = '/var/cache/httpd' + default['apache']['pid_file'] = '/var/run/httpd/httpd.pid' + default['apache']['lib_dir'] = '/usr/lib/httpd' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['default_site_enabled'] = false +when 'freebsd' + default['apache']['package'] = 'apache22' + default['apache']['dir'] = '/usr/local/etc/apache22' + default['apache']['log_dir'] = '/var/log' + default['apache']['error_log'] = 'httpd-error.log' + default['apache']['access_log'] = 'httpd-access.log' + default['apache']['root_group'] = 'wheel' + default['apache']['user'] = 'www' + default['apache']['group'] = 'www' + default['apache']['binary'] = '/usr/local/sbin/httpd' + default['apache']['docroot_dir'] = '/usr/local/www/apache22/data' + default['apache']['cgibin_dir'] = '/usr/local/www/apache22/cgi-bin' + default['apache']['icondir'] = '/usr/local/www/apache22/icons' + default['apache']['cache_dir'] = '/var/run/apache22' + default['apache']['pid_file'] = '/var/run/httpd.pid' + default['apache']['lib_dir'] = '/usr/local/libexec/apache22' + default['apache']['libexecdir'] = node['apache']['lib_dir'] + default['apache']['default_site_enabled'] = false +else + default['apache']['dir'] = '/etc/apache2' + default['apache']['log_dir'] = '/var/log/apache2' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'www-data' + default['apache']['group'] = 'www-data' + default['apache']['binary'] = '/usr/sbin/apache2' + default['apache']['docroot_dir'] = '/var/www' + default['apache']['cgibin_dir'] = '/usr/lib/cgi-bin' + default['apache']['icondir'] = '/usr/share/apache2/icons' + default['apache']['cache_dir'] = '/var/cache/apache2' + default['apache']['pid_file'] = 'logs/httpd.pid' + default['apache']['lib_dir'] = '/usr/lib/apache2' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['default_site_enabled'] = false +end + +### +# These settings need the unless, since we want them to be tunable, +# and we don't want to override the tunings. +### + +# General settings +default['apache']['listen_addresses'] = %w[*] +default['apache']['listen_ports'] = %w[80] +default['apache']['contact'] = 'ops@example.com' +default['apache']['timeout'] = 300 +default['apache']['keepalive'] = 'On' +default['apache']['keepaliverequests'] = 100 +default['apache']['keepalivetimeout'] = 5 + +# Security +default['apache']['servertokens'] = 'Prod' +default['apache']['serversignature'] = 'On' +default['apache']['traceenable'] = 'On' + +# mod_auth_openids +default['apache']['allowed_openids'] = [] + +# mod_status Allow list, space seprated list of allowed entries. +default['apache']['status_allow_list'] = 'localhost ip6-localhost' + +# mod_status ExtendedStatus, set to 'true' to enable +default['apache']['ext_status'] = false + +# mod_info Allow list, space seprated list of allowed entries. +default['apache']['info_allow_list'] = 'localhost ip6-localhost' + +# Prefork Attributes +default['apache']['prefork']['startservers'] = 16 +default['apache']['prefork']['minspareservers'] = 16 +default['apache']['prefork']['maxspareservers'] = 32 +default['apache']['prefork']['serverlimit'] = 400 +default['apache']['prefork']['maxclients'] = 400 +default['apache']['prefork']['maxrequestsperchild'] = 10_000 + +# Worker Attributes +default['apache']['worker']['startservers'] = 4 +default['apache']['worker']['serverlimit'] = 16 +default['apache']['worker']['maxclients'] = 1024 +default['apache']['worker']['minsparethreads'] = 64 +default['apache']['worker']['maxsparethreads'] = 192 +default['apache']['worker']['threadsperchild'] = 64 +default['apache']['worker']['maxrequestsperchild'] = 0 + +# mod_proxy settings +default['apache']['proxy']['order'] = 'deny,allow' +default['apache']['proxy']['deny_from'] = 'all' +default['apache']['proxy']['allow_from'] = 'none' + +# Default modules to enable via include_recipe + +default['apache']['default_modules'] = %w[ + status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex + dir env mime negotiation setenvif +] + +%w[log_config logio].each do |log_mod| + default['apache']['default_modules'] << log_mod if %w[rhel fedora suse arch freebsd].include?(node['platform_family']) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_cas.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_cas.rb new file mode 100644 index 000000000..4716fe7d9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_cas.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: apache2 +# Attributes:: mod_auth_cas +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['mod_auth_cas']['from_source'] = false +default['apache']['mod_auth_cas']['source_revision'] = 'v1.0.8.1' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_openid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_openid.rb new file mode 100644 index 000000000..3aba0aa7b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_auth_openid.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: apache2 +# Attributes:: mod_auth_cas +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['mod_auth_openid']['ref'] = '95043901eab868400937642d9bc55d17e9dd069f' +default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz" +default['apache']['mod_auth_openid']['cache_dir'] = '/var/cache/mod_auth_openid' +default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db" + +case node['platform_family'] +when 'freebsd' + default['apache']['mod_auth_openid']['configure_flags'] = [ + 'CPPFLAGS=-I/usr/local/include', + 'LDFLAGS=-I/usr/local/lib -lsqlite3' + ] +else + default['apache']['mod_auth_openid']['configure_flags'] = [] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_fastcgi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_fastcgi.rb new file mode 100644 index 000000000..0583c9fee --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_fastcgi.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Attributes:: mod_fastcgi +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['mod_fastcgi']['download_url'] = 'http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_ssl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_ssl.rb new file mode 100644 index 000000000..e71d3a602 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/attributes/mod_ssl.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Attributes:: mod_ssl +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['mod_ssl']['cipher_suite'] = 'RC4-SHA:HIGH:!ADH' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_conf.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_conf.rb new file mode 100644 index 000000000..3f615179c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_conf.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_conf +# +# Copyright 2008-20013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_conf do + template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do + source "mods/#{params[:name]}.conf.erb" + mode '0644' + notifies :restart, 'service[apache2]' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_module.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_module.rb new file mode 100644 index 000000000..4d72e0cda --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_module.rb @@ -0,0 +1,51 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_module +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_module, :enable => true, :conf => false do + include_recipe 'apache2::default' + + params[:filename] = params[:filename] || "mod_#{params[:name]}.so" + params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}" + + apache_conf params[:name] if params[:conf] + + if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') + file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do + content "LoadModule #{params[:name]}_module #{params[:module_path]}\n" + mode '0644' + end + end + + if params[:enable] + execute "a2enmod #{params[:name]}" do + command "/usr/sbin/a2enmod #{params[:name]}" + notifies :restart, 'service[apache2]' + not_if do + ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") && + (::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf") ? ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf") : true) + end + end + else + execute "a2dismod #{params[:name]}" do + command "/usr/sbin/a2dismod #{params[:name]}" + notifies :restart, 'service[apache2]' + only_if { ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") } + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_site.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_site.rb new file mode 100644 index 000000000..17619819d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/apache_site.rb @@ -0,0 +1,43 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_site +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_site, :enable => true do + include_recipe 'apache2::default' + + if params[:enable] + execute "a2ensite #{params[:name]}" do + command "/usr/sbin/a2ensite #{params[:name]}" + notifies :restart, 'service[apache2]' + not_if do + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") || + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}") + end + only_if { ::File.exists?("#{node['apache']['dir']}/sites-available/#{params[:name]}") } + end + else + execute "a2dissite #{params[:name]}" do + command "/usr/sbin/a2dissite #{params[:name]}" + notifies :restart, 'service[apache2]' + only_if do + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") || + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}") + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/web_app.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/web_app.rb new file mode 100644 index 000000000..6844d3b1a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/definitions/web_app.rb @@ -0,0 +1,48 @@ +# +# Cookbook Name:: apache2 +# Definition:: web_app +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :web_app, :template => 'web_app.conf.erb', :enable => true do + + application_name = params[:name] + + include_recipe 'apache2::default' + include_recipe 'apache2::mod_rewrite' + include_recipe 'apache2::mod_deflate' + include_recipe 'apache2::mod_headers' + + template "#{node['apache']['dir']}/sites-available/#{application_name}.conf" do + source params[:template] + owner 'root' + group node['apache']['root_group'] + mode '0644' + cookbook params[:cookbook] if params[:cookbook] + variables( + :application_name => application_name, + :params => params + ) + if ::File.exists?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf") + notifies :reload, 'service[apache2]' + end + end + + site_enabled = params[:enable] + apache_site "#{params[:name]}.conf" do + enable site_enabled + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/apache2_module_conf_generate.pl b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/apache2_module_conf_generate.pl new file mode 100644 index 000000000..e161fbb17 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/apache2_module_conf_generate.pl @@ -0,0 +1,41 @@ +#!/usr/bin/perl + +=begin + +Generates Ubuntu style module.load files. + +./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available + +ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em. + +=cut + +use File::Find; + +use strict; +use warnings; + +die "Must have '/path/to/modules' and '/path/to/modules.load'" + unless $ARGV[0] && $ARGV[1]; + +find( + { + wanted => sub { + return 1 if $File::Find::name !~ /\.so$/; + my $modfile = $_; + $modfile =~ /(lib|mod_)(.+)\.so$/; + my $modname = $2; + my $filename = "$ARGV[1]/$modname.load"; + unless ( -f $filename ) { + open( FILE, ">", $filename ) or die "Cannot open $filename"; + print FILE "LoadModule " . $modname . "_module $File::Find::name\n"; + close(FILE); + } + }, + follow => 1, + }, + $ARGV[0] +); + +exit 0; + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..0bec9b144 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/default_test.rb @@ -0,0 +1,76 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::default' do + include Helpers::Apache + + it 'installs apache' do + package(node['apache']['package']).must_be_installed + end + + it 'starts apache' do + apache_service.must_be_running + end + + it 'enables apache' do + apache_service.must_be_enabled + end + + it 'creates the conf.d directory' do + directory("#{node['apache']['dir']}/conf.d").must_exist.with(:mode, '755') + end + + it 'creates the logs directory' do + directory(node['apache']['log_dir']).must_exist + end + + it 'enables the default site unless it is disabled' do + skip unless node['apache']['default_site_enabled'] + file("#{node['apache']['dir']}/sites-enabled/000-default").must_exist + file("#{node['apache']['dir']}/sites-available/default").must_exist + end + + it 'ensures the debian-style apache module scripts are present' do + %w{a2ensite a2dissite a2enmod a2dismod}.each do |mod_script| + file("/usr/sbin/#{mod_script}").must_exist + end + end + + it 'reports server name only, not detailed version info' do + assert_match(/^ServerTokens #{node['apache']['servertokens']} *$/, File.read("#{node['apache']['dir']}/conf.d/security")) + end + + it 'listens on port 80' do + apache_configured_ports.must_include(80) + end + + it 'only listens on port 443 when SSL is enabled' do + unless ran_recipe?('apache2::mod_ssl') + apache_configured_ports.wont_include(443) + end + end + + it 'reports server name only, not detailed version info' do + file("#{node['apache']['dir']}/conf.d/security").must_match(/^ServerTokens #{node['apache']['servertokens']} *$/) + end + + it 'enables default_modules' do + node['apache']['default_modules'].each do |a2mod| + apache_enabled_modules.must_include "#{a2mod}_module" + end + end + + describe 'centos' do + it 'ensures no modules are loaded in conf.d' do + Dir["#{node['apache']['dir']}/conf.d/*"].each do |f| + file(f).wont_include 'LoadModule' + end + end + end + + describe 'configuration' do + it { config.must_include '# Generated by Chef' } + it { config.must_include %Q{ServerRoot "#{node['apache']['dir']}"} } + it { config.must_include "Include #{node['apache']['dir']}/conf.d/" } + it { apache_config_parses? } + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/god_monitor_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/god_monitor_test.rb new file mode 100644 index 000000000..f2f972eab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/god_monitor_test.rb @@ -0,0 +1,34 @@ +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::god_monitor' do + include Helpers::Apache + + it 'starts god service to supervise apache2' do + service('god').must_be_running + end + + it 'creates the god service template for apache' do + file('/etc/god/conf.d/apache2.god').must_exist + end + + it 'starts an apache2 service that works like a regular service' do + # to be implemented when COOK-744 is fixed + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_apreq2_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_apreq2_test.rb new file mode 100644 index 000000000..140ec1637 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_apreq2_test.rb @@ -0,0 +1,19 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_apreq2' do + include Helpers::Apache + + it 'enables apreq_module' do + apache_enabled_modules.must_include 'apreq_module' + end + + it 'symlinks the module on EL' do + skip unless %w[rhel fedora].include?(node['platform_family']) + libdir = node['kernel']['machine'] == 'x86_64' ? 'lib64' : 'lib' + link( + "/usr/#{libdir}/httpd/modules/mod_apreq.so" + ).must_exist.with( + :link_type, :symbolic).and(:to, "/usr/#{libdir}/httpd/modules/mod_apreq2.so" + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb new file mode 100644 index 000000000..745c217d4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb @@ -0,0 +1,10 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_auth_cas' do + include Helpers::Apache + + it 'enables auth_cas_module' do + skip if %w[rhel fedora].include?(node['platform_family']) && node['platform_version'].to_f > 6.0 + apache_enabled_modules.must_include 'auth_cas_module' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb new file mode 100644 index 000000000..84f7f54e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb @@ -0,0 +1,36 @@ +require File.expand_path('../support/helpers', __FILE__) +require 'pathname' + +describe 'apache2::mod_auth_openid' do + include Helpers::Apache + + it 'installs the opekele library' do + lib_dir = Pathname.new(node['apache']['lib_dir']).dirname.to_s + file("#{lib_dir}/libopkele.so").must_exist + end + + it 'does not add the module to httpd.conf' do + conffile = case node['platform'] + when 'debian', 'ubuntu' + 'apache2.conf' + when 'redhat', 'centos', 'scientific', 'fedora', 'arch', 'amazon' + 'conf/httpd.conf' + when 'freebsd' + 'httpd.conf' + end + httpd_config = File.read(File.join(node['apache']['dir'], conffile)) + refute_match /^LoadModule authopenid_module /, httpd_config + end + + it 'creates a cache directory for the module' do + directory(node['apache']['mod_auth_openid']['cache_dir']).must_exist.with(:owner, node['apache']['user']) + end + + it 'ensures the db file is writable by apache' do + file(node['apache']['mod_auth_openid']['dblocation']).must_exist.with(:owner, node['apache']['user']).and(:mode, '644') + end + + it 'enables authopenid_module' do + apache_enabled_modules.must_include 'authopenid_module' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_cgi_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_cgi_test.rb new file mode 100644 index 000000000..d14e76426 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_cgi_test.rb @@ -0,0 +1,12 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_cgi' do + include Helpers::Apache + + # the cgi module can be either cgi or cgid + it 'enables cgi or cgid_module' do + assert(apache_enabled_modules.include?('cgi_module') || + apache_enabled_modules.include?('cgid_module') + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb new file mode 100644 index 000000000..25e063797 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb @@ -0,0 +1,13 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_dav_svn' do + include Helpers::Apache + + it 'enables dav_svn_module' do + apache_enabled_modules.must_include('dav_svn_module') + end + + it 'enables dav_module' do + apache_enabled_modules.must_include('dav_module') + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_fastcgi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_fastcgi.rb new file mode 100644 index 000000000..6dfb34ce3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_fastcgi.rb @@ -0,0 +1,10 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_fastcgi' do + include Helpers::Apache + + it 'enables fastcgi_module' do + skip if %w{rhel fedora}.include?(node['platform_family']) + apache_enabled_modules.must_include 'fastcgi_module' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_include_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_include_test.rb new file mode 100644 index 000000000..3cc7a2679 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_include_test.rb @@ -0,0 +1,14 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_include' do + include Helpers::Apache + + it 'enables include_module' do + apache_enabled_modules.must_include 'include_module' + end + + it 'drops off the include module configuration' do + assert_match(/AddType text\/html .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf")) + assert_match(/AddOutputFilter INCLUDES .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf")) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_perl_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_perl_test.rb new file mode 100644 index 000000000..f403d9703 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_perl_test.rb @@ -0,0 +1,17 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_perl' do + include Helpers::Apache + + it 'enables perl_module' do + apache_enabled_modules.must_include('perl_module') + end + + it 'installs the apache request library' do + req_pkg = case node['platform'] + when 'debian', 'ubuntu' then 'libapache2-request-perl' + else 'perl-libapreq2' + end + package(req_pkg).must_be_installed + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_php5_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_php5_test.rb new file mode 100644 index 000000000..482cdcd8c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_php5_test.rb @@ -0,0 +1,13 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_php5' do + include Helpers::Apache + + it 'enables php5_module' do + apache_enabled_modules.must_include('php5_module') + end + + it 'deletes the packaged php config if any' do + file("#{node['apache']['dir']}/conf.d/php.conf").wont_exist + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_python_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_python_test.rb new file mode 100644 index 000000000..4ef119c2e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_python_test.rb @@ -0,0 +1,9 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_python' do + include Helpers::Apache + + it 'enables python_module' do + apache_enabled_modules.must_include('python_module') + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_ssl_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_ssl_test.rb new file mode 100644 index 000000000..49755d4fd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/mod_ssl_test.rb @@ -0,0 +1,27 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe 'apache2::mod_ssl' do + include Helpers::Apache + + it 'installs the mod_ssl package on RHEL distributions' do + skip unless %w[rhel fedora].include?(node['platform_family']) + package('mod_ssl').must_be_installed + end + + it 'enables ssl_module' do + apache_enabled_modules.must_include 'ssl_module' + end + + it 'does not store SSL config in conf.d' do + file("#{node['apache']['dir']}/conf.d/ssl.conf").wont_exist + end + + it 'is configured to listen on port 443' do + apache_configured_ports.must_include(443) + end + + it 'configures SSLCiphersuit from an attribute' do + assert_match(/^SSLCipherSuite #{node['apache']['mod_ssl']['cipher_suite']}$/, + File.read("#{node['apache']['dir']}/mods-enabled/ssl.conf")) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..9d08c91b1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,66 @@ +module Helpers + # MiniTest helpers + module Apache + require 'chef/mixin/shell_out' + include Chef::Mixin::ShellOut + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + def apache_config_parses? + acp = shell_out("#{node['apache']['binary']} -t") + acp.exitstatus == 0 + end + + def apache_configured_ports + port_config = File.read("#{node['apache']['dir']}/ports.conf") + port_config.scan(/^Listen ([0-9]+)/).flatten.map { |p| p.to_i } + end + + def apache_enabled_modules + apache_modules = shell_out("#{node['apache']['binary']} -M") + apache_modules.send( + if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6.0 + :stderr + else + :stdout + end + ).split.select! { |i| i =~ /_module$/ } + end + + def apache_service + service( + case node['platform'] + when 'debian', 'ubuntu' then 'apache2' + when 'freebsd' then 'apache22' + else 'httpd' + end + ) + end + + def config + file( + case node['platform'] + when 'debian', 'ubuntu' then "#{node['apache']['dir']}/apache2.conf" + when 'freebsd' then "#{node['apache']['dir']}/httpd.conf" + else "#{node['apache']['dir']}/conf/httpd.conf" + end + ) + end + + def ran_recipe?(recipe) + if Chef::VERSION < '11.0' + seen_recipes = node.run_state[:seen_recipes] + recipes = seen_recipes.keys.each { |i| i } + else + recipes = run_context.loaded_recipes + end + if recipes.empty? && Chef::Config[:solo] + # If you have roles listed in your run list they are NOT expanded + recipes = node.run_list.map { |item| item.name if item.type == :recipe } + end + recipes.include?(recipe) + end + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/metadata.rb new file mode 100644 index 000000000..5e04c40fa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/metadata.rb @@ -0,0 +1,225 @@ +name 'apache2' +maintainer 'Opscode, Inc.' +maintainer_email 'cookbooks@opscode.com' +license 'Apache 2.0' +description 'Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '1.8.5' +recipe 'apache2', 'Main Apache configuration' +recipe 'apache2::logrotate', 'Rotate apache2 logs. Requires logrotate cookbook' +recipe 'apache2::mod_alias', 'Apache module "alias" with config file' +recipe 'apache2::mod_apreq2', 'Apache module "apreq"' +recipe 'apache2::mod_auth_basic', 'Apache module "auth_basic"' +recipe 'apache2::mod_auth_digest', 'Apache module "auth_digest"' +recipe 'apache2::mod_auth_openid', 'Apache module "authopenid"' +recipe 'apache2::mod_authn_file', 'Apache module "authn_file"' +recipe 'apache2::mod_authnz_ldap', 'Apache module "authnz_ldap"' +recipe 'apache2::mod_authz_default', 'Apache module "authz_default"' +recipe 'apache2::mod_authz_groupfile', 'Apache module "authz_groupfile"' +recipe 'apache2::mod_authz_host', 'Apache module "authz_host"' +recipe 'apache2::mod_authz_user', 'Apache module "authz_user"' +recipe 'apache2::mod_autoindex', 'Apache module "autoindex" with config file' +recipe 'apache2::mod_cgi', 'Apache module "cgi"' +recipe 'apache2::mod_dav', 'Apache module "dav"' +recipe 'apache2::mod_dav_svn', 'Apache module "dav_svn"' +recipe 'apache2::mod_deflate', 'Apache module "deflate" with config file' +recipe 'apache2::mod_dir', 'Apache module "dir" with config file' +recipe 'apache2::mod_env', 'Apache module "env"' +recipe 'apache2::mod_expires', 'Apache module "expires"' +recipe 'apache2::mod_fcgid', 'Apache module "fcgid", package on ubuntu/debian, rhel/centos, compile source on suse; with config file' +recipe 'apache2::mod_headers', 'Apache module "headers"' +recipe 'apache2::mod_include', 'Apache module "include"' +recipe 'apache2::mod_ldap', 'Apache module "ldap"' +recipe 'apache2::mod_log_config', 'Apache module "log_config"' +recipe 'apache2::mod_mime', 'Apache module "mime" with config file' +recipe 'apache2::mod_negotiation', 'Apache module "negotiation" with config file' +recipe 'apache2::mod_perl', 'Apache module "perl"' +recipe 'apache2::mod_php5', 'Apache module "php5"' +recipe 'apache2::mod_proxy', 'Apache module "proxy" with config file' +recipe 'apache2::mod_proxy_ajp', 'Apache module "proxy_ajp"' +recipe 'apache2::mod_proxy_balancer', 'Apache module "proxy_balancer"' +recipe 'apache2::mod_proxy_connect', 'Apache module "proxy_connect"' +recipe 'apache2::mod_proxy_http', 'Apache module "proxy_http"' +recipe 'apache2::mod_python', 'Apache module "python"' +recipe 'apache2::mod_rewrite', 'Apache module "rewrite"' +recipe 'apache2::mod_setenvif', 'Apache module "setenvif" with config file' +recipe 'apache2::mod_ssl', 'Apache module "ssl" with config file, adds port 443 to listen_ports' +recipe 'apache2::mod_status', 'Apache module "status" with config file' +recipe 'apache2::mod_xsendfile', 'Apache module "xsendfile"' + +supports 'amazon' +supports 'arch' +supports 'centos' +supports 'debian' +supports 'fedora' +supports 'freebsd' +supports 'redhat' +supports 'scientific' +supports 'ubuntu' + +attribute 'apache', + :display_name => 'Apache Hash', + :description => 'Hash of Apache attributes', + :type => 'hash' + +attribute 'apache/dir', + :display_name => 'Apache Directory', + :description => 'Location for Apache configuration', + :default => '/etc/apache2' + +attribute 'apache/log_dir', + :display_name => 'Apache Log Directory', + :description => 'Location for Apache logs', + :default => '/etc/apache2' + +attribute 'apache/user', + :display_name => 'Apache User', + :description => 'User Apache runs as', + :default => 'www-data' + +attribute 'apache/binary', + :display_name => 'Apache Binary', + :description => 'Apache server daemon program', + :default => '/usr/sbin/apache2' + +attribute 'apache/icondir', + :display_name => 'Apache Icondir', + :description => 'Directory location for icons', + :default => '/usr/share/apache2/icons' + +attribute 'apache/listen_addresses', + :display_name => 'Apache Listen Addresses', + :description => 'Addresses that Apache should listen on', + :type => 'array', + :default => %w[*] + +attribute 'apache/listen_ports', + :display_name => 'Apache Listen Ports', + :description => 'Ports that Apache should listen on', + :type => 'array', + :default => %w[80 443] + +attribute 'apache/contact', + :display_name => 'Apache Contact', + :description => 'Email address of webmaster', + :default => 'ops@example.com' + +attribute 'apache/timeout', + :display_name => 'Apache Timeout', + :description => 'Connection timeout value', + :default => '300' + +attribute 'apache/keepalive', + :display_name => 'Apache Keepalive', + :description => 'HTTP persistent connections', + :default => 'On' + +attribute 'apache/keepaliverequests', + :display_name => 'Apache Keepalive Requests', + :description => 'Number of requests allowed on a persistent connection', + :default => '100' + +attribute 'apache/keepalivetimeout', + :display_name => 'Apache Keepalive Timeout', + :description => 'Time to wait for requests on persistent connection', + :default => '5' + +attribute 'apache/servertokens', + :display_name => 'Apache Server Tokens', + :description => 'Server response header', + :default => 'Prod' + +attribute 'apache/serversignature', + :display_name => 'Apache Server Signature', + :description => 'Configure footer on server-generated documents', + :default => 'On' + +attribute 'apache/traceenable', + :display_name => 'Apache Trace Enable', + :description => 'Determine behavior of TRACE requests', + :default => 'On' + +attribute 'apache/allowed_openids', + :display_name => 'Apache Allowed OpenIDs', + :description => 'Array of OpenIDs allowed to authenticate', + :default => '' + +attribute 'apache/prefork', + :display_name => 'Apache Prefork', + :description => 'Hash of Apache prefork tuning attributes.', + :type => 'hash' + +attribute 'apache/prefork/startservers', + :display_name => 'Apache Prefork MPM StartServers', + :description => 'Number of MPM servers to start', + :default => '16' + +attribute 'apache/prefork/minspareservers', + :display_name => 'Apache Prefork MPM MinSpareServers', + :description => 'Minimum number of spare server processes', + :default => '16' + +attribute 'apache/prefork/maxspareservers', + :display_name => 'Apache Prefork MPM MaxSpareServers', + :description => 'Maximum number of spare server processes', + :default => '32' + +attribute 'apache/prefork/serverlimit', + :display_name => 'Apache Prefork MPM ServerLimit', + :description => 'Upper limit on configurable server processes', + :default => '400' + +attribute 'apache/prefork/maxclients', + :display_name => 'Apache Prefork MPM MaxClients', + :description => 'Maximum number of simultaneous connections', + :default => '400' + +attribute 'apache/prefork/maxrequestsperchild', + :display_name => 'Apache Prefork MPM MaxRequestsPerChild', + :description => 'Maximum number of request a child process will handle', + :default => '10000' + +attribute 'apache/worker', + :display_name => 'Apache Worker', + :description => 'Hash of Apache prefork tuning attributes.', + :type => 'hash' + +attribute 'apache/worker/startservers', + :display_name => 'Apache Worker MPM StartServers', + :description => 'Initial number of server processes to start', + :default => '4' + +attribute 'apache/worker/maxclients', + :display_name => 'Apache Worker MPM MaxClients', + :description => 'Maximum number of simultaneous connections', + :default => '1024' + +attribute 'apache/worker/minsparethreads', + :display_name => 'Apache Worker MPM MinSpareThreads', + :description => 'Minimum number of spare worker threads', + :default => '64' + +attribute 'apache/worker/maxsparethreads', + :display_name => 'Apache Worker MPM MaxSpareThreads', + :description => 'Maximum number of spare worker threads', + :default => '192' + +attribute 'apache/worker/threadsperchild', + :display_name => 'Apache Worker MPM ThreadsPerChild', + :description => 'Constant number of worker threads in each server process', + :default => '64' + +attribute 'apache/worker/maxrequestsperchild', + :display_name => 'Apache Worker MPM MaxRequestsPerChild', + :description => 'Maximum number of request a child process will handle', + :default => '0' + +attribute 'apache/default_modules', + :display_name => 'Apache Default Modules', + :description => 'Default modules to enable via recipes', + :default => 'status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif' + +attribute 'apache/mod_ssl/cipher_suite', + :display_name => 'Apache mod_ssl Cipher Suite', + :description => 'String of SSL ciphers to use for SSLCipherSuite', + :default => 'RC4-SHA:HIGH:!ADH' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/default.rb new file mode 100644 index 000000000..12fde494e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/default.rb @@ -0,0 +1,212 @@ +# +# Cookbook Name:: apache2 +# Recipe:: default +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package 'apache2' do + package_name node['apache']['package'] +end + +service 'apache2' do + case node['platform_family'] + when 'rhel', 'fedora', 'suse' + service_name 'httpd' + # If restarted/reloaded too quickly httpd has a habit of failing. + # This may happen with multiple recipes notifying apache to restart - like + # during the initial bootstrap. + restart_command '/sbin/service httpd restart && sleep 1' + reload_command '/sbin/service httpd reload && sleep 1' + when 'debian' + service_name 'apache2' + restart_command '/usr/sbin/invoke-rc.d apache2 restart && sleep 1' + reload_command '/usr/sbin/invoke-rc.d apache2 reload && sleep 1' + when 'arch' + service_name 'httpd' + when 'freebsd' + service_name 'apache22' + end + supports [:restart, :reload, :status] + action :enable +end + +if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') + directory node['apache']['log_dir'] do + mode '0755' + end + + package 'perl' + + cookbook_file '/usr/local/bin/apache2_module_conf_generate.pl' do + source 'apache2_module_conf_generate.pl' + mode '0755' + owner 'root' + group node['apache']['root_group'] + end + + %w[sites-available sites-enabled mods-available mods-enabled].each do |dir| + directory "#{node['apache']['dir']}/#{dir}" do + mode '0755' + owner 'root' + group node['apache']['root_group'] + end + end + + execute 'generate-module-list' do + command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available" + action :nothing + end + + %w[a2ensite a2dissite a2enmod a2dismod].each do |modscript| + template "/usr/sbin/#{modscript}" do + source "#{modscript}.erb" + mode '0700' + owner 'root' + group node['apache']['root_group'] + end + end + + # installed by default on centos/rhel, remove in favour of mods-enabled + %w[proxy_ajp auth_pam authz_ldap webalizer ssl welcome].each do |f| + file "#{node['apache']['dir']}/conf.d/#{f}.conf" do + action :delete + backup false + end + end + + # installed by default on centos/rhel, remove in favour of mods-enabled + file "#{node['apache']['dir']}/conf.d/README" do + action :delete + backup false + end + + # enable mod_deflate for consistency across distributions + include_recipe 'apache2::mod_deflate' +end + +if platform_family?('freebsd') + file "#{node['apache']['dir']}/Includes/no-accf.conf" do + action :delete + backup false + end + + directory "#{node['apache']['dir']}/Includes" do + action :delete + end + + %w[ + httpd-autoindex.conf httpd-dav.conf httpd-default.conf httpd-info.conf + httpd-languages.conf httpd-manual.conf httpd-mpm.conf + httpd-multilang-errordoc.conf httpd-ssl.conf httpd-userdir.conf + httpd-vhosts.conf + ].each do |f| + file "#{node['apache']['dir']}/extra/#{f}" do + action :delete + backup false + end + end + + directory "#{node['apache']['dir']}/extra" do + action :delete + end +end + +%W[ + #{node['apache']['dir']}/ssl + #{node['apache']['dir']}/conf.d + #{node['apache']['cache_dir']} +].each do |path| + directory path do + mode '0755' + owner 'root' + group node['apache']['root_group'] + end +end + +# Set the preferred execution binary - prefork or worker +template '/etc/sysconfig/httpd' do + source 'etc-sysconfig-httpd.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' + only_if { platform_family?('rhel', 'fedora') } +end + +template 'apache2.conf' do + case node['platform_family'] + when 'rhel', 'fedora', 'arch' + path "#{node['apache']['dir']}/conf/httpd.conf" + when 'debian' + path "#{node['apache']['dir']}/apache2.conf" + when 'freebsd' + path "#{node['apache']['dir']}/httpd.conf" + end + source 'apache2.conf.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' +end + +template 'apache2-conf-security' do + path "#{node['apache']['dir']}/conf.d/security.conf" + source 'security.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + backup false + notifies :restart, 'service[apache2]' +end + +template 'apache2-conf-charset' do + path "#{node['apache']['dir']}/conf.d/charset.conf" + source 'charset.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + backup false + notifies :restart, 'service[apache2]' +end + +template "#{node['apache']['dir']}/ports.conf" do + source 'ports.conf.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' +end + +template "#{node['apache']['dir']}/sites-available/default" do + source 'default-site.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' +end + +node['apache']['default_modules'].each do |mod| + module_recipe_name = mod =~ /^mod_/ ? mod : "mod_#{mod}" + include_recipe "apache2::#{module_recipe_name}" +end + +apache_site 'default' do + enable node['apache']['default_site_enabled'] +end + +service 'apache2' do + action :start +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/god_monitor.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/god_monitor.rb new file mode 100644 index 000000000..f597b9c34 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/god_monitor.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: apache2 +# Recipe:: god_monitor +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_service = service 'apache2' do + action :nothing +end + +start_command = apache_service.start_command +stop_command = apache_service.stop_command +restart_command = apache_service.restart_command + +god_monitor 'apache2' do + config 'apache2.god.erb' + start start_command || "/etc/init.d/#{apache_service.service_name} start" + restart restart_command || "/etc/init.d/#{apache_service.service_name} restart" + stop stop_command || "/etc/init.d/#{apache_service.service_name} stop" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/iptables.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/iptables.rb new file mode 100644 index 000000000..ae0bbb229 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/iptables.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: iptables +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +iptables_rule 'port_apache' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/logrotate.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/logrotate.rb new file mode 100644 index 000000000..723241b2b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/logrotate.rb @@ -0,0 +1,31 @@ +# +# Cookbook Name:: apache2 +# Recipe:: logrotate +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_service = service 'apache2' do + action :nothing +end + +begin + include_recipe 'logrotate' +rescue + Chef::Log.warn('The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.') +end +logrotate_app apache_service.service_name do + path node['apache']['log_dir'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_actions.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_actions.rb new file mode 100644 index 000000000..2d9336e98 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_actions.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: actions +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'actions' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_alias.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_alias.rb new file mode 100644 index 000000000..4825f7fd4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_alias.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: alias +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'alias' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_apreq2.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_apreq2.rb new file mode 100644 index 000000000..c08f7e268 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_apreq2.rb @@ -0,0 +1,51 @@ +# +# Cookbook Name:: apache2 +# Recipe:: apreq2 +# +# modified from the python recipe by Jeremy Bingham +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'apache2::default' + +case node['platform_family'] +when 'debian' + package 'libapache2-mod-apreq2' +when 'rhel', 'fedora' + package 'libapreq2' do + notifies :run, 'execute[generate-module-list]', :immediately + end + + # seems that the apreq lib is weirdly broken or something - it needs to be + # loaded as 'apreq', but on RHEL & derivitatives the file needs a symbolic + # link to mod_apreq.so. + link '/usr/lib64/httpd/modules/mod_apreq.so' do + to '/usr/lib64/httpd/modules/mod_apreq2.so' + only_if 'test -f /usr/lib64/httpd/modules/mod_apreq2.so' + end + + link '/usr/lib/httpd/modules/mod_apreq.so' do + to '/usr/lib/httpd/modules/mod_apreq2.so' + only_if 'test -f /usr/lib/httpd/modules/mod_apreq2.so' + end +end + +file "#{node['apache']['dir']}/conf.d/apreq.conf" do + action :delete + backup false +end + +apache_module 'apreq' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_basic.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_basic.rb new file mode 100644 index 000000000..65a2cc46a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_basic.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: auth_basic +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'auth_basic' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_cas.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_cas.rb new file mode 100644 index 000000000..7743d0e19 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_cas.rb @@ -0,0 +1,73 @@ +# +# Cookbook Name:: apache2 +# Recipe:: auth_basic +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'apache2::default' + +if node['apache']['mod_auth_cas']['from_source'] + package 'httpd-devel' do + package_name value_for_platform_family( + %w[rhel fedora suse] => 'httpd-devel', + 'debian' => 'apache2-dev' + ) + end + + git '/tmp/mod_auth_cas' do + repository 'git://github.com/Jasig/mod_auth_cas.git' + revision node['apache']['mod_auth_cas']['source_revision'] + notifies :run, 'execute[compile mod_auth_cas]', :immediately + end + + execute 'compile mod_auth_cas' do + command './configure && make && make install' + cwd '/tmp/mod_auth_cas' + not_if "test -f #{node['apache']['libexecdir']}/mod_auth_cas.so" + end + + template "#{node['apache']['dir']}/mods-available/auth_cas.load" do + source 'mods/auth_cas.load.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + end +else + case node['platform_family'] + when 'debian' + package 'libapache2-mod-auth-cas' + + when 'rhel', 'fedora' + yum_package 'mod_auth_cas' do + notifies :run, 'execute[generate-module-list]', :immediately + end + + file "#{node['apache']['dir']}/conf.d/auth_cas.conf" do + action :delete + backup false + end + end +end + +apache_module 'auth_cas' do + conf true +end + +directory "#{node['apache']['cache_dir']}/mod_auth_cas" do + owner node['apache']['user'] + group node['apache']['group'] + mode '0700' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_digest.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_digest.rb new file mode 100644 index 000000000..ba91defb0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_digest.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: auth_digest +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'auth_digest' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_openid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_openid.rb new file mode 100644 index 000000000..0faecfde2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_auth_openid.rb @@ -0,0 +1,123 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_auth_openid +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +openid_dev_pkgs = value_for_platform_family( + 'debian' => %w[automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool], + %w[rhel fedora] => %w[gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool], + 'arch' => %w[libopkele], + 'freebsd' => %w[libopkele pcre sqlite3] +) + +make_cmd = value_for_platform_family( + 'freebsd' => { 'default' => 'gmake' }, + 'default' => 'make' +) + +case node['platform_family'] +when 'arch' + include_recipe 'pacman::default' + + package 'tidyhtml' + + pacman_aur openid_dev_pkgs.first do + action [:build, :install] + end +else + openid_dev_pkgs.each do |pkg| + package pkg + end +end + +case node['platform_family'] +when 'rhel', 'fedora' + remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do + source 'http://kin.klever.net/dist/libopkele-2.0.4.tar.gz' + mode '0644' + checksum '57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648' + end + + bash 'install libopkele' do + cwd Chef::Config['file_cache_path'] + # Ruby 1.8.6 does not have rpartition, unfortunately + syslibdir = node['apache']['lib_dir'][0..node['apache']['lib_dir'].rindex('/')] + code <<-EOH + tar zxvf libopkele-2.0.4.tar.gz + cd libopkele-2.0.4 && ./configure --prefix=/usr --libdir=#{syslibdir} + #{make_cmd} && #{make_cmd} install + EOH + creates "#{syslibdir}/libopkele.a" + end +end + +version = node['apache']['mod_auth_openid']['ref'] +configure_flags = node['apache']['mod_auth_openid']['configure_flags'] + +remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do + source node['apache']['mod_auth_openid']['source_url'] + mode '0644' + action :create_if_missing +end + +directory node['apache']['mod_auth_openid']['cache_dir'] do + owner node['apache']['user'] + group node['apache']['group'] + mode '0700' +end + +bash 'untar mod_auth_openid' do + cwd Chef::Config['file_cache_path'] + code <<-EOH + tar zxvf mod_auth_openid-#{version}.tar.gz + EOH + creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/types.h" +end + +bash 'compile mod_auth_openid' do + cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}" + code <<-EOH + ./autogen.sh + ./configure #{configure_flags.join(' ')} + perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile + #{make_cmd} + EOH + creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so" + notifies :run, 'bash[install-mod_auth_openid]', :immediately + not_if "test -f #{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so" +end + +bash 'install-mod_auth_openid' do + cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}" + code <<-EOH + #{make_cmd} install + EOH + creates "#{node['apache']['libexecdir']}/mod_auth_openid.so" + notifies :restart, 'service[apache2]' + not_if "test -f #{node['apache']['libexecdir']}/mod_auth_openid.so" +end + +template "#{node['apache']['dir']}/mods-available/authopenid.load" do + source 'mods/authopenid.load.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' +end + +apache_module 'authopenid' do + filename 'mod_auth_openid.so' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authn_file.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authn_file.rb new file mode 100644 index 000000000..88dbed6d2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authn_file.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authn_file +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authn_file' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authnz_ldap.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authnz_ldap.rb new file mode 100644 index 000000000..2e93fe27e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authnz_ldap.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authnz_ldap +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authnz_ldap' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_default.rb new file mode 100644 index 000000000..2fe45f45b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_default +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_default' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_groupfile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_groupfile.rb new file mode 100644 index 000000000..a2cb7bb92 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_groupfile.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_groupfile +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_groupfile' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_host.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_host.rb new file mode 100644 index 000000000..08e0effc0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_host.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_host +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_host' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_user.rb new file mode 100644 index 000000000..a54b79856 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_authz_user.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_user +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_user' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_autoindex.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_autoindex.rb new file mode 100644 index 000000000..1ec58a66c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_autoindex.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: autoindex +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'autoindex' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cgi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cgi.rb new file mode 100644 index 000000000..c67aa74c7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cgi.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: cgi +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'cgi' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cloudflare.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cloudflare.rb new file mode 100644 index 000000000..87a23ef92 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_cloudflare.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: apache2 +# Recipe:: cloudflare +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apt_repository 'cloudflare' do + uri 'http://pkg.cloudflare.com' + distribution node['lsb']['codename'] + components ['main'] + key 'http://pkg.cloudflare.com/pubkey.gpg' + action :add +end + +package 'libapache2-mod-cloudflare' do + notifies :restart, 'service[apache2]' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav.rb new file mode 100644 index 000000000..504c255ad --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dav +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'dav' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_fs.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_fs.rb new file mode 100644 index 000000000..939594b6c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_fs.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dav_fs +# +# Copyright 2011-2013, Atriso +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'apache2::mod_dav' +apache_module 'dav_fs' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_svn.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_svn.rb new file mode 100644 index 000000000..bcd8b002d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dav_svn.rb @@ -0,0 +1,39 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dav_svn +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'apache2::mod_dav' + +package 'libapache2-svn' do + case node['platform_family'] + when 'rhel', 'fedora', 'suse' + package_name 'mod_dav_svn' + else + package_name 'libapache2-svn' + end +end + +case node['platform_family'] +when 'rhel', 'fedora', 'suse' + file "#{node['apache']['dir']}/conf.d/subversion.conf" do + action :delete + backup false + end +end + +apache_module 'dav_svn' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_deflate.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_deflate.rb new file mode 100644 index 000000000..c87608642 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_deflate.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: deflate +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'deflate' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dir.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dir.rb new file mode 100644 index 000000000..f2a33c80e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_dir.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dir +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'dir' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_env.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_env.rb new file mode 100644 index 000000000..10a8029fe --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_env.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: env +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'env' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_expires.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_expires.rb new file mode 100644 index 000000000..52a637e0c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_expires.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: expires +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'expires' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fastcgi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fastcgi.rb new file mode 100644 index 000000000..d53cbf07c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fastcgi.rb @@ -0,0 +1,52 @@ +# +# Cookbook Name:: apache2 +# Recipe:: fastcgi +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform_family?('debian') + package 'libapache2-mod-fastcgi' +elsif platform_family?('rhel') + %w[gcc make libtool httpd-devel apr-devel apr].each do |package| + yum_package package do + action :upgrade + end + end + + src_filepath = "#{Chef::Config['file_cache_path']}/fastcgi.tar.gz" + remote_file 'download fastcgi source' do + source node['apache']['mod_fastcgi']['download_url'] + path src_filepath + backup false + end + + top_dir = node['apache']['lib_dir'] + bash 'compile fastcgi source' do + notifies :run, 'execute[generate-module-list]', :immediately + not_if "test -f #{node['apache']['dir']}/mods-available/fastcgi.conf" + cwd ::File.dirname(src_filepath) + code <<-EOH + tar zxf #{::File.basename(src_filepath)} && + cd mod_fastcgi-* && + cp Makefile.AP2 Makefile && + make top_dir=#{top_dir} && make install top_dir=#{top_dir} + EOH + end +end + +apache_module 'fastcgi' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fcgid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fcgid.rb new file mode 100644 index 000000000..dcb81a4d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_fcgid.rb @@ -0,0 +1,53 @@ +# +# Cookbook Name:: apache2 +# Recipe:: fcgid +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform_family?('debian') + package 'libapache2-mod-fcgid' +elsif platform_family?('rhel', 'fedora') + package 'mod_fcgid' do + notifies :run, 'execute[generate-module-list]', :immediately + end + + file "#{node['apache']['dir']}/conf.d/fcgid.conf" do + action :delete + backup false + end + + directory '/var/run/httpd/mod_fcgid' do + recursive true + only_if { node['platform_version'].to_i >= 6 } + end +elsif platform_family?('suse') + apache_lib_path = node['apache']['lib_dir'] + + package 'httpd-devel' + + bash 'install-fcgid' do + code <<-EOH +(cd #{Chef::Config['file_cache_path']}; wget http://superb-east.dl.sourceforge.net/sourceforge/mod-fcgid/mod_fcgid.2.2.tgz) +(cd #{Chef::Config['file_cache_path']}; tar zxvf mod_fcgid.2.2.tgz) +(cd #{Chef::Config['file_cache_path']}; perl -pi -e 's!/usr/local/apache2!#{apache_lib_path}!g' ./mod_fcgid.2.2/Makefile) +(cd #{Chef::Config['file_cache_path']}/mod_fcgid.2.2; make install) +EOH + end +end + +apache_module 'fcgid' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_filter.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_filter.rb new file mode 100644 index 000000000..cf1f00ea7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_filter.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: filter +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'filter' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_headers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_headers.rb new file mode 100644 index 000000000..8aa985056 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_headers.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: headers +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'headers' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_include.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_include.rb new file mode 100644 index 000000000..237270cf3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_include.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: include +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'include' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_info.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_info.rb new file mode 100644 index 000000000..093e59f8a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_info.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: info +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'info' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ldap.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ldap.rb new file mode 100644 index 000000000..ec624664c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ldap.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: ldap +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'ldap' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_log_config.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_log_config.rb new file mode 100644 index 000000000..529c5f574 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_log_config.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: apache2 +# Recipe:: log_config +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform_family?('rhel', 'fedora', 'suse', 'arch', 'freebsd') + apache_module 'log_config' +else + include_recipe 'apache2::default' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_logio.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_logio.rb new file mode 100644 index 000000000..efdf512b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_logio.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: apache2 +# Recipe:: logio +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform_family?('rhel', 'fedora', 'suse', 'arch', 'freebsd') + apache_module 'logio' +else + include_recipe 'apache2::default' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_mime.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_mime.rb new file mode 100644 index 000000000..17272776f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_mime.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mime +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'mime' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_negotiation.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_negotiation.rb new file mode 100644 index 000000000..68a856c22 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_negotiation.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: negotiation +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'negotiation' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_perl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_perl.rb new file mode 100644 index 000000000..23bad4af4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_perl.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: apache2 +# Recipe:: perl +# +# adapted from the mod_python recipe by Jeremy Bingham +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when 'debian' + %w[libapache2-mod-perl2 libapache2-request-perl apache2-mpm-prefork].each do |pkg| + package pkg + end +when 'rhel', 'fedora' + package 'mod_perl' do + notifies :run, 'execute[generate-module-list]', :immediately + end + + package 'perl-libapreq2' +end + +file "#{node['apache']['dir']}/conf.d/perl.conf" do + action :delete + backup false +end + +apache_module 'perl' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_php5.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_php5.rb new file mode 100644 index 000000000..d5dee6d54 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_php5.rb @@ -0,0 +1,69 @@ +# +# Cookbook Name:: apache2 +# Recipe:: php5 +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when 'debian' + package 'libapache2-mod-php5' +when 'arch' + package 'php-apache' do + notifies :run, 'execute[generate-module-list]', :immediately + end +when 'rhel' + package 'which' + + package 'php package' do + if node['platform_version'].to_f < 6.0 + package_name 'php53' + else + package_name 'php' + end + notifies :run, 'execute[generate-module-list]', :immediately + not_if 'which php' + end +when 'fedora' + package 'php package' do + package_name 'php' + notifies :run, 'execute[generate-module-list]', :immediately + not_if 'which php' + end +when 'freebsd' + freebsd_port_options 'php5' do + options 'APACHE' => true + action :create + end + + package 'php package' do + package_name 'php5' + source 'ports' + notifies :run, 'execute[generate-module-list]', :immediately + end +end + +file "#{node['apache']['dir']}/conf.d/php.conf" do + action :delete + backup false +end + +apache_module 'php5' do + case node['platform_family'] + when 'rhel', 'fedora', 'freebsd' + conf true + filename 'libphp5.so' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy.rb new file mode 100644 index 000000000..8cb5554c9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_ajp.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_ajp.rb new file mode 100644 index 000000000..0d80bbed6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_ajp.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'apache2::mod_proxy' +apache_module 'proxy_ajp' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_balancer.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_balancer.rb new file mode 100644 index 000000000..85646e7cd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_balancer.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_balancer' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_connect.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_connect.rb new file mode 100644 index 000000000..bece09995 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_connect.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_connect' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_http.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_http.rb new file mode 100644 index 000000000..2929e2108 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_proxy_http.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy_http +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_http' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_python.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_python.rb new file mode 100644 index 000000000..5f5048552 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_python.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: apache2 +# Recipe:: python +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when 'debian' + package 'libapache2-mod-python' +when 'rhel', 'fedora' + package 'mod_python' do + notifies :run, 'execute[generate-module-list]', :immediately + end +end + +file "#{node['apache']['dir']}/conf.d/python.conf" do + action :delete + backup false +end + +apache_module 'python' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_rewrite.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_rewrite.rb new file mode 100644 index 000000000..651fadf38 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_rewrite.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: rewrite +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'rewrite' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_setenvif.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_setenvif.rb new file mode 100644 index 000000000..fab981991 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_setenvif.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: setenvif +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'setenvif' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ssl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ssl.rb new file mode 100644 index 000000000..e21cb6d99 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_ssl.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: apache2 +# Recipe:: ssl +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +unless node['apache']['listen_ports'].include?('443') + node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + ['443'] +end + +if platform_family?('rhel', 'fedora', 'suse') + package 'mod_ssl' do + notifies :run, 'execute[generate-module-list]', :immediately + end + + file "#{node['apache']['dir']}/conf.d/ssl.conf" do + action :delete + backup false + end +end + +template "#{node['apache']['dir']}/ports.conf" do + source 'ports.conf.erb' + mode '0644' + notifies :restart, 'service[apache2]' +end + +apache_module 'ssl' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_status.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_status.rb new file mode 100644 index 000000000..2f1cc2a97 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_status.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: status +# +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'status' do + conf true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_userdir.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_userdir.rb new file mode 100644 index 000000000..8ad4f8261 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_userdir.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_userdir +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'userdir' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_wsgi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_wsgi.rb new file mode 100644 index 000000000..6f9fc46c1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_wsgi.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_wsgi +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when 'debian' + package 'libapache2-mod-wsgi' +when 'rhel', 'fedora', 'arch' + package 'mod_wsgi' do + notifies :run, 'execute[generate-module-list]', :immediately + end +end + +file "#{node['apache']['dir']}/conf.d/wsgi.conf" do + action :delete + backup false +end + +apache_module 'wsgi' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_xsendfile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_xsendfile.rb new file mode 100644 index 000000000..1ed99e89e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/recipes/mod_xsendfile.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_xsendfile +# +# Copyright 2011-2013, CustomInk, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when 'debian' + package 'libapache2-mod-xsendfile' +when 'rhel', 'fedora' + package 'mod_xsendfile' do + notifies :run, 'execute[generate-module-list]', :immediately + end +end + +file "#{node['apache']['dir']}/conf.d/xsendfile.conf" do + action :delete + backup false +end + +apache_module 'xsendfile' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dismod.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dismod.erb new file mode 100644 index 000000000..e66a292a6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dismod.erb @@ -0,0 +1,22 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node['apache']['dir'] %>' + +if [ -z $1 ]; then + echo "Which module would you like to disable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/mods-enabled/*.load | \ + sed -e "s,$SYSCONFDIR/mods-enabled/,,g" | sed -e 's/\.load$//g;' | xargs echo + echo -n "Module name? " + read MODNAME +else + MODNAME=$1 +fi + +if ! [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load ]; then + echo "This module is already disabled, or does not exist!" + exit 1 +fi + +rm -f $SYSCONFDIR/mods-enabled/$MODNAME.* +echo "Module $MODNAME disabled; reload apache to fully disable." \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dissite.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dissite.erb new file mode 100644 index 000000000..9e074c58c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2dissite.erb @@ -0,0 +1,29 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node['apache']['dir'] %>' + +if [ -z $1 ]; then + echo "Which site would you like to disable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/sites-enabled/* | \ + sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo + echo -n "Site name? " + read SITENAME +else + SITENAME=$1 +fi + +if [ $SITENAME = "default" ]; then + PRIORITY="000" +fi + +if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ + -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then + echo "This site is already disabled, or does not exist!" + exit 1 +fi + +if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then + rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" +fi +echo "Site $SITENAME disabled; reload apache to disable." diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2enmod.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2enmod.erb new file mode 100644 index 000000000..9766e8087 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2enmod.erb @@ -0,0 +1,37 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node['apache']['dir'] %>' + +if [ -z $1 ]; then + echo "Which module would you like to enable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/mods-available/*.load | \ + sed -e "s,$SYSCONFDIR/mods-available/,,g" | sed -e 's/\.load$//g;' | xargs echo + echo -n "Module name? " + read MODNAME +else + MODNAME=$1 +fi + +#figure out if we're on a prefork or threaded mpm +if [ -x <%= node['apache']['binary'] %> ]; then + PREFORK=`<%= node['apache']['binary'] %> -l | grep prefork || true` +fi + +if [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load -a -e $SYSCONFDIR/mods-enabled/$MODNAME.conf ]; then + echo "This module is already enabled!" + exit 0 +fi + +if ! [ -e $SYSCONFDIR/mods-available/$MODNAME.load ]; then + echo "This module does not exist!" + exit 1 +fi + +for i in conf load; do + if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then + ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $SYSCONFDIR/mods-enabled/$MODNAME.$i; + fi +done + +echo "Module $MODNAME installed; reload apache to enable." diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2ensite.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2ensite.erb new file mode 100644 index 000000000..3a7c6289f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/a2ensite.erb @@ -0,0 +1,38 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node['apache']['dir'] %>' + +if [ -z $1 ]; then + echo "Which site would you like to enable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/sites-available/* | \ + sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo + echo -n "Site name? " + read SITENAME +else + SITENAME=$1 +fi + +if [ $SITENAME = "default" ]; then + PRIORITY="000" +fi + +if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ + -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then + echo "This site is already enabled!" + exit 0 +fi + +if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then + echo "This site does not exist!" + exit 1 +fi + +if [ $SITENAME = "default" ]; then + ln -sf $SYSCONFDIR/sites-available/$SITENAME \ + $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" +else + ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME +fi + +echo "Site $SITENAME installed; reload apache to enable." \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.conf.erb new file mode 100644 index 000000000..5bc6d3cda --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.conf.erb @@ -0,0 +1,238 @@ +# +# Generated by Chef +# +# Based on the Ubuntu apache2.conf + +ServerRoot "<%= node['apache']['dir'] %>" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +<% if %w[debian].include?(node['platform_family']) -%> +LockFile /var/lock/apache2/accept.lock +<% elsif %w[freebsd].include?(node['platform_family']) -%> +LockFile /var/log/accept.lock +<% else %> +LockFile logs/accept.lock +<% end -%> + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile <%= node['apache']['pid_file'] %> + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout <%= node['apache']['timeout'] %> + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive <%= node['apache']['keepalive'] %> + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests <%= node['apache']['keepaliverequests'] %> + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout <%= node['apache']['keepalivetimeout'] %> + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers <%= node['apache']['prefork']['startservers'] %> + MinSpareServers <%= node['apache']['prefork']['minspareservers'] %> + MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %> + ServerLimit <%= node['apache']['prefork']['serverlimit'] %> + MaxClients <%= node['apache']['prefork']['maxclients'] %> + MaxRequestsPerChild <%= node['apache']['prefork']['maxrequestsperchild'] %> + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers <%= node['apache']['worker']['startservers'] %> + ServerLimit <%= node['apache']['worker']['serverlimit'] %> + MaxClients <%= node['apache']['worker']['maxclients'] %> + MinSpareThreads <%= node['apache']['worker']['minsparethreads'] %> + MaxSpareThreads <%= node['apache']['worker']['maxsparethreads'] %> + ThreadsPerChild <%= node['apache']['worker']['threadsperchild'] %> + MaxRequestsPerChild <%= node['apache']['worker']['maxrequestsperchild'] %> + + +User <%= node['apache']['user'] %> +Group <%= node['apache']['group'] %> + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# COOK-1021: Dummy LoadModule directive to aid module installations +#LoadModule dummy_module modules/mod_dummy.so + +# Include module configuration: +Include <%= node['apache']['dir'] %>/mods-enabled/*.load +Include <%= node['apache']['dir'] %>/mods-enabled/*.conf + +<% if %w[freebsd].include?(node['platform_family']) -%> + + AcceptFilter http none + AcceptFilter https none + +<% end %> + +# Include ports listing +Include <%= node['apache']['dir'] %>/ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +# + +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/usr/share/apache2/error/" +# +# +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + + +# Include generic snippets of statements +Include <%= node['apache']['dir'] %>/conf.d/*.conf + +# Include the virtual host configurations: +Include <%= node['apache']['dir'] %>/sites-enabled/ diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.god.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.god.erb new file mode 100644 index 000000000..86947f5b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/apache2.god.erb @@ -0,0 +1,19 @@ +God.watch do |w| + w.name = "apache2" + w.interval = 30.seconds # default + w.start = "<%= @params[:start] %>" + w.stop = "<%= @params[:stop] %>" + w.restart = "<%= @params[:restart] %>" + w.start_grace = 10.seconds + w.restart_grace = 10.seconds + w.pid_file = "/var/run/apache2.pid" + w.behavior(:clean_pid_file) + + w.start_if do |start| + start.condition(:process_running) do |c| + c.interval = 5.seconds + c.running = false + c.notify = 'admin' + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/charset.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/charset.erb new file mode 100644 index 000000000..40d7198b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/charset.erb @@ -0,0 +1,6 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/default-site.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/default-site.erb new file mode 100644 index 000000000..b1344373d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/default-site.erb @@ -0,0 +1,55 @@ + + ServerAdmin <%= node['apache']['contact'] %> + + DocumentRoot <%= node['apache']['docroot_dir'] %>/ + + Options FollowSymLinks + AllowOverride None + + + /> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + Allow from all + + + ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/ + "> + AllowOverride None + Options ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined + ServerSignature On + + Alias /doc/ "/usr/share/doc/" + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + Allow from 127.0.0.0/255.0.0.0 ::1/128 + + + <% if %w[rhel fedora].include?(node['platform_family']) -%> + # + # This configuration file enables the default "Welcome" + # page if there is no default index page present for + # the root URL. To disable the Welcome page, comment + # out all the lines below. + # + + Options -Indexes + ErrorDocument 403 /error/noindex.html + + <% end -%> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/etc-sysconfig-httpd.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/etc-sysconfig-httpd.erb new file mode 100644 index 000000000..dd1c2a767 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/etc-sysconfig-httpd.erb @@ -0,0 +1,31 @@ +# This file managed by Chef. Changes will be overwritten. + +# +# The default processing model (MPM) is the process-based +# 'prefork' model. A thread-based model, 'worker', is also +# available, but does not work with some modules (such as PHP). +# The service must be stopped before changing this variable. +# +HTTPD=<%= node['apache']['binary'] %> + +# +# To pass additional options (for instance, -D definitions) to the +# httpd binary at startup, set OPTIONS here. +# +#OPTIONS= + +# +# By default, the httpd process is started in the C locale; to +# change the locale in which the server runs, the HTTPD_LANG +# variable can be set. +# +#HTTPD_LANG=C + +# +# By default, the httpd process will create the file +# /var/run/httpd/httpd.pid in which it records its process +# identification number when it starts. If an alternate location is +# specified in httpd.conf (via the PidFile directive), the new +# location needs to be reported in the PIDFILE. +# +#PIDFILE=<%= node['apache']['pid_file'] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/README b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/README new file mode 100644 index 000000000..df9f0bcc9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/README @@ -0,0 +1,2 @@ +These configs are taken from a Debian apache2.2-common 2.2.11-3 install. They +work on CentOS 5.3 with a few conditions using erb. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/alias.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/alias.conf.erb new file mode 100644 index 000000000..8d8c2ec0f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/alias.conf.erb @@ -0,0 +1,23 @@ + + # + # Aliases: Add here as many aliases as you need (with no limit). The format is + # Alias fakename realname + # + # Note that if you include a trailing / on fakename then the server will + # require it to be present in the URL. So "/icons" isn't aliased in this + # example, only "/icons/". If the fakename is slash-terminated, then the + # realname must also be slash terminated, and if the fakename omits the + # trailing slash, the realname must also omit it. + # + # We include the /icons/ alias for FancyIndexed directory listings. If + # you do not use FancyIndexing, you may comment this out. + # + Alias /icons/ "<%= node['apache']['icondir'] %>/" + + "> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.conf.erb new file mode 100644 index 000000000..1f23f8eaf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.conf.erb @@ -0,0 +1 @@ +CASCookiePath <%= node['apache']['cache_dir'] %>/mod_auth_cas/ diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.load.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.load.erb new file mode 100644 index 000000000..0e3a002ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/auth_cas.load.erb @@ -0,0 +1 @@ +LoadModule auth_cas_module <%= node['apache']['libexecdir'] %>/mod_auth_cas.so diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/authopenid.load.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/authopenid.load.erb new file mode 100644 index 000000000..d226ecf48 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/authopenid.load.erb @@ -0,0 +1 @@ +LoadModule authopenid_module <%= node['apache']['libexecdir'] %>/mod_auth_openid.so diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/autoindex.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/autoindex.conf.erb new file mode 100644 index 000000000..5f866146b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/autoindex.conf.erb @@ -0,0 +1,100 @@ + + # + # Directives controlling the display of server-generated directory listings. + # + + # + # IndexOptions: Controls the appearance of server-generated directory + # listings. + # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. + # + IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 + + # + # AddIcon* directives tell the server which icon to show for different + # files or filename extensions. These are only displayed for + # FancyIndexed directories. + # + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 + + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* + + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + # It's a suffix rule, so simply matching "core" matches "score" as well ! + AddIcon /icons/bomb.gif /core + AddIcon (SND,/icons/sound2.gif) .ogg + AddIcon (VID,/icons/movie.gif) .ogm + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ + + # Default icons for OpenDocument format + AddIcon /icons/odf6odt-20x22.png .odt + AddIcon /icons/odf6ods-20x22.png .ods + AddIcon /icons/odf6odp-20x22.png .odp + AddIcon /icons/odf6odg-20x22.png .odg + AddIcon /icons/odf6odc-20x22.png .odc + AddIcon /icons/odf6odf-20x22.png .odf + AddIcon /icons/odf6odb-20x22.png .odb + AddIcon /icons/odf6odi-20x22.png .odi + AddIcon /icons/odf6odm-20x22.png .odm + + AddIcon /icons/odf6ott-20x22.png .ott + AddIcon /icons/odf6ots-20x22.png .ots + AddIcon /icons/odf6otp-20x22.png .otp + AddIcon /icons/odf6otg-20x22.png .otg + AddIcon /icons/odf6otc-20x22.png .otc + AddIcon /icons/odf6otf-20x22.png .otf + AddIcon /icons/odf6oti-20x22.png .oti + AddIcon /icons/odf6oth-20x22.png .oth + + # + # DefaultIcon is which icon to show for files which do not have an icon + # explicitly set. + # + DefaultIcon /icons/unknown.gif + + # + # AddDescription allows you to place a short description after a file in + # server-generated indexes. These are only displayed for FancyIndexed + # directories. + # Format: AddDescription "description" filename + # + #AddDescription "GZIP compressed document" .gz + #AddDescription "tar archive" .tar + #AddDescription "GZIP compressed tar archive" .tgz + + # + # ReadmeName is the name of the README file the server will look for by + # default, and append to directory listings. + # + # HeaderName is the name of a file which should be prepended to + # directory indexes. + ReadmeName README.html + HeaderName HEADER.html + + # + # IndexIgnore is a set of filenames which directory indexing should ignore + # and not include in the listing. Shell-style wildcarding is permitted. + # + IndexIgnore .??* *~ *# RCS CVS *,v *,t + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/deflate.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/deflate.conf.erb new file mode 100644 index 000000000..4a312b21d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/deflate.conf.erb @@ -0,0 +1,16 @@ + + AddOutputFilterByType DEFLATE text/html + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE text/plain + AddOutputFilterByType DEFLATE text/xml + AddOutputFilterByType DEFLATE application/xhtml+xml + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE image/svg+xml + AddOutputFilterByType DEFLATE application/rss+xml + AddOutputFilterByType DEFLATE application/atom_xml + AddOutputFilterByType DEFLATE application/javascript + AddOutputFilterByType DEFLATE application/x-javascript + AddOutputFilterByType DEFLATE application/x-httpd-php + AddOutputFilterByType DEFLATE application/x-httpd-fastphp + AddOutputFilterByType DEFLATE application/x-httpd-eruby + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/dir.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/dir.conf.erb new file mode 100644 index 000000000..dd6cea1f3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/dir.conf.erb @@ -0,0 +1,3 @@ + + DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fastcgi.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fastcgi.conf.erb new file mode 100644 index 000000000..add16d5ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fastcgi.conf.erb @@ -0,0 +1,5 @@ + + AddHandler fastcgi-script .fcgi + #FastCgiWrapper /usr/lib/apache2/suexec + FastCgiIpcDir <%= "#{node['apache']['lib_dir']}/fastcgi" %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fcgid.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fcgid.conf.erb new file mode 100644 index 000000000..d13e8a6bf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/fcgid.conf.erb @@ -0,0 +1,10 @@ + + AddHandler fcgid-script .fcgi + IPCConnectTimeout 20 + + +<% if %w[rhel fedora].include?(node['platform_family']) -%> +# Sane place to put sockets and shared memory file +SocketPath run/mod_fcgid +SharememPath run/mod_fcgid/fcgid_shm +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.conf.erb new file mode 100644 index 000000000..46f5547ce --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.conf.erb @@ -0,0 +1,4 @@ + + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.erb new file mode 100644 index 000000000..d5fbbedf2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/include.erb @@ -0,0 +1,4 @@ + + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/info.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/info.conf.erb new file mode 100644 index 000000000..1d0e7ea68 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/info.conf.erb @@ -0,0 +1,14 @@ + + # + # Allow server info reports generated by mod_info, + # with the URL of http://servername/server-info + # Uncomment and change the ".example.com" to allow + # access from other hosts. + # + + SetHandler server-info + Order deny,allow + Deny from all + Allow from <%= node['apache']['info_allow_list'] %> + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/mime.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/mime.conf.erb new file mode 100644 index 000000000..56d1fcaed --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/mime.conf.erb @@ -0,0 +1,199 @@ + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + <% case node['platform_family'] -%> + <% when 'arch' -%> + TypesConfig <%= node['apache']['dir'] %>/conf/mime.types + <% when 'freebsd' -%> + TypesConfig <%= node['apache']['dir'] %>/mime.types + <% else -%> + TypesConfig /etc/mime.types + <% end -%> + + # + # AddType allows you to add to or override the MIME configuration + # file mime.types for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # Despite the name similarity, the following Add* directives have + # nothing to do with the FancyIndexing customization directives above. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + #AddEncoding x-bzip2 .bz2 + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + AddType application/x-bzip2 .bz2 + + AddType image/svg+xml svg svgz + AddEncoding gzip svgz + + # + # DefaultLanguage and AddLanguage allows you to specify the language of + # a document. You can then use content negotiation to give a browser a + # file in a language the user can understand. + # + # Specify a default language. This means that all data + # going out without a specific language tag (see below) will + # be marked with this one. You probably do NOT want to set + # this unless you are sure it is correct for all cases. + # + # * It is generally better to not mark a page as + # * being a certain language than marking it with the wrong + # * language! + # + # DefaultLanguage nl + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in some cases + # the two character 'Language' abbreviation is not identical to + # the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. There is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) + # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) + # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) + # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) + # Norwegian (no) - Polish (pl) - Portugese (pt) + # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) + # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) + # + AddLanguage ca .ca + AddLanguage cs .cz .cs + AddLanguage da .dk + AddLanguage de .de + AddLanguage el .el + AddLanguage en .en + AddLanguage eo .eo + # See README.Debian for Spanish + AddLanguage es .es + AddLanguage et .et + AddLanguage fr .fr + AddLanguage he .he + AddLanguage hr .hr + AddLanguage it .it + AddLanguage ja .ja + AddLanguage ko .ko + AddLanguage ltz .ltz + AddLanguage nl .nl + AddLanguage nn .nn + AddLanguage no .no + AddLanguage pl .po + AddLanguage pt .pt + AddLanguage pt-BR .pt-br + AddLanguage ru .ru + AddLanguage sv .sv + # See README.Debian for Turkish + AddLanguage tr .tr + AddLanguage zh-CN .zh-cn + AddLanguage zh-TW .zh-tw + + # + # Commonly used filename extensions to character sets. You probably + # want to avoid clashes with the language extensions, unless you + # are good at carefully testing your setup after each change. + # See http://www.iana.org/assignments/character-sets for the + # official list of charset names and their respective RFCs. + # + AddCharset us-ascii .ascii .us-ascii + AddCharset ISO-8859-1 .iso8859-1 .latin1 + AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen + AddCharset ISO-8859-3 .iso8859-3 .latin3 + AddCharset ISO-8859-4 .iso8859-4 .latin4 + AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru + AddCharset ISO-8859-6 .iso8859-6 .arb .arabic + AddCharset ISO-8859-7 .iso8859-7 .grk .greek + AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew + AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk + AddCharset ISO-8859-10 .iso8859-10 .latin6 + AddCharset ISO-8859-13 .iso8859-13 + AddCharset ISO-8859-14 .iso8859-14 .latin8 + AddCharset ISO-8859-15 .iso8859-15 .latin9 + AddCharset ISO-8859-16 .iso8859-16 .latin10 + AddCharset ISO-2022-JP .iso2022-jp .jis + AddCharset ISO-2022-KR .iso2022-kr .kis + AddCharset ISO-2022-CN .iso2022-cn .cis + AddCharset Big5 .Big5 .big5 .b5 + AddCharset cn-Big5 .cn-big5 + # For russian, more than one charset is used (depends on client, mostly): + AddCharset WINDOWS-1251 .cp-1251 .win-1251 + AddCharset CP866 .cp866 + AddCharset KOI8 .koi8 + AddCharset KOI8-E .koi8-e + AddCharset KOI8-r .koi8-r .koi8-ru + AddCharset KOI8-U .koi8-u + AddCharset KOI8-ru .koi8-uk .ua + AddCharset ISO-10646-UCS-2 .ucs2 + AddCharset ISO-10646-UCS-4 .ucs4 + AddCharset UTF-7 .utf7 + AddCharset UTF-8 .utf8 + AddCharset UTF-16 .utf16 + AddCharset UTF-16BE .utf16be + AddCharset UTF-16LE .utf16le + AddCharset UTF-32 .utf32 + AddCharset UTF-32BE .utf32be + AddCharset UTF-32LE .utf32le + AddCharset euc-cn .euc-cn + AddCharset euc-gb .euc-gb + AddCharset euc-jp .euc-jp + AddCharset euc-kr .euc-kr + #Not sure how euc-tw got in - IANA doesn't list it??? + AddCharset EUC-TW .euc-tw + AddCharset gb2312 .gb2312 .gb + AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 + AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 + AddCharset shift_jis .shift_jis .sjis + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # + # For files that include their own HTTP headers: + # + #AddHandler send-as-is asis + + # + # For server-parsed imagemap files: + # + #AddHandler imap-file map + + # + # For type maps (negotiated resources): + # (This is enabled by default to allow the Apache "It Worked" page + # to be distributed in multiple languages.) + # + AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/negotiation.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/negotiation.conf.erb new file mode 100644 index 000000000..6bea05fce --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/negotiation.conf.erb @@ -0,0 +1,17 @@ + + # + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + # + LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW + + # + # ForceLanguagePriority allows you to serve a result page rather than + # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) + # [in case no accepted languages matched the available variants] + # + ForceLanguagePriority Prefer Fallback + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/php5.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/php5.conf.erb new file mode 100644 index 000000000..5d2f9112f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/php5.conf.erb @@ -0,0 +1,16 @@ + + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + + # To re-enable php in user directories comment the following lines + # (from to .) Do NOT set it to On as it + # prevents .htaccess files from disabling it. + + + php_admin_value engine Off + + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/proxy.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/proxy.conf.erb new file mode 100644 index 000000000..553a3ca50 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/proxy.conf.erb @@ -0,0 +1,19 @@ + + #turning ProxyRequests on and allowing proxying from all may allow + #spammers to use your proxy to send email. + + ProxyRequests Off + + + AddDefaultCharset off + Order <%= node['apache']['proxy']['order'] %> + Deny from <%= node['apache']['proxy']['deny_from'] %> + Allow from <%= node['apache']['proxy']['allow_from'] %> + + + # Enable/disable the handling of HTTP/1.1 "Via:" headers. + # ("Full" adds the server version; "Block" removes all outgoing Via: headers) + # Set to one of: Off | On | Full | Block + + ProxyVia On + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/setenvif.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/setenvif.conf.erb new file mode 100644 index 000000000..832fb1b33 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/setenvif.conf.erb @@ -0,0 +1,26 @@ + + # + # The following directives modify normal HTTP response behavior to + # handle known problems with browser implementations. + # + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 + + # + # The following directive disables redirects on non-GET requests for + # a directory that does not include the trailing slash. This fixes a + # problem with Microsoft WebFolders which does not appropriately handle + # redirects for folders with DAV methods. + # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. + # + BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully + BrowserMatch "MS FrontPage" redirect-carefully + BrowserMatch "^WebDrive" redirect-carefully + BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully + BrowserMatch "^gnome-vfs/1.0" redirect-carefully + BrowserMatch "^XML Spy" redirect-carefully + BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/ssl.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/ssl.conf.erb new file mode 100644 index 000000000..6154b64f7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/ssl.conf.erb @@ -0,0 +1,76 @@ + + # + # Pseudo Random Number Generator (PRNG): + # Configure one or more sources to seed the PRNG of the SSL library. + # The seed data should be of good random quality. + # WARNING! On some platforms /dev/random blocks if not enough entropy + # is available. This means you then cannot use the /dev/random device + # because it would lead to very long connection times (as long as + # it requires to make more entropy available). But usually those + # platforms additionally provide a /dev/urandom device which doesn't + # block. So, if available, use this one instead. Read the mod_ssl User + # Manual for more details. + # + SSLRandomSeed startup builtin + SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed connect builtin + SSLRandomSeed connect file:/dev/urandom 512 + + ## + ## SSL Global Context + ## + ## All SSL configuration in this context applies both to + ## the main server and all SSL-enabled virtual hosts. + ## + + # + # Some MIME-types for downloading Certificates and CRLs + # + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + # Pass Phrase Dialog: + # Configure the pass phrase gathering process. + # The filtering dialog program (`builtin' is a internal + # terminal dialog) has to provide the pass phrase on stdout. + SSLPassPhraseDialog builtin + + # Inter-Process Session Cache: + # Configure the SSL Session Cache: First the mechanism + # to use and second the expiring timeout (in seconds). + #SSLSessionCache dbm:/var/run/apache2/ssl_scache + <% if %w[rhel fedora suse].include?(node['platform_family']) -%> + SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) + <% elsif %w[freebsd].include?(node['platform_family']) -%> + SSLSessionCache shmcb:/var/run/ssl_scache(512000) + <% else -%> + SSLSessionCache shmcb:/var/run/apache2/ssl_scache + <% end -%> + SSLSessionCacheTimeout 300 + + # Semaphore: + # Configure the path to the mutual exclusion semaphore the + # SSL engine uses internally for inter-process synchronization. + <% if %w[rhel fedora suse].include?(node['platform_family']) -%> + SSLMutex default + <% elsif %w[freebsd].include?(node['platform_family']) -%> + SSLMutex file:/var/run/ssl_mutex + <% else -%> + SSLMutex file:/var/run/apache2/ssl_mutex + <% end -%> + + SSLHonorCipherOrder On + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + # enable only secure ciphers: + SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %> + # Use this instead if you want to allow cipher upgrades via SGC facility. + # In this case you also have to use something like + # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 + # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc + #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 + SSLProtocol all -SSLv2 + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/status.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/status.conf.erb new file mode 100644 index 000000000..a279f9ce3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/mods/status.conf.erb @@ -0,0 +1,25 @@ + + # + # Allow server status reports generated by mod_status, + # with the URL of http://servername/server-status + # Uncomment and change the ".example.com" to allow + # access from other hosts. + # + + SetHandler server-status + Order deny,allow + Deny from all + Allow from <%= node['apache']['status_allow_list'] %> + + + # + # ExtendedStatus controls whether Apache will generate "full" status + # information (ExtendedStatus On) or just basic information (ExtendedStatus + # Off) when the "server-status" handler is called. The default is Off. + # + <% if node['apache']['ext_status'] -%> + ExtendedStatus On + <% else -%> + ExtendedStatus Off + <% end -%> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/port_apache.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/port_apache.erb new file mode 100644 index 000000000..45aa56e61 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/port_apache.erb @@ -0,0 +1,3 @@ +<% node['apache']['listen_ports'].each do |port| -%> +-A FWR -p tcp -m tcp --dport <%= port %> -j ACCEPT +<% end %> \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/ports.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/ports.conf.erb new file mode 100644 index 000000000..dcbefc472 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/ports.conf.erb @@ -0,0 +1,9 @@ +# This file was generated by Chef for <%= node['fqdn'] %>. +# Do NOT modify this file by hand! + +<% node['apache']['listen_ports'].map(&:to_i).uniq.each do |port| -%> +<% node['apache']['listen_addresses'].uniq.each do |address| -%> +Listen <%= address.length > 0 ? "#{address}:" : '' %><%= port %> +<% end -%> +NameVirtualHost *:<%= port %> +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/security.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/security.erb new file mode 100644 index 000000000..d26e1722b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/security.erb @@ -0,0 +1,46 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +# +# AllowOverride None +# Order Deny,Allow +# Deny from all +# + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens <%= node['apache']['servertokens'] %> + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature <%= node['apache']['serversignature'] %> + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +TraceEnable <%= node['apache']['traceenable'] %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/web_app.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/web_app.conf.erb new file mode 100644 index 000000000..5999d1ea5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/templates/default/web_app.conf.erb @@ -0,0 +1,47 @@ +> + ServerName <%= @params[:server_name] %> + ServerAlias <% @params[:server_aliases].each do |a| %><%= a %> <% end %> + DocumentRoot <%= @params[:docroot] %> + RewriteEngine On + + > + Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %> + AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %> + Order allow,deny + Allow from all + + + + Options FollowSymLinks + AllowOverride None + + + + SetHandler server-status + + Order Deny,Allow + Deny from all + Allow from 127.0.0.1 + + + LogLevel info + ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log + CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined + + <% if @params[:directory_index] -%> + DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %> + <% end -%> + + RewriteEngine On + RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log + RewriteLogLevel 0 + + # Canonical host, <%= @params[:server_name] %> + RewriteCond %{HTTP_HOST} !^<%= @params[:server_name] %> [NC] + RewriteCond %{HTTP_HOST} !^$ + RewriteRule ^/(.*)$ http://<%= @params[:server_name] %>/$1 [L,R=301] + + RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.html + RewriteRule ^.*$ /system/maintenance.html [L] + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/alias_paths.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/alias_paths.feature new file mode 100644 index 000000000..796cba297 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/alias_paths.feature @@ -0,0 +1,12 @@ +Feature: Alias Paths + +In order to host a website with the URL structure different to the filesystem structure +As a developer +I want to be able to alias paths + + @default @mod_alias + Scenario: Aliased directory + Given a new webserver with aliasing enabled + And an alias defined + When I request the alias path + Then the aliased resource should be returned successfully diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_basic.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_basic.feature new file mode 100644 index 000000000..f0c56a4f7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_basic.feature @@ -0,0 +1,20 @@ +@mod_auth_basic +Feature: Basic Authentication + +In order to perform authorization or vary the provided content +As a developer +I want to authenticate the remote user + + Scenario: Authenticate access to a page + Given a new webserver configured to require authentication to access a page + When the user requests the secure page with no credentials + Then access will be rejected requiring authentication + + Scenario Outline: Authenticate access to a page (basic authentication) + Given a new webserver configured to require authentication to access a page + When the user requests the secure page authenticating with over basic auth + Then access will be + Examples: + | credentials | access | + | valid credentials | granted | + | invalid credentials | rejected requiring authentication | diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_digest.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_digest.feature new file mode 100644 index 000000000..1cc65ed81 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_digest.feature @@ -0,0 +1,20 @@ +@mod_auth_digest +Feature: Digest Authentication + +In order to perform authorization or vary the provided content +As a developer +I want to authenticate the remote user + + Scenario: Authenticate access to a page + Given a new webserver configured to require authentication to access a page + When the user requests the secure page with no credentials + Then access will be rejected requiring authentication + + Scenario Outline: Authenticate access to a page (digest authentication) + Given a new webserver configured to require authentication to access a page + When the user requests the secure page authenticating with over digest auth + Then access will be + Examples: + | credentials | access | + | valid credentials | granted | + | invalid credentials | rejected requiring authentication | diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_openid.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_openid.feature new file mode 100644 index 000000000..597f4cd8f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authenticate_openid.feature @@ -0,0 +1,11 @@ +@mod_auth_openid +Feature: OpenID Authentication + +In order to perform authorization or vary the provided content +As a developer +I want to authenticate the remote user + + Scenario: Authenticate access to a page + Given a new webserver configured to require authentication to access a page + When the user requests the secure page with no credentials + Then access will be rejected requiring OpenID authentication diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_groupfile.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_groupfile.feature new file mode 100644 index 000000000..ef804467f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_groupfile.feature @@ -0,0 +1,16 @@ +@mod_authz_groupfile +Feature: Authorize access to content by user + +In order to restrict part of my website +As a developer +I want to restrict access to specific users + + Scenario: Authorize based on group file + Given a new webserver configured to authorize users listed in a group file + When the authenticated user is listed in the file + Then access will be granted + + Scenario: Valid authentication but not a member of the group + Given a new webserver configured to authorize users listed in a group file + When the authenticated user is not listed in the file + Then access will be rejected requiring authentication diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_host.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_host.feature new file mode 100644 index 000000000..f2c2742ef --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_host.feature @@ -0,0 +1,17 @@ +Feature: Authorize access to content by host + +In order to restrict part of my website +As a developer +I want to restrict access to known remote hosts + + @mod_authz_listed_host + Scenario: Known remote address + Given a new webserver configured to authorize access based on the remote address + When the remote address is listed as authorized + Then access will be granted + + @mod_authz_unlisted_host + Scenario: Unlisted remote address + Given a new webserver configured to authorize access based on the remote address + When the remote address is not listed as authorized + Then access will be denied diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_ldap.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_ldap.feature new file mode 100644 index 000000000..cc1eb5541 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_ldap.feature @@ -0,0 +1,16 @@ +@mod_authnz_ldap +Feature: Authorize access to content against corporate directory + +In order to restrict part of my website +As a developer +I want to restrict access to people in my corporate directory + + Scenario: Authorized user access + Given a new webserver configured to authorize against a corporate directory + When the authenticated user is listed in the directory as authorized + Then access will be granted + + Scenario: User not in directory + Given a new webserver configured to authorize against a corporate directory + When the authenticated user is not listed in the directory as authorized + Then access will be rejected requiring authentication diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_users.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_users.feature new file mode 100644 index 000000000..1ca139414 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/authorize_users.feature @@ -0,0 +1,16 @@ +@mod_authz_user +Feature: Authorize access to content by user + +In order to restrict part of my website +As a developer +I want to restrict access to specific users + + Scenario: Authorize named users + Given a new webserver configured to authorize access to specific named users + When the authenticated user is listed as authorized + Then access will be granted + + Scenario: Authorize named users + Given a new webserver configured to authorize access to specific named users + When the authenticated user is not listed as authorized + Then access will be rejected requiring authentication diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_web_app.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_web_app.feature new file mode 100644 index 000000000..4031c0c3d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_web_app.feature @@ -0,0 +1,11 @@ +@basic_web_app +Feature: Deploy basic webapp + +In order to run my application +As a developer +I want to deploy a basic web application + + Scenario: Deploy basic webapp + Given a new webserver + When I request the root path of the webapp + Then the webapp default page will be returned diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_webserver.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_webserver.feature new file mode 100644 index 000000000..014ae3bb0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/basic_webserver.feature @@ -0,0 +1,16 @@ +@default +Feature: Serve web pages + +In order to run my application +As a developer +I want to respond to website requests + + Scenario: Request homepage + Given a new webserver + When I request the root url + Then the default page should be returned + + Scenario: Missing page + Given a new webserver + When I request a URL known not to exist + Then page not found should be returned diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/compress_server_response.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/compress_server_response.feature new file mode 100644 index 000000000..943e982f1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/compress_server_response.feature @@ -0,0 +1,16 @@ +@default @mod_deflate +Feature: Compress server response + +In order to reduce the time taken to retrieve web pages +As a developer +I want to enable compression on server responses + + Scenario: Deflate compression + Given a new webserver with deflate compression enabled + When the browser requests a page specifying that it supports compression + Then the response will be sent compressed + + Scenario: Deflate compression (no client support) + Given a new webserver with deflate compression enabled + When the browser requests a page specifying that it does not support compression + Then the response will be sent uncompressed diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/control_caching.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/control_caching.feature new file mode 100644 index 000000000..d32afe92b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/control_caching.feature @@ -0,0 +1,11 @@ +@mod_expires +Feature: Control caching + +In order to control caching of responses by intermediate servers +As a developer +I want to control the expiry times on served pages + + Scenario: Set expiry time + Given a new webserver with support for setting expiry times enabled + When I request a path which has a cache directive applied + Then the expiry time returned will match that configured diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/directory_listing.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/directory_listing.feature new file mode 100644 index 000000000..72aa287e4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/directory_listing.feature @@ -0,0 +1,19 @@ +@default @mod_autoindex +Feature: Directory listing + +In order to allow browsing of the webserver filesystem +As a developer +I want to enable directory listing + + Scenario: View directory listing + Given a new webserver with directory listing enabled + And a path configured to allow directory listing + When I request the directory listing path + Then the directory listing should be returned successfully + + Scenario: Re-order files listed + Given a new webserver with directory listing enabled + And a path configured to allow directory listing with fancy indexing + When I request the directory listing path + Then the directory listing should be returned successfully + And I will be able to sort the files by size diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_cgi_scripts.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_cgi_scripts.feature new file mode 100644 index 000000000..bc518ee1a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_cgi_scripts.feature @@ -0,0 +1,11 @@ +@mod_cgi +Feature: Host CGI scripts + +In order to host dynamic websites +As a developer +I want to be able to host CGI scripts + + Scenario: Host CGI scripts + Given a new webserver with CGI support enabled + When a request is made to a CGI script that generates a list of environment variables + Then the expected environment variables will be present diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_perl_applications.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_perl_applications.feature new file mode 100644 index 000000000..b9816d4ee --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_perl_applications.feature @@ -0,0 +1,11 @@ +@mod_perl +Feature: Host Perl applications + +In order to host dynamic websites +As a developer +I want to be able to host Perl applications + + Scenario: Host Perl application + Given a new webserver with Perl support enabled + When a request is made to a Perl script that generates a list of environment variables + Then the expected environment variables will be present diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_php_applications.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_php_applications.feature new file mode 100644 index 000000000..618b99998 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_php_applications.feature @@ -0,0 +1,11 @@ +@mod_php5 +Feature: Host PHP applications + +In order to host dynamic websites +As a developer +I want to be able to host PHP websites + + Scenario: Host PHP website + Given a new webserver with PHP support enabled + When a request is made to a PHP script that generates a list of environment variables + Then the expected environment variables will be present diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_python_applications.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_python_applications.feature new file mode 100644 index 000000000..ae6f0d766 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_python_applications.feature @@ -0,0 +1,11 @@ +@mod_python +Feature: Host Python applications + +In order to host dynamic websites +As a developer +I want to be able to host Python applications + + Scenario: Host Python website + Given a new webserver with Python support enabled + When a request is made to a Python script that generates a list of environment variables + Then the expected environment variables will be present diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_source_control_repositories.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_source_control_repositories.feature new file mode 100644 index 000000000..21daa4cd0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/host_source_control_repositories.feature @@ -0,0 +1,12 @@ +Feature: Host source control repositories + +In order to provide access to source control +As a developer +I want to host source control repositories + + @mod_dav_svn + Scenario: Commit changes + Given a new webserver with subversion support enabled + And a subversion repository + When a developer commits a change to the repository + Then the change will be visible when browsing the repository diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/proxy_java_applications.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/proxy_java_applications.feature new file mode 100644 index 000000000..4e75649e3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/proxy_java_applications.feature @@ -0,0 +1,12 @@ +@java +Feature: Proxy Java applications + +In order to host dynamic websites +As a developer +I want be able to proxy requests to a Java application + + @mod_proxy_ajp + Scenario: Proxy Java application server + Given a new webserver with support for proxying to Java application servers enabled + When a request is made to a Java application that generates a list of request parameters + Then the expected request parameters will be present diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/secure_requests.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/secure_requests.feature new file mode 100644 index 000000000..8346b54b6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/secure_requests.feature @@ -0,0 +1,11 @@ +@mod_ssl +Feature: Secure requests + +In order to prevent a malicious third party from eavesdropping or hijacking a user session +As a developer +I want to secure communication between the client and server + + Scenario: Request homepage + Given a new webserver + When I request the root url over HTTPS + Then the default page should be returned diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/svn_steps.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/svn_steps.rb new file mode 100644 index 000000000..f576c9a70 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/svn_steps.rb @@ -0,0 +1,19 @@ +Given 'a subversion repository' do + +end + +When 'a developer commits a change to the repository' do + svn_repository '/svn/' do + svn_commit_new_file 'README', 'Hello World' + end +end + +Then 'the change will be visible when browsing the repository' do + begin + http_request('/svn/README').must_include 'Hello World' + ensure + svn_repository '/svn/' do + svn_remove_file 'README' + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/webserver_steps.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/webserver_steps.rb new file mode 100644 index 000000000..40ed439fd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/step_definitions/webserver_steps.rb @@ -0,0 +1,160 @@ +Given /^a new webserver.*$/ do + +end + +Given /^an alias defined|a path configured to allow directory listing.*$/ do + # /icons/ is defined by default +end + +When /^a request is made to a (CGI|Java|Perl|Python|PHP) (?:script|application) that generates a list of (?:environment variables|request parameters)$/ do |script_type| + http_request case script_type + when 'CGI' then '/cgi-bin/env' + when 'Python' then '/env/python.py' + else "/env/#{script_type.downcase}" + end +end + +When 'I request a path which has a cache directive applied' do + http_request '/cachetest/' +end + +When 'I request a URL known not to exist' do + http_request '/this-path-does-not-exist' +end + +When 'I request as a known browser that only supports HTTP/1.0' do + @response_version = http_response_version('JDK/1.0', '1.0') +end + +When /^I request the (?:alias|directory listing) path$/ do + http_request '/icons/' +end + +When 'I request the root path of the webapp' do + http_request '/basic_web_app/' +end + +When /^I request the root url( over HTTPS)?$/ do |secure| + if secure + https_request '/' + else + http_request '/' + end +end + +When 'I request the status page from a remote host' do + http_request '/server-status/' +end + +When /^the authenticated user is (not )?listed (?:in the directory )(?:in the file|as authorized)$/ do |not_listed| + http_request '/secure/', + :basic_auth => { + :username => not_listed ? 'meatballs' : 'bork', + :password => 'secret' + } +end + +When 'the browser requests a page specifying that it does not support compression' do + @response_was_compressed = compresses_response?(:client_no_support) +end + +When 'the browser requests a page specifying that it supports compression' do + @response_was_compressed = compresses_response?(:client_supports) +end + +When /^the remote address is (not )?listed as authorized$/ do |not_listed| + http_request '/secure/' +end + +When /^the user requests the secure page authenticating with (in)?valid credentials over (basic|digest) auth$/ do |invalid, auth_type| + http_request '/secure/', "#{auth_type}_auth".to_sym => { + :username => 'bork', + :password => invalid ? 'squirrel' : 'secret' + } +end + +When 'the user requests the secure page with no credentials' do + http_request '/secure/' +end + +Then /^access will be (denied|rejected requiring (?:OpenID )?authentication|granted)$/ do |access| + http_response.code.must_equal({ + 'denied' => 403, + 'rejected requiring authentication' => 401, + 'rejected requiring OpenID authentication' => 200, + 'granted' => 200 + }[access]) + if access == 'rejected requiring OpenID authentication' + http_response.body.must_include 'This site is protected and requires that you identify yourself with an OpenID url.' + end +end + +Then 'I will be able to sort the files by size' do + http_request '/icons/?C=S;O=A' + # icons differ on different distros + dir_listing_entries[1].must_equal 'small/' +end + +Then 'page not found should be returned' do + http_response.body.must_include 'Not Found' + http_response.code.must_equal 404 +end + +Then 'simple statistics will be shown' do + http_response.body.must_include 'Apache Status' + ['Server uptime', 'requests currently being processed', 'idle workers'].each do |stat| + http_response.body.must_include stat + end +end + +Then 'the aliased resource should be returned successfully' do + http_response.body.must_include 'Index of /icons' + http_response.code.must_equal 200 +end + +Then 'the default page should be returned' do + assert default_page_present?(http_response.body) +end + +Then 'the directory listing should be returned successfully' do + http_response.body.must_include 'Index of /icons' + http_response.body.must_include 'Parent Directory' + dir_listing_entries.must_include 'README' + dir_listing_entries.must_include 'a.png' + http_response.code.must_equal 200 +end + +Then 'the expected environment variables will be present' do + env = environment_variables(http_response.body) + env['GATEWAY_INTERFACE'].must_include 'CGI/1.1' + env['SERVER_SOFTWARE'].must_equal 'Apache' +end + +Then 'the expected request parameters will be present' do + params = request_parameters(http_response.body) + params['Method'].must_equal 'GET' + params['Protocol'].must_equal 'HTTP/1.1' + params['Request URI'].must_equal '/examples/servlets/servlet/RequestInfoExample' +end + +Then 'the expiry time returned will match that configured' do + http_response.code.must_equal 200 + cache_time_seconds(http_response.headers).must_equal 60 + max_age_seconds(http_response.headers).must_equal 60 +end + +Then 'the response should be HTTP/1.0 also' do + @response_version.must_equal '1.0' +end + +Then /^the response will be sent (un)?compressed$/ do |expect_uncompressed| + if expect_uncompressed + refute @response_was_compressed + else + assert @response_was_compressed + end +end + +Then 'the webapp default page will be returned' do + http_response.body.must_include 'Hello World' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/env.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/env.rb new file mode 100644 index 000000000..8fb0fc03b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/env.rb @@ -0,0 +1,3 @@ +require 'minitest/spec' +World(MiniTest::Assertions) +MiniTest::Spec.new(nil) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/svn_helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/svn_helpers.rb new file mode 100644 index 000000000..d9b385512 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/svn_helpers.rb @@ -0,0 +1,24 @@ +require 'tmpdir' + +def run(cmd) + %x{#{cmd}} + assert $?.success? +end + +def svn_commit_new_file(filename, content) + File.open(filename, 'w') {|f| f.write(content) } + run "svn add #{filename} && svn commit -m 'Committed a change.'" +end + +def svn_remove_file(filename) + run "svn rm #{filename} && svn commit -m 'Revert previous commit.'" +end + +def svn_repository(path) + Dir.mktmpdir do |dir| + Dir.chdir dir + run "svn co http://#{test_host}#{path}" + Dir.chdir File.join(dir, path) + yield + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/web_helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/web_helpers.rb new file mode 100644 index 000000000..4d49322dd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support/web_helpers.rb @@ -0,0 +1,86 @@ +require 'httparty' +require 'nokogiri' + +def test_host + ENV['TEST_HOST'] || 'localhost' +end + +def http_port + ENV['TEST_HTTP_PORT'] || 80 +end + +def https_port + ENV['TEST_HTTPS_PORT'] || 443 +end + +def cache_time_seconds(http_headers) + expiry_time = Time.parse(http_headers['expires']) + server_time = Time.parse(http_headers['date']) + expiry_time - server_time +end + +def compresses_response?(request_type) + # httparty rewrites the response to hide compression from us + encoding = %x{curl -s -i #{'--compressed ' if request_type == :client_supports} 'http://#{test_host}/' | grep 'Content-Encoding' | awk -F' ' '{print $2}'}.strip + %w{deflate gzip}.include?(encoding) +end + +def default_page_present?(body) + ['This is the default web page for this server.', + 'Apache HTTP Server Test Page'].any?{|msg| body.include? msg} +end + +# Filenames in a directory listing response +def dir_listing_entries + Nokogiri::HTML(http_response.body).xpath("//td/a/text()").map{|a| a.to_s} +end + +def environment_variables(response_body) + Hash[response_body.split("\n").map{|v| v.split('=')}] +end + +def http_request(path, options={}) + if options.key?(:digest_auth) + # HTTParty digest doesn't appear to work + @response = http_request_digest_curl(path, options) + else + @response = HTTParty.get("http://#{test_host}:#{http_port}#{path}", options) + end + @response +end + +def http_request_digest_curl(path, options) + credentials = "#{options[:digest_auth][:username]}:#{options[:digest_auth][:password]}" + curl_response = %x{curl -s -i --digest -u #{credentials} http://#{test_host}:#{http_port}#{path}} + assert $?.success? + @response = Class.new do + def initialize(response) + @curl_response = response + end + def code + @curl_response.scan(%r{HTTP/1.1 ([0-9]+)}).flatten.last.to_i + end + end.new(curl_response) +end + +def https_request(path) + @response = HTTParty.get("https://#{test_host}:#{https_port}#{path}") +end + +def http_response + @response +end + +def http_response_version(user_agent, protocol_version) + response_line = %x{curl -s #{'-0 ' if protocol_version == '1.0'} -i -A '#{user_agent}' 'http://#{test_host}/' | head -n1} + assert $?.success? + response_line.scan(/HTTP\/([0-9]+\.[0-9]+) [0-9]+.*/).flatten.first +end + +def max_age_seconds(http_headers) + http_headers['cache-control'].scan(/^max-age=([0-9]+)$/).flatten.first.to_i +end + +def request_parameters(response_body) + Hash[*Nokogiri::HTML(response_body).xpath("//td/text()").map{|h| h.to_s.strip.sub(/:$/, '')}] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support_older_browsers.feature b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support_older_browsers.feature new file mode 100644 index 000000000..5158f6648 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/features/support_older_browsers.feature @@ -0,0 +1,11 @@ +@default @mod_setenvif +Feature: Support older browsers + + In order to be a good netizen + As a developer + I want to ensure that my server will respond to requests from older browsers + + Scenario: Support HTTP/1.0 + Given a new webserver + When I request as a known browser that only supports HTTP/1.0 + Then the response should be HTTP/1.0 also diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/Kitchenfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/Kitchenfile new file mode 100644 index 000000000..a0ed0ff6a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/Kitchenfile @@ -0,0 +1,50 @@ +# +# Author:: Andrew Crump +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +cookbook "apache2" do + configuration "default" + # basic_web_app tests are in apache2_test cookbook + configuration "basic_web_app" + # module_recipes tests are in apache2_test cookbook + configuration "modules" + configuration "mod_auth_basic" + configuration "mod_auth_digest" + configuration "mod_auth_openid" + configuration "mod_auth_cas" + configuration "mod_authnz_ldap" + configuration "mod_authz_groupfile" + configuration "mod_authz_listed_host" + configuration "mod_authz_unlisted_host" + configuration "mod_authz_user" + configuration "mod_cgi" + configuration "mod_dav_svn" + configuration "mod_expires" + configuration "mod_fastcgi" + configuration "mod_include" + configuration "mod_perl" + configuration "mod_apreq2" + configuration "mod_php5" + configuration "mod_proxy_ajp" + configuration "mod_python" + configuration "mod_ssl" + configuration "mod_status_remote" + # placeholder until COOK-744 is fixed + #configuration "god_monitor" + exclude :platform => 'centos', :configuration => 'mod_authnz_ldap' + exclude :platform => 'centos', :configuration => 'mod_auth_cas' + run_list_extras ['apache2_test::setup'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/Cheffile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/Cheffile new file mode 100644 index 000000000..ff6ca50eb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/Cheffile @@ -0,0 +1,4 @@ +cookbook 'openldap', + :git => 'https://github.com/opscode-cookbooks/openldap',:ref => 'foodcritic' + +cookbook 'god' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/README.md new file mode 100644 index 000000000..f6f3a3915 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/README.md @@ -0,0 +1,82 @@ +Description +=========== + +This cookbook defines acceptance tests for Apache2. It includes: + +* A `features` sub-directory where the Cucumber features for the webserver + are defined. +* Recipes that configure individual modules for use in order to be tested. + +Requirements +============ + +## Cookbooks: + +This cookbook depends on the `apache2` cookbook. It also relies on the `yum` +cookbook in order to add the EPEL repository on RHEL-derived distributions. + +## Platforms: + +* Ubuntu +* CentOS + +Attributes +========== + +* `node['apache_test']['auth_username']` - The username of the user for testing + authentication and authorization. +* `node['apache_test']['auth_password']` - The password of the user for testing + authentication and authorization. +* `node['apache_test']['cache_expiry_seconds']` - The cache expiry time in + seconds. +* `node['apache_test']['app_dir']` - The local directory where test applications + will be deployed. +* `node['apache_test']['cgi_dir']` - The local directory where CGI applications + will be deployed. +* `node['apache_test']['root_dir']` - The root directory of the webserver. +* `node['apache_test']['remote_host_ip']` - The remote host IP address for + authorization. +* `node['apache_test']['ssl_dir']` - The local directory containing the generated SSL key and certificate. +* `node['apache_test']['ssl_cert_file']` - The SSL certificate file. +* `node['apache_test']['ssl_cert_key_file']` - The private key. + +Recipes +======= + +* `default` - Simply includes apache2::default for a vanilla apache install. +* `mod_auth_basic` - Adds a web_app behind basic authentication for testing. +* `mod_auth_digest` - Adds a web_app behind digest authenticaiton for testing. +* `mod_auth_openid` - Adds a web_app behind openid authentication for testing. +* `mod_authnz_ldap` - Adds a web_app behind ldap-based authorization for testing. +* `mod_authz_groupfile` - Adds a web_app behind groupfile-based authorization for testing. +* `mod_authz_listed_host` - Adds a web_app behind host-based authorization for testing. +* `mod_authz_unlisted_host` - Adds a web_app behind host-based authorization for testing. +* `mod_authz_user` - Adds a web_app behind username-based authorization for testing. +* `mod_cgi` - Adds a CGI script (bash) that prints environment variables for testing. +* `mod_dav_svn` - Adds a web_app with an empty Subversion repository for testing. +* `mod_expires` - Adds a web_app that sets caching expiry headers for testing. +* `mod_perl` - Adds a Perl script running under mod_perl that prints environment variables for testing. +* `mod_php5` - Adds a PHP script running under mod_php5 that prints environment variables for testing. +* `mod_proxy_ajp` - Installs Tomcat with examples and configures proxying over AJP. +* `mod_python` - Adds a Python script running under mod_python that prints environment variables for testing. +* `mod_ssl` - Adds a self-signed SSL certificate and default website for testing. +* `mod_status_remote` - Enables remote access to stats for testing. + +License and Authors +=================== + +Author:: Andrew Crump + + Copyright:: 2012, Opscode, Inc + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/attributes/default.rb new file mode 100644 index 000000000..323b63e74 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/attributes/default.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: apache2_test +# Attributes:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache_test']['auth_username'] = 'bork' +default['apache_test']['auth_password'] = 'secret' +default['apache_test']['cache_expiry_seconds'] = 60 +default['apache_test']['app_dir'] = '/home/apache2/env' +default['apache_test']['cgi_dir'] = '/usr/lib/cgi-bin' +default['apache_test']['root_dir'] = '/var/www' +default['apache_test']['remote_host_ip'] = '127.0.0.1' +default['apache_test']['ssl_dir'] = '/home/apache2' +default['apache_test']['ssl_cert_file'] = "#{node['apache_test']['ssl_dir']}/server.crt" +default['apache_test']['ssl_cert_key_file'] = "#{node['apache_test']['ssl_dir']}/server.key" +default['apache_test']['svn_dir'] = '/home/apache2/svn' +default['domain'] = 'example.com' +default['openldap']['rootpw'] = '{SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/' +default['openldap']['rootpw_plain'] = 'secretsauce' +default['openldap']['slapd_rid'] = '000' +default['openldap']['auth_bindpw'] = 'yoltUnVik3' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/ssl/ldap.example.com.pem b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/ssl/ldap.example.com.pem new file mode 100644 index 000000000..7da82a18b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/ssl/ldap.example.com.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIDrjCCApYCCQCMPzF4wnKEjjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC +VVMxEDAOBgNVBAgTB1NldmVyYWwxETAPBgNVBAcTCExvY2FsaXR5MRQwEgYDVQQK +EwtFeGFtcGxlIENvbTETMBEGA1UECxMKT3BlcmF0aW9uczEZMBcGA1UEAxMQbGRh +cC5leGFtcGxlLmNvbTEeMBwGCSqGSIb3DQEJARYPb3BzQGV4YW1wbGUuY29tMB4X +DTEyMTAwODIwNTgxOFoXDTIyMTAwNjIwNTgxOFowgZgxCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdTZXZlcmFsMREwDwYDVQQHEwhMb2NhbGl0eTEUMBIGA1UEChMLRXhh +bXBsZSBDb20xEzARBgNVBAsTCk9wZXJhdGlvbnMxGTAXBgNVBAMTEGxkYXAuZXhh +bXBsZS5jb20xHjAcBgkqhkiG9w0BCQEWD29wc0BleGFtcGxlLmNvbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMduncR64JPmOzDvtSU8U88+JX8StlZG +Ovd06tZ4x58jmIaqFXDLKmwU/+9f9mwSeT7jokX9Y/cLWP0HcAGs1KmGnodryYCW +DQ6+BBeRbBOw1RoaqgP4r3/ooXiTTUuVXxYcyKkx3Pn300iDHNo53/e9hxZB9DDv +KfFHL5A9kHA/bUpI8FBxa/SEGiV5gIkr15b3Jk7Zzydpqlz/6dlqaQxQBGqcm6yY +Ey/OqOuP+i7fKQfb9taPEAbnZNKbV4KajLlt/bl+60VHsdSBKZPROMt1bJZpdzcF +1SlIjFvFPp/G39Vkc8hvBXsUO8qivSiNirOhFMqxkS/f90N/8nD9Mu0CAwEAATAN +BgkqhkiG9w0BAQUFAAOCAQEArwmwsnhgAug1/ZuJAiT9VOR2yWhhU98IozoYLcE7 +45aRsv0G9qxd/zt4uN+xkgUP1xilDkuzVDuU2jdKgKTJAaDNy4mm7xtMoLzPNtEq +W+12EqxKzKKyGJz1B9iH7UsnM1ZCm6rTWe+Ij/hPU+A/qqOsOvLyi+Z93xauLW6E +tcLVlrsuoJ8k/P+u2s5Isxz+NOSeryg5WcNVGzkCjyXkxgIF05zl0bqN9RL0WukU +hWmJ3pAE15bz88tI2e1Z+5RPPo3cxD4Bw8+jH0HPKW8Cz51OUyr6stva3mgS0UXF +KhyTpqhhau4GE9cKpK+2n1iF6exdq9TAkdAhViW3uj7mJg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAx26dxHrgk+Y7MO+1JTxTzz4lfxK2VkY693Tq1njHnyOYhqoV +cMsqbBT/71/2bBJ5PuOiRf1j9wtY/QdwAazUqYaeh2vJgJYNDr4EF5FsE7DVGhqq +A/ivf+iheJNNS5VfFhzIqTHc+ffTSIMc2jnf972HFkH0MO8p8UcvkD2QcD9tSkjw +UHFr9IQaJXmAiSvXlvcmTtnPJ2mqXP/p2WppDFAEapybrJgTL86o64/6Lt8pB9v2 +1o8QBudk0ptXgpqMuW39uX7rRUex1IEpk9E4y3Vslml3NwXVKUiMW8U+n8bf1WRz +yG8FexQ7yqK9KI2Ks6EUyrGRL9/3Q3/ycP0y7QIDAQABAoIBAQCdbQci8vBWL3Zo +AcCXfRCXVnJY5deDMPsZHXTHCh5h08JyAs7b87QwDz+coL6vvsFw0FXnM8d2WsHL +MtTKrbhNfdOkCITOeSQjkAFA7W1H+d2uNoAglG1M5cCYooZwdJ/Tn7MSRCcwNt3U +rpLW/Lp8IGMDQdrVyeTs7glwrfhXcYRpUFtT5AoweXFYIgGmZXD0LxmSdiY37V2X +zQ8vIjDn0wcNJYeqmOswP7iPS21HhAZGC4vfIji9DquQ4q6Pf8wRkW3KF7/BrmUl +9UXKb//Ja4xV50MSQoDQxmtjyrjnEfqYse2zLAn0QjVgqKgAzkP8+WpVrAmol6rG +KLd+VRtNAoGBAPIuvUIvRrjFVBWaAzv5pkE/DfpDA+6QSifSAJbqQOwSw3qAOBwq +RIQ//iBcHmxYyX0jhMVpP9wKZnVjDSr/9iLd4O7gvimxnYZp9vuvf2KZNbHaeky5 +niYIF65ObBRtAcAPETCEPhkYT0hFdyxJSRSBK73cQ9kzZAyROZYPvEivAoGBANLP +eUTGa25BG5xwzYF4NECSum9QK6QelH1TkO7nkv1c+Wp6HQ7G6hor5khxVkj5MpYk +nMdyZV4zU25OptM0QGMPwUwhj/MytpdUvBI2I5PAOq7lJbBCewW8lkagn+Pd1HD7 +IMBpvxe+M6LFftDiKnko+Z2zABkkRzVqGAPbL60jAoGAIKMr3j+AyGXPbxnSVcLP +JPvaZl+hqATJ+ZPTgIMRPL9KmLeu2BzaHviAxtujPfa5MKQYwIHumTjNlgRDQgg8 +o3ZDWe3vsq69C+A76K89+4uqMM3ArZZWOcndZyAqcJZAJiHhrygjNj6QcKzr4ov9 +zUWbH3sPqbXDRe5MVGzKcwECgYBxhpN66xPdqyhQZhr1lyMkhx/pZBYsat9yYndR +gNoSoWgb5CkT1SEq+OsppgdegvywCIV5juxx/1f1tlt2r9PgxRJGimh4Ap57/oDN +meQs5D92Aib6tcKEg1u2KzgPwV1vfn3TwN7MzXwHMy4pFTLkTqGmQEhUQcorRLgs +E3SoWwKBgEFEHZkpxcrjhs+S3Vr56ZSyYaMsXTbBx5Yz2e0/+ZASyXT9joFQ3au4 +IZoJCAhdSnRpj57FOuBHLwAJDSrUw/QxwD5VGI1i1MzzyejDW0590BYtNysXXdFF +r/Fp9Hh7Ms+cjzR7Fv8ccLQZPuie/nuNWT78gm8TkjNfwiMGgfrf +-----END RSA PRIVATE KEY----- diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/modules_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/modules_test.rb new file mode 100644 index 000000000..5d14e785e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/modules_test.rb @@ -0,0 +1,34 @@ +require File.expand_path('../support/helpers', __FILE__) + +# Test all the modules that are not specifically tested through a +# Kitchenfile configuration +# +# Does not test the modules in the default_modules attribute (those +# are tested in default_test) +%w{ + auth_digest + authnz_ldap + dav_fs + deflate + expires + fcgid + headers + ldap + proxy + proxy_balancer + proxy_connect + proxy_http + rewrite + wsgi + xsendfile +}.each do |expected_module| + + describe "apache2::mod_#{expected_module}" do + include Helpers::Apache + + it "installs mod_#{expected_module}" do + apache_enabled_modules.must_include "#{expected_module}_module" + end + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..50548666e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,50 @@ +module Helpers + module Apache + require 'chef/mixin/shell_out' + include Chef::Mixin::ShellOut + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + def apache_config_parses? + acp = shell_out("#{node['apache']['binary']} -t") + acp.exitstatus == 0 + end + + def apache_configured_ports + port_config = File.read("#{node['apache']['dir']}/ports.conf") + port_config.scan(/^Listen ([0-9]+)/).flatten.map{|p| p.to_i} + end + + def apache_enabled_modules + apache_modules = shell_out("#{node['apache']['binary']} -M") + apache_modules.send( + if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6.0 + :stderr + else + :stdout + end + ).split.select! {|i| i =~ /_module$/} + end + + def apache_service + service(case node['platform'] + when "debian","ubuntu" then "apache2" + when "freebsd" then "apache22" + else "httpd" + end) + end + + def config + file(case node['platform'] + when "debian","ubuntu" then "#{node['apache']['dir']}/apache2.conf" + when "freebsd" then "#{node['apache']['dir']}/httpd.conf" + else "#{node['apache']['dir']}/conf/httpd.conf" + end) + end + + def ran_recipe?(recipe) + node.run_state[:seen_recipes].keys.include?(recipe) + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/metadata.rb new file mode 100644 index 000000000..db6714264 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/metadata.rb @@ -0,0 +1,88 @@ +maintainer "Andrew Crump" +maintainer_email "andrew@kotirisoftware.com" +license "Apache 2.0" +description "Acceptance tests for apache2" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.1.0" + +depends "apache2" +depends "jpackage" +depends "openldap" +depends "tomcat" +depends "yum" + +recipe "apache2_test::default", "Test example for default recipe" +recipe "apache2_test::mod_auth_basic", "Test example for basic authentication" +recipe "apache2_test::mod_auth_digest", "Test example for digest authentication" +recipe "apache2_test::mod_auth_openid", "Test example for openid authentication" +recipe "apache2_test::mod_authnz_ldap", "Test example for LDAP authentication" +recipe "apache2_test::mod_authz_groupfile", "Test example for group file authorization" +recipe "apache2_test::mod_authz_listed_host", "Test example for host-based authorization" +recipe "apache2_test::mod_authz_unlisted_host", "Test example for hosted-based authorization" +recipe "apache2_test::mod_authz_user", "Test example for named user authorization" +recipe "apache2_test::mod_cgi", "Test example for hosting a CGI script" +recipe "apache2_test::mod_expires", "Test example for setting cache expiry headers" +recipe "apache2_test::mod_dav_svn", "Test example for Subversion repository hosting" +recipe "apache2_test::mod_perl", "Test example for hosting a Perl application" +recipe "apache2_test::mod_proxy_ajp", "Test example for proxying requests to a Java application" +recipe "apache2_test::mod_php5", "Test example for hosting a PHP application" +recipe "apache2_test::mod_python", "Test example for hosting a Python application" +recipe "apache2_test::mod_ssl", "Test example for SSL" +recipe "apache2_test::mod_status_remote", "Test example for viewing server status" + +%w{centos ubuntu}.each do |os| + supports os +end + +attribute "apache_test/auth_username", + :display_name => "Test Username", + :description => "Username for the test user", + :default => "bork" + +attribute "apache_test/auth_password", + :display_name => "Test Password", + :description => "Password for the test user", + :default => "secret" + +attribute "apache_test/cache_expiry_seconds", + :display_name => "Cache Expiry (Seconds)", + :description => "The expiry time to set in caching response headers", + :default => "60" + +attribute "apache_test/app_dir", + :display_name => "Application Directory", + :description => "Parent directory to deploy test applications under", + :default => "/home/apache2/env" + +attribute "apache_test/cgi_dir", + :display_name => "CGI Directory", + :description => "Directory to install CGI scripts into", + :default => "/usr/lib/cgi-bin" + +attribute "apache_test/root_dir", + :display_name => "Root Directory", + :description => "Webserver document root directory", + :default => "/var/www" + +attribute "apache_test/remote_host_ip", + :display_name => "Remote Host IP", + :description => "IP Address to allow requests from", + :default => "192.168" + +attribute "apache_test/ssl_dir", + :display_name => "SSL Directory", + :description => "Directory for SSL certificates", + :default => "/home/apache2" + +attribute "apache_test/ssl_cert_file", + :display_name => "SSL Certificate Path", + :description => "File path for the generated self-signed certificate" + +attribute "apache_test/ssl_cert_key_file", + :display_name => "SSL Certificate Private Key", + :description => "File path for the generated private key" + +attribute "apache_test/svn_dir", + :display_name => "Subversion Directory", + :description => "File path for test Subversion repository", + :default => "/home/apache2/svn" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/basic_web_app.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/basic_web_app.rb new file mode 100644 index 000000000..468b8d812 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/basic_web_app.rb @@ -0,0 +1,38 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: basic_web_app +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +app_dir = "#{node['apache_test']['root_dir']}/basic_web_app" + +directory app_dir do + action :create +end + +file "#{app_dir}/index.html" do + content "Hello World" + action :create +end + +web_app "basic_webapp" do + cookbook "apache2" + server_name node['hostname'] + server_aliases [node['fqdn']] + docroot app_dir +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/default.rb new file mode 100644 index 000000000..bb80e158f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/god_monitor.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/god_monitor.rb new file mode 100644 index 000000000..1488168a4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/god_monitor.rb @@ -0,0 +1,19 @@ +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::god_monitor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_basic.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_basic.rb new file mode 100644 index 000000000..93022a75b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_basic.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_auth_basic +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_auth_basic" + +directory "#{node['apache_test']['root_dir']}/secure" do + action :create +end + +execute "add-credentials" do + command "htpasswd -b -c #{node['apache_test']['root_dir']}/secure/.htpasswd #{node['apache_test']['auth_username']} #{node['apache_test']['auth_password']}" + action :run +end + +web_app "secure" do + template "auth_basic.conf.erb" + auth_user_file "#{node['apache_test']['root_dir']}/secure/.htpasswd" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_digest.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_digest.rb new file mode 100644 index 000000000..cf13ee5b5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_digest.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_auth_digest +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_auth_digest" + +directory "#{node['apache_test']['root_dir']}/secure" do + action :create +end + +# htdigest won't read the password from STDIN +bash "add_credentials" do + code %Q{ + (echo -n "#{node['apache_test']['auth_username']}:private area:" && echo -n "#{node['apache_test']['auth_username']}:private area:#{node['apache_test']['auth_password']}" | md5sum | awk '{print $1}') > /#{node['apache_test']['root_dir']}/secure/.htdigest + } +end + +web_app "secure" do + template "auth_digest.conf.erb" + auth_user_file "#{node['apache_test']['root_dir']}/secure/.htdigest" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_openid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_openid.rb new file mode 100644 index 000000000..9a2b35230 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_auth_openid.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_auth_openid +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_auth_openid" + +directory "#{node['apache_test']['root_dir']}/secure" do + action :create +end + +web_app "secure" do + template "auth_openid.conf.erb" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authnz_ldap.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authnz_ldap.rb new file mode 100644 index 000000000..e4359bef0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authnz_ldap.rb @@ -0,0 +1,63 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_authnz_ldap +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +directory "/var/cache/local/preseeding" do + recursive true + action :create + only_if { platform?('debian', 'ubuntu') } +end + +include_recipe "openldap::server" + +service "slapd" do + action :start +end + +cbf = resources("cookbook_file[#{node['openldap']['ssl_dir']}/#{node['openldap']['server']}.pem]") +cbf.cookbook "apache2_test" + +ldif_path = "/tmp/entries.ldif" + +template ldif_path do + source "entries.ldif.erb" + action :create +end + +bash "load-directory-entries" do + code %Q{ + ldapsearch -x -D 'cn=admin,#{node['openldap']['basedn']}' -w '#{node['openldap']['rootpw_plain']}' -b '#{node['openldap']['basedn']}' + if [ $? -ne 0 ] + then + ldapadd -x -D 'cn=admin,#{node['openldap']['basedn']}' -w '#{node['openldap']['rootpw_plain']}' -f #{ldif_path} + fi + } + action :run +end + +include_recipe "apache2::default" +include_recipe "apache2::mod_ldap" +include_recipe "apache2::mod_authnz_ldap" + +directory "#{node['apache_test']['root_dir']}/secure" do + action :create +end + +web_app "secure" do + template "authnz_ldap.conf.erb" + base_dn node['openldap']['basedn'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_groupfile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_groupfile.rb new file mode 100644 index 000000000..a18bc3245 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_groupfile.rb @@ -0,0 +1,46 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_authz_groupfile +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +secure_dir = "#{node['apache_test']['root_dir']}/secure" +group_name = 'swedishchef' + +directory secure_dir do + action :create +end + +bash "add-credentials" do + code %Q{ + htpasswd -b -c #{secure_dir}/.htpasswd #{node['apache_test']['auth_username']} #{node['apache_test']['auth_password']} + htpasswd -b #{secure_dir}/.htpasswd meatballs secret + } + action :run +end + +file "#{secure_dir}/.htgroups" do + content "#{group_name}:#{node['apache_test']['auth_username']}" +end + +include_recipe "apache2::mod_authz_groupfile" +web_app "secure" do + template "authz_groupfile.conf.erb" + secure_dir secure_dir + group_name group_name +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_listed_host.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_listed_host.rb new file mode 100644 index 000000000..e9ac4f3dd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_listed_host.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_authz_listed_host +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_authz_host" + +directory "#{node['apache_test']['root_dir']}/secure" do + action :create +end + +web_app "secure" do + template "authz_host.conf.erb" + remote_host_ip node['apache_test']['remote_host_ip'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_unlisted_host.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_unlisted_host.rb new file mode 100644 index 000000000..707a04dc7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_unlisted_host.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_authz_unlisted_host +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_authz_host" + +directory "#{node['apache_test']['root_dir']}/secure" do + action :create +end + +web_app "secure" do + template "authz_host.conf.erb" + remote_host_ip '8.8.8.8' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_user.rb new file mode 100644 index 000000000..aa9204f99 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_authz_user.rb @@ -0,0 +1,41 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_authz_user +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +include_recipe "apache2::default" + +secure_dir = "#{node['apache_test']['root_dir']}/secure" + +directory secure_dir do + action :create +end + +bash "add-credentials" do + code %Q{ + htpasswd -b -c #{secure_dir}/.htpasswd #{node['apache_test']['auth_username']} #{node['apache_test']['auth_password']} + htpasswd -b #{secure_dir}/.htpasswd meatballs secret + } + action :run +end + +include_recipe "apache2::mod_authz_user" + +web_app "secure" do + template "authz_user.conf.erb" + secure_dir secure_dir + username node['apache_test']['auth_username'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_cgi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_cgi.rb new file mode 100644 index 000000000..cb407e9c1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_cgi.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_cgi +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_cgi" + +directory node['apache_test']['cgi_dir'] do + action :create +end + +file "#{node['apache_test']['cgi_dir']}/env" do + content %q{ +#!/bin/bash +echo -e "Content-type: text/plain\n" +/usr/bin/env +}.strip + mode "0755" + action :create +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_dav_svn.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_dav_svn.rb new file mode 100644 index 000000000..ae365cd9f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_dav_svn.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_dav_svn +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +package "subversion" do + action :install +end + +include_recipe "apache2::mod_dav" +include_recipe "apache2::mod_dav_svn" + +directory node['apache_test']['svn_dir'] do + owner node['apache']['user'] + group node['apache']['group'] + recursive true + action :create +end + +execute "create-repo" do + user node['apache']['user'] + command "svnadmin create --config-dir #{Chef::Config[:file_cache_path]} #{node['apache_test']['svn_dir']}" + not_if "bash -c 'svnadmin verify #{node['apache_test']['svn_dir']}'" +end + +web_app "svn" do + template "svn_repo.conf.erb" + repo_dir node['apache_test']['svn_dir'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_expires.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_expires.rb new file mode 100644 index 000000000..bc6bfd72d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_expires.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_expires +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_expires" + +directory "#{node['apache_test']['root_dir']}/cachetest" do + action :create +end + +web_app "cachetest" do + template "cache_test.conf.erb" + cache_expiry_seconds node['apache_test']['cache_expiry_seconds'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_perl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_perl.rb new file mode 100644 index 000000000..56aaec77a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_perl.rb @@ -0,0 +1,66 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_perl +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +include_recipe "yum::epel" if platform?("centos") + +include_recipe "apache2::mod_perl" + +package "perl-CGI-SpeedyCGI" do + action :install + only_if { platform?("redhat", "centos", "scientific", "fedora", "amazon") } +end + +file "#{node['apache']['dir']}/conf.d/apreq.conf" do + action :delete + only_if { platform?("redhat", "centos", "scientific", "fedora", "amazon") } +end + +file "#{node['apache']['dir']}/conf.d/perl.conf" do + action :delete + only_if { platform?("redhat", "centos", "scientific", "fedora", "amazon") } +end + +directory node['apache_test']['app_dir'] do + recursive true + action :create +end + +file "#{node['apache_test']['app_dir']}/perl" do + content %q{ +#!/usr/bin/perl -wT +use strict; +use CGI qw(:standard); +use CGI::Carp qw(warningsToBrowser fatalsToBrowser); + +print header('text/plain'); + +foreach my $key (sort(keys(%ENV))) { + print "$key=$ENV{$key}\n"; +} +}.strip + mode "0755" + action :create +end + +web_app "perl_env" do + template "perl_env.conf.erb" + app_dir node['apache_test']['app_dir'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_php5.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_php5.rb new file mode 100644 index 000000000..337812390 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_php5.rb @@ -0,0 +1,50 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_php5 +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +package "which" do + action :install + only_if { platform_family?("rhel", "fedora") } +end + +include_recipe "apache2::mod_php5" + +directory node['apache_test']['app_dir'] do + recursive true + action :create +end + +file "#{node['apache_test']['app_dir']}/php" do + content %q{ + $key_value) { + print $key_name . "=" . $key_value . "\n"; +} +?> +}.strip + mode "0755" + action :create +end + +web_app "php_env" do + template "php_env.conf.erb" + app_dir node['apache_test']['app_dir'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_proxy_ajp.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_proxy_ajp.rb new file mode 100644 index 000000000..c006af24f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_proxy_ajp.rb @@ -0,0 +1,44 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_ajp +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_proxy" +include_recipe "apache2::mod_proxy_ajp" + +if platform_family?("rhel") && node['platform_version'].to_f < 6.0 + include_recipe "jpackage::default" +end + +include_recipe "tomcat::default" + +if platform?("debian","ubuntu") + package "tomcat6-examples" do + action :install + end +else + package "tomcat6-webapps" do + action :install + end +end + +web_app "java_env" do + template "java_env.conf.erb" + ajp_host 'localhost' + ajp_port 8009 +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_python.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_python.rb new file mode 100644 index 000000000..ea22473d6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_python.rb @@ -0,0 +1,54 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_python +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +yum_repository "epel" do + url 'http://dl.fedoraproject.org/pub/epel/$releasever/$basearch/' + only_if { platform_family?("rhel", "fedora") } +end + +include_recipe "apache2::mod_python" + +directory node['apache_test']['app_dir'] do + recursive true + action :create +end + +file "#{node['apache_test']['app_dir']}/python.py" do + content %q{ +#!/usr/bin/python +import sys +sys.stderr = sys.stdout +import os +from cgi import escape + +print "Content-type: text/plain" +print +for k in sorted(os.environ): + print "%s=%s" %(escape(k), escape(os.environ[k])) +}.strip + mode "0755" + action :create +end + +web_app "python_env" do + template "python_env.conf.erb" + app_dir node['apache_test']['app_dir'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_ssl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_ssl.rb new file mode 100644 index 000000000..b5b0e8486 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/mod_ssl.rb @@ -0,0 +1,54 @@ +# +# Cookbook Name:: apache2_test +# Recipe:: mod_ssl +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" +include_recipe "apache2::mod_ssl" + +directory node['apache_test']['ssl_dir'] do + owner node['apache']['user'] + group node['apache']['group'] + recursive true + action :create +end + +execute "create-private-key" do + command "openssl genrsa > #{node['apache_test']['ssl_cert_key_file']}" + not_if "test -f #{node['apache_test']['ssl_cert_key_file']}" +end + +execute "create-certficate" do + command %Q{openssl req -new -x509 -key #{node['apache_test']['ssl_cert_key_file']} -out #{node['apache_test']['ssl_cert_file']} -days 1 < +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache2::default" + +# Duplicates the list in the modules_test minitest, which is +# distasteful duplication. +%w{ + auth_digest + authnz_ldap + dav_fs + deflate + expires + fcgid + headers + ldap + proxy + proxy_balancer + proxy_connect + proxy_http + rewrite + wsgi + xsendfile +}.each do |a2mod| + include_recipe "apache2::mod_#{a2mod}" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/setup.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/setup.rb new file mode 100644 index 000000000..99c3ce7dc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/recipes/setup.rb @@ -0,0 +1,18 @@ +case node['platform_family'] + when 'debian' + %w{libxml2 libxml2-dev libxslt1-dev}.each do |pkg| + package pkg do + action :install + end + end + when 'rhel' + %w{gcc make ruby-devel libxml2 libxml2-devel libxslt libxslt-devel}.each do |pkg| + package pkg do + action :install + end + end +end + +package "curl" do + action :install +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_basic.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_basic.conf.erb new file mode 100644 index 000000000..b28fecdd1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_basic.conf.erb @@ -0,0 +1,6 @@ + + AuthUserFile "<%= @params[:auth_user_file] %>" + AuthType basic + AuthName "private area" + Require valid-user + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_digest.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_digest.conf.erb new file mode 100644 index 000000000..c0014efec --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_digest.conf.erb @@ -0,0 +1,7 @@ + + AuthUserFile "<%= @params[:auth_user_file] %>" + AuthType digest + AuthDigestDomain /secure/ + AuthName "private area" + Require valid-user + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_openid.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_openid.conf.erb new file mode 100644 index 000000000..5e55f8492 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/auth_openid.conf.erb @@ -0,0 +1,8 @@ + + + AuthType OpenID + AuthOpenIDTrustRoot http://opscode.example.com + AuthName "private area" + Require valid-user + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authnz_ldap.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authnz_ldap.conf.erb new file mode 100644 index 000000000..958aecc61 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authnz_ldap.conf.erb @@ -0,0 +1,9 @@ + + + AuthType basic + AuthBasicProvider "ldap" + AuthLDAPUrl "ldap://localhost:389/<%= @params[:base_dn] %>?uid?sub?objectClass=inetOrgPerson" + AuthName "private area" + Require valid-user + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_groupfile.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_groupfile.conf.erb new file mode 100644 index 000000000..b57087f08 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_groupfile.conf.erb @@ -0,0 +1,7 @@ + + AuthUserFile "<%= @params[:secure_dir] %>/.htpasswd" + AuthGroupFile "<%= @params[:secure_dir] %>/.htgroups" + AuthType basic + AuthName "private area" + Require group <%= @params[:group_name] %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_host.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_host.conf.erb new file mode 100644 index 000000000..6ef29d439 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_host.conf.erb @@ -0,0 +1,4 @@ + + Deny from all + Allow from <%= @params[:remote_host_ip] %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_user.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_user.conf.erb new file mode 100644 index 000000000..80b632c38 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/authz_user.conf.erb @@ -0,0 +1,6 @@ + + AuthUserFile "<%= @params[:secure_dir] %>/.htpasswd" + AuthType basic + AuthName "private area" + Require user <%= @params[:username] %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/cache_test.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/cache_test.conf.erb new file mode 100644 index 000000000..2c12972e8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/cache_test.conf.erb @@ -0,0 +1,4 @@ + + ExpiresActive On + ExpiresDefault A<%= @params[:cache_expiry_seconds] %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/entries.ldif.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/entries.ldif.erb new file mode 100644 index 000000000..24d9c3b94 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/entries.ldif.erb @@ -0,0 +1,18 @@ +dn: dc=example,dc=com +dc: example +objectClass: dcObject +objectClass: organization +o: Example, Inc. + +dn: ou=people,dc=example,dc=com +ou: people +objectclass: organizationalunit + +dn: cn=bork,ou=people,dc=example,dc=com +objectclass: inetOrgPerson +cn: bork +sn: bork +uid: bork +userpassword: secret +mail: bork@example.com +ou: Catering diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/java_env.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/java_env.conf.erb new file mode 100644 index 000000000..428ffc625 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/java_env.conf.erb @@ -0,0 +1,6 @@ + + ProxyPass /env/java ajp://<%= @params[:ajp_host] %>:<%= @params[:ajp_port] %>/examples/servlets/servlet/RequestInfoExample + + Allow from all + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/perl_env.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/perl_env.conf.erb new file mode 100644 index 000000000..c76a9e840 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/perl_env.conf.erb @@ -0,0 +1,9 @@ + + Alias /env/ <%= @params[:app_dir] %>/ + + + SetHandler perl-script + PerlResponseHandler ModPerl::Registry + Options ExecCGI + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/php_env.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/php_env.conf.erb new file mode 100644 index 000000000..66a4e60c4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/php_env.conf.erb @@ -0,0 +1,7 @@ + + Alias /env/ <%= @params[:app_dir] %>/ + + + SetHandler php5-script + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/python_env.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/python_env.conf.erb new file mode 100644 index 000000000..9c101a4b2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/python_env.conf.erb @@ -0,0 +1,8 @@ + + Alias /env/ <%= @params[:app_dir] %>/ + + AddHandler mod_python .py + PythonHandler mod_python.cgihandler + PythonDebug On + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/ssl.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/ssl.conf.erb new file mode 100644 index 000000000..a8bc39fef --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/ssl.conf.erb @@ -0,0 +1,13 @@ + + ServerName <%= @params[:server_name] %> + DocumentRoot <%= @params[:document_root] %> + + Options -Indexes + ErrorDocument 403 /error/noindex.html + + + SSLEngine on + SSLCertificateFile <%= @params[:ssl_cert_file] %> + SSLCertificateKeyFile <%= @params[:ssl_cert_key_file] %> + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/status.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/status.conf.erb new file mode 100644 index 000000000..014adedfd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/status.conf.erb @@ -0,0 +1,9 @@ + + + SetHandler server-status + Order deny,allow + Deny from all + Allow from localhost ip6-localhost + Allow from <%= node['apache_test']['remote_host_ip'] %> + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/svn_repo.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/svn_repo.conf.erb new file mode 100644 index 000000000..cf8154e2e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apache2/test/kitchen/cookbooks/apache2_test/templates/default/svn_repo.conf.erb @@ -0,0 +1,6 @@ + + +DAV svn +SVNPath <%= @params[:repo_dir] %> + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/.kitchen.yml new file mode 100644 index 000000000..544cb1711 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/.kitchen.yml @@ -0,0 +1,33 @@ +--- +driver_plugin: vagrant +platforms: +- name: ubuntu-12.04 + driver_config: + box: canonical-ubuntu-12.04 + box_url: http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.0 + run_list: + - recipe[apt] +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-11.2.0.box + require_chef_omnibus: 11.4.0 + run_list: + - recipe[apt] +suites: +- name: default + run_list: + - recipe[minitest-handler] + - recipe[apt_test] + attributes: {} +- name: cacher-ng + run_list: + - recipe[minitest-handler] + - recipe[apt_test::cacher-ng] + attributes: {} +- name: lwrps + run_list: + - recipe[minitest-handler] + - recipe[apt_test::lwrps] + attributes: {} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile new file mode 100644 index 000000000..255e59b9a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile @@ -0,0 +1,8 @@ +site :opscode + +metadata + +group :integration do + cookbook "minitest-handler" + cookbook "apt_test", :path => "../../../test/cookbooks/apt_test" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile.lock new file mode 100644 index 000000000..e9333b0aa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/Berksfile.lock @@ -0,0 +1,4 @@ +cookbook 'apt', :path => '/Users/jtimberman/Development/opscode/cookbooks/apt' +cookbook 'minitest-handler', :locked_version => '0.1.2' +cookbook 'apt_test', :path => './test/cookbooks/apt_test' +cookbook 'chef_handler', :locked_version => '1.1.0' \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CHANGELOG.md new file mode 100644 index 000000000..43f90241b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CHANGELOG.md @@ -0,0 +1,79 @@ +## v1.9.2: + +* [COOK-2631] - Create Ubuntu 10.04 specific template for apt-cacher-ng + +## v1.9.0: + +* [COOK-2185] - Proxy for apt-key +* [COOK-2338] - Support pinning by glob() or regexp + +## v1.8.4: + +* [COOK-2171] - Update README to clarify required Chef version: 10.18.0 + or higher. + +## v1.8.2: + +* [COOK-2112] - need [] around "arch" in sources.list entries +* [COOK-2171] - fixes a regression in the notification + +## v1.8.0: + +* [COOK-2143] - Allow for a custom cacher-ng port +* [COOK-2171] - On `apt_repository.run_action(:add)` the source file + is not created. +* [COOK-2184] - apt::cacher-ng, use `cacher_port` attribute in + acng.conf + +## v1.7.0: + +* [COOK-2082] - add "arch" parameter to apt_repository LWRP + +## v1.6.0: + +* [COOK-1893] - `apt_preference` use "`package_name`" resource instead of "name" +* [COOK-1894] - change filename for sources.list.d files +* [COOK-1914] - Wrong dir permissions for /etc/apt/preferences.d/ +* [COOK-1942] - README.md has wrong name for the keyserver attribute +* [COOK-2019] - create 01proxy before any other apt-get updates get executed + +## v1.5.2: + +* [COOK-1682] - use template instead of file resource in apt::cacher-client +* [COOK-1875] - cacher-client should be Environment-aware + +## V1.5.0: + +* [COOK-1500] - Avoid triggering apt-get update +* [COOK-1548] - Add execute commands for autoclean and autoremove +* [COOK-1591] - Setting up the apt proxy should leave https + connections direct +* [COOK-1596] - execute[apt-get-update-periodic] never runs +* [COOK-1762] - create /etc/apt/preferences.d directory +* [COOK-1776] - apt key check isn't idempotent + +## v1.4.8: + +* Adds test-kitchen support +* [COOK-1435] - repository lwrp is not idempotent with http key + +## v1.4.6: + +* [COOK-1530] - apt_repository isn't aware of update-success-stamp + file (also reverts COOK-1382 patch). + +## v1.4.4: + +* [COOK-1229] - Allow cacher IP to be set manually in non-Chef Solo + environments +* [COOK-1530] - Immediately update apt-cache when sources.list file is dropped off + +## v1.4.2: + +* [COOK-1155] - LWRP for apt pinning + +## v1.4.0: + +* [COOK-889] - overwrite existing repo source files +* [COOK-921] - optionally use cookbook\_file or remote\_file for key +* [COOK-1032] - fixes problem with apt repository key installation diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/README.md new file mode 100644 index 000000000..cae564202 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/README.md @@ -0,0 +1,238 @@ +Description +=========== + +This cookbook includes recipes to execute apt-get update to ensure the +local APT package cache is up to date. There are recipes for managing +the apt-cacher-ng caching proxy and proxy clients. It also includes a +LWRP for managing APT repositories in /etc/apt/sources.list.d as well as +an LWRP for pinning packages via /etc/apt/preferences.d. + +Requirements +============ + +Version 1.8.2+ of this cookbook requires **Chef 10.16.4** or later. + +If your Chef version is earlier than 10.16.4, use version 1.7.0 of +this cookbook. + +See [CHEF-3493](http://tickets.opscode.com/browse/CHEF-3493) and +[this code comment](http://bit.ly/VgvCgf) for more information on this +requirement. + +Platform +-------- + +* Debian +* Ubuntu + +May work with or without modification on other Debian derivatives. + +Recipes +======= + +default +------- + +This recipe installs the `update-notifier-common` package to provide +the timestamp file used to only run `apt-get update` if the cache is +more than one day old. + +This recipe should appear first in the run list of Debian or Ubuntu +nodes to ensure that the package cache is up to date before managing +any `package` resources with Chef. + +This recipe also sets up a local cache directory for preseeding packages. + +cacher-ng +--------- + +Installs the `apt-cacher-ng` package and service so the system can +provide APT caching. You can check the usage report at +http://{hostname}:3142/acng-report.html. The `cacher-ng` recipe +includes the `cacher-client` recipe, so it helps seed itself. + +cacher-client +------------- +Configures the node to use the `apt-cacher-ng` server as a client. If you +want to restrict your node to using the `apt-cacher-ng` server in your +Environment, set `['apt']['cacher-client']['restrict_environment']` to `true`. +To use a cacher server (or standard proxy server) not available via search +set the atttribute `['apt']['cacher-ipaddress']` and for a custom port +set `['apt']['cacher_port']` + +Resources/Providers +=================== + +Managing repositories +--------------------- + +This LWRP provides an easy way to manage additional APT repositories. +Adding a new repository will notify running the `execute[apt-get-update]` +resource immediately. + +# Actions + +- :add: creates a repository file and builds the repository listing +- :remove: removes the repository file + +# Attribute Parameters + +- repo_name: name attribute. The name of the channel to discover +- uri: the base of the Debian distribution +- distribution: this is usually your release's codename...ie something + like `karmic`, `lucid` or `maverick` +- components: package groupings..when it doubt use `main` +- arch: constrain package to a particular arch like `i386`, `amd64` or + even `armhf` or `powerpc`. Defaults to nil. +- deb_src: whether or not to add the repository as a source repo as + well - value can be `true` or `false`, default `false`. +- keyserver: the GPG keyserver where the key for the repo should be retrieved +- key: if a `keyserver` is provided, this is assumed to be the + fingerprint, otherwise it can be either the URI to the GPG key for + the repo, or a cookbook_file. +- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG. +- cookbook: if key should be a cookbook_file, specify a cookbook where + the key is located for files/default. Defaults to nil, so it will + use the cookbook where the resource is used. + +# Examples + + # add the Zenoss repo + apt_repository "zenoss" do + uri "http://dev.zenoss.org/deb" + components ["main","stable"] + end + + # add the Nginx PPA; grab key from keyserver + apt_repository "nginx-php" do + uri "http://ppa.launchpad.net/nginx/php5/ubuntu" + distribution node['lsb']['codename'] + components ["main"] + keyserver "keyserver.ubuntu.com" + key "C300EE8C" + end + + # add the Nginx PPA; grab key from keyserver, also add source repo + apt_repository "nginx-php" do + uri "http://ppa.launchpad.net/nginx/php5/ubuntu" + distribution node['lsb']['codename'] + components ["main"] + keyserver "keyserver.ubuntu.com" + key "C300EE8C" + deb_src true + end + + # add the Cloudkick Repo + apt_repository "cloudkick" do + uri "http://packages.cloudkick.com/ubuntu" + distribution node['lsb']['codename'] + components ["main"] + key "http://packages.cloudkick.com/cloudkick.packages.key" + end + + # add the Cloudkick Repo with the key downloaded in the cookbook + apt_repository "cloudkick" do + uri "http://packages.cloudkick.com/ubuntu" + distribution node['lsb']['codename'] + components ["main"] + key "cloudkick.packages.key" + end + + # add the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64 + apt_repository "cloudera" do + uri "http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh" + arch "amd64" + distribution "precise-cdh4" + components ["contrib"] + key "http://archive.cloudera.com/debian/archive.key" + end + + # remove Zenoss repo + apt_repository "zenoss" do + action :remove + end + +Pinning packages +---------------- + +This LWRP provides an easy way to pin packages in /etc/apt/preferences.d. +Although apt-pinning is quite helpful from time to time please note that Debian +does not encourage its use without thorough consideration. + +Further information regarding apt-pinning is available via +http://wiki.debian.org/AptPreferences. + +# Actions + +- :add: creates a preferences file under /etc/apt/preferences.d +- :remove: Removes the file, therefore unpin the package + +# Attribute Parameters + +- package_name: name attribute. The name of the package +- glob: Pin by glob() expression or regexp surrounded by /. +- pin: The package version/repository to pin +- pin_priority: The pinning priority aka "the highest package version wins" + +# Examples + + # Pin libmysqlclient16 to version 5.1.49-3 + apt_preference "libmysqlclient16" do + pin "version 5.1.49-3" + pin_priority "700" + end + + # Unpin libmysqlclient16 + apt_preference "libmysqlclient16" do + action :remove + end + + # Pin all packages from dotdeb.org + apt_preference "dotdeb" do + glob "*" + pin "origin packages.dotdeb.org " + pin_priority "700" + end + +Usage +===== + +Put `recipe[apt]` first in the run list. If you have other recipes +that you want to use to configure how apt behaves, like new sources, +notify the execute resource to run, e.g.: + + template "/etc/apt/sources.list.d/my_apt_sources.list" do + notifies :run, resources(:execute => "apt-get update"), :immediately + end + +The above will run during execution phase since it is a normal +template resource, and should appear before other package resources +that need the sources in the template. + +Put `recipe[apt::cacher-ng]` in the run_list for a server to provide +APT caching and add `recipe[apt::cacher-client]` on the rest of the +Debian-based nodes to take advantage of the caching server. + +If you want to cleanup unused packages, there is also the `apt-get autoclean` +and `apt-get autoremove` resources provided for automated cleanup. + +License and Author +================== + +Author:: Joshua Timberman () +Author:: Matt Ray () +Author:: Seth Chisamore () + +Copyright 2009-2012 Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/TESTING.md new file mode 100644 index 000000000..062e9b9d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install berkshelf-vagrant + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/attributes/default.rb new file mode 100644 index 000000000..2d509bd74 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/attributes/default.rb @@ -0,0 +1,3 @@ +default['apt']['cacher-client']['restrict_environment'] = false +default['apt']['cacher_port'] = 3142 +default['apt']['key_proxy'] = '' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/files/default/apt-proxy-v2.conf b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/files/default/apt-proxy-v2.conf new file mode 100644 index 000000000..6541f25ed --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/files/default/apt-proxy-v2.conf @@ -0,0 +1,50 @@ +[DEFAULT] +;; All times are in seconds, but you can add a suffix +;; for minutes(m), hours(h) or days(d) + +;; commented out address so apt-proxy will listen on all IPs +;; address = 127.0.0.1 +port = 9999 +cache_dir = /var/cache/apt-proxy + +;; Control files (Packages/Sources/Contents) refresh rate +min_refresh_delay = 1s +complete_clientless_downloads = 1 + +;; Debugging settings. +debug = all:4 db:0 + +time = 30 +passive_ftp = on + +;;-------------------------------------------------------------- +;; Cache housekeeping + +cleanup_freq = 1d +max_age = 120d +max_versions = 3 + +;;--------------------------------------------------------------- +;; Backend servers +;; +;; Place each server in its own [section] + +[ubuntu] +; Ubuntu archive +backends = + http://us.archive.ubuntu.com/ubuntu + +[ubuntu-security] +; Ubuntu security updates +backends = http://security.ubuntu.com/ubuntu + +[debian] +;; Backend servers, in order of preference +backends = + http://debian.osuosl.org/debian/ + +[security] +;; Debian security archive +backends = + http://security.debian.org/debian-security + http://ftp2.de.debian.org/debian-security diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.json new file mode 100644 index 000000000..1877c6491 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.json @@ -0,0 +1,34 @@ +{ + "name": "apt", + "description": "Configures apt and apt services and LWRPs for managing apt repositories and preferences", + "long_description": "Description\n===========\n\nThis cookbook includes recipes to execute apt-get update to ensure the\nlocal APT package cache is up to date. There are recipes for managing\nthe apt-cacher-ng caching proxy and proxy clients. It also includes a\nLWRP for managing APT repositories in /etc/apt/sources.list.d as well as\nan LWRP for pinning packages via /etc/apt/preferences.d.\n\nRequirements\n============\n\nVersion 1.8.2+ of this cookbook requires **Chef 10.16.4** or later.\n\nIf your Chef version is earlier than 10.16.4, use version 1.7.0 of\nthis cookbook.\n\nSee [CHEF-3493](http://tickets.opscode.com/browse/CHEF-3493) and\n[this code comment](http://bit.ly/VgvCgf) for more information on this\nrequirement.\n\nPlatform\n--------\n\n* Debian\n* Ubuntu\n\nMay work with or without modification on other Debian derivatives.\n\nRecipes\n=======\n\ndefault\n-------\n\nThis recipe installs the `update-notifier-common` package to provide\nthe timestamp file used to only run `apt-get update` if the cache is\nmore than one day old.\n\nThis recipe should appear first in the run list of Debian or Ubuntu\nnodes to ensure that the package cache is up to date before managing\nany `package` resources with Chef.\n\nThis recipe also sets up a local cache directory for preseeding packages.\n\ncacher-ng\n---------\n\nInstalls the `apt-cacher-ng` package and service so the system can\nprovide APT caching. You can check the usage report at\nhttp://{hostname}:3142/acng-report.html. The `cacher-ng` recipe\nincludes the `cacher-client` recipe, so it helps seed itself.\n\ncacher-client\n-------------\nConfigures the node to use the `apt-cacher-ng` server as a client. If you\nwant to restrict your node to using the `apt-cacher-ng` server in your\nEnvironment, set `['apt']['cacher-client']['restrict_environment']` to `true`.\nTo use a cacher server (or standard proxy server) not available via search\nset the atttribute `['apt']['cacher-ipaddress']` and for a custom port\nset `['apt']['cacher_port']`\n\nResources/Providers\n===================\n\nManaging repositories\n---------------------\n\nThis LWRP provides an easy way to manage additional APT repositories.\nAdding a new repository will notify running the `execute[apt-get-update]`\nresource immediately.\n\n# Actions\n\n- :add: creates a repository file and builds the repository listing\n- :remove: removes the repository file\n\n# Attribute Parameters\n\n- repo_name: name attribute. The name of the channel to discover\n- uri: the base of the Debian distribution\n- distribution: this is usually your release's codename...ie something\n like `karmic`, `lucid` or `maverick`\n- components: package groupings..when it doubt use `main`\n- arch: constrain package to a particular arch like `i386`, `amd64` or\n even `armhf` or `powerpc`. Defaults to nil.\n- deb_src: whether or not to add the repository as a source repo as\n well - value can be `true` or `false`, default `false`.\n- keyserver: the GPG keyserver where the key for the repo should be retrieved\n- key: if a `keyserver` is provided, this is assumed to be the\n fingerprint, otherwise it can be either the URI to the GPG key for\n the repo, or a cookbook_file.\n- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG.\n- cookbook: if key should be a cookbook_file, specify a cookbook where\n the key is located for files/default. Defaults to nil, so it will\n use the cookbook where the resource is used.\n\n# Examples\n\n # add the Zenoss repo\n apt_repository \"zenoss\" do\n uri \"http://dev.zenoss.org/deb\"\n components [\"main\",\"stable\"]\n end\n\n # add the Nginx PPA; grab key from keyserver\n apt_repository \"nginx-php\" do\n uri \"http://ppa.launchpad.net/nginx/php5/ubuntu\"\n distribution node['lsb']['codename']\n components [\"main\"]\n keyserver \"keyserver.ubuntu.com\"\n key \"C300EE8C\"\n end\n\n # add the Nginx PPA; grab key from keyserver, also add source repo\n apt_repository \"nginx-php\" do\n uri \"http://ppa.launchpad.net/nginx/php5/ubuntu\"\n distribution node['lsb']['codename']\n components [\"main\"]\n keyserver \"keyserver.ubuntu.com\"\n key \"C300EE8C\"\n deb_src true\n end\n\n # add the Cloudkick Repo\n apt_repository \"cloudkick\" do\n uri \"http://packages.cloudkick.com/ubuntu\"\n distribution node['lsb']['codename']\n components [\"main\"]\n key \"http://packages.cloudkick.com/cloudkick.packages.key\"\n end\n\n # add the Cloudkick Repo with the key downloaded in the cookbook\n apt_repository \"cloudkick\" do\n uri \"http://packages.cloudkick.com/ubuntu\"\n distribution node['lsb']['codename']\n components [\"main\"]\n key \"cloudkick.packages.key\"\n end\n\n # add the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64\n apt_repository \"cloudera\" do\n uri \"http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh\"\n arch \"amd64\"\n distribution \"precise-cdh4\"\n components [\"contrib\"]\n key \"http://archive.cloudera.com/debian/archive.key\"\n end\n\n # remove Zenoss repo\n apt_repository \"zenoss\" do\n action :remove\n end\n\nPinning packages\n----------------\n\nThis LWRP provides an easy way to pin packages in /etc/apt/preferences.d.\nAlthough apt-pinning is quite helpful from time to time please note that Debian\ndoes not encourage its use without thorough consideration.\n\nFurther information regarding apt-pinning is available via\nhttp://wiki.debian.org/AptPreferences.\n\n# Actions\n\n- :add: creates a preferences file under /etc/apt/preferences.d\n- :remove: Removes the file, therefore unpin the package\n\n# Attribute Parameters\n\n- package_name: name attribute. The name of the package\n- glob: Pin by glob() expression or regexp surrounded by /.\n- pin: The package version/repository to pin\n- pin_priority: The pinning priority aka \"the highest package version wins\"\n\n# Examples\n\n # Pin libmysqlclient16 to version 5.1.49-3\n apt_preference \"libmysqlclient16\" do\n pin \"version 5.1.49-3\"\n pin_priority \"700\"\n end\n\n # Unpin libmysqlclient16\n apt_preference \"libmysqlclient16\" do\n action :remove\n end\n\n # Pin all packages from dotdeb.org\n apt_preference \"dotdeb\" do\n glob \"*\"\n pin \"origin packages.dotdeb.org \"\n pin_priority \"700\"\n end\n\nUsage\n=====\n\nPut `recipe[apt]` first in the run list. If you have other recipes\nthat you want to use to configure how apt behaves, like new sources,\nnotify the execute resource to run, e.g.:\n\n template \"/etc/apt/sources.list.d/my_apt_sources.list\" do\n notifies :run, resources(:execute => \"apt-get update\"), :immediately\n end\n\nThe above will run during execution phase since it is a normal\ntemplate resource, and should appear before other package resources\nthat need the sources in the template.\n\nPut `recipe[apt::cacher-ng]` in the run_list for a server to provide\nAPT caching and add `recipe[apt::cacher-client]` on the rest of the\nDebian-based nodes to take advantage of the caching server.\n\nIf you want to cleanup unused packages, there is also the `apt-get autoclean`\nand `apt-get autoremove` resources provided for automated cleanup.\n\nLicense and Author\n==================\n\nAuthor:: Joshua Timberman ()\nAuthor:: Matt Ray ()\nAuthor:: Seth Chisamore ()\n\nCopyright 2009-2012 Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "apt": "Runs apt-get update during compile phase and sets up preseed directories", + "apt::cacher-ng": "Set up an apt-cacher-ng caching proxy", + "apt::cacher-client": "Client for the apt::cacher-ng caching proxy" + }, + "version": "1.9.2" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.rb new file mode 100644 index 000000000..ef4d49600 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/metadata.rb @@ -0,0 +1,14 @@ +name "apt" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Configures apt and apt services and LWRPs for managing apt repositories and preferences" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.9.2" +recipe "apt", "Runs apt-get update during compile phase and sets up preseed directories" +recipe "apt::cacher-ng", "Set up an apt-cacher-ng caching proxy" +recipe "apt::cacher-client", "Client for the apt::cacher-ng caching proxy" + +%w{ ubuntu debian }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/preference.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/preference.rb new file mode 100644 index 000000000..8f34e74aa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/preference.rb @@ -0,0 +1,61 @@ +# +# Cookbook Name:: apt +# Provider:: preference +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Build preferences.d file contents +def build_pref(package_name, pin, pin_priority) + preference_content = "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n" +end + +action :add do + new_resource.updated_by_last_action(false) + + preference = build_pref(new_resource.glob || new_resource.package_name, + new_resource.pin, + new_resource.pin_priority) + + preference_dir = directory "/etc/apt/preferences.d" do + owner "root" + group "root" + mode 00755 + recursive true + action :nothing + end + + preference_file = file "/etc/apt/preferences.d/#{new_resource.name}" do + owner "root" + group "root" + mode 00644 + content preference + action :nothing + end + + preference_dir.run_action(:create) + # write out the preference file, replace it if it already exists + preference_file.run_action(:create) +end + +action :remove do + if ::File.exists?("/etc/apt/preferences.d/#{new_resource.name}") + Chef::Log.info "Un-pinning #{new_resource.name} from /etc/apt/preferences.d/" + file "/etc/apt/preferences.d/#{new_resource.name}" do + action :delete + end + new_resource.updated_by_last_action(true) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/repository.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/repository.rb new file mode 100644 index 000000000..a894ccfa9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/providers/repository.rb @@ -0,0 +1,138 @@ +# +# Cookbook Name:: apt +# Provider:: repository +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def whyrun_supported? + true +end + +# install apt key from keyserver +def install_key_from_keyserver(key, keyserver) + execute "install-key #{key}" do + if !node['apt']['key_proxy'].empty? + command "apt-key adv --keyserver-options http-proxy=#{node['apt']['key_proxy']} --keyserver #{keyserver} --recv #{key}" + else + command "apt-key adv --keyserver #{keyserver} --recv #{key}" + end + action :run + not_if "apt-key list | grep #{key}" + end +end + +# run command and extract gpg ids +def extract_gpg_ids_from_cmd(cmd) + so = Mixlib::ShellOut.new(cmd) + so.run_command + so.stdout.split(/\n/).collect do |t| + if z = t.match(/^pub\s+\d+\w\/([0-9A-F]{8})/) + z[1] + end + end.compact +end + +# install apt key from URI +def install_key_from_uri(uri) + key_name = uri.split(/\//).last + cached_keyfile = "#{Chef::Config[:file_cache_path]}/#{key_name}" + if new_resource.key =~ /http/ + remote_file cached_keyfile do + source new_resource.key + mode 00644 + action :create + end + else + cookbook_file cached_keyfile do + source new_resource.key + cookbook new_resource.cookbook + mode 00644 + action :create + end + end + + execute "install-key #{key_name}" do + command "apt-key add #{cached_keyfile}" + action :run + not_if do + installed_ids = extract_gpg_ids_from_cmd("apt-key finger") + key_ids = extract_gpg_ids_from_cmd("gpg --with-fingerprint #{cached_keyfile}") + (installed_ids & key_ids).sort == key_ids.sort + end + end +end + +# build repo file contents +def build_repo(uri, distribution, components, arch, add_deb_src) + components = components.join(' ') if components.respond_to?(:join) + repo_info = "#{uri} #{distribution} #{components}\n" + repo_info = "[arch=#{arch}] #{repo_info}" if arch + repo = "deb #{repo_info}" + repo << "deb-src #{repo_info}" if add_deb_src + repo +end + +action :add do + new_resource.updated_by_last_action(false) + @repo_file = nil + + recipe_eval do + # add key + if new_resource.keyserver && new_resource.key + install_key_from_keyserver(new_resource.key, new_resource.keyserver) + elsif new_resource.key + install_key_from_uri(new_resource.key) + end + + file "/var/lib/apt/periodic/update-success-stamp" do + action :nothing + end + + execute "apt-get update" do + ignore_failure true + action :nothing + end + + # build repo file + repository = build_repo(new_resource.uri, + new_resource.distribution, + new_resource.components, + new_resource.arch, + new_resource.deb_src) + + @repo_file = file "/etc/apt/sources.list.d/#{new_resource.name}.list" do + owner "root" + group "root" + mode 00644 + content repository + action :create + notifies :delete, "file[/var/lib/apt/periodic/update-success-stamp]", :immediately + notifies :run, "execute[apt-get update]", :immediately if new_resource.cache_rebuild + end + end + + raise RuntimeError, "The repository file to create is nil, cannot continue." if @repo_file.nil? + new_resource.updated_by_last_action(@repo_file.updated?) +end + +action :remove do + if ::File.exists?("/etc/apt/sources.list.d/#{new_resource.name}.list") + Chef::Log.info "Removing #{new_resource.name} repository from /etc/apt/sources.list.d/" + file "/etc/apt/sources.list.d/#{new_resource.name}.list" do + action :delete + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-client.rb new file mode 100644 index 000000000..35f1bdfe3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-client.rb @@ -0,0 +1,59 @@ +# +# Cookbook Name:: apt +# Recipe:: cacher-client +# +# Copyright 2011, 2012 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#remove Acquire::http::Proxy lines from /etc/apt/apt.conf since we use 01proxy +#these are leftover from preseed installs +execute 'Remove proxy from /etc/apt/apt.conf' do + command "sed --in-place '/^Acquire::http::Proxy/d' /etc/apt/apt.conf" + only_if "grep Acquire::http::Proxy /etc/apt/apt.conf" +end + +servers = [] +if node['apt'] && node['apt']['cacher_ipaddress'] + cacher = Chef::Node.new + cacher.name(node['apt']['cacher_ipaddress']) + cacher.ipaddress(node['apt']['cacher_ipaddress']) + servers << cacher +end + +unless Chef::Config[:solo] + query = 'recipes:apt\:\:cacher-ng' + query += " AND chef_environment:#{node.chef_environment}" if node['apt']['cacher-client']['restrict_environment'] + Chef::Log.debug("apt::cacher-client searching for '#{query}'") + servers += search(:node, query) +end + +if servers.length > 0 + Chef::Log.info("apt-cacher-ng server found on #{servers[0]}.") + template '/etc/apt/apt.conf.d/01proxy' do + source '01proxy.erb' + owner 'root' + group 'root' + mode 00644 + variables( + :proxy => servers[0]['ipaddress'], + :port => node['apt']['cacher_port'] + ) + end.run_action(:create) +else + Chef::Log.info('No apt-cacher-ng server found.') + file '/etc/apt/apt.conf.d/01proxy' do + action :delete + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-ng.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-ng.rb new file mode 100644 index 000000000..c155dd78c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/cacher-ng.rb @@ -0,0 +1,38 @@ +# +# Cookbook Name:: apt +# Recipe:: cacher-ng +# +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "apt-cacher-ng" do + action :install +end + +template "/etc/apt-cacher-ng/acng.conf" do + source "acng.conf.erb" + owner "root" + group "root" + mode 00644 + notifies :restart, "service[apt-cacher-ng]" +end + +service "apt-cacher-ng" do + supports :restart => true, :status => false + action [:enable, :start] +end + +#this will help seed the proxy +include_recipe "apt::cacher-client" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/default.rb new file mode 100644 index 000000000..00dd40a94 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/recipes/default.rb @@ -0,0 +1,68 @@ +# +# Cookbook Name:: apt +# Recipe:: default +# +# Copyright 2008-2011, Opscode, Inc. +# Copyright 2009, Bryan McLellan +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Run apt-get update to create the stamp file +execute "apt-get-update" do + command "apt-get update" + ignore_failure true + not_if do ::File.exists?('/var/lib/apt/periodic/update-success-stamp') end +end + +# For other recipes to call to force an update +execute "apt-get update" do + command "apt-get update" + ignore_failure true + action :nothing +end + +# Automatically remove packages that are no longer needed for dependencies +execute "apt-get autoremove" do + command "apt-get -y autoremove" + action :nothing +end + +# Automatically remove .deb files for packages no longer on your system +execute "apt-get autoclean" do + command "apt-get -y autoclean" + action :nothing +end + +# provides /var/lib/apt/periodic/update-success-stamp on apt-get update +package "update-notifier-common" do + notifies :run, resources(:execute => "apt-get-update"), :immediately +end + +execute "apt-get-update-periodic" do + command "apt-get update" + ignore_failure true + only_if do + ::File.exists?('/var/lib/apt/periodic/update-success-stamp') && + ::File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400 + end +end + +%w{/var/cache/local /var/cache/local/preseeding}.each do |dirname| + directory dirname do + owner "root" + group "root" + mode 00755 + action :create + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/preference.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/preference.rb new file mode 100644 index 000000000..3ad720798 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/preference.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: apt +# Resource:: preference +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove + +def initialize(*args) + super + @action = :add +end + +attribute :package_name, :kind_of => String, :name_attribute => true +attribute :glob, :kind_of => String +attribute :pin, :kind_of => String +attribute :pin_priority, :kind_of => String diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/repository.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/repository.rb new file mode 100644 index 000000000..7515da412 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/resources/repository.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: apt +# Resource:: repository +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove + +def initialize(*args) + super + @action = :add +end + +#name of the repo, used for source.list filename +attribute :repo_name, :kind_of => String, :name_attribute => true +attribute :uri, :kind_of => String +attribute :distribution, :kind_of => String +attribute :components, :kind_of => Array, :default => [] +attribute :arch, :kind_of => String, :default => nil +#whether or not to add the repository as a source repo as well +attribute :deb_src, :default => false +attribute :keyserver, :kind_of => String, :default => nil +attribute :key, :kind_of => String, :default => nil +attribute :cookbook, :kind_of => String, :default => nil +#trigger cache rebuild +#If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}? +attribute :cache_rebuild, :kind_of => [TrueClass, FalseClass], :default => true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/01proxy.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/01proxy.erb new file mode 100644 index 000000000..eea71c230 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/01proxy.erb @@ -0,0 +1,2 @@ +Acquire::http::Proxy "http://<%= @proxy %>:<%= @port %>"; +Acquire::https::Proxy "DIRECT"; diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/acng.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/acng.conf.erb new file mode 100644 index 000000000..869fdfd4e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/default/acng.conf.erb @@ -0,0 +1,276 @@ + +# Letter case in directive names does not matter. Must be separated with colons. +# Valid boolean values are a zero number for false, non-zero numbers for true. + +CacheDir: /var/cache/apt-cacher-ng + +# set empty to disable logging +LogDir: /var/log/apt-cacher-ng + +# place to look for additional configuration and resource files if they are not +# found in the configuration directory +# SupportDir: /usr/lib/apt-cacher-ng + +# TCP (http) port +# Set to 9999 to emulate apt-proxy +Port:<%= node['apt']['cacher_port'] %> + +# Addresses or hostnames to listen on. Multiple addresses must be separated by +# spaces. Each entry must be an exact local address which is associated with a +# local interface. DNS resolution is performed using getaddrinfo(3) for all +# available protocols (IPv4, IPv6, ...). Using a protocol specific format will +# create binding(s) only on protocol specific socket(s) (e.g. 0.0.0.0 will listen +# only to IPv4). +# +# Default: not set, will listen on all interfaces and protocols +# +# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface + +# The specification of another proxy which shall be used for downloads. +# Username and password are, and see manual for limitations. +# +#Proxy: http://www-proxy.example.net:80 +#proxy: username:proxypassword@proxy.example.net:3128 + +# Repository remapping. See manual for details. +# In this example, some backends files might be generated during package +# installation using information collected on the system. +Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives +Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives +Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives +Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here +Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here +Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux +Remap-fedora: file:fedora_mirrors # Fedora Linux +Remap-epel: file:epel_mirrors # Fedora EPEL +Remap-slrep: file:sl_mirrors # Scientific Linux + +# This is usually not needed for security.debian.org because it's always the +# same DNS hostname. However, it might be enabled in order to use hooks, +# ForceManaged mode or special flags in this context. +# Remap-secdeb: security.debian.org + +# Virtual page accessible in a web browser to see statistics and status +# information, i.e. under http://localhost:3142/acng-report.html +ReportPage: acng-report.html + +# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be +# used with inetd bridge or cron client. +# SocketPath:/var/run/apt-cacher-ng/socket + +# Forces log file to be written to disk after every line when set to 1. Default +# is 0, buffers are flushed when the client disconnects. +# +# (technically, alias to the Debug option, see its documentation for details) +# +# UnbufferLogs: 0 + +# Set to 0 to store only type, time and transfer sizes. +# 1 -> client IP and relative local path are logged too +# VerboseLog: 1 + +# Don't detach from the console +# ForeGround: 0 + +# Store the pid of the daemon process therein +# PidFile: /var/run/apt-cacher-ng/pid + +# Forbid outgoing connections, work around them or respond with 503 error +# offlinemode:0 + +# Forbid all downloads that don't run through preconfigured backends (.where) +#ForceManaged: 0 + +# Days before considering an unreferenced file expired (to be deleted). +# Warning: if the value is set too low and particular index files are not +# available for some days (mirror downtime) there is a risk of deletion of +# still useful package files. +ExTreshold: 4 + +# Stop expiration when a critical problem appeared. Currently only failed +# refresh of an index file is considered as critical. +# +# WARNING: don't touch this option or set to zero. +# Anything else is DANGEROUS and may cause data loss. +# +# ExAbortOnProblems: 1 + +# Replace some Windows/DOS-FS incompatible chars when storing +# StupidFs: 0 + +# Experimental feature for apt-listbugs: pass-through SOAP requests and +# responses to/from bugs.debian.org. If not set, default is true if +# ForceManaged is enabled and false otherwise. +# ForwardBtsSoap: 1 + +# The daemon has a small cache for DNS data, to speed up resolution. The +# expiration time of the DNS entries can be configured in seconds. +# DnsCacheSeconds: 3600 + +# Don't touch the following values without good consideration! +# +# Max. count of connection threads kept ready (for faster response in the +# future). Should be a sane value between 0 and average number of connections, +# and depend on the amount of spare RAM. +# MaxStandbyConThreads: 8 +# +# Hard limit of active thread count for incoming connections, i.e. operation +# is refused when this value is reached (below zero = unlimited). +# MaxConThreads: -1 +# +# Pigeonholing files with regular expressions (static/volatile). Can be +# overriden here but not should not be done permanently because future update +# of default settings would not be applied later. +# VfilePattern = (^|.*?/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.db(\.tar\.gz)?|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|metalink\?repo|.*prestodelta\.xml\.gz)$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.* +# PfilePattern = .*(\.d?deb|\.rpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$ +# Whitelist for expiration, file types not to be removed even when being +# unreferenced. Default: many parts from VfilePattern where no parent index +# exists or might be unknown. +# WfilePattern = (^|.*?/)(Release|InRelease|Release\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.db\.tar\.gz|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.* + +# Higher modes only working with the debug version +# Warning, writes a lot into apt-cacher.err logfile +# Value overwrites UnbufferLogs setting (aliased) +# Debug:3 + +# Usually, general purpose proxies like Squid expose the IP address of the +# client user to the remote server using the X-Forwarded-For HTTP header. This +# behaviour can be optionally turned on with the Expose-Origin option. +# ExposeOrigin: 0 + +# When logging the originating IP address, trust the information supplied by +# the client in the X-Forwarded-For header. +# LogSubmittedOrigin: 0 + +# The version string reported to the peer, to be displayed as HTTP client (and +# version) in the logs of the mirror. +# WARNING: some archives use this header to detect/guess capabilities of the +# client (i.e. redirection support) and change the behaviour accordingly, while +# ACNG might not support the expected features. Expect side effects. +# +# UserAgent: Yet Another HTTP Client/1.2.3p4 + +# In some cases the Import and Expiration tasks might create fresh volatile +# data for internal use by reconstructing them using patch files. This +# by-product might be recompressed with bzip2 and with some luck the resulting +# file becomes identical to the *.bz2 file on the server, usable for APT +# clients trying to fetch the full .bz2 compressed version. Injection of the +# generated files into the cache has however a disadvantage on underpowered +# servers: bzip2 compression can create high load on the server system and the +# visible download of the busy .bz2 files also becomes slower. +# +# RecompBz2: 0 + +# Network timeout for outgoing connections. +# NetworkTimeout: 60 + +# Sometimes it makes sense to not store the data in cache and just return the +# package data to client as it comes in. DontCache parameters can enable this +# behaviour for certain URL types. The tokens are extended regular expressions +# that URLs are matched against. +# +# DontCacheRequested is applied to the URL as it comes in from the client. +# Example: exclude packages built with kernel-package for x86 +# DontCacheRequested: linux-.*_10\...\.Custo._i386 +# Example usecase: exclude popular private IP ranges from caching +# DontCacheRequested: 192.168.0 ^10\..* 172.30 +# +# DontCacheResolved is applied to URLs after mapping to the target server. If +# multiple backend servers are specified then it's only matched against the +# download link for the FIRST possible source (due to implementation limits). +# Example usecase: all Ubuntu stuff comes from a local mirror (specified as +# backend), don't cache it again: +# DontCacheResolved: ubuntumirror.local.net +# +# DontCache directive sets (overrides) both, DontCacheResolved and +# DontCacheRequested. Provided for convenience, see those directives for +# details. +# +# Default permission set of freshly created files and directories, as octal +# numbers (see chmod(1) for details). +# Can by limited by the umask value (see umask(2) for details) if it's set in +# the environment of the starting shell, e.g. in apt-cacher-ng init script or +# in its configuration file. +# DirPerms: 00755 +# FilePerms: 00664 +# +# +# It's possible to use use apt-cacher-ng as a regular web server with limited +# feature set, i.e. +# including directory browsing and download of any file; +# excluding sorting, mime types/encodings, CGI execution, index page +# redirection and other funny things. +# To get this behavior, mappings between virtual directories and real +# directories on the server must be defined with the LocalDirs directive. +# Virtual and real dirs are separated by spaces, multiple pairs are separated +# by semi-colons. Real directories must be absolute paths. +# NOTE: Since the names of that key directories share the same namespace as +# repository names (see Remap-...) it's administrators job to avoid such +# collisions on them (unless created deliberately). +# +# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm + +# Precache a set of files referenced by specified index files. This can be used +# to create a partial mirror usable for offline work. There are certain limits +# and restrictions on the path specification, see manual for details. A list of +# (maybe) relevant index files could be retrieved via +# "apt-get --print-uris update" on a client machine. +# +# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages* + +# Arbitrary set of data to append to request headers sent over the wire. Should +# be a well formated HTTP headers part including newlines (DOS style) which +# can be entered as escape sequences (\r\n). +# RequestAppendix: X-Tracking-Choice: do-not-track\r\n + +# Specifies the IP protocol families to use for remote connections. Order does +# matter, first specified are considered first. Possible combinations: +# v6 v4 +# v4 v6 +# v6 +# v4 +# (empty or not set: use system default) +# +# ConnectProto: v6 v4 + +# Regular expiration algorithm finds package files which are no longer listed +# in any index file and removes them of them after a safety period. +# This option allows to keep more versions of a package in the cache after +# safety period is over. +# KeepExtraVersions: 1 + +# Optionally uses TCP access control provided by libwrap, see hosts_access(5) +# for details. Daemon name is apt-cacher-ng. Default if not set: decided on +# startup by looking for explicit mentioning of apt-cacher-ng in +# /etc/hosts.allow or /etc/hosts.deny files. +# UseWrap: 0 + +# If many machines from the same local network attempt to update index files +# (apt-get update) at nearly the same time, the known state of these index file +# is temporarily frozen and multiple requests receive the cached response +# without contacting the server. This parameter (in seconds) specifies the +# length of this period before the files are considered outdated. +# Setting it too low transfers more data and increases remote server load, +# setting it too high (more than a couple of minutes) increases the risk of +# delivering inconsistent responses to the clients. +# FreshIndexMaxAge: 27 + +# Usually the users are not allowed to specify custom TCP ports of remote +# mirrors in the requests, only the default HTTP port can be used (instead, +# proxy administrator can create Remap- rules with custom ports). This +# restriction can be disabled by specifying a list of allowed ports or 0 for +# any port. +# +# AllowUserPorts: 80 + +# Normally the HTTP redirection responses are forwarded to the original caller +# (i.e. APT) which starts a new download attempt from the new URL. This +# solution is ok for client configurations with proxy mode but doesn't work +# well with configurations using URL prefixes. To work around this the server +# can restart its own download with another URL. However, this might be used to +# circumvent download source policies by malicious users. +# The RedirMax option specifies how many such redirects the server should +# follow per request, 0 disables the internal redirection. If not set, +# default value is 0 if ForceManaged is used and 5 otherwise. +# +# RedirMax: 5 \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/ubuntu-10.04/acng.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/ubuntu-10.04/acng.conf.erb new file mode 100644 index 000000000..fabbba472 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/apt/templates/ubuntu-10.04/acng.conf.erb @@ -0,0 +1,270 @@ + +# Letter case in directive names does not matter. Must be separated with colons. +# Valid boolean values are a zero number for false, non-zero numbers for true. + +CacheDir: /var/cache/apt-cacher-ng + +# set empty to disable logging +LogDir: /var/log/apt-cacher-ng + +# place to look for additional configuration and resource files if they are not +# found in the configuration directory +# SupportDir: /usr/lib/apt-cacher-ng + +# TCP (http) port +# Set to 9999 to emulate apt-proxy +Port:<%= node['apt']['cacher_port'] %> + +# Addresses or hostnames to listen on. Multiple addresses must be separated by +# spaces. Each entry must be an exact local address which is associated with a +# local interface. DNS resolution is performed using getaddrinfo(3) for all +# available protocols (IPv4, IPv6, ...). Using a protocol specific format will +# create binding(s) only on protocol specific socket(s) (e.g. 0.0.0.0 will listen +# only to IPv4). +# +# Default: not set, will listen on all interfaces and protocols +# +# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface + +# The specification of another proxy which shall be used for downloads. +# Username and password are, and see manual for limitations. +# +#Proxy: http://www-proxy.example.net:80 +#proxy: username:proxypassword@proxy.example.net:3128 + +# Repository remapping. See manual for details. +# In this example, some backends files might be generated during package +# installation using information collected on the system. +Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives +Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives +Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives + +# This is usually not needed for security.debian.org because it's always the +# same DNS hostname. However, it might be enabled in order to use hooks, +# ForceManaged mode or special flags in this context. +# Remap-secdeb: security.debian.org + +# Virtual page accessible in a web browser to see statistics and status +# information, i.e. under http://localhost:3142/acng-report.html +ReportPage: acng-report.html + +# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be +# used with inetd bridge or cron client. +# SocketPath:/var/run/apt-cacher-ng/socket + +# Forces log file to be written to disk after every line when set to 1. Default +# is 0, buffers are flushed when the client disconnects. +# +# (technically, alias to the Debug option, see its documentation for details) +# +# UnbufferLogs: 0 + +# Set to 0 to store only type, time and transfer sizes. +# 1 -> client IP and relative local path are logged too +# VerboseLog: 1 + +# Don't detach from the console +# ForeGround: 0 + +# Store the pid of the daemon process therein +# PidFile: /var/run/apt-cacher-ng/pid + +# Forbid outgoing connections, work around them or respond with 503 error +# offlinemode:0 + +# Forbid all downloads that don't run through preconfigured backends (.where) +#ForceManaged: 0 + +# Days before considering an unreferenced file expired (to be deleted). +# Warning: if the value is set too low and particular index files are not +# available for some days (mirror downtime) there is a risk of deletion of +# still useful package files. +ExTreshold: 4 + +# Stop expiration when a critical problem appeared. Currently only failed +# refresh of an index file is considered as critical. +# +# WARNING: don't touch this option or set to zero. +# Anything else is DANGEROUS and may cause data loss. +# +# ExAbortOnProblems: 1 + +# Replace some Windows/DOS-FS incompatible chars when storing +# StupidFs: 0 + +# Experimental feature for apt-listbugs: pass-through SOAP requests and +# responses to/from bugs.debian.org. If not set, default is true if +# ForceManaged is enabled and false otherwise. +# ForwardBtsSoap: 1 + +# The daemon has a small cache for DNS data, to speed up resolution. The +# expiration time of the DNS entries can be configured in seconds. +# DnsCacheSeconds: 3600 + +# Don't touch the following values without good consideration! +# +# Max. count of connection threads kept ready (for faster response in the +# future). Should be a sane value between 0 and average number of connections, +# and depend on the amount of spare RAM. +# MaxStandbyConThreads: 8 +# +# Hard limit of active thread count for incoming connections, i.e. operation +# is refused when this value is reached (below zero = unlimited). +# MaxConThreads: -1 +# +# Pigeonholing files with regular expressions (static/volatile). Can be +# overriden here but not should not be done permanently because future update +# of default settings would not be applied later. +# VfilePattern = (^|.*?/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.db(\.tar\.gz)?|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|metalink\?repo|.*prestodelta\.xml\.gz)$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.* +# PfilePattern = .*(\.d?deb|\.rpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$ +# Whitelist for expiration, file types not to be removed even when being +# unreferenced. Default: many parts from VfilePattern where no parent index +# exists or might be unknown. +# WfilePattern = (^|.*?/)(Release|InRelease|Release\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.db\.tar\.gz|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.* + +# Higher modes only working with the debug version +# Warning, writes a lot into apt-cacher.err logfile +# Value overwrites UnbufferLogs setting (aliased) +# Debug:3 + +# Usually, general purpose proxies like Squid expose the IP address of the +# client user to the remote server using the X-Forwarded-For HTTP header. This +# behaviour can be optionally turned on with the Expose-Origin option. +# ExposeOrigin: 0 + +# When logging the originating IP address, trust the information supplied by +# the client in the X-Forwarded-For header. +# LogSubmittedOrigin: 0 + +# The version string reported to the peer, to be displayed as HTTP client (and +# version) in the logs of the mirror. +# WARNING: some archives use this header to detect/guess capabilities of the +# client (i.e. redirection support) and change the behaviour accordingly, while +# ACNG might not support the expected features. Expect side effects. +# +# UserAgent: Yet Another HTTP Client/1.2.3p4 + +# In some cases the Import and Expiration tasks might create fresh volatile +# data for internal use by reconstructing them using patch files. This +# by-product might be recompressed with bzip2 and with some luck the resulting +# file becomes identical to the *.bz2 file on the server, usable for APT +# clients trying to fetch the full .bz2 compressed version. Injection of the +# generated files into the cache has however a disadvantage on underpowered +# servers: bzip2 compression can create high load on the server system and the +# visible download of the busy .bz2 files also becomes slower. +# +# RecompBz2: 0 + +# Network timeout for outgoing connections. +# NetworkTimeout: 60 + +# Sometimes it makes sense to not store the data in cache and just return the +# package data to client as it comes in. DontCache parameters can enable this +# behaviour for certain URL types. The tokens are extended regular expressions +# that URLs are matched against. +# +# DontCacheRequested is applied to the URL as it comes in from the client. +# Example: exclude packages built with kernel-package for x86 +# DontCacheRequested: linux-.*_10\...\.Custo._i386 +# Example usecase: exclude popular private IP ranges from caching +# DontCacheRequested: 192.168.0 ^10\..* 172.30 +# +# DontCacheResolved is applied to URLs after mapping to the target server. If +# multiple backend servers are specified then it's only matched against the +# download link for the FIRST possible source (due to implementation limits). +# Example usecase: all Ubuntu stuff comes from a local mirror (specified as +# backend), don't cache it again: +# DontCacheResolved: ubuntumirror.local.net +# +# DontCache directive sets (overrides) both, DontCacheResolved and +# DontCacheRequested. Provided for convenience, see those directives for +# details. +# +# Default permission set of freshly created files and directories, as octal +# numbers (see chmod(1) for details). +# Can by limited by the umask value (see umask(2) for details) if it's set in +# the environment of the starting shell, e.g. in apt-cacher-ng init script or +# in its configuration file. +# DirPerms: 00755 +# FilePerms: 00664 +# +# +# It's possible to use use apt-cacher-ng as a regular web server with limited +# feature set, i.e. +# including directory browsing and download of any file; +# excluding sorting, mime types/encodings, CGI execution, index page +# redirection and other funny things. +# To get this behavior, mappings between virtual directories and real +# directories on the server must be defined with the LocalDirs directive. +# Virtual and real dirs are separated by spaces, multiple pairs are separated +# by semi-colons. Real directories must be absolute paths. +# NOTE: Since the names of that key directories share the same namespace as +# repository names (see Remap-...) it's administrators job to avoid such +# collisions on them (unless created deliberately). +# +# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm + +# Precache a set of files referenced by specified index files. This can be used +# to create a partial mirror usable for offline work. There are certain limits +# and restrictions on the path specification, see manual for details. A list of +# (maybe) relevant index files could be retrieved via +# "apt-get --print-uris update" on a client machine. +# +# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages* + +# Arbitrary set of data to append to request headers sent over the wire. Should +# be a well formated HTTP headers part including newlines (DOS style) which +# can be entered as escape sequences (\r\n). +# RequestAppendix: X-Tracking-Choice: do-not-track\r\n + +# Specifies the IP protocol families to use for remote connections. Order does +# matter, first specified are considered first. Possible combinations: +# v6 v4 +# v4 v6 +# v6 +# v4 +# (empty or not set: use system default) +# +# ConnectProto: v6 v4 + +# Regular expiration algorithm finds package files which are no longer listed +# in any index file and removes them of them after a safety period. +# This option allows to keep more versions of a package in the cache after +# safety period is over. +# KeepExtraVersions: 1 + +# Optionally uses TCP access control provided by libwrap, see hosts_access(5) +# for details. Daemon name is apt-cacher-ng. Default if not set: decided on +# startup by looking for explicit mentioning of apt-cacher-ng in +# /etc/hosts.allow or /etc/hosts.deny files. +# UseWrap: 0 + +# If many machines from the same local network attempt to update index files +# (apt-get update) at nearly the same time, the known state of these index file +# is temporarily frozen and multiple requests receive the cached response +# without contacting the server. This parameter (in seconds) specifies the +# length of this period before the files are considered outdated. +# Setting it too low transfers more data and increases remote server load, +# setting it too high (more than a couple of minutes) increases the risk of +# delivering inconsistent responses to the clients. +# FreshIndexMaxAge: 27 + +# Usually the users are not allowed to specify custom TCP ports of remote +# mirrors in the requests, only the default HTTP port can be used (instead, +# proxy administrator can create Remap- rules with custom ports). This +# restriction can be disabled by specifying a list of allowed ports or 0 for +# any port. +# +# AllowUserPorts: 80 + +# Normally the HTTP redirection responses are forwarded to the original caller +# (i.e. APT) which starts a new download attempt from the new URL. This +# solution is ok for client configurations with proxy mode but doesn't work +# well with configurations using URL prefixes. To work around this the server +# can restart its own download with another URL. However, this might be used to +# circumvent download source policies by malicious users. +# The RedirMax option specifies how many such redirects the server should +# follow per request, 0 disables the internal redirection. If not set, +# default value is 0 if ForceManaged is used and 5 otherwise. +# +# RedirMax: 5 \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CHANGELOG.md new file mode 100644 index 000000000..2d3c4b2e1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CHANGELOG.md @@ -0,0 +1,55 @@ +## v0.101.0 + +### Bug + +- [COOK-1355]: AWS::ElasticIP recipe uses an old RightAWS API to + associate an elastic ip address to an EC2 instance +- [COOK-2659]: `volume_compatible_with_resource_definition` fails on + valid `snapshot_id` configurations +- [COOK-2670]: AWS cookbook doesn't use `node[:aws][:databag_name]`, + etc. in `create_raid_disks` +- [COOK-2693]: exclude AWS reserved tags from tag update +- [COOK-2914]: Foodcritic failures in Cookbooks + +### Improvement + +- [COOK-2587]: Resource attribute for using most recent snapshot + instead of earliest +- [COOK-2605]: "WARN: Missing gem '`right_aws`'" always prints when + including 'aws' in metadata + +### New Feature + +- [COOK-2503]: add EBS raid volumes and provisioned IOPS support for + AWS + +## v0.100.6: + +* [COOK-2148] - `aws_ebs_volume` attach action saves nil `volume_id` + in node + +## v0.100.4: + +* Support why-run mode in LWRPs +* [COOK-1836] - make `aws_elastic_lb` idempotent + +## v0.100.2: + +* [COOK-1568] - switch to chef_gem resource +* [COOK-1426] - declare default actions for LWRPs + +## v0.100.0: + +* [COOK-1221] - convert node attribute accessors to strings +* [COOK-1195] - manipulate AWS resource tags (instances, volumes, + snapshots +* [COOK-627] - add aws_elb (elastic load balancer) LWRP + +## v0.99.1 + +* [COOK-530] - aws cookbook doesn't save attributes with chef 0.10.RC.0 +* [COOK-600] - In AWS Cookbook specifying just the device doesn't work +* [COOK-601] - in aws cookbook :prune action keeps 1 less snapshot than snapshots_to_keep +* [COOK-610] - Create Snapshot action in aws cookbook should allow description attribute +* [COOK-819] - fix documentation bug in aws readme +* [COOK-829] - AWS cookbook does not work with most recent right_aws gem but no version is locked in the recipe diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/README.md new file mode 100644 index 000000000..7f8353198 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/README.md @@ -0,0 +1,279 @@ +Description +=========== + +This cookbook provides libraries, resources and providers to configure and manage Amazon Web Services components and offerings with the EC2 API. Currently supported resources: + +* EBS Volumes (`ebs_volume`) +* EBS Raid (`ebs_raid`) +* Elastic IPs (`elastic_ip`) +* Elastic Load Balancer (`elastic_lb`) +* AWS Resource Tags (`resource_tag`) + +Requirements +============ + +Requires Chef 0.7.10 or higher for Lightweight Resource and Provider support. Chef 0.8+ is recommended. While this cookbook can be used in `chef-solo` mode, to gain the most flexibility, we recommend using `chef-client` with a Chef Server. + +An Amazon Web Services account is required. The Access Key and Secret Access Key are used to authenticate with EC2. + +AWS Credentials +=============== + +In order to manage AWS components, authentication credentials need to be available to the node. There are a number of ways to handle this, such as node attributes or roles. We recommend storing these in a databag (Chef 0.8+), and loading them in the recipe where the resources are needed. + +DataBag recommendation: + + % knife data bag show aws main + { + "id": "main", + "aws_access_key_id": "YOUR_ACCESS_KEY", + "aws_secret_access_key": "YOUR_SECRET_ACCESS_KEY" + } + +This can be loaded in a recipe with: + + aws = data_bag_item("aws", "main") + +And to access the values: + + aws['aws_access_key_id'] + aws['aws_secret_access_key'] + +We'll look at specific usage below. + +Recipes +======= + +default.rb +---------- + +The default recipe installs the `right_aws` RubyGem, which this cookbook requires in order to work with the EC2 API. Make sure that the aws recipe is in the node or role `run_list` before any resources from this cookbook are used. + + "run_list": [ + "recipe[aws]" + ] + +The `gem_package` is created as a Ruby Object and thus installed during the Compile Phase of the Chef run. + +Libraries +========= + +The cookbook has a library module, `Opscode::AWS::Ec2`, which can be included where necessary: + + include Opscode::Aws::Ec2 + +This is needed in any providers in the cookbook. Along with some helper methods used in the providers, it sets up a class variable, `ec2` that is used along with the access and secret access keys + +Resources and Providers +======================= + +This cookbook provides two resources and corresponding providers. + +`ebs_volume.rb` +------------- + +Manage Elastic Block Store (EBS) volumes with this resource. + +Actions: + +* `create` - create a new volume. +* `attach` - attach the specified volume. +* `detach` - detach the specified volume. +* `snapshot` - create a snapshot of the volume. +* `prune` - prune snapshots. + +Attribute Parameters: + +* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required. +* `size` - size of the volume in gigabytes. +* `snapshot_id` - snapshot to build EBS volume from. +* most_recent_snapshot - use the most recent snapshot when creating a volume from an existing volume (defaults to false) +* `availability_zone` - EC2 region, and is normally automatically detected. +* `device` - local block device to attach the volume to, e.g. `/dev/sdi` but no default value, required. +* `volume_id` - specify an ID to attach, cannot be used with action `:create` because AWS assigns new volume IDs +* `timeout` - connection timeout for EC2 API. +* `snapshots_to_keep` - used with action `:prune` for number of snapshots to maintain. +* `description` - used to set the description of an EBS snapshot +* `volume_type` - standard or iops +* `piops` - number of Provisioned IOPS to provision, must be > 100 + +`ebs_raid.rb` +------------- + +Manage Elastic Block Store (EBS) raid devices with this resource. + +Attribute Parameters: + +* `mount_point` - where to mount the RAID volume +* `disk_count` - number of EBS volumes to raid +* `disk_size` - size of EBS volumes to raid +* `level` - RAID level (default 10) +* `filesystem` - filesystem to format raid array (default ext4) +* `snapshots` - array of EBS snapshots to restore. Snapshots must be taken using an ec2 consistent snapshot tool, and tagged with a number that indicates how many devices are in the array being backed up (e.g. "Logs Backup [0-4]" for a four-volume raid array snapshot) +* `disk_type` - standard or iops +* `disk_piops` - number of Provisioned IOPS to provision per disk, must be > 100 + +`elastic_ip.rb` +------------- + +Actions: + +* `associate` - associate the IP. +* `disassociate` - disassociate the IP. + +Attribute Parameters: + +* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required. +* `ip` - the IP address. +* `timeout` - connection timeout for EC2 API. + +`elastic_lb.rb` +------------- + +Actions: + +* `register` - Add this instance to the LB +* `deregister` - Remove this instance from the LB + +Attribute Parameters: + +* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required. +* `name` - the name of the LB, required. + +`resource_tag.rb` +------------------ + +Actions: + +* `add` - Add tags to a resource. +* `update` - Add or modify existing tags on a resource -- this is the default action. +* `remove` - Remove tags from a resource, but only if the specified values match the existing ones. +* `force_remove` - Remove tags from a resource, regardless of their values. + +Attribute Parameters + +* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required. +* `tags` - a hash of key value pairs to be used as resource tags, (e.g. `{ "Name" => "foo", "Environment" => node.chef_environment }`,) required. +* `resource_id` - resources whose tags will be modified. The value may be a single ID as a string or multiple IDs in an array. If no `resource_id` is specified the name attribute will be used. + +Usage +===== + +The following examples assume that the recommended data bag item has been created and that the following has been included at the top of the recipe where they are used. + + include_recipe "aws" + aws = data_bag_item("aws", "main") + +aws_ebs_volume +-------------- + +The resource only handles manipulating the EBS volume, additional resources need to be created in the recipe to manage the attached volume as a filesystem or logical volume. + + aws_ebs_volume "db_ebs_volume" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + size 50 + device "/dev/sdi" + action [ :create, :attach ] + end + +This will create a 50G volume, attach it to the instance as `/dev/sdi`. + + aws_ebs_volume "db_ebs_volume_from_snapshot" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + size 50 + device "/dev/sdi" + snapshot_id "snap-ABCDEFGH" + action [ :create, :attach ] + end + +This will create a new 50G volume from the snapshot ID provided and attach it as `/dev/sdi`. + +aws_elastic_ip +-------------- + +The `elastic_ip` resource provider does not support allocating new IPs. This must be done before running a recipe that uses the resource. After allocating a new Elastic IP, we recommend storing it in a databag and loading the item in the recipe. + +Databag structure: + + % knife data bag show aws eip_load_balancer_production + { + "id": "eip_load_balancer_production", + "public_ip": "YOUR_ALLOCATED_IP" + } + +Then to set up the Elastic IP on a system: + + ip_info = data_bag_item("aws", "eip_load_balancer_production") + + aws_elastic_ip "eip_load_balancer_production" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + ip ip_info['public_ip'] + action :associate + end + +This will use the loaded `aws` and `ip_info` databags to pass the required values into the resource to configure. Note that when associating an Elastic IP to an instance, connectivity to the instance will be lost because the public IP address is changed. You will need to reconnect to the instance with the new IP. + +You can also store this in a role as an attribute or assign to the node directly, if preferred. + +aws_elastic_lb +--------- + +`elastic_lb` opererates similar to `elastic_ip'. Make sure that you've created the ELB and enabled your instances' availability zones prior to using this provider. + +For example, to register the node in the 'QA' ELB: + aws_elastic_lb "elb_qa" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + name "QA" + action :register + end + +aws_resource_tag +---------------- + +`resource_tag` can be used to manipulate the tags assigned to one or more AWS resources, i.e. ec2 instances, ebs volumes or ebs volume snapshots. + +Assigining tags to a node to reflect it's role and environment: + + aws_resource_tag node['ec2']['instance_id'] do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + tags({"Name" => "www.example.com app server", + "Environment" => node.chef_environment}) + action :update + end + +Assigning a set of tags to multiple resources, e.g. ebs volumes in a disk set: + + aws_resource_tag 'my awesome raid set' do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + resource_id [ "vol-d0518cb2", "vol-fad31a9a", "vol-fb106a9f", "vol-74ed3b14" ] + tags({"Name" => "My awesome RAID disk set", + "Environment" => node.chef_environment}) + end + + +License and Author +================== + +* Author:: Chris Walters () +* Author:: AJ Christensen () +* Author:: Justin Huff () + +Copyright 2009-2010, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/attributes/default.rb new file mode 100644 index 000000000..eb6509581 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/attributes/default.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: aws +# Attributes:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['aws']['right_aws_version'] = "3.0.5" +default['aws']['databag_name'] = "aws" +default['aws']['databag_entry'] = "main" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/libraries/ec2.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/libraries/ec2.rb new file mode 100644 index 000000000..23de19324 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/libraries/ec2.rb @@ -0,0 +1,80 @@ +# +# Copyright:: Copyright (c) 2009 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# TODO: once sync_libraries properly handles sub-directories, move this file to aws/libraries/opscode/aws/ec2.rb + +require 'open-uri' + +module Opscode + module Aws + module Ec2 + def find_snapshot_id(volume_id="", find_most_recent=false) + snapshot_id = nil + snapshots = if find_most_recent + ec2.describe_snapshots.sort { |a,b| a[:aws_started_at] <=> b[:aws_started_at] } + else + ec2.describe_snapshots.sort { |a,b| b[:aws_started_at] <=> a[:aws_started_at] } + end + snapshots.each do |snapshot| + if snapshot[:aws_volume_id] == volume_id + snapshot_id = snapshot[:aws_id] + end + end + raise "Cannot find snapshot id!" unless snapshot_id + Chef::Log.debug("Snapshot ID is #{snapshot_id}") + snapshot_id + end + + def ec2 + begin + require 'right_aws' + rescue LoadError + Chef::Log.error("Missing gem 'right_aws'. Use the default aws recipe to install it first.") + end + + region = instance_availability_zone + region = region[0, region.length-1] + @@ec2 ||= RightAws::Ec2.new(new_resource.aws_access_key, new_resource.aws_secret_access_key, { :logger => Chef::Log, :region => region }) + end + + def instance_id + @@instance_id ||= query_instance_id + end + + def instance_availability_zone + @@instance_availability_zone ||= query_instance_availability_zone + end + + private + + def query_instance_id + instance_id = open('http://169.254.169.254/latest/meta-data/instance-id'){|f| f.gets} + raise "Cannot find instance id!" unless instance_id + Chef::Log.debug("Instance ID is #{instance_id}") + instance_id + end + + def query_instance_availability_zone + availability_zone = open('http://169.254.169.254/latest/meta-data/placement/availability-zone/'){|f| f.gets} + raise "Cannot find availability zone!" unless availability_zone + Chef::Log.debug("Instance's availability zone is #{availability_zone}") + availability_zone + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.json new file mode 100644 index 000000000..3d8e9eaf9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.json @@ -0,0 +1,30 @@ +{ + "name": "aws", + "description": "LWRPs for managing AWS resources", + "long_description": "Description\n===========\n\nThis cookbook provides libraries, resources and providers to configure and manage Amazon Web Services components and offerings with the EC2 API. Currently supported resources:\n\n* EBS Volumes (`ebs_volume`)\n* EBS Raid (`ebs_raid`)\n* Elastic IPs (`elastic_ip`)\n* Elastic Load Balancer (`elastic_lb`)\n* AWS Resource Tags (`resource_tag`)\n\nRequirements\n============\n\nRequires Chef 0.7.10 or higher for Lightweight Resource and Provider support. Chef 0.8+ is recommended. While this cookbook can be used in `chef-solo` mode, to gain the most flexibility, we recommend using `chef-client` with a Chef Server.\n\nAn Amazon Web Services account is required. The Access Key and Secret Access Key are used to authenticate with EC2.\n\nAWS Credentials\n===============\n\nIn order to manage AWS components, authentication credentials need to be available to the node. There are a number of ways to handle this, such as node attributes or roles. We recommend storing these in a databag (Chef 0.8+), and loading them in the recipe where the resources are needed.\n\nDataBag recommendation:\n\n % knife data bag show aws main\n {\n \"id\": \"main\",\n \"aws_access_key_id\": \"YOUR_ACCESS_KEY\",\n \"aws_secret_access_key\": \"YOUR_SECRET_ACCESS_KEY\"\n }\n\nThis can be loaded in a recipe with:\n\n aws = data_bag_item(\"aws\", \"main\")\n\nAnd to access the values:\n\n aws['aws_access_key_id']\n aws['aws_secret_access_key']\n\nWe'll look at specific usage below.\n\nRecipes\n=======\n\ndefault.rb\n----------\n\nThe default recipe installs the `right_aws` RubyGem, which this cookbook requires in order to work with the EC2 API. Make sure that the aws recipe is in the node or role `run_list` before any resources from this cookbook are used.\n\n \"run_list\": [\n \"recipe[aws]\"\n ]\n\nThe `gem_package` is created as a Ruby Object and thus installed during the Compile Phase of the Chef run.\n\nLibraries\n=========\n\nThe cookbook has a library module, `Opscode::AWS::Ec2`, which can be included where necessary:\n\n include Opscode::Aws::Ec2\n\nThis is needed in any providers in the cookbook. Along with some helper methods used in the providers, it sets up a class variable, `ec2` that is used along with the access and secret access keys\n\nResources and Providers\n=======================\n\nThis cookbook provides two resources and corresponding providers.\n\n`ebs_volume.rb`\n-------------\n\nManage Elastic Block Store (EBS) volumes with this resource.\n\nActions:\n\n* `create` - create a new volume.\n* `attach` - attach the specified volume.\n* `detach` - detach the specified volume.\n* `snapshot` - create a snapshot of the volume.\n* `prune` - prune snapshots.\n\nAttribute Parameters:\n\n* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required.\n* `size` - size of the volume in gigabytes.\n* `snapshot_id` - snapshot to build EBS volume from.\n* most_recent_snapshot - use the most recent snapshot when creating a volume from an existing volume (defaults to false)\n* `availability_zone` - EC2 region, and is normally automatically detected.\n* `device` - local block device to attach the volume to, e.g. `/dev/sdi` but no default value, required.\n* `volume_id` - specify an ID to attach, cannot be used with action `:create` because AWS assigns new volume IDs\n* `timeout` - connection timeout for EC2 API.\n* `snapshots_to_keep` - used with action `:prune` for number of snapshots to maintain.\n* `description` - used to set the description of an EBS snapshot\n* `volume_type` - standard or iops\n* `piops` - number of Provisioned IOPS to provision, must be > 100\n\n`ebs_raid.rb`\n-------------\n\nManage Elastic Block Store (EBS) raid devices with this resource.\n\nAttribute Parameters: \n\n* `mount_point` - where to mount the RAID volume\n* `disk_count` - number of EBS volumes to raid\n* `disk_size` - size of EBS volumes to raid\n* `level` - RAID level (default 10)\n* `filesystem` - filesystem to format raid array (default ext4)\n* `snapshots` - array of EBS snapshots to restore. Snapshots must be taken using an ec2 consistent snapshot tool, and tagged with a number that indicates how many devices are in the array being backed up (e.g. \"Logs Backup [0-4]\" for a four-volume raid array snapshot)\n* `disk_type` - standard or iops\n* `disk_piops` - number of Provisioned IOPS to provision per disk, must be > 100\n\n`elastic_ip.rb`\n-------------\n\nActions:\n\n* `associate` - associate the IP.\n* `disassociate` - disassociate the IP.\n\nAttribute Parameters:\n\n* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required.\n* `ip` - the IP address.\n* `timeout` - connection timeout for EC2 API.\n\n`elastic_lb.rb`\n-------------\n\nActions:\n\n* `register` - Add this instance to the LB\n* `deregister` - Remove this instance from the LB\n\nAttribute Parameters:\n\n* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required.\n* `name` - the name of the LB, required.\n\n`resource_tag.rb`\n------------------\n\nActions:\n\n* `add` - Add tags to a resource.\n* `update` - Add or modify existing tags on a resource -- this is the default action.\n* `remove` - Remove tags from a resource, but only if the specified values match the existing ones.\n* `force_remove` - Remove tags from a resource, regardless of their values.\n\nAttribute Parameters\n\n* `aws_secret_access_key`, `aws_access_key` - passed to `Opscode::AWS:Ec2` to authenticate, required.\n* `tags` - a hash of key value pairs to be used as resource tags, (e.g. `{ \"Name\" => \"foo\", \"Environment\" => node.chef_environment }`,) required.\n* `resource_id` - resources whose tags will be modified. The value may be a single ID as a string or multiple IDs in an array. If no `resource_id` is specified the name attribute will be used.\n\nUsage\n=====\n\nThe following examples assume that the recommended data bag item has been created and that the following has been included at the top of the recipe where they are used.\n\n include_recipe \"aws\"\n aws = data_bag_item(\"aws\", \"main\")\n\naws_ebs_volume\n--------------\n\nThe resource only handles manipulating the EBS volume, additional resources need to be created in the recipe to manage the attached volume as a filesystem or logical volume.\n\n aws_ebs_volume \"db_ebs_volume\" do\n aws_access_key aws['aws_access_key_id']\n aws_secret_access_key aws['aws_secret_access_key']\n size 50\n device \"/dev/sdi\"\n action [ :create, :attach ]\n end\n\nThis will create a 50G volume, attach it to the instance as `/dev/sdi`.\n\n aws_ebs_volume \"db_ebs_volume_from_snapshot\" do\n aws_access_key aws['aws_access_key_id']\n aws_secret_access_key aws['aws_secret_access_key']\n size 50\n device \"/dev/sdi\"\n snapshot_id \"snap-ABCDEFGH\"\n action [ :create, :attach ]\n end\n\nThis will create a new 50G volume from the snapshot ID provided and attach it as `/dev/sdi`.\n\naws_elastic_ip\n--------------\n\nThe `elastic_ip` resource provider does not support allocating new IPs. This must be done before running a recipe that uses the resource. After allocating a new Elastic IP, we recommend storing it in a databag and loading the item in the recipe.\n\nDatabag structure:\n\n % knife data bag show aws eip_load_balancer_production\n {\n \"id\": \"eip_load_balancer_production\",\n \"public_ip\": \"YOUR_ALLOCATED_IP\"\n }\n\nThen to set up the Elastic IP on a system:\n\n ip_info = data_bag_item(\"aws\", \"eip_load_balancer_production\")\n\n aws_elastic_ip \"eip_load_balancer_production\" do\n aws_access_key aws['aws_access_key_id']\n aws_secret_access_key aws['aws_secret_access_key']\n ip ip_info['public_ip']\n action :associate\n end\n\nThis will use the loaded `aws` and `ip_info` databags to pass the required values into the resource to configure. Note that when associating an Elastic IP to an instance, connectivity to the instance will be lost because the public IP address is changed. You will need to reconnect to the instance with the new IP.\n\nYou can also store this in a role as an attribute or assign to the node directly, if preferred.\n\naws_elastic_lb\n---------\n\n`elastic_lb` opererates similar to `elastic_ip'. Make sure that you've created the ELB and enabled your instances' availability zones prior to using this provider.\n\nFor example, to register the node in the 'QA' ELB:\n aws_elastic_lb \"elb_qa\" do\n aws_access_key aws['aws_access_key_id']\n aws_secret_access_key aws['aws_secret_access_key']\n name \"QA\"\n action :register\n end\n\naws_resource_tag\n----------------\n\n`resource_tag` can be used to manipulate the tags assigned to one or more AWS resources, i.e. ec2 instances, ebs volumes or ebs volume snapshots.\n\nAssigining tags to a node to reflect it's role and environment:\n\n aws_resource_tag node['ec2']['instance_id'] do\n aws_access_key aws['aws_access_key_id']\n aws_secret_access_key aws['aws_secret_access_key']\n tags({\"Name\" => \"www.example.com app server\",\n \"Environment\" => node.chef_environment})\n action :update\n end\n\nAssigning a set of tags to multiple resources, e.g. ebs volumes in a disk set:\n\n aws_resource_tag 'my awesome raid set' do\n aws_access_key aws['aws_access_key_id']\n aws_secret_access_key aws['aws_secret_access_key']\n resource_id [ \"vol-d0518cb2\", \"vol-fad31a9a\", \"vol-fb106a9f\", \"vol-74ed3b14\" ]\n tags({\"Name\" => \"My awesome RAID disk set\",\n \"Environment\" => node.chef_environment})\n end\n\n\nLicense and Author\n==================\n\n* Author:: Chris Walters ()\n* Author:: AJ Christensen ()\n* Author:: Justin Huff ()\n\nCopyright 2009-2010, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "aws": "Installs the right_aws gem during compile time" + }, + "version": "0.101.0" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.rb new file mode 100644 index 000000000..23dec6683 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/metadata.rb @@ -0,0 +1,8 @@ +name "aws" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "LWRPs for managing AWS resources" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.101.0" +recipe "aws", "Installs the right_aws gem during compile time" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_raid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_raid.rb new file mode 100644 index 000000000..f215169b2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_raid.rb @@ -0,0 +1,384 @@ +include Opscode::Aws::Ec2 + +action :auto_attach do + + package "mdadm" do + action :install + end + + # Baseline expectations. + node.set[:aws] ||= {} + node.set[:aws][:raid] ||= {} + + # Mount point information. + node.set[:aws][:raid][@new_resource.mount_point] ||= {} + + # we're done we successfully located what we needed + if !already_mounted(@new_resource.mount_point) && !locate_and_mount(@new_resource.mount_point, @new_resource.filesystem, @new_resource.filesystem_options) + + # If we get here, we couldn't auto attach, nor re-allocate an existing set of disks to ourselves. Auto create the md devices + create_raid_disks(@new_resource.mount_point, + @new_resource.disk_count, + @new_resource.disk_size, + @new_resource.level, + @new_resource.filesystem, + @new_resource.filesystem_options, + @new_resource.snapshots, + @new_resource.disk_type, + @new_resource.disk_piops) + + @new_resource.updated_by_last_action(true) + end +end + +private + +# AWS's volume attachment interface assumes that we're using +# sdX style device names. The ones we actually get will be xvdX +def find_free_volume_device_prefix + # Specific to ubuntu 11./12. + vol_dev = "sdh" + + begin + vol_dev = vol_dev.next + base_device = "/dev/#{vol_dev}1" + Chef::Log.info("dev pre trim #{base_device}") + end while ::File.exists?(base_device) + + vol_dev +end + +def find_free_md_device_name + number=0 + #TODO, this won't work with more than 10 md devices + begin + dir = "/dev/md#{number}" + Chef::Log.info("md pre trim #{dir}") + number +=1 + end while ::File.exists?(dir) + + dir[5, dir.length] +end + +def md_device_from_mount_point(mount_point) + md_device = "" + Dir.glob("/dev/md[0-9]*").each do |dir| + # Look at the mount point directory and see if containing device + # is the same as the md device. + if ::File.lstat(dir).rdev == ::File.lstat(mount_point).dev + md_device = dir + break + end + end + md_device +end + +def update_node_from_md_device(md_device, mount_point) + command = "mdadm --misc -D #{md_device} | grep '/dev/s' | awk '{print $7}' | tr '\\n' ' '" + Chef::Log.info("Running #{command}") + raid_devices = `#{command}` + Chef::Log.info("already found the mounted device, created from #{raid_devices}") + + node.set[:aws][:raid][mount_point][:raid_dev] = md_device.sub(/\/dev\//,"") + node.set[:aws][:raid][mount_point][:devices] = raid_devices + node.save +end + +# Dumb way to look for mounted raid devices. Assumes that the machine +# will only create one. +def find_md_device + md_device = nil + Dir.glob("/dev/md[0-9]*").each do |dir| + Chef::Log.error("More than one /dev/mdX found.") unless md_device.nil? + md_device = dir + end + md_device +end + +def already_mounted(mount_point) + if !::File.exists?(mount_point) + return false + end + + md_device = md_device_from_mount_point(mount_point) + if !md_device || md_device == "" + return false + end + + update_node_from_md_device(md_device, mount_point) + + return true +end + +# Attempt to find an unused data bag and mount all the EBS volumes to our system +# Note: recovery from this assumed state is weakly untested. +def locate_and_mount(mount_point, filesystem, filesystem_options) + + if node[:aws].nil? || node[:aws][:raid].nil? || node[:aws][:raid][mount_point].nil? + Chef::Log.info("No mount point found '#{mount_point}' for node") + return false + end + + if node[:aws][:raid][mount_point][:raid_dev].nil? || node[:aws][:raid][mount_point][:device_map].nil? + Chef::Log.info("No raid device found for mount point '#{mount_point}' for node") + return false + end + + raid_dev = node[:aws][:raid][mount_point][:raid_dev] + devices_string = device_map_to_string(node[:aws][:raid][mount_point][:device_map]) + + Chef::Log.info("Raid device is #{raid_dev} and mount path is #{mount_point}") + + # Mount volumes + mount_volumes(node[:aws][:raid][mount_point][:device_map]) + + # Assemble raid device. + assemble_raid(raid_dev, devices_string) + + # Now mount the drive + mount_device(raid_dev, mount_point, filesystem, filesystem_options) + + true +end + +# TODO fix this kludge: ideally we'd pull in the device information from the ebs_volume +# resource but it's not up-to-date at this time without breaking this action up. +def correct_device_map(device_map) + corrected_device_map = {} + # Rekey + device_map.keys.each do |k| + if k.start_with?('sd') + new_k = 'xvd' + k[2..-1] + if corrected_device_map.include?(new_k) + Chef::Log.error("Unable to remap due to collision.") + return {} + end + corrected_device_map[new_k] = device_map[k] + else + corrected_device_map[k] = device_map[k] + end + end + corrected_device_map +end + +# Generate the string using the corrected map. +def device_map_to_string(device_map) + corrected_map = correct_device_map(device_map) + + devices_string = "" + corrected_map.keys.sort.each do |k| + devices_string += "/dev/#{k} " + end + devices_string +end + +def mount_volumes(device_vol_map) + # Attach the volumes + device_vol_map.keys.sort.each do |dev_device| + attach_volume(dev_device, device_vol_map[dev_device]) + end + + # Wait until all volumes are mounted + ruby_block "wait_#{new_resource.name}" do + block do + count = 0 + begin + Chef::Log.info("sleeping 10 seconds until EBS volumes have re-attached") + sleep 10 + count += 1 + end while !device_vol_map.all? {|dev_path| ::File.exists?(dev_path) } + + # Accounting to see how often this code actually gets used. + node.set[:aws][:raid][mount_point][:device_attach_delay] = count * 10 + end + end +end + +# Assembles the raid if it doesn't already exist +# Note: raid_dev is the "suggested" location. mdadm may actually put it somewhere else. +def assemble_raid(raid_dev, devices_string) + if ::File.exists?(raid_dev) + Chef::Log.info("Device #{raid_dev} exists skipping") + return + end + + Chef::Log.info("Raid device #{raid_dev} does not exist re-assembling") + Chef::Log.debug("Devices for #{raid_dev} are #{devices_string}") + + # Now that attach is done we re-build the md device + execute "re-attaching raid device" do + command "mdadm --assemble #{raid_dev} #{devices_string}" + # mdadm may return 2 but still return a clean raid device. + returns [0, 2] + end +end + + +def mount_device(raid_dev, mount_point, filesystem, filesystem_options) + # Create the mount point + directory mount_point do + owner "root" + group "root" + mode 0755 + action :create + not_if "test -d #{mount_point}" + end + + # Try to figure out the actual device. + ruby_block "find md device in #{new_resource.name}" do + block do + if ::File.exists?(mount_point) + Chef::Log.info("Already mounted: #{mount_point}") + end + + # For some silly reason we can't call the function. + md_device = nil + Dir.glob("/dev/md[0-9]*").each do |dir| + Chef::Log.error("More than one /dev/mdX found.") unless md_device.nil? + md_device = dir + end + + Chef::Log.info("Found #{md_device}") + + # the mountpoint must be determined dynamically, so I can't use the chef mount + system("mount -t #{filesystem} -o #{filesystem_options} #{md_device} #{mount_point}") + end + end +end + +# Attach all existing ami instances if they exist on this node, if not, we want an error to occur Detects disk from node information +def attach_volume(disk_dev, volume_id) + disk_dev_path = "/dev/#{disk_dev}" + + aws = data_bag_item(node['aws']['databag_name'], node['aws']['databag_entry']) + + Chef::Log.info("Attaching existing ebs volume id #{volume_id} for device #{disk_dev_path}") + + aws_ebs_volume "#{disk_dev_path}" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + device disk_dev_path + name disk_dev + volume_id volume_id + action [:attach] + provider "aws_ebs_volume" + end +end + +# Mount point for where to mount I.E /mnt/filesystem +# Diskset I.E sdi (which creates sdi1-sdi +# Raid size. The total size of the array +# Raid level. The raid level to use. +# Filesystem. The file system to create. +# Filesystem_options The options to pass to mount +# Snapshots. The list of snapshots to create the ebs volumes from. +# If it's not nil, must have exactly elements + +def create_raid_disks(mount_point, num_disks, disk_size, + level, filesystem, filesystem_options, snapshots, disk_type, disk_piops) + + creating_from_snapshot = !(snapshots.nil? || snapshots.size == 0) + + disk_dev = find_free_volume_device_prefix + Chef::Log.debug("vol device prefix is #{disk_dev}") + + raid_dev = find_free_md_device_name + Chef::Log.debug("target raid device is #{raid_dev}") + + devices = {} + + # For each volume add information to the mount metadata + (1..num_disks).each do |i| + + disk_dev_path = "#{disk_dev}#{i}" + + aws = data_bag_item(node['aws']['databag_name'], node['aws']['databag_entry']) + + Chef::Log.info "Snapshot array is #{snapshots[i-1]}" + aws_ebs_volume "#{disk_dev_path}" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + size disk_size + volume_type disk_type + piops disk_piops + device "/dev/#{disk_dev_path}" + name disk_dev_path + action [:create, :attach] + snapshot_id creating_from_snapshot ? snapshots[i-1] : "" + provider "aws_ebs_volume" + + # set up our data bag info + devices[disk_dev_path] = "pending" + + Chef::Log.info("creating ebs volume for device #{disk_dev_path} with size #{disk_size}") + end + + Chef::Log.info("attach dev: #{disk_dev_path}") + end + + ruby_block "sleeping_#{new_resource.name}" do + block do + Chef::Log.debug("sleeping 10 seconds to let drives attach") + sleep 10 + end + end + + # Create the raid device strings w/sd => xvd correction + devices_string = device_map_to_string(devices) + Chef::Log.info("finished sorting devices #{devices_string}") + + if not creating_from_snapshot + # Create the raid device on our system + execute "creating raid device" do + Chef::Log.info("creating raid device /dev/#{raid_dev} with raid devices #{devices_string}") + command "mdadm --create /dev/#{raid_dev} --level=#{level} --raid-devices=#{devices.size} #{devices_string}" + end + + # NOTE: must be a better way. + # Try to figure out the actual device. + ruby_block "formatting md device in #{new_resource.name}" do + block do + # For some silly reason we can't call the function. + md_device = nil + Dir.glob("/dev/md[0-9]*").each do |dir| + Chef::Log.error("More than one /dev/mdX found.") unless md_device.nil? + md_device = dir + end + + Chef::Log.info("Format device found: #{md_device}") + case filesystem + when "ext4" + system("mke2fs -t #{filesystem} -F #{md_device}") + else + #TODO fill in details on how to format other filesystems here + Chef::Log.info("Can't format filesystem #{filesystem}") + end + end + end + else + # Reassembling the raid device on our system + assemble_raid("/dev/#{raid_dev}", devices_string) + end + + # Mount the device + mount_device(raid_dev, mount_point, filesystem, filesystem_options) + + # Not invoked until the volumes have been successfully created and attached + ruby_block "databagupdate" do + block do + Chef::Log.info("finished creating disks") + + devices.each_pair do |key, value| + value = node[:aws][:ebs_volume][key][:volume_id] + devices[key] = value + Chef::Log.info("value is #{value}") + end + + # Assemble all the data bag meta data + node.set[:aws][:raid][mount_point][:raid_dev] = raid_dev + node.set[:aws][:raid][mount_point][:device_map] = devices + node.save + end + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_volume.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_volume.rb new file mode 100644 index 000000000..726973105 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/ebs_volume.rb @@ -0,0 +1,264 @@ +include Opscode::Aws::Ec2 + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + raise "Cannot create a volume with a specific id (EC2 chooses volume ids)" if new_resource.volume_id + if new_resource.snapshot_id =~ /vol/ + new_resource.snapshot_id(find_snapshot_id(new_resource.snapshot_id, new_resource.most_recent_snapshot)) + end + + nvid = volume_id_in_node_data + if nvid + # volume id is registered in the node data, so check that the volume in fact exists in EC2 + vol = volume_by_id(nvid) + exists = vol && vol[:aws_status] != "deleting" + # TODO: determine whether this should be an error or just cause a new volume to be created. Currently erring on the side of failing loudly + raise "Volume with id #{nvid} is registered with the node but does not exist in EC2. To clear this error, remove the ['aws']['ebs_volume']['#{new_resource.name}']['volume_id'] entry from this node's data." unless exists + else + # Determine if there is a volume that meets the resource's specifications and is attached to the current + # instance in case a previous [:create, :attach] run created and attached a volume but for some reason was + # not registered in the node data (e.g. an exception is thrown after the attach_volume request was accepted + # by EC2, causing the node data to not be stored on the server) + if new_resource.device && (attached_volume = currently_attached_volume(instance_id, new_resource.device)) + Chef::Log.debug("There is already a volume attached at device #{new_resource.device}") + compatible = volume_compatible_with_resource_definition?(attached_volume) + raise "Volume #{attached_volume[:aws_id]} attached at #{attached_volume[:aws_device]} but does not conform to this resource's specifications" unless compatible + Chef::Log.debug("The volume matches the resource's definition, so the volume is assumed to be already created") + converge_by("update the node data with volume id: #{attached_volume[:aws_id]}") do + node.set['aws']['ebs_volume'][new_resource.name]['volume_id'] = attached_volume[:aws_id] + node.save unless Chef::Config[:solo] + end + else + # If not, create volume and register its id in the node data + converge_by("create a volume with id=#{new_resource.snapshot_id} size=#{new_resource.size} availability_zone=#{new_resource.availability_zone} and update the node data with created volume's id") do + nvid = create_volume(new_resource.snapshot_id, + new_resource.size, + new_resource.availability_zone, + new_resource.timeout, + new_resource.volume_type, + new_resource.piops) + node.set['aws']['ebs_volume'][new_resource.name]['volume_id'] = nvid + node.save unless Chef::Config[:solo] + end + end + end +end + +action :attach do + # determine_volume returns a Hash, not a Mash, and the keys are + # symbols, not strings. + vol = determine_volume + + if vol[:aws_status] == "in-use" + if vol[:aws_instance_id] != instance_id + raise "Volume with id #{vol[:aws_id]} exists but is attached to instance #{vol[:aws_instance_id]}" + else + Chef::Log.debug("Volume is already attached") + end + else + converge_by("attach the volume with aws_id=#{vol[:aws_id]} id=#{instance_id} device=#{new_resource.device} and update the node data with created volume's id") do + # attach the volume and register its id in the node data + attach_volume(vol[:aws_id], instance_id, new_resource.device, new_resource.timeout) + # always use a symbol here, it is a Hash + node.set['aws']['ebs_volume'][new_resource.name]['volume_id'] = vol[:aws_id] + node.save unless Chef::Config[:solo] + end + end +end + +action :detach do + vol = determine_volume + return if vol[:aws_instance_id] != instance_id + converge_by("detach volume with id: #{vol[:aws_id]}") do + detach_volume(vol[:aws_id], new_resource.timeout) + end +end + +action :snapshot do + vol = determine_volume + converge_by("would create a snapshot for volume: #{vol[:aws_id]}") do + snapshot = ec2.create_snapshot(vol[:aws_id],new_resource.description) + Chef::Log.info("Created snapshot of #{vol[:aws_id]} as #{snapshot[:aws_id]}") + end +end + +action :prune do + vol = determine_volume + old_snapshots = Array.new + Chef::Log.info "Checking for old snapshots" + ec2.describe_snapshots.sort { |a,b| b[:aws_started_at] <=> a[:aws_started_at] }.each do |snapshot| + if snapshot[:aws_volume_id] == vol[:aws_id] + Chef::Log.info "Found old snapshot #{snapshot[:aws_id]} (#{snapshot[:aws_volume_id]}) #{snapshot[:aws_started_at]}" + old_snapshots << snapshot + end + end + if old_snapshots.length > new_resource.snapshots_to_keep + old_snapshots[new_resource.snapshots_to_keep, old_snapshots.length].each do |die| + converge_by("delete snapshot with id: #{die[:aws_id]}") do + Chef::Log.info "Deleting old snapshot #{die[:aws_id]}" + ec2.delete_snapshot(die[:aws_id]) + end + end + end +end + +private + +def volume_id_in_node_data + begin + node['aws']['ebs_volume'][new_resource.name]['volume_id'] + rescue NoMethodError => e + nil + end +end + +# Pulls the volume id from the volume_id attribute or the node data and verifies that the volume actually exists +def determine_volume + vol = currently_attached_volume(instance_id, new_resource.device) + vol_id = new_resource.volume_id || volume_id_in_node_data || ( vol ? vol[:aws_id] : nil ) + raise "volume_id attribute not set and no volume id is set in the node data for this resource (which is populated by action :create) and no volume is attached at the device" unless vol_id + + # check that volume exists + vol = volume_by_id(vol_id) + raise "No volume with id #{vol_id} exists" unless vol + + vol +end + +# Retrieves information for a volume +def volume_by_id(volume_id) + ec2.describe_volumes.find{|v| v[:aws_id] == volume_id} +end + +# Returns the volume that's attached to the instance at the given device or nil if none matches +def currently_attached_volume(instance_id, device) + ec2.describe_volumes.find{|v| v[:aws_instance_id] == instance_id && v[:aws_device] == device} +end + +# Returns true if the given volume meets the resource's attributes +def volume_compatible_with_resource_definition?(volume) + if new_resource.snapshot_id =~ /vol/ + new_resource.snapshot_id(find_snapshot_id(new_resource.snapshot_id, new_resource.most_recent_snapshot)) + end + (new_resource.size.nil? || new_resource.size == volume[:aws_size]) && + (new_resource.availability_zone.nil? || new_resource.availability_zone == volume[:zone]) && + (new_resource.snapshot_id.nil? || new_resource.snapshot_id == volume[:snapshot_id]) +end + +# Creates a volume according to specifications and blocks until done (or times out) +def create_volume(snapshot_id, size, availability_zone, timeout, volume_type, piops) + availability_zone ||= instance_availability_zone + + # Sanity checks so we don't shoot ourselves. + raise "Invalid volume type: #{volume_type}" unless ['standard', 'io1'].include?(volume_type) + + # PIOPs requested. Must specify an iops param and probably won't be "low". + if volume_type == 'io1' + raise 'IOPS value not specified.' unless piops > 100 + end + + # Shouldn't see non-zero piops param without appropriate type. + if piops > 0 + raise 'IOPS param without piops volume type.' unless volume_type == 'io1' + end + + create_volume_opts = { :volume_type => volume_type } + # TODO: this may have to be casted to a string. rightaws vs aws doc discrepancy. + create_volume_opts[:iops] = piops if volume_type == 'io1' + + nv = ec2.create_volume(snapshot_id, size, availability_zone, create_volume_opts) + Chef::Log.debug("Created new volume #{nv[:aws_id]}#{snapshot_id ? " based on #{snapshot_id}" : ""}") + + # block until created + begin + Timeout::timeout(timeout) do + while true + vol = volume_by_id(nv[:aws_id]) + if vol && vol[:aws_status] != "deleting" + if ["in-use", "available"].include?(vol[:aws_status]) + Chef::Log.info("Volume #{nv[:aws_id]} is available") + break + else + Chef::Log.debug("Volume is #{vol[:aws_status]}") + end + sleep 3 + else + raise "Volume #{nv[:aws_id]} no longer exists" + end + end + end + rescue Timeout::Error + raise "Timed out waiting for volume creation after #{timeout} seconds" + end + + nv[:aws_id] +end + +# Attaches the volume and blocks until done (or times out) +def attach_volume(volume_id, instance_id, device, timeout) + Chef::Log.debug("Attaching #{volume_id} as #{device}") + ec2.attach_volume(volume_id, instance_id, device) + + # block until attached + begin + Timeout::timeout(timeout) do + while true + vol = volume_by_id(volume_id) + if vol && vol[:aws_status] != "deleting" + if vol[:aws_attachment_status] == "attached" + if vol[:aws_instance_id] == instance_id + Chef::Log.info("Volume #{volume_id} is attached to #{instance_id}") + break + else + raise "Volume is attached to instance #{vol[:aws_instance_id]} instead of #{instance_id}" + end + else + Chef::Log.debug("Volume is #{vol[:aws_status]}") + end + sleep 3 + else + raise "Volume #{volume_id} no longer exists" + end + end + end + rescue Timeout::Error + raise "Timed out waiting for volume attachment after #{timeout} seconds" + end +end + +# Detaches the volume and blocks until done (or times out) +def detach_volume(volume_id, timeout) + Chef::Log.debug("Detaching #{volume_id}") + vol = volume_by_id(volume_id) + orig_instance_id = vol[:aws_instance_id] + ec2.detach_volume(volume_id) + + # block until detached + begin + Timeout::timeout(timeout) do + while true + vol = volume_by_id(volume_id) + if vol && vol[:aws_status] != "deleting" + if vol[:aws_instance_id] != orig_instance_id + Chef::Log.info("Volume detached from #{orig_instance_id}") + break + else + Chef::Log.debug("Volume: #{vol.inspect}") + end + else + Chef::Log.debug("Volume #{volume_id} no longer exists") + break + end + sleep 3 + end + end + rescue Timeout::Error + raise "Timed out waiting for volume detachment after #{timeout} seconds" + end +end + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_ip.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_ip.rb new file mode 100644 index 000000000..b538152d2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_ip.rb @@ -0,0 +1,90 @@ +include Opscode::Aws::Ec2 + +# Support whyrun +def whyrun_supported? + true +end + +action :associate do + addr = address(new_resource.ip) + + if addr.nil? + raise "Elastic IP #{new_resource.ip} does not exist" + elsif addr[:instance_id] == instance_id + Chef::Log.debug("Elastic IP #{new_resource.ip} is already attached to the instance") + else + converge_by("attach Elastic IP #{new_resource.ip} to the instance") do + Chef::Log.info("Attaching Elastic IP #{new_resource.ip} to the instance") + attach(new_resource.ip, new_resource.timeout) + end + end +end + +action :disassociate do + addr = address(new_resource.ip) + + if addr.nil? + Chef::Log.debug("Elastic IP #{new_resource.ip} does not exist, so there is nothing to detach") + elsif addr[:instance_id] != instance_id + Chef::Log.debug("Elastic IP #{new_resource.ip} is already detached from the instance") + else + converge_by("detach Elastic IP #{new_resource.ip} from the instance") do + Chef::Log.info("Detaching Elastic IP #{new_resource.ip} from the instance") + detach(new_resource.ip, new_resource.timeout) + end + end +end + +private + +def address(ip) + ec2.describe_addresses.find{|a| a[:public_ip] == ip} +end + +def attach(ip, timeout) + ec2.associate_address(instance_id, {:public_ip => ip}) + + # block until attached + begin + Timeout::timeout(timeout) do + while true + addr = address(ip) + if addr.nil? + raise "Elastic IP has been deleted while waiting for attachment" + elsif addr[:instance_id] == instance_id + Chef::Log.debug("Elastic IP is attached to this instance") + break + else + Chef::Log.debug("Elastic IP is currently attached to #{addr[:instance_id]}") + end + sleep 3 + end + end + rescue Timeout::Error + raise "Timed out waiting for attachment after #{timeout} seconds" + end +end + +def detach(ip, timeout) + ec2.disassociate_address({:public_ip => ip}) + + # block until detached + begin + Timeout::timeout(timeout) do + while true + addr = address(ip) + if addr.nil? + Chef::Log.debug("Elastic IP has been deleted while waiting for detachment") + elsif addr[:instance_id] != instance_id + Chef::Log.debug("Elastic IP is detached from this instance") + break + else + Chef::Log.debug("Elastic IP is still attached") + end + sleep 3 + end + end + rescue Timeout::Error + raise "Timed out waiting for detachment after #{timeout} seconds" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_lb.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_lb.rb new file mode 100644 index 000000000..dc8b8cf5a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/elastic_lb.rb @@ -0,0 +1,34 @@ +include Opscode::Aws::Ec2 + +action :register do + converge_by("add the node #{new_resource.name} to ELB") do + target_lb = elb.describe_load_balancers.find {|lb| lb[:load_balancer_name] == new_resource.name } + unless target_lb[:instances].include?(instance_id) + Chef::Log.info("Adding node to ELB #{new_resource.name}") + elb.register_instances_with_load_balancer(new_resource.name, instance_id) + else + Chef::Log.debug("Node #{instance_id} is already present in ELB instances, no action required.") + end + end +end + +action :deregister do + converge_by("remove the node #{new_resource.name} from ELB") do + target_lb = elb.describe_load_balancers.find {|lb| lb[:load_balancer_name] == new_resource.name } + if target_lb[:instances].include?(instance_id) + Chef::Log.info("Removing node from ELB #{new_resource.name}") + elb.deregister_instances_with_load_balancer(new_resource.name, instance_id) + else + Chef::Log.debug("Node #{instance_id} is not present in ELB instances, no action required.") + end + end +end + +private + +def elb + region = instance_availability_zone + region = region[0, region.length-1] + @@elb ||= RightAws::ElbInterface.new(new_resource.aws_access_key, new_resource.aws_secret_access_key, { :logger => Chef::Log, :region => region }) +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/resource_tag.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/resource_tag.rb new file mode 100644 index 000000000..c3cdd486c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/providers/resource_tag.rb @@ -0,0 +1,95 @@ +include Opscode::Aws::Ec2 + +action :add do + + unless @new_resource.resource_id + resource_id = @new_resource.name + else + resource_id = @new_resource.resource_id + end + + @new_resource.tags.each do |k,v| + unless @current_resource.tags.keys.include?(k) + converge_by("add tag '#{k}' with value '#{v}' on resource #{resource_id}") do + ec2.create_tags(resource_id, { k => v }) + Chef::Log.info("AWS: Added tag '#{k}' with value '#{v}' on resource #{resource_id}") + end + else + Chef::Log.debug("AWS: Resource #{resource_id} already has a tag with key '#{k}', will not add tag '#{k}' => '#{v}'") + end + end +end + +action :update do + unless @new_resource.resource_id + resource_id = @new_resource.name + else + resource_id = @new_resource.resource_id + end + + updated_tags = @current_resource.tags.merge(@new_resource.tags) + unless updated_tags.eql?(@current_resource.tags) + # tags that begin with "aws" are reserved + converge_by("Updating the following tags for resource #{resource_id} (skipping AWS tags): " + updated_tags.inspect) do + Chef::Log.info("AWS: Updating the following tags for resource #{resource_id} (skipping AWS tags): " + updated_tags.inspect) + updated_tags.delete_if { |key, value| key.to_s.match /^aws/ } + ec2.create_tags(resource_id, updated_tags) + end + else + Chef::Log.debug("AWS: Tags for resource #{resource_id} are unchanged") + end +end + +action :remove do + unless @new_resource.resource_id + resource_id = @new_resource.name + else + resource_id = @new_resource.resource_id + end + + tags_to_delete = @new_resource.tags.keys + + tags_to_delete.each do |key| + if @current_resource.tags.keys.include?(key) and @current_resource.tags[key] == @new_resource.tags[key] + converge_by("delete tag '#{key}' on resource #{resource_id} with value '#{@current_resource.tags[key]}'") do + ec2.delete_tags(resource_id, {key => @new_resource.tags[key]}) + Chef::Log.info("AWS: Deleted tag '#{key}' on resource #{resource_id} with value '#{@current_resource.tags[key]}'") + end + end + end +end + +action :force_remove do + unless @new_resource.resource_id + resource_id = @new_resource.name + else + resource_id = @new_resource.resource_id + end + + @new_resource.tags.keys do |key| + if @current_resource.tags.keys.include?(key) + converge_by("AWS: Deleted tag '#{key}' on resource #{resource_id} with value '#{@current_resource.tags[key]}'") do + ec2.delete_tags(resource_id, key) + Chef::Log.info("AWS: Deleted tag '#{key}' on resource #{resource_id} with value '#{@current_resource.tags[key]}'") + end + end + end +end + +def load_current_resource + @current_resource = Chef::Resource::AwsResourceTag.new(@new_resource.name) + @current_resource.name(@new_resource.name) + unless @new_resource.resource_id + @current_resource.resource_id(@new_resource.name) + else + @current_resource.resource_id(@new_resource.resource_id) + end + + @current_resource.tags(Hash.new) + + ec2.describe_tags(:filters => { 'resource-id' => @current_resource.resource_id }).map { + |tag| @current_resource.tags[tag[:key]] = tag[:value] + } + + @current_resource +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/recipes/default.rb new file mode 100644 index 000000000..99f1ffb73 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/recipes/default.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: aws +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_gem "right_aws" do + version node['aws']['right_aws_version'] + action :install +end + +require 'right_aws' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_raid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_raid.rb new file mode 100644 index 000000000..1af0792a3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_raid.rb @@ -0,0 +1,12 @@ +actions :auto_attach + +attribute :mount_point, :kind_of => String +attribute :disk_count, :kind_of => Integer +attribute :disk_size, :kind_of => Integer +attribute :level, :default => 10 +attribute :filesystem, :default => "ext4" +attribute :filesystem_options, :default => "rw,noatime,nobootwait" +attribute :snapshots, :default => [] +attribute :disk_type, :kind_of => String, :default => 'standard' +attribute :disk_piops, :kind_of => Integer, :default => 0 + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_volume.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_volume.rb new file mode 100644 index 000000000..0329eee86 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/ebs_volume.rb @@ -0,0 +1,20 @@ +actions :create, :attach, :detach, :snapshot, :prune + +attribute :aws_access_key, :kind_of => String +attribute :aws_secret_access_key, :kind_of => String +attribute :size, :kind_of => Integer +attribute :snapshot_id, :kind_of => String +attribute :most_recent_snapshot, :kind_of => [TrueClass, FalseClass], :default => false +attribute :availability_zone, :kind_of => String +attribute :device, :kind_of => String +attribute :volume_id, :kind_of => String +attribute :description, :kind_of => String +attribute :timeout, :default => 3*60 # 3 mins, nil or 0 for no timeout +attribute :snapshots_to_keep, :default => 2 +attribute :volume_type, :kind_of => String, :default => 'standard' +attribute :piops, :kind_of => Integer, :default => 0 + +def initialize(*args) + super + @action = :create +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_ip.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_ip.rb new file mode 100644 index 000000000..3ff89546b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_ip.rb @@ -0,0 +1,11 @@ +actions :associate, :disassociate + +attribute :aws_access_key, :kind_of => String +attribute :aws_secret_access_key, :kind_of => String +attribute :ip, :kind_of => String +attribute :timeout, :default => 3*60 # 3 mins, nil or 0 for no timeout + +def initialize(*args) + super + @action = :associate +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_lb.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_lb.rb new file mode 100644 index 000000000..81d95dd07 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/elastic_lb.rb @@ -0,0 +1,10 @@ +actions :register, :deregister + +attribute :aws_access_key, :kind_of => String +attribute :aws_secret_access_key, :kind_of => String +attribute :name, :kind_of => String + +def initialize(*args) + super + @action = :register +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/resource_tag.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/resource_tag.rb new file mode 100644 index 000000000..dd1375f24 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/aws/resources/resource_tag.rb @@ -0,0 +1,11 @@ +def initialize(*args) + super + @action = :update +end + +actions :add, :update, :remove, :force_remove + +attribute :aws_access_key, :kind_of => String, :required => true +attribute :aws_secret_access_key, :kind_of => String, :required => true +attribute :resource_id, :kind_of => [ String, Array ], :regex => /(i|snap|vol)-[a-zA-Z0-9]+/ +attribute :tags, :kind_of => Hash, :required => true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/.kitchen.yml new file mode 100644 index 000000000..8cd2acd10 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/.kitchen.yml @@ -0,0 +1,42 @@ +--- +driver_plugin: vagrant +platforms: +- name: debian-6 + driver_config: + box: opscode-debian-6 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_debian-6.0.7_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +- name: ubuntu-12.10 + driver_config: + box: canonical-ubuntu-12.10 + box_url: http://cloud-images.ubuntu.com/vagrant/quantal/current/quantal-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.0 +- name: ubuntu-12.04 + driver_config: + box: canonical-ubuntu-12.04 + box_url: http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.0 +- name: ubuntu-11.04 + driver_config: + box: opscode-ubuntu-11.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/boxes/opscode-ubuntu-11.04.box + require_chef_omnibus: 11.4.0 +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +- name: centos-6.3 + driver_config: + box: opscode-centos-6.3 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.3_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +- name: centos-5.8 + driver_config: + box: opscode-centos-5.8 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.8_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +suites: +- name: default + run_list: + - recipe[build-essential] diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/Berksfile new file mode 100644 index 000000000..c4bb297b7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/Berksfile @@ -0,0 +1,3 @@ +site :opscode + +metadata diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CHANGELOG.md new file mode 100644 index 000000000..9f5005026 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CHANGELOG.md @@ -0,0 +1,42 @@ +## v1.4.0: + +This version splits up the default recipe into recipes included based +on the node's platform_family. + +* [COOK-2505] - backport omnibus builder improvements + +## v1.3.4: + +* [COOK-2272] - Complete `platform_family` conversion in build-essential + +## v1.3.2: + +* [COOK-2069] - build-essential will install osx-gcc-installer when + Xcode is present + +## v1.3.0: + + * [COOK-1895] - support smartos + +## v1.2.0: + +* Add test-kitchen support (source repo only) +* [COOK-1677] - build-essential cookbook support for OpenSuse and SLES +* [COOK-1718] - build-essential cookbook metadata should include scientific +* [COOK-1768] - The apt-get update in build-essentials needs to be renamed + +## v1.1.2: + +* [COOK-1620] - support OS X 10.8 + +## v1.1.0: + +* [COOK-1098] - support amazon linux +* [COOK-1149] - support Mac OS X +* [COOK-1296] - allow for compile-time installation of packages + through an attribute (see README) + +## v1.0.2: + +* [COOK-1098] - Add Amazon Linux platform support +* [COOK-1149] - Add OS X platform support diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/README.md new file mode 100644 index 000000000..22ad8bbb7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/README.md @@ -0,0 +1,139 @@ +Description +=========== + +Installs packages required for compiling C software from source. Use +this cookbook if you wish to compile C programs, or install RubyGems +with native extensions. + +Requirements +============ + +Chef version 0.10.10+ and Ohai 0.6.12+ are required. + +## Platform + +Supported platforms by platform family: + +* debian (debian, ubuntu) +* fedora +* mac_os_x (10.6+) +* rhel (centos, redhat, amazon, scientific) +* smartos +* solaris2 + +## Cookbooks + +This cookbook suggests the following external cookbooks: + +* [pkgin](http://community.opscode.com/cookbooks/pkgin) (someara) - SmartOS only +* [pkgutil](http://community.opscode.com/cookbooks/pkgutil) (marthag) - Solaris 2 only + +Attributes +========== + +* `node['build_essential']['compiletime']` - Whether the resources in +the default recipe should be configured at the "Compile" phase of the +Chef run. Defaults to false, see __Usage__ for more information. +* `node['build_essential']['osx']['gcc_installer_url']` - The URL of + the OS X GCC package installer (.pkg). +* `node['build_essential']['osx']['gcc_installer_checksum']` - The + SHA256 checksum of the OS X GCC installer. + +Recipes +======= + +The main entrypoint for this cookbook is the `default` recipe. This +recipe includes a platform specific recipe based on the node's platform +family. + +On Linux platforms (see __Platform__ above for a supported list of +families), packages required to build C source projects are installed. +This includes GCC, make, autconf and others. On Debian-family +distributions, the apt-cache may need to be updated, especially during +compile time installation. See __Usage__ for further information. + +On Mac OS X, the GCC standalone installer by Kenneth Reitz is +installed. Note that this is *not* the Xcode CLI package, as that does +not include all programs and headers required to build some common +GNU-style C projects, such as those that are available from projects +such as MacPorts or Homebrew. Changing the attributes for the GCC +installer URL and checksum to the Xcode values may work, but this is +untested. + +Usage +===== + +Simply include the `build-essential` and the required tools will be +installed to the system, and later recipes will be able to compile +software from C source code. + +For RubyGems that include native C extensions you wish to use with +Chef, you should do two things. + +0. Ensure that the C libraries, include files and other assorted "dev" +type packages are installed. You should do this in the compile phase +after the build-essential recipe. +1. Use the `chef_gem` resource in your recipes. This requires Chef version 0.10.10+. +2. Set the `compiletime` attribute in roles where such recipes are +required. This will ensure that the build tools are available to +compile the RubyGems' extensions, as `chef_gem` happens during the +compile phase, too. + +Example installation of a devel package at compile-time in a recipe: + + package "mypackage-dev" do + action :nothing + end.run_action(:install) + +Example use of `chef_gem`: + + chef_gem "mygem" + +Example role: + + name "myapp" + run_list( + "recipe[build-essential]", + "recipe[myapp]" + ) + default_attributes( + "build_essential" => { + "compiletime" => true + } + ) + +The compile time option (via the attribute) is to ensure that the +proper packages are available at the right time in the Chef run. It is +recommended that the build-essential recipe appear early in the run +list. + +The Chef wiki has documentation on +[the anatomy of a chef run](http://wiki.opscode.com/display/chef/Anatomy+of+a+Chef+Run). + +Limitations +=========== + +It is not in the scope of this cookbook to handle installing the +required headers for individual software projects in order to compile +them, or to compile RubyGems with native C extensions. You should +create a cookbook for handling that. + +License and Author +================== + +Author:: Joshua Timberman () +Author:: Seth Chisamore () + +Copyright 2009-2011, Opscode, Inc. () + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/TESTING.md new file mode 100644 index 000000000..062e9b9d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install berkshelf-vagrant + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/attributes/default.rb new file mode 100644 index 000000000..f45750f02 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/attributes/default.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: build-essential +# Attributes:: default +# +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['build_essential']['compiletime'] = false + +case node['platform_family'] +when "mac_os_x" + case + when Chef::VersionConstraint.new("~> 10.7.0").include?(node['platform_version']), + Chef::VersionConstraint.new("~> 10.8.0").include?(node['platform_version']) + default['build_essential']['osx']['gcc_installer_url'] = "https://github.com/downloads/kennethreitz/osx-gcc-installer/GCC-10.7-v2.pkg" + default['build_essential']['osx']['gcc_installer_checksum'] = "df36aa87606feb99d0db9ac9a492819e" + when Chef::VersionConstraint.new("~> 10.6.0").include?(node['platform_version']) + default['build_essential']['osx']['gcc_installer_url'] = "https://github.com/downloads/kennethreitz/osx-gcc-installer/GCC-10.6.pkg" + default['build_essential']['osx']['gcc_installer_checksum'] = "d1db5bab6a3f6b9f3b5577a130baeefa" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.json new file mode 100644 index 000000000..85e086b63 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.json @@ -0,0 +1,44 @@ +{ + "name": "build-essential", + "description": "Installs C compiler / build tools", + "long_description": "", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "fedora": ">= 0.0.0", + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0", + "amazon": ">= 0.0.0", + "suse": ">= 0.0.0", + "scientific": ">= 0.0.0", + "oracle": ">= 0.0.0", + "smartos": ">= 0.0.0", + "mac_os_x": ">= 10.6.0", + "mac_os_x_server": ">= 10.6.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + "pkgin": ">= 0.0.0", + "pkgutil": ">= 0.0.0" + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "build-essential": "Installs packages required for compiling C software from source." + }, + "version": "1.4.0" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.rb new file mode 100644 index 000000000..87900671e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/metadata.rb @@ -0,0 +1,16 @@ +name "build-essential" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs C compiler / build tools" +version "1.4.0" +recipe "build-essential", "Installs packages required for compiling C software from source." + +%w{ fedora redhat centos ubuntu debian amazon suse scientific oracle smartos}.each do |os| + supports os +end + +supports "mac_os_x", ">= 10.6.0" +supports "mac_os_x_server", ">= 10.6.0" +suggests "pkgin" # SmartOS +suggests "pkgutil" # Solaris 2 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/debian.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/debian.rb new file mode 100644 index 000000000..39df6c3cc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/debian.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: build-essential +# Recipe:: debian +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# on apt-based platforms when first provisioning we need to force +# apt-get update at compiletime if we are going to try to install at compiletime +execute "apt-get-update-build-essentials" do + command "apt-get update" + action :nothing + # tip: to suppress this running every time, just use the apt cookbook + not_if do + ::File.exists?('/var/lib/apt/periodic/update-success-stamp') && + ::File.mtime('/var/lib/apt/periodic/update-success-stamp') > Time.now - 86400*2 + end +end.run_action(:run) if node['build_essential']['compiletime'] + +%w{ + autoconf + binutils-doc + bison + build-essential + flex +}.each do |pkg| + + r = package pkg do + action( node['build_essential']['compiletime'] ? :nothing : :install ) + end + r.run_action(:install) if node['build_essential']['compiletime'] + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/default.rb new file mode 100644 index 000000000..75e8f00b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/default.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: build-essential +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +begin + include_recipe "build-essential::#{node['platform_family']}" +rescue Chef::Exceptions::RecipeNotFound + Chef::Log.warn "A build-essential recipe does not exist for the platform_family: #{node['platform_family']}" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/fedora.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/fedora.rb new file mode 100644 index 000000000..88c0d9758 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/fedora.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: build-essential +# Recipe:: fedora +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +%w{ + autoconf + bison + flex + gcc + gcc-c++ + kernel-devel + make + m4 +}.each do |pkg| + + r = package pkg do + action( node['build_essential']['compiletime'] ? :nothing : :install ) + end + r.run_action(:install) if node['build_essential']['compiletime'] + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/mac_os_x.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/mac_os_x.rb new file mode 100644 index 000000000..ec74eccc5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/mac_os_x.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: build-essential +# Recipe:: mac_os_x +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/shell_out' + +result = Chef::ShellOut.new("pkgutil --pkgs").run_command +osx_gcc_installer_installed = result.stdout.split("\n").include?("com.apple.pkg.gcc4.2Leo") +developer_tools_cli_installed = result.stdout.split("\n").include?("com.apple.pkg.DeveloperToolsCLI") +pkg_filename = ::File.basename(node['build_essential']['osx']['gcc_installer_url']) +pkg_path = "#{Chef::Config[:file_cache_path]}/#{pkg_filename}" + +r = remote_file pkg_path do + source node['build_essential']['osx']['gcc_installer_url'] + checksum node['build_essential']['osx']['gcc_installer_checksum'] + action( node['build_essential']['compiletime'] ? :nothing : :create ) + not_if { osx_gcc_installer_installed or developer_tools_cli_installed } +end +r.run_action(:create) if node['build_essential']['compiletime'] + +r = execute "sudo installer -pkg \"#{pkg_path}\" -target /" do + action( node['build_essential']['compiletime'] ? :nothing : :run ) + not_if { osx_gcc_installer_installed or developer_tools_cli_installed } +end +r.run_action(:run) if node['build_essential']['compiletime'] diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/rhel.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/rhel.rb new file mode 100644 index 000000000..0d1fbaca4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/rhel.rb @@ -0,0 +1,43 @@ +# +# Cookbook Name:: build-essential +# Recipe:: rhel +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +pkgs = %w{ + autoconf + bison + flex + gcc + gcc-c++ + kernel-devel + make + m4 +} + +# ensure GCC 4 is available on older pre-6 EL +if node['platform_version'].to_i < 6 + pkgs.unshift %w{ gcc44 gcc44-c++ } +end + +pkgs.flatten.each do |pkg| + + r = package pkg do + action( node['build_essential']['compiletime'] ? :nothing : :install ) + end + r.run_action(:install) if node['build_essential']['compiletime'] + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/smartos.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/smartos.rb new file mode 100644 index 000000000..9c3dfe713 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/smartos.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: build-essential +# Recipe:: smartos +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'pkgin' + +%w{ + gcc47 + gcc47-runtime + scmgit-base + gmake + pkg-config + binutils +}.each do |pkg| + + r = pkgin_package pkg do + action( node['build_essential']['compiletime'] ? :nothing : :install ) + end + r.run_action(:install) if node['build_essential']['compiletime'] + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/solaris2.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/solaris2.rb new file mode 100644 index 000000000..83e4e5e6a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/solaris2.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: build-essential +# Recipe:: solaris2 +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +%w{ + autoconf + automake + bison + coreutils + flex + gcc4core + gcc4g++ + gcc4objc + gcc3core + gcc3g++ + ggrep + gmake + gtar + pkgconfig +}.each do |pkg| + + r = pkgutil_package pkg do + action( node['build_essential']['compiletime'] ? :nothing : :install ) + end + r.run_action(:install) if node['build_essential']['compiletime'] + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/suse.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/suse.rb new file mode 100644 index 000000000..914ccd691 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/build-essential/recipes/suse.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: build-essential +# Recipe:: suse +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +%w{ + autoconf + bison + flex + gcc + gcc-c++ + kernel-default-devel + make + m4 +}.each do |pkg| + + r = package pkg do + action( node['build_essential']['compiletime'] ? :nothing : :install ) + end + r.run_action(:install) if node['build_essential']['compiletime'] + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CHANGELOG.md new file mode 100644 index 000000000..a249ec322 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CHANGELOG.md @@ -0,0 +1,28 @@ +## v1.1.4: + +* [COOK-2146] - style updates + +## v1.1.2: + +* [COOK-1989] - fix scope for handler local variable to the enable block + +## v1.1.0: + +* [COOK-1645] - properly delete old handlers +* [COOK-1322] - support platforms that use 'wheel' as root group' + +## v1.0.8: + +* [COOK-1177] - doesn't work on windows due to use of unix specific attributes +## v1.0.6: + +* [COOK-1069] - typo in chef_handler readme + +## v1.0.4: + +* [COOK-654] dont try and access a class before it has been loaded +* fix bad boolean check (if vs unless) + +## v1.0.2: + +* [COOK-620] ensure handler code is reloaded during daemonized chef runs diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/README.md new file mode 100644 index 000000000..ab99822a1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/README.md @@ -0,0 +1,103 @@ +Description +=========== + +Creates a configured handler path for distributing [Chef report and exception handlers](http://wiki.opscode.com/display/chef/Exception+and+Report+Handlers). Also exposes an LWRP for enabling Chef handlers from within recipe code (as opposed to hard coding in the client.rb file). This is useful for cookbook authors who may want to ship a product specific handler (see the `cloudkick` cookbook for an example) with their cookbook. + +Attributes +========== + +`node["chef_handler"]["handler_path"]` - location to drop off handlers directory, default is `/var/chef/handlers`. + +Resource/Provider +================= + +`chef_handler` +-------------- + +Requires, configures and enables handlers on the node for the current Chef run. Also has the ability to pass arguments to the handlers initializer. This allows initialization data to be pulled from a node's attribute data. + +It is best to declare `chef_handler` resources early on in the compile phase so they are available to fire for any exceptions during the Chef run. If you have a base role you would want any recipes that register Chef handlers to come first in the run_list. + +### Actions + +- :enable: Enables the Chef handler for the current Chef run on the current node +- :disable: Disables the Chef handler for the current Chef run on the current node + +### Attribute Parameters + +- class_name: name attribute. The name of the handler class (can be module name-spaced). +- source: full path to the handler file. can also be a gem path if the handler ships as part of a Ruby gem. +- arguments: an array of arguments to pass the handler's class initializer +- supports: type of Chef Handler to register as, ie :report, :exception or both. default is `:report => true, :exception => true` + +### Example + + # register the Chef::Handler::JsonFile handler + # that ships with the Chef gem + chef_handler "Chef::Handler::JsonFile" do + source "chef/handler/json_file" + arguments :path => '/var/chef/reports' + action :enable + end + + # do the same but during the compile phase + chef_handler "Chef::Handler::JsonFile" do + source "chef/handler/json_file" + arguments :path => '/var/chef/reports' + action :nothing + end.run_action(:enable) + + # handle exceptions only + chef_handler "Chef::Handler::JsonFile" do + source "chef/handler/json_file" + arguments :path => '/var/chef/reports' + supports :exception => true + action :enable + end + + + # enable the CloudkickHandler which was + # dropped off in the default handler path. + # passes the oauth key/secret to the handler's + # intializer. + chef_handler "CloudkickHandler" do + source "#{node['chef_handler']['handler_path']}/cloudkick_handler.rb" + arguments [node['cloudkick']['oauth_key'], node['cloudkick']['oauth_secret']] + action :enable + end + + +Usage +===== + +default +------- + +Put the recipe `chef_handler` at the start of the node's run list to make sure that custom handlers are dropped off early on in the Chef run and available for later recipes. + +For information on how to write report and exception handlers for Chef, please see the Chef wiki pages: +http://wiki.opscode.com/display/chef/Exception+and+Report+Handlers + +json_file +--------- + +Leverages the `chef_handler` LWRP to automatically register the `Chef::Handler::JsonFile` handler that ships as part of Chef. This handler serializes the run status data to a JSON file located at `/var/chef/reports`. + +License and Author +================== + +Author:: Seth Chisamore () + +Copyright:: 2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/attributes/default.rb new file mode 100644 index 000000000..19d2fec9f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/attributes/default.rb @@ -0,0 +1,30 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: chef_handlers +# Attribute:: default +# +# Copyright 2011-2013, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default["chef_handler"]["root_user"] = "root" + +case platform +when "openbsd", "freebsd", "mac_os_x", "mac_os_x_server" + default["chef_handler"]["root_group"] = "wheel" +else + default["chef_handler"]["root_group"] = "root" +end + +default["chef_handler"]["handler_path"] = "#{File.expand_path(File.join(Chef::Config[:file_cache_path], '..'))}/handlers" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/files/default/handlers/README b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/files/default/handlers/README new file mode 100644 index 000000000..b5750660a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/files/default/handlers/README @@ -0,0 +1 @@ +This directory contains Chef handlers to distribute to your nodes. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/metadata.rb new file mode 100644 index 000000000..703ae11e7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/metadata.rb @@ -0,0 +1,7 @@ +name "chef_handler" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Distribute and enable Chef Exception and Report handlers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.1.4" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/providers/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/providers/default.rb new file mode 100644 index 000000000..2eb2be73a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/providers/default.rb @@ -0,0 +1,93 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: chef_handler +# Provider:: default +# +# Copyright:: 2011-2013, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def whyrun_supported? + true +end + +action :enable do + # use load instead of require to ensure the handler file + # is reloaded into memory each chef run. fixes COOK-620 + handler = nil + converge_by("load #{@new_resource.source}") do + begin + Object.send(:remove_const, klass) + GC.start + rescue + Chef::Log.debug("#{@new_resource.class_name} has not been loaded.") + end + file_name = @new_resource.source + file_name << ".rb" unless file_name =~ /.*\.rb$/ + load file_name + handler = klass.send(:new, *collect_args(@new_resource.arguments)) + end + @new_resource.supports.each do |type, enable| + if enable + # we have to re-enable the handler every chef run + # to ensure daemonized Chef always has the latest + # handler code. TODO: add a :reload action + converge_by("enable #{@new_resource} as a #{type} handler") do + Chef::Log.info("Enabling #{@new_resource} as a #{type} handler") + Chef::Config.send("#{type.to_s}_handlers").delete_if { |v| v.class.to_s.include? @new_resource.class_name.split('::', 3).last } + Chef::Config.send("#{type.to_s}_handlers") << handler + end + end + end +end + +action :disable do + @new_resource.supports.each_key do |type| + if enabled?(type) + converge_by("disable #{@new_resource} as a #{type} handler") do + Chef::Log.info("Disabling #{@new_resource} as a #{type} handler") + Chef::Config.send("#{type.to_s}_handlers").delete_if { |v| v.class.to_s.include? @new_resource.class_name.split('::', 3).last } + end + end + end +end + +def load_current_resource + @current_resource = Chef::Resource::ChefHandler.new(@new_resource.name) + @current_resource.class_name(@new_resource.class_name) + @current_resource.source(@new_resource.source) + @current_resource +end + +private + +def enabled?(type) + Chef::Config.send("#{type.to_s}_handlers").select do |handler| + handler.class.to_s.include? @new_resource.class_name + end.size >= 1 +end + +def collect_args(resource_args = []) + if resource_args.is_a? Array + resource_args + else + [resource_args] + end +end + +def klass + @klass ||= begin + @new_resource.class_name.split('::').inject(Kernel) { |scope, const_name| scope.const_get(const_name) } + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/default.rb new file mode 100644 index 000000000..540a5ffa7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/default.rb @@ -0,0 +1,33 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: chef_handlers +# Recipe:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Log.info("Chef Handlers will be at: #{node['chef_handler']['handler_path']}") + +remote_directory node['chef_handler']['handler_path'] do + source 'handlers' + # Just inherit permissions on Windows, don't try to set POSIX perms + if node["platform"] != "windows" + owner node['chef_handler']['root_user'] + group node['chef_handler']['root_group'] + mode "0755" + recursive true + end + action :nothing +end.run_action(:create) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/json_file.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/json_file.rb new file mode 100644 index 000000000..d2fab1054 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/recipes/json_file.rb @@ -0,0 +1,28 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: chef_handlers +# Recipe:: json_file +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# force resource actions in compile phase so exception handler +# fires for compile phase exceptions + +chef_handler "Chef::Handler::JsonFile" do + source "chef/handler/json_file" + arguments :path => '/var/chef/reports' + action :nothing +end.run_action(:enable) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/resources/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/resources/default.rb new file mode 100644 index 000000000..f74aafa6c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/chef_handler/resources/default.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: chef_handler +# Resource:: default +# +# Copyright:: 2011-2013, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :enable, :disable + +attribute :class_name, :kind_of => String, :name_attribute => true +attribute :source, :default => nil, :kind_of => String +attribute :arguments, :default => [] +attribute :supports, :kind_of => Hash, :default => { :report => true, :exception => true } + +# we have to set default for the supports attribute +# in initializer since it is a 'reserved' attribute name +def initialize(*args) + super + @action = :enable + @supports = { :report => true, :exception => true } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CHANGELOG.md new file mode 100644 index 000000000..58308fcc8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CHANGELOG.md @@ -0,0 +1,92 @@ +database Cookbook CHANGELOG +======================= +This file is used to list changes made in each version of the database cookbook. + + +v1.5.2 +------ +### Improvement +- **[COOK-3716](https://tickets.opscode.com/browse/COOK-3716)** - Add ALTER SQL Server user roles + + +v1.5.0 +------ +### Improvement +- **[COOK-3546](https://tickets.opscode.com/browse/COOK-3546)** - Add connection parameters `:socket` +- **[COOK-1709](https://tickets.opscode.com/browse/COOK-1709)** - Add 'grant_option' parameter + +v1.4.0 +------- +### Bug +- [COOK-2074]: Regex in exists? check in `sql_server_database` resource should match for start and end of line +- [COOK-2561]: `mysql_database_user` can't set global grants + +### Improvement + +- [COOK-2075]: Support the collation attribute in the `database_sql_server` provider + +v1.3.12 +------- +- [COOK-850] - `postgresql_database_user` doesn't have example + +v1.3.10 +------- +- [COOK-2117] - undefined variable `grant_statement` in mysql user provider + +v1.3.8 +------ +- [COOK-1896] - Escape command +- [COOK-2047] - Chef::Provider::Database::MysqlUser action :grant improperly quotes `username`@`host` string +- [COOK-2060] - Mysql::Error: Table '*.*' doesn't exist when privileges include SELECT and database/table attributes are nil +- [COOK-2062] - Remove backticks from database name when using wildcard + +v1.3.6 +------ +- [COOK-1688] - fix typo in readme and add amazon linux to supported platforms + +v1.3.4 +------ +- [COOK-1561] - depend on mysql 1.3.0+ explicitly +- depend on postgresql 1.0.0 explicitly + +v1.3.2 +------ +- Update the version for release (oops) + +v1.3.0 +------ +- [COOK-932] - Add mysql recipe to conveniently include mysql::ruby +- [COOK-1228] - database resource should be able to execute scripts on disk +- [COOK-1291] - make the snapshot retention policy less confusing +- [COOK-1401] - Allow to specify the collation of new databases +- [COOK-1534] - Add postgresql recipe to conveniently include postgresql::ruby + +v1.2.0 +------ +- [COOK-970] - workaround for disk [re]naming on ubuntu 11.04+ +- [COOK-1085] - check RUBY_VERSION and act accordingly for role +- [COOK-749] - localhost should be a string in snapshot recipe + +v1.1.4 +------ +- [COOK-1062] - Databases: Postgres exists should close connection + +v1.1.2 +------ +- [COOK-975] - Change arg='DEFAULT' to arg=nil, :default => 'DEFAULT' +- [COOK-964] - Add parentheses around connection hash in example + +v1.1.0 +------ +- [COOK-716] - providers for PostgreSQL + +v1.0.0 +------ +- [COOK-683] - added `database` and `database_user` resources +- [COOK-684] - MySQL providers +- [COOK-685] - SQL Server providers +- refactored - `database::master` and `database::snapshot` recipes to leverage new resources + +v0.99.1 +------- +- Use Chef 0.10's `node.chef_environment` instead of `node['app_environment']`. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/README.md new file mode 100644 index 000000000..9f8ccc2d7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/README.md @@ -0,0 +1,495 @@ +Database Cookbook +================= +The main highlight of this cookbook is the `database` and `database_user` resources for managing databases and database users in a RDBMS. Providers for MySQL, PostgreSQL and SQL Server are also provided, see usage documentation below. + +This cookbook also contains recipes to configure mysql database masters and slaves and uses EBS for storage, integrating together with the application cookbook utilizing data bags for application related information. These recipes are written primarily to use MySQL and the Opscode mysql cookbook. Other RDBMS may be supported at a later date. This cookbook does not automatically restore database dumps, but does install tools to help with that. + + +Requirements +------------ +Chef version 0.10.10+. + +### Platforms +* Debian, Ubuntu +* Red Hat, CentOS, Scientific, Fedora, Amazon + +### Cookbooks +The following Opscode cookbooks are dependencies: + +* mysql +* postgresql +* xfs +* aws + + +Resources/Providers +------------------- +These resources aim to expose an abstraction layer for interacting with different RDBMS in a general way. Currently the cookbook ships with providers for MySQL, PostgreSQL and SQL Server. Please see specific usage in the __Example__ sections below. The providers use specific Ruby gems installed under Chef's Ruby environment to execute commands and carry out actions. These gems will need to be installed before the providers can operate correctly. Specific notes for each RDBS flavor: + +- MySQL: leverages the `mysql` gem which is installed as part of the `mysql::ruby` recipe. You can use `database::mysql` to include this, too. +- PostgreSQL: leverages the `pg` gem which is installed as part of the `postgresql::ruby` recipe. You can use `database::postgresql` to include this, too. Currently does not work in Chef "omnibus" full stack installs, see COOK-1406. +- SQL Server: leverages the `tiny_tds` gem which is installed as part of the `sql_server::client` recipe. + + +### database +Manage databases in a RDBMS. Use the proper shortcut resource depending on your RDBMS: `mysql_database`, `postgresql_database` or `sql_server_database`. + +#### Actions +- :create: create a named database +- :drop: drop a named database +- :query: execute an arbitrary query against a named database + +#### Attribute Parameters +- database_name: name attribute. Name of the database to interact with +- connection: hash of connection info. valid keys include :host, :port, :username, :password and :socket (only for MySQL DB*) +- sql: string of sql or a block that executes to a string of sql, which will be executed against the database. used by :query action only + +\* The database cookbook uses the `mysql` gem, which uses the `real_connect()` function from mysql API to connect to the server. + +> "The value of host may be either a host name or an IP address. If host is NULL or the string "localhost", a connection to the local host is assumed. For Windows, the client connects using a shared-memory connection, if the server has shared-memory connections enabled. Otherwise, TCP/IP is used. For Unix, the client connects using a Unix socket file. For local connections, you can also influence the type of connection to use with the MYSQL_OPT_PROTOCOL or MYSQL_OPT_NAMED_PIPE options to mysql_options(). The type of connection must be supported by the server. For a host value of "." on Windows, the client connects using a named pipe, if the server has named-pipe connections enabled. If named-pipe connections are not enabled, an error occurs." + +If you set the `:host` key to "localhost" or if you leave it blank, a socket will be used. By default `real_connect()` function will look for socket in `/var/lib/mysql/mysql.sock`. If your socket file in non-default location - you can use :socket key to specify that location. + +#### Providers +- `Chef::Provider::Database::Mysql`: shortcut resource `mysql_database` +- `Chef::Provider::Database::Postgresql`: shortcut resource `postgresql_database` +- `Chef::Provider::Database::SqlServer`: shortcut resource `sql_server_database` + +#### Examples +```ruby +# Create a mysql database +mysql_database 'oracle_rules' do + connection( + :host => 'localhost', + :username => 'root', + :password => node['mysql']['server_root_password'] + ) + action :create +end +``` + +```ruby +# Create a sql server database +sql_server_database 'mr_softie' do + connection( + :host => '127.0.0.1', + :port => node['sql_server']['port'], + :username => 'sa', + :password => node['sql_server']['server_sa_password'] + ) + action :create +end +``` + +```ruby +# create a postgresql database +postgresql_database 'mr_softie' do + connection( + :host => '127.0.0.1' + :port => 5432, + :username => 'postgres', + :password => node['postgresql']['password']['postgres'] + ) + action :create +end +``` + +```ruby +# create a postgresql database with additional parameters +postgresql_database 'mr_softie' do + connection( + :host => '127.0.0.1', + :port => 5432, + :username => 'postgres', + :password => node['postgresql']['password']['postgres'] + ) + template 'DEFAULT' + encoding 'DEFAULT' + tablespace 'DEFAULT' + connection_limit '-1' + owner 'postgres' + action :create +end +``` + +```ruby +# Externalize conection info in a ruby hash +mysql_connection_info = { + :host => 'localhost', + :username => 'root', + :password => node['mysql']['server_root_password'] +} + +sql_server_connection_info = { + :host => 'localhost', + :port => node['sql_server']['port'], + :username => 'sa', + :password => node['sql_server']['server_sa_password'] +} + +postgresql_connection_info = { + :host => '127.0.0.1', + :port => node['postgresql']['config']['port'], + :username => 'postgres', + :password => node['postgresql']['password']['postgres'] +} + + + +# Same create commands, connection info as an external hash +mysql_database 'foo' do + connection mysql_connection_info + action :create +end + +sql_server_database 'foo' do + connection sql_server_connection_info + action :create +end + +postgresql_database 'foo' do + connection postgresql_connection_info + action :create +end + + + +# Create database, set provider in resource parameter +database 'bar' do + connection mysql_connection_info + provider Chef::Provider::Database::Mysql + action :create +end + +database 'bar' do + connection sql_server_connection_info + provider Chef::Provider::Database::SqlServer + action :create +end + +database 'bar' do + connection postgresql_connection_info + provider Chef::Provider::Database::Postgresql + action :create +end + + + +# Drop a database +mysql_database 'baz' do + connection mysql_connection_info + action :drop +end + + + +# Query a database +mysql_database 'flush the privileges' do + connection mysql_connection_info + sql 'flush privileges' + action :query +end + + + +# Query a database from a sql script on disk +mysql_database 'run script' do + connection mysql_connection_info + sql { ::File.open('/path/to/sql_script.sql').read } + action :query +end + + + +# Vacuum a postgres database +postgresql_database 'vacuum databases' do + connection postgresql_connection_info + database_table 'template1' + sql 'VACUUM FULL VERBOSE ANALYZE' + action :query +end +``` + +### database_user +Manage users and user privileges in a RDBMS. Use the proper shortcut resource depending on your RDBMS: `mysql_database_user`, `postgresql_database_user`, or `sql_server_database_user`. + +#### Actions +- :create: create a user +- :drop: drop a user +- :grant: manipulate user privileges on database objects + +#### Attribute Parameters +- username: name attribute. Name of the database user +- password: password for the user account +- database_name: Name of the database to interact with +- connection: hash of connection info. valid keys include :host, :port, :username, :password +- privileges: array of database privileges to grant user. used by the :grant action. default is :all +- grant_option: appends 'WITH GRANT OPTION' to grant statement. used by MySQL provider only. default is 'false' +- host: host where user connections are allowed from. used by MySQL provider only. default is 'localhost' +- table: table to grant privileges on. used by :grant action and MySQL provider only. default is '*' (all tables) + +#### Providers +- `Chef::Provider::Database::MysqlUser`: shortcut resource `mysql_database_user` +- `Chef::Provider::Database::PostgresqlUser`: shortcut resource `postgresql_database_user` +- `Chef::Provider::Database::SqlServerUser`: shortcut resource`sql_server_database_user` + +#### Examples + +```ruby +# create connection info as an external ruby hash +mysql_connection_info = { + :host => 'localhost', + :username => 'root', + :password => node['mysql']['server_root_password'] +} + +postgresql_connection_info = { + :host => 'localhost', + :port => node['postgresql']['config']['port'], + :username => 'postgres', + :password => node['postgresql']['password']['postgres'] +} + +sql_server_connection_info = { + :host => 'localhost', + :port => node['sql_server']['port'], + :username => 'sa', + :password => node['sql_server']['server_sa_password'] +} + + + +# Create a mysql user but grant no privileges +mysql_database_user 'disenfranchised' do + connection mysql_connection_info + password 'super_secret' + action :create +end + + + +# Do the same but pass the provider to the database resource +database_user 'disenfranchised' do + connection mysql_connection_info + password 'super_secret' + provider Chef::Provider::Database::MysqlUser + action :create +end + + + +# Create a postgresql user but grant no privileges +postgresql_database_user 'disenfranchised' do + connection postgresql_connection_info + password 'super_secret' + action :create +end + + + +# Do the same but pass the provider to the database resource +database_user 'disenfranchised' do + connection postgresql_connection_info + password 'super_secret' + provider Chef::Provider::Database::PostgresqlUser + action :create +end + + + +# Create a sql server user but grant no privileges +sql_server_database_user 'disenfranchised' do + connection sql_server_connection_info + password 'super_secret' + action :create +end + + + +# Drop a mysql user +mysql_database_user 'foo_user' do + connection mysql_connection_info + action :drop +end + + + +# Bulk drop sql server users +%w(disenfranchised foo_user).each do |user| + sql_server_database_user user do + connection sql_server_connection_info + action :drop + end +end + + + +# Grant SELECT, UPDATE, and INSERT privileges to all tables in foo db from all hosts +mysql_database_user 'foo_user' do + connection mysql_connection_info + password 'super_secret' + database_name 'foo' + host '%' + privileges [:select,:update,:insert] + action :grant +end + + + +# Grant all privileges on all databases/tables from localhost +mysql_database_user 'super_user' do + connection mysql_connection_info + password 'super_secret' + action :grant +end + + + +# Grant all privileges on all tables in foo db +postgresql_database_user 'foo_user' do + connection postgresql_connection_info + database_name 'foo' + privileges [:all] + action :grant +end + +# grant select,update,insert privileges to all tables in foo db +sql_server_database_user 'foo_user' do + connection sql_server_connection_info + password 'super_secret' + database_name 'foo' + privileges [:select,:update,:insert] + action :grant +end +``` + + +Recipes +------- +### ebs_volume +*Note*: This recipe does not currently work on RHEL platforms due to the xfs cookbook not supporting RHEL yet. + +Loads the aws information from the data bag. Searches the applications data bag for the database master or slave role and checks that role is applied to the node. Loads the EBS information and the master information from data bags. Uses the aws cookbook LWRP, `aws_ebs_volume` to manage the volume. + +On a master node: +- if we have an ebs volume already as stored in a data bag, attach it +- if we don't have the ebs information then create a new one and attach it +- store the volume information in a data bag via a ruby block + +On a slave node: +- use the master volume information to generate a snapshot +- create the new volume from the snapshot and attach it + +Also on a master node, generate some configuration for running a snapshot via `chef-solo` from cron. + +On a new filesystem volume, create as XFS, then mount it in `/mnt`, and also bind-mount it to the mysql data directory (default `/var/lib/mysql`). + +### master +This recipe no longer loads AWS specific information, and the database position for replication is no longer stored in a databag because the client might not have permission to write to the databag item. This may be handled in a different way at a future date. + +Searches the apps databag for applications, and for each one it will check that the specified database master role is set in both the databag and applied to the node's run list. Then, retrieves the passwords for `root`, `repl` and `debian` users and saves them to the node attributes. If the passwords are not found in the databag, it prints a message that they'll be generated by the mysql cookbook. + +Then it adds the application databag database settings to a hash, to use later. + +Then it will iterate over the databases and create them with the `mysql_database` resource while adding privileges for application specific database users using the `mysql_database_user` resource. + +### slave +_TODO_: Retrieve the master status from a data bag, then start replication using a ruby block. The replication status needs to be handled in some other way for now since the master recipe above doesn't actually set it in the databag anymore. + +### snapshot +Run via Chef Solo. Retrieves the db snapshot configuration from the specified JSON file. Uses the `mysql_database` resource to lock and unlock tables, and does a filesystem freeze and EBS snapshot. + + +Deprecated Recipes +------------------ +The following recipe is considered deprecated. It is kept for reference purposes. + +### ebs_backup +Older style of doing mysql snapshot and replication using Adam Jacob's [ec2_mysql](http://github.com/adamhjk/ec2_mysql) script and library. + + +Data Bags +--------- +This cookbook uses the apps data bag item for the specified application; see the `application` cookbook's README.md. It also creates data bag items in a bag named 'aws' for storing volume information. In order to interact with EC2, it expects aws to have a main item: + +```javascript +{ + "id": "main", + "ec2_private_key": "private key as a string", + "ec2_cert": "certificate as a string", + "aws_account_id": "", + "aws_secret_access_key": "", + "aws_access_key_id": "" +} +``` + +Note: with the Open Source Chef Server, the server using the database recipes must be an admin client or it will not be able to create data bag items. You can modify whether the client is admin by editing it with knife. + + knife client edit + { + ... + "admin": true + ... + } + +This is not required if the Chef Server is Opscode Hosted Chef, instead use the ACL feature to modify access for the node to be able to update the data bag. + + +Usage +----- +Aside from the application data bag (see the README in the application cookbook), create a role for the database master. Use a `role.rb` in your chef-repo, or create the role directly with knife. + +```javascript +{ + "name": "my_app_database_master", + "chef_type": "role", + "json_class": "Chef::Role", + "default_attributes": {}, + "description": "", + "run_list": [ + "recipe[mysql::server]", + "recipe[database::master]" + ], + "override_attributes": {} +} +``` + +Create a `production` environment. This is also used in the `application` cookbook. + +```javascript +{ + "name": "production", + "description": "", + "cookbook_versions": {}, + "json_class": "Chef::Environment", + "chef_type": "environment", + "default_attributes": {}, + "override_attributes": {} +} +``` + +The cookbook `my_app_database` is recommended to set up any application specific database resources such as configuration templates, trending monitors, etc. It is not required, but you would need to create it separately in `site-cookbooks`. Add it to the `my_app_database_master` role. + +License & Authors +----------------- +- Author:: Adam Jacob () +- Author:: Joshua Timberman () +- Author:: AJ Christensen () +- Author:: Seth Chisamore () +- Author:: Lamont Granquist () + +```text +Copyright 2009-2013, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql.rb new file mode 100644 index 000000000..ef0c482bc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql.rb @@ -0,0 +1,104 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider' + +class Chef + class Provider + class Database + class Mysql < Chef::Provider + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'mysql' + @current_resource = Chef::Resource::Database.new(@new_resource.name) + @current_resource.database_name(@new_resource.database_name) + @current_resource + end + + def action_create + unless exists? + begin + Chef::Log.debug("#{@new_resource}: Creating database `#{new_resource.database_name}`") + create_sql = "CREATE DATABASE `#{new_resource.database_name}`" + create_sql += " CHARACTER SET = #{new_resource.encoding}" if new_resource.encoding + create_sql += " COLLATE = #{new_resource.collation}" if new_resource.collation + Chef::Log.debug("#{@new_resource}: Performing query [#{create_sql}]") + db.query(create_sql) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}") + db.query("DROP DATABASE `#{new_resource.database_name}`") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_query + if exists? + begin + db.select_db(@new_resource.database_name) if @new_resource.database_name + Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]") + db.query(@new_resource.sql_query) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + private + def exists? + db.list_dbs.include?(@new_resource.database_name) + end + + def db + @db ||= begin + connection = ::Mysql.new( + @new_resource.connection[:host], + @new_resource.connection[:username], + @new_resource.connection[:password], + nil, + @new_resource.connection[:port] || 3306, + @new_resource.connection[:socket] || nil + ) + connection.set_server_option ::Mysql::OPTION_MULTI_STATEMENTS_ON + connection + end + end + + def close + @db.close rescue nil + @db = nil + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql_user.rb new file mode 100644 index 000000000..e89f97e68 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_mysql_user.rb @@ -0,0 +1,85 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'provider_database_mysql') + +class Chef + class Provider + class Database + class MysqlUser < Chef::Provider::Database::Mysql + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'mysql' + @current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name) + @current_resource.username(@new_resource.name) + @current_resource + end + + def action_create + unless exists? + begin + db.query("CREATE USER `#{@new_resource.username}`@`#{@new_resource.host}` IDENTIFIED BY '#{@new_resource.password}'") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + db.query("DROP USER `#{@new_resource.username}`@`#{@new_resource.host}`") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_grant + begin + # does password look like MySQL hex digest? + # (begins with *, followed by 40 hexadecimal characters) + if (/(\A\*[0-9A-F]{40}\z)/i).match(@new_resource.password) then + password = filtered = "PASSWORD '#{$1}'" + else + password = "'#{@new_resource.password}'" + filtered = '[FILTERED]' + end + grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON #{@new_resource.database_name && @new_resource.database_name != '*' ? "`#{@new_resource.database_name}`" : '*'}.#{@new_resource.table && @new_resource.table != '*' ? "`#{@new_resource.table}`" : '*'} TO `#{@new_resource.username}`@`#{@new_resource.host}` IDENTIFIED BY " + with_grant_option = @new_resource.grant_option == true ? ' WITH GRANT OPTION ' : '' + Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}#{filtered}]") + db.query(grant_statement + password + with_grant_option) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + private + def exists? + db.query("SELECT User,host from mysql.user WHERE User = '#{@new_resource.username}' AND host = '#{@new_resource.host}'").num_rows != 0 + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql.rb new file mode 100644 index 000000000..c2b5bcf7d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql.rb @@ -0,0 +1,131 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider' + +class Chef + class Provider + class Database + class Postgresql < Chef::Provider + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'pg' + @current_resource = Chef::Resource::Database.new(@new_resource.name) + @current_resource.database_name(@new_resource.database_name) + @current_resource + end + + def action_create + unless exists? + begin + encoding = @new_resource.encoding + if encoding != "DEFAULT" + encoding = "'#{@new_resource.encoding}'" + end + Chef::Log.debug("#{@new_resource}: Creating database #{new_resource.database_name}") + create_sql = "CREATE DATABASE \"#{new_resource.database_name}\"" + create_sql += " TEMPLATE = #{new_resource.template}" if new_resource.template + create_sql += " ENCODING = #{encoding}" if new_resource.encoding + create_sql += " TABLESPACE = #{new_resource.tablespace}" if new_resource.tablespace + create_sql += " LC_CTYPE = '#{new_resource.collation}' LC_COLLATE = '#{new_resource.collation}'" if new_resource.collation + create_sql += " CONNECTION LIMIT = #{new_resource.connection_limit}" if new_resource.connection_limit + create_sql += " OWNER = \"#{new_resource.owner}\"" if new_resource.owner + Chef::Log.debug("#{@new_resource}: Performing query [#{create_sql}]") + db("template1").query(create_sql) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}") + db("template1").query("DROP DATABASE \"#{new_resource.database_name}\"") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_query + if exists? + begin + Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]") + db(@new_resource.database_name).query(@new_resource.sql_query) + Chef::Log.debug("#{@new_resource}: query [#{new_resource.sql_query}] succeeded") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + private + + def exists? + begin + Chef::Log.debug("#{@new_resource}: checking if database #{@new_resource.database_name} exists") + ret = db("template1").query("SELECT * FROM pg_database where datname = '#{@new_resource.database_name}'").num_tuples != 0 + ret ? Chef::Log.debug("#{@new_resource}: database #{@new_resource.database_name} exists") : + Chef::Log.debug("#{@new_resource}: database #{@new_resource.database_name} does not exist") + ensure + close + end + ret + end + + # + # Specifying the database in the connection parameter for the postgres resource is not recommended. + # + # - action_create/drop/exists will use the "template1" database to do work by default. + # - action_query will use the resource database_name. + # - specifying a database in the connection will override this behavior + # + def db(dbname = nil) + close if @db + dbname = @new_resource.connection[:database] if @new_resource.connection[:database] + host = @new_resource.connection[:host] + port = @new_resource.connection[:port] || 5432 + user = @new_resource.connection[:username] || "postgres" + Chef::Log.debug("#{@new_resource}: connecting to database #{dbname} on #{host}:#{port} as #{user}") + password = @new_resource.connection[:password] || node[:postgresql][:password][:postgres] + @db = ::PGconn.new( + :host => host, + :port => port, + :dbname => dbname, + :user => user, + :password => password + ) + end + + def close + @db.close rescue nil + @db = nil + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql_user.rb new file mode 100644 index 000000000..59590867a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_postgresql_user.rb @@ -0,0 +1,83 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'provider_database_postgresql') + +class Chef + class Provider + class Database + class PostgresqlUser < Chef::Provider::Database::Postgresql + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'pg' + @current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name) + @current_resource.username(@new_resource.name) + @current_resource + end + + def action_create + unless exists? + begin + db("template1").query("CREATE USER \"#{@new_resource.username}\" WITH PASSWORD '#{@new_resource.password}'") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + db("template1").query("DROP USER \"#{@new_resource.username}\"") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_grant + begin + # FIXME: grants on individual tables + grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON DATABASE \"#{@new_resource.database_name}\" TO \"#{@new_resource.username}\"" + Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]") + db(@new_resource.database_name).query(grant_statement) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + private + def exists? + begin + exists = db("template1").query("SELECT * FROM pg_user WHERE usename='#{@new_resource.username}'").num_tuples != 0 + ensure + close + end + exists + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server.rb new file mode 100644 index 000000000..a422ecb10 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server.rb @@ -0,0 +1,111 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider' + +class Chef + class Provider + class Database + class SqlServer < Chef::Provider + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'tiny_tds' + @current_resource = Chef::Resource::Database.new(@new_resource.name) + @current_resource.database_name(@new_resource.database_name) + @current_resource + end + + def action_create + unless exists? + begin + Chef::Log.debug("#{@new_resource}: Creating database #{new_resource.database_name}") + create_sql = "CREATE DATABASE [#{new_resource.database_name}]" + create_sql += " COLLATE #{new_resource.collation}" if new_resource.collation + db.execute(create_sql).do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}") + db.execute("DROP DATABASE [#{new_resource.database_name}]").do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_query + if exists? + begin + #db.select_db(@new_resource.database_name) if @new_resource.database_name + Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]") + db.execute(@new_resource.sql_query).do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + private + def exists? + exists = false + begin + result = db.execute("SELECT name FROM sys.databases") + result.each do |row| + if row['name'] == @new_resource.database_name + exists = true + break + end + end + result.cancel + ensure + close + end + exists + end + + def db + @db ||= begin + ::TinyTds::Client.new( + :host => @new_resource.connection[:host], + :username => @new_resource.connection[:username], + :password => @new_resource.connection[:password], + :port => @new_resource.connection[:port] || 1433 + ) + end + end + + def close + @db.close rescue nil + @db = nil + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server_user.rb new file mode 100644 index 000000000..158abe1f4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/provider_database_sql_server_user.rb @@ -0,0 +1,124 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'provider_database_sql_server') + +class Chef + class Provider + class Database + class SqlServerUser < Chef::Provider::Database::SqlServer + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'tiny_tds' + @current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name) + @current_resource.username(@new_resource.name) + @current_resource + end + + def action_create + begin + unless exists?(:logins) + db.execute("CREATE LOGIN [#{@new_resource.username}] WITH PASSWORD = '#{@new_resource.password}', CHECK_POLICY = OFF").do + @new_resource.updated_by_last_action(true) + end + unless exists?(:users) + if @new_resource.database_name + Chef::Log.info("#{@new_resource} creating user in '#{@new_resource.database_name}' database context.") + db.execute("USE [#{@new_resource.database_name}]").do + else + Chef::Log.info("#{@new_resource} database_name not provided, creating user in global context.") + end + db.execute("CREATE USER [#{@new_resource.username}] FOR LOGIN [#{@new_resource.username}]").do + @new_resource.updated_by_last_action(true) + end + ensure + close + end + end + + def action_drop + begin + if exists?(:users) + db.execute("DROP USER [#{@new_resource.username}]").do + @new_resource.updated_by_last_action(true) + end + if exists?(:logins) + db.execute("DROP LOGIN [#{@new_resource.username}]").do + @new_resource.updated_by_last_action(true) + end + ensure + close + end + end + + def action_grant + begin + if @new_resource.password + action_create + end + Chef::Application.fatal!('Please provide a database_name, SQL Server does not support global GRANT statements.') unless @new_resource.database_name + grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON DATABASE::[#{@new_resource.database_name}] TO [#{@new_resource.username}]" + Chef::Log.info("#{@new_resource} granting access with statement [#{grant_statement}]") + db.execute("USE [#{@new_resource.database_name}]").do + db.execute(grant_statement).do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + def action_alter_roles + begin + if @new_resource.password + action_create + end + Chef::Application.fatal!('Please provide a database_name, SQL Server does not support global GRANT statements.') unless @new_resource.database_name + db.execute("USE [#{@new_resource.database_name}]").do + @new_resource.sql_roles.each do | sql_role, role_action | + alter_statement = "ALTER ROLE [#{sql_role}] #{role_action} MEMBER [#{@new_resource.username}]" + Chef::Log.info("#{@new_resource} granting access with statement [#{alter_statement}]") + db.execute(alter_statement).do + end + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + private + def exists?(type=:users) + case type + when :users + table = "database_principals" + if @new_resource.database_name + Chef::Log.debug("#{@new_resource} searching for existing user in '#{@new_resource.database_name}' database context.") + db.execute("USE [#{@new_resource.database_name}]").do + end + when :logins + table = "server_principals" + end + + result = db.execute("SELECT name FROM sys.#{table} WHERE name='#{@new_resource.username}'") + result.each.any? + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database.rb new file mode 100644 index 000000000..3824c737e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database.rb @@ -0,0 +1,119 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/resource' + +class Chef + class Resource + class Database < Chef::Resource + + def initialize(name, run_context=nil) + super + @resource_name = :database + @database_name = name + @allowed_actions.push(:create, :drop, :query) + @action = :create + end + + def database_name(arg=nil) + set_or_return( + :database_name, + arg, + :kind_of => String + ) + end + + def connection(arg=nil) + set_or_return( + :connection, + arg, + :required => true + ) + end + + def sql(arg=nil, &block) + arg ||= block + set_or_return( + :sql, + arg, + :kind_of => [String, Proc] + ) + end + + def sql_query + if sql.kind_of?(Proc) + sql.call + else + sql + end + end + + def template(arg=nil) + set_or_return( + :template, + arg, + :kind_of => String, + :default => 'DEFAULT' + ) + end + + def collation(arg=nil) + set_or_return( + :collation, + arg, + :kind_of => String + ) + end + + def encoding(arg=nil) + set_or_return( + :encoding, + arg, + :kind_of => String, + :default => 'DEFAULT' + ) + end + + def tablespace(arg=nil) + set_or_return( + :tablespace, + arg, + :kind_of => String, + :default => 'DEFAULT' + ) + end + + def connection_limit(arg=nil) + set_or_return( + :connection_limit, + arg, + :kind_of => String, + :default => '-1' + ) + end + + def owner(arg=nil) + set_or_return( + :owner, + arg, + :kind_of => String + ) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database_user.rb new file mode 100644 index 000000000..cd9045f8c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_database_user.rb @@ -0,0 +1,99 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') + +class Chef + class Resource + class DatabaseUser < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :database_user + @username = name + + @database_name = nil + @table = nil + @host = 'localhost' + @privileges = [:all] + @grant_option = false + + @allowed_actions.push(:create, :drop, :grant) + @action = :create + end + + def database_name(arg=nil) + set_or_return( + :database_name, + arg, + :kind_of => String + ) + end + + def username(arg=nil) + set_or_return( + :username, + arg, + :kind_of => String + ) + end + + def password(arg=nil) + set_or_return( + :password, + arg, + :kind_of => String, + :required => true + ) + end + + def table(arg=nil) + set_or_return( + :table, + arg, + :kind_of => String + ) + end + + def host(arg=nil) + set_or_return( + :host, + arg, + :kind_of => String + ) + end + + def privileges(arg=nil) + set_or_return( + :privileges, + arg, + :kind_of => Array + ) + end + + def grant_option(arg=nil) + set_or_return( + :grant_option, + arg, + :kind_of => [ TrueClass, FalseClass ], :default => false + ) + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database.rb new file mode 100644 index 000000000..e90422040 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') +require File.join(File.dirname(__FILE__), 'provider_database_mysql') + +class Chef + class Resource + class MysqlDatabase < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :mysql_database + @provider = Chef::Provider::Database::Mysql + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database_user.rb new file mode 100644 index 000000000..f653e6b87 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_mysql_database_user.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database_user') +require File.join(File.dirname(__FILE__), 'provider_database_mysql_user') + +class Chef + class Resource + class MysqlDatabaseUser < Chef::Resource::DatabaseUser + + def initialize(name, run_context=nil) + super + @resource_name = :mysql_database_user + @provider = Chef::Provider::Database::MysqlUser + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database.rb new file mode 100644 index 000000000..548d59923 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database.rb @@ -0,0 +1,35 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') +require File.join(File.dirname(__FILE__), 'provider_database_postgresql') + +class Chef + class Resource + class PostgresqlDatabase < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :postgresql_database + @provider = Chef::Provider::Database::Postgresql + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database_user.rb new file mode 100644 index 000000000..e57af48bf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_postgresql_database_user.rb @@ -0,0 +1,35 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database_user') +require File.join(File.dirname(__FILE__), 'provider_database_postgresql_user') + +class Chef + class Resource + class PostgresqlDatabaseUser < Chef::Resource::DatabaseUser + + def initialize(name, run_context=nil) + super + @resource_name = :postgresql_database_user + @provider = Chef::Provider::Database::PostgresqlUser + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database.rb new file mode 100644 index 000000000..bdd3248f3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') +require File.join(File.dirname(__FILE__), 'provider_database_sql_server') + +class Chef + class Resource + class SqlServerDatabase < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :sql_server_database + @provider = Chef::Provider::Database::SqlServer + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database_user.rb new file mode 100644 index 000000000..378e27bf4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/libraries/resource_sql_server_database_user.rb @@ -0,0 +1,44 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database_user') +require File.join(File.dirname(__FILE__), 'provider_database_sql_server_user') + +class Chef + class Resource + class SqlServerDatabaseUser < Chef::Resource::DatabaseUser + + def initialize(name, run_context=nil) + super + @sql_roles = {} + @resource_name = :sql_server_database_user + @provider = Chef::Provider::Database::SqlServerUser + @allowed_actions.push(:alter_roles) + end + end + + def sql_roles(arg=nil) + Chef::Log.debug("Received roles: #{arg.inspect}") + set_or_return( + :sql_roles, + arg, + :kind_of => Hash + ) + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/metadata.rb new file mode 100644 index 000000000..9017dc448 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/metadata.rb @@ -0,0 +1,22 @@ +name "database" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Sets up the database master or slave" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.5.3" + +recipe "database", "Empty placeholder" +recipe "database::ebs_backup", "Considered deprecated, older way of backing up EBS volumes" +recipe "database::ebs_volume", "Sets up an EBS volume in EC2 for the database" +recipe "database::master", "Creates application specific user and database" +recipe "database::snapshot", "Locks tables and freezes XFS filesystem for replication, assumes EC2 + EBS" + +depends "mysql", ">= 1.3.0" +depends "postgresql", ">= 1.0.0" +depends "aws" +depends "xfs" + +%w{ debian ubuntu centos suse fedora redhat scientific amazon }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/default.rb new file mode 100644 index 000000000..5d1819c28 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: database +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_backup.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_backup.rb new file mode 100644 index 000000000..7a2f8a2b0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_backup.rb @@ -0,0 +1,89 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: database +# Recipe:: ebs_backup +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +begin + aws = Chef::DataBagItem.load('aws', 'main') + Chef::Log.info("Loaded AWS information from DataBagItem aws[#{aws['id']}]") +rescue + Chef::Log.fatal("Could not find the 'main' item in the 'aws' data bag") + raise +end + +db_role = String.new +db_master_role = String.new +db_type = node[:database][:type] + +search(:apps) do |app| + db_role = app["database_#{db_type}_role"] & node.run_list.roles + db_master_role = app["database_master_role"] +end + +ebs_info = Chef::DataBagItem.load(:aws, "ebs_#{db_master_role}_#{node.chef_environment}") + +gem_package "dbi" +gem_package "dbd-mysql" + +directory "/mnt/aws-config" do + mode 0700 + owner "root" + group "root" +end + +template "/mnt/aws-config/config" do + source "aws_config.erb" + variables( + :access_key => aws['aws_access_key_id'], + :secret_key => aws['aws_secret_access_key'] + ) + owner "root" + group "root" + mode 0600 +end + +git "/opt/ec2_mysql" do + repository "git://github.com/jtimberman/ec2_mysql.git" + reference "HEAD" + action :sync + not_if { ::FileTest.directory?("/opt/ec2_mysql/.git") } +end + +%w{backup restore}.each do |file| + template "/usr/local/bin/db-#{file}.sh" do + source "ebs-db-#{file}.sh.erb" + owner "root" + group "root" + mode 0700 + variables( + :mysql_root_passwd => node['mysql']['server_root_password'], + :mysql_device => node['mysql']['ebs_vol_dev'], + :ebs_vol_id => ebs_info['volume_id'] + ) + end +end + +if db_type == "master" && node.chef_environment == "production" + template "/etc/cron.d/db-backup" do + source "ebs-backup-cron.erb" + owner "root" + group "root" + mode 0644 + backup false + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_volume.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_volume.rb new file mode 100644 index 000000000..0beea487a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/ebs_volume.rb @@ -0,0 +1,204 @@ +# +# Author:: Joshua Timberman () +# Author:: AJ Christensen () +# Cookbook Name:: database +# Recipe:: ebs_volume +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if node[:ec2] + include_recipe "aws" + include_recipe "xfs" + + begin + aws = Chef::DataBagItem.load(:aws, :main) + Chef::Log.info("Loaded AWS information from DataBagItem aws[#{aws['id']}]") + rescue + Chef::Log.fatal("Could not find the 'main' item in the 'aws' data bag") + raise + end + + ebs_vol_dev = node['mysql']['ebs_vol_dev'] + if (platform?("ubuntu") && node['platform_version'].to_f >= 11.04) + ebs_vol_dev_mount = ebs_vol_dev.sub(/^\/dev\/sd/, "/dev/xvd") + else + ebs_vol_dev_mount = ebs_vol_dev + end + ebs_vol_id = String.new + db_type = String.new + db_role = String.new + master_role = String.new + slave_role = String.new + root_pw = String.new + snapshots_to_keep = String.new + snapshot_cron_schedule = "00 * * * *" # default to hourly snapshots + + search(:apps) do |app| + if (app["database_master_role"] & node.run_list.roles).length == 1 || (app["database_slave_role"] & node.run_list.roles).length == 1 + master_role = app["database_master_role"] & node.run_list.roles + slave_role = app["database_slave_role"] & node.run_list.roles + root_pw = app["mysql_root_password"][node.chef_environment] + snapshots_to_keep = app["snapshots_to_keep"][node.chef_environment] + snapshot_cron_schedule = app["snapshot_cron_schedule"][node.chef_environment] if app["snapshot_cron_schedule"] && app["snapshot_cron_schedule"][node.chef_environment] + + if (master_role & node.run_list.roles).length == 1 + db_type = "master" + db_role = RUBY_VERSION.to_f <= 1.8 ? master_role : master_role.join + elsif (slave_role & node.run_list.roles).length == 1 + db_type = "slave" + db_role = RUBY_VERSION.to_f <= 1.8 ? slave_role : slave_role.join + end + + Chef::Log.info "database::ebs_volume - db_role: #{db_role} db_type: #{db_type}" + end + end + + begin + ebs_info = Chef::DataBagItem.load(:aws, "ebs_#{db_role}_#{node.chef_environment}") + Chef::Log.info("Loaded #{ebs_info['volume_id']} from DataBagItem aws[#{ebs_info['id']}]") + rescue + Chef::Log.warn("Could not find the 'ebs_#{db_role}_#{node.chef_environment}' item in the 'aws' data bag") + ebs_info = Hash.new + end + + begin + master_info = Chef::DataBagItem.load(:aws, "ebs_#{master_role}_#{node.chef_environment}") + Chef::Log.info "Loaded #{master_info['volume_id']} from DataBagItem aws[#{master_info['id']}]" + rescue + Chef::Application.fatal! "Could not load replication masters snapshot details", -41 if db_type == "slave" + end + + ruby_block "store_#{db_role}_#{node.chef_environment}_volid" do + block do + ebs_vol_id = node[:aws][:ebs_volume]["#{db_role}_#{node.chef_environment}"][:volume_id] + + unless ebs_info['volume_id'] + item = { + "id" => "ebs_#{db_role}_#{node.chef_environment}", + "volume_id" => ebs_vol_id + } + Chef::Log.info "Storing volume_id #{item.inspect}" + databag_item = Chef::DataBagItem.new + databag_item.data_bag("aws") + databag_item.raw_data = item + databag_item.save + Chef::Log.info("Created #{item['id']} in #{databag_item.data_bag}") + end + end + action :nothing + end + + aws_ebs_volume "#{db_role}_#{node.chef_environment}" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + size 50 + device ebs_vol_dev + snapshots_to_keep snapshots_to_keep + case db_type + when "master" + if ebs_info['volume_id'] && ebs_info['volume_id'] =~ /vol/ + volume_id ebs_info['volume_id'] + action :attach + elsif ebs_info['volume_id'] && ebs_info['volume_id'] =~ /snap/ + snapshot_id ebs_info['volume_id'] + action [ :create, :attach ] + else + action [ :create, :attach ] + end + notifies :create, resources(:ruby_block => "store_#{db_role}_#{node.chef_environment}_volid") + when "slave" + if master_info['volume_id'] + snapshot_id master_info['volume_id'] + action [:create, :attach] + else + Chef::Log.warn("Couldn't detect snapshot ID.") + action :nothing + end + end + provider "aws_ebs_volume" + end + + if db_type == "master" + Chef::Log.info "Setting up templates for chef-solo snapshots" + template "/etc/chef/chef-solo-database-snapshot.rb" do + source "chef-solo-database-snapshot.rb.erb" + variables :cookbook_path => Chef::Config[:cookbook_path] + owner "root" + group "root" + mode 0600 + end + + template "/etc/chef/chef-solo-database-snapshot.json" do + source "chef-solo-database-snapshot.json.erb" + variables( + :output => { + 'db_snapshot' => { + 'ebs_vol_dev' => node.mysql.ec2_path, + 'db_role' => db_role, + 'app_environment' => node.chef_environment, + 'username' => 'root', + 'password' => root_pw, + 'aws_access_key_id' => aws['aws_access_key_id'], + 'aws_secret_access_key' => aws['aws_secret_access_key'], + 'snapshots_to_keep' => snapshots_to_keep, + 'volume_id' => ebs_info['volume_id'] + }, + 'run_list' => [ + "recipe[database::snapshot]" + ] + } + ) + owner "root" + group "root" + mode 0600 + end + + template "/etc/cron.d/chef-solo-database-snapshot" do + source "chef-solo-database-snapshot.cron.erb" + variables( + :json_attribs => "/etc/chef/chef-solo-database-snapshot.json", + :config_file => "/etc/chef/chef-solo-database-snapshot.rb", + :schedule => snapshot_cron_schedule + ) + owner "root" + group "root" + mode 0600 + end + end + + execute "mkfs.xfs #{ebs_vol_dev_mount}" do + only_if "xfs_admin -l #{ebs_vol_dev_mount} 2>&1 | grep -qx 'xfs_admin: #{ebs_vol_dev_mount} is not a valid XFS filesystem (unexpected SB magic number 0x00000000)'" + end + + %w{ec2_path data_dir}.each do |dir| + directory node['mysql'][dir] do + mode 0755 + end + end + + mount node['mysql']['ec2_path'] do + device ebs_vol_dev_mount + fstype "xfs" + action :mount + end + + mount node['mysql']['data_dir'] do + device node['mysql']['ec2_path'] + fstype "none" + options "bind,rw" + action :mount + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/master.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/master.rb new file mode 100644 index 000000000..166df948d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/master.rb @@ -0,0 +1,78 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: database +# Recipe:: master +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is potentially destructive to the nodes mysql password attributes, since +# we iterate over all the app databags. If this database server provides +# databases for multiple applications, the last app found in the databags +# will win out, so make sure the databags have the same passwords set for +# the root, repl, and debian-sys-maint users. +# + +db_info = Hash.new +root_pw = String.new + +search(:apps) do |app| + (app['database_master_role'] & node.run_list.roles).each do |dbm_role| + %w{ root repl debian }.each do |user| + user_pw = app["mysql_#{user}_password"] + if !user_pw.nil? and user_pw[node.chef_environment] + Chef::Log.debug("Saving password for #{user} as node attribute node['mysql']['server_#{user}_password'") + node.set['mysql']["server_#{user}_password"] = user_pw[node.chef_environment] + node.save + else + log "A password for MySQL user #{user} was not found in DataBag 'apps' item '#{app["id"]}' for environment ' for #{node.chef_environment}'." do + level :warn + end + log "A random password will be generated by the mysql cookbook and added as 'node.mysql.server_#{user}_password'. Edit the DataBag item to ensure it is set correctly on new nodes" do + level :warn + end + end + end + app['databases'].each do |env,db| + db_info[env] = db + end + end +end + +include_recipe "mysql::server" + +connection_info = {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']} + +search(:apps) do |app| + (app['database_master_role'] & node.run_list.roles).each do |dbm_role| + app['databases'].each do |env,db| + if env =~ /#{node.chef_environment}/ + mysql_database "create #{db['database']}" do + database_name db['database'] + connection connection_info + action :create + end + %W{ % #{node['fqdn']} localhost }.each do |h| + mysql_database_user db['username'] do + connection connection_info + password db['password'] + database_name db['database'] + host h + action :grant + end + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/mysql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/mysql.rb new file mode 100644 index 000000000..8b83420e1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/mysql.rb @@ -0,0 +1,20 @@ +# +# Author:: Jesse Howarth () +# +# Copyright:: Copyright (c) 2012, Opscode, Inc. () +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "mysql::ruby" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/postgresql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/postgresql.rb new file mode 100644 index 000000000..c4ab00589 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/postgresql.rb @@ -0,0 +1,20 @@ +# +# Author:: Jesse Howarth () +# +# Copyright:: Copyright (c) 2012, Opscode, Inc. () +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::ruby" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/snapshot.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/snapshot.rb new file mode 100644 index 000000000..fe2a4f426 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/recipes/snapshot.rb @@ -0,0 +1,62 @@ +# +# Author:: AJ Christensen () +# Cookbook Name:: database +# Recipe:: snapshot +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +include_recipe "aws" +include_recipe "xfs" + +%w{ebs_vol_dev db_role app_environment username password aws_access_key_id aws_secret_access_key snapshots_to_keep volume_id}.collect do |key| + Chef::Application.fatal!("Required db_snapshot configuration #{key} not found.", -47) unless node.db_snapshot.has_key? key +end + +connection_info = {:host => "localhost", :username => node.db_snapshot.username, :password => node.db_snapshot.password} + +mysql_database "locking tables for #{node.db_snapshot.app_environment}" do + connection connection_info + sql "flush tables with read lock" + action :query +end + +execute "xfs freeze" do + command "xfs_freeze -f #{node.db_snapshot.ebs_vol_dev}" +end + +aws_ebs_volume "#{node.db_snapshot.db_role.first}_#{node.db_snapshot.app_environment}" do + aws_access_key node.db_snapshot.aws_access_key_id + aws_secret_access_key node.db_snapshot.aws_secret_access_key + size 50 + device node.db_snapshot.ebs_vol_dev + snapshots_to_keep node.db_snapshot.snapshots_to_keep + action :snapshot + volume_id node.db_snapshot.volume_id + ignore_failure true # if this fails, continue to unfreeze and unlock +end + +execute "xfs unfreeze" do + command "xfs_freeze -u #{node.db_snapshot.ebs_vol_dev}" +end + +mysql_database "unflushing tables for #{node.db_snapshot.app_environment}" do + connection connection_info + sql "unlock tables" + action :query +end + +aws_ebs_volume "#{node.db_snapshot.db_role.first}_#{node.db_snapshot.app_environment}" do + action :prune +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/app_grants.sql.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/app_grants.sql.erb new file mode 100644 index 000000000..35d8b9804 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/app_grants.sql.erb @@ -0,0 +1,8 @@ +# Generated by Chef. Local modifications will be overwritten. +<% @db_info.each do |env,db| -%> +# Privileges for databases in <%= env %> +GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'localhost' IDENTIFIED BY '<%= db['password'] %>'; +GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'<%= node['fqdn'] %>' IDENTIFIED BY '<%= db['password'] %>'; +GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'%' IDENTIFIED BY '<%= db['password'] %>'; +<% end -%> +flush privileges; diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/aws_config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/aws_config.erb new file mode 100644 index 000000000..e5ae3684c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/aws_config.erb @@ -0,0 +1,3 @@ +AWS_ACCESS_KEY_ID=<%= @access_key %> +AWS_SECRET_ACCESS_KEY=<%= @secret_key %> +BUCKET_BASE_NAME=db-backups diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.cron.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.cron.erb new file mode 100644 index 000000000..db40768cd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.cron.erb @@ -0,0 +1,6 @@ +# Managed by Chef +# m h dom mon dow command +# Keep 1 day of hourly snapshots +PATH=/usr/sbin:/usr/bin:/sbin:/bin +<% cs = "chef-solo -j #{@json_attribs} -c #{@config_file}" %> +<%= @schedule %> root <%= cs %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.json.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.json.erb new file mode 100644 index 000000000..13cdb6495 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.json.erb @@ -0,0 +1 @@ +<%= require 'json'; JSON.pretty_generate(@output) %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.rb.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.rb.erb new file mode 100644 index 000000000..12806cf3f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/chef-solo-database-snapshot.rb.erb @@ -0,0 +1,6 @@ +executable_path ENV['PATH'] ? ENV['PATH'].split(File::PATH_SEPARATOR) : [] +<% if @cookbook_path.is_a? Array %> + cookbook_path [ <%= @cookbook_path.collect { |cb| "\"#{cb}\""}.join(", ") -%> ] +<% else %> + cookbook_path "<%= @cookbook_path -%>" +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-backup-cron.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-backup-cron.erb new file mode 100644 index 000000000..9293fdf6e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-backup-cron.erb @@ -0,0 +1,2 @@ +# Chef Name: ebs_db_backup +15 0 * * * root /usr/local/bin/db-backup.sh diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-backup.sh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-backup.sh.erb new file mode 100644 index 000000000..60e1c910b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-backup.sh.erb @@ -0,0 +1,8 @@ +#!/bin/bash +# +# Back up a MySQL database via EBS snapshot + +. /mnt/aws-config/config + +/opt/ec2_mysql/bin/ec2_mysql -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY -p '<%= @mysql_root_passwd %>' -k 5 master +echo "done" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-restore.sh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-restore.sh.erb new file mode 100644 index 000000000..47afef665 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/ebs-db-restore.sh.erb @@ -0,0 +1,10 @@ +#!/bin/bash +# +# Restore a MySQL database from EBS + +mkdir -p /mnt/restore + +. /mnt/aws-config/config + +/opt/ec2_mysql/bin/ec2_mysql -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY -p '<%= @mysql_root_password %>' -v '<%= @ebs_vol_id %>' -m /mnt/restore -d <%= @mysql_device %> -r <%= @mysql_device %> -l debug -n slave +echo "done" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/s3cfg.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/s3cfg.erb new file mode 100644 index 000000000..f19365630 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/database/templates/default/s3cfg.erb @@ -0,0 +1,27 @@ +[default] +access_key = <%= @aws['aws_access_key_id'] %> +acl_public = False +bucket_location = US +debug_syncmatch = False +default_mime_type = binary/octet-stream +delete_removed = False +dry_run = False +encrypt = False +force = False +gpg_command = /usr/bin/gpg +gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s +gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s +gpg_passphrase = +guess_mime_type = False +host_base = s3.amazonaws.com +host_bucket = %(bucket)s.s3.amazonaws.com +human_readable_sizes = False +preserve_attrs = True +proxy_host = +proxy_port = 0 +recv_chunk = 4096 +secret_key = <%= @aws['aws_secret_access_key'] %> +send_chunk = 4096 +simpledb_host = sdb.amazonaws.com +use_https = True +verbosity = WARNING diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CHANGELOG.md new file mode 100644 index 000000000..bd91038c4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CHANGELOG.md @@ -0,0 +1,39 @@ +dmg Cookbook CHANGELOG +====================== +This file is used to list changes made in each version of the dmg ookbook. + + +v2.0.4 +------ +### Bug +- **[COOK-3331](https://tickets.opscode.com/browse/COOK-3331)** - Fix an issue where `dmg_package` with no source raises an exception + + +v2.0.2 +------ +### Bug +- **[COOK-3578](https://tickets.opscode.com/browse/COOK-3578)** - Support `package_id`s with spaces +- **[COOK-3302](https://tickets.opscode.com/browse/COOK-3302)** - Fix an issue where `hdiutil detach` fails due to `cfprefsd` running in the background + +v2.0.0 +------ +### Bug +- **[COOK-3389](https://tickets.opscode.com/browse/COOK-3389)** - Use `rsync` instead of `cp` (potentially a breaking change on some systems) + +v1.1.0 +------ +- [COOK-1847] - accept owner parameter for installing packages + +v1.0.0 +------ +- [COOK-852] - Support "pkg" in addition to "mpkg" package types + +v0.7.0 +------ +- [COOK-854] - use `cp -R` instead of `cp -r` +- [COOK-855] - specify a file or directory to check for prior install + +v0.6.0 +------ +- option to install software that is an .mpkg inside a .dmg +- ignore failure on chmod in case mode is already set, or is root owned diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/README.md new file mode 100644 index 000000000..305eb387c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/README.md @@ -0,0 +1,143 @@ +dmg Cookbook +============ +Lightweight resource and provider to install OS X applications (.app) from dmg files. + + +Requirements +------------ +### Platform +- Mac OS X + + +Resources/Providers +------------------- +### dmg_package + +This resource will install a DMG "Package". It will retrieve the DMG from a remote URL, mount it using OS X's `hdid`, copy the application (.app directory) to the specified destination (/Applications), and detach the image using `hdiutil`. The dmg file will be stored in the `Chef::Config[:file_cache_path]`. If you want to install an application that has already been downloaded (not using the `source` parameter), copy it to the appropriate location. You can find out what directory this is with the following command on the node to run chef: + +```bash +knife exec -E 'p Chef::Config[:file_cache_path]' -c /etc/chef/client.rb +``` + +Optionally, the LWRP can install an "mpkg" or "pkg" package using installer(8). + +#### Actions +- :install - Installs the application. + +#### Parameter attributes: +- `app` - This is the name of the application used by default for the /Volumes directory and the .app directory copied to /Applications. +- `source` - remote URL for the dmg to download if specified. Default is nil. +- `owner` - owner that should own the package installation. +- `destination` - directory to copy the .app into. Default is /Applications. +- `checksum` - sha256 checksum of the dmg to download. Default is nil. +- `type` - type of package, "app", "pkg" or "mpkg". Default is "app". When using "pkg" or "mpkg", the destination must be /Applications. +- `volumes_dir` - Directory under /Volumes where the dmg is mounted. Not all dmgs are mounted into a /Volumes location matching the name of the dmg. If not specified, this will use the name attribute. +- `package_id` - Package id registered with pkgutil when a pkg or mpkg is installed +- `dmg_name` - Specify the name of the dmg if it is not the same as `app`, or if the name has spaces. +- `dmg_passphrase` - Specify a passphrase to use to unencrypt the dmg while mounting. +- `accept_eula` - Specify whether to accept the EULA. Certain dmgs require acceptance of EULA before mounting. Can be true or false, defaults to false. + +#### Examples +Install `/Applications/Tunnelblick.app` from the primary download site. + +```ruby +dmg_package 'Tunnelblick' do + source 'http://tunnelblick.googlecode.com/files/Tunnelblick_3.1.2.dmg' + checksum 'a3fae60b6833175f32df20c90cd3a3603a' + action :install +end +``` + +Install Google Chrome. Uses the `dmg_name` because the application name has spaces. Installs in `/Applications/Google Chrome.app`. + +```ruby +dmg_package 'Google Chrome' do + dmg_name 'googlechrome' + source 'https://dl-ssl.google.com/chrome/mac/stable/GGRM/googlechrome.dmg' + checksum '7daa2dc5c46d9bfb14f1d7ff4b33884325e5e63e694810adc58f14795165c91a' + action :install +end +``` + +Install Dropbox. Uses `volumes_dir` because the mounted directory is different than the name of the application directory. Installs in `/Applications/Dropbox.app`. + +```ruby +dmg_package 'Dropbox' do + volumes_dir 'Dropbox Installer' + source 'http://www.dropbox.com/download?plat=mac' + checksum 'b4ea620ca22b0517b75753283ceb82326aca8bc3c86212fbf725de6446a96a13' + action :install +end +``` + +Install MacIrssi to `~/Applications` from the local file downloaded to the cache path into an Applications directory in the current user's home directory. Chef should run as a non-root user for this. + +```ruby +directory "#{ENV['HOME']}/Applications" + +dmg_package 'MacIrssi' do + destination "#{ENV['HOME']}/Applications" + action :install +end +``` + +Install Virtualbox to `/Applications` from the .mpkg: + +```ruby +dmg_package 'Virtualbox' do + source 'http://dlc.sun.com.edgesuite.net/virtualbox/4.0.8/VirtualBox-4.0.8-71778-OSX.dmg' + type 'mpkg' +end +``` + +Install pgAdmin to `/Applications` and automatically accept the EULA: + +```ruby +dmg_package 'pgAdmin3' do + source 'http://wwwmaster.postgresql.org/redir/198/h/pgadmin3/release/v1.12.3/osx/pgadmin3-1.12.3.dmg' + checksum '9435f79d5b52d0febeddfad392adf82db9df159196f496c1ab139a6957242ce9' + accept_eula true +end +``` + +Install Pivotal Tracker to `/Applications` using a password-protected dmg: + +```ruby +dmg_package 'Pivotal Tracker' do + volumes_dir 'tracker' + source 'http://cheffiles.pivotallabs.com/fluid_tracker.dmg' + dmg_passphrase 'xyz' +end +``` + +Install Silverlight, with idempotence check based on pkgutil: + +```ruby +dmg_package 'Silerlight' do + source 'http://silverlight.dlservice.microsoft.com/download/D/C/2/DC2D5838-9138-4D25-AA92-52F61F7C51E6/runtime/Silverlight.dmg' + type 'pkg' + checksum '6d4a0ad4552d9815531463eb3f467fb8cf4bffcc' + package_id 'com.microsoft.installSilverlightPlugin' +end +``` + + +License & Authors +----------------- +- Author:: Joshua Timberman (joshua@opscode.com) + +```text +Copyright 2011, Joshua Timberman + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/TODO.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/TODO.md new file mode 100644 index 000000000..e253e8dd4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/TODO.md @@ -0,0 +1,12 @@ +TODO +==== +A few things remain outstanding to make this cookbook "1.0" quality. + +- support downloading a .dmg.zip and unzipping it +- specify a local .dmg already downloaded in another location (like ~/Downloads) + +Some things that would be nice to have at some point. + +- use hdiutil to mount/attach the disk image +- automatically detect the `volumes_dir` where the image is attached +- be able to automatically accept license agreements diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/attributes/default.rb new file mode 100644 index 000000000..4935ec8e0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/attributes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: dmg +# Attributes:: default +# +# Copyright 2011, Joshua Timberman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +default[:dmg][:base_dir] = "/Applications" +default[:dmg][:cache_dir] = Chef::Config[:file_cache_path] diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/metadata.rb new file mode 100644 index 000000000..62cfa952f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/metadata.rb @@ -0,0 +1,8 @@ +name "dmg" +maintainer "Joshua Timberman" +maintainer_email "cookbooks@housepub.org" +license "Apache 2.0" +description "LWRP to install OS X applications from dmgs" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "2.0.5" +supports "mac_os_x" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/providers/package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/providers/package.rb new file mode 100644 index 000000000..244ec3c64 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/providers/package.rb @@ -0,0 +1,86 @@ +# +# Cookbook Name:: dmg +# Provider:: package +# +# Copyright 2011, Joshua Timberman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def load_current_resource + @dmgpkg = Chef::Resource::DmgPackage.new(new_resource.name) + @dmgpkg.app(new_resource.app) + Chef::Log.debug("Checking for application #{new_resource.app}") + @dmgpkg.installed(installed?) +end + +action :install do + unless @dmgpkg.installed + + volumes_dir = new_resource.volumes_dir ? new_resource.volumes_dir : new_resource.app + dmg_name = new_resource.dmg_name ? new_resource.dmg_name : new_resource.app + dmg_file = "#{Chef::Config[:file_cache_path]}/#{dmg_name}.dmg" + + if new_resource.source + remote_file "#{dmg_file} - #{@dmgpkg.name}" do + path dmg_file + source new_resource.source + checksum new_resource.checksum if new_resource.checksum + end + end + + passphrase_cmd = new_resource.dmg_passphrase ? "-passphrase #{new_resource.dmg_passphrase}" : "" + ruby_block "attach #{dmg_file}" do + block do + software_license_agreement = system("hdiutil imageinfo #{passphrase_cmd} '#{dmg_file}' | grep -q 'Software License Agreement: true'") + raise "Requires EULA Acceptance; add 'accept_eula true' to package resource" if software_license_agreement && !new_resource.accept_eula + accept_eula_cmd = new_resource.accept_eula ? "echo Y |" : "" + system "#{accept_eula_cmd} hdiutil attach #{passphrase_cmd} '#{dmg_file}'" + end + not_if "hdiutil info #{passphrase_cmd} | grep -q 'image-path.*#{dmg_file}'" + end + + case new_resource.type + when "app" + execute "rsync --force --recursive --links --perms --executability --owner --group --times '/Volumes/#{volumes_dir}/#{new_resource.app}.app' '#{new_resource.destination}'" do + user new_resource.owner if new_resource.owner + end + + file "#{new_resource.destination}/#{new_resource.app}.app/Contents/MacOS/#{new_resource.app}" do + mode 0755 + ignore_failure true + end + when "mpkg", "pkg" + execute "sudo installer -pkg '/Volumes/#{volumes_dir}/#{new_resource.app}.#{new_resource.type}' -target /" do + # Prevent cfprefsd from holding up hdiutil detach for certain disk images + environment( {'__CFPREFERENCES_AVOID_DAEMON' => '1'} ) if Chef::Version::Platform.new(node['platform_version']) >= Chef::Version::Platform.new("10.8") + end + end + + execute "hdiutil detach '/Volumes/#{volumes_dir}' || hdiutil detach '/Volumes/#{volumes_dir}' -force" + end +end + +private + +def installed? + if ( ::File.directory?("#{new_resource.destination}/#{new_resource.app}.app") ) + Chef::Log.info "Already installed; to upgrade, remove \"#{new_resource.destination}/#{new_resource.app}.app\"" + true + elsif ( system("pkgutil --pkgs='#{new_resource.package_id}'") ) + Chef::Log.info "Already installed; to upgrade, try \"sudo pkgutil --forget '#{new_resource.package_id}'\"" + true + else + false + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/recipes/default.rb new file mode 100644 index 000000000..6fcb02a10 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: dmg +# Recipe:: default +# +# Copyright 2011, Joshua Timberman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/resources/package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/resources/package.rb new file mode 100644 index 000000000..3c8368131 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/dmg/resources/package.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: dmg +# Resource:: package +# +# Copyright 2011, Joshua Timberman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +actions :install + +attribute :app, :kind_of => String, :name_attribute => true +attribute :source, :kind_of => String, :default => nil +attribute :owner, :kind_of => String, :default => nil +attribute :destination, :kind_of => String, :default => "/Applications" +attribute :checksum, :kind_of => String, :default => nil +attribute :volumes_dir, :kind_of => String, :default => nil +attribute :dmg_name, :kind_of => String, :default => nil +attribute :type, :kind_of => String, :default => "app" +attribute :installed, :kind_of => [TrueClass, FalseClass], :default => false +attribute :package_id, :kind_of => String, :default => nil +attribute :dmg_passphrase, :kind_of => String, :default => nil +attribute :accept_eula, :kind_of => [TrueClass, FalseClass], :default => false + +def initialize(name, run_context=nil) + super + @action = :install +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/.kitchen.yml new file mode 100644 index 000000000..860292d18 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/.kitchen.yml @@ -0,0 +1,53 @@ +--- +driver_plugin: vagrant + +platforms: +- name: ubuntu-12.04 + driver_config: + box: canonical-ubuntu-12.04 + box_url: http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.4 + run_list: ["recipe[apt]"] +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-11.2.0.box + require_chef_omnibus: 11.4.4 + run_list: ["recipe[apt]"] +- name: centos-6.3 + driver_config: + box: opscode-centos-6.3 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.3_chef-11.2.0.box + require_chef_omnibus: 11.4.4 +- name: centos-5.8 + driver_config: + box: opscode-centos-5.8 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.8_chef-11.2.0.box + require_chef_omnibus: 11.4.4 + +suites: +- name: default + run_list: + - "recipe[minitest-handler]" + - "recipe[erlang]" + attributes: {} + +- name: gui_tools + run_list: + - "recipe[minitest-handler]" + - "recipe[erlang]" + attributes: {erlang: {gui_tools: true}} + excludes: ["centos-5.8", "centos-6.3"] + +- name: esl + run_list: + - "recipe[minitest-handler]" + - "recipe[erlang::esl]" + attributes: {} + excludes: ["centos-5.8", "centos-6.3"] + +- name: source + run_list: + - "recipe[minitest-handler]" + - "recipe[erlang::source]" + attributes: {} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/Berksfile new file mode 100644 index 000000000..f2f9d8688 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/Berksfile @@ -0,0 +1,8 @@ +site :opscode + +metadata + +group :integration do + cookbook "apt" + cookbook "minitest-handler" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CHANGELOG.md new file mode 100644 index 000000000..65f1e13fd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CHANGELOG.md @@ -0,0 +1,31 @@ +## v1.3.0: + +This cookbook now has support for Test Kitchen 1.0 (alpha). See +TESTING.md in the git repo. + +### Bug + +- [COOK-2595]: erlang cookbook now incorrectly depends on apt <= 1.7.0 +- [COOK-2894]: erlang::esl uses nil attribute + +### Improvement + +- [COOK-2509]: Add support for installing Erlang/OTP from Erlang + Solutions' repositories + +## v1.2.0: + +* [COOK-2287] - Add support for installing Erlang from source + +## v1.1.2: + +* [COOK-1215] - Support Amazon Linux in erlang cookbook +* [COOK-1884] - Erlang Readme does not reflect cookbook requirements + +## v1.1.0: + +* [COOK-1782] - Add test kitchen support + +## v1.0.0: + +* [COOK-905] - Fix installation on RHEL/CentOS 6+ diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/README.md new file mode 100644 index 000000000..b7e1d8915 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/README.md @@ -0,0 +1,86 @@ +Description +=========== + +Manages installation of Erlang via packages or source. + +Requirements +============ + +## Chef + +Chef version 0.10.10+ and Ohai 0.6.12+ are required + +## Platform + +Tested on: + +* Ubuntu 10.04, 11.10, 12.04 +* Red Hat Enterprise Linux (CentOS/Amazon/Scientific/Oracle) 5.7, 6.2 + +**Notes**: This cookbook has been tested on the listed platforms. It + may work on other platforms with or without modification. + +## Cookbooks + +* yum (for epel recipe) +* build-essential (for source compilation) + +Attributes +========== + +* `node['erlang']['gui_tools']` - whether to install the GUI tools for + Erlang. +* `node['erlang']['install_method']` - Erlang installation method + ("package", "source", or "esl" (for Erlang Solutions packages)). +* `node['erlang']['source']['version']` - Version of Erlang/OTP to install from source. + "source") +* `node['erlang']['source']['url']` - URL of Erlang/OTP source tarball. +* `node['erlang']['source']['checksum']` - Checksum of the Erlang/OTP source tarball. +* `node['erlang']['esl']['version']` - version specifier for Erlang + Solutions packages. + +Recipes +======= + +## default + +Manages installation of Erlang. Includes the package or source recipe +depending on the value of `node['erlang']['install_method']`. + +## package + +Installs Erlang from distribution packages. + +## source + +Installs Erlang from source. + +## erlang_solutions + +Adds Erlang Solutions' [package repositories][] on Debian, CentOS (> +5), and Fedora systems, and installs the `esl-erlang` package. + +[package repositories]:https://www.erlang-solutions.com/downloads/download-erlang-otp + +License and Author +================== + +* Author: Joe Williams () +* Author: Joshua Timberman () +* Author: Matt Ray () +* Author: Hector Castro () +* Author: Christopher Maier () + +Copyright 2011-2013, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/TESTING.md new file mode 100644 index 000000000..e29ff7c04 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install vagrant-berkshelf + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/attributes/default.rb new file mode 100644 index 000000000..42bee0f01 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/attributes/default.rb @@ -0,0 +1,25 @@ +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['erlang']['gui_tools'] = false +default['erlang']['install_method'] = "package" + +default['erlang']['source']['version'] = "R15B01" +default['erlang']['source']['url'] = "http://erlang.org/download/otp_src_#{node['erlang']['source']['version']}.tar.gz" +default['erlang']['source']['checksum'] = "f94f7de7328af3c0cdc42089c1a4ecd03bf98ec680f47eb5e6cddc50261cabde" + +default['erlang']['esl']['version'] = nil diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/chefignore b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/chefignore new file mode 100644 index 000000000..a6de14221 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/chefignore @@ -0,0 +1,96 @@ +# Put files/directories that should be ignored in this file when uploading +# or sharing to the community site. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +Guardfile +Procfile + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Cookbooks # +############# +CONTRIBUTING +CHANGELOG* + +# Strainer # +############ +Colanderfile +Strainerfile +.colander +.strainer + +# Vagrant # +########### +.vagrant +Vagrantfile + +# Travis # +########## +.travis.yml diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..816d43aa5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/default_test.rb @@ -0,0 +1,39 @@ +# +# Cookbook:: erlang +# Minitest Chef Handler +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'erlang::default' do + include Helpers::Erlang + + it 'doesnt install the gui_tools if the attribute is false (default)' do + skip unless node['platform_family'] == 'debian' + skip if node['erlang']['gui_tools'] + package("erlang-gs").wont_be_installed + end + + it 'can process erlang code with the erl command ' do + erl = shell_out("erl -myflag 1 <<-EOH +init:get_argument(myflag). +EOH +") + assert_includes(erl.stdout,'{ok,[["1"]]}') + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/esl_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/esl_test.rb new file mode 100644 index 000000000..c9ba03404 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/esl_test.rb @@ -0,0 +1,35 @@ +# +# Cookbook:: erlang_test +# Minitest Chef Handler +# +# Copyright:: Copyright (c) 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +require File.expand_path('../support/helpers', __FILE__) + +describe_recipe 'erlang::erlang_solutions' do + include Helpers::Erlang + + it 'installs the esl-erlang package' do + package("esl-erlang").must_be_installed + end + + it "can successfully run 'erl'" do + erl = shell_out("erl -myflag 1 <<-EOH +init:get_argument(myflag). +EOH +") + assert_includes(erl.stdout,'{ok,[["1"]]}') + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/gui_tools_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/gui_tools_test.rb new file mode 100644 index 000000000..3d7455fb7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/gui_tools_test.rb @@ -0,0 +1,30 @@ +# +# Cookbook:: erlang +# Minitest Chef Handler +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'erlang::default' do + include Helpers::Erlang + + it 'installs the x11 package if gui_tools is true' do + skip unless node['platform_family'] == 'debian' + package("erlang-gs").must_be_installed + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..f0b32e4a5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,29 @@ +# +# Cookbook:: erlang +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Helpers + module Erlang + require 'chef/mixin/shell_out' + include Chef::Mixin::ShellOut + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.json new file mode 100644 index 000000000..18f27c968 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.json @@ -0,0 +1,44 @@ +{ + "name": "erlang", + "description": "Installs erlang, optionally install GUI tools.", + "long_description": "", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0", + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "fedora": ">= 0.0.0", + "scientific": ">= 0.0.0", + "amazon": ">= 0.0.0", + "oracle": ">= 0.0.0" + }, + "dependencies": { + "apt": ">= 1.7.0", + "yum": ">= 0.5.0", + "build-essential": ">= 0.0.0" + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "erlang": "Installs Erlang via native package, source, or Erlang Solutions package", + "erlang::package": "Installs Erlang via native package", + "erlang::source": "Installs Erlang via source", + "erlang::esl": "Installs Erlang from Erlang Solutions' package repositories" + }, + "version": "1.3.0" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.rb new file mode 100644 index 000000000..19e129a87 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/metadata.rb @@ -0,0 +1,19 @@ +name "erlang" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs erlang, optionally install GUI tools." +version "1.3.0" + +depends "apt", ">= 1.7.0" +depends "yum", ">= 0.5.0" +depends "build-essential" + +recipe "erlang", "Installs Erlang via native package, source, or Erlang Solutions package" +recipe "erlang::package", "Installs Erlang via native package" +recipe "erlang::source", "Installs Erlang via source" +recipe "erlang::esl", "Installs Erlang from Erlang Solutions' package repositories" + +%w{ ubuntu debian redhat centos fedora scientific amazon oracle }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/default.rb new file mode 100644 index 000000000..059a8db1d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/default.rb @@ -0,0 +1,23 @@ +# Cookbook Name:: erlang +# Recipe:: default +# Author:: Joe Williams +# Author:: Matt Ray +# Author:: Hector Castro +# +# Copyright 2008-2009, Joe Williams +# Copyright 2011, Opscode Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "erlang::#{node["erlang"]["install_method"]}" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/esl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/esl.rb new file mode 100644 index 000000000..0899fbae9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/esl.rb @@ -0,0 +1,92 @@ +# +# Cookbook Name:: erlang +# Recipe:: esl +# +# Author:: Christopher Maier () +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Install Erlang/OTP from Erlang Solutions + +case node['platform_family'] +when 'debian' + + include_recipe 'apt' + + apt_repository 'erlang_solutions_repo' do + uri 'http://binaries.erlang-solutions.com/debian' + distribution node['lsb']['codename'] + components ['contrib'] + key 'http://binaries.erlang-solutions.com/debian/erlang_solutions.asc' + action :add + end + +when 'rhel' + case node['platform'] + when 'centos', 'fedora' + + if platform?('centos') && node['platform_version'].to_i == 5 + Chef::Log.fatal("Erlang Solutions pacakge repositories are not available for Centos 5") + raise + else + + include_recipe 'yum' + + if platform?('centos') + include_recipe "yum::repoforge" + end + + yum_key "RPM-KEY-Erlang-Solutions" do + # Yes, yes, I know the URL has 'debian' in it... that's the address + url "http://binaries.erlang-solutions.com/debian/erlang_solutions.asc" + action :add + end + + # This replicates the files found at + # http://binaries.erlang-solutions.com/rpm/fedora/erlang_solutions.repo + # http://binaries.erlang-solutions.com/rpm/centos/erlang_solutions.repo + yum_repository "erlang-solutions" do + description "#{node['platform']} $releasever - $basearch - Erlang Solutions" + url "http://binaries.erlang-solutions.com/rpm/#{node['platform']}/$releasever/$basearch" + key "RPM-KEY-Erlang-Solutions" + enabled 1 + end + end + else + Chef::Log.fatal("Erlang Solutions pacakge repositories are currently not supported for RHEL family #{node['platform']} systems") + raise + end +else + Chef::Log.fatal("Erlang Solutions pacakge repositories are currently not supported for #{node['platform_family']} systems") + raise +end + +package "esl-erlang" do + version node['erlang']['esl']['version'] if node['erlang']['esl']['version'] +end + +# There's a small bug in the package for Ubuntu 10.04... this fixes +# it. Solution found at +# https://github.com/davidcoallier/bigcouch/blob/f6a6daf7590ecbab4d9dc4747624573b3137dfad/README.md#ubuntu-1004-lts-potential-issues +if platform?("ubuntu") && node['platform_version'] == "10.04" + bash "ubuntu-10.04-LTS-erlang-fix" do + user "root" + cwd "/usr/lib/erlang/man/man5" + code <<-EOS + rm modprobe.d.5 + ln -s modprobe.conf.5.gz modprobe.d.5 + EOS + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/package.rb new file mode 100644 index 000000000..50ec6775c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/package.rb @@ -0,0 +1,49 @@ +# Cookbook Name:: erlang +# Recipe:: default +# Author:: Joe Williams +# Author:: Matt Ray +# Author:: Hector Castro +# +# Copyright 2008-2009, Joe Williams +# Copyright 2011, Opscode Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when "debian" + + erlpkg = node['erlang']['gui_tools'] ? "erlang-x11" : "erlang-nox" + + package erlpkg + package "erlang-dev" + +when "rhel" + + include_recipe "yum::epel" + + yum_repository "erlang" do + name "EPELErlangrepo" + url "http://repos.fedorapeople.org/repos/peter/erlang/epel-5Server/$basearch" + description "Updated erlang yum repository for RedHat / Centos 5.x - #{node['kernel']['machine']}" + action :add + only_if { node['platform_version'].to_f >= 5.0 && node['platform_version'].to_f < 6.0 } + end + + package "erlang" + +else + + package "erlang" + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/source.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/source.rb new file mode 100644 index 000000000..37b92a672 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/erlang/recipes/source.rb @@ -0,0 +1,56 @@ +# Cookbook Name:: erlang +# Recipe:: default +# Author:: Joe Williams +# Author:: Matt Ray +# Author:: Hector Castro +# +# Copyright 2008-2009, Joe Williams +# Copyright 2011, Opscode Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "build-essential" + +erlang_deps = case node["platform_family"] + when "debian" + [ "libncurses5-dev", "openssl", "libssl-dev" ] + when "rhel", "fedora" + [ "ncurses-devel", "openssl-devel" ] + else + [ ] + end + +erlang_deps.each do |pkg| + package pkg do + action :install + end +end + +bash "install-erlang" do + cwd Chef::Config[:file_cache_path] + code <<-EOH + tar -xzf otp_src_#{node['erlang']['source']['version']}.tar.gz + (cd otp_src_#{node['erlang']['source']['version']} && ./configure && make && make install) + EOH + action :nothing + not_if "erl -eval 'erlang:display(erlang:system_info(otp_release)), halt().' -noshell | grep #{node['erlang']['source']['version']}" +end + +remote_file File.join(Chef::Config[:file_cache_path], "otp_src_#{node['erlang']['source']['version']}.tar.gz") do + source node['erlang']['source']['url'] + owner "root" + mode 0644 + checksum node['erlang']['source']['checksum'] + notifies :run, "bash[install-erlang]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/.kitchen.yml new file mode 100644 index 000000000..2240f65ab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/.kitchen.yml @@ -0,0 +1,46 @@ +--- +driver_plugin: vagrant +driver_config: + require_chef_omnibus: true + +platforms: +- name: ubuntu-12.04 + driver_config: + box: opscode-ubuntu-12.04 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box + run_list: + - recipe[apt] + +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_provisionerless.box + run_list: + - recipe[apt] + +- name: centos-6.4 + driver_config: + box: opscode-centos-6.4 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box + +- name: centos-5.9 + driver_config: + box: opscode-centos-5.9 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box + +suites: +- name: default + run_list: + - recipe[git] + attributes: {} + +- name: source + excludes: ["ubuntu-12.04", "ubuntu-10.04"] + run_list: + - recipe[git::source] + attributes: {} + +- name: server + run_list: + - recipe[git::server] + attributes: {} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Berksfile new file mode 100644 index 000000000..34a3b2d83 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Berksfile @@ -0,0 +1,8 @@ +site :opscode + +metadata + +group :integration do + cookbook "apt" + cookbook "yum" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CHANGELOG.md new file mode 100644 index 000000000..254ab43d9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CHANGELOG.md @@ -0,0 +1,87 @@ +git Cookbook CHANGELOG +====================== +This file is used to list changes made in each version of the git cookbook. + + +v2.7.0 +------ +### Bug +- **[COOK-3624](https://tickets.opscode.com/browse/COOK-3624)** - Don't restart `xinetd` on each Chef client run +- **[COOK-3482](https://tickets.opscode.com/browse/COOK-3482)** - Force git to add itself to the current process' PATH + +### New Feature +- **[COOK-3223](https://tickets.opscode.com/browse/COOK-3223)** - Support Omnios and SmartOS package installs + +v2.6.0 +------ +### Improvement +- **[COOK-3193](https://tickets.opscode.com/browse/COOK-3193)** - Add proper debian packages + +v2.5.2 +------ +### Bug +- [COOK-2813]: Fix bad string interpolation in source recipe + +v2.5.0 +------ +- Relax runit version constraint (now depend on 1.0+). + +v2.4.0 +------ +- [COOK-2734] - update git versions + +v2.3.0 +------ +- [COOK-2385] - update git::server for `runit_service` resource support + +v2.2.0 +------ +- [COOK-2303] - git::server support for RHEL `platform_family` + +v2.1.4 +------ +- [COOK-2110] - initial test-kitchen support (only available in GitHub repository) +- [COOK-2253] - pin runit dependency + +v2.1.2 +------ +- [COOK-2043] - install git on ubuntu 12.04 not git-core + +v2.1.0 +------ +The repository didn't have pushed commits, and so the following changes from earlier-than-latest versions wouldn't be available on the community site. We're releasing 2.1.0 to correct this. + +- [COOK-1943] - Update to git 1.8.0 +- [COOK-2020] - Add setup option attributes to Git Windows package install + +v2.0.0 +------- +This version uses `platform_family` attribute, making the cookbook incompatible with older versions of Chef/Ohai, hence the major version bump. + +- [COOK-1668] - git cookbook fails to run due to bad `platform_family` call +- [COOK-1759] - git::source needs additional package for rhel `platform_family` + +v1.1.2 +------ +- [COOK-2020] - Add setup option attributes to Git Windows package install + +v1.1.0 +------ +- [COOK-1943] - Update to git 1.8.0 + +v1.0.2 +------ +- [COOK-1537] - add recipe for source installation + +v1.0.0 +------ +- [COOK-1152] - Add support for Mac OS X +- [COOK-1112] - Add support for Windows + +v0.10.0 +------- +- [COOK-853] - Git client installation on CentOS + +v0.9.0 +------ +- Current public release diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Gemfile new file mode 100644 index 000000000..46e07661a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/Gemfile @@ -0,0 +1,3 @@ +source :rubygems + +gem 'test-kitchen', '< 1.0' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/README.md new file mode 100644 index 000000000..1725052a7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/README.md @@ -0,0 +1,115 @@ +Description +=========== + +Installs git and optionally sets up a git server as a daemon under runit. + +Requirements +============ +## Ohai and Chef: + +* Ohai: 6.14.0+ + +This cookbook makes use of `node['platform_family']` to simplify platform +selection logic. This attribute was introduced in Ohai v0.6.12. + +## Platform: + +The following platform families are supported: + +* Debian +* Arch +* RHEL +* Fedora +* Mac OS X (10.6.0+) +* Windows + +## Cookbooks: + +* runit (for `git::server`) +* build-essential (for `git::source`) +* dmg (for OS X installation) +* yum (for RHEL 5 installation) + +### Windows Dependencies +The [`windows_package`](https://github.com/opscode-cookbooks/windows#windows_package) resource from the Windows cookbook is required to +install the git package on Windows. + +## Attributes + +### default +The following attributes are platform-specific. + +#### Windows + +* `node['git']['version']` - git version to install +* `node['git']['url']` - URL to git package +* `node['git']['checksum']` - package SHA256 checksum +* `node['git']['display_name']` - `windows_package` resource Display Name (makes the package install idempotent) + +#### Mac OS X + +* `node['git']['osx_dmg']['url']` - URL to git package +* `node['git']['osx_dmg']['checksum']` - package SHA256 checksum + +#### Linux + +* `node['git']['prefix']` - git install directory +* `node['git']['version']` - git version to install +* `node['git']['url']` - URL to git tarball +* `node['git']['checksum']` - tarball SHA256 checksum + +Recipes +======= + +## default + +Installs base git packages based on platform. + +## server + +Sets up a git daemon to provide a server. + +## source + +Installs git from source. + +## windows + +Installs git client on Windows + +Usage +===== + + +This cookbook primarily installs git core packages. It can also be +used to serve git repositories. + +To install git client (all supported platforms): + + include_recipe 'git' + +To install git server: + + include_recipe "git::server" + +This creates the directory specified by git/server/base_path (default is /srv/git) +and starts a git daemon, exporting all repositories found. Repositories need to be +added manually, but will be available once they are created. + +License and Author +================== + +- Author:: Joshua Timberman () +- Copyright:: 2009-2012, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/TESTING.md new file mode 100644 index 000000000..e29ff7c04 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install vagrant-berkshelf + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/attributes/default.rb new file mode 100644 index 000000000..183028472 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/attributes/default.rb @@ -0,0 +1,40 @@ +# +# Author:: Jamie Winsor () +# Cookbook Name:: git +# Attributes:: default +# +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case node['platform_family'] +when 'windows' + default['git']['version'] = "1.8.1.2-preview20130201" + default['git']['url'] = "https://msysgit.googlecode.com/files/Git-#{node['git']['version']}.exe" + default['git']['checksum'] = "796ac91f0c7456b53f2717a81f475075cc581af2f447573131013cac5b63bb2a" + default['git']['display_name'] = "Git version #{ node['git']['version'] }" +when "mac_os_x" + default['git']['osx_dmg']['app_name'] = "git-1.8.2-intel-universal-snow-leopard" + default['git']['osx_dmg']['volumes_dir'] = "Git 1.8.2 Snow Leopard Intel Universal" + default['git']['osx_dmg']['package_id'] = "GitOSX.Installer.git182.git.pkg" + default['git']['osx_dmg']['url'] = "https://git-osx-installer.googlecode.com/files/git-1.8.2-intel-universal-snow-leopard.dmg" + default['git']['osx_dmg']['checksum'] = "e1d0ec7a9d9d03b9e61f93652b63505137f31217908635cdf2f350d07cb33e15" +else + default['git']['prefix'] = "/usr/local" + default['git']['version'] = "1.8.2.1" + default['git']['url'] = "https://nodeload.github.com/git/git/tar.gz/v#{node['git']['version']}" + default['git']['checksum'] = "bdc1768f70ce3d8f3e4edcdcd99b2f85a7f8733fb684398aebe58dde3e6bcca2" +end + +default['git']['server']['base_path'] = "/srv/git" +default['git']['server']['export_all'] = "true" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/metadata.rb new file mode 100644 index 000000000..b44441944 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/metadata.rb @@ -0,0 +1,35 @@ +name "git" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs git and/or sets up a Git server daemon" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "2.7.1" +recipe "git", "Installs git" +recipe "git::server", "Sets up a runit_service for git daemon" +recipe "git::source", "Installs git from source" + +%w{ amazon arch centos debian fedora redhat scientific oracle amazon ubuntu windows }.each do |os| + supports os +end + +supports "mac_os_x", ">= 10.6.0" + +%w{ dmg build-essential yum windows }.each do |cookbook| + depends cookbook +end + +depends "runit", ">= 1.0" + +attribute "git/server/base_path", + :display_name => "Git Daemon Base Path", + :description => "A directory containing git repositories to be exposed by the git-daemon", + :default => "/srv/git", + :recipes => ["git::server"] + +attribute "git/server/export_all", + :display_name => "Git Daemon Export All", + :description => "Adds the --export-all option to the git-daemon parameters, making all repositories publicly readable even if they lack the \"git-daemon-export-ok\" file", + :choice => ["true", "false"], + :default => "true", + :recipes => ["git::server"] diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/default.rb new file mode 100644 index 000000000..e2e667dfb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/default.rb @@ -0,0 +1,53 @@ +# +# Cookbook Name:: git +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case node['platform_family'] +when "debian" + if node['platform'] == "ubuntu" && node['platform_version'].to_f < 10.10 + package "git-core" + else + package "git" + end +when "rhel","fedora" + case node['platform_version'].to_i + when 5 + include_recipe "yum::epel" + end + package "git" +when "windows" + include_recipe 'git::windows' +when "mac_os_x" + dmg_package "GitOSX-Installer" do + app node['git']['osx_dmg']['app_name'] + package_id node['git']['osx_dmg']['package_id'] + volumes_dir node['git']['osx_dmg']['volumes_dir'] + source node['git']['osx_dmg']['url'] + checksum node['git']['osx_dmg']['checksum'] + type "pkg" + action :install + end +else + package "git" do + package_name case node['platform'] + when 'omnios' + 'developer/versioning/git' + when 'smartos' + 'scmgit' + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/server.rb new file mode 100644 index 000000000..48199a4f7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/server.rb @@ -0,0 +1,58 @@ +# +# Cookbook Name:: git +# Recipe:: server +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if node["platform"] == "windows" + return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" +end + +include_recipe "git" + +directory node["git"]["server"]["base_path"] do + owner "root" + group "root" + mode 00755 +end + +case node['platform_family'] +when "debian" + include_recipe "runit" + + package "git-daemon-run" + + runit_service "git-daemon" do + sv_templates false + end +when "rhel" + package "git-daemon" + + template "/etc/xinetd.d/git" do + backup false + source "git-xinetd.d.erb" + owner "root" + group "root" + mode 00644 + notifies :restart, "service[xinetd]" + end + + service "xinetd" do + action [:enable, :start] + end +else + log "Platform requires setting up a git daemon service script." + log "Hint: /usr/bin/git daemon --export-all --user=nobody --group=daemon --base-path=#{node["git"]["server"]["base_path"]}" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/source.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/source.rb new file mode 100644 index 000000000..ec2b8c222 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/source.rb @@ -0,0 +1,49 @@ +# +# Cookbook Name:: git +# Recipe:: source +# +# Copyright 2012, Brian Flad, Fletcher Nichol +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if node["platform"] == "windows" + return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" +end + +include_recipe "build-essential" + +pkgs = value_for_platform_family( + ["rhel"] => %w{ expat-devel gettext-devel libcurl-devel openssl-devel perl-ExtUtils-MakeMaker zlib-devel }, + ["debian"] => %w{ libcurl4-gnutls-dev libexpat1-dev gettext libz-dev libssl-dev } +) + +pkgs.each do |pkg| + package pkg +end + +remote_file "#{Chef::Config['file_cache_path']}/git-#{node['git']['version']}.tar.gz" do + source node['git']['url'] + checksum node['git']['checksum'] + mode 00644 + not_if "test -f #{Chef::Config['file_cache_path']}/git-#{node['git']['version']}.tar.gz" +end + +execute "Extracting and Building Git #{node['git']['version']} from Source" do + cwd Chef::Config['file_cache_path'] + command <<-COMMAND + (mkdir git-#{node['git']['version']} && tar -zxf git-#{node['git']['version']}.tar.gz -C git-#{node['git']['version']} --strip-components 1) + (cd git-#{node['git']['version']} && make prefix=#{node['git']['prefix']} install) + COMMAND + creates "#{node['git']['prefix']}/bin/git" + not_if "git --version | grep #{node['git']['version']}" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/windows.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/windows.rb new file mode 100644 index 000000000..1fdd6351b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/recipes/windows.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: git +# Recipe:: windows +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +windows_package node['git']['display_name'] do + action :install + source node['git']['url'] + checksum node['git']['checksum'] + installer_type :inno +end + +# Git is installed to Program Files (x86) on 64-bit machines and +# 'Program Files' on 32-bit machines +PROGRAM_FILES = ENV['ProgramFiles(x86)'] || ENV['ProgramFiles'] +GIT_PATH = ";#{ PROGRAM_FILES }\\Git\\Cmd" + +# COOK-3482 - windows_path resource doesn't change the current process +# environment variables. Therefore, git won't actually be on the PATH +# until the next chef-client run +ENV['PATH'] += ";#{GIT_PATH}" +windows_path GIT_PATH do + action :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/git-xinetd.d.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/git-xinetd.d.erb new file mode 100644 index 000000000..e3cf2e6a7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/git-xinetd.d.erb @@ -0,0 +1,10 @@ +service git +{ + disable = no + socket_type = stream + wait = no + user = nobody + server = /usr/libexec/git-core/git-daemon + server_args = --base-path=<%= node["git"]["server"]["base_path"] %> <% if node["git"]["server"]["export_all"] == "true" %>--export-all <% end %>--syslog --inetd --verbose + log_on_failure += USERID +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-run.erb new file mode 100644 index 000000000..123d7d84f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/git/templates/default/sv-git-daemon-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec /usr/bin/git daemon <% if node["git"]["server"]["export_all"] == "true" %>--export-all <% end %>--user=nobody --group=daemon --syslog --base-path=<%= node["git"]["server"]["base_path"] %> <%= node["git"]["server"]["base_path"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CHANGELOG.md new file mode 100644 index 000000000..19bc165f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CHANGELOG.md @@ -0,0 +1,69 @@ +## v1.3.12: + +* [COOK-850] - `postgresql_database_user` doesn't have example + +## v1.3.10: + +* [COOK-2117] - undefined variable `grant_statement` in mysql user + provider + +## v1.3.8: + +* [COOK-1896] - Escape command +* [COOK-2047] - Chef::Provider::Database::MysqlUser action :grant + improperly quotes `username`@`host` string +* [COOK-2060] - Mysql::Error: Table '*.*' doesn't exist when privileges + include SELECT and database/table attributes are nil +* [COOK-2062] - Remove backticks from database name when using wildcard + +## v1.3.6: + +* [COOK-1688] - fix typo in readme and add amazon linux to supported + platforms + +## v1.3.4: + +* [COOK-1561] - depend on mysql 1.3.0+ explicitly +* depend on postgresql 1.0.0 explicitly + +## v1.3.2: + +* Update the version for release (oops) + +## v1.3.0: + +* [COOK-932] - Add mysql recipe to conveniently include mysql::ruby +* [COOK-1228] - database resource should be able to execute scripts on disk +* [COOK-1291] - make the snapshot retention policy less confusing +* [COOK-1401] - Allow to specify the collation of new databases +* [COOK-1534] - Add postgresql recipe to conveniently include postgresql::ruby + +## v1.2.0: + +* [COOK-970] - workaround for disk [re]naming on ubuntu 11.04+ +* [COOK-1085] - check RUBY_VERSION and act accordingly for role +* [COOK-749] - localhost should be a string in snapshot recipe + +## v1.1.4: + +* [COOK-1062] - Databases: Postgres exists should close connection + +## v1.1.2: + +* [COOK-975] - Change arg='DEFAULT' to arg=nil, :default => 'DEFAULT' +* [COOK-964] - Add parentheses around connection hash in example + +## v1.1.0 + +* [COOK-716] - providers for PostgreSQL + +## v1.0.0 + +* [COOK-683] - added `database` and `database_user` resources +* [COOK-684] - MySQL providers +* [COOK-685] - SQL Server providers +* refactored - `database::master` and `database::snapshot` recipes to leverage new resources + +## v0.99.1 + +* Use Chef 0.10's `node.chef_environment` instead of `node['app_environment']`. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/README.md new file mode 100644 index 000000000..a7d209ed6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/README.md @@ -0,0 +1,510 @@ +Database Cookbook +================= + +The main highlight of this cookbook is the `database` and +`database_user` resources for managing databases and database users in +a RDBMS. Providers for MySQL, PostgreSQL and SQL Server are also +provided, see usage documentation below. + +This cookbook also contains recipes to configure mysql database +masters and slaves and uses EBS for storage, integrating together with +the application cookbook utilizing data bags for application related +information. These recipes are written primarily to use MySQL and the +Opscode mysql cookbook. Other RDBMS may be supported at a later date. +This cookbook does not automatically restore database dumps, but does +install tools to help with that. + +Requirements +============ + +Chef version 0.10.10+. + +Platform +-------- + +* Debian, Ubuntu +* Red Hat, CentOS, Scientific, Fedora, Amazon + +Cookbooks +--------- + +The following Opscode cookbooks are dependencies: + +* mysql +* postgresql +* xfs +* aws + +Resources/Providers +=================== + +These resources aim to expose an abstraction layer for interacting +with different RDBMS in a general way. Currently the cookbook ships +with providers for MySQL, PostgreSQL and SQL Server. Please see +specific usage in the __Example__ sections below. The providers use +specific Ruby gems installed under Chef's Ruby environment to execute +commands and carry out actions. These gems will need to be installed +before the providers can operate correctly. Specific notes for each +RDBS flavor: + +- MySQL: leverages the `mysql` gem which is installed as part of the + `mysql::ruby` recipe. You can use `database::mysql` to include this, + too. +- PostgreSQL: leverages the `pg` gem which is installed as part of the + `postgresql::ruby` recipe. You can use `database::postgresql` to + include this, too. + Currently does not work in Chef "omnibus" full stack installs, see COOK-1406. +- SQL Server: leverages the `tiny_tds` gem which is installed as part + of the `sql_server::client` recipe. + +`database` +---------- + +Manage databases in a RDBMS. Use the proper shortcut resource +depending on your RDBMS: `mysql_database`, `postgresql_database` or +`sql_server_database`. + +### Actions + +- :create: create a named database +- :drop: drop a named database +- :query: execute an arbitrary query against a named database + +### Attribute Parameters + +- database_name: name attribute. Name of the database to interact with +- connection: hash of connection info. valid keys include :host, + :port, :username, :password +- sql: string of sql or a block that executes to a string of sql, + which will be executed against the database. used by :query action + only + +### Providers + +- **Chef::Provider::Database::Mysql**: shortcut resource `mysql_database` +- **Chef::Provider::Database::Postgresql**: shortcut resource `postgresql_database` +- **Chef::Provider::Database::SqlServer**: shortcut resource `sql_server_database` + +### Examples + + # create a mysql database + mysql_database 'oracle_rules' do + connection ({:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']}) + action :create + end + + # create a sql server database + sql_server_database 'mr_softie' do + connection ({:host => "127.0.0.1", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']}) + action :create + end + + # create a postgresql database + postgresql_database 'mr_softie' do + connection ({:host => "127.0.0.1", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']}) + action :create + end + + # create a postgresql database with additional parameters + postgresql_database 'mr_softie' do + connection ({:host => "127.0.0.1", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']}) + template 'DEFAULT' + encoding 'DEFAULT' + tablespace 'DEFAULT' + connection_limit '-1' + owner 'postgres' + action :create + end + + # externalize conection info in a ruby hash + mysql_connection_info = {:host => "localhost", + :username => 'root', + :password => node['mysql']['server_root_password']} + sql_server_connection_info = {:host => "localhost", + :port => node['sql_server']['port'], + :username => 'sa', + :password => node['sql_server']['server_sa_password']} + postgresql_connection_info = {:host => "127.0.0.1", + :port => node['postgresql']['config']['port'], + :username => 'postgres', + :password => node['postgresql']['password']['postgres']} + + # same create commands, connection info as an external hash + mysql_database 'foo' do + connection mysql_connection_info + action :create + end + sql_server_database 'foo' do + connection sql_server_connection_info + action :create + end + postgresql_database 'foo' do + connection postgresql_connection_info + action :create + end + + # create database, set provider in resource parameter + database 'bar' do + connection mysql_connection_info + provider Chef::Provider::Database::Mysql + action :create + end + database 'bar' do + connection sql_server_connection_info + provider Chef::Provider::Database::SqlServer + action :create + end + database 'bar' do + connection postgresql_connection_info + provider Chef::Provider::Database::Postgresql + action :create + end + + # drop a database + mysql_database "baz" do + connection mysql_connection_info + action :drop + end + + # query a database + mysql_database "flush the privileges" do + connection mysql_connection_info + sql "flush privileges" + action :query + end + + # query a database from a sql script on disk + mysql_database "run script" do + connection mysql_connection_info + sql { ::File.open("/path/to/sql_script.sql").read } + action :query + end + + # vacuum a postgres database + postgres_database "vacuum databases" do + connection postgresql_connection_info + database_table "template1" + sql "VACUUM FULL VERBOSE ANALYZE" + action :query + end + +`database_user` +--------------- + +Manage users and user privileges in a RDBMS. Use the proper shortcut +resource depending on your RDBMS: `mysql_database_user`, +`postgresql_database_user`, or `sql_server_database_user`. + +### Actions + +- :create: create a user +- :drop: drop a user +- :grant: manipulate user privileges on database objects + +### Attribute Parameters + +- username: name attribute. Name of the database user +- password: password for the user account +- database_name: Name of the database to interact with +- connection: hash of connection info. valid keys include :host, + :port, :username, :password +- privileges: array of database privileges to grant user. used by the + :grant action. default is :all +- host: host where user connections are allowed from. used by MySQL + provider only. default is 'localhost' +- table: table to grant privileges on. used by :grant action and MySQL + provider only. default is '*' (all tables) + +### Providers + +- **Chef::Provider::Database::MysqlUser**: shortcut resource + `mysql_database_user` +- **Chef::Provider::Database::PostgresqlUser**: shortcut + resource `postgresql_database_user` +- **Chef::Provider::Database::SqlServerUser**: shortcut resource + `sql_server_database_user` + +### Examples + + # create connection info as an external ruby hash + mysql_connection_info = {:host => "localhost", + :username => 'root', + :password => node['mysql']['server_root_password']} + postgresql_connection_info = {:host => "localhost", + :port => node['postgresql']['config']['port'], + :username => 'postgres', + :password => node['postgresql']['password']['postgres']} + sql_server_connection_info = {:host => "localhost", + :port => node['sql_server']['port'], + :username => 'sa', + :password => node['sql_server']['server_sa_password']} + + # create a mysql user but grant no privileges + mysql_database_user 'disenfranchised' do + connection mysql_connection_info + password 'super_secret' + action :create + end + + # do the same but pass the provider to the database resource + database_user 'disenfranchised' do + connection mysql_connection_info + password 'super_secret' + provider Chef::Provider::Database::MysqlUser + action :create + end + + # create a postgresql user but grant no privileges + postgresql_database_user 'disenfranchised' do + connection postgresql_connection_info + password 'super_secret' + action :create + end + + # do the same but pass the provider to the database resource + database_user 'disenfranchised' do + connection postgresql_connection_info + password 'super_secret' + provider Chef::Provider::Database::PostgresqlUser + action :create + end + + # create a sql server user but grant no privileges + sql_server_database_user 'disenfranchised' do + connection sql_server_connection_info + password 'super_secret' + action :create + end + + # drop a mysql user + mysql_database_user "foo_user" do + connection mysql_connection_info + action :drop + end + + # bulk drop sql server users + %w{ disenfranchised foo_user }.each do |user| + sql_server_database_user user do + connection sql_server_connection_info + action :drop + end + end + + # grant select,update,insert privileges to all tables in foo db from all hosts + mysql_database_user 'foo_user' do + connection mysql_connection_info + password 'super_secret' + database_name 'foo' + host '%' + privileges [:select,:update,:insert] + action :grant + end + + # grant all privileges on all databases/tables from localhost + mysql_database_user 'super_user' do + connection mysql_connection_info + password 'super_secret' + action :grant + end + + # grant all privileges on all tables in foo db + postgresql_database_user 'foo_user' do + connection postgresql_connection_info + database_name 'foo' + privileges [:all] + action :grant + end + + # grant select,update,insert privileges to all tables in foo db + sql_server_database_user 'foo_user' do + connection sql_server_connection_info + password 'super_secret' + database_name 'foo' + privileges [:select,:update,:insert] + action :grant + end + +Recipes +======= + +ebs\_volume +----------- + +*Note*: This recipe does not currently work on RHEL platforms due to + the xfs cookbook not supporting RHEL yet. + +Loads the aws information from the data bag. Searches the applications +data bag for the database master or slave role and checks that role is +applied to the node. Loads the EBS information and the master +information from data bags. Uses the aws cookbook LWRP, +`aws_ebs_volume` to manage the volume. + +On a master node: +* if we have an ebs volume already as stored in a data bag, attach it. +* if we don't have the ebs information then create a new one and + attach it. +* store the volume information in a data bag via a ruby block. + +On a slave node: +* use the master volume information to generate a snapshot. +* create the new volume from the snapshot and attach it. + +Also on a master node, generate some configuration for running a +snapshot via `chef-solo` from cron. + +On a new filesystem volume, create as XFS, then mount it in /mnt, and +also bind-mount it to the mysql data directory (default +/var/lib/mysql). + +master +------ + +This recipe no longer loads AWS specific information, and the database +position for replication is no longer stored in a databag because the +client might not have permission to write to the databag item. This +may be handled in a different way at a future date. + +Searches the apps databag for applications, and for each one it will +check that the specified database master role is set in both the +databag and applied to the node's run list. Then, retrieves the +passwords for `root`, `repl` and `debian` users and saves them to the +node attributes. If the passwords are not found in the databag, it +prints a message that they'll be generated by the mysql cookbook. + +Then it adds the application databag database settings to a hash, to +use later. + +Then it will iterate over the databases and create them with the +`mysql_database` resource while adding privileges for application +specific database users using the `mysql_database_user` resource. + +slave +----- + +_TODO_: Retrieve the master status from a data bag, then start +replication using a ruby block. The replication status needs to be +handled in some other way for now since the master recipe above +doesn't actually set it in the databag anymore. + +snapshot +-------- + +Run via Chef Solo. Retrieves the db snapshot configuration from the +specified JSON file. Uses the `mysql_database` resource to lock and +unlock tables, and does a filesystem freeze and EBS snapshot. + +Deprecated Recipes +================== + +The following recipe is considered deprecated. It is kept for +reference purposes. + +ebs\_backup +----------- + +Older style of doing mysql snapshot and replication using Adam Jacob's +[ec2_mysql](http://github.com/adamhjk/ec2_mysql) script and library. + +Data Bags +========= + +This cookbook uses the apps data bag item for the specified +application; see the `application` cookbook's README.md. It also +creates data bag items in a bag named 'aws' for storing volume +information. In order to interact with EC2, it expects aws to have a +main item: + + { + "id": "main", + "ec2_private_key": "private key as a string", + "ec2_cert": "certificate as a string", + "aws_account_id": "", + "aws_secret_access_key": "", + "aws_access_key_id": "" + } + +Note: with the Open Source Chef Server, the server using the database +recipes must be an admin client or it will not be able to create data +bag items. You can modify whether the client is admin by editing it +with knife. + + knife client edit + { + ... + "admin": true + ... + } + +This is not required if the Chef Server is Opscode Hosted Chef, +instead use the ACL feature to modify access for the node to be able +to update the data bag. + +Usage +===== + +Aside from the application data bag (see the README in the application +cookbook), create a role for the database master. Use a role.rb in +your chef-repo, or create the role directly with knife. + + % knife role show my_app_database_master -Fj + { + "name": "my_app_database_master", + "chef_type": "role", + "json_class": "Chef::Role", + "default_attributes": { + }, + "description": "", + "run_list": [ + "recipe[mysql::server]", + "recipe[database::master]" + ], + "override_attributes": { + } + } + +Create a `production` environment. This is also used in the +`application` cookbook. + + % knife environment show production -Fj + { + "name": "production", + "description": "", + "cookbook_versions": { + }, + "json_class": "Chef::Environment", + "chef_type": "environment", + "default_attributes": { + }, + "override_attributes": { + } + } + + +The cookbook `my_app_database` is recommended to set up any +application specific database resources such as configuration +templates, trending monitors, etc. It is not required, but you would +need to create it separately in `site-cookbooks`. Add it to the +`my_app_database_master` role. + +License and Author +================== + +- Author:: Adam Jacob () +- Author:: Joshua Timberman () +- Author:: AJ Christensen () +- Author:: Seth Chisamore () +- Author:: Lamont Granquist () + +Copyright 2009-2012, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql.rb new file mode 100644 index 000000000..b8954a929 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql.rb @@ -0,0 +1,103 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider' + +class Chef + class Provider + class Database + class Mysql < Chef::Provider + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'mysql' + @current_resource = Chef::Resource::Database.new(@new_resource.name) + @current_resource.database_name(@new_resource.database_name) + @current_resource + end + + def action_create + unless exists? + begin + Chef::Log.debug("#{@new_resource}: Creating database `#{new_resource.database_name}`") + create_sql = "CREATE DATABASE `#{new_resource.database_name}`" + create_sql += " CHARACTER SET = #{new_resource.encoding}" if new_resource.encoding + create_sql += " COLLATE = #{new_resource.collation}" if new_resource.collation + Chef::Log.debug("#{@new_resource}: Performing query [#{create_sql}]") + db.query(create_sql) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}") + db.query("DROP DATABASE `#{new_resource.database_name}`") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_query + if exists? + begin + db.select_db(@new_resource.database_name) if @new_resource.database_name + Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]") + db.query(@new_resource.sql_query) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + private + def exists? + db.list_dbs.include?(@new_resource.database_name) + end + + def db + @db ||= begin + connection = ::Mysql.new( + @new_resource.connection[:host], + @new_resource.connection[:username], + @new_resource.connection[:password], + nil, + @new_resource.connection[:port] || 3306 + ) + connection.set_server_option ::Mysql::OPTION_MULTI_STATEMENTS_ON + connection + end + end + + def close + @db.close rescue nil + @db = nil + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql_user.rb new file mode 100644 index 000000000..d2797bfee --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_mysql_user.rb @@ -0,0 +1,84 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'provider_database_mysql') + +class Chef + class Provider + class Database + class MysqlUser < Chef::Provider::Database::Mysql + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'mysql' + @current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name) + @current_resource.username(@new_resource.name) + @current_resource + end + + def action_create + unless exists? + begin + db.query("CREATE USER `#{@new_resource.username}`@`#{@new_resource.host}` IDENTIFIED BY '#{@new_resource.password}'") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + db.query("DROP USER `#{@new_resource.username}`@`#{@new_resource.host}`") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_grant + begin + # does password look like MySQL hex digest? + # (begins with *, followed by 40 hexadecimal characters) + if (/(\A\*[0-9A-F]{40}\z)/i).match(@new_resource.password) then + password = filtered = "PASSWORD '#{$1}'" + else + password = "'#{@new_resource.password}'" + filtered = '[FILTERED]' + end + grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON #{@new_resource.database_name ? "`#{@new_resource.database_name}`" : '*'}.#{@new_resource.table ? "`#{@new_resource.table}`" : '*'} TO `#{@new_resource.username}`@`#{@new_resource.host}` IDENTIFIED BY " + Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}#{filtered}]") + db.query(grant_statement + password) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + private + def exists? + db.query("SELECT User,host from mysql.user WHERE User = '#{@new_resource.username}' AND host = '#{@new_resource.host}'").num_rows != 0 + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql.rb new file mode 100644 index 000000000..c2b5bcf7d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql.rb @@ -0,0 +1,131 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider' + +class Chef + class Provider + class Database + class Postgresql < Chef::Provider + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'pg' + @current_resource = Chef::Resource::Database.new(@new_resource.name) + @current_resource.database_name(@new_resource.database_name) + @current_resource + end + + def action_create + unless exists? + begin + encoding = @new_resource.encoding + if encoding != "DEFAULT" + encoding = "'#{@new_resource.encoding}'" + end + Chef::Log.debug("#{@new_resource}: Creating database #{new_resource.database_name}") + create_sql = "CREATE DATABASE \"#{new_resource.database_name}\"" + create_sql += " TEMPLATE = #{new_resource.template}" if new_resource.template + create_sql += " ENCODING = #{encoding}" if new_resource.encoding + create_sql += " TABLESPACE = #{new_resource.tablespace}" if new_resource.tablespace + create_sql += " LC_CTYPE = '#{new_resource.collation}' LC_COLLATE = '#{new_resource.collation}'" if new_resource.collation + create_sql += " CONNECTION LIMIT = #{new_resource.connection_limit}" if new_resource.connection_limit + create_sql += " OWNER = \"#{new_resource.owner}\"" if new_resource.owner + Chef::Log.debug("#{@new_resource}: Performing query [#{create_sql}]") + db("template1").query(create_sql) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}") + db("template1").query("DROP DATABASE \"#{new_resource.database_name}\"") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_query + if exists? + begin + Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]") + db(@new_resource.database_name).query(@new_resource.sql_query) + Chef::Log.debug("#{@new_resource}: query [#{new_resource.sql_query}] succeeded") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + private + + def exists? + begin + Chef::Log.debug("#{@new_resource}: checking if database #{@new_resource.database_name} exists") + ret = db("template1").query("SELECT * FROM pg_database where datname = '#{@new_resource.database_name}'").num_tuples != 0 + ret ? Chef::Log.debug("#{@new_resource}: database #{@new_resource.database_name} exists") : + Chef::Log.debug("#{@new_resource}: database #{@new_resource.database_name} does not exist") + ensure + close + end + ret + end + + # + # Specifying the database in the connection parameter for the postgres resource is not recommended. + # + # - action_create/drop/exists will use the "template1" database to do work by default. + # - action_query will use the resource database_name. + # - specifying a database in the connection will override this behavior + # + def db(dbname = nil) + close if @db + dbname = @new_resource.connection[:database] if @new_resource.connection[:database] + host = @new_resource.connection[:host] + port = @new_resource.connection[:port] || 5432 + user = @new_resource.connection[:username] || "postgres" + Chef::Log.debug("#{@new_resource}: connecting to database #{dbname} on #{host}:#{port} as #{user}") + password = @new_resource.connection[:password] || node[:postgresql][:password][:postgres] + @db = ::PGconn.new( + :host => host, + :port => port, + :dbname => dbname, + :user => user, + :password => password + ) + end + + def close + @db.close rescue nil + @db = nil + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql_user.rb new file mode 100644 index 000000000..59590867a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_postgresql_user.rb @@ -0,0 +1,83 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'provider_database_postgresql') + +class Chef + class Provider + class Database + class PostgresqlUser < Chef::Provider::Database::Postgresql + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'pg' + @current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name) + @current_resource.username(@new_resource.name) + @current_resource + end + + def action_create + unless exists? + begin + db("template1").query("CREATE USER \"#{@new_resource.username}\" WITH PASSWORD '#{@new_resource.password}'") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + db("template1").query("DROP USER \"#{@new_resource.username}\"") + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_grant + begin + # FIXME: grants on individual tables + grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON DATABASE \"#{@new_resource.database_name}\" TO \"#{@new_resource.username}\"" + Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]") + db(@new_resource.database_name).query(grant_statement) + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + private + def exists? + begin + exists = db("template1").query("SELECT * FROM pg_user WHERE usename='#{@new_resource.username}'").num_tuples != 0 + ensure + close + end + exists + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server.rb new file mode 100644 index 000000000..287c84eb4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server.rb @@ -0,0 +1,109 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider' + +class Chef + class Provider + class Database + class SqlServer < Chef::Provider + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'tiny_tds' + @current_resource = Chef::Resource::Database.new(@new_resource.name) + @current_resource.database_name(@new_resource.database_name) + @current_resource + end + + def action_create + unless exists? + begin + Chef::Log.debug("#{@new_resource}: Creating database #{new_resource.database_name}") + db.execute("CREATE DATABASE [#{new_resource.database_name}]").do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_drop + if exists? + begin + Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}") + db.execute("DROP DATABASE [#{new_resource.database_name}]").do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + def action_query + if exists? + begin + #db.select_db(@new_resource.database_name) if @new_resource.database_name + Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]") + db.execute(@new_resource.sql_query).do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + end + + private + def exists? + exists = false + begin + result = db.execute("SELECT name FROM sys.databases") + result.each do |row| + if row['name'] =~ /#{@new_resource.database_name}/i + exists = true + break + end + end + result.cancel + ensure + close + end + exists + end + + def db + @db ||= begin + ::TinyTds::Client.new( + :host => @new_resource.connection[:host], + :username => @new_resource.connection[:username], + :password => @new_resource.connection[:password], + :port => @new_resource.connection[:port] || 1433 + ) + end + end + + def close + @db.close rescue nil + @db = nil + end + + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server_user.rb new file mode 100644 index 000000000..596892e63 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/provider_database_sql_server_user.rb @@ -0,0 +1,106 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'provider_database_sql_server') + +class Chef + class Provider + class Database + class SqlServerUser < Chef::Provider::Database::SqlServer + include Chef::Mixin::ShellOut + + def load_current_resource + Gem.clear_paths + require 'tiny_tds' + @current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name) + @current_resource.username(@new_resource.name) + @current_resource + end + + def action_create + begin + unless exists?(:logins) + db.execute("CREATE LOGIN [#{@new_resource.username}] WITH PASSWORD = '#{@new_resource.password}', CHECK_POLICY = OFF").do + @new_resource.updated_by_last_action(true) + end + unless exists?(:users) + if @new_resource.database_name + Chef::Log.info("#{@new_resource} creating user in '#{@new_resource.database_name}' database context.") + db.execute("USE [#{@new_resource.database_name}]").do + else + Chef::Log.info("#{@new_resource} database_name not provided, creating user in global context.") + end + db.execute("CREATE USER [#{@new_resource.username}] FOR LOGIN [#{@new_resource.username}]").do + @new_resource.updated_by_last_action(true) + end + ensure + close + end + end + + def action_drop + begin + if exists?(:users) + db.execute("DROP USER [#{@new_resource.username}]").do + @new_resource.updated_by_last_action(true) + end + if exists?(:logins) + db.execute("DROP LOGIN [#{@new_resource.username}]").do + @new_resource.updated_by_last_action(true) + end + ensure + close + end + end + + def action_grant + begin + if @new_resource.password + action_create + end + Chef::Application.fatal!('Please provide a database_name, SQL Server does not support global GRANT statements.') unless @new_resource.database_name + grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON DATABASE::[#{@new_resource.database_name}] TO [#{@new_resource.username}]" + Chef::Log.info("#{@new_resource} granting access with statement [#{grant_statement}]") + db.execute("USE [#{@new_resource.database_name}]").do + db.execute(grant_statement).do + @new_resource.updated_by_last_action(true) + ensure + close + end + end + + private + def exists?(type=:users) + case type + when :users + table = "database_principals" + if @new_resource.database_name + Chef::Log.debug("#{@new_resource} searching for existing user in '#{@new_resource.database_name}' database context.") + db.execute("USE [#{@new_resource.database_name}]").do + end + when :logins + table = "server_principals" + end + + result = db.execute("SELECT name FROM sys.#{table} WHERE name='#{@new_resource.username}'") + result.each.any? + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database.rb new file mode 100644 index 000000000..103a99971 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database.rb @@ -0,0 +1,119 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/resource' + +class Chef + class Resource + class Database < Chef::Resource + + def initialize(name, run_context=nil) + super + @resource_name = :database + @database_name = name + @allowed_actions.push(:create, :drop, :query) + @action = :create + end + + def database_name(arg=nil) + set_or_return( + :database_name, + arg, + :kind_of => String + ) + end + + def connection(arg=nil) + set_or_return( + :connection, + arg, + :required => true + ) + end + + def sql(arg=nil, &block) + arg ||= block + set_or_return( + :sql, + arg, + :kind_of => [String, Proc] + ) + end + + def sql_query + if sql.kind_of?(Proc) + sql.call + else + sql + end + end + + def template(arg=nil) + set_or_return( + :template, + arg, + :kind_of => String, + :default => 'DEFAULT' + ) + end + + def collation(arg=nil) + set_or_return( + :collation, + arg, + :kind_of => String + ) + end + + def encoding(arg=nil) + set_or_return( + :encoding, + arg, + :kind_of => String, + :default => 'DEFAULT' + ) + end + + def tablespace(arg=nil) + set_or_return( + :tablespace, + arg, + :kind_of => String, + :default => 'DEFAULT' + ) + end + + def connection_limit(arg=nil) + set_or_return( + :connection_limit, + arg, + :kind_of => String, + :default => '-1' + ) + end + + def owner(arg=nil) + set_or_return( + :owner, + arg, + :kind_of => String + ) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database_user.rb new file mode 100644 index 000000000..043721aa6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_database_user.rb @@ -0,0 +1,90 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') + +class Chef + class Resource + class DatabaseUser < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :database_user + @username = name + + @database_name = nil + @table = nil + @host = 'localhost' + @privileges = [:all] + + @allowed_actions.push(:create, :drop, :grant) + @action = :create + end + + def database_name(arg=nil) + set_or_return( + :database_name, + arg, + :kind_of => String + ) + end + + def username(arg=nil) + set_or_return( + :username, + arg, + :kind_of => String + ) + end + + def password(arg=nil) + set_or_return( + :password, + arg, + :kind_of => String, + :required => true + ) + end + + def table(arg=nil) + set_or_return( + :table, + arg, + :kind_of => String + ) + end + + def host(arg=nil) + set_or_return( + :host, + arg, + :kind_of => String + ) + end + + def privileges(arg=nil) + set_or_return( + :privileges, + arg, + :kind_of => Array + ) + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database.rb new file mode 100644 index 000000000..726619e6e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') +require File.join(File.dirname(__FILE__), 'provider_database_mysql') + +class Chef + class Resource + class MysqlDatabase < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :mysql_database + @provider = Chef::Provider::Database::Mysql + end + + end + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database_user.rb new file mode 100644 index 000000000..6e11ebe5e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_mysql_database_user.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database_user') +require File.join(File.dirname(__FILE__), 'provider_database_mysql_user') + +class Chef + class Resource + class MysqlDatabaseUser < Chef::Resource::DatabaseUser + + def initialize(name, run_context=nil) + super + @resource_name = :mysql_database_user + @provider = Chef::Provider::Database::MysqlUser + end + + end + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database.rb new file mode 100644 index 000000000..d8afb8c32 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database.rb @@ -0,0 +1,35 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') +require File.join(File.dirname(__FILE__), 'provider_database_postgresql') + +class Chef + class Resource + class PostgresqlDatabase < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :postgresql_database + @provider = Chef::Provider::Database::Postgresql + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database_user.rb new file mode 100644 index 000000000..b3bf9d2bc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_postgresql_database_user.rb @@ -0,0 +1,35 @@ +# +# Author:: Seth Chisamore () +# Author:: Lamont Granquist () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database_user') +require File.join(File.dirname(__FILE__), 'provider_database_postgresql_user') + +class Chef + class Resource + class PostgresqlDatabaseUser < Chef::Resource::DatabaseUser + + def initialize(name, run_context=nil) + super + @resource_name = :postgresql_database_user + @provider = Chef::Provider::Database::PostgresqlUser + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database.rb new file mode 100644 index 000000000..cdb17cbe6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database') +require File.join(File.dirname(__FILE__), 'provider_database_sql_server') + +class Chef + class Resource + class SqlServerDatabase < Chef::Resource::Database + + def initialize(name, run_context=nil) + super + @resource_name = :sql_server_database + @provider = Chef::Provider::Database::SqlServer + end + + end + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database_user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database_user.rb new file mode 100644 index 000000000..56a3e0396 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/libraries/resource_sql_server_database_user.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.join(File.dirname(__FILE__), 'resource_database_user') +require File.join(File.dirname(__FILE__), 'provider_database_sql_server_user') + +class Chef + class Resource + class SqlServerDatabaseUser < Chef::Resource::DatabaseUser + + def initialize(name, run_context=nil) + super + @resource_name = :sql_server_database_user + @provider = Chef::Provider::Database::SqlServerUser + end + + end + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.json new file mode 100644 index 000000000..8ec4927b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.json @@ -0,0 +1,46 @@ +{ + "name": "database", + "description": "Sets up the database master or slave", + "long_description": "Database Cookbook\n=================\n\nThe main highlight of this cookbook is the `database` and\n`database_user` resources for managing databases and database users in\na RDBMS. Providers for MySQL, PostgreSQL and SQL Server are also\nprovided, see usage documentation below.\n\nThis cookbook also contains recipes to configure mysql database\nmasters and slaves and uses EBS for storage, integrating together with\nthe application cookbook utilizing data bags for application related\ninformation. These recipes are written primarily to use MySQL and the\nOpscode mysql cookbook. Other RDBMS may be supported at a later date.\nThis cookbook does not automatically restore database dumps, but does\ninstall tools to help with that.\n\nRequirements\n============\n\nChef version 0.10.10+.\n\nPlatform\n--------\n\n* Debian, Ubuntu\n* Red Hat, CentOS, Scientific, Fedora, Amazon\n\nCookbooks\n---------\n\nThe following Opscode cookbooks are dependencies:\n\n* mysql\n* postgresql\n* xfs\n* aws\n\nResources/Providers\n===================\n\nThese resources aim to expose an abstraction layer for interacting\nwith different RDBMS in a general way. Currently the cookbook ships\nwith providers for MySQL, PostgreSQL and SQL Server. Please see\nspecific usage in the __Example__ sections below. The providers use\nspecific Ruby gems installed under Chef's Ruby environment to execute\ncommands and carry out actions. These gems will need to be installed\nbefore the providers can operate correctly. Specific notes for each\nRDBS flavor:\n\n- MySQL: leverages the `mysql` gem which is installed as part of the\n `mysql::ruby` recipe. You can use `database::mysql` to include this,\n too.\n- PostgreSQL: leverages the `pg` gem which is installed as part of the\n `postgresql::ruby` recipe. You can use `database::postgresql` to\n include this, too.\n Currently does not work in Chef \"omnibus\" full stack installs, see COOK-1406.\n- SQL Server: leverages the `tiny_tds` gem which is installed as part\n of the `sql_server::client` recipe.\n\n`database`\n----------\n\nManage databases in a RDBMS. Use the proper shortcut resource\ndepending on your RDBMS: `mysql_database`, `postgresql_database` or\n`sql_server_database`.\n\n### Actions\n\n- :create: create a named database\n- :drop: drop a named database\n- :query: execute an arbitrary query against a named database\n\n### Attribute Parameters\n\n- database_name: name attribute. Name of the database to interact with\n- connection: hash of connection info. valid keys include :host,\n :port, :username, :password\n- sql: string of sql or a block that executes to a string of sql,\n which will be executed against the database. used by :query action\n only\n\n### Providers\n\n- **Chef::Provider::Database::Mysql**: shortcut resource `mysql_database`\n- **Chef::Provider::Database::Postgresql**: shortcut resource `postgresql_database`\n- **Chef::Provider::Database::SqlServer**: shortcut resource `sql_server_database`\n\n### Examples\n\n # create a mysql database\n mysql_database 'oracle_rules' do\n connection ({:host => \"localhost\", :username => 'root', :password => node['mysql']['server_root_password']})\n action :create\n end\n\n # create a sql server database\n sql_server_database 'mr_softie' do\n connection ({:host => \"127.0.0.1\", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']})\n action :create\n end\n\n # create a postgresql database\n postgresql_database 'mr_softie' do\n connection ({:host => \"127.0.0.1\", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']})\n action :create\n end\n\n # create a postgresql database with additional parameters\n postgresql_database 'mr_softie' do\n connection ({:host => \"127.0.0.1\", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']})\n template 'DEFAULT'\n encoding 'DEFAULT'\n tablespace 'DEFAULT'\n connection_limit '-1'\n owner 'postgres'\n action :create\n end\n\n # externalize conection info in a ruby hash\n mysql_connection_info = {:host => \"localhost\",\n :username => 'root',\n :password => node['mysql']['server_root_password']}\n sql_server_connection_info = {:host => \"localhost\",\n :port => node['sql_server']['port'],\n :username => 'sa',\n :password => node['sql_server']['server_sa_password']}\n postgresql_connection_info = {:host => \"127.0.0.1\",\n :port => node['postgresql']['config']['port'],\n :username => 'postgres',\n :password => node['postgresql']['password']['postgres']}\n\n # same create commands, connection info as an external hash\n mysql_database 'foo' do\n connection mysql_connection_info\n action :create\n end\n sql_server_database 'foo' do\n connection sql_server_connection_info\n action :create\n end\n postgresql_database 'foo' do\n connection postgresql_connection_info\n action :create\n end\n\n # create database, set provider in resource parameter\n database 'bar' do\n connection mysql_connection_info\n provider Chef::Provider::Database::Mysql\n action :create\n end\n database 'bar' do\n connection sql_server_connection_info\n provider Chef::Provider::Database::SqlServer\n action :create\n end\n database 'bar' do\n connection postgresql_connection_info\n provider Chef::Provider::Database::Postgresql\n action :create\n end\n\n # drop a database\n mysql_database \"baz\" do\n connection mysql_connection_info\n action :drop\n end\n\n # query a database\n mysql_database \"flush the privileges\" do\n connection mysql_connection_info\n sql \"flush privileges\"\n action :query\n end\n\n # query a database from a sql script on disk\n mysql_database \"run script\" do\n connection mysql_connection_info\n sql { ::File.open(\"/path/to/sql_script.sql\").read }\n action :query\n end\n\n # vacuum a postgres database\n postgres_database \"vacuum databases\" do\n connection postgresql_connection_info\n database_table \"template1\"\n sql \"VACUUM FULL VERBOSE ANALYZE\"\n action :query\n end\n\n`database_user`\n---------------\n\nManage users and user privileges in a RDBMS. Use the proper shortcut\nresource depending on your RDBMS: `mysql_database_user`,\n`postgresql_database_user`, or `sql_server_database_user`.\n\n### Actions\n\n- :create: create a user\n- :drop: drop a user\n- :grant: manipulate user privileges on database objects\n\n### Attribute Parameters\n\n- username: name attribute. Name of the database user\n- password: password for the user account\n- database_name: Name of the database to interact with\n- connection: hash of connection info. valid keys include :host,\n :port, :username, :password\n- privileges: array of database privileges to grant user. used by the\n :grant action. default is :all\n- host: host where user connections are allowed from. used by MySQL\n provider only. default is 'localhost'\n- table: table to grant privileges on. used by :grant action and MySQL\n provider only. default is '*' (all tables)\n\n### Providers\n\n- **Chef::Provider::Database::MysqlUser**: shortcut resource\n `mysql_database_user`\n- **Chef::Provider::Database::PostgresqlUser**: shortcut\n resource `postgresql_database_user`\n- **Chef::Provider::Database::SqlServerUser**: shortcut resource\n `sql_server_database_user`\n\n### Examples\n\n # create connection info as an external ruby hash\n mysql_connection_info = {:host => \"localhost\",\n :username => 'root',\n :password => node['mysql']['server_root_password']}\n postgresql_connection_info = {:host => \"localhost\",\n :port => node['postgresql']['config']['port'],\n :username => 'postgres',\n :password => node['postgresql']['password']['postgres']}\n sql_server_connection_info = {:host => \"localhost\",\n :port => node['sql_server']['port'],\n :username => 'sa',\n :password => node['sql_server']['server_sa_password']}\n\n # create a mysql user but grant no privileges\n mysql_database_user 'disenfranchised' do\n connection mysql_connection_info\n password 'super_secret'\n action :create\n end\n\n # do the same but pass the provider to the database resource\n database_user 'disenfranchised' do\n connection mysql_connection_info\n password 'super_secret'\n provider Chef::Provider::Database::MysqlUser\n action :create\n end\n\n # create a postgresql user but grant no privileges\n postgresql_database_user 'disenfranchised' do\n connection postgresql_connection_info\n password 'super_secret'\n action :create\n end\n\n # do the same but pass the provider to the database resource\n database_user 'disenfranchised' do\n connection postgresql_connection_info\n password 'super_secret'\n provider Chef::Provider::Database::PostgresqlUser\n action :create\n end\n\n # create a sql server user but grant no privileges\n sql_server_database_user 'disenfranchised' do\n connection sql_server_connection_info\n password 'super_secret'\n action :create\n end\n\n # drop a mysql user\n mysql_database_user \"foo_user\" do\n connection mysql_connection_info\n action :drop\n end\n\n # bulk drop sql server users\n %w{ disenfranchised foo_user }.each do |user|\n sql_server_database_user user do\n connection sql_server_connection_info\n action :drop\n end\n end\n\n # grant select,update,insert privileges to all tables in foo db from all hosts\n mysql_database_user 'foo_user' do\n connection mysql_connection_info\n password 'super_secret'\n database_name 'foo'\n host '%'\n privileges [:select,:update,:insert]\n action :grant\n end\n\n # grant all privileges on all databases/tables from localhost\n mysql_database_user 'super_user' do\n connection mysql_connection_info\n password 'super_secret'\n action :grant\n end\n\n # grant all privileges on all tables in foo db\n postgresql_database_user 'foo_user' do\n connection postgresql_connection_info\n database_name 'foo'\n privileges [:all]\n action :grant\n end\n\n # grant select,update,insert privileges to all tables in foo db\n sql_server_database_user 'foo_user' do\n connection sql_server_connection_info\n password 'super_secret'\n database_name 'foo'\n privileges [:select,:update,:insert]\n action :grant\n end\n\nRecipes\n=======\n\nebs\\_volume\n-----------\n\n*Note*: This recipe does not currently work on RHEL platforms due to\n the xfs cookbook not supporting RHEL yet.\n\nLoads the aws information from the data bag. Searches the applications\ndata bag for the database master or slave role and checks that role is\napplied to the node. Loads the EBS information and the master\ninformation from data bags. Uses the aws cookbook LWRP,\n`aws_ebs_volume` to manage the volume.\n\nOn a master node:\n* if we have an ebs volume already as stored in a data bag, attach it.\n* if we don't have the ebs information then create a new one and\n attach it.\n* store the volume information in a data bag via a ruby block.\n\nOn a slave node:\n* use the master volume information to generate a snapshot.\n* create the new volume from the snapshot and attach it.\n\nAlso on a master node, generate some configuration for running a\nsnapshot via `chef-solo` from cron.\n\nOn a new filesystem volume, create as XFS, then mount it in /mnt, and\nalso bind-mount it to the mysql data directory (default\n/var/lib/mysql).\n\nmaster\n------\n\nThis recipe no longer loads AWS specific information, and the database\nposition for replication is no longer stored in a databag because the\nclient might not have permission to write to the databag item. This\nmay be handled in a different way at a future date.\n\nSearches the apps databag for applications, and for each one it will\ncheck that the specified database master role is set in both the\ndatabag and applied to the node's run list. Then, retrieves the\npasswords for `root`, `repl` and `debian` users and saves them to the\nnode attributes. If the passwords are not found in the databag, it\nprints a message that they'll be generated by the mysql cookbook.\n\nThen it adds the application databag database settings to a hash, to\nuse later.\n\nThen it will iterate over the databases and create them with the\n`mysql_database` resource while adding privileges for application\nspecific database users using the `mysql_database_user` resource.\n\nslave\n-----\n\n_TODO_: Retrieve the master status from a data bag, then start\nreplication using a ruby block. The replication status needs to be\nhandled in some other way for now since the master recipe above\ndoesn't actually set it in the databag anymore.\n\nsnapshot\n--------\n\nRun via Chef Solo. Retrieves the db snapshot configuration from the\nspecified JSON file. Uses the `mysql_database` resource to lock and\nunlock tables, and does a filesystem freeze and EBS snapshot.\n\nDeprecated Recipes\n==================\n\nThe following recipe is considered deprecated. It is kept for\nreference purposes.\n\nebs\\_backup\n-----------\n\nOlder style of doing mysql snapshot and replication using Adam Jacob's\n[ec2_mysql](http://github.com/adamhjk/ec2_mysql) script and library.\n\nData Bags\n=========\n\nThis cookbook uses the apps data bag item for the specified\napplication; see the `application` cookbook's README.md. It also\ncreates data bag items in a bag named 'aws' for storing volume\ninformation. In order to interact with EC2, it expects aws to have a\nmain item:\n\n {\n \"id\": \"main\",\n \"ec2_private_key\": \"private key as a string\",\n \"ec2_cert\": \"certificate as a string\",\n \"aws_account_id\": \"\",\n \"aws_secret_access_key\": \"\",\n \"aws_access_key_id\": \"\"\n }\n\nNote: with the Open Source Chef Server, the server using the database\nrecipes must be an admin client or it will not be able to create data\nbag items. You can modify whether the client is admin by editing it\nwith knife.\n\n knife client edit \n {\n ...\n \"admin\": true\n ...\n }\n\nThis is not required if the Chef Server is Opscode Hosted Chef,\ninstead use the ACL feature to modify access for the node to be able\nto update the data bag.\n\nUsage\n=====\n\nAside from the application data bag (see the README in the application\ncookbook), create a role for the database master. Use a role.rb in\nyour chef-repo, or create the role directly with knife.\n\n % knife role show my_app_database_master -Fj\n {\n \"name\": \"my_app_database_master\",\n \"chef_type\": \"role\",\n \"json_class\": \"Chef::Role\",\n \"default_attributes\": {\n },\n \"description\": \"\",\n \"run_list\": [\n \"recipe[mysql::server]\",\n \"recipe[database::master]\"\n ],\n \"override_attributes\": {\n }\n }\n\nCreate a `production` environment. This is also used in the\n`application` cookbook.\n\n % knife environment show production -Fj\n {\n \"name\": \"production\",\n \"description\": \"\",\n \"cookbook_versions\": {\n },\n \"json_class\": \"Chef::Environment\",\n \"chef_type\": \"environment\",\n \"default_attributes\": {\n },\n \"override_attributes\": {\n }\n }\n\n\nThe cookbook `my_app_database` is recommended to set up any\napplication specific database resources such as configuration\ntemplates, trending monitors, etc. It is not required, but you would\nneed to create it separately in `site-cookbooks`. Add it to the\n`my_app_database_master` role.\n\nLicense and Author\n==================\n\n- Author:: Adam Jacob ()\n- Author:: Joshua Timberman ()\n- Author:: AJ Christensen ()\n- Author:: Seth Chisamore ()\n- Author:: Lamont Granquist ()\n\nCopyright 2009-2012, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "centos": ">= 0.0.0", + "suse": ">= 0.0.0", + "fedora": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "amazon": ">= 0.0.0" + }, + "dependencies": { + "mysql": ">= 1.3.0", + "postgresql": ">= 1.0.0", + "aws": ">= 0.0.0", + "xfs": ">= 0.0.0" + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "database": "Empty placeholder", + "database::ebs_backup": "Considered deprecated, older way of backing up EBS volumes", + "database::ebs_volume": "Sets up an EBS volume in EC2 for the database", + "database::master": "Creates application specific user and database", + "database::snapshot": "Locks tables and freezes XFS filesystem for replication, assumes EC2 + EBS" + }, + "version": "1.3.12" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.rb new file mode 100644 index 000000000..59fd7530e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/metadata.rb @@ -0,0 +1,22 @@ +name "database" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Sets up the database master or slave" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.3.12" + +recipe "database", "Empty placeholder" +recipe "database::ebs_backup", "Considered deprecated, older way of backing up EBS volumes" +recipe "database::ebs_volume", "Sets up an EBS volume in EC2 for the database" +recipe "database::master", "Creates application specific user and database" +recipe "database::snapshot", "Locks tables and freezes XFS filesystem for replication, assumes EC2 + EBS" + +depends "mysql", ">= 1.3.0" +depends "postgresql", ">= 1.0.0" +depends "aws" +depends "xfs" + +%w{ debian ubuntu centos suse fedora redhat scientific amazon }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/default.rb new file mode 100644 index 000000000..5d1819c28 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: database +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_backup.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_backup.rb new file mode 100644 index 000000000..7a2f8a2b0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_backup.rb @@ -0,0 +1,89 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: database +# Recipe:: ebs_backup +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +begin + aws = Chef::DataBagItem.load('aws', 'main') + Chef::Log.info("Loaded AWS information from DataBagItem aws[#{aws['id']}]") +rescue + Chef::Log.fatal("Could not find the 'main' item in the 'aws' data bag") + raise +end + +db_role = String.new +db_master_role = String.new +db_type = node[:database][:type] + +search(:apps) do |app| + db_role = app["database_#{db_type}_role"] & node.run_list.roles + db_master_role = app["database_master_role"] +end + +ebs_info = Chef::DataBagItem.load(:aws, "ebs_#{db_master_role}_#{node.chef_environment}") + +gem_package "dbi" +gem_package "dbd-mysql" + +directory "/mnt/aws-config" do + mode 0700 + owner "root" + group "root" +end + +template "/mnt/aws-config/config" do + source "aws_config.erb" + variables( + :access_key => aws['aws_access_key_id'], + :secret_key => aws['aws_secret_access_key'] + ) + owner "root" + group "root" + mode 0600 +end + +git "/opt/ec2_mysql" do + repository "git://github.com/jtimberman/ec2_mysql.git" + reference "HEAD" + action :sync + not_if { ::FileTest.directory?("/opt/ec2_mysql/.git") } +end + +%w{backup restore}.each do |file| + template "/usr/local/bin/db-#{file}.sh" do + source "ebs-db-#{file}.sh.erb" + owner "root" + group "root" + mode 0700 + variables( + :mysql_root_passwd => node['mysql']['server_root_password'], + :mysql_device => node['mysql']['ebs_vol_dev'], + :ebs_vol_id => ebs_info['volume_id'] + ) + end +end + +if db_type == "master" && node.chef_environment == "production" + template "/etc/cron.d/db-backup" do + source "ebs-backup-cron.erb" + owner "root" + group "root" + mode 0644 + backup false + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_volume.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_volume.rb new file mode 100644 index 000000000..0beea487a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/ebs_volume.rb @@ -0,0 +1,204 @@ +# +# Author:: Joshua Timberman () +# Author:: AJ Christensen () +# Cookbook Name:: database +# Recipe:: ebs_volume +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if node[:ec2] + include_recipe "aws" + include_recipe "xfs" + + begin + aws = Chef::DataBagItem.load(:aws, :main) + Chef::Log.info("Loaded AWS information from DataBagItem aws[#{aws['id']}]") + rescue + Chef::Log.fatal("Could not find the 'main' item in the 'aws' data bag") + raise + end + + ebs_vol_dev = node['mysql']['ebs_vol_dev'] + if (platform?("ubuntu") && node['platform_version'].to_f >= 11.04) + ebs_vol_dev_mount = ebs_vol_dev.sub(/^\/dev\/sd/, "/dev/xvd") + else + ebs_vol_dev_mount = ebs_vol_dev + end + ebs_vol_id = String.new + db_type = String.new + db_role = String.new + master_role = String.new + slave_role = String.new + root_pw = String.new + snapshots_to_keep = String.new + snapshot_cron_schedule = "00 * * * *" # default to hourly snapshots + + search(:apps) do |app| + if (app["database_master_role"] & node.run_list.roles).length == 1 || (app["database_slave_role"] & node.run_list.roles).length == 1 + master_role = app["database_master_role"] & node.run_list.roles + slave_role = app["database_slave_role"] & node.run_list.roles + root_pw = app["mysql_root_password"][node.chef_environment] + snapshots_to_keep = app["snapshots_to_keep"][node.chef_environment] + snapshot_cron_schedule = app["snapshot_cron_schedule"][node.chef_environment] if app["snapshot_cron_schedule"] && app["snapshot_cron_schedule"][node.chef_environment] + + if (master_role & node.run_list.roles).length == 1 + db_type = "master" + db_role = RUBY_VERSION.to_f <= 1.8 ? master_role : master_role.join + elsif (slave_role & node.run_list.roles).length == 1 + db_type = "slave" + db_role = RUBY_VERSION.to_f <= 1.8 ? slave_role : slave_role.join + end + + Chef::Log.info "database::ebs_volume - db_role: #{db_role} db_type: #{db_type}" + end + end + + begin + ebs_info = Chef::DataBagItem.load(:aws, "ebs_#{db_role}_#{node.chef_environment}") + Chef::Log.info("Loaded #{ebs_info['volume_id']} from DataBagItem aws[#{ebs_info['id']}]") + rescue + Chef::Log.warn("Could not find the 'ebs_#{db_role}_#{node.chef_environment}' item in the 'aws' data bag") + ebs_info = Hash.new + end + + begin + master_info = Chef::DataBagItem.load(:aws, "ebs_#{master_role}_#{node.chef_environment}") + Chef::Log.info "Loaded #{master_info['volume_id']} from DataBagItem aws[#{master_info['id']}]" + rescue + Chef::Application.fatal! "Could not load replication masters snapshot details", -41 if db_type == "slave" + end + + ruby_block "store_#{db_role}_#{node.chef_environment}_volid" do + block do + ebs_vol_id = node[:aws][:ebs_volume]["#{db_role}_#{node.chef_environment}"][:volume_id] + + unless ebs_info['volume_id'] + item = { + "id" => "ebs_#{db_role}_#{node.chef_environment}", + "volume_id" => ebs_vol_id + } + Chef::Log.info "Storing volume_id #{item.inspect}" + databag_item = Chef::DataBagItem.new + databag_item.data_bag("aws") + databag_item.raw_data = item + databag_item.save + Chef::Log.info("Created #{item['id']} in #{databag_item.data_bag}") + end + end + action :nothing + end + + aws_ebs_volume "#{db_role}_#{node.chef_environment}" do + aws_access_key aws['aws_access_key_id'] + aws_secret_access_key aws['aws_secret_access_key'] + size 50 + device ebs_vol_dev + snapshots_to_keep snapshots_to_keep + case db_type + when "master" + if ebs_info['volume_id'] && ebs_info['volume_id'] =~ /vol/ + volume_id ebs_info['volume_id'] + action :attach + elsif ebs_info['volume_id'] && ebs_info['volume_id'] =~ /snap/ + snapshot_id ebs_info['volume_id'] + action [ :create, :attach ] + else + action [ :create, :attach ] + end + notifies :create, resources(:ruby_block => "store_#{db_role}_#{node.chef_environment}_volid") + when "slave" + if master_info['volume_id'] + snapshot_id master_info['volume_id'] + action [:create, :attach] + else + Chef::Log.warn("Couldn't detect snapshot ID.") + action :nothing + end + end + provider "aws_ebs_volume" + end + + if db_type == "master" + Chef::Log.info "Setting up templates for chef-solo snapshots" + template "/etc/chef/chef-solo-database-snapshot.rb" do + source "chef-solo-database-snapshot.rb.erb" + variables :cookbook_path => Chef::Config[:cookbook_path] + owner "root" + group "root" + mode 0600 + end + + template "/etc/chef/chef-solo-database-snapshot.json" do + source "chef-solo-database-snapshot.json.erb" + variables( + :output => { + 'db_snapshot' => { + 'ebs_vol_dev' => node.mysql.ec2_path, + 'db_role' => db_role, + 'app_environment' => node.chef_environment, + 'username' => 'root', + 'password' => root_pw, + 'aws_access_key_id' => aws['aws_access_key_id'], + 'aws_secret_access_key' => aws['aws_secret_access_key'], + 'snapshots_to_keep' => snapshots_to_keep, + 'volume_id' => ebs_info['volume_id'] + }, + 'run_list' => [ + "recipe[database::snapshot]" + ] + } + ) + owner "root" + group "root" + mode 0600 + end + + template "/etc/cron.d/chef-solo-database-snapshot" do + source "chef-solo-database-snapshot.cron.erb" + variables( + :json_attribs => "/etc/chef/chef-solo-database-snapshot.json", + :config_file => "/etc/chef/chef-solo-database-snapshot.rb", + :schedule => snapshot_cron_schedule + ) + owner "root" + group "root" + mode 0600 + end + end + + execute "mkfs.xfs #{ebs_vol_dev_mount}" do + only_if "xfs_admin -l #{ebs_vol_dev_mount} 2>&1 | grep -qx 'xfs_admin: #{ebs_vol_dev_mount} is not a valid XFS filesystem (unexpected SB magic number 0x00000000)'" + end + + %w{ec2_path data_dir}.each do |dir| + directory node['mysql'][dir] do + mode 0755 + end + end + + mount node['mysql']['ec2_path'] do + device ebs_vol_dev_mount + fstype "xfs" + action :mount + end + + mount node['mysql']['data_dir'] do + device node['mysql']['ec2_path'] + fstype "none" + options "bind,rw" + action :mount + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/master.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/master.rb new file mode 100644 index 000000000..166df948d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/master.rb @@ -0,0 +1,78 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: database +# Recipe:: master +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is potentially destructive to the nodes mysql password attributes, since +# we iterate over all the app databags. If this database server provides +# databases for multiple applications, the last app found in the databags +# will win out, so make sure the databags have the same passwords set for +# the root, repl, and debian-sys-maint users. +# + +db_info = Hash.new +root_pw = String.new + +search(:apps) do |app| + (app['database_master_role'] & node.run_list.roles).each do |dbm_role| + %w{ root repl debian }.each do |user| + user_pw = app["mysql_#{user}_password"] + if !user_pw.nil? and user_pw[node.chef_environment] + Chef::Log.debug("Saving password for #{user} as node attribute node['mysql']['server_#{user}_password'") + node.set['mysql']["server_#{user}_password"] = user_pw[node.chef_environment] + node.save + else + log "A password for MySQL user #{user} was not found in DataBag 'apps' item '#{app["id"]}' for environment ' for #{node.chef_environment}'." do + level :warn + end + log "A random password will be generated by the mysql cookbook and added as 'node.mysql.server_#{user}_password'. Edit the DataBag item to ensure it is set correctly on new nodes" do + level :warn + end + end + end + app['databases'].each do |env,db| + db_info[env] = db + end + end +end + +include_recipe "mysql::server" + +connection_info = {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']} + +search(:apps) do |app| + (app['database_master_role'] & node.run_list.roles).each do |dbm_role| + app['databases'].each do |env,db| + if env =~ /#{node.chef_environment}/ + mysql_database "create #{db['database']}" do + database_name db['database'] + connection connection_info + action :create + end + %W{ % #{node['fqdn']} localhost }.each do |h| + mysql_database_user db['username'] do + connection connection_info + password db['password'] + database_name db['database'] + host h + action :grant + end + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/mysql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/mysql.rb new file mode 100644 index 000000000..8b83420e1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/mysql.rb @@ -0,0 +1,20 @@ +# +# Author:: Jesse Howarth () +# +# Copyright:: Copyright (c) 2012, Opscode, Inc. () +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "mysql::ruby" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/postgresql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/postgresql.rb new file mode 100644 index 000000000..c4ab00589 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/postgresql.rb @@ -0,0 +1,20 @@ +# +# Author:: Jesse Howarth () +# +# Copyright:: Copyright (c) 2012, Opscode, Inc. () +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::ruby" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/snapshot.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/snapshot.rb new file mode 100644 index 000000000..fe2a4f426 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/recipes/snapshot.rb @@ -0,0 +1,62 @@ +# +# Author:: AJ Christensen () +# Cookbook Name:: database +# Recipe:: snapshot +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +include_recipe "aws" +include_recipe "xfs" + +%w{ebs_vol_dev db_role app_environment username password aws_access_key_id aws_secret_access_key snapshots_to_keep volume_id}.collect do |key| + Chef::Application.fatal!("Required db_snapshot configuration #{key} not found.", -47) unless node.db_snapshot.has_key? key +end + +connection_info = {:host => "localhost", :username => node.db_snapshot.username, :password => node.db_snapshot.password} + +mysql_database "locking tables for #{node.db_snapshot.app_environment}" do + connection connection_info + sql "flush tables with read lock" + action :query +end + +execute "xfs freeze" do + command "xfs_freeze -f #{node.db_snapshot.ebs_vol_dev}" +end + +aws_ebs_volume "#{node.db_snapshot.db_role.first}_#{node.db_snapshot.app_environment}" do + aws_access_key node.db_snapshot.aws_access_key_id + aws_secret_access_key node.db_snapshot.aws_secret_access_key + size 50 + device node.db_snapshot.ebs_vol_dev + snapshots_to_keep node.db_snapshot.snapshots_to_keep + action :snapshot + volume_id node.db_snapshot.volume_id + ignore_failure true # if this fails, continue to unfreeze and unlock +end + +execute "xfs unfreeze" do + command "xfs_freeze -u #{node.db_snapshot.ebs_vol_dev}" +end + +mysql_database "unflushing tables for #{node.db_snapshot.app_environment}" do + connection connection_info + sql "unlock tables" + action :query +end + +aws_ebs_volume "#{node.db_snapshot.db_role.first}_#{node.db_snapshot.app_environment}" do + action :prune +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/app_grants.sql.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/app_grants.sql.erb new file mode 100644 index 000000000..35d8b9804 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/app_grants.sql.erb @@ -0,0 +1,8 @@ +# Generated by Chef. Local modifications will be overwritten. +<% @db_info.each do |env,db| -%> +# Privileges for databases in <%= env %> +GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'localhost' IDENTIFIED BY '<%= db['password'] %>'; +GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'<%= node['fqdn'] %>' IDENTIFIED BY '<%= db['password'] %>'; +GRANT ALL ON <%= db['database'] %>.* TO '<%= db['username'] %>'@'%' IDENTIFIED BY '<%= db['password'] %>'; +<% end -%> +flush privileges; diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/aws_config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/aws_config.erb new file mode 100644 index 000000000..e5ae3684c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/aws_config.erb @@ -0,0 +1,3 @@ +AWS_ACCESS_KEY_ID=<%= @access_key %> +AWS_SECRET_ACCESS_KEY=<%= @secret_key %> +BUCKET_BASE_NAME=db-backups diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.cron.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.cron.erb new file mode 100644 index 000000000..db40768cd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.cron.erb @@ -0,0 +1,6 @@ +# Managed by Chef +# m h dom mon dow command +# Keep 1 day of hourly snapshots +PATH=/usr/sbin:/usr/bin:/sbin:/bin +<% cs = "chef-solo -j #{@json_attribs} -c #{@config_file}" %> +<%= @schedule %> root <%= cs %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.json.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.json.erb new file mode 100644 index 000000000..13cdb6495 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.json.erb @@ -0,0 +1 @@ +<%= require 'json'; JSON.pretty_generate(@output) %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.rb.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.rb.erb new file mode 100644 index 000000000..12806cf3f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/chef-solo-database-snapshot.rb.erb @@ -0,0 +1,6 @@ +executable_path ENV['PATH'] ? ENV['PATH'].split(File::PATH_SEPARATOR) : [] +<% if @cookbook_path.is_a? Array %> + cookbook_path [ <%= @cookbook_path.collect { |cb| "\"#{cb}\""}.join(", ") -%> ] +<% else %> + cookbook_path "<%= @cookbook_path -%>" +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-backup-cron.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-backup-cron.erb new file mode 100644 index 000000000..9293fdf6e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-backup-cron.erb @@ -0,0 +1,2 @@ +# Chef Name: ebs_db_backup +15 0 * * * root /usr/local/bin/db-backup.sh diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-backup.sh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-backup.sh.erb new file mode 100644 index 000000000..60e1c910b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-backup.sh.erb @@ -0,0 +1,8 @@ +#!/bin/bash +# +# Back up a MySQL database via EBS snapshot + +. /mnt/aws-config/config + +/opt/ec2_mysql/bin/ec2_mysql -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY -p '<%= @mysql_root_passwd %>' -k 5 master +echo "done" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-restore.sh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-restore.sh.erb new file mode 100644 index 000000000..47afef665 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/ebs-db-restore.sh.erb @@ -0,0 +1,10 @@ +#!/bin/bash +# +# Restore a MySQL database from EBS + +mkdir -p /mnt/restore + +. /mnt/aws-config/config + +/opt/ec2_mysql/bin/ec2_mysql -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY -p '<%= @mysql_root_password %>' -v '<%= @ebs_vol_id %>' -m /mnt/restore -d <%= @mysql_device %> -r <%= @mysql_device %> -l debug -n slave +echo "done" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/s3cfg.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/s3cfg.erb new file mode 100644 index 000000000..c2f818c58 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/jdatabase/templates/default/s3cfg.erb @@ -0,0 +1,27 @@ +[default] +access_key = <%= @aws['aws_access_key_id'] %> +acl_public = False +bucket_location = US +debug_syncmatch = False +default_mime_type = binary/octet-stream +delete_removed = False +dry_run = False +encrypt = False +force = False +gpg_command = /usr/bin/gpg +gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s +gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s +gpg_passphrase = +guess_mime_type = False +host_base = s3.amazonaws.com +host_bucket = %(bucket)s.s3.amazonaws.com +human_readable_sizes = False +preserve_attrs = True +proxy_host = +proxy_port = 0 +recv_chunk = 4096 +secret_key = <%= @aws['aws_secret_access_key'] %> +send_chunk = 4096 +simpledb_host = sdb.amazonaws.com +use_https = True +verbosity = WARNING diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CHANGELOG.md new file mode 100644 index 000000000..3d909d1f2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CHANGELOG.md @@ -0,0 +1,37 @@ +## v1.3.0 + +* [COOK-2386] - update `memcached_instance` definition for + `runit_service` resource + +## v1.2.0: + +* [COOK-1469] - include yum epel recipe on RHEL 5 (introduces yum + cookbook dependency) +* [COOK-2202] - Fix typo in previous ticket/commits +* [COOK-2266] - pin runit dependency + +## v1.1.2: + +* [COOK-990] - params insite runit_service isn't the same as outside + +## v1.1.0: + +* [COOK-1764] - Add Max Connections to memcached.conf and fix typos + +## v1.0.4: + +* [COOK-1192] - metadata doesn't include RH platforms (supported) +* [COOK-1354] - dev package changed name on centos6 + +## v1.0.2: + +* [COOK-1081] - support for centos/rhel + +## v1.0.0: + +* [COOK-706] - Additional info in README +* [COOK-828] - Package for RHEL systems + +## v0.10.4: + +* Current released version diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/Gemfile new file mode 100644 index 000000000..46e07661a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/Gemfile @@ -0,0 +1,3 @@ +source :rubygems + +gem 'test-kitchen', '< 1.0' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/README.md new file mode 100644 index 000000000..a1ab200ab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/README.md @@ -0,0 +1,74 @@ +Description +=========== + +Installs memcached and provides a define to set up an instance of +memcache via runit. + +Requirements +============ + +A runit service can be set up for instances using the +`memcache_instance` definition. + +## Platforms: + +Tested on: + +* Ubuntu 10.04, 12.04 +* CentOS 5.8, 6.3 + +May work on any Debian or Red Hat family distributions with or without +modification. + +## Cookbooks: + +* runit + +Attributes +========== + +The following are node attributes passed to the template for the runit +service. + +* `memcached['memory']` - maximum memory for memcached instances. +* `memcached['user']` - user to run memcached as. +* `memcached['port']` - port for memcached to listen on. +* `memcached['listen']` - IP address for memcached to listen on. + +Usage +===== + +Simply set the attributes and it will configure the +/etc/memcached.conf file. If you want to use multiple memcached +instances, you'll need to modify the recipe to disable the startup +script and the template in the default recipe. + +Use the define, memcached_instance, to set up a runit service for the +named memcached instance. + + memcached_instance "myproj" + +The recipe also reads in whether to start up memcached from a +/etc/default/memcached "ENABLE_MEMCACHED" setting, which is "yes" by +default. + +License and Author +================== + +Author:: Joshua Timberman () +Author:: Joshua Sierles () + +Copyright:: 2009-2012, Opscode, Inc +Copyright:: 2009, 37signals + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/attributes/default.rb new file mode 100644 index 000000000..f613acbd5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/attributes/default.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: memcached +# Attributes:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['memcached']['memory'] = 64 +default['memcached']['port'] = 11211 +default['memcached']['user'] = "nobody" +default['memcached']['listen'] = "0.0.0.0" +default['memcached']['maxconn'] = 1024 \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/definitions/memcached_instance.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/definitions/memcached_instance.rb new file mode 100644 index 000000000..31b6d6dad --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/definitions/memcached_instance.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: memcached +# Definition:: memcached_instance +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :memcached_instance do + include_recipe "runit" + include_recipe "memcached" + + opts = params + + runit_service "memcached-#{params[:name]}" do + run_template_name "memcached" + default_logger true + cookbook "memcached" + options({ + :memory => node['memcached']['memory'], + :port => node['memcached']['port'], + :user => node['memcached']['user']}.merge(opts) + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/metadata.rb new file mode 100644 index 000000000..f6d575898 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/metadata.rb @@ -0,0 +1,35 @@ +name "memcached" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs memcached and provides a define to set up an instance of memcache via runit" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.3.0" +depends "runit", "~> 1.0" +depends "yum" + +recipe "memcached", "Installs and configures memcached" + +%w{ ubuntu debian redhat fedora centos scientific amazon }.each do |os| + supports os +end + +attribute "memcached/memory", + :display_name => "Memcached Memory", + :description => "Memory allocated for memcached instance", + :default => "64" + +attribute "memcached/port", + :display_name => "Memcached Port", + :description => "Port to use for memcached instance", + :default => "11211" + +attribute "memcached/user", + :display_name => "Memcached User", + :description => "User to run memcached instance as", + :default => "nobody" + +attribute "memcached/listen", + :display_name => "Memcached IP Address", + :description => "IP address to use for memcached instance", + :default => "0.0.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/recipes/default.rb new file mode 100644 index 000000000..da1f6efa9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/recipes/default.rb @@ -0,0 +1,86 @@ +# +# Cookbook Name:: memcached +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# include epel on redhat/centos 5 and below in order to get the memcached packages +if node['platform_family'] == "rhel" and node['platform_version'].to_i < 6 + include_recipe "yum::epel" +end + +package "memcached" do + action :install +end + +package "libmemcache-dev" do + case node['platform_family'] + when "rhel", "fedora" + package_name "libmemcached-devel" + else + package_name "libmemcache-dev" + end + action :install +end + +service "memcached" do + action :nothing + supports :status => true, :start => true, :stop => true, :restart => true +end + +case node['platform_family'] +when "rhel", "fedora" + template "/etc/sysconfig/memcached" do + source "memcached.sysconfig.erb" + owner "root" + group "root" + mode 00644 + variables( + :listen => node['memcached']['listen'], + :user => node['memcached']['user'], + :port => node['memcached']['port'], + :maxconn => node['memcached']['maxconn'], + :memory => node['memcached']['memory'] + ) + notifies :restart, "service[memcached]" + end +else + template "/etc/memcached.conf" do + source "memcached.conf.erb" + owner "root" + group "root" + mode 00644 + variables( + :listen => node['memcached']['listen'], + :user => node['memcached']['user'], + :port => node['memcached']['port'], + :maxconn => node['memcached']['maxconn'], + :memory => node['memcached']['memory'] + ) + notifies :restart, "service[memcached]" + end +end + +case node['lsb']['codename'] +when "karmic" + template "/etc/default/memcached" do + source "memcached.default.erb" + owner "root" + group "root" + mode 00644 + notifies :restart, "service[memcached]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.conf.erb new file mode 100644 index 000000000..c8cdc9e6d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.conf.erb @@ -0,0 +1,50 @@ +# +# Configured by Chef. Local changes will be lost. +# +# memcached default config file +# 2003 - Jay Bonci +# This configuration file is read by the start-memcached script provided as +# part of the Debian GNU/Linux distribution. + +# Run memcached as a daemon. This command is implied, and is not needed for the +# daemon to run. See the README.Debian that comes with this package for more +# information. +-d + +# Log memcached's output to /var/log/memcached +logfile /var/log/memcached.log + +# Be verbose +-v + +# Be even more verbose (print client commands as well) +# -vv + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +-m <%= @memory %> + +# Default connection port is 11211 +-p <%= @port %> + +# Run the daemon as root. The start-memcached will default to running as root if no +# -u command is present in this config file +-u <%= @user %> + +# Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +-l <%= @listen %> + +# Limit the number of simultaneous incoming connections. The daemon default is 1024 +-c <%= @maxconn %> + +# Lock down all paged memory. Consult with the README and homepage before you do this +# -k + +# Return error when memory is exhausted (rather than removing items) +# -M + +# Maximize core file limit +# -r diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.default.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.default.erb new file mode 100644 index 000000000..96258c5aa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.default.erb @@ -0,0 +1,2 @@ +# Set this to yes to enable memcached. +ENABLE_MEMCACHED=yes diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.sysconfig.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.sysconfig.erb new file mode 100644 index 000000000..980c96bec --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/memcached.sysconfig.erb @@ -0,0 +1,13 @@ +# +# Configured by Chef. Local changes will be lost. +# +# "Javier Frias" +# +# centos sysconfig memcached default file +# + +PORT="<%= @port %>" +USER="<%= @user %>" +MAXCONN="<%= @maxconn %>" +CACHESIZE="<%= @memory %>" +OPTIONS="-l <%= @listen %>" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-run.erb new file mode 100644 index 000000000..53db97f90 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/templates/default/sv-memcached-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec chpst -u <%= @options[:user] %> /usr/bin/memcached -v -m <%= @options[:memory] %> -p <%= @options[:port] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/Kitchenfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/Kitchenfile new file mode 100644 index 000000000..893b43645 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/Kitchenfile @@ -0,0 +1,4 @@ +cookbook "memcached" do + configuration "default" + configuration "instance" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/Cheffile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/Cheffile new file mode 100644 index 000000000..f23ffe9ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/Cheffile @@ -0,0 +1 @@ +cookbook "runit", :git => "git://github.com/opscode-cookbooks/runit.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/README.md new file mode 100644 index 000000000..da45e2e02 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/README.md @@ -0,0 +1 @@ +This cookbook is used with test-kitchen to test the parent, memcached cookbok diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/metadata.rb new file mode 100644 index 000000000..8496cfce9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/metadata.rb @@ -0,0 +1,6 @@ +name "memcached" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "This cookbook is used with test-kitchen to test the parent, memcached cookbok" +version "1.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/default.rb new file mode 100644 index 000000000..22024f7e5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: memcached_test +# Recipe:: default +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "memcached::default" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/instance.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/instance.rb new file mode 100644 index 000000000..f7fe2aecf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/memcached/test/kitchen/cookbooks/memcached_test/recipes/instance.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: memcached_test +# Recipe:: instance +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "memcached::default" + +m = resources("service[memcached]") +m.action :stop + +memcached_instance "myproj" do + port 11212 + memory 128 +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/.kitchen.yml new file mode 100644 index 000000000..a7d5cb3ae --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/.kitchen.yml @@ -0,0 +1,45 @@ +--- +driver_plugin: vagrant +platforms: +- name: ubuntu-12.04 + driver_config: + box: canonical-ubuntu-12.04 + box_url: http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.0 + run_list: + - recipe[apt] +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-11.2.0.box + require_chef_omnibus: 11.4.0 + run_list: + - recipe[apt] +- name: centos-6.3 + driver_config: + box: opscode-centos-6.3 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.3_chef-11.2.0.box + require_chef_omnibus: 11.4.0 + run_list: + - recipe[yum::epel] +- name: centos-5.8 + driver_config: + box: opscode-centos-5.8 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.8_chef-11.2.0.box + require_chef_omnibus: 11.4.0 + run_list: + - recipe[yum::epel] +suites: +- name: client + run_list: + - recipe[mysql::client] + attributes: {} +- name: ruby + run_list: + - recipe[mysql::ruby] + attributes: {} +- name: server + run_list: + - recipe[minitest-handler] + - recipe[mysql_test::server] + attributes: {} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/Berksfile new file mode 100644 index 000000000..4b0944ba5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/Berksfile @@ -0,0 +1,11 @@ +site :opscode + +metadata + +group :integration do + cookbook "apt" + cookbook "yum" + + cookbook "mysql_test", :path => "../../../test/cookbooks/mysql_test" + cookbook "minitest-handler" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CHANGELOG.md new file mode 100644 index 000000000..ecbe67141 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CHANGELOG.md @@ -0,0 +1,154 @@ +## v3.0.0: + +**Note** This is a backwards incompatible version with previous + versions of the cookbook. Tickets that introduce incompatibility are + COOK-2615 and COOK-2617. + +* [COOK-2478] - Duplicate 'read_only' server attribute in base and tunable +* [COOK-2471] - Add tunable to set slave_compressed_protocol for reduced network traffic +* [COOK-1059] - Update attributes in mysql cookbook to support missing options for my.cnf usable by Percona +* [COOK-2590] - Typo in server recipe to do with conf_dir and confd_dir +* [COOK-2602] - Add `lower_case_table_names` tunable +* [COOK-2430] - Add a tunable to create a network ACL when allowing `remote_root_access` +* [COOK-2619] - mysql: isamchk deprecated +* [COOK-2515] - Better support for SUSE distribution for mysql cookbook +* [COOK-2557] - mysql::percona_repo attributes missing and key server typo +* [COOK-2614] - Duplicate `innodb_file_per_table` +* [COOK-2145] - MySQL cookbook should remove anonymous and password less accounts +* [COOK-2553] - Enable include directory in my.cnf template for any platform +* [COOK-2615] - Rename `key_buffer` to `key_buffer_size` +* [COOK-2626] - Percona repo URL is being constructed incorrectly +* [COOK-2616] - Unneeded attribute thread_cache +* [COOK-2618] - myisam-recover not using attribute value +* [COOK-2617] - open-files is a duplicate of open-files-limit + +## v2.1.2: + +* [COOK-2172] - Mysql cookbook duplicates `binlog_format` + configuration + +## v2.1.0: + +* [COOK-1669] - Using platform("ubuntu") in default attributes always + returns true +* [COOK-1694] - Added additional my.cnf fields and reorganized + cookbook to avoid race conditions with mysql startup and sql script + execution +* [COOK-1851] - Support server-id and binlog_format settings +* [COOK-1929] - Update msyql server attributes file because setting + attributes without specifying a precedence is deprecated +* [COOK-1999] - Add read_only tunable useful for replication slave + servers + +## v2.0.2: + +* [COOK-1967] - mysql: trailing comma in server.rb platform family + +## v2.0.0: + +**Important note for this release** + +Under Chef Solo, you must set the node attributes for the root, debian +and repl passwords or the run will completely fail. See COOK-1737 for +background on this. + +* [COOK-1390] - MySQL service cannot start after reboot +* [COOK-1610] - Set root password outside preseed (blocker for drop-in mysql + replacements) +* [COOK-1624] - Mysql cookbook fails to even compile on windows +* [COOK-1669] - Using platform("ubuntu") in default attributes always returns true +* [COOK-1686] - Add mysql service start +* [COOK-1687] - duplicate `innodb_buffer_pool_size` attribute +* [COOK-1704] - mysql cookbook fails spec tests when minitest-handler cookbook enabled +* [COOK-1737] - Fail a chef-solo run when `server_root_password`, + `server_debian_password`, and/or `server_repl_password` is not set +* [COOK-1769] - link to database recipe in mysql README goes to old opscode/cookbooks + repo instead of opscode-cookbook organization +* [COOK-1963] - use `platform_family` + +## v1.3.0: + +**Important note for this release** + +This version no longer installs Ruby bindings in the client recipe by +default. Use the ruby recipe if you'd like the RubyGem. If you'd like +packages from your distribution, use them in your application's +specific cookbook/recipe, or modify the client packages attribute. +This resolves the following tickets: + +* COOK-932 +* COOK-1009 +* COOK-1384 + +Additionally, this cookbook now has tests (COOK-1439) for use under +test-kitchen. + +The following issues are also addressed in this release. + +* [COOK-1443] - MySQL (>= 5.1.24) does not support `innodb_flush_method` + = fdatasync +* [COOK-1175] - Add Mac OS X support +* [COOK-1289] - handle additional tunable attributes +* [COOK-1305] - add auto-increment-increment and auto-increment-offset + attributes +* [COOK-1397] - make the port an attribute +* [COOK-1439] - Add MySQL cookbook tests for test-kitchen support +* [COOK-1236] - Move package names into attributes to allow percona to + free-ride +* [COOK-934] - remove deprecated mysql/libraries/database.rb, use the + database cookbook instead. +* [COOK-1475] - fix restart on config change + +## v1.2.6: + +* [COOK-1113] - Use an attribute to determine if upstart is used +* [COOK-1121] - Add support for Windows +* [COOK-1140] - Fix conf.d on Debian +* [COOK-1151] - Fix server_ec2 handling /var/lib/mysql bind mount +* [COOK-1321] - Document setting password attributes for solo + +## v1.2.4 + +* [COOK-992] - fix FATAL nameerror +* [COOK-827] - `mysql:server_ec2` recipe can't mount `data_dir` +* [COOK-945] - FreeBSD support + +## v1.2.2 + +* [COOK-826] mysql::server recipe doesn't quote password string +* [COOK-834] Add 'scientific' and 'amazon' platforms to mysql cookbook + +## v1.2.1 + +* [COOK-644] Mysql client cookbook 'package missing' error message is confusing +* [COOK-645] RHEL6/CentOS6 - mysql cookbook contains 'skip-federated' directive which is unsupported on MySQL 5.1 + +## v1.2.0 + +* [COOK-684] remove mysql_database LWRP + +## v1.0.8: + +* [COOK-633] ensure "cloud" attribute is available + +## v1.0.7: + +* [COOK-614] expose all mysql tunable settings in config +* [COOK-617] bind to private IP if available + +## v1.0.6: + +* [COOK-605] install mysql-client package on ubuntu/debian + +## v1.0.5: + +* [COOK-465] allow optional remote root connections to mysql +* [COOK-455] improve platform version handling +* externalize conf_dir attribute for easier cross platform support +* change datadir attribute to data_dir for consistency + +## v1.0.4: + +* fix regressions on debian platform +* [COOK-578] wrap root password in quotes +* [COOK-562] expose all tunables in my.cnf diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/README.md new file mode 100644 index 000000000..1a0856aec --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/README.md @@ -0,0 +1,250 @@ +Description +=========== + +Installs and configures MySQL client or server. + +Requirements +============ + +Chef 0.10.10+. + +Platform +-------- + +* Debian, Ubuntu +* CentOS, Red Hat, Fedora +* Mac OS X (Using homebrew) + +Tested on: + +* Debian 5.0, 6.0 +* Ubuntu 10.04-12.04 +* CentOS 5.5-5.8, 6.2-6.3 +* Mac OS X 10.7.2 + +See TESTING.md for information about running tests in Opscode's Test +Kitchen. + +Cookbooks +--------- + +Requires Opscode's openssl cookbook for secure password generation. +See _Attributes_ and _Usage_ for more information. + +The RubyGem installation in the `mysql::ruby` recipe requires a C +compiler and Ruby development headers to be installed in order to +build the mysql gem. + +Requires `homebrew` +[cookbook](http://community.opscode.com/cookbooks/homebrew) on Mac OS +X. + +Resources and Providers +======================= + +The LWRP that used to ship as part of this cookbook has been +refactored into the +[database](http://community.opscode.com/cookbooks/database) +cookbook. Please see the README for details on updated usage. + +Attributes +========== + +See the `attributes/server.rb` or `attributes/client.rb` for default +values. Several attributes have values that vary based on the node's +platform and version. + +* `node['mysql']['client']['packages']` - An array of package names + that should be installed on "client" systems. This can be modified, + e.g., to specify packages for Percona. +* `node['mysql']['server']['packages']` - An array of package names + that should be installed on "server" systems. This can be modified, + e.g., to specify packages for Percona. + +* `node['mysql']['auto-increment-increment']` - + auto-increment-increment value in my.cnf +* `node['mysql']['auto-increment-offset]` - auto-increment-offset + value in my.cnf +* `node['mysql']['basedir']` - Base directory where MySQL is installed +* `node['mysql']['bind_address']` - Listen address for MySQLd +* `node['mysql']['conf_dir']` - Location for mysql conf directory +* `node['mysql']['confd_dir']` - Location for mysql conf.d style + include directory +* `node['mysql']['data_dir']` - Location for mysql data directory +* `node['mysql']['ec2_path']` - location of mysql data_dir on EC2 + nodes +* `node['mysql']['grants_path']` - Path where the grants.sql should be + written +* `node['mysql']['mysqladmin_bin']` - Path to the mysqladmin binary +* `node['mysql']['old_passwords']` - Sets the `old_passwords` value in + my.cnf. +* `node['mysql']['pid_file']` - Path to the mysqld.pid file +* `node['mysql']['port']` - Liten port for MySQLd +* `node['mysql']['reload_action']` - Action to take when mysql conf + files are modified. Also allows "reload" and "none". +* `node['mysql']['root_group']` - The default group of the "root" user +* `node['mysql']['service_name']` - The name of the mysqld service +* `node['mysql']['socket']` - Path to the mysqld.sock file +* `node['mysql']['use_upstart']` - Whether to use upstart for the + service provider +* `mysql['root_network_acl']` - Set define the network the root user will be able to login from, default is nil + +Performance and other "tunable" attributes are under the +`node['mysql']['tunable']` attribute, corresponding to the same-named +parameter in my.cnf, and the default values are used. See +`attributes/server.rb`. + +By default, a MySQL installation has an anonymous user, allowing anyone +to log into MySQL without having to have a user account created for +them. This is intended only for testing, and to make the installation +go a bit smoother. You should remove them before moving into a +production environment. + +* `node['mysql']['remove_anonymous_users']` - Remove anonymous users + +Normally, root should only be allowed to connect from 'localhost'. This +ensures that someone cannot guess at the root password from the network. + +* `node['mysql']['allow_remote_root']` - If true Sets root access from '%'. If false deletes any non-localhost root users. + +By default, MySQL comes with a database named 'test' that anyone can +access. This is also intended only for testing, and should be removed +before moving into a production environment. This will also drop any user privileges to the test databae and any DB named test_% . + +* `node['mysql']['remove_test_database']` - Delete the test database and access to it. + +The following attributes are randomly generated passwords handled in +the `mysql::server` recipe, using the OpenSSL cookbook's +`secure_password` helper method. These are set using the `set_unless` +node attribute method, which allows them to be easily overridden e.g. +in a role. + +* `node['mysql']['server_root_password']` - Set the server's root + password +* `node['mysql']['server_repl_password']` - Set the replication user + 'repl' password +* `node['mysql']['server_debian_password']` - Set the debian-sys-maint + user password + +## Windows Specific + +The following attributes are specific to Windows platforms. + +* `node['mysql']['client']['version']` - The version of MySQL + connector to install. +* `node['mysql']['client']['arch']` - Force 32 bit to work with the + mysql gem +* `node['mysql']['client']['package_file']` - The MSI file for the + mysql connector. +* `node['mysql']['client']['url']` - URL to download the mysql + connector. +* `node['mysql']['client']['packages']` - Similar to other platforms, + this is the name of the client package. +* `node['mysql']['client']['basedir']` - Base installation location +* `node['mysql']['client']['lib_dir']` - Libraries under the base location +* `node['mysql']['client']['bin_dir']` - binary directory under base location +* `node['mysql']['client']['ruby_dir']` - location where the Ruby + binaries will be + +Usage +===== + +On client nodes, use the client (or default) recipe: + + { "run_list": ["recipe[mysql::client]"] } + +This will install the MySQL client libraries and development headers +on the system. + +On nodes which may use the `database` cookbook's mysql resources, also +use the ruby recipe. This installs the mysql RubyGem in the Ruby +environment Chef is using via `chef_gem`. + + { "run_list": ["recipe[mysql::client]", "recipe[mysql::ruby]"] } + +If you need to install the mysql Ruby library as a package for your +system, override the client packages attribute in your node or role. +For example, on an Ubuntu system: + + { + "mysql": { + "client": { + "packages": ["mysql-client", "libmysqlclient-dev","ruby-mysql"] + } + } + } + +This creates a resource object for the package and does the +installation before other recipes are parsed. You'll need to have the +C compiler and such (ie, build-essential on Ubuntu) before running the +recipes, but we already do that when installing Chef :-). + +On server nodes, use the server recipe: + + { "run_list": ["recipe[mysql::server]"] } + +On Debian and Ubuntu, this will preseed the mysql-server package with +the randomly generated root password in the recipe file. On other +platforms, it simply installs the required packages. It will also +create an SQL file, `/etc/mysql/grants.sql`, that will be used to set up +grants for the root, repl and debian-sys-maint users. + +The recipe will perform a `node.save` unless it is run under +`chef-solo` after the password attributes are used to ensure that in +the event of a failed run, the saved attributes would be used. + +On EC2 nodes, use the `server_ec2` recipe and the mysql data dir will +be set up in the ephmeral storage. + + { "run_list": ["recipe[mysql::server_ec2]"] } + +When the `ec2_path` doesn't exist we look for a mounted filesystem +(eg, EBS) and move the data_dir there. + +The client recipe is already included by server and 'default' recipes. + +For more infromation on the compile vs execution phase of a Chef run: + +* http://wiki.opscode.com/display/chef/Anatomy+of+a+Chef+Run + +Chef Solo Note +============== + +These node attributes are stored on the Chef +server when using `chef-client`. Because `chef-solo` does not +connect to a server or save the node object at all, to have the same +passwords persist across `chef-solo` runs, you must specify them in +the `json_attribs` file used. For example: + + { + "mysql": { + "server_root_password": "iloverandompasswordsbutthiswilldo", + "server_repl_password": "iloverandompasswordsbutthiswilldo", + "server_debian_password": "iloverandompasswordsbutthiswilldo" + }, + "run_list":["recipe[mysql::server]"] + } + +License and Author +================== + +- Author:: Joshua Timberman () +- Author:: AJ Christensen () +- Author:: Seth Chisamore () +- Author:: Brian Bianco () +- Author:: Jesse Howarth () +- Author:: Andrew Crump () + +Copyright:: 2009-2013 Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/TESTING.md new file mode 100644 index 000000000..062e9b9d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install berkshelf-vagrant + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/client.rb new file mode 100644 index 000000000..fcaa1da6a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/client.rb @@ -0,0 +1,52 @@ +# +# Cookbook Name:: mysql +# Attributes:: client +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Include Opscode helper in Node class to get access +# to debian_before_squeeze? and ubuntu_before_lucid? +::Chef::Node.send(:include, Opscode::Mysql::Helpers) + +case node['platform_family'] +when "rhel", "fedora" + default['mysql']['client']['packages'] = %w{mysql mysql-devel} +when "suse" + default['mysql']['client']['packages'] = %w{mysql-community-server-client libmysqlclient-devel} +when "debian" + if debian_before_squeeze? || ubuntu_before_lucid? + default['mysql']['client']['packages'] = %w{mysql-client libmysqlclient15-dev} + else + default['mysql']['client']['packages'] = %w{mysql-client libmysqlclient-dev} + end +when "freebsd" + default['mysql']['client']['packages'] = %w{mysql55-client} +when "windows" + default['mysql']['client']['version'] = "6.0.2" + default['mysql']['client']['arch'] = "win32" # force 32 bit to work with mysql gem + default['mysql']['client']['package_file'] = "mysql-connector-c-#{mysql['client']['version']}-#{mysql['client']['arch']}.msi" + default['mysql']['client']['url'] = "http://www.mysql.com/get/Downloads/Connector-C/#{mysql['client']['package_file']}/from/http://mysql.mirrors.pair.com/" + default['mysql']['client']['packages'] = ["MySQL Connector C #{mysql['client']['version']}"] + + default['mysql']['client']['basedir'] = "#{ENV['SYSTEMDRIVE']}\\Program Files (x86)\\MySQL\\#{mysql['client']['packages'].first}" + default['mysql']['client']['lib_dir'] = "#{mysql['client']['basedir']}\\lib/opt" + default['mysql']['client']['bin_dir'] = "#{mysql['client']['basedir']}\\bin" + default['mysql']['client']['ruby_dir'] = RbConfig::CONFIG['bindir'] +when "mac_os_x" + default['mysql']['client']['packages'] = %w{mysql-connector-c} +else + default['mysql']['client']['packages'] = %w{mysql-client libmysqlclient-dev} +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/percona_repo.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/percona_repo.rb new file mode 100644 index 000000000..80650a680 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/percona_repo.rb @@ -0,0 +1,3 @@ +default['mysql']['percona']['apt_key_id'] = 'CD2EFD2A' +default['mysql']['percona']['apt_uri'] = "http://repo.percona.com/apt" +default['mysql']['percona']['apt_keyserver'] = "keys.gnupg.net" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/server.rb new file mode 100644 index 000000000..baf601cdd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/attributes/server.rb @@ -0,0 +1,255 @@ +# +# Cookbook Name:: mysql +# Attributes:: server +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['mysql']['bind_address'] = attribute?('cloud') ? cloud['local_ipv4'] : ipaddress +default['mysql']['port'] = 3306 +default['mysql']['nice'] = 0 + +case node["platform_family"] +when "debian" + default['mysql']['server']['packages'] = %w{mysql-server} + default['mysql']['service_name'] = "mysql" + default['mysql']['basedir'] = "/usr" + default['mysql']['data_dir'] = "/var/lib/mysql" + default['mysql']['root_group'] = "root" + default['mysql']['mysqladmin_bin'] = "/usr/bin/mysqladmin" + default['mysql']['mysql_bin'] = "/usr/bin/mysql" + + default['mysql']['conf_dir'] = '/etc/mysql' + default['mysql']['confd_dir'] = '/etc/mysql/conf.d' + default['mysql']['socket'] = "/var/run/mysqld/mysqld.sock" + default['mysql']['pid_file'] = "/var/run/mysqld/mysqld.pid" + default['mysql']['old_passwords'] = 0 + default['mysql']['grants_path'] = "/etc/mysql/grants.sql" +when "rhel", "fedora" + if node["mysql"]["version"].to_f >= 5.5 + default['mysql']['service_name'] = "mysql" + default['mysql']['pid_file'] = "/var/run/mysql/mysql.pid" + else + default['mysql']['service_name'] = "mysqld" + default['mysql']['pid_file'] = "/var/run/mysqld/mysqld.pid" + end + default['mysql']['server']['packages'] = %w{mysql-server} + default['mysql']['basedir'] = "/usr" + default['mysql']['data_dir'] = "/var/lib/mysql" + default['mysql']['root_group'] = "root" + default['mysql']['mysqladmin_bin'] = "/usr/bin/mysqladmin" + default['mysql']['mysql_bin'] = "/usr/bin/mysql" + + default['mysql']['conf_dir'] = '/etc' + default['mysql']['confd_dir'] = '/etc/mysql/conf.d' + default['mysql']['socket'] = "/var/lib/mysql/mysql.sock" + default['mysql']['old_passwords'] = 1 + default['mysql']['grants_path'] = "/etc/mysql_grants.sql" + # RHEL/CentOS mysql package does not support this option. + default['mysql']['tunable']['innodb_adaptive_flushing'] = false +when "suse" + default['mysql']['service_name'] = "mysql" + default['mysql']['server']['packages'] = %w{mysql-community-server} + default['mysql']['basedir'] = "/usr" + default['mysql']['data_dir'] = "/var/lib/mysql" + default['mysql']['root_group'] = "root" + default['mysql']['mysqladmin_bin'] = "/usr/bin/mysqladmin" + default['mysql']['mysql_bin'] = "/usr/bin/mysql" + default['mysql']['conf_dir'] = '/etc' + default['mysql']['confd_dir'] = '/etc/mysql/conf.d' + default['mysql']['socket'] = "/var/run/mysql/mysql.sock" + default['mysql']['pid_file'] = "/var/run/mysql/mysqld.pid" + default['mysql']['old_passwords'] = 1 + default['mysql']['grants_path'] = "/etc/mysql_grants.sql" +when "freebsd" + default['mysql']['server']['packages'] = %w{mysql55-server} + default['mysql']['service_name'] = "mysql-server" + default['mysql']['basedir'] = "/usr/local" + default['mysql']['data_dir'] = "/var/db/mysql" + default['mysql']['root_group'] = "wheel" + default['mysql']['mysqladmin_bin'] = "/usr/local/bin/mysqladmin" + default['mysql']['mysql_bin'] = "/usr/local/bin/mysql" + + default['mysql']['conf_dir'] = '/usr/local/etc' + default['mysql']['confd_dir'] = '/usr/local/etc/mysql/conf.d' + default['mysql']['socket'] = "/tmp/mysqld.sock" + default['mysql']['pid_file'] = "/var/run/mysqld/mysqld.pid" + default['mysql']['old_passwords'] = 0 + default['mysql']['grants_path'] = "/var/db/mysql/grants.sql" +when "windows" + default['mysql']['server']['packages'] = ["MySQL Server 5.5"] + default['mysql']['version'] = '5.5.21' + default['mysql']['arch'] = 'win32' + default['mysql']['package_file'] = "mysql-#{mysql['version']}-#{mysql['arch']}.msi" + default['mysql']['url'] = "http://www.mysql.com/get/Downloads/MySQL-5.5/#{mysql['package_file']}/from/http://mysql.mirrors.pair.com/" + + default['mysql']['service_name'] = "mysql" + default['mysql']['basedir'] = "#{ENV['SYSTEMDRIVE']}\\Program Files (x86)\\MySQL\\#{mysql['server']['packages'].first}" + default['mysql']['data_dir'] = "#{node['mysql']['basedir']}\\Data" + default['mysql']['bin_dir'] = "#{node['mysql']['basedir']}\\bin" + default['mysql']['mysqladmin_bin'] = "#{node['mysql']['bin_dir']}\\mysqladmin" + default['mysql']['mysql_bin'] = "#{node['mysql']['bin_dir']}\\mysql" + + default['mysql']['conf_dir'] = node['mysql']['basedir'] + default['mysql']['old_passwords'] = 0 + default['mysql']['grants_path'] = "#{node['mysql']['conf_dir']}\\grants.sql" +when "mac_os_x" + default['mysql']['server']['packages'] = %w{mysql} + default['mysql']['basedir'] = "/usr/local/Cellar" + default['mysql']['data_dir'] = "/usr/local/var/mysql" + default['mysql']['root_group'] = "admin" + default['mysql']['mysqladmin_bin'] = "/usr/local/bin/mysqladmin" + default['mysql']['mysql_bin'] = "/usr/local/bin/mysql" +else + default['mysql']['server']['packages'] = %w{mysql-server} + default['mysql']['service_name'] = "mysql" + default['mysql']['basedir'] = "/usr" + default['mysql']['data_dir'] = "/var/lib/mysql" + default['mysql']['root_group'] = "root" + default['mysql']['mysqladmin_bin'] = "/usr/bin/mysqladmin" + default['mysql']['mysql_bin'] = "/usr/bin/mysql" + + default['mysql']['conf_dir'] = '/etc/mysql' + default['mysql']['confd_dir'] = '/etc/mysql/conf.d' + default['mysql']['socket'] = "/var/run/mysqld/mysqld.sock" + default['mysql']['pid_file'] = "/var/run/mysqld/mysqld.pid" + default['mysql']['old_passwords'] = 0 + default['mysql']['grants_path'] = "/etc/mysql/grants.sql" +end + +if attribute?('ec2') + default['mysql']['ec2_path'] = "/mnt/mysql" + default['mysql']['ebs_vol_dev'] = "/dev/sdi" + default['mysql']['ebs_vol_size'] = 50 +end + +default['mysql']['reload_action'] = "restart" # or "reload" or "none" + +default['mysql']['use_upstart'] = node['platform'] == "ubuntu" && node['platform_version'].to_f >= 10.04 + +default['mysql']['auto-increment-increment'] = 1 +default['mysql']['auto-increment-offset'] = 1 + +default['mysql']['allow_remote_root'] = false +default['mysql']['remove_anonymous_users'] = false +default['mysql']['remove_test_database'] = false +default['mysql']['root_network_acl'] = nil +default['mysql']['tunable']['character-set-server'] = "utf8" +default['mysql']['tunable']['collation-server'] = "utf8_general_ci" +default['mysql']['tunable']['lower_case_table_names'] = nil +default['mysql']['tunable']['back_log'] = "128" +default['mysql']['tunable']['key_buffer_size'] = "256M" +default['mysql']['tunable']['myisam_sort_buffer_size'] = "8M" +default['mysql']['tunable']['myisam_max_sort_file_size'] = "2147483648" +default['mysql']['tunable']['myisam_repair_threads'] = "1" +default['mysql']['tunable']['myisam-recover'] = "BACKUP" +default['mysql']['tunable']['max_allowed_packet'] = "16M" +default['mysql']['tunable']['max_connections'] = "800" +default['mysql']['tunable']['max_connect_errors'] = "10" +default['mysql']['tunable']['concurrent_insert'] = "2" +default['mysql']['tunable']['connect_timeout'] = "10" +default['mysql']['tunable']['tmp_table_size'] = "32M" +default['mysql']['tunable']['max_heap_table_size'] = node['mysql']['tunable']['tmp_table_size'] +default['mysql']['tunable']['bulk_insert_buffer_size'] = node['mysql']['tunable']['tmp_table_size'] +default['mysql']['tunable']['net_read_timeout'] = "30" +default['mysql']['tunable']['net_write_timeout'] = "30" +default['mysql']['tunable']['table_cache'] = "128" + +default['mysql']['tunable']['thread_cache_size'] = 8 +default['mysql']['tunable']['thread_concurrency'] = 10 +default['mysql']['tunable']['thread_stack'] = "256K" +default['mysql']['tunable']['sort_buffer_size'] = "2M" +default['mysql']['tunable']['read_buffer_size'] = "128k" +default['mysql']['tunable']['read_rnd_buffer_size'] = "256k" +default['mysql']['tunable']['join_buffer_size'] = "128k" +default['mysql']['tunable']['wait_timeout'] = "180" +default['mysql']['tunable']['open-files-limit'] = "1024" + +default['mysql']['tunable']['sql_mode'] = nil + +default['mysql']['tunable']['skip-character-set-client-handshake'] = false +default['mysql']['tunable']['skip-name-resolve'] = false + +default['mysql']['tunable']['slave_compressed_protocol'] = 0 + +default['mysql']['tunable']['server_id'] = nil +default['mysql']['tunable']['log_bin'] = nil +default['mysql']['tunable']['log_bin_trust_function_creators'] = false + +default['mysql']['tunable']['relay_log'] = nil +default['mysql']['tunable']['relay_log_index'] = nil +default['mysql']['tunable']['log_slave_updates'] = false + +default['mysql']['tunable']['sync_binlog'] = 0 +default['mysql']['tunable']['skip_slave_start'] = false +default['mysql']['tunable']['read_only'] = false + +default['mysql']['tunable']['log_error'] = nil +default['mysql']['tunable']['log_warnings'] = false +default['mysql']['tunable']['log_queries_not_using_index'] = true +default['mysql']['tunable']['log_bin_trust_function_creators'] = false + +default['mysql']['tunable']['innodb_log_file_size'] = "5M" +default['mysql']['tunable']['innodb_buffer_pool_size'] = "128M" +default['mysql']['tunable']['innodb_buffer_pool_instances'] = "4" +default['mysql']['tunable']['innodb_additional_mem_pool_size'] = "8M" +default['mysql']['tunable']['innodb_data_file_path'] = "ibdata1:10M:autoextend" +default['mysql']['tunable']['innodb_flush_method'] = false +default['mysql']['tunable']['innodb_log_buffer_size'] = "8M" +default['mysql']['tunable']['innodb_write_io_threads'] = "4" +default['mysql']['tunable']['innodb_io_capacity'] = "200" +default['mysql']['tunable']['innodb_file_per_table'] = true +default['mysql']['tunable']['innodb_lock_wait_timeout'] = "60" +if node['cpu'].nil? or node['cpu']['total'].nil? + default['mysql']['tunable']['innodb_thread_concurrency'] = "8" + default['mysql']['tunable']['innodb_commit_concurrency'] = "8" + default['mysql']['tunable']['innodb_read_io_threads'] = "8" + default['mysql']['tunable']['innodb_flush_log_at_trx_commit'] = "8" +else + default['mysql']['tunable']['innodb_thread_concurrency'] = "#{(Integer(node['cpu']['total'])) * 2}" + default['mysql']['tunable']['innodb_commit_concurrency'] = "#{(Integer(node['cpu']['total'])) * 2}" + default['mysql']['tunable']['innodb_read_io_threads'] = "#{(Integer(node['cpu']['total'])) * 2}" + default['mysql']['tunable']['innodb_flush_log_at_trx_commit'] = "#{(Integer(node['cpu']['total'])) * 2}" +end +default['mysql']['tunable']['innodb_support_xa'] = true +default['mysql']['tunable']['innodb_table_locks'] = true +default['mysql']['tunable']['skip-innodb-doublewrite'] = false + +default['mysql']['tunable']['transaction-isolation'] = nil + +default['mysql']['tunable']['query_cache_limit'] = "1M" +default['mysql']['tunable']['query_cache_size'] = "16M" + +default['mysql']['tunable']['log_slow_queries'] = "/var/log/mysql/slow.log" +default['mysql']['tunable']['slow_query_log'] = node['mysql']['tunable']['log_slow_queries'] # log_slow_queries is deprecated + # in favor of slow_query_log +default['mysql']['tunable']['long_query_time'] = 2 + +default['mysql']['tunable']['expire_logs_days'] = 10 +default['mysql']['tunable']['max_binlog_size'] = "100M" +default['mysql']['tunable']['binlog_cache_size'] = "32K" + +default['mysql']['tmpdir'] = ["/tmp"] + +default['mysql']['log_dir'] = node['mysql']['data_dir'] +default['mysql']['log_files_in_group'] = false +default['mysql']['innodb_status_file'] = false + +unless node['platform_family'] && node['platform_version'].to_i < 6 + # older RHEL platforms don't support these options + default['mysql']['tunable']['event_scheduler'] = 0 + default['mysql']['tunable']['table_open_cache'] = "128" + default['mysql']['tunable']['binlog_format'] = "statement" if node['mysql']['tunable']['log_bin'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/libraries/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/libraries/helpers.rb new file mode 100644 index 000000000..40adcfce1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/libraries/helpers.rb @@ -0,0 +1,33 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Opscode + module Mysql + module Helpers + + def debian_before_squeeze? + (node['platform'] == "debian") && (node['platform_version'].to_f < 6.0) + end + + def ubuntu_before_lucid? + (node['platform'] == "ubuntu") && (node['platform_version'].to_f < 10.0) + end + + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.json new file mode 100644 index 000000000..06bd71a30 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.json @@ -0,0 +1,418 @@ +{ + "name": "mysql", + "description": "Installs and configures mysql for client or server", + "long_description": "Description\n===========\n\nInstalls and configures MySQL client or server.\n\nRequirements\n============\n\nChef 0.10.10+.\n\nPlatform\n--------\n\n* Debian, Ubuntu\n* CentOS, Red Hat, Fedora\n* Mac OS X (Using homebrew)\n\nTested on:\n\n* Debian 5.0, 6.0\n* Ubuntu 10.04-12.04\n* CentOS 5.5-5.8, 6.2-6.3\n* Mac OS X 10.7.2\n\nSee TESTING.md for information about running tests in Opscode's Test\nKitchen.\n\nCookbooks\n---------\n\nRequires Opscode's openssl cookbook for secure password generation.\nSee _Attributes_ and _Usage_ for more information.\n\nThe RubyGem installation in the `mysql::ruby` recipe requires a C\ncompiler and Ruby development headers to be installed in order to\nbuild the mysql gem.\n\nRequires `homebrew`\n[cookbook](http://community.opscode.com/cookbooks/homebrew) on Mac OS\nX.\n\nResources and Providers\n=======================\n\nThe LWRP that used to ship as part of this cookbook has been\nrefactored into the\n[database](http://community.opscode.com/cookbooks/database)\ncookbook. Please see the README for details on updated usage.\n\nAttributes\n==========\n\nSee the `attributes/server.rb` or `attributes/client.rb` for default\nvalues. Several attributes have values that vary based on the node's\nplatform and version.\n\n* `node['mysql']['client']['packages']` - An array of package names\n that should be installed on \"client\" systems. This can be modified,\n e.g., to specify packages for Percona.\n* `node['mysql']['server']['packages']` - An array of package names\n that should be installed on \"server\" systems. This can be modified,\n e.g., to specify packages for Percona.\n\n* `node['mysql']['auto-increment-increment']` -\n auto-increment-increment value in my.cnf\n* `node['mysql']['auto-increment-offset]` - auto-increment-offset\n value in my.cnf\n* `node['mysql']['basedir']` - Base directory where MySQL is installed\n* `node['mysql']['bind_address']` - Listen address for MySQLd\n* `node['mysql']['conf_dir']` - Location for mysql conf directory\n* `node['mysql']['confd_dir']` - Location for mysql conf.d style\n include directory\n* `node['mysql']['data_dir']` - Location for mysql data directory\n* `node['mysql']['ec2_path']` - location of mysql data_dir on EC2\n nodes\n* `node['mysql']['grants_path']` - Path where the grants.sql should be\n written\n* `node['mysql']['mysqladmin_bin']` - Path to the mysqladmin binary\n* `node['mysql']['old_passwords']` - Sets the `old_passwords` value in\n my.cnf.\n* `node['mysql']['pid_file']` - Path to the mysqld.pid file\n* `node['mysql']['port']` - Liten port for MySQLd\n* `node['mysql']['reload_action']` - Action to take when mysql conf\n files are modified. Also allows \"reload\" and \"none\".\n* `node['mysql']['root_group']` - The default group of the \"root\" user\n* `node['mysql']['service_name']` - The name of the mysqld service\n* `node['mysql']['socket']` - Path to the mysqld.sock file\n* `node['mysql']['use_upstart']` - Whether to use upstart for the\n service provider\n* `mysql['root_network_acl']` - Set define the network the root user will be able to login from, default is nil\n\nPerformance and other \"tunable\" attributes are under the\n`node['mysql']['tunable']` attribute, corresponding to the same-named\nparameter in my.cnf, and the default values are used. See\n`attributes/server.rb`.\n\nBy default, a MySQL installation has an anonymous user, allowing anyone\nto log into MySQL without having to have a user account created for\nthem. This is intended only for testing, and to make the installation\ngo a bit smoother. You should remove them before moving into a\nproduction environment.\n\n* `node['mysql']['remove_anonymous_users']` - Remove anonymous users\n\nNormally, root should only be allowed to connect from 'localhost'. This\nensures that someone cannot guess at the root password from the network.\n\n* `node['mysql']['allow_remote_root']` - If true Sets root access from '%'. If false deletes any non-localhost root users.\n\nBy default, MySQL comes with a database named 'test' that anyone can\naccess. This is also intended only for testing, and should be removed\nbefore moving into a production environment. This will also drop any user privileges to the test databae and any DB named test_% .\n\n* `node['mysql']['remove_test_database']` - Delete the test database and access to it.\n\nThe following attributes are randomly generated passwords handled in\nthe `mysql::server` recipe, using the OpenSSL cookbook's\n`secure_password` helper method. These are set using the `set_unless`\nnode attribute method, which allows them to be easily overridden e.g.\nin a role.\n\n* `node['mysql']['server_root_password']` - Set the server's root\n password\n* `node['mysql']['server_repl_password']` - Set the replication user\n 'repl' password\n* `node['mysql']['server_debian_password']` - Set the debian-sys-maint\n user password\n\n## Windows Specific\n\nThe following attributes are specific to Windows platforms.\n\n* `node['mysql']['client']['version']` - The version of MySQL\n connector to install.\n* `node['mysql']['client']['arch']` - Force 32 bit to work with the\n mysql gem\n* `node['mysql']['client']['package_file']` - The MSI file for the\n mysql connector.\n* `node['mysql']['client']['url']` - URL to download the mysql\n connector.\n* `node['mysql']['client']['packages']` - Similar to other platforms,\n this is the name of the client package.\n* `node['mysql']['client']['basedir']` - Base installation location\n* `node['mysql']['client']['lib_dir']` - Libraries under the base location\n* `node['mysql']['client']['bin_dir']` - binary directory under base location\n* `node['mysql']['client']['ruby_dir']` - location where the Ruby\n binaries will be\n\nUsage\n=====\n\nOn client nodes, use the client (or default) recipe:\n\n { \"run_list\": [\"recipe[mysql::client]\"] }\n\nThis will install the MySQL client libraries and development headers\non the system.\n\nOn nodes which may use the `database` cookbook's mysql resources, also\nuse the ruby recipe. This installs the mysql RubyGem in the Ruby\nenvironment Chef is using via `chef_gem`.\n\n { \"run_list\": [\"recipe[mysql::client]\", \"recipe[mysql::ruby]\"] }\n\nIf you need to install the mysql Ruby library as a package for your\nsystem, override the client packages attribute in your node or role.\nFor example, on an Ubuntu system:\n\n {\n \"mysql\": {\n \"client\": {\n \"packages\": [\"mysql-client\", \"libmysqlclient-dev\",\"ruby-mysql\"]\n }\n }\n }\n\nThis creates a resource object for the package and does the\ninstallation before other recipes are parsed. You'll need to have the\nC compiler and such (ie, build-essential on Ubuntu) before running the\nrecipes, but we already do that when installing Chef :-).\n\nOn server nodes, use the server recipe:\n\n { \"run_list\": [\"recipe[mysql::server]\"] }\n\nOn Debian and Ubuntu, this will preseed the mysql-server package with\nthe randomly generated root password in the recipe file. On other\nplatforms, it simply installs the required packages. It will also\ncreate an SQL file, `/etc/mysql/grants.sql`, that will be used to set up\ngrants for the root, repl and debian-sys-maint users.\n\nThe recipe will perform a `node.save` unless it is run under\n`chef-solo` after the password attributes are used to ensure that in\nthe event of a failed run, the saved attributes would be used.\n\nOn EC2 nodes, use the `server_ec2` recipe and the mysql data dir will\nbe set up in the ephmeral storage.\n\n { \"run_list\": [\"recipe[mysql::server_ec2]\"] }\n\nWhen the `ec2_path` doesn't exist we look for a mounted filesystem\n(eg, EBS) and move the data_dir there.\n\nThe client recipe is already included by server and 'default' recipes.\n\nFor more infromation on the compile vs execution phase of a Chef run:\n\n* http://wiki.opscode.com/display/chef/Anatomy+of+a+Chef+Run\n\nChef Solo Note\n==============\n\nThese node attributes are stored on the Chef\nserver when using `chef-client`. Because `chef-solo` does not\nconnect to a server or save the node object at all, to have the same\npasswords persist across `chef-solo` runs, you must specify them in\nthe `json_attribs` file used. For example:\n\n {\n \"mysql\": {\n \"server_root_password\": \"iloverandompasswordsbutthiswilldo\",\n \"server_repl_password\": \"iloverandompasswordsbutthiswilldo\",\n \"server_debian_password\": \"iloverandompasswordsbutthiswilldo\"\n },\n \"run_list\":[\"recipe[mysql::server]\"]\n }\n\nLicense and Author\n==================\n\n- Author:: Joshua Timberman ()\n- Author:: AJ Christensen ()\n- Author:: Seth Chisamore ()\n- Author:: Brian Bianco ()\n- Author:: Jesse Howarth ()\n- Author:: Andrew Crump ()\n\nCopyright:: 2009-2013 Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "centos": ">= 0.0.0", + "suse": ">= 0.0.0", + "fedora": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "amazon": ">= 0.0.0", + "freebsd": ">= 0.0.0", + "windows": ">= 0.0.0", + "mac_os_x": ">= 0.0.0" + }, + "dependencies": { + "openssl": ">= 1.0.0", + "build-essential": ">= 0.0.0" + }, + "recommendations": { + }, + "suggestions": { + "homebrew": ">= 0.0.0", + "windows": ">= 0.0.0" + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + "mysql/server_root_password": { + "display_name": "MySQL Server Root Password", + "description": "Randomly generated password for the mysqld root user", + "default": "randomly generated", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/bind_address": { + "display_name": "MySQL Bind Address", + "description": "Address that mysqld should listen on", + "default": "ipaddress", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/data_dir": { + "display_name": "MySQL Data Directory", + "description": "Location of mysql databases", + "default": "/var/lib/mysql", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/conf_dir": { + "display_name": "MySQL Conf Directory", + "description": "Location of mysql conf files", + "default": "/etc/mysql", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/ec2_path": { + "display_name": "MySQL EC2 Path", + "description": "Location of mysql directory on EC2 instance EBS volumes", + "default": "/mnt/mysql", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/reload_action": { + "display_name": "MySQL conf file reload action", + "description": "Action to take when mysql conf files are modified", + "default": "reload", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable": { + "display_name": "MySQL Tunables", + "description": "Hash of MySQL tunable attributes", + "type": "hash", + "choice": [ + + ], + "calculated": false, + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/key_buffer": { + "display_name": "MySQL Tuntable Key Buffer", + "default": "250M", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/max_connections": { + "display_name": "MySQL Tunable Max Connections", + "default": "800", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/wait_timeout": { + "display_name": "MySQL Tunable Wait Timeout", + "default": "180", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/net_read_timeout": { + "display_name": "MySQL Tunable Net Read Timeout", + "default": "30", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/net_write_timeout": { + "display_name": "MySQL Tunable Net Write Timeout", + "default": "30", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/back_log": { + "display_name": "MySQL Tunable Back Log", + "default": "128", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/table_cache": { + "display_name": "MySQL Tunable Table Cache for MySQL < 5.1.3", + "default": "128", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/table_open_cache": { + "display_name": "MySQL Tunable Table Cache for MySQL >= 5.1.3", + "default": "128", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/max_heap_table_size": { + "display_name": "MySQL Tunable Max Heap Table Size", + "default": "32M", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/expire_logs_days": { + "display_name": "MySQL Exipre Log Days", + "default": "10", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/tunable/max_binlog_size": { + "display_name": "MySQL Max Binlog Size", + "default": "100M", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client": { + "display_name": "MySQL Connector/C Client", + "description": "Hash of MySQL client attributes", + "type": "hash", + "choice": [ + + ], + "calculated": false, + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/version": { + "display_name": "MySQL Connector/C Version", + "default": "6.0.2", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/arch": { + "display_name": "MySQL Connector/C Architecture", + "default": "win32", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/package_file": { + "display_name": "MySQL Connector/C Package File Name", + "default": "mysql-connector-c-6.0.2-win32.msi", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/url": { + "display_name": "MySQL Connector/C Download URL", + "default": "http://www.mysql.com/get/Downloads/Connector-C/mysql-connector-c-6.0.2-win32.msi/from/http://mysql.mirrors.pair.com/", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/package_name": { + "display_name": "MySQL Connector/C Registry DisplayName", + "default": "MySQL Connector C 6.0.2", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/basedir": { + "display_name": "MySQL Connector/C Base Install Directory", + "default": "C:\\Program Files (x86)\\MySQL\\Connector C 6.0.2", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/lib_dir": { + "display_name": "MySQL Connector/C Library Directory (containing libmysql.dll)", + "default": "C:\\Program Files (x86)\\MySQL\\Connector C 6.0.2\\lib\\opt", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/bin_dir": { + "display_name": "MySQL Connector/C Executable Directory", + "default": "C:\\Program Files (x86)\\MySQL\\Connector C 6.0.2\\bin", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + }, + "mysql/client/ruby_dir": { + "display_name": "Ruby Executable Directory which should gain MySQL support", + "default": "system ruby", + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional", + "recipes": [ + + ] + } + }, + "groupings": { + }, + "recipes": { + "mysql": "Includes the client recipe to configure a client", + "mysql::client": "Installs packages required for mysql clients using run_action magic", + "mysql::server": "Installs packages required for mysql servers w/o manual intervention", + "mysql::server_ec2": "Performs EC2-specific mountpoint manipulation" + }, + "version": "3.0.0" +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.rb new file mode 100644 index 000000000..0ca246fb8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/metadata.rb @@ -0,0 +1,140 @@ +name "mysql" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures mysql for client or server" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "3.0.0" +recipe "mysql", "Includes the client recipe to configure a client" +recipe "mysql::client", "Installs packages required for mysql clients using run_action magic" +recipe "mysql::server", "Installs packages required for mysql servers w/o manual intervention" +recipe "mysql::server_ec2", "Performs EC2-specific mountpoint manipulation" + +%w{ debian ubuntu centos suse fedora redhat scientific amazon freebsd windows mac_os_x }.each do |os| + supports os +end + +depends "openssl" +depends "build-essential" +suggests "homebrew" +suggests "windows" + +attribute "mysql/server_root_password", + :display_name => "MySQL Server Root Password", + :description => "Randomly generated password for the mysqld root user", + :default => "randomly generated" + +attribute "mysql/bind_address", + :display_name => "MySQL Bind Address", + :description => "Address that mysqld should listen on", + :default => "ipaddress" + +attribute "mysql/data_dir", + :display_name => "MySQL Data Directory", + :description => "Location of mysql databases", + :default => "/var/lib/mysql" + +attribute "mysql/conf_dir", + :display_name => "MySQL Conf Directory", + :description => "Location of mysql conf files", + :default => "/etc/mysql" + +attribute "mysql/ec2_path", + :display_name => "MySQL EC2 Path", + :description => "Location of mysql directory on EC2 instance EBS volumes", + :default => "/mnt/mysql" + +attribute "mysql/reload_action", + :display_name => "MySQL conf file reload action", + :description => "Action to take when mysql conf files are modified", + :default => "reload" + +attribute "mysql/tunable", + :display_name => "MySQL Tunables", + :description => "Hash of MySQL tunable attributes", + :type => "hash" + +attribute "mysql/tunable/key_buffer", + :display_name => "MySQL Tuntable Key Buffer", + :default => "250M" + +attribute "mysql/tunable/max_connections", + :display_name => "MySQL Tunable Max Connections", + :default => "800" + +attribute "mysql/tunable/wait_timeout", + :display_name => "MySQL Tunable Wait Timeout", + :default => "180" + +attribute "mysql/tunable/net_read_timeout", + :display_name => "MySQL Tunable Net Read Timeout", + :default => "30" + +attribute "mysql/tunable/net_write_timeout", + :display_name => "MySQL Tunable Net Write Timeout", + :default => "30" + +attribute "mysql/tunable/back_log", + :display_name => "MySQL Tunable Back Log", + :default => "128" + +attribute "mysql/tunable/table_cache", + :display_name => "MySQL Tunable Table Cache for MySQL < 5.1.3", + :default => "128" + +attribute "mysql/tunable/table_open_cache", + :display_name => "MySQL Tunable Table Cache for MySQL >= 5.1.3", + :default => "128" + +attribute "mysql/tunable/max_heap_table_size", + :display_name => "MySQL Tunable Max Heap Table Size", + :default => "32M" + +attribute "mysql/tunable/expire_logs_days", + :display_name => "MySQL Exipre Log Days", + :default => "10" + +attribute "mysql/tunable/max_binlog_size", + :display_name => "MySQL Max Binlog Size", + :default => "100M" + +attribute "mysql/client", + :display_name => "MySQL Connector/C Client", + :description => "Hash of MySQL client attributes", + :type => "hash" + +attribute "mysql/client/version", + :display_name => "MySQL Connector/C Version", + :default => "6.0.2" + +attribute "mysql/client/arch", + :display_name => "MySQL Connector/C Architecture", + :default => "win32" + +attribute "mysql/client/package_file", + :display_name => "MySQL Connector/C Package File Name", + :default => "mysql-connector-c-6.0.2-win32.msi" + +attribute "mysql/client/url", + :display_name => "MySQL Connector/C Download URL", + :default => "http://www.mysql.com/get/Downloads/Connector-C/mysql-connector-c-6.0.2-win32.msi/from/http://mysql.mirrors.pair.com/" + +attribute "mysql/client/package_name", + :display_name => "MySQL Connector/C Registry DisplayName", + :default => "MySQL Connector C 6.0.2" + +attribute "mysql/client/basedir", + :display_name => "MySQL Connector/C Base Install Directory", + :default => "C:\\Program Files (x86)\\MySQL\\Connector C 6.0.2" + +attribute "mysql/client/lib_dir", + :display_name => "MySQL Connector/C Library Directory (containing libmysql.dll)", + :default => "C:\\Program Files (x86)\\MySQL\\Connector C 6.0.2\\lib\\opt" + +attribute "mysql/client/bin_dir", + :display_name => "MySQL Connector/C Executable Directory", + :default => "C:\\Program Files (x86)\\MySQL\\Connector C 6.0.2\\bin" + +attribute "mysql/client/ruby_dir", + :display_name => "Ruby Executable Directory which should gain MySQL support", + :default => "system ruby" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/client.rb new file mode 100644 index 000000000..91787e7b0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/client.rb @@ -0,0 +1,59 @@ +# +# Cookbook Name:: mysql +# Recipe:: client +# +# Copyright 2008-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Include Opscode helper in Recipe class to get access +# to debian_before_squeeze? and ubuntu_before_lucid? +::Chef::Recipe.send(:include, Opscode::Mysql::Helpers) + +case node['platform'] +when "windows" + package_file = node['mysql']['client']['package_file'] + remote_file "#{Chef::Config[:file_cache_path]}/#{package_file}" do + source node['mysql']['client']['url'] + not_if { File.exists? "#{Chef::Config[:file_cache_path]}/#{package_file}" } + end + + windows_package node['mysql']['client']['packages'].first do + source "#{Chef::Config[:file_cache_path]}/#{package_file}" + end + windows_path node['mysql']['client']['bin_dir'] do + action :add + end + def package(*args, &blk) + windows_package(*args, &blk) + end +when "mac_os_x" + include_recipe 'homebrew' +end + +node['mysql']['client']['packages'].each do |mysql_pack| + package mysql_pack do + action :install + end +end + +if platform? 'windows' + ruby_block "copy libmysql.dll into ruby path" do + block do + require 'fileutils' + FileUtils.cp "#{node['mysql']['client']['lib_dir']}\\libmysql.dll", node['mysql']['client']['ruby_dir'] + end + not_if { File.exist?("#{node['mysql']['client']['ruby_dir']}\\libmysql.dll") } + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/default.rb new file mode 100644 index 000000000..9ff90d6ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: mysql +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "mysql::client" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/percona_repo.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/percona_repo.rb new file mode 100644 index 000000000..f629e79da --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/percona_repo.rb @@ -0,0 +1,48 @@ +# +# Cookbook Name:: mysql +# Recipe:: percona_repo +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +case node['platform'] +when "ubuntu", "debian" + include_recipe "apt" + apt_repository "percona" do + uri node['mysql']['percona']['apt_uri'] + distribution node['lsb']['codename'] + components [ "main" ] + keyserver node['mysql']['percona']['apt_keyserver'] + key node['mysql']['percona']['apt_key_id'] + action :add + end +when "centos", "amazon", "redhat" + include_recipe "yum" + yum_key "RPM-GPG-KEY-percona" do + url "http://www.percona.com/downloads/RPM-GPG-KEY-percona" + action :add + end + arch = node['kernel']['machine'] + arch = "i386" unless arch == "x86_64" + pversion = node['platform_version'].split('.').first + yum_repository "percona" do + repo_name "Percona" + description "Percona Repo" + url "http://repo.percona.com/centos/#{pversion}/os/#{arch}/" + key "RPM-GPG-KEY-percona" + action :add + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/ruby.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/ruby.rb new file mode 100644 index 000000000..f44d49b7e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/ruby.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: mysql +# Recipe:: ruby +# +# Author:: Jesse Howarth () +# Author:: Jamie Winsor () +# +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +execute "apt-get update" do + ignore_failure true + action :nothing +end.run_action(:run) if node['platform_family'] == "debian" + +node.set['build_essential']['compiletime'] = true +include_recipe "build-essential" +include_recipe "mysql::client" + +node['mysql']['client']['packages'].each do |mysql_pack| + resources("package[#{mysql_pack}]").run_action(:install) +end + +chef_gem "mysql" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server.rb new file mode 100644 index 000000000..5a4b3fc6d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server.rb @@ -0,0 +1,221 @@ +# +# Cookbook Name:: mysql +# Recipe:: default +# +# Copyright 2008-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) + +include_recipe "mysql::client" + +if Chef::Config[:solo] + missing_attrs = %w{ + server_debian_password server_root_password server_repl_password + }.select do |attr| + node["mysql"][attr].nil? + end.map { |attr| "node['mysql']['#{attr}']" } + + if !missing_attrs.empty? + Chef::Application.fatal!([ + "You must set #{missing_attrs.join(', ')} in chef-solo mode.", + "For more information, see https://github.com/opscode-cookbooks/mysql#chef-solo-note" + ].join(' ')) + end +else + # generate all passwords + node.set_unless['mysql']['server_debian_password'] = secure_password + node.set_unless['mysql']['server_root_password'] = secure_password + node.set_unless['mysql']['server_repl_password'] = secure_password + node.save +end + +if platform_family?(%w{debian}) + + directory "/var/cache/local/preseeding" do + owner "root" + group node['mysql']['root_group'] + mode 0755 + recursive true + end + + execute "preseed mysql-server" do + command "debconf-set-selections /var/cache/local/preseeding/mysql-server.seed" + action :nothing + end + + template "/var/cache/local/preseeding/mysql-server.seed" do + source "mysql-server.seed.erb" + owner "root" + group node['mysql']['root_group'] + mode "0600" + notifies :run, "execute[preseed mysql-server]", :immediately + end + + template "#{node['mysql']['conf_dir']}/debian.cnf" do + source "debian.cnf.erb" + owner "root" + group node['mysql']['root_group'] + mode "0600" + end + +end + +if platform_family?('windows') + package_file = node['mysql']['package_file'] + + remote_file "#{Chef::Config[:file_cache_path]}/#{package_file}" do + source node['mysql']['url'] + not_if { File.exists? "#{Chef::Config[:file_cache_path]}/#{package_file}" } + end + + windows_package node['mysql']['server']['packages'].first do + source "#{Chef::Config[:file_cache_path]}/#{package_file}" + end + + def package(*args, &blk) + windows_package(*args, &blk) + end +end + +node['mysql']['server']['packages'].each do |package_name| + package package_name do + action :install + notifies :start, "service[mysql]", :immediately + end +end + +unless platform_family?(%w{mac_os_x}) + + [File.dirname(node['mysql']['pid_file']), + File.dirname(node['mysql']['tunable']['slow_query_log']), + node['mysql']['conf_dir'], + node['mysql']['confd_dir'], + node['mysql']['log_dir'], + node['mysql']['data_dir']].each do |directory_path| + directory directory_path do + owner "mysql" unless platform? 'windows' + group "mysql" unless platform? 'windows' + action :create + recursive true + end + end + + if platform_family? 'windows' + require 'win32/service' + + windows_path node['mysql']['bin_dir'] do + action :add + end + + windows_batch "install mysql service" do + command "\"#{node['mysql']['bin_dir']}\\mysqld.exe\" --install #{node['mysql']['service_name']}" + not_if { Win32::Service.exists?(node['mysql']['service_name']) } + end + end + + skip_federated = case node['platform'] + when 'fedora', 'ubuntu', 'amazon' + true + when 'centos', 'redhat', 'scientific' + node['platform_version'].to_f < 6.0 + else + false + end +end + +# Homebrew has its own way to do databases +if platform_family?(%w{mac_os_x}) + execute "mysql-install-db" do + command "mysql_install_db --verbose --user=`whoami` --basedir=\"$(brew --prefix mysql)\" --datadir=#{node['mysql']['data_dir']} --tmpdir=/tmp" + environment('TMPDIR' => nil) + action :run + creates "#{node['mysql']['data_dir']}/mysql" + end +else + execute 'mysql-install-db' do + command "mysql_install_db" + action :run + not_if { File.exists?(node['mysql']['data_dir'] + '/mysql/user.frm') } + end + + service "mysql" do + service_name node['mysql']['service_name'] + if node['mysql']['use_upstart'] + provider Chef::Provider::Service::Upstart + end + supports :status => true, :restart => true, :reload => true + action :enable + end +end + +# set the root password for situations that don't support pre-seeding. +# (eg. platforms other than debian/ubuntu & drop-in mysql replacements) +execute "assign-root-password" do + command "\"#{node['mysql']['mysqladmin_bin']}\" -u root password \"#{node['mysql']['server_root_password']}\"" + action :run + only_if "\"#{node['mysql']['mysql_bin']}\" -u root -e 'show databases;'" +end + +unless platform_family?(%w{mac_os_x}) + grants_path = node['mysql']['grants_path'] + + begin + t = resources("template[#{grants_path}]") + rescue + Chef::Log.info("Could not find previously defined grants.sql resource") + t = template grants_path do + source "grants.sql.erb" + owner "root" unless platform_family? 'windows' + group node['mysql']['root_group'] unless platform_family? 'windows' + mode "0600" + action :create + end + end + + if platform_family? 'windows' + windows_batch "mysql-install-privileges" do + command "\"#{node['mysql']['mysql_bin']}\" -u root #{node['mysql']['server_root_password'].empty? ? '' : '-p' }\"#{node['mysql']['server_root_password']}\" < \"#{grants_path}\"" + action :nothing + subscribes :run, resources("template[#{grants_path}]"), :immediately + end + else + execute "mysql-install-privileges" do + command %Q["#{node['mysql']['mysql_bin']}" -u root #{node['mysql']['server_root_password'].empty? ? '' : '-p' }"#{node['mysql']['server_root_password']}" < "#{grants_path}"] + action :nothing + subscribes :run, resources("template[#{grants_path}]"), :immediately + end + end + + template "#{node['mysql']['conf_dir']}/my.cnf" do + source "my.cnf.erb" + owner "root" unless platform? 'windows' + group node['mysql']['root_group'] unless platform? 'windows' + mode "0644" + case node['mysql']['reload_action'] + when 'restart' + notifies :restart, "service[mysql]", :immediately + when 'reload' + notifies :reload, "service[mysql]", :immediately + else + Chef::Log.info "my.cnf updated but mysql.reload_action is #{node['mysql']['reload_action']}. No action taken." + end + variables :skip_federated => skip_federated + end + + service "mysql" do + action :start + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server_ec2.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server_ec2.rb new file mode 100644 index 000000000..6033ef430 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/recipes/server_ec2.rb @@ -0,0 +1,51 @@ +# +# Cookbook Name:: mysql +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +if (node.attribute?('ec2') && ! FileTest.directory?(node['mysql']['ec2_path'])) + + service "mysql" do + action :stop + end + + execute "install-mysql" do + command "mv #{node['mysql']['data_dir']} #{node['mysql']['ec2_path']}" + not_if do FileTest.directory?(node['mysql']['ec2_path']) end + end + + [node['mysql']['ec2_path'], node['mysql']['data_dir']].each do |dir| + directory dir do + owner "mysql" + group "mysql" + end + end + + mount node['mysql']['data_dir'] do + device node['mysql']['ec2_path'] + fstype "none" + options "bind,rw" + action [:mount, :enable] + end + + service "mysql" do + action :start + end + +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/debian.cnf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/debian.cnf.erb new file mode 100644 index 000000000..989b1257d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/debian.cnf.erb @@ -0,0 +1,12 @@ +[client] +host = localhost +user = debian-sys-maint +password = <%= node['mysql']['server_debian_password'] %> +socket = <%= node['mysql']['socket'] %> + +[mysql_upgrade] +host = localhost +user = debian-sys-maint +password = <%= node['mysql']['server_debian_password'] %> +socket = <%= node['mysql']['socket'] %> +basedir = /usr diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/grants.sql.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/grants.sql.erb new file mode 100644 index 000000000..f697fe20b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/grants.sql.erb @@ -0,0 +1,34 @@ +# Generated by Chef for <%= node['hostname'] %>. +# Local modifications will be overwritten. + +<% case node['platform_family'] -%> +<% when "debian" -%> +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '<%= node['mysql']['server_debian_password'] %>' WITH GRANT OPTION; +<% end -%> +# Grant replication for a slave user. +GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%' identified by '<%= node['mysql']['server_repl_password'] %>'; + +# Set the server root password. This should be preseeded by the package installation. +<% if node['mysql']['allow_remote_root'] -%> +GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY '<%= node['mysql']['server_root_password'] %>' WITH GRANT OPTION; +<% else %> +DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); +<% end -%> +UPDATE mysql.user SET Password=PASSWORD('<%= node['mysql']['server_root_password'] %>') WHERE User='root'; + +# Remove anonymous users +<% if node['mysql']['remove_anonymous_users'] -%> +DELETE FROM mysql.user WHERE User=''; +<% end -%> + +# Remove test database and access to it +<% if node['mysql']['remove_test_database'] -%> +DROP DATABASE test; +DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'; +<% end -%> +SET PASSWORD FOR 'root'@'localhost' = PASSWORD('<%= node['mysql']['server_root_password'] %>'); + +# allow root to connect from a remote network if root_network_acl is not nil +<% if node['mysql']['root_network_acl'] -%> +SET PASSWORD FOR 'root'@'<%= node['mysql']['root_network_acl'] %>' = PASSWORD('<%= node['mysql']['server_root_password'] %>'); +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/my.cnf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/my.cnf.erb new file mode 100644 index 000000000..1022976a2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/my.cnf.erb @@ -0,0 +1,317 @@ +# +# Generated by Chef for <%= node['hostname'] %> +# +# Local modifications will be overwritten. +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# escpecially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +[client] +port = <%= node['mysql']['port'] %> +socket = <%= node['mysql']['socket'] %> + +# Here is entries for some specific programs +# The following values assume you have at least 32M ram + +# This was formally known as [safe_mysqld]. Both versions are currently parsed. +[mysqld_safe] +socket = <%= node['mysql']['socket'] %> +nice = <%= node['mysql']['nice'] %> + +[mysqld] +# +# * Basic Settings +# + +# +# * IMPORTANT +# If you make changes to these settings and your system uses apparmor, you may +# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld. +# + +user = mysql +pid-file = <%= node['mysql']['pid_file'] %> +socket = <%= node['mysql']['socket'] %> +port = <%= node['mysql']['port'] %> +basedir = <%= node['mysql']['basedir'] %> +datadir = <%= node['mysql']['data_dir'] %> +tmpdir = <%= node['mysql']['tmpdir'].join(':') %> +skip-external-locking +<%- if node['mysql']['tunable']['skip-name-resolve'] %> +skip-name-resolve +<%- end %> + +# Charset and Collation +character-set-server = <%= node['mysql']['tunable']['character-set-server'] %> +collation-server = <%= node['mysql']['tunable']['collation-server'] %> +<%- if node['mysql']['tunable']['lower_case_table_names'] %> +lower_case_table_names = <%= node['mysql']['tunable']['lower_case_table_names'] %> +<%- end %> +<%- if node['mysql']['tunable']['event_scheduler'] %> +event_scheduler = <%= node['mysql']['tunable']['event_scheduler'] %> +<%- end %> +<%- if node['mysql']['tunable']['skip-character-set-client-handshake'] %> +skip-character-set-client-handshake +<%- end %> +<%- if (node['mysql']['tunable']['lc_messages_dir'] && node['mysql']['tunable']['lc_messages']) %> +lc_messages_dir = <%= node['mysql']['lc_messages_dir'] %> +lc_messages = <%= node['mysql']['lc_messages'] %> +<%- elsif (node['mysql']['tunable']['languages']) %> +languages = <%= node['mysql']['tunable']['languages'] %> +<%- end %> + +# +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +bind-address = <%= node['mysql']['bind_address'] %> +# +# * Fine Tuning +# +key_buffer_size = <%= node['mysql']['tunable']['key_buffer_size'] %> +max_allowed_packet = <%= node['mysql']['tunable']['max_allowed_packet'] %> +thread_stack = <%= node['mysql']['tunable']['thread_stack'] %> +thread_cache_size = <%= node['mysql']['tunable']['thread_cache_size'] %> +sort_buffer_size = <%= node['mysql']['tunable']['sort_buffer_size'] %> +read_buffer_size = <%= node['mysql']['tunable']['read_buffer_size'] %> +read_rnd_buffer_size = <%= node['mysql']['tunable']['read_rnd_buffer_size'] %> +join_buffer_size = <%= node['mysql']['tunable']['join_buffer_size'] %> + +auto-increment-increment = <%= node['mysql']['auto-increment-increment'] %> +auto-increment-offset = <%= node['mysql']['auto-increment-offset'] %> + +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam-recover = <%= node['mysql']['tunable']['myisam-recover'] %> +max_connections = <%= node['mysql']['tunable']['max_connections'] %> +max_connect_errors = <%= node['mysql']['tunable']['max_connect_errors'] %> +concurrent_insert = <%= node['mysql']['tunable']['concurrent_insert'] %> +connect_timeout = <%= node['mysql']['tunable']['connect_timeout'] %> +wait_timeout = <%= node['mysql']['tunable']['wait_timeout'] %> +net_read_timeout = <%= node['mysql']['tunable']['net_read_timeout'] %> +net_write_timeout = <%= node['mysql']['tunable']['net_write_timeout'] %> +back_log = <%= node['mysql']['tunable']['back_log'] %> +table_cache = <%= node['mysql']['tunable']['table_cache'] %> +<%- if node['mysql']['tunable']['table_open_cache'] %> +table_open_cache = <%= node['mysql']['tunable']['table_open_cache'] %> +<%- end %> +tmp_table_size = <%= node['mysql']['tunable']['tmp_table_size'] %> +max_heap_table_size = <%= node['mysql']['tunable']['max_heap_table_size'] %> +bulk_insert_buffer_size = <%= node['mysql']['tunable']['bulk_insert_buffer_size'] %> +open-files-limit = <%= node['mysql']['tunable']['open-files-limit'] %> + +# Default Table Settings +<%- if node['mysql']['tunable']['sql_mode'] %> +sql_mode = "<%= node['mysql']['tunable']['sql_mode'] %>" +<%- end %> + +# +# * Query Cache Configuration +# +query_cache_limit = <%= node['mysql']['tunable']['query_cache_limit'] %> +query_cache_size = <%= node['mysql']['tunable']['query_cache_size'] %> +# +# * Logging +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +#log = /var/log/mysql/mysql.log +# +# Error logging goes to syslog. This is a Debian improvement :) +<%- if node['mysql']['tunable']['log_error'] %> +log_error = <%= node['mysql']['tunable']['log_error'] %> +<%- end %> +<%- if node['mysql']['tunable']['log_warnings'] %> +log_warnings +<%- end %> +# +# * Replication +# + + +# +# Here you can see queries with especially long duration +<%- if node['mysql']['version'].to_f >= 5.5 %> +slow_query_log = <%= node['mysql']['tunable']['slow_query_log'] %> +<% else %> +log_slow_queries = <%= node['mysql']['tunable']['slow_query_log'] %> +<% end %> + +long_query_time = <%= node['mysql']['tunable']['long_query_time'] %> +<%- if node['mysql']['tunable']['log_queries_not_using_index'] and node['mysql']['slow_query_log'] %> +log-queries-not-using-indexes +<%- end %> +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +<%- if node['mysql']['tunable']['server_id'] %> +server-id = <%= node['mysql']['tunable']['server_id'] %> +<% end %> +<%- if node['mysql']['tunable']['log_bin'] %> +log_bin = <%= node['mysql']['tunable']['log_bin'] %> +<%- if node['mysql']['tunable']['log_bin'] %> +binlog_format = <%= node['mysql']['tunable']['binlog_format'] %> +<%- end %> +log_slave_updates = <%= node['mysql']['tunable']['log_slave_updates'] %> +<%- end %> +<%- if node['mysql']['tunable']['log_bin_trust_function_creators'] %> +log_bin_trust_function_creators +<%- end %> +expire_logs_days = <%= node['mysql']['tunable']['expire_logs_days'] %> +max_binlog_size = <%= node['mysql']['tunable']['max_binlog_size'] %> +binlog_cache_size = <%= node['mysql']['tunable']['binlog_cache_size'] %> +#binlog_do_db = include_database_name +#binlog_ignore_db = include_database_name +<%- if node['mysql']['tunable']['relay_log'] %> +relay_log = <%= node['mysql']['tunable']['relay_log'] %> +<%- end %> +<%- if node['mysql']['tunable']['relay_log_index'] %> +relay_log_index = <%= node['mysql']['tunable']['relay_log_index'] %> +<%- end %> + +sync_binlog = <%= node['mysql']['tunable']['sync_binlog'] %> +<%- if node['mysql']['tunable']['skip_slave_start'] %> +skip_slave_start +<%- end %> +<%- if node['mysql']['tunable']['read_only'] %> +read_only = 1 +<%- end %> + +<%- if node['mysql']['tunable']['transaction-isolation'] %> +transaction-isolation = <%= node['mysql']['tunable']['transaction-isolation'] %> +<%- end %> + +<%- if node['mysql']['tunable']['slave_compressed_protocol'] %> +slave_compressed_protocol = <%= node['mysql']['tunable']['slave_compressed_protocol'] %> +<%- end %> +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! +# You might want to disable InnoDB to shrink the mysqld process by circa 100MB. +#skip-innodb + +<%- if node["mysql"]["version"].to_f >= 5.5 %> +innodb_write_io_threads = <%= node['mysql']['tunable']['innodb_write_io_threads'] %> +innodb_io_capacity = <%= node['mysql']['tunable']['innodb_io_capacity'] %> +innodb_read_io_threads = <%= node['mysql']['tunable']['innodb_read_io_threads'] %> +innodb_buffer_pool_instances = <%= node['mysql']['tunable']['innodb_buffer_pool_instances'] %> +<%- end %> + +## InnoDB Plugin Independent Settings +innodb_data_home_dir = <%= node['mysql']['data_dir'] %> +innodb_log_group_home_dir = <%= node['mysql']['log_dir'] %> +<%- if node['mysql']['log_files_in_group'] %> +innodb_log_files_in_group = <%= node['mysql']['log_files_in_group'] %> +<%- end %> + +<%- if node['mysql']['innodb_status_file'] %> +innodb_status_file +<%- end %> +<%- if node['mysql']['tunable']['innodb_file_per_table'] %> +innodb_file_per_table +<%- end %> +innodb_table_locks = <%= node['mysql']['tunable']['innodb_table_locks'] %> +innodb_lock_wait_timeout = <%= node['mysql']['tunable']['innodb_lock_wait_timeout'] %> +innodb_thread_concurrency = <%= node['mysql']['tunable']['innodb_thread_concurrency'] %> +innodb_commit_concurrency = <%= node['mysql']['tunable']['innodb_commit_concurrency'] %> +innodb_support_xa = <%= node['mysql']['tunable']['innodb_support_xa'] %> +<%- if node['mysql']['tunable']['skip-innodb-doublewrite'] %> +skip-innodb-doublewrite +<%- end %> + +innodb_buffer_pool_size = <%= node['mysql']['tunable']['innodb_buffer_pool_size'] %> +innodb_log_file_size = <%= node['mysql']['tunable']['innodb_log_file_size'] %> +innodb_additional_mem_pool_size = <%= node['mysql']['tunable']['innodb_additional_mem_pool_size'] %> +innodb_data_file_path = <%= node['mysql']['tunable']['innodb_data_file_path'] %> +innodb_flush_log_at_trx_commit = <%= node['mysql']['tunable']['innodb_flush_log_at_trx_commit'] %> +<%- if node['mysql']['tunable']['innodb_flush_method'] %> +innodb_flush_method = <%= node['mysql']['tunable']['innodb_flush_method'] %> +<%- end %> +innodb_log_buffer_size = <%= node['mysql']['tunable']['innodb_log_buffer_size'] %> +<%- if node['mysql']['tunable']['innodb_adaptive_flushing'] %> +innodb_adaptive_flushing = <%= node['mysql']['tunable']['innodb_adaptive_flushing'] %> +<%- end %> + +<% if @skip_federated %> +# +# * Federated +# +# The FEDERATED storage engine is disabled since 5.0.67 by default in the .cnf files +# shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so forth). +# +skip-federated +<% end %> +# +# * Security Features +# +# Read the manual, too, if you want chroot! +# chroot = /var/lib/mysql/ +# +# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". +# +# ssl-ca=/etc/mysql/cacert.pem +# ssl-cert=/etc/mysql/server-cert.pem +# ssl-key=/etc/mysql/server-key.pem + +[mysqldump] +quick +quote-names +max_allowed_packet = <%= node['mysql']['tunable']['max_allowed_packet'] %> + +[mysql] +#no-auto-rehash # faster start of mysql but no tab completition + +[myisamchk] +key_buffer = <%= node['mysql']['tunable']['max_allowed_packet'] %> + +myisam_sort_buffer_size = <%= node['mysql']['tunable']['myisam_sort_buffer_size'] %> +myisam_max_sort_file_size = <%= node['mysql']['tunable']['myisam_max_sort_file_size'] %> +myisam_repair_threads = <%= node['mysql']['tunable']['myisam_repair_threads'] %> +myisam-recover = <%= node['mysql']['tunable']['myisam-recover'] %> + +# +# * NDB Cluster +# +# See /usr/share/doc/mysql-server-*/README.Debian for more information. +# +# The following configuration is read by the NDB Data Nodes (ndbd processes) +# not from the NDB Management Nodes (ndb_mgmd processes). +# +# [MYSQL_CLUSTER] +# ndb-connectstring=127.0.0.1 + +<% case node['platform_family'] -%> +<% when "rhel", "fedora", "suse" -%> +# +# * BerkeleyDB +# +# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12. +skip-bdb +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords = <%= node['mysql']['old_passwords'] %> +<% end -%> + +<% if node['mysql']['confd_dir'] -%> +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# +!includedir <%= node['mysql']['confd_dir'] %>/ +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/mysql-server.seed.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/mysql-server.seed.erb new file mode 100644 index 000000000..a5a74f0b3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/mysql-server.seed.erb @@ -0,0 +1,10 @@ +mysql-server-5.0 mysql-server/root_password_again select <%= node['mysql']['server_root_password'] %> +mysql-server-5.0 mysql-server/root_password select <%= node['mysql']['server_root_password'] %> +mysql-server-5.0 mysql-server-5.0/really_downgrade boolean false +mysql-server-5.0 mysql-server-5.0/need_sarge_compat boolean false +mysql-server-5.0 mysql-server-5.0/start_on_boot boolean true +mysql-server-5.0 mysql-server/error_setting_password boolean false +mysql-server-5.0 mysql-server-5.0/nis_warning note +mysql-server-5.0 mysql-server-5.0/postrm_remove_databases boolean false +mysql-server-5.0 mysql-server/password_mismatch boolean false +mysql-server-5.0 mysql-server-5.0/need_sarge_compat_done boolean true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/port_mysql.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/port_mysql.erb new file mode 100644 index 000000000..55a2ffccf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/default/port_mysql.erb @@ -0,0 +1,3 @@ +# MySQL +-A FWR -p tcp -m tcp --dport 3306 -j ACCEPT +-A FWR -p udp -m udp --dport 3306 -j ACCEPT \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/windows/my.cnf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/windows/my.cnf.erb new file mode 100644 index 000000000..f0550c1ac --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/mysql/templates/windows/my.cnf.erb @@ -0,0 +1,61 @@ +# +# Generated by Chef for <%= node['hostname'] %> +# +# Local modifications will be overwritten. +# +# The MySQL database server configuration file. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# escpecially if they contain "#" chars... +[client] +port = 3306 + +[mysql] +default-character-set = latin1 + +[mysqld] +# +# * Basic Settings +# +port = 3306 +basedir = <%= node['mysql']['basedir'] %> +datadir = <%= node['mysql']['data_dir'] %> +character-set-server = latin1 +default-storage-engine = INNODB +sql-mode = "STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" + +# +# * Fine Tuning +# +thread_cache_size = <%= node['mysql']['tunable']['thread_cache_size'] %> +max_connections = <%= node['mysql']['tunable']['max_connections'] %> +table_cache = <%= node['mysql']['tunable']['table_cache'] %> +query_cache_size = <%= node['mysql']['tunable']['query_cache_size'] %> +tmp_table_size = 5M +myisam_max_sort_file_size = 100G +myisam_sort_buffer_size = 8M +key_buffer_size = 8M +read_buffer_size = 64K +read_rnd_buffer_size = 256K +sort_buffer_size = 212K + +# +# * InnoDB +# +# Read the manual for more InnoDB related options. There are many! +# You might want to disable InnoDB to shrink the mysqld process by circa 100MB. +# +innodb_additional_mem_pool_size = 2M +innodb_flush_log_at_trx_commit = 1 +innodb_log_buffer_size = 1M +innodb_buffer_pool_size = <%= node['mysql']['tunable']['innodb_buffer_pool_size'] %> +innodb_log_file_size = 10M +innodb_thread_concurrency = 8 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.kitchen.yml new file mode 100644 index 000000000..740265101 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.kitchen.yml @@ -0,0 +1,48 @@ +--- +driver_plugin: vagrant +driver_config: + require_chef_omnibus: true + customize: + memory: 512 + cpus: 4 +platforms: +- name: ubuntu-12.04 + driver_config: + box: opscode-ubuntu-12.04 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/boxes/opscode-ubuntu-12.04.box + run_list: + - recipe[apt] +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/boxes/opscode-ubuntu-10.04.box + run_list: + - recipe[apt] +- name: centos-6.3 + driver_config: + box: opscode-centos-6.3 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/boxes/opscode-centos-6.3.box +- name: centos-5.8 + driver_config: + box: opscode-centos-5.8 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/boxes/opscode-centos-5.8.box +suites: +- name: package + run_list: + - recipe[nodejs] + attributes: + nodejs: + install_method: package +- name: binary + run_list: + - recipe[nodejs] + attributes: + nodejs: + install_method: binary +- name: source + run_list: + - recipe[nodejs] + - recipe[nodejs::npm] + attributes: + nodejs: + install_method: source diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.travis.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.travis.yml new file mode 100644 index 000000000..dc5e438a0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/.travis.yml @@ -0,0 +1,6 @@ +language: ruby +gemfile: +- test/support/Gemfile +rvm: +- 1.9.3 +script: bundle exec rake foodcritic diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Berksfile new file mode 100644 index 000000000..8496a59d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Berksfile @@ -0,0 +1,5 @@ +site :opscode +metadata + +cookbook 'apt', '~> 1.7.0' +cookbook 'build-essential' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/CHANGELOG.md new file mode 100644 index 000000000..54701f4ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/CHANGELOG.md @@ -0,0 +1,56 @@ +## v1.3.0 + * update default versions to the latest: node - v0.10.15 and npm - v1.3.5 + * default to package installation of nodejs on smartos ([@wanelo-pair][]) + * Add Raspberry pi support ([@robertkowalski][]) + +## v1.2.0 + * implement installation from package on RedHat - ([@vaskas][]) + +## v1.1.3: + * update default version of node to 0.10.13 - and npm - v1.3.4 ([@jodosha][]) + +## v1.1.2: + * update default version of node to 0.10.2 - ([@bakins][]) + * fully migrated to test-kitchen 1.alpha and vagrant 1.1.x/berkshelf 1.3.1 + +## v1.1.1: + * update default versions to the latest: node - v0.10.0 and npm - v1.2.14 + * `make_thread` is now a real attribute - ([@ChrisLundquist][]) + + +## v1.1.0: + * rewrite the package install; remove rpm support since there are no longer any packages available anywhere + * add support to install `legacy_packages` from ubuntu repo as well as the latest 0.10.x branch (this is default). + +## v1.0.4: + * add support for binary installation method ([@JulesAU][]) + +## v1.0.3: + - unreleased + +## v1.0.2: + * add smartos support for package install ([@sax][]) + * support to compile with all processors available (default 2 if unknown) - ([@ChrisLundquist][]) + * moved to `platform_family` syntax + * ensure npm recipe honours the 'source' or 'package' setting - ([@markbirbeck][]) + * updated the default versions to the latest stable node/npm + +## v1.0.1: + + * fixed bug that prevented overwritting the node/npm versions (moved the `src_url`s as local variables instead of attributes) - ([@johannesbecker][]) + * updated the default versions to the latest node/npm + +## v1.0.0: + +* added packages installation support ([@smith][]) + +[@JulesAU]: https://github.com/JulesAU +[@sax]: https://github.com/sax +[@ChrisLundquist]: https://github.com/ChrisLundquist +[@markbirbeck]: https://github.com/markbirbeck +[@johannesbecker]: https://github.com/johannesbecker +[@smith]: https://github.com/smith +[@bakins]: https://github.com/bakins +[@vaskas]: https://github.com/vaskas +[@robertkowalski]: https://github.com/robertkowalski +[@wanelo-pair]: https://github.com/wanelo-pair diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Gemfile new file mode 100644 index 000000000..5840424da --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Gemfile @@ -0,0 +1,10 @@ +source 'https://rubygems.org' + +gem 'foodcritic' +gem 'thor-foodcritic' + +group :integration do + gem 'berkshelf' + gem 'test-kitchen', '~> 1.0.0.beta' + gem 'kitchen-vagrant', '~> 0.11.0' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/README.md new file mode 100644 index 000000000..3fcd7d11f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/README.md @@ -0,0 +1,80 @@ +# nodejs-cookbook [![Build Status](https://secure.travis-ci.org/mdxp/nodejs-cookbook.png)](http://travis-ci.org/mdxp/nodejs-cookbook) + +DESCRIPTION +=========== + +Installs Node.JS + +REQUIREMENTS +============ + + +## Platform + +* Tested on Debian 6 and Ubuntu 10.04 +* Should work fine on Centos, RHEL, etc. + +## Cookbooks: + +* build-essential +* apt + +Opscode cookbooks (http://github.com/opscode/cookbooks/tree/master) + +ATTRIBUTES +========== + +* nodejs['install_method'] = source or package +* nodejs['version'] - release version of node to install +* nodejs['src_url'] - download location for node source tarball +* nodejs['dir'] - location where node will be installed, default /usr/local +* nodejs['npm'] - version of npm to install +* nodejs['npm_src_url'] - download location for npm source tarball +* nodejs['check_sha'] - test for valid sha_sum, default: true + +USAGE +===== + +Include the nodejs recipe to install node on your system based on the default installation method: + +* include_recipe "nodejs" + +Include the install_from_source recipe to install node from sources: + +* include_recipe "nodejs::install_from_source" + +Include the install_from_package recipe to install node from packages: +Note that only apt (Ubuntu, Debian) appears to have up to date packages available. +Centos, RHEL, etc are non-functional. (Try install_from_binary for those) + +* include_recipe "nodejs::install_from_package" + +Include the install_from_binary recipe to install node from official prebuilt binaries: +(Currently Linux x86, x86_64, armv6l only) + +* include_recipe "nodejs::install_from_binary" + +Include the npm recipe to install npm: + +* include_recipe "nodejs::npm" + +LICENSE and AUTHOR +================== + +Author:: Marius Ducea (marius@promethost.com) +Author:: Nathan L Smith (nlloyds@gmail.com) + +Copyright:: 2010-2012, Promet Solutions +Copyright:: 2012, Cramer Development, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Rakefile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Rakefile new file mode 100644 index 000000000..f42f584e7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/Rakefile @@ -0,0 +1,36 @@ +#!/usr/bin/env rake + +@cookbook = "nodejs" + +desc "Runs foodcritic linter" +task :foodcritic do + if Gem::Version.new("1.9.2") <= Gem::Version.new(RUBY_VERSION.dup) + sandbox = File.join(File.dirname(__FILE__), %w{tmp foodcritic}, @cookbook) + prepare_foodcritic_sandbox(sandbox) + + sh "foodcritic --epic-fail any #{File.dirname(sandbox)}" + else + puts "WARN: foodcritic run is skipped as Ruby #{RUBY_VERSION} is < 1.9.2." + end +end + +task :default => 'foodcritic' + +private + +def prepare_foodcritic_sandbox(sandbox) + files = %w{*.md *.rb attributes definitions files providers +recipes resources templates} + + rm_rf sandbox + mkdir_p sandbox + cp_r Dir.glob("{#{files.join(',')}}"), sandbox + puts "\n\n" +end + +begin + require 'kitchen/rake_tasks' + Kitchen::RakeTasks.new +rescue LoadError + puts ">>>>> Kitchen gem not loaded, omitting tasks" unless ENV['CI'] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/attributes/default.rb new file mode 100644 index 000000000..6863f81ef --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/attributes/default.rb @@ -0,0 +1,38 @@ +# +# Cookbook Name:: nodejs +# Attributes:: nodejs +# +# Copyright 2010-2012, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] + when "smartos" + default['nodejs']['install_method'] = 'package' + else + default['nodejs']['install_method'] = 'source' +end + +default['nodejs']['version'] = '0.10.15' +default['nodejs']['checksum'] = '87345ab3b96aa02c5250d7b5ae1d80e620e8ae2a7f509f7fa18c4aaa340953e8' +default['nodejs']['checksum_linux_x64'] = '0b5191748a91b1c49947fef6b143f3e5e5633c9381a31aaa467e7c80efafb6e9' +default['nodejs']['checksum_linux_x86'] = '7ff9fb6aa19a5269a5a2f7a770040b8cd3c3b528a9c7c07da5da31c0d6dfde4d' +default['nodejs']['dir'] = '/usr/local' +default['nodejs']['npm'] = '1.3.5' +default['nodejs']['src_url'] = "http://nodejs.org/dist" +default['nodejs']['make_threads'] = node['cpu'] ? node['cpu']['total'].to_i : 2 +default['nodejs']['check_sha'] = true + +# Set this to true to install the legacy packages (0.8.x) from ubuntu/debian repositories; default is false (using the latest stable 0.10.x) +default['nodejs']['legacy_packages'] = false diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/metadata.rb new file mode 100644 index 000000000..a4946d7d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/metadata.rb @@ -0,0 +1,22 @@ +maintainer "Promet Solutions" +maintainer_email "marius@promethost.com" +license "Apache 2.0" +description "Installs/Configures nodejs" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.3.0" +name "nodejs" +provides "nodejs" + +recipe "nodejs", "Installs Node.JS based on the default installation method" +recipe "nodejs::install_from_source", "Installs Node.JS from source" +recipe "nodejs::install_from_binary", "Installs Node.JS from official binaries" +recipe "nodejs::install_from_package", "Installs Node.JS from packages" +recipe "nodejs::npm", "Installs npm from source - a package manager for node" + +%w{ apt yum build-essential }.each do |c| + depends c +end + +%w{ debian ubuntu centos redhat smartos }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/default.rb new file mode 100644 index 000000000..e469e72bf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/default.rb @@ -0,0 +1,25 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook Name:: nodejs +# Recipe:: default +# +# Copyright 2010-2012, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +case node['platform_family'] + when "debian" + include_recipe "apt" +end + +include_recipe "nodejs::install_from_#{node['nodejs']['install_method']}" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_binary.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_binary.rb new file mode 100644 index 000000000..768af6427 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_binary.rb @@ -0,0 +1,80 @@ +# +# Author:: Julian Wilde (jules@jules.com.au) +# Cookbook Name:: nodejs +# Recipe:: install_from_binary +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +# Shamelessly borrowed from http://docs.opscode.com/dsl_recipe_method_platform.html +# Surely there's a more canonical way to get arch? +if node['kernel']['machine'] =~ /armv6l/ + arch = "arm-pi" # assume a raspberry pi +else + arch = node['kernel']['machine'] =~ /x86_64/ ? "x64" : "x86" +end + +distro_suffix = "-linux-#{arch}" + +# package_stub is for example: "node-v0.8.20-linux-x64" +package_stub = "node-v#{node['nodejs']['version']}#{distro_suffix}" +nodejs_tar = "#{package_stub}.tar.gz" +expected_checksum = node['nodejs']["checksum_linux_#{arch}"] + +nodejs_tar_path = nodejs_tar +if node['nodejs']['version'].split('.')[1].to_i >= 5 + nodejs_tar_path = "v#{node['nodejs']['version']}/#{nodejs_tar_path}" +end + +# Let the user override the source url in the attributes +nodejs_bin_url = "#{node['nodejs']['src_url']}/#{nodejs_tar_path}" + +# Download it: +remote_file "/usr/local/src/#{nodejs_tar}" do + source nodejs_bin_url + checksum expected_checksum + mode 0644 + action :create_if_missing +end + +# Where we will install the binaries and libs to (normally /usr/local): +destination_dir = node['nodejs']['dir'] + +install_not_needed = File.exists?("#{node['nodejs']['dir']}/bin/node") && `#{node['nodejs']['dir']}/bin/node --version`.chomp == "v#{node['nodejs']['version']}" + +# Verify the SHA sum of the downloaded file: +ruby_block "verify_sha_sum" do + block do + require 'digest/sha1' + calculated_sha256_hash = Digest::SHA256.file("/usr/local/src/#{nodejs_tar}") + if calculated_sha256_hash != expected_checksum + raise "SHA256 Hash of #{nodejs_tar} did not match! Expected #{expected_checksum} found #{calculated_sha256_hash}" + end + end + not_if { !node['nodejs']['check_sha'] or install_not_needed } +end + +# One hopes that we can trust the contents of the node tarball not to overwrite anything it shouldn't! +execute "install package to system" do + command <<-EOF + tar xf /usr/local/src/#{nodejs_tar} \ + --strip-components=1 --no-same-owner \ + -C #{destination_dir} \ + #{package_stub}/bin \ + #{package_stub}/lib \ + #{package_stub}/share + EOF + + not_if { install_not_needed } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_package.rb new file mode 100644 index 000000000..2736bfba6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_package.rb @@ -0,0 +1,52 @@ +# +# Author:: Nathan L Smith (nlloyds@gmail.com) +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook Name:: nodejs +# Recipe:: package +# +# Copyright 2012, Cramer Development, Inc. +# Copyright 2013, Opscale +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] + when 'debian' + if node['nodejs']['legacy_packages'] == true + repo = 'http://ppa.launchpad.net/chris-lea/node.js-legacy/ubuntu' + packages = %w{ nodejs npm } + else + repo = 'http://ppa.launchpad.net/chris-lea/node.js/ubuntu' + packages = %w{ nodejs } + end + apt_repository 'node.js' do + uri repo + distribution node['lsb']['codename'] + components ['main'] + keyserver "keyserver.ubuntu.com" + key "C7917B12" + action :add + end + when 'rhel' + include_recipe 'yum::epel' + packages = %w{ nodejs nodejs-devel npm } + when 'smartos' + packages = %w{ nodejs } + else + Chef::Log.error "There are no nodejs packages for this platform; please use the source or binary method to install node" + return +end + +packages.each do |node_pkg| + package node_pkg +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_source.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_source.rb new file mode 100644 index 000000000..710604aba --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/install_from_source.rb @@ -0,0 +1,68 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook Name:: nodejs +# Recipe:: source +# +# Copyright 2010-2012, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "build-essential" + +case node['platform_family'] + when 'rhel','fedora' + package "openssl-devel" + when 'debian' + package "libssl-dev" +end + +nodejs_tar = "node-v#{node['nodejs']['version']}.tar.gz" +nodejs_tar_path = nodejs_tar +if node['nodejs']['version'].split('.')[1].to_i >= 5 + nodejs_tar_path = "v#{node['nodejs']['version']}/#{nodejs_tar_path}" +end +# Let the user override the source url in the attributes +nodejs_src_url = "#{node['nodejs']['src_url']}/#{nodejs_tar_path}" + +remote_file "/usr/local/src/#{nodejs_tar}" do + source nodejs_src_url + checksum node['nodejs']['checksum'] + mode 0644 + action :create_if_missing +end + +# --no-same-owner required overcome "Cannot change ownership" bug +# on NFS-mounted filesystem +execute "tar --no-same-owner -zxf #{nodejs_tar}" do + cwd "/usr/local/src" + creates "/usr/local/src/node-v#{node['nodejs']['version']}" +end + +bash "compile node.js (on #{node['nodejs']['make_threads']} cpu)" do + # OSX doesn't have the attribute so arbitrarily default 2 + cwd "/usr/local/src/node-v#{node['nodejs']['version']}" + code <<-EOH + PATH="/usr/local/bin:$PATH" + ./configure --prefix=#{node['nodejs']['dir']} && \ + make -j #{node['nodejs']['make_threads']} + EOH + creates "/usr/local/src/node-v#{node['nodejs']['version']}/node" +end + +execute "nodejs make install" do + environment({"PATH" => "/usr/local/bin:/usr/bin:/bin:$PATH"}) + command "make install" + cwd "/usr/local/src/node-v#{node['nodejs']['version']}" + not_if {::File.exists?("#{node['nodejs']['dir']}/bin/node") && `#{node['nodejs']['dir']}/bin/node --version`.chomp == "v#{node['nodejs']['version']}" } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/npm.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/npm.rb new file mode 100644 index 000000000..a16f27a1f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/recipes/npm.rb @@ -0,0 +1,38 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook Name:: nodejs +# Recipe:: npm +# +# Copyright 2010-2012, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "nodejs" + +package "curl" + +npm_src_url = "http://registry.npmjs.org/npm/-/npm-#{node['nodejs']['npm']}.tgz" + +bash "install npm - package manager for node" do + cwd "/usr/local/src" + user "root" + code <<-EOH + mkdir -p npm-v#{node['nodejs']['npm']} && \ + cd npm-v#{node['nodejs']['npm']} + curl -L #{npm_src_url} | tar xzf - --strip-components=1 && \ + make uninstall dev + EOH + not_if "#{node['nodejs']['dir']}/bin/npm -v 2>&1 | grep '#{node['nodejs']['npm']}'" +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/package/bats/package.bats b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/package/bats/package.bats new file mode 100644 index 000000000..508b9ca92 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/package/bats/package.bats @@ -0,0 +1,9 @@ +#!/usr/bin/env bats + +@test "node should be in the path" { + [ "$(command -v node)" ] +} + +@test "npm should be in the path" { + [ "$(command -v npm)" ] +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/source/bats/source.bats b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/source/bats/source.bats new file mode 100644 index 000000000..508b9ca92 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/integration/source/bats/source.bats @@ -0,0 +1,9 @@ +#!/usr/bin/env bats + +@test "node should be in the path" { + [ "$(command -v node)" ] +} + +@test "npm should be in the path" { + [ "$(command -v npm)" ] +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/support/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/support/Gemfile new file mode 100644 index 000000000..d45a670ef --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/nodejs/test/support/Gemfile @@ -0,0 +1,5 @@ +source "https://rubygems.org" + +gem 'rake' +gem 'foodcritic' + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CHANGELOG.md new file mode 100644 index 000000000..9657b5327 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CHANGELOG.md @@ -0,0 +1,23 @@ +## v1.1.4: + +* [COOK-2225] - Add platform_family suse + +## v1.1.2: + +* [COOK-1954] - Fix attribute camel case to match `man sshd_config` +* [COOK-1889] - SSH restarting on each chef run due to template + changes + +## v1.1.0: + +* [COOK-1663] - Configurable ListenAddress based off list of interface + names +* [COOK-1685] - Make default sshd_config value more robust + +## v1.0.0: + +* [COOK-1014] - Templates for ssh(d).conf files. + +## v0.8.1: + +* Current public release diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/Gemfile new file mode 100644 index 000000000..f0f457b38 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/Gemfile @@ -0,0 +1,3 @@ +source :rubygems + +gem 'test-kitchen' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/README.md new file mode 100644 index 000000000..352a13c13 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/README.md @@ -0,0 +1,122 @@ +Description +=========== + +Installs openssh. + +Requirements +============ + +## Platform: + +* Debian/Ubuntu +* RHEL/CentOS/Scientific +* Fedora +* ArchLinux + +Recipes +======= + +default +------- + +Selects the packages to install by package name and manages the sshd +service. + +Usage +===== + +Ensure that the openssh packages are installed and the service is +managed with `recipe[openssh]`. + +Attributes List +=============== + +The attributes list is dynamically generated, and lines up with the default openssh configs. + +This means anything located in [sshd_config](http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5) or [ssh_config](http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5) can be used in your node attributes. + +* If the option can be entered more then once, use an _Array_, otherwise, use a _String_. +* Each attribute is stored as ruby case, and converted to camel case for the config file on the fly. +* The current default attributes match the stock `ssh_config` and `sshd_config` provided by openssh. +* The namespace for `sshd_config` is `node['openssh']['server']`. +* Likewise, the namespace for `ssh_config` is `node['openssh']['client']`. +* An attribute can be an `Array` or a `String`. +* If it is an `Array`, each item in the array will get it's own line in the config file. +* All the values in openssh are commented out in the `attributes/default.rb` file for a base starting point. + +Dynamic ListenAddress +===================== + +Pass in a `Hash` of interface names, and IP address type(s) to bind sshd to. +This will expand to a list of IP addresses which override the default +`node['openssh']['server']['listen_address']` value. + +Examples and Common usage +========================= + +These can be mixed and matched in roles and attributes. Please note, it is possible to get sshd into a state that it will not run. If this is the case, you will need to login via an alternate method and debug sshd like normal. + +#### No Password logins. + +This requires use of identity files to connect + +```json +"openssh": { + "server": { + "password_authentication": "no" + } +} +``` + +#### Enable X Forwarding + +```json +"openssh": { + "server": { + "x11_forwarding": "yes" + } +} +``` + +#### Bind to a specific set of address (this example actually binds to all). + +Not to be used with `node['openssh']['listen_interfaces']`. + +```json +"openssh": { + "server": { + "address_family": "any", + "listen_address": [ "192.168.0.1", "::" ] + } +} +``` + +### Bind to the addresses tied to a set of interfaces. + +```json +"openssh": { + "listen_interfaces": { + "eth0": "inet", + "eth1": "inet6" + } +} +``` + +License and Author +================== + +Author:: Adam Jacob + +Copyright:: 2008-2009, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/attributes/default.rb new file mode 100644 index 000000000..817691b19 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/attributes/default.rb @@ -0,0 +1,125 @@ +# +# Cookbook Name:: openssh +# Attributes:: default +# +# Author:: Ernie Brodeur +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Attributes are commented out using the default config file values. +# Uncomment the ones you need, or set attributes in a role. +# + +default['openssh']['package_name'] = case node['platform_family'] + when "rhel", "fedora" + %w{openssh-clients openssh} + when "arch","suse" + %w{openssh} + else + %w{openssh-client openssh-server} + end + +default['openssh']['service_name'] = case node['platform_family'] + when "rhel", "fedora","suse" + "sshd" + else + "ssh" + end + +# ssh config group +default['openssh']['client']['host'] = "*" +# default['openssh']['client']['forward_agent'] = "no" +# default['openssh']['client']['forward_x11'] = "no" +# default['openssh']['client']['rhosts_rsa_authentication'] = "no" +# default['openssh']['client']['rsa_authentication'] = "yes" +# default['openssh']['client']['password_authentication'] = "yes" +# default['openssh']['client']['host_based_authentication'] = "no" +# default['openssh']['client']['gssapi_authentication'] = "no" +# default['openssh']['client']['gssapi_delegate_credentials'] = "no" +# default['openssh']['client']['batch_mode'] = "no" +# default['openssh']['client']['check_host_ip'] = "yes" +# default['openssh']['client']['address_family'] = "any" +# default['openssh']['client']['connect_timeout'] = "0" +# default['openssh']['client']['strict_host_key_checking'] = "ask" +# default['openssh']['client']['identity_file'] = "~/.ssh/identity" +# default['openssh']['client']['identity_file_rsa'] = "~/.ssh/id_rsa" +# default['openssh']['client']['identity_file_dsa'] = "~/.ssh/id_dsa" +# default['openssh']['client']['port'] = "22" +# default['openssh']['client']['protocol'] = [ "2 1" ] +# default['openssh']['client']['cipher'] = "3des" +# default['openssh']['client']['ciphers'] = [ "aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc" ] +# default['openssh']['client']['macs'] = [ "hmac-md5 hmac-sha1 umac-64@openssh.com hmac-ripemd160" ] +# default['openssh']['client']['escape_char'] = "~" +# default['openssh']['client']['tunnel'] = "no" +# default['openssh']['client']['tunnel_device'] = "any:any" +# default['openssh']['client']['permit_local_command'] = "no" +# default['openssh']['client']['visual_host_key'] = "no" +# default['openssh']['client']['proxy_command'] = "ssh -q -W %h:%p gateway.example.com" +# sshd config group +# default['openssh']['server']['port'] = "22" +# default['openssh']['server']['address_family'] = "any" +# default['openssh']['server']['listen_address'] = [ "0.0.0.0 ::" ] +# default['openssh']['server']['protocol'] = "2" +# default['openssh']['server']['host_key_v1'] = "/etc/ssh/ssh_host_key" +# default['openssh']['server']['host_key_rsa'] = "/etc/ssh/ssh_host_rsa_key" +# default['openssh']['server']['host_key_dsa'] = "/etc/ssh/ssh_host_dsa_key" +# default['openssh']['server']['host_key_ecdsa'] = "/etc/ssh/ssh_host_ecdsa_key" +# default['openssh']['server']['key_regeneration_interval'] = "1h" +# default['openssh']['server']['server_key_bits'] = "1024" +# default['openssh']['server']['syslog_facility'] = "AUTH" +# default['openssh']['server']['log_level'] = "INFO" +# default['openssh']['server']['login_grace_time'] = "2m" +# default['openssh']['server']['permit_root_login'] = "yes" +# default['openssh']['server']['strict_modes'] = "yes" +# default['openssh']['server']['max_auth_tries'] = "6" +# default['openssh']['server']['max_sessions'] = "10" +# default['openssh']['server']['rsa_authentication'] = "yes" +# default['openssh']['server']['pub_key_authentication'] = "yes" +default['openssh']['server']['authorized_keys_file'] = "%h/.ssh/authorized_keys" +# default['openssh']['server']['rhosts_rsa_authentication'] = "no" +# default['openssh']['server']['host_based_authentication'] = "no" +# default['openssh']['server']['ignore_user_known_hosts'] = "no" +# default['openssh']['server']['ignore_rhosts'] = "yes" +# default['openssh']['server']['password_authentication'] = "yes" +# default['openssh']['server']['permit_empty_passwords'] = "no" +default['openssh']['server']['challenge_response_authentication'] = "no" +# default['openssh']['server']['kerberos_authentication'] = "no" +# default['openssh']['server']['kerberos_or_localpasswd'] = "yes" +# default['openssh']['server']['kerberos_ticket_cleanup'] = "yes" +# default['openssh']['server']['kerberos_get_afs_token'] = "no" +# default['openssh']['server']['gssapi_authentication'] = "no" +# default['openssh']['server']['gssapi_clean_up_credentials'] = "yes" +default['openssh']['server']['use_p_a_m'] = "yes" +# default['openssh']['server']['allow_agent_forwarding'] = "yes" +# default['openssh']['server']['allow_tcp_forwarding'] = "yes" +# default['openssh']['server']['gateway_ports'] = "no" +# default['openssh']['server']['x11_forwarding'] = "no" +# default['openssh']['server']['x11_display_offset'] = "10" +# default['openssh']['server']['x11_use_localhost'] = "yes" +# default['openssh']['server']['print_motd'] = "yes" +# default['openssh']['server']['print_lastlog'] = "yes" +# default['openssh']['server']['t_c_p_keep_alive'] = "yes" +# default['openssh']['server']['use_login'] = "no" +# default['openssh']['server']['use_privilege_separation'] = "yes" +# default['openssh']['server']['permit_user_environment'] = "no" +# default['openssh']['server']['compression'] = "delayed" +# default['openssh']['server']['client_alive_interval'] = "0" +# default['openssh']['server']['client_alive_count_max'] = "3" +# default['openssh']['server']['use_dns'] = "yes" +# default['openssh']['server']['pid_file'] = "/var/run/sshd.pid" +# default['openssh']['server']['max_startups'] = "10" +# default['openssh']['server']['permit_tunnel'] = "no" +# default['openssh']['server']['chroot_directory'] = "none" +# default['openssh']['server']['banner'] = "none" +# default['openssh']['server']['subsystem'] = "sftp /usr/libexec/sftp-server" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/config_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/config_test.rb new file mode 100644 index 000000000..68c16d784 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/config_test.rb @@ -0,0 +1,38 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe "openssh::config" do + include Helpers::OpenSSH + + describe "services" do + it "runs as a daemon" do + service("ssh").must_be_running + end + + it "boots on startup" do + service("ssh").must_be_enabled + end + end + + describe "files" do + it "is listening on port 22" do + assert_include 'Port 22' + end + + it "is listening on 0.0.0.0" do + assert_include 'ListenAddress 0.0.0.0' + end + + it "permits root login" do + assert_include 'PermitRootLogin no' + end + + it "permits password authentication" do + assert_include 'PasswordAuthentication no' + end + + it "has client alive directives" do + assert_include 'ClientAliveInterval 900' + assert_include 'ClientAliveCountMax 0' + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..cb75c1a5f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/default_test.rb @@ -0,0 +1,13 @@ +require File.expand_path('../support/helpers', __FILE__) + +describe_recipe "openssh::default" do + include Helpers::OpenSSH + + describe "package" do + it "installs" do + node['openssh']['package_name'].each do |pkg| + package(pkg).must_be_installed + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..d63be4569 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,13 @@ +module Helpers + module OpenSSH + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + def assert_include(expected) + skip unless %w{debian ubuntu}.include? node.platform + + file(node['openssh']['config']).must_include expected + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.json new file mode 100644 index 000000000..da91d59d2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.json @@ -0,0 +1,38 @@ +{ + "name": "openssh", + "description": "Installs openssh", + "long_description": "", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "fedora": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0", + "arch": ">= 0.0.0", + "scientific": ">= 0.0.0", + "suse": ">= 0.0.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "openssh": "Installs openssh" + }, + "version": "1.1.4" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.rb new file mode 100644 index 000000000..c1b9e8f61 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/metadata.rb @@ -0,0 +1,12 @@ +name "openssh" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs openssh" +version "1.1.4" + +recipe "openssh", "Installs openssh" + +%w{ redhat centos fedora ubuntu debian arch scientific suse }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/recipes/default.rb new file mode 100644 index 000000000..f856a614a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/recipes/default.rb @@ -0,0 +1,73 @@ +# +# Cookbook Name:: openssh +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def listen_addr_for interface, type + interface_node = node['network']['interfaces'][interface]['addresses'] + + interface_node.select { |address, data| data['family'] == type }[0][0] +end + +node['openssh']['package_name'].each do |pkg| + package pkg +end + +service "ssh" do + service_name node['openssh']['service_name'] + supports value_for_platform( + "debian" => { "default" => [ :restart, :reload, :status ] }, + "ubuntu" => { + "8.04" => [ :restart, :reload ], + "default" => [ :restart, :reload, :status ] + }, + "centos" => { "default" => [ :restart, :reload, :status ] }, + "redhat" => { "default" => [ :restart, :reload, :status ] }, + "fedora" => { "default" => [ :restart, :reload, :status ] }, + "scientific" => { "default" => [ :restart, :reload, :status ] }, + "arch" => { "default" => [ :restart ] }, + "default" => { "default" => [:restart, :reload ] } + ) + action [ :enable, :start ] +end + +template "/etc/ssh/ssh_config" do + source "ssh_config.erb" + mode '0644' + owner 'root' + group 'root' + variables(:settings => node['openssh']['client']) +end + +if node['openssh']['listen_interfaces'] + listen_addresses = Array.new.tap do |a| + node['openssh']['listen_interfaces'].each_pair do |interface, type| + a << listen_addr_for(interface, type) + end + end + + node.set['openssh']['server']['listen_address'] = listen_addresses +end + +template "/etc/ssh/sshd_config" do + source "sshd_config.erb" + mode '0644' + owner 'root' + group 'root' + variables(:settings => node['openssh']['server']) + notifies :restart, "service[ssh]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/port_ssh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/port_ssh.erb new file mode 100644 index 000000000..9265619e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/port_ssh.erb @@ -0,0 +1,2 @@ +# SSH +-A FWR -p tcp -m tcp --dport 22 -j ACCEPT \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/ssh_config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/ssh_config.erb new file mode 100644 index 000000000..869c84e4b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/ssh_config.erb @@ -0,0 +1,11 @@ +# Generated by Chef for <%= node['fqdn'] %> + +<% @settings.each do |key, value| -%> +<% if value.kind_of? Array -%> +<% value.each do |item| -%> +<%= "#{key.split("_").map { |w| w.capitalize}.join} #{item}" %> +<% end -%> +<% else -%> +<%= "#{key.split("_").map { |w| w.capitalize}.join} #{value}"%> +<% end -%> +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/sshd_config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/sshd_config.erb new file mode 100644 index 000000000..b3f7b7ffd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssh/templates/default/sshd_config.erb @@ -0,0 +1,11 @@ +# Generated by Chef for <%= node['fqdn'] %> + +<% @settings.sort.map do |key, value| -%> +<% if value.kind_of? Array -%> +<% value.each do |item| -%> +<%= "#{key.split("_").map { |w| w.capitalize}.join} #{item}" %> +<% end -%> +<% else -%> +<%= "#{key.split("_").map { |w| w.capitalize}.join} #{value}"%> +<% end -%> +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CHANGELOG.md new file mode 100644 index 000000000..bbb48aae6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CHANGELOG.md @@ -0,0 +1,3 @@ +## v1.0.2: + +* Add name attribute to metadata diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/README.md new file mode 100644 index 000000000..cc40a8fe2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/README.md @@ -0,0 +1,37 @@ +Description +==== + +Provide a library method to generate secure random passwords in recipes. + +Requirements +==== + +Works on any platform with OpenSSL Ruby bindings installed, which are a requirement for Chef anyway. + +Usage +==== + +Most often this will be used to generate a secure password for an attribute. + + include Opscode::OpenSSL::Password + + set_unless[:my_password] = secure_password + +License and Author +==== + +Author:: Joshua Timberman () + +Copyright:: 2009-2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/libraries/secure_password.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/libraries/secure_password.rb new file mode 100644 index 000000000..e5fd638ba --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/libraries/secure_password.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: openssl +# Library:: secure_password +# Author:: Joshua Timberman +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'openssl' + +module Opscode + module OpenSSL + module Password + def secure_password + pw = String.new + + while pw.length < 20 + pw << ::OpenSSL::Random.random_bytes(1).gsub(/\W/, '') + end + + pw + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.json new file mode 100644 index 000000000..084606155 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.json @@ -0,0 +1,30 @@ +{ + "name": "openssl", + "description": "Provides a library with a method for generating secure random passwords.", + "long_description": "Description\n====\n\nProvide a library method to generate secure random passwords in recipes.\n\nRequirements\n====\n\nWorks on any platform with OpenSSL Ruby bindings installed, which are a requirement for Chef anyway.\n\nUsage\n====\n\nMost often this will be used to generate a secure password for an attribute.\n\n include Opscode::OpenSSL::Password\n\n set_unless[:my_password] = secure_password\n\nLicense and Author\n====\n\nAuthor:: Joshua Timberman ()\n\nCopyright:: 2009-2011, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "openssl": "Empty, this cookbook provides a library, see README.md" + }, + "version": "1.0.2" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.rb new file mode 100644 index 000000000..e03f03921 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/metadata.rb @@ -0,0 +1,9 @@ +name "openssl" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Provides a library with a method for generating secure random passwords." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.0.2" + +recipe "openssl", "Empty, this cookbook provides a library, see README.md" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/recipes/default.rb new file mode 100644 index 000000000..9850a2856 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openssl/recipes/default.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: openssl +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile new file mode 100644 index 000000000..bd847e913 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile @@ -0,0 +1,8 @@ +metadata + +cookbook "openstack-image", + git: "git://github.com/stackforge/cookbook-openstack-image.git" +cookbook "openstack-identity", + git: "git://github.com/stackforge/cookbook-openstack-identity.git" +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile.lock new file mode 100644 index 000000000..a77c01b23 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Berksfile.lock @@ -0,0 +1,68 @@ +{ + "sha": "ba71763fac936d414bd4a63f004357f86f6e1bfb", + "sources": { + "openstack-block-storage": { + "locked_version": "7.0.3", + "constraint": "= 7.0.3", + "path": "." + }, + "openstack-image": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-image.git", + "ref": "c4af085fd62b542fee13d3a8a4ffdc1885ce37ed" + }, + "openstack-identity": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-identity.git", + "ref": "029fe8a648939f832f844562d0e18af2a951c783" + }, + "openstack-common": { + "locked_version": "0.3.0", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "25b183f2362fa501cfee4db331491b3d984a5c05" + }, + "apt": { + "locked_version": "2.0.0" + }, + "rabbitmq": { + "locked_version": "2.1.2" + }, + "erlang": { + "locked_version": "1.3.0", + "constraint": ">= 0.9.0" + }, + "yum": { + "locked_version": "2.3.0", + "constraint": ">= 0.5.0" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "selinux": { + "locked_version": "0.5.6" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2", + "constraint": ">= 1.3.0" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "postgresql": { + "locked_version": "3.0.2", + "constraint": ">= 1.0.0" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + }, + "python": { + "locked_version": "1.3.4" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/CHANGELOG.md new file mode 100644 index 000000000..a587aceb2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/CHANGELOG.md @@ -0,0 +1,18 @@ +openstack-block-storage Cookbook CHANGELOG +============================== +This file is used to list changes made in each version of the openstack-block-storage cookbook. + +v7.0.3 +------ +### Bug +- change audit cronjob binary path depending on platform, refactored some tests + +v7.0.2 +------ +### Improvement +- ensure cronjob runs on only one node and make cronjob configurable + +v7.0.1 +------ +### Improvement +- Add audit cronjob and enable control_exchange, when metering enabled diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile new file mode 100644 index 000000000..870261870 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 2.0.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile.lock new file mode 100644 index 000000000..4cc50abe7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Gemfile.lock @@ -0,0 +1,223 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + addressable (2.3.4) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (2.0.3) + activesupport (>= 3.2.0) + addressable (~> 2.3.4) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + retryable (~> 1.3.3) + ridley (~> 1.0.2) + solve (>= 0.4.4) + test-kitchen (>= 1.0.0.alpha7) + thor (~> 0.18.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.8.4) + builder (>= 2.1.2) + coderay (1.0.9) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.1) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + method_source (0.8.1) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.4) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.6) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-scp (1.1.1) + net-ssh (>= 2.6.5) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + pry (0.9.12.2) + coderay (~> 1.0.5) + method_source (~> 0.8) + slop (~> 3.4) + rack (1.5.2) + rak (1.4) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.0.2) + addressable + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + chozo (>= 0.6.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + winrm (~> 1.1.0) + rspec (2.13.0) + rspec-core (~> 2.13.0) + rspec-expectations (~> 2.13.0) + rspec-mocks (~> 2.13.0) + rspec-core (2.13.1) + rspec-expectations (2.13.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.13.1) + rubyntlm (0.1.1) + safe_yaml (0.9.3) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + slop (3.4.5) + solve (0.4.4) + json + strainer (3.0.1) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + test-kitchen (1.0.0.alpha.7) + celluloid + mixlib-shellout + net-scp + net-ssh + pry + safe_yaml + thor + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.0) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/README.md new file mode 100644 index 000000000..af52c0765 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/README.md @@ -0,0 +1,130 @@ +Description +=========== + +Installs the OpenStack Block Storage service **Cinder** as part of the OpenStack reference deployment Chef for OpenStack. The https://github.com/stackforge/openstack-chef-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Cinder is currently installed from packages. + +http://cinder.openstack.org + +Requirements +============ + +* Chef 0.10.0 or higher required (for Chef environment use). + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* apt +* openstack-common +* openstack-identity +* openstack-image +* selinux (Fedora) + +Usage +===== + +api +---- +- Installs the cinder-api, sets up the cinder database, + and cinder service/user/endpoints in keystone + +scheduler +---- +- Installs the cinder-scheduler service + +volume +---- +- Installs the cinder-volume service and sets up the iscsi helper + +Defaults to the ISCSI (LVM) Driver. + +Attributes +========== + +* `openstack["block-storage"]["db"]["username"]` - cinder username for database +* `openstack["block-storage"]["rabbit"]["username"]` - Username for cinder rabbit access +* `openstack["block-storage"]["rabbit"]["vhost"]` - The rabbit vhost to use +* `openstack["block-storage"]["rabbit"]["port"]` - The rabbit port to use +* `openstack["block-storage"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["block-storage"]["rabbit"]["ha"]` false). +* `openstack["block-storage"]["rabbit"]["ha"]` - Whether or not to use rabbit ha +* `openstack["block-storage"]["service_tenant_name"]` - name of tenant to use for the cinder service account in keystone +* `openstack["block-storage"]["service_user"]` - cinder service user in keystone +* `openstack["block-storage"]["service_role"]` - role for the cinder service user in keystone +* `openstack["block-storage"]["syslog"]["use"]` +* `openstack["block-storage"]["syslog"]["facility"]` +* `openstack["block-storage"]["syslog"]["config_facility"]` +* `openstack["block-storage"]["platform"]` - hash of platform specific package/service names and options +* `openstack["block-storage"]["volume"]["state_path"]` - Top-level directory for maintaining cinder's state +* `openstack["block-storage"]["volume"]["driver"]` - Driver to use for volume creation +* `openstack["block-storage"]["volume"]["volume_group"]` - Name for the VG that will contain exported volumes +* `openstack["block-storage"]["volume"]["iscsi_helper"]` - ISCSI target user-land tool to use +* `openstack["block-storage"]["rbd_pool"]` - RADOS Block Device pool to use +* `openstack["block-storage"]["rbd_user"]` - User for Cephx Authentication +* `openstack["block-storage"]["rbd_secret_uuid"]` - Secret UUID for Cephx Authentication +* `openstack["block-storage"]["policy"]["context_is_admin"]` - Define administrators +* `openstack["block-storage"]["policy"]["default"]` - default volume operations rule +* `openstack["block-storage"]["policy"]["admin_or_owner"]` - Define an admin or owner +* `openstack["block-storage"]["policy"]["admin_api"]` - Define api admin +* `openstack["block-storage"]["netapp"]["protocol"]` - how are we talking to either dfm or filer, http or https +* `openstack["block-storage"]["netapp"]["dfm_hostname"]` - Host or IP of your dfm server +* `openstack["block-storage"]["netapp"]["dfm_login"]` - Username for dfm +* `openstack["block-storage"]["netapp"]["dfm_password"]` - password for the dfm user +* `openstack["block-storage"]["netapp"]["dfm_port"]` - default port for dfm +* `openstack["block-storage"]["netapp"]["dfm_web_port"]` - web gui port for wsdl file download +* `openstack["block-storage"]["netapp"]["storage_service"]` - name of the service in dfpm +* `openstack["block-storage"]["netapp"]["netapp_server_port"]` - web admin port of the filer itself +* `openstack["block-storage"]["netapp"]["netapp_server_hostname"]` - hostname of your filer, needs to be resolvable +* `openstack["block-storage"]["netapp"]["netapp_server_login"]` - Username for netapp filer +* `openstack["block-storage"]["netapp"]["netapp_server_password"]` - password for user above +* `openstack["block-storage"]["nfs"]["shares_config"]` - file containing line by line entries of server:export +* `openstack["block-storage"]["nfs"]["mount_point_base"]` - directory to mount NFS exported shares + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Justin Shepherd () | +| **Author** | Jason Cannavale () | +| **Author** | Ron Pedde () | +| **Author** | Joseph Breu () | +| **Author** | William Kelly () | +| **Author** | Darren Birkett () | +| **Author** | Evan Callicoat () | +| **Author** | Matt Ray () | +| **Author** | Jay Pipes () | +| **Author** | John Dewey () | +| **Author** | Abel Lopez () | +| **Author** | Sean Gallagher () | +| **Author** | Ionut Artarisi () | +| | | +| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. | +| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. | +| **Copyright** | Copyright (c) 2013, Opscode, Inc. | +| **Copyright** | Copyright (c) 2013, SUSE Linux GmbH | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/attributes/default.rb new file mode 100644 index 000000000..7f0d2f268 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/attributes/default.rb @@ -0,0 +1,187 @@ +# +# Cookbook Name:: openstack-block-storage +# Attributes:: default +# +# Copyright 2012, DreamHost +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +######################################################################## +# Toggles - These can be overridden at the environment level +default["developer_mode"] = false # we want secure passwords by default +######################################################################## + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["block-storage"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +default["openstack"]["block-storage"]["verbose"] = "False" +default["openstack"]["block-storage"]["debug"] = "False" + +# Default lock_path +default["openstack"]["block-storage"]["lock_path"] = "/var/lock/cinder" +# Availability zone/region for the Openstack"]["Block-Storage service +default["openstack"]["block-storage"]["region"] = "RegionOne" +default["openstack"]["block-storage"]["scheduler_role"] = "os-block-storage-scheduler" + +# The name of the Chef role that knows about the message queue server +# that Cinder uses +default["openstack"]["block-storage"]["rabbit_server_chef_role"] = "os-ops-messaging" + +# This is the name of the Chef role that will install the Keystone Service API +default["openstack"]["block-storage"]["keystone_service_chef_role"] = "keystone" + +# Keystone PKI signing directory. Only written to the filter:authtoken section +# of the api-paste.ini when node["openstack"]["auth"]["strategy"] == "pki" +default["openstack"]["block-storage"]["api"]["auth"]["cache_dir"] = "/var/cache/cinder/api" + +# Maximum allocatable gigabytes +# Should equal total backend storage, default is 10TB +default["openstack"]["block-storage"]["max_gigabytes"] = "10000" + +# Storage availability zone +# Default is nova +default["openstack"]["block-storage"]["storage_availability_zone"] = "nova" + +# Quota definitions +default["openstack"]["block-storage"]["quota_volumes"] = "10" +default["openstack"]["block-storage"]["quota_gigabytes"] = "1000" +default["openstack"]["block-storage"]["quota_driver"] = "cinder.quota.DbQuotaDriver" + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["block-storage"]["rabbit"]["username"] = "guest" +default["openstack"]["block-storage"]["rabbit"]["vhost"] = "/" +default["openstack"]["block-storage"]["rabbit"]["port"] = 5672 +default["openstack"]["block-storage"]["rabbit"]["host"] = "127.0.0.1" +default["openstack"]["block-storage"]["rabbit"]["ha"] = false + +default["openstack"]["block-storage"]["db"]["username"] = "cinder" + +default["openstack"]["block-storage"]["service_tenant_name"] = "service" +default["openstack"]["block-storage"]["service_user"] = "cinder" +default["openstack"]["block-storage"]["service_role"] = "admin" + +# Netapp support +default["openstack"]["block-storage"]["netapp"]["protocol"] = "http" +default["openstack"]["block-storage"]["netapp"]["dfm_hostname"] = nil +default["openstack"]["block-storage"]["netapp"]["dfm_login"] = nil +default["openstack"]["block-storage"]["netapp"]["dfm_password"] = nil +default["openstack"]["block-storage"]["netapp"]["dfm_port"] = "8088" +default["openstack"]["block-storage"]["netapp"]["dfm_web_port"] = "8080" +default["openstack"]["block-storage"]["netapp"]["storage_service"] = "storage_service" + +# Netapp direct NFS +default["openstack"]["block-storage"]["netapp"]["netapp_server_port"] = "80" +default["openstack"]["block-storage"]["netapp"]["netapp_server_hostname"] = nil +default["openstack"]["block-storage"]["netapp"]["netapp_server_password"] = nil +default["openstack"]["block-storage"]["netapp"]["netapp_server_login"] = nil +default["openstack"]["block-storage"]["netapp"]["export"] = nil +default["openstack"]["block-storage"]["nfs"]["shares_config"] = "/etc/cinder/shares.conf" +default["openstack"]["block-storage"]["nfs"]["mount_point_base"] = "/mnt/cinder-volumes" +default["openstack"]["block-storage"]["nfs"]["nfs_disk_util"] = "df" +default["openstack"]["block-storage"]["nfs"]["nfs_sparsed_volumes"] = "true" + +# logging attribute +default["openstack"]["block-storage"]["syslog"]["use"] = false +default["openstack"]["block-storage"]["syslog"]["facility"] = "LOG_LOCAL2" +default["openstack"]["block-storage"]["syslog"]["config_facility"] = "local2" + +default["openstack"]["block-storage"]["api"]["ratelimit"] = "True" +default["openstack"]["block-storage"]["cron"]["minute"] = '00' +default["openstack"]["block-storage"]["cron"]["audit_logfile"] = "/var/log/cinder/audit.log" + +default["openstack"]["block-storage"]["volume"]["state_path"] = "/var/lib/cinder" +default["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.driver.ISCSIDriver" +default["openstack"]["block-storage"]["volume"]["volume_group"] = "cinder-volumes" +default["openstack"]["block-storage"]["volume"]["iscsi_helper"] = "tgtadm" + +# Ceph/RADOS options +default["openstack"]["block-storage"]["rbd_pool"] = "rbd" +default["openstack"]["block-storage"]["rbd_user"] = nil +default["openstack"]["block-storage"]["rbd_secret_uuid"] = nil + +# Cinder Policy defaults +default["openstack"]["block-storage"]["policy"]["context_is_admin"] = '["role:admin"]' +default["openstack"]["block-storage"]["policy"]["default"] = '["rule:admin_or_owner"]' +default["openstack"]["block-storage"]["policy"]["admin_or_owner"] = '["is_admin:True"], ["project_id:%(project_id)s"]' +default["openstack"]["block-storage"]["policy"]["admin_api"] = '["is_admin:True"]' + +case platform +when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this + # operating system user and group names + default["openstack"]["block-storage"]["user"] = "cinder" + default["openstack"]["block-storage"]["group"] = "cinder" + + default["openstack"]["block-storage"]["platform"] = { + "mysql_python_packages" => ["MySQL-python"], + "postgresql_python_packages" => ["python-psycopg2"], + "cinder_common_packages" => ["openstack-cinder"], + "cinder_api_packages" => ["python-cinderclient"], + "cinder_api_service" => "openstack-cinder-api", + "cinder_volume_packages" => [], + "cinder_volume_service" => "openstack-cinder-volume", + "cinder_scheduler_packages" => [], + "cinder_scheduler_service" => "openstack-cinder-scheduler", + "cinder_iscsitarget_packages" => ["scsi-target-utils"], + "cinder_iscsitarget_service" => "tgtd", + "cinder_nfs_packages" => ["nfs-utils", "nfs-utils-lib"], + "package_overrides" => "" + } +when "suse" + # operating system user and group names + default["openstack"]["block-storage"]["user"] = "openstack-cinder" + default["openstack"]["block-storage"]["group"] = "openstack-cinder" + default["openstack"]["block-storage"]["platform"] = { + "mysql_python_packages" => ["python-mysql"], + "postgresql_python_packages" => ["python-psycopg2"], + "cinder_common_packages" => ["openstack-cinder"], + "cinder_api_packages" => ["openstack-cinder-api"], + "cinder_api_service" => "openstack-cinder-api", + "cinder_scheduler_packages" => ["openstack-cinder-scheduler"], + "cinder_scheduler_service" => "openstack-cinder-scheduler", + "cinder_volume_packages" => ["openstack-cinder-volume"], + "cinder_volume_service" => "openstack-cinder-volume", + "cinder_iscsitarget_packages" => ["tgt"], + "cinder_iscsitarget_service" => "tgtd", + "cinder_nfs_packages" => ["nfs-utils"] + } +when "ubuntu" + # operating system user and group names + default["openstack"]["block-storage"]["user"] = "cinder" + default["openstack"]["block-storage"]["group"] = "cinder" + default["openstack"]["block-storage"]["platform"] = { + "mysql_python_packages" => ["python-mysqldb"], + "postgresql_python_packages" => ["python-psycopg2"], + "cinder_common_packages" => ["cinder-common"], + "cinder_api_packages" => ["cinder-api", "python-cinderclient"], + "cinder_api_service" => "cinder-api", + "cinder_volume_packages" => ["cinder-volume"], + "cinder_volume_service" => "cinder-volume", + "cinder_scheduler_packages" => ["cinder-scheduler"], + "cinder_scheduler_service" => "cinder-scheduler", + "cinder_iscsitarget_packages" => ["tgt"], + "cinder_iscsitarget_service" => "tgt", + "cinder_nfs_packages" => ["nfs-common"], + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/metadata.rb new file mode 100644 index 000000000..ed54eb1d9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/metadata.rb @@ -0,0 +1,24 @@ +name "openstack-block-storage" +maintainer "AT&T Services, Inc." +maintainer_email "cookbooks@lists.tfoundry.com" +license "Apache 2.0" +description "The OpenStack Advanced Volume Management service Cinder." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.3" + +recipe "openstack-block-storage::common", "Defines the common pieces of repeated code from the other recipes" +recipe "openstack-block-storage::api", "Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone" +recipe "openstack-block-storage::keystone_registration", "Registers cinder service/user/endpoints in keystone" +recipe "openstack-block-storage::scheduler", "Installs the cinder-scheduler service" +recipe "openstack-block-storage::volume", "Installs the cinder-volume service and sets up the iscsi helper" + +%w{ ubuntu fedora redhat centos suse }.each do |os| + supports os +end + +depends "apt" +depends "openstack-common", "~> 0.4.0" +depends "openstack-identity", "~> 7.0.0" +depends "openstack-image", "~> 7.0.0" +depends "selinux" +depends "python" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/api.rb new file mode 100644 index 000000000..e953f31f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/api.rb @@ -0,0 +1,84 @@ +# +# Cookbook Name:: openstack-block-storage +# Recipe:: api +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# Copyright 2013, SUSE Linux Gmbh. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-block-storage::cinder-common" + +platform_options = node["openstack"]["block-storage"]["platform"] + +platform_options["cinder_api_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +db_type = node['openstack']['db']['volume']['db_type'] +platform_options["#{db_type}_python_packages"].each do |pkg| + package pkg do + action :upgrade + end +end + +directory ::File.dirname(node["openstack"]["block-storage"]["api"]["auth"]["cache_dir"]) do + owner node["openstack"]["block-storage"]["user"] + group node["openstack"]["block-storage"]["group"] + mode 00700 +end + +service "cinder-api" do + service_name platform_options["cinder_api_service"] + supports :status => true, :restart => true + + action :enable + subscribes :restart, "template[/etc/cinder/cinder.conf]" +end + +identity_admin_endpoint = endpoint "identity-admin" +service_pass = service_password "openstack-block-storage" + +execute "cinder-manage db sync" + +template "/etc/cinder/api-paste.ini" do + source "api-paste.ini.erb" + group node["openstack"]["block-storage"]["group"] + owner node["openstack"]["block-storage"]["user"] + mode 00644 + variables( + :identity_admin_endpoint => identity_admin_endpoint, + :service_pass => service_pass + ) + + notifies :restart, "service[cinder-api]", :immediately +end + +template "/etc/cinder/policy.json" do + source "policy.json.erb" + owner node["openstack"]["block-storage"]["user"] + group node["openstack"]["block-storage"]["group"] + mode 00644 + notifies :restart, "service[cinder-api]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/cinder-common.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/cinder-common.rb new file mode 100644 index 000000000..5c1389aae --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/cinder-common.rb @@ -0,0 +1,63 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +if node["openstack"]["block-storage"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform_options = node["openstack"]["block-storage"]["platform"] + +platform_options["cinder_common_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +db_user = node["openstack"]["block-storage"]["db"]["username"] +db_pass = db_password "cinder" +sql_connection = db_uri("volume", db_user, db_pass) + +if node["openstack"]["block-storage"]["rabbit"]["ha"] + rabbit_hosts = rabbit_servers +end +rabbit_pass = user_password node["openstack"]["block-storage"]["rabbit"]["username"] + +glance_api_endpoint = endpoint "image-api" + +directory "/etc/cinder" do + group node["openstack"]["block-storage"]["group"] + owner node["openstack"]["block-storage"]["user"] + mode 00750 + action :create +end + +template "/etc/cinder/cinder.conf" do + source "cinder.conf.erb" + group node["openstack"]["block-storage"]["group"] + owner node["openstack"]["block-storage"]["user"] + mode 00644 + variables( + :sql_connection => sql_connection, + :rabbit_password => rabbit_pass, + :rabbit_hosts => rabbit_hosts, + :glance_host => glance_api_endpoint.host, + :glance_port => glance_api_endpoint.port + ) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/default.rb new file mode 100644 index 000000000..e42044e42 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: openstack-block-storage +# Recipe:: default +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/identity_registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/identity_registration.rb new file mode 100644 index 000000000..c968ff2c1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/identity_registration.rb @@ -0,0 +1,85 @@ +# +# Cookbook Name:: openstack-block-storage +# Recipe:: identity_registration +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +identity_admin_endpoint = endpoint "identity-admin" +bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" +auth_uri = ::URI.decode identity_admin_endpoint.to_s +cinder_api_endpoint = endpoint "volume-api" +service_pass = service_password "openstack-block-storage" +region = node["openstack"]["block-storage"]["region"] +service_tenant_name = node["openstack"]["block-storage"]["service_tenant_name"] +service_user = node["openstack"]["block-storage"]["service_user"] +service_role = node["openstack"]["block-storage"]["service_role"] + +openstack_identity_register "Register Cinder Volume Service" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name "cinder" + service_type "volume" + service_description "Cinder Volume Service" + endpoint_region region + endpoint_adminurl ::URI.decode cinder_api_endpoint.to_s + endpoint_internalurl ::URI.decode cinder_api_endpoint.to_s + endpoint_publicurl ::URI.decode cinder_api_endpoint.to_s + + action :create_service +end + +openstack_identity_register "Register Cinder Volume Endpoint" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name "cinder" + service_type "volume" + service_description "Cinder Volume Service" + endpoint_region region + endpoint_adminurl ::URI.decode cinder_api_endpoint.to_s + endpoint_internalurl ::URI.decode cinder_api_endpoint.to_s + endpoint_publicurl ::URI.decode cinder_api_endpoint.to_s + + action :create_endpoint +end + +openstack_identity_register "Register Cinder Service User" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + user_pass service_pass + user_enabled true # Not required as this is the default + + action :create_user +end + +openstack_identity_register "Grant service Role to Cinder Service User for Cinder Service Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + role_name service_role + + action :grant_role +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/scheduler.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/scheduler.rb new file mode 100644 index 000000000..8e5fcc9bb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/scheduler.rb @@ -0,0 +1,77 @@ +# +# Cookbook Name:: openstack-block-storage +# Recipe:: scheduler +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# Copyright 2013, SUSE Linux Gmbh. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-block-storage::cinder-common" + +platform_options = node["openstack"]["block-storage"]["platform"] + +platform_options["cinder_scheduler_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +# FIXME this can be removed if/when 1:2013.1-0ubuntu2 makes it into precise +if platform?("ubuntu") && (node["platform_version"].to_f == 12.04) + include_recipe "python" + python_pip "stevedore" do + action :upgrade + end +end + +db_type = node['openstack']['db']['volume']['db_type'] +platform_options["#{db_type}_python_packages"].each do |pkg| + package pkg do + action :upgrade + end +end + +service "cinder-scheduler" do + service_name platform_options["cinder_scheduler_service"] + supports :status => true, :restart => true + + action [ :enable, :start ] + subscribes :restart, "template[/etc/cinder/cinder.conf]" +end + +audit_bin_dir = platform?("ubuntu") ? "/usr/bin" : "/usr/local/bin" +audit_log = node["openstack"]["block-storage"]["cron"]["audit_logfile"] + +if node["openstack"]["metering"] + scheduler_role = node["openstack"]["block-storage"]["scheduler_role"] + results = search(:node, "roles:#{scheduler_role}") + cron_node = results.collect{|a| a.name}.sort[0] + Chef::Log.debug("Volume audit cron node: #{cron_node}") + + cron "cinder-volume-usage-audit" do + day node["openstack"]["block-storage"]["cron"]["day"] || '*' + hour node["openstack"]["block-storage"]["cron"]["hour"] || '*' + minute node["openstack"]["block-storage"]["cron"]["minute"] + month node["openstack"]["block-storage"]["cron"]["month"] || '*' + weekday node["openstack"]["block-storage"]["cron"]["weekday"] || '*' + command "#{audit_bin_dir}/cinder-volume-usage-audit > #{audit_log} 2>&1" + action cron_node == node.name ? :create : :delete + user node["openstack"]["block-storage"]["user"] + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/volume.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/volume.rb new file mode 100644 index 000000000..4d893f91e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/recipes/volume.rb @@ -0,0 +1,111 @@ +# +# Cookbook Name:: openstack-block-storage +# Recipe:: volume +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# Copyright 2013, SUSE Linux Gmbh. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-block-storage::cinder-common" + +platform_options = node["openstack"]["block-storage"]["platform"] + +platform_options["cinder_volume_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +db_type = node['openstack']['db']['volume']['db_type'] +platform_options["#{db_type}_python_packages"].each do |pkg| + package pkg do + action :upgrade + end +end + +platform_options["cinder_iscsitarget_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +case node["openstack"]["block-storage"]["volume"]["driver"] + when "cinder.volume.drivers.netapp.iscsi.NetAppISCSIDriver" + node.override["openstack"]["block-storage"]["netapp"]["dfm_password"] = service_password "netapp" + + when "cinder.volume.drivers.RBDDriver" + node.override["openstack"]["block-storage"]["rbd_secret_uuid"] = service_password "rbd" + + when "cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver" + node.override["openstack"]["block-storage"]["netapp"]["netapp_server_password"] = service_password "netapp-filer" + + directory node["openstack"]["block-storage"]["nfs"]["mount_point_base"] do + owner node["openstack"]["block-storage"]["user"] + group node["openstack"]["block-storage"]["group"] + action :create + end + + template node["openstack"]["block-storage"]["nfs"]["shares_config"] do + source "shares.conf.erb" + mode "0600" + owner node["openstack"]["block-storage"]["user"] + group node["openstack"]["block-storage"]["group"] + variables( + "host" => node["openstack"]["block-storage"]["netapp"]["netapp_server_hostname"], + "export" => node["openstack"]["block-storage"]["netapp"]["export"] + ) + notifies :restart, "service[cinder-volume]" + end + + platform_options["cinder_nfs_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end + end +end + +service "cinder-volume" do + service_name platform_options["cinder_volume_service"] + supports :status => true, :restart => true + + action [ :enable, :start ] + subscribes :restart, "template[/etc/cinder/cinder.conf]" +end + +service "iscsitarget" do + service_name platform_options["cinder_iscsitarget_service"] + supports :status => true, :restart => true + + action :enable +end + +template "/etc/tgt/targets.conf" do + source "targets.conf.erb" + mode 00600 + + notifies :restart, "service[iscsitarget]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-opensuse_spec.rb new file mode 100644 index 000000000..bcba515bd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-opensuse_spec.rb @@ -0,0 +1,38 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::api" do + before { block_storage_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-block-storage::api" + end + + it "installs cinder api packages" do + expect(@chef_run).to upgrade_package "openstack-cinder-api" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "python-mysql" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "python-mysql" + end + + it "starts cinder api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-cinder-api" + end + + expect_creates_policy_json( + "service[cinder-api]", "openstack-cinder", "openstack-cinder") + expect_creates_cinder_conf( + "service[cinder-api]", "openstack-cinder", "openstack-cinder") + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-redhat_spec.rb new file mode 100644 index 000000000..1e38cbc86 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api-redhat_spec.rb @@ -0,0 +1,33 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::api" do + before { block_storage_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-block-storage::api" + end + + it "installs cinder api packages" do + expect(@chef_run).to upgrade_package "python-cinderclient" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "MySQL-python" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "MySQL-python" + end + + it "starts cinder api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-cinder-api" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api_spec.rb new file mode 100644 index 000000000..c88335ec5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/api_spec.rb @@ -0,0 +1,139 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::api" do + before { block_storage_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-block-storage::api" + end + + expect_runs_openstack_common_logging_recipe + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + it "installs cinder api packages" do + expect(@chef_run).to upgrade_package "cinder-api" + expect(@chef_run).to upgrade_package "python-cinderclient" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "python-mysqldb" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "python-mysqldb" + end + + describe "/var/cache/cinder" do + before do + @dir = @chef_run.directory "/var/cache/cinder" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "cinder", "cinder" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end + + it "starts cinder api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "cinder-api" + end + + expect_creates_cinder_conf "service[cinder-api]", "cinder", "cinder" + + describe "cinder.conf" do + before do + @file = "/etc/cinder/cinder.conf" + end + + it "runs logging recipe if node attributes say to" do + expect(@chef_run).to create_file_with_content @file, + "log_config = /etc/openstack/logging.conf" + end + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).not_to create_file_with_content @file, + "log_config = /etc/openstack/logging.conf" + end + + it "has rbd driver settings" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"] = { + "driver" => "cinder.volume.drivers.RBDDriver" + } + end + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).to create_file_with_content @file, + /^rbd_/ + expect(chef_run).not_to create_file_with_content @file, + /^netapp_/ + end + + it "has netapp driver settings" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"] = { + "driver" => "cinder.volume.drivers.netapp.NetAppISCSIDriver" + } + end + chef_run.converge "openstack-block-storage::api" + + expect(chef_run).to create_file_with_content @file, + /^netapp_/ + expect(chef_run).not_to create_file_with_content @file, + /^rbd_/ + end + end + + it "runs db migrations" do + cmd = "cinder-manage db sync" + + expect(@chef_run).to execute_command cmd + end + + expect_creates_policy_json "service[cinder-api]", "cinder", "cinder" + + describe "api-paste.ini" do + before do + @file = @chef_run.template "/etc/cinder/api-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "cinder", "cinder" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has signing_dir" do + expect(@chef_run).to create_file_with_content @file.name, + "signing_dir = /var/cache/cinder/api" + end + + it "notifies cinder-api restart" do + expect(@file).to notify "service[cinder-api]", :restart + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-opensuse_spec.rb new file mode 100644 index 000000000..dcbca9c23 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-opensuse_spec.rb @@ -0,0 +1,18 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::cinder-common" do + before { block_storage_stubs } + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["openstack"]["mq"] = { + "host" => "127.0.0.1" + } + n.set["openstack"]["block-storage"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-block-storage::cinder-common" + end + + it "installs the openstack-cinder package" do + expect(@chef_run).to upgrade_package "openstack-cinder" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-redhat_spec.rb new file mode 100644 index 000000000..ad6ce9d88 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common-redhat_spec.rb @@ -0,0 +1,18 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::cinder-common" do + before { block_storage_stubs } + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS do |n| + n.set["openstack"]["mq"] = { + "host" => "127.0.0.1" + } + n.set["openstack"]["block-storage"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-block-storage::cinder-common" + end + + it "installs the openstack-cinder package" do + expect(@chef_run).to upgrade_package "openstack-cinder" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common_spec.rb new file mode 100644 index 000000000..6e88b4f95 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/cinder_common_spec.rb @@ -0,0 +1,110 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::cinder-common" do + before { block_storage_stubs } + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["mq"] = { + "host" => "127.0.0.1" + } + n.set["openstack"]["block-storage"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-block-storage::cinder-common" + end + + it "installs the cinder-common package" do + expect(@chef_run).to upgrade_package "cinder-common" + end + + describe "/etc/cinder" do + before do + @dir = @chef_run.directory "/etc/cinder" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "cinder", "cinder" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "750" + end + end + + describe "cinder.conf" do + before do + @file = @chef_run.template "/etc/cinder/cinder.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "cinder", "cinder" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has rabbit_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_host=127.0.0.1" + end + + it "does not have rabbit_hosts" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_hosts=" + end + + it "does not have rabbit_ha_queues" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_ha_queues=" + end + + it "has rabbit_port" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_port=5672" + end + + it "has rabbit_userid" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_userid=guest" + end + + it "has rabbit_password" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_password=rabbit-pass" + end + + it "has rabbit_virtual_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_virtual_host=/" + end + + describe "rabbit ha" do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["openstack"]["block-storage"]["rabbit"]["ha"] = true + end + @chef_run.converge "openstack-block-storage::cinder-common" + end + + it "has rabbit_hosts" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_hosts=1.1.1.1:5672,2.2.2.2:5672" + end + + it "has rabbit_ha_queues" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_ha_queues=True" + end + + it "does not have rabbit_host" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_host=127.0.0.1" + end + + it "does not have rabbit_port" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_port=5672" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/default_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/default_spec.rb new file mode 100644 index 000000000..3a77cb4ac --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/default_spec.rb @@ -0,0 +1,4 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::default" do +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/identity_registration_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/identity_registration_spec.rb new file mode 100644 index 000000000..e6ed35cc7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/identity_registration_spec.rb @@ -0,0 +1,82 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::identity_registration" do + before do + block_storage_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-block-storage::identity_registration" + end + + it "registers cinder volume service" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Cinder Volume Service" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_name => "cinder", + :service_type => "volume", + :service_description => "Cinder Volume Service", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "https://127.0.0.1:8776/v1/%(tenant_id)s", + :endpoint_internalurl => "https://127.0.0.1:8776/v1/%(tenant_id)s", + :endpoint_publicurl => "https://127.0.0.1:8776/v1/%(tenant_id)s", + :action => [:create_service] + ) + end + + it "registers cinder volume endpoint" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Cinder Volume Endpoint" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_name => "cinder", + :service_type => "volume", + :service_description => "Cinder Volume Service", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "https://127.0.0.1:8776/v1/%(tenant_id)s", + :endpoint_internalurl => "https://127.0.0.1:8776/v1/%(tenant_id)s", + :endpoint_publicurl => "https://127.0.0.1:8776/v1/%(tenant_id)s", + :action => [:create_endpoint] + ) + end + + it "registers service user" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Cinder Service User" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :user_name => "cinder", + :user_pass => "cinder-pass", + :user_enabled => true, + :action => [:create_user] + ) + end + + it "grants admin role to service user for service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Grant service Role to Cinder Service User for Cinder Service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :user_name => "cinder", + :role_name => "admin", + :action => [:grant_role] + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-opensuse_spec.rb new file mode 100644 index 000000000..42de173fe --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-opensuse_spec.rb @@ -0,0 +1,44 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::scheduler" do + before { block_storage_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-block-storage::scheduler" + end + + it "installs cinder api packages" do + expect(@chef_run).to upgrade_package "openstack-cinder-scheduler" + end + + it "does not upgrade stevedore" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).not_to upgrade_python_pip "stevedore" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "python-mysql" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "python-mysql" + end + + it "starts cinder scheduler" do + expect(@chef_run).to start_service "openstack-cinder-scheduler" + end + + it "starts cinder scheduler on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-cinder-scheduler" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-redhat_spec.rb new file mode 100644 index 000000000..e72d9f7cc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler-redhat_spec.rb @@ -0,0 +1,44 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::scheduler" do + before { block_storage_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-block-storage::scheduler" + end + + it "installs cinder api packages" do + expect(@chef_run).to upgrade_package "openstack-cinder" + end + + it "does not upgrade stevedore" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).not_to upgrade_python_pip "stevedore" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "MySQL-python" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "MySQL-python" + end + + it "starts cinder scheduler" do + expect(@chef_run).to start_service "openstack-cinder-scheduler" + end + + it "starts cinder scheduler on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-cinder-scheduler" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler_spec.rb new file mode 100644 index 000000000..8c167c61b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/scheduler_spec.rb @@ -0,0 +1,110 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::scheduler" do + before { block_storage_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-block-storage::scheduler" + end + + expect_runs_openstack_common_logging_recipe + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + it "installs cinder api packages" do + expect(@chef_run).to upgrade_package "cinder-scheduler" + end + + it "upgrades stevedore" do + expect(@chef_run).to upgrade_python_pip "stevedore" + end + + it "does not upgrade stevedore" do + opts = ::UBUNTU_OPTS.merge(:version => "10.04") + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).not_to upgrade_python_pip "stevedore" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "python-mysqldb" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::scheduler" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "python-mysqldb" + end + + it "starts cinder scheduler" do + expect(@chef_run).to start_service "cinder-scheduler" + end + + it "starts cinder scheduler on boot" do + expect(@chef_run).to set_service_to_start_on_boot "cinder-scheduler" + end + + it "doesn't run logging recipe" do + expect(@chef_run).to set_service_to_start_on_boot "cinder-scheduler" + end + + it "doesn't setup cron when no metering" do + expect(@chef_run.cron("cinder-volume-usage-audit")).to be_nil + end + + it "creates cron metering default" do + ::Chef::Recipe.any_instance.stub(:search). + with(:node, "roles:os-block-storage-scheduler"). + and_return([OpenStruct.new(:name => "fauxhai.local")]) + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["metering"] = true + end + chef_run.converge "openstack-block-storage::scheduler" + cron = chef_run.cron "cinder-volume-usage-audit" + bin_str="/usr/bin/cinder-volume-usage-audit > /var/log/cinder/audit.log" + expect(cron.command).to match(/#{bin_str}/) + crontests = [ [:minute, '00'], [:hour, '*'], [:day, '*'], + [:weekday, '*'], [:month, '*'], [:user, 'cinder'] ] + crontests.each do |k,v| + expect(cron.send(k)).to eq v + end + expect(cron.action).to include :create + end + + it "creates cron metering custom" do + crontests = [ [:minute, '50'], [:hour, '23'], [:day, '6'], + [:weekday, '5'], [:month, '11'], [:user, 'foobar'] ] + ::Chef::Recipe.any_instance.stub(:search). + with(:node, "roles:os-block-storage-scheduler"). + and_return([OpenStruct.new(:name => "foobar")]) + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["metering"] = true + crontests.each do |k,v| + n.set["openstack"]["block-storage"]["cron"][k.to_s] = v + end + n.set["openstack"]["block-storage"]["user"] = "foobar" + end + chef_run.converge "openstack-block-storage::scheduler" + cron = chef_run.cron "cinder-volume-usage-audit" + crontests.each do |k,v| + expect(cron.send(k)).to eq v + end + expect(cron.action).to include :delete + end + + expect_creates_cinder_conf "service[cinder-scheduler]", "cinder", "cinder" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/spec_helper.rb new file mode 100644 index 000000000..f24c71b2d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/spec_helper.rb @@ -0,0 +1,81 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def block_storage_stubs + ::Chef::Recipe.any_instance.stub(:rabbit_servers). + and_return "1.1.1.1:5672,2.2.2.2:5672" + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "openstack_identity_bootstrap_token"). + and_return "bootstrap-token" + ::Chef::Recipe.any_instance.stub(:db_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password). + with("guest"). + and_return "rabbit-pass" + ::Chef::Recipe.any_instance.stub(:service_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:service_password). + with("openstack-block-storage"). + and_return "cinder-pass" +end + +def expect_runs_openstack_common_logging_recipe + it "runs logging recipe if node attributes say to" do + expect(@chef_run).to include_recipe "openstack-common::logging" + end +end + +def expect_creates_cinder_conf service, user, group, action=:restart + describe "cinder.conf" do + before do + @file = @chef_run.template "/etc/cinder/cinder.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by user, group + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "notifies service restart" do + expect(@file).to notify service, action + end + end +end + +def expect_creates_policy_json service, user, group, action=:restart + describe "policy.json" do + before do + @file = @chef_run.template "/etc/cinder/policy.json" + end + + it "has proper owner" do + expect(@file).to be_owned_by user, group + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "notifies service restart" do + expect(@file).to notify service, action + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-opensuse_spec.rb new file mode 100644 index 000000000..e5b7537ba --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-opensuse_spec.rb @@ -0,0 +1,65 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::volume" do + before { block_storage_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-block-storage::volume" + end + + it "installs cinder volume packages" do + expect(@chef_run).to upgrade_package "openstack-cinder-volume" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "python-mysql" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "python-mysql" + end + + it "installs cinder iscsi packages" do + expect(@chef_run).to upgrade_package "tgt" + end + + it "starts cinder volume" do + expect(@chef_run).to start_service "openstack-cinder-volume" + end + + it "starts cinder volume on boot" do + expected = "openstack-cinder-volume" + expect(@chef_run).to set_service_to_start_on_boot expected + end + + it "starts iscsi target on boot" do + expect(@chef_run).to set_service_to_start_on_boot "tgtd" + end + + it "installs nfs packages" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver" + end + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to upgrade_package "nfs-utils" + expect(chef_run).not_to upgrade_package "nfs-utils-lib" + end + + it "has opensuse include" do + file = "/etc/tgt/targets.conf" + + expect(@chef_run).to create_file_with_content file, + "include /var/lib/cinder/volumes/*" + expect(@chef_run).not_to create_file_with_content file, + "include /etc/tgt/conf.d/*.conf" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-redhat_spec.rb new file mode 100644 index 000000000..0638f828d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume-redhat_spec.rb @@ -0,0 +1,61 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::volume" do + before { block_storage_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-block-storage::volume" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "MySQL-python" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "MySQL-python" + end + + it "installs cinder iscsi packages" do + expect(@chef_run).to upgrade_package "scsi-target-utils" + end + + it "starts cinder volume" do + expect(@chef_run).to start_service "openstack-cinder-volume" + end + + it "starts cinder volume on boot" do + expected = "openstack-cinder-volume" + expect(@chef_run).to set_service_to_start_on_boot expected + end + + it "starts iscsi target on boot" do + expect(@chef_run).to set_service_to_start_on_boot "tgtd" + end + + it "installs nfs packages" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver" + end + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to upgrade_package "nfs-utils" + expect(chef_run).to upgrade_package "nfs-utils-lib" + end + + it "has redhat include" do + file = "/etc/tgt/targets.conf" + + expect(@chef_run).to create_file_with_content file, + "include /var/lib/cinder/volumes/*" + expect(@chef_run).not_to create_file_with_content file, + "include /etc/tgt/conf.d/*.conf" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume_spec.rb new file mode 100644 index 000000000..73607913e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/spec/volume_spec.rb @@ -0,0 +1,121 @@ +require_relative "spec_helper" + +describe "openstack-block-storage::volume" do + before { block_storage_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-block-storage::volume" + end + + expect_runs_openstack_common_logging_recipe + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + it "installs cinder volume packages" do + expect(@chef_run).to upgrade_package "cinder-volume" + end + + it "installs mysql python packages by default" do + expect(@chef_run).to upgrade_package "python-mysqldb" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["db"]["volume"]["db_type"] = "postgresql" + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to upgrade_package "python-psycopg2" + expect(chef_run).not_to upgrade_package "python-mysqldb" + end + + it "installs cinder iscsi packages" do + expect(@chef_run).to upgrade_package "tgt" + end + + it "installs nfs packages" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver" + end + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to upgrade_package "nfs-common" + end + + it "creates the nfs mount point" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver" + end + chef_run.converge "openstack-block-storage::volume" + + expect(chef_run).to create_directory "/mnt/cinder-volumes" + end + + it "configures netapp dfm password" do + ::Chef::Recipe.any_instance.stub(:service_password).with("netapp"). + and_return "netapp-pass" + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.drivers.netapp.iscsi.NetAppISCSIDriver" + end + chef_run.converge "openstack-block-storage::volume" + n = chef_run.node["openstack"]["block-storage"]["netapp"]["dfm_password"] + + expect(n).to eq "netapp-pass" + end + + it "configures rbd password" do + ::Chef::Recipe.any_instance.stub(:service_password).with("rbd"). + and_return "rbd-pass" + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["block-storage"]["volume"]["driver"] = "cinder.volume.drivers.RBDDriver" + end + chef_run.converge "openstack-block-storage::volume" + n = chef_run.node["openstack"]["block-storage"]["rbd_secret_uuid"] + + expect(n).to eq "rbd-pass" + end + + it "starts cinder volume" do + expect(@chef_run).to start_service "cinder-volume" + end + + it "starts cinder volume on boot" do + expect(@chef_run).to set_service_to_start_on_boot "cinder-volume" + end + + expect_creates_cinder_conf "service[cinder-volume]", "cinder", "cinder" + + it "starts iscsi target on boot" do + expect(@chef_run).to set_service_to_start_on_boot "tgt" + end + + describe "targets.conf" do + before do + @file = @chef_run.template "/etc/tgt/targets.conf" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "notifies iscsi restart" do + expect(@file).to notify "service[iscsitarget]", :restart + end + + it "has ubuntu include" do + expect(@chef_run).to create_file_with_content @file.name, + "include /etc/tgt/conf.d/*.conf" + expect(@chef_run).not_to create_file_with_content @file.name, + "include /var/lib/cinder/volumes/*" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/api-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/api-paste.ini.erb new file mode 100644 index 000000000..bc1df7e6b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/api-paste.ini.erb @@ -0,0 +1,61 @@ +<%= node["openstack"]["block-storage"]["custom_template_banner"] %> + +############# +# Openstack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = faultwrap sizelimit noauth apiv1 +keystone = faultwrap sizelimit authtoken keystonecontext apiv1 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = faultwrap sizelimit noauth apiv2 +keystone = faultwrap sizelimit authtoken keystonecontext apiv2 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv2 + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +auth_host = <%= @identity_admin_endpoint.host %> +auth_port = <%= @identity_admin_endpoint.port %> +auth_protocol = <%= @identity_admin_endpoint.scheme %> +admin_tenant_name = <%= node["openstack"]["block-storage"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["block-storage"]["service_user"] %> +admin_password = <%= @service_pass %> +signing_dir = <%= node["openstack"]["block-storage"]["api"]["auth"]["cache_dir"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/cinder.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/cinder.conf.erb new file mode 100644 index 000000000..fb6fecf22 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/cinder.conf.erb @@ -0,0 +1,802 @@ +<%= node["openstack"]["block-storage"]["custom_template_banner"] %> + +[DEFAULT] + +######## defined in cinder.openstack.common.cfg:CommonConfigOpts ######## + +debug=<%= node["openstack"]["block-storage"]["debug"] %> +#### (BoolOpt) Print debugging output + +verbose=<%= node["openstack"]["block-storage"]["verbose"] %> +#### (BoolOpt) Print more verbose output + +# lock_path +lock_path=<%= node["openstack"]["block-storage"]["lock_path"] %> +notification_driver=cinder.openstack.common.notifier.rpc_notifier + +# log_config= +#### (StrOpt) If this option is specified, the logging configuration file +#### specified is used and overrides any other logging options +#### specified. Please see the Python logging module +#### documentation for details on logging configuration files. + +# log_format=%(asctime)s %(levelname)8s [%(name)s] %(message)s +#### (StrOpt) A logging.Formatter log message format string which may use +#### any of the available logging.LogRecord attributes. Default: +#### %default + +# log_date_format=%Y-%m-%d %H:%M:%S +#### (StrOpt) Format string for %(asctime)s in log records. Default: +#### %default + +# log_file= +#### (StrOpt) (Optional) Name of log file to output to. If not set, +#### logging will go to stdout. + +# log_dir= +#### (StrOpt) (Optional) The directory to keep log files in (will be +#### prepended to --logfile) + +# ================= Syslog Options ============================ + +<% if node["openstack"]["block-storage"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% end %> + +######## defined in cinder.flags ######## + +# connection_type= +#### (StrOpt) Virtualization api connection type : libvirt, xenapi, or +#### fake + +sql_connection=<%= @sql_connection %> +# sql_connection=sqlite:///$state_path/$sqlite_db +#### (StrOpt) The SQLAlchemy connection string used to connect to the +#### database + +# sql_connection_debug=0 +#### (IntOpt) Verbosity of SQL debugging information. 0=None, +#### 100=Everything + +# api_paste_config=api-paste.ini +#### (StrOpt) File name for the paste.deploy config for cinder-api + +# pybasedir=/usr/lib/python/site-packages +#### (StrOpt) Directory where the cinder python module is installed + +# bindir=$pybasedir/bin +#### (StrOpt) Directory where cinder binaries are installed + +state_path=<%= node["openstack"]["block-storage"]["volume"]["state_path"] %> +#### (StrOpt) Top-level directory for maintaining cinder's state + +my_ip=<%= node["ipaddress"] %> +#### (StrOpt) ip address of this host + +glance_host=<%= @glance_host %> +#### (StrOpt) default glance hostname or ip + +glance_port=<%= @glance_port %> +#### (IntOpt) default glance port + +# glance_api_servers=$glance_host:$glance_port +#### (ListOpt) A list of the glance api servers available to cinder +#### ([hostname|ip]:port) + +# glance_num_retries=0 +#### (IntOpt) Number retries when downloading an image from glance + +# scheduler_topic=cinder-scheduler +#### (StrOpt) the topic scheduler nodes listen on + +# volume_topic=cinder-volume +#### (StrOpt) the topic volume nodes listen on + +api_rate_limit=<%= node["openstack"]["block-storage"]["api"]["ratelimit"] %> +#### (BoolOpt) whether to rate limit the api + +# osapi_volume_ext_list= +#### (ListOpt) Specify list of extensions to load when using +#### osapi_volume_extension option with +#### cinder.api.openstack.volume.contrib.select_extensions + +# osapi_volume_extension=cinder.api.openstack.volume.contrib.standard_extensions +#### (MultiStrOpt) osapi volume extension to load + +# osapi_compute_link_prefix= +#### (StrOpt) Base URL that will be presented to users in links to the +#### OpenStack Compute API + +# osapi_max_limit=1000 +#### (IntOpt) the maximum number of items returned in a single response +#### from a collection resource + +# sqlite_db=cinder.sqlite +#### (StrOpt) the filename to use with sqlite + +# sqlite_synchronous=true +#### (BoolOpt) If passed, use synchronous mode for sqlite + +# sql_idle_timeout=3600 +#### (IntOpt) timeout before idle sql connections are reaped + +# sql_max_retries=10 +#### (IntOpt) maximum db connection retries during startup. (setting -1 +#### implies an infinite retry count) + +# sql_retry_interval=10 +#### (IntOpt) interval between retries of opening a sql connection + +# volume_manager=cinder.volume.manager.VolumeManager +#### (StrOpt) full class name for the Manager for volume + +# scheduler_manager=cinder.scheduler.manager.SchedulerManager +#### (StrOpt) full class name for the Manager for scheduler + +# host=cinder +#### (StrOpt) Name of this node. This can be an opaque identifier. It is +#### not necessarily a hostname, FQDN, or IP address. + +storage_availability_zone=<%= node["openstack"]["block-storage"]["storage_availability_zone"] %> +#### (StrOpt) availability zone of this node + +# memcached_servers= +#### (ListOpt) Memcached servers or None for in process cache. + +# volume_usage_audit_period=month +#### (StrOpt) time period to generate volume usages for. Time period must +#### be hour, day, month or year + +# root_helper=cinder-rootwrap +#### (StrOpt) Deprecated: command to use for running commands as root + +rootwrap_config=/etc/cinder/rootwrap.conf +#### (StrOpt) Path to the rootwrap configuration file to use for running +#### commands as root + +# monkey_patch=false +#### (BoolOpt) Whether to log monkey patching + +# monkey_patch_modules= +#### (ListOpt) List of modules/decorators to monkey patch + +# service_down_time=60 +#### (IntOpt) maximum time since last check-in for up service + +# volume_api_class=cinder.volume.api.API +#### (StrOpt) The full class name of the volume API class to use + +auth_strategy=keystone +#### (StrOpt) The strategy to use for auth. Supports noauth, keystone, and +#### deprecated. + +<% if node["openstack"]["block-storage"]["rabbit"]["control_exchange"] %> +control_exchange=<%=node["openstack"]["block-storage"]["rabbit"]["control_exchange"]%> +<% end %> +# control_exchange=cinder +#### (StrOpt) AMQP exchange to connect to if using RabbitMQ or Qpid + + +######## defined in cinder.policy ######## + +# policy_file=policy.json +#### (StrOpt) JSON file representing policy + +# policy_default_rule=default +#### (StrOpt) Rule checked when requested rule is not found + + +######## defined in cinder.quota ######## + +quota_volumes=<%= node["openstack"]["block-storage"]["quota_volumes"] %> +#### (IntOpt) number of volumes allowed per project + +quota_gigabytes=<%= node["openstack"]["block-storage"]["quota_gigabytes"] %> +#### (IntOpt) number of volume gigabytes allowed per project + +# reservation_expire=86400 +#### (IntOpt) number of seconds until a reservation expires + +# until_refresh=0 +#### (IntOpt) count of reservations until usage is refreshed + +# max_age=0 +#### (IntOpt) number of seconds between subsequent usage refreshes + +quota_driver=<%= node["openstack"]["block-storage"]["quota_driver"] %> +#### (StrOpt) default driver to use for quota checks + + +######## defined in cinder.service ######## + +# report_interval=10 +#### (IntOpt) seconds between nodes reporting state to datastore + +# periodic_interval=60 +#### (IntOpt) seconds between running periodic tasks + +# periodic_fuzzy_delay=60 +#### (IntOpt) range of seconds to randomly delay when starting the +#### periodic task scheduler to reduce stampeding. (Disable by +#### setting to 0) + +# osapi_volume_listen=0.0.0.0 +#### (StrOpt) IP address for OpenStack Volume API to listen + +# osapi_volume_listen_port=8776 +#### (IntOpt) port for os volume api to listen + + +######## defined in cinder.test ######## + +# sqlite_clean_db=clean.sqlite +#### (StrOpt) File name of clean sqlite db + +# fake_tests=true +#### (BoolOpt) should we use everything for testing + + +######## defined in cinder.api.auth ######## + +# use_forwarded_for=false +#### (BoolOpt) Treat X-Forwarded-For as the canonical remote address. Only +#### enable this if you have a sanitizing proxy. + + +######## defined in cinder.api.sizelimit ######## + +# osapi_max_request_body_size=114688 +#### (IntOpt) Max size for body of a request + + +######## defined in cinder.common.deprecated ######## + +# fatal_deprecations=false +#### (BoolOpt) make deprecations fatal + + +######## defined in cinder.db.api ######## + +db_backend=sqlalchemy +#### (StrOpt) The backend to use for db + +# enable_new_services=true +#### (BoolOpt) Services to be added to the available pool on create + +# volume_name_template=volume-%s +#### (StrOpt) Template string to be used to generate volume names + +# snapshot_name_template=snapshot-%s +#### (StrOpt) Template string to be used to generate snapshot names + + +######## defined in cinder.db.base ######## + +# db_driver=cinder.db +#### (StrOpt) driver to use for database access + + +######## defined in cinder.openstack.common.log ######## + +# logdir= +#### (StrOpt) Log output to a per-service log file in named directory + +# logfile= +#### (StrOpt) Log output to a named file + +# use_stderr=true +#### (BoolOpt) Log output to standard error + +# logfile_mode=0644 +#### (StrOpt) Default file mode used when creating log files + +# logging_context_format_string=%(asctime)s %(levelname)s %(name)s [%(request_id)s %(user_id)s %(project_id)s] %(instance)s%(message)s +#### (StrOpt) format string to use for log messages with context + +# logging_default_format_string=%(asctime)s %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s +#### (StrOpt) format string to use for log messages without context + +# logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d +#### (StrOpt) data to append to log format when level is DEBUG + +# logging_exception_prefix=%(asctime)s %(process)d TRACE %(name)s %(instance)s +#### (StrOpt) prefix each line of exception output with this format + +# default_log_levels=amqplib=WARN,sqlalchemy=WARN,boto=WARN,suds=INFO,keystone=INFO,eventlet.wsgi.server=WARN +#### (ListOpt) list of logger=LEVEL pairs + +# publish_errors=false +#### (BoolOpt) publish error events + +# instance_format="[instance: %(uuid)s] " +#### (StrOpt) If an instance is passed with the log message, format it +#### like this + +# instance_uuid_format="[instance: %(uuid)s] " +#### (StrOpt) If an instance UUID is passed with the log message, format +#### it like this + + +######## defined in cinder.openstack.common.notifier.api ######## + +#### (MultiStrOpt) Driver or drivers to handle sending notifications + +# default_notification_level=INFO +#### (StrOpt) Default notification level for outgoing notifications + +# default_publisher_id=$host +#### (StrOpt) Default publisher_id for outgoing notifications + + +######## defined in cinder.openstack.common.notifier.rabbit_notifier ######## + +# notification_topics=notifications +#### (ListOpt) AMQP topic used for openstack notifications + + +######## defined in cinder.openstack.common.rpc ######## + +# rpc_backend=cinder.openstack.common.rpc.impl_kombu +#### (StrOpt) The messaging module to use, defaults to kombu. + +# rpc_thread_pool_size=64 +#### (IntOpt) Size of RPC thread pool + +# rpc_conn_pool_size=30 +#### (IntOpt) Size of RPC connection pool + +# rpc_response_timeout=60 +#### (IntOpt) Seconds to wait for a response from call or multicall + +# rpc_cast_timeout=30 +#### (IntOpt) Seconds to wait before a cast expires (TTL). Only supported +#### by impl_zmq. + +# allowed_rpc_exception_modules=cinder.openstack.common.exception,nova.exception,cinder.exception +#### (ListOpt) Modules of exceptions that are permitted to be recreatedupon +#### receiving exception data from an rpc call. + +# fake_rabbit=false +#### (BoolOpt) If passed, use a fake RabbitMQ provider + + +######## defined in cinder.openstack.common.rpc.impl_kombu ######## + +# kombu_ssl_version= +#### (StrOpt) SSL version to use (valid only if SSL enabled) + +# kombu_ssl_keyfile= +#### (StrOpt) SSL key file (valid only if SSL enabled) + +# kombu_ssl_certfile= +#### (StrOpt) SSL cert file (valid only if SSL enabled) + +# kombu_ssl_ca_certs= +#### (StrOpt) SSL certification authority file (valid only if SSL enabled) + +<% if node["openstack"]["block-storage"]["rabbit"]["ha"] -%> +rabbit_hosts=<%= @rabbit_hosts %> +#### (ListOpt) RabbitMQ HA cluster host:port pairs + +# rabbit_durable_queues=false +#### (BoolOpt) use durable queues in RabbitMQ + +rabbit_ha_queues=True +#### (BoolOpt) use H/A queues in RabbitMQ (x-ha-policy: all).You need to +#### wipe RabbitMQ database when changing this option. +<% else -%> +rabbit_host=<%= node["openstack"]["block-storage"]["rabbit"]["host"] %> +#### (StrOpt) The RabbitMQ broker address where a single node is used + +rabbit_port=<%= node["openstack"]["block-storage"]["rabbit"]["port"] %> +#### (IntOpt) The RabbitMQ broker port where a single node is used +<% end -%> + +# rabbit_use_ssl=false +#### (BoolOpt) connect over SSL for RabbitMQ + +rabbit_userid=<%= node["openstack"]["block-storage"]["rabbit"]["username"] %> +#### (StrOpt) the RabbitMQ userid + +rabbit_password=<%= @rabbit_password %> +#### (StrOpt) the RabbitMQ password + +rabbit_virtual_host=<%= node["openstack"]["block-storage"]["rabbit"]["vhost"] %> +#### (StrOpt) the RabbitMQ virtual host + +# rabbit_retry_interval=1 +#### (IntOpt) how frequently to retry connecting with RabbitMQ + +# rabbit_retry_backoff=2 +#### (IntOpt) how long to backoff for between retries when connecting to +#### RabbitMQ + +# rabbit_max_retries=0 +#### (IntOpt) maximum retries with trying to connect to RabbitMQ (the +#### default of 0 implies an infinite retry count) + + +######## defined in cinder.openstack.common.rpc.impl_qpid ######## + +# qpid_hostname=localhost +#### (StrOpt) Qpid broker hostname + +# qpid_port=5672 +#### (StrOpt) Qpid broker port + +# qpid_username= +#### (StrOpt) Username for qpid connection + +# qpid_password= +#### (StrOpt) Password for qpid connection + +# qpid_sasl_mechanisms= +#### (StrOpt) Space separated list of SASL mechanisms to use for auth + +# qpid_reconnect=true +#### (BoolOpt) Automatically reconnect + +# qpid_reconnect_timeout=0 +#### (IntOpt) Reconnection timeout in seconds + +# qpid_reconnect_limit=0 +#### (IntOpt) Max reconnections before giving up + +# qpid_reconnect_interval_min=0 +#### (IntOpt) Minimum seconds between reconnection attempts + +# qpid_reconnect_interval_max=0 +#### (IntOpt) Maximum seconds between reconnection attempts + +# qpid_reconnect_interval=0 +#### (IntOpt) Equivalent to setting max and min to the same value + +# qpid_heartbeat=60 +#### (IntOpt) Seconds between connection keepalive heartbeats + +# qpid_protocol=tcp +#### (StrOpt) Transport to use, either 'tcp' or 'ssl' + +# qpid_tcp_nodelay=true +#### (BoolOpt) Disable Nagle algorithm + + +######## defined in cinder.openstack.common.rpc.impl_zmq ######## + +# rpc_zmq_bind_address=* +#### (StrOpt) ZeroMQ bind address. Should be a wildcard (*), an ethernet +#### interface, or IP. The "host" option should point or resolve +#### to this address. + +# rpc_zmq_matchmaker=cinder.openstack.common.rpc.matchmaker.MatchMakerLocalhost +#### (StrOpt) MatchMaker driver + +# rpc_zmq_port=9501 +#### (IntOpt) ZeroMQ receiver listening port + +# rpc_zmq_port_pub=9502 +#### (IntOpt) ZeroMQ fanout publisher port + +# rpc_zmq_contexts=1 +#### (IntOpt) Number of ZeroMQ contexts, defaults to 1 + +# rpc_zmq_ipc_dir=/var/run/openstack +#### (StrOpt) Directory for holding IPC sockets + +# rpc_zmq_host=cinder +#### (StrOpt) Name of this node. Must be a valid hostname, FQDN, or IP +#### address. Must match "host" option, if running Nova. + + +######## defined in cinder.openstack.common.rpc.matchmaker ######## + +# matchmaker_ringfile=/etc/nova/matchmaker_ring.json +#### (StrOpt) Matchmaker ring file (JSON) + + +######## defined in cinder.scheduler.driver ######## + +# scheduler_host_manager=cinder.scheduler.host_manager.HostManager +#### (StrOpt) The scheduler host manager class to use + + +######## defined in cinder.scheduler.manager ######## + +# scheduler_driver=cinder.scheduler.simple.SimpleScheduler +#### (StrOpt) Default driver to use for the scheduler + + +######## defined in cinder.scheduler.simple ######## + +max_gigabytes=<%= node["openstack"]["block-storage"]["max_gigabytes"] %> +#### (IntOpt) maximum number of volume gigabytes to allow per host + + +######## defined in cinder.volume.api ######## + +# snapshot_same_host=true +#### (BoolOpt) Create volume from snapshot at the host where snapshot +#### resides + + +######## defined in cinder.volume.driver ######## + +volume_group=<%= node["openstack"]["block-storage"]["volume"]["volume_group"] %> +#### (StrOpt) Name for the VG that will contain exported volumes + +# num_shell_tries=3 +#### (IntOpt) number of times to attempt to run flakey shell commands + +# num_iscsi_scan_tries=3 +#### (IntOpt) number of times to rescan iSCSI target to find volume + +# iscsi_num_targets=100 +#### (IntOpt) Number of iscsi target ids per host + +# iscsi_target_prefix=iqn.2010-10.org.openstack: +#### (StrOpt) prefix for iscsi volumes + +# iscsi_ip_address=$my_ip +#### (StrOpt) use this ip for iscsi + +# iscsi_port=3260 +#### (IntOpt) The port that the iSCSI daemon is listening on +<% if node["openstack"]["block-storage"]["volume"]["driver"] == "cinder.volume.drivers.RBDDriver" %> +rbd_pool=<%= node["openstack"]["block-storage"]["rbd_pool"] %> +#### (StrOpt) the RADOS pool in which rbd volumes are stored + +rbd_user=<%= node["openstack"]["block-storage"]["rbd_user"] %> +#### (StrOpt) the RADOS client name for accessing rbd volumes + +rbd_secret_uuid=<%= node["openstack"]["block-storage"]["rbd_secret_uuid"] %> +#### (StrOpt) the libvirt uuid of the secret for the rbd_uservolumes +<% end %> +# volume_tmp_dir= +#### (StrOpt) where to store temporary image files if the volume driver +#### does not write them directly to the volume + + +######## defined in cinder.volume.iscsi ######## + +iscsi_helper=<%= node["openstack"]["block-storage"]["volume"]["iscsi_helper"] %> +#### (StrOpt) iscsi target user-land tool to use + +# volumes_dir=$state_path/volumes +#### (StrOpt) Volume configuration file storage directory + + +######## defined in cinder.volume.manager ######## + +volume_driver=<%= node["openstack"]["block-storage"]["volume"]["driver"] %> +#### (StrOpt) Driver to use for volume creation + +# use_local_volumes=true +#### (BoolOpt) if True, will not discover local volumes + +# volume_force_update_capabilities=false +#### (BoolOpt) if True will force update capabilities on each check + + +######## defined in cinder.volume.netapp ######## + +<% if node["openstack"]["block-storage"]["volume"]["driver"] == "cinder.volume.drivers.netapp.NetAppISCSIDriver" %> +netapp_wsdl_url=<%= node["openstack"]["block-storage"]["netapp"]["protocol"] %>://<%= node["openstack"]["block-storage"]["netapp"]["dfm_hostname"] %>:<%= node["openstack"]["block-storage"]["netapp"]["dfm_web_port"] %>/dfm.wsdl +#### (StrOpt) URL of the WSDL file for the DFM server + +netapp_login=<%= node["openstack"]["block-storage"]["netapp"]["dfm_login"] %> +#### (StrOpt) User name for the DFM server + +netapp_password=<%= node["openstack"]["block-storage"]["netapp"]["dfm_password"] %> +#### (StrOpt) Password for the DFM server + +netapp_server_hostname=<%= node["openstack"]["block-storage"]["netapp"]["dfm_hostname"] %> +#### (StrOpt) Hostname for the DFM server + +netapp_server_port=<%= node["openstack"]["block-storage"]["netapp"]["dfm_port"] %> +#### (IntOpt) Port number for the DFM server + +netapp_storage_service=<%= node["openstack"]["block-storage"]["netapp"]["storage_service"] %> +#### (StrOpt) Storage service to use for provisioning (when +#### volume_type=None) + +# netapp_storage_service_prefix= +#### (StrOpt) Prefix of storage service name to use for provisioning +#### (volume_type name will be appended) + +# netapp_vfiler= +#### (StrOpt) Vfiler to use for provisioning +<% end %> + +######## defined in cinder.volume.netapp_nfs ######## +<% if node["openstack"]["block-storage"]["volume"]["driver"] == "cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver" %> + +nfs_mount_point_base=<%= node["openstack"]["block-storage"]["nfs"]["mount_point_base"] %> +<% node["openstack"]["block-storage"]["netapp"]["netapp_server_hostname"].each do |h| %> +netapp_server_hostname=<%= h %> +<% end %> +netapp_server_port=<%= node["openstack"]["block-storage"]["netapp"]["netapp_server_port"] %> +netapp_login=<%= node["openstack"]["block-storage"]["netapp"]["netapp_server_login"] %> +netapp_password=<%= node["openstack"]["block-storage"]["netapp"]["netapp_server_password"] %> +nfs_shares_config=<%= node["openstack"]["block-storage"]["nfs"]["shares_config"] %> +nfs_disk_util=<%= node["openstack"]["block-storage"]["nfs"]["nfs_disk_util"] %> +nfs_sparsed_volumes=<%= node["openstack"]["block-storage"]["nfs"]["nfs_sparsed_volumes"] %> + +<% end %> + +######## defined in cinder.volume.nexenta.volume ######## + +# nexenta_host= +#### (StrOpt) IP address of Nexenta SA + +# nexenta_rest_port=2000 +#### (IntOpt) HTTP port to connect to Nexenta REST API server + +# nexenta_rest_protocol=auto +#### (StrOpt) Use http or https for REST connection (default auto) + +# nexenta_user=admin +#### (StrOpt) User name to connect to Nexenta SA + +# nexenta_password=nexenta +#### (StrOpt) Password to connect to Nexenta SA + +# nexenta_iscsi_target_portal_port=3260 +#### (IntOpt) Nexenta target portal port + +# nexenta_volume=cinder +#### (StrOpt) pool on SA that will hold all volumes + +# nexenta_target_prefix=iqn.1986-03.com.sun:02:cinder- +#### (StrOpt) IQN prefix for iSCSI targets + +# nexenta_target_group_prefix=cinder/ +#### (StrOpt) prefix for iSCSI target groups on SA + +# nexenta_blocksize= +#### (StrOpt) block size for volumes (blank=default,8KB) + +# nexenta_sparse=false +#### (BoolOpt) flag to create sparse volumes + + +######## defined in cinder.volume.nfs ######## + +# nfs_shares_config= +#### (StrOpt) File with the list of available nfs shares + +# nfs_mount_point_base=$state_path/mnt +#### (StrOpt) Base dir where nfs expected to be mounted + +# nfs_disk_util=df +#### (StrOpt) Use du or df for free space calculation + +# nfs_sparsed_volumes=true +#### (BoolOpt) Create volumes as sparsed files which take no space.If set +#### to False volume is created as regular file.In such case +#### volume creation takes a lot of time. + + +######## defined in cinder.volume.san ######## + +# san_thin_provision=true +#### (BoolOpt) Use thin provisioning for SAN volumes? + +# san_ip= +#### (StrOpt) IP address of SAN controller + +# san_login=admin +#### (StrOpt) Username for SAN controller + +# san_password= +#### (StrOpt) Password for SAN controller + +# san_private_key= +#### (StrOpt) Filename of private key to use for SSH authentication + +# san_clustername= +#### (StrOpt) Cluster name to use for creating volumes + +# san_ssh_port=22 +#### (IntOpt) SSH port to use with SAN + +# san_is_local=false +#### (BoolOpt) Execute commands locally instead of over SSH; use if the +#### volume service is running on the SAN device + +# san_zfs_volume_base=rpool/ +#### (StrOpt) The ZFS path under which to create zvols for volumes. + + +######## defined in cinder.volume.solidfire ######## + +# sf_emulate_512=true +#### (BoolOpt) Set 512 byte emulation on volume creation; + +# sf_mvip= +#### (StrOpt) IP address of SolidFire MVIP + +# sf_login=admin +#### (StrOpt) Username for SF Cluster Admin + +# sf_password= +#### (StrOpt) Password for SF Cluster Admin + +# sf_allow_tenant_qos=true +#### (BoolOpt) Allow tenants to specify QOS on create + + +######## defined in cinder.volume.storwize_svc ######## + +# storwize_svc_volpool_name=volpool +#### (StrOpt) Storage system storage pool for volumes + +# storwize_svc_vol_rsize=2% +#### (StrOpt) Storage system space-efficiency parameter for volumes + +# storwize_svc_vol_warning=0 +#### (StrOpt) Storage system threshold for volume capacity warnings + +# storwize_svc_vol_autoexpand=true +#### (BoolOpt) Storage system autoexpand parameter for volumes (True/False) + +# storwize_svc_vol_grainsize=256 +#### (StrOpt) Storage system grain size parameter for volumes +#### (32/64/128/256) + +# storwize_svc_vol_compression=false +#### (BoolOpt) Storage system compression option for volumes + +# storwize_svc_vol_easytier=true +#### (BoolOpt) Enable Easy Tier for volumes + +# storwize_svc_flashcopy_timeout=120 +#### (StrOpt) Maximum number of seconds to wait for FlashCopy to be +#### prepared. Maximum value is 600 seconds (10 minutes). + + +######## defined in cinder.volume.xiv ######## + +# xiv_proxy=xiv_openstack.nova_proxy.XIVNovaProxy +#### (StrOpt) Proxy driver + + +######## defined in cinder.volume.zadara ######## + +# zadara_vpsa_ip= +#### (StrOpt) Management IP of Zadara VPSA + +# zadara_vpsa_port= +#### (StrOpt) Zadara VPSA port number + +# zadara_vpsa_use_ssl=false +#### (BoolOpt) Use SSL connection + +# zadara_user= +#### (StrOpt) User name for the VPSA + +# zadara_password= +#### (StrOpt) Password for the VPSA + +# zadara_vpsa_poolname= +#### (StrOpt) Name of VPSA storage pool for volumes + +# zadara_default_cache_policy=write-through +#### (StrOpt) Default cache policy for volumes + +# zadara_default_encryption=NO +#### (StrOpt) Default encryption policy for volumes + +# zadara_default_striping_mode=simple +#### (StrOpt) Default striping mode for volumes + +# zadara_default_stripesize=64 +#### (StrOpt) Default stripe size for volumes + +# zadara_vol_name_template=OS_%s +#### (StrOpt) Default template for VPSA volume names + +# zadara_vpsa_auto_detach_on_delete=true +#### (BoolOpt) Automatically detach from servers on volume delete + +# zadara_vpsa_allow_nonexistent_delete=true +#### (BoolOpt) Don't halt on deletion of non-existing volumes diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/policy.json.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/policy.json.erb new file mode 100644 index 000000000..fc07b12f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/policy.json.erb @@ -0,0 +1,34 @@ +{ + "context_is_admin": [<%= node["openstack"]["block-storage"]["policy"]["context_is_admin"] %>], + "admin_or_owner": [<%= node["openstack"]["block-storage"]["policy"]["admin_or_owner"] %>], + "default": [<%= node["openstack"]["block-storage"]["policy"]["default"] %>], + + "admin_api": [<%= node["openstack"]["block-storage"]["policy"]["admin_api"] %>], + + "volume:create": [], + "volume:get_all": [], + "volume:get_volume_metadata": [], + "volume:get_snapshot": [], + "volume:get_all_snapshots": [], + + "volume_extension:types_manage": [["rule:admin_api"]], + "volume_extension:types_extra_specs": [["rule:admin_api"]], + "volume_extension:extended_snapshot_attributes": [], + "volume_extension:volume_image_metadata": [], + + "volume_extension:quotas:show": [], + "volume_extension:quotas:update_for_project": [["rule:admin_api"]], + "volume_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]], + "volume_extension:quota_classes": [], + + "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]], + "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]], + "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]], + "volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]], + + "volume_extension:volume_host_attribute": [["rule:admin_api"]], + "volume_extension:volume_tenant_attribute": [["rule:admin_api"]], + "volume_extension:hosts": [["rule:admin_api"]], + "volume_extension:services": [["rule:admin_api"]], + "volume:services": [["rule:admin_api"]] +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/shares.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/shares.conf.erb new file mode 100644 index 000000000..e8b93f250 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/shares.conf.erb @@ -0,0 +1,4 @@ +# Automatically generated by chef, changes will be overwritten +<% node["openstack"]["block-storage"]["netapp"]["netapp_server_hostname"].each do |h| %> +<%= h %>:<%= @export %> +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/targets.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/targets.conf.erb new file mode 100644 index 000000000..fedbd7ffc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-block-storage/templates/default/targets.conf.erb @@ -0,0 +1,9 @@ +<%= node["openstack"]["block-storage"]["custom_template_banner"] %> + +<% if %w{redhat centos fedora suse}.include?(node["platform"]) %> +include /var/lib/cinder/volumes/* +<% end %> +<% if %w{debian ubuntu}.include?(node["platform"]) %> +include /etc/tgt/conf.d/*.conf +<% end %> +default-driver iscsi diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Berksfile new file mode 100644 index 000000000..850a120dc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Berksfile @@ -0,0 +1 @@ +metadata diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/CHANGELOG.md new file mode 100644 index 000000000..ee9e59949 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/CHANGELOG.md @@ -0,0 +1,76 @@ +# CHANGELOG for cookbook-openstack-common + +This file is used to list changes made in each version of cookbook-openstack-common. + +## 0.4.3: +* Corrected `#search_for` role and recipe queries. + +## 0.4.2: +* Remove hardcoded localhost for mysql host specification. + +## 0.4.1: +* Changed endpoint attributes to use http for default scheme. this is inline with + default settings in keystone. fine for dev, but should be ssl for prod. + +## 0.4.0: +* Remove `#config_by_role` as it is no longer used and no longer suits our needs. + +## 0.3.5: +* Reverted change made in 8311869e5b99fecefd567ce3f1ad1cbdf8d5c5c6. + +## 0.3.4: +* Allow `#search_for` to always returns an array. + +## 0.3.3: +* Incorrectly mocked search results, as a result `#search_for` was performing unnecessary + actions to an array. + +## 0.3.2: +* Fix network-api endpoint path + +## 0.3.1: +* Corrected a faulty Chef search query with `#config_by_role`. The search returns a + Hash, not an array. + +## 0.3.0: +* Added `#rabbit_servers` method, which returns a comma-delimited string of rabbit + servers in the format of host:port. +* The `#memcached_servers` method no longer accepts an environment. +* Re-factored methods which search to a generic `#search_for`. +* Added `#address_for` method, which returns the IPv4 (default) address of the given + interface. +* Added global mysql setting of port and db type, for use with wrapper cookbooks. +* Add default messaging attributes, for use with wrapper cookbooks. + +## 0.2.6: +* Update Chef dependency to Chef 11. + +## 0.2.5: +* Moved the default library to database, to better represent its duties. + +## 0.2.4: +* Break out #memcached_servers into separate library. + +## 0.2.3: +* Sort the results returned by #memcached_servers. + +## 0.2.2: +* Provides a mechanism to override memcache_servers search logic through node attributes. + +## 0.2.1: +* Adds a prettytable_to_array function for parsing OpenStack CLI output. + +## 0.2.0: +* First release of cookbook-openstack-common that aligns with the Grizzly packaging. +* Adds OpenStack Network endpoints. + +## 0.1.x: +* Folsom-based packaging. + +## 0.0.1: +* Initial release of cookbook-openstack-common. + +- - - +Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown. + +The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile new file mode 100644 index 000000000..7de4657f1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 1.4.5" +gem "chefspec", "~> 1.2.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile.lock new file mode 100644 index 000000000..08e2917e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Gemfile.lock @@ -0,0 +1,207 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + addressable (2.3.4) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (1.4.5) + activesupport (>= 3.2.0) + addressable + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + json (>= 1.5.0) + minitar + mixlib-config (~> 1.1) + mixlib-shellout (~> 1.1) + multi_json (~> 1.5) + retryable + ridley (~> 0.12.4) + solve (>= 0.4.2) + thor (~> 0.18.0) + yajl-ruby + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.2.0) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.8.4) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.8.1) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.1) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.4) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.6) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nokogiri (1.5.9) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rak (1.4) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (0.12.4) + addressable + celluloid (~> 0.14.0) + chozo (>= 0.6.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + mixlib-authentication (>= 1.3.0) + mixlib-config (>= 1.1.0) + mixlib-log (>= 1.3.0) + mixlib-shellout (>= 1.1.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + winrm (~> 1.1.0) + rspec (2.13.0) + rspec-core (~> 2.13.0) + rspec-expectations (~> 2.13.0) + rspec-mocks (~> 2.13.0) + rspec-core (2.13.1) + rspec-expectations (2.13.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.13.1) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.4.4) + json + strainer (2.1.0) + berkshelf (~> 1.3) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.0) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 1.4.5) + chef (~> 11.4.4) + chefspec (~> 1.2.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/LICENSE new file mode 100644 index 000000000..68c771a09 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/LICENSE @@ -0,0 +1,176 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/README.md new file mode 100644 index 000000000..641e596b3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/README.md @@ -0,0 +1,190 @@ +Description +=========== + +This cookbook provides common setup recipes, helper methods and attributes that describe an OpenStack deployment as part of the OpenStack reference deployment Chef for OpenStack. + +Requirements +============ + +* Chef 0.10.0 or higher required (for Chef environment use). + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* apt +* database + +Attributes +========== + +Please see the extensive inline documentation in `attributes/default.rb` for descriptions +of all the settable attributes for this cookbook. + +Note that all attributes are in the `default["openstack"]` "namespace" + +Libraries +========= + +This cookbook exposes a set of default library routines: + +* `endpoint` -- Used to return a `::URI` object representing the named OpenStack endpoint +* `endpoints` -- Useful for operating on all OpenStack endpoints +* `db` -- Returns a Hash of information about a named OpenStack database +* `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database +* `db_create_with_user` -- Creates a database and database user for a named OpenStack database +* `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section +* `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database +* `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service +* `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user + +Usage +----- + +default +---- + +Installs/Configures common recipes + +```json +"run_list": [ + "recipe[openstack-common]" +] +``` + +logging +---- + +Installs/Configures common logging + +```json +"run_list": [ + "recipe[openstack-common::logging]" +] +``` + +The following are code examples showing the above library routines in action. +Remember when using the library routines exposed by this library to include +the Openstack routines in your recipe's `::Chef::Recipe` namespace, like so: + +```ruby +class ::Chef::Recipe + include ::Openstack +end +``` + +Example of using the `endpoint` routine: + +```ruby +nova_api_ep = endpoint "compute-api" +::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}") + +# Note that endpoint URIs may contain variable interpolation markers such +# as `%(tenant_id)s`, so you may need to decode them. Do so like this: + +require "uri" + +puts ::URI.decode nova_api_ap.to_s +``` + +Example of using the `db_password` and `db_uri` routine: + +```ruby +db_pass = db_password "cinder" +db_user = node["cinder"]["db"]["user"] +sql_connection = db_uri "volume", db_user, db_pass + +template "/etc/cinder/cinder.conf" do + source "cinder.conf.erb" + owner node["cinder"]["user"] + group node["cinder"]["group"] + mode 00644 + variables( + "sql_connection" => sql_connection + ) +end +``` + +URI Operations +-------------- + +Use the `Openstack::uri_from_hash` routine to helpfully return a `::URI::Generic` +object for a hash that contains any of the following keys: + +* `host` +* `uri` +* `port` +* `path` +* `scheme` + +If the `uri` key is in the hash, that will be used as the URI, otherwise the URI will be +constructed from the various parts of the hash corresponding to the keys above. + +```ruby +# Suppose node hash contains the following subhash in the :identity_service key: +# { +# :host => 'identity.example.com', +# :port => 5000, +# :scheme => 'https' +# } +uri = ::Openstack::uri_from_hash(node[:identity_service]) +# uri.to_s would == "https://identity.example.com:5000" +``` + +The routine will return nil if neither a `uri` or `host` key exists in the supplied hash. + +Using the library without prefixing with ::Openstack +---------------------------------------------------- + +Don't like prefixing calls to the library's routines with `::Openstack`? Do this: + +```ruby +class ::Chef::Recipe + include ::Openstack +end +``` + +in your recipe. + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Jay Pipes () | +| **Author** | John Dewey () | +| **Author** | Matt Ray () | +| **Author** | Craig Tracey () | +| **Author** | Sean Gallagher () | +| **Author** | Ionut Artarisi () | +| | | +| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. | +| **Copyright** | Copyright (c) 2013, Opscode, Inc. | +| **Copyright** | Copyright (c) 2013, Craig Tracey | +| **Copyright** | Copyright (c) 2013, SUSE Linux GmbH | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/attributes/default.rb new file mode 100644 index 000000000..03d676c25 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/attributes/default.rb @@ -0,0 +1,322 @@ +# +# Cookbook Name:: openstack-common +# Attributes:: default +# +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Setting this to True means that database passwords and service user +# passwords for Keystone will be easy-to-remember values -- they will be +# the same value as the key. For instance, if a cookbook calls the +# ::Openstack::secret routine like so: +# +# pass = secret "passwords", "nova" +# +# The value of pass will be "nova" +default["openstack"]["developer_mode"] = false + +# The type of token signing to use (uuid or pki) +default["openstack"]["auth"]["strategy"] = "uuid" + +# Set to true where using self-signed certs (in testing environments) +default["openstack"]["auth"]["validate_certs"] = true + +# ========================= Encrypted Databag Setup =========================== +# +# The openstack-common cookbook's default library contains a `secret` +# routine that looks up the value of encrypted databag values. This routine +# uses the secret key file located at the following location to decrypt the +# values in the data bag. +default["openstack"]["secret"]["key_path"] = "/etc/chef/openstack_data_bag_secret" + +# The name of the encrypted data bag that stores service user passwords, with +# each key in the data bag corresponding to a named OpenStack service, like +# "nova", "cinder", etc. +default["openstack"]["secret"]["service_passwords_data_bag"] = "service_passwords" + +# The name of the encrypted data bag that stores DB passwords, with +# each key in the data bag corresponding to a named OpenStack database, like +# "nova", "cinder", etc. +default["openstack"]["secret"]["db_passwords_data_bag"] = "db_passwords" + +# The name of the encrypted data bag that stores Keystone user passwords, with +# each key in the data bag corresponding to a user (Keystone or otherwise). +default["openstack"]["secret"]["user_passwords_data_bag"] = "user_passwords" + +# ========================= Package and Repository Setup ====================== +# +# Various Linux distributions provide OpenStack packages and repositories. +# The provide some sensible defaults, but feel free to override per your +# needs. + +# The coordinated release of OpenStack codename +default["openstack"]["release"] = "grizzly" + +# The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For +# more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive. +# In the component strings, %codename% will be replaced by the value of +# the node["lsb"]["codename"] Ohai value and %release% will be replaced +# by the value of node["openstack"]["release"] +default["openstack"]["apt"]["uri"] = "http://ubuntu-cloud.archive.canonical.com/ubuntu" +default["openstack"]["apt"]["components"] = [ "precise-updates/grizzly", "main" ] +# For the SRU packaging, use this: +# default["openstack"]["apt"]["components"] = [ "%codename%-proposed/%release%", "main" ] + +default["openstack"]["zypp"]["repo-key"] = "05F4861F" # 32 bit key ID +default["openstack"]["zypp"]["uri"] = "http://download.opensuse.org/repositories/Cloud:/OpenStack:/%release%/%suse-release%/" + +#TODO(jaypipes): Do RHEL/Fedora platform family YUM setup + +# ======================== OpenStack Endpoints ================================ +# +# OpenStack recipes often need information about the various service +# endpoints in the deployment. For instance, the cookbook that deploys +# the Nova API service will need to set the glance_api_servers configuration +# option in the nova.conf, and the cookbook setting up the Glance image +# service might need information on the Swift proxy endpoint, etc. Having +# all of this related OpenStack endpoint information in a single set of +# common attributes in the openstack-common cookbook attributes means that +# instead of doing funky role-based lookups, a deployment zone's OpenStack +# endpoint information can simply be accessed by having the +# openstack-common::default recipe added to some base role definition file +# that all OpenStack nodes add to their run list. +# +# node['openstack']['endpoints'] is a hash of hashes, where each value hash +# contains one of more of the following keys: +# +# - scheme +# - uri +# - host +# - port +# - path +# +# If the uri key is set, its value is used as the full URI for the endpoint. +# If the uri key is not set, the endpoint's full URI is constructed from the +# component parts. This allows setups that use some standardized DNS names for +# OpenStack service endpoints in a deployment zone as well as setups that +# instead assign IP addresses (for an actual node or a load balanced virtual +# IP) in a network to a particular OpenStack service endpoint. + +# ******************** OpenStack Identity Endpoints *************************** + +# The OpenStack Identity (Keystone) API endpoint. This is commonly called +# the Keystone Service endpoint... +default['openstack']['endpoints']['identity-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['identity-api']['scheme'] = "http" +default['openstack']['endpoints']['identity-api']['port'] = "5000" +default['openstack']['endpoints']['identity-api']['path'] = "/v2.0" + +# The OpenStack Identity (Keystone) Admin API endpoint +default['openstack']['endpoints']['identity-admin']['host'] = "127.0.0.1" +default['openstack']['endpoints']['identity-admin']['scheme'] = "http" +default['openstack']['endpoints']['identity-admin']['port'] = "35357" +default['openstack']['endpoints']['identity-admin']['path'] = "/v2.0" + +# ****************** OpenStack Compute Endpoints ****************************** + +# The OpenStack Compute (Nova) Native API endpoint +default['openstack']['endpoints']['compute-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['compute-api']['scheme'] = "http" +default['openstack']['endpoints']['compute-api']['port'] = "8774" +default['openstack']['endpoints']['compute-api']['path'] = "/v2/%(tenant_id)s" + +# The OpenStack Compute (Nova) EC2 API endpoint +default['openstack']['endpoints']['compute-ec2-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['compute-ec2-api']['scheme'] = "http" +default['openstack']['endpoints']['compute-ec2-api']['port'] = "8773" +default['openstack']['endpoints']['compute-ec2-api']['path'] = "/services/Cloud" + +# The OpenStack Compute (Nova) EC2 Admin API endpoint +default['openstack']['endpoints']['compute-ec2-admin']['host'] = "127.0.0.1" +default['openstack']['endpoints']['compute-ec2-admin']['scheme'] = "http" +default['openstack']['endpoints']['compute-ec2-admin']['port'] = "8773" +default['openstack']['endpoints']['compute-ec2-admin']['path'] = "/services/Admin" + +# The OpenStack Compute (Nova) XVPvnc endpoint +default['openstack']['endpoints']['compute-xvpvnc']['host'] = "127.0.0.1" +default['openstack']['endpoints']['compute-xvpvnc']['scheme'] = "http" +default['openstack']['endpoints']['compute-xvpvnc']['port'] = "6081" +default['openstack']['endpoints']['compute-xvpvnc']['path'] = "/console" + +# The OpenStack Compute (Nova) novnc endpoint +default['openstack']['endpoints']['compute-novnc']['host'] = "127.0.0.1" +default['openstack']['endpoints']['compute-novnc']['scheme'] = "http" +default['openstack']['endpoints']['compute-novnc']['port'] = "6080" +default['openstack']['endpoints']['compute-novnc']['path'] = "/vnc_auto.html" + +# ******************** OpenStack Network Endpoints **************************** + +# The OpenStack Network (Quantum) API endpoint. +default['openstack']['endpoints']['network-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['network-api']['scheme'] = "http" +default['openstack']['endpoints']['network-api']['port'] = "9696" +# quantumclient appends the protocol version to the endpoint URL, so the +# path needs to be empty +default['openstack']['endpoints']['network-api']['path'] = "" + +# ******************** OpenStack Image Endpoints ****************************** + +# The OpenStack Image (Glance) API endpoint +default['openstack']['endpoints']['image-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['image-api']['scheme'] = "http" +default['openstack']['endpoints']['image-api']['port'] = "9292" +default['openstack']['endpoints']['image-api']['path'] = "/v2" + +# The OpenStack Image (Glance) Registry API endpoint +default['openstack']['endpoints']['image-registry']['host'] = "127.0.0.1" +default['openstack']['endpoints']['image-registry']['scheme'] = "http" +default['openstack']['endpoints']['image-registry']['port'] = "9191" +default['openstack']['endpoints']['image-registry']['path'] = "/v2" + +# ******************** OpenStack Volume Endpoints ***************************** + +# The OpenStack Volume (Cinder) API endpoint +default['openstack']['endpoints']['volume-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['volume-api']['scheme'] = "http" +default['openstack']['endpoints']['volume-api']['port'] = "8776" +default['openstack']['endpoints']['volume-api']['path'] = "/v1/%(tenant_id)s" + +# ******************** OpenStack Metering Endpoints *************************** + +# The OpenStack Metering (Ceilometer) API endpoint +default['openstack']['endpoints']['metering-api']['host'] = "127.0.0.1" +default['openstack']['endpoints']['metering-api']['scheme'] = "http" +default['openstack']['endpoints']['metering-api']['port'] = "8777" +default['openstack']['endpoints']['metering-api']['path'] = "/v1" + +# Alternately, if you used some standardized DNS naming scheme, you could +# do something like this, which would override any part-wise specifications above. +# +# default['openstack']['endpoints']['identity-api']['uri'] = "https://identity.example.com:35357/v2.0" +# default['openstack']['endpoints']['identity-admin']['uri'] = "https://identity.example.com:5000/v2.0" +# default['openstack']['endpoints']['compute-api']['uri'] = "https://compute.example.com:8774/v2/%(tenant_id)s" +# default['openstack']['endpoints']['compute-ec2-api']['uri'] = "https://ec2.example.com:8773/services/Cloud" +# default['openstack']['endpoints']['compute-ec2-admin']['uri'] = "https://ec2.example.com:8773/services/Admin" +# default['openstack']['endpoints']['compute-xvpvnc']['uri'] = "https://xvpvnc.example.com:6081/console" +# default['openstack']['endpoints']['compute-novnc']['uri'] = "https://novnc.example.com:6080/vnc_auto.html" +# default['openstack']['endpoints']['image-api']['uri'] = "https://image.example.com:9292/v2" +# default['openstack']['endpoints']['image-registry']['uri'] = "https://image.example.com:9191/v2" +# default['openstack']['endpoints']['volume-api']['uri'] = "https://volume.example.com:8776/v1/%(tenant_id)s" +# default['openstack']['endpoints']['metering-api']['uri'] = "https://metering.example.com:9000/v1" + +# ======================== OpenStack DB Support ================================ +# +# This section of node attributes stores information about the database hosts +# used in an OpenStack deployment. +# +# There is no 'scheme' key. Instead, there is a 'db_type' key that should +# contain one of 'sqlite', 'mysql', or 'postgresql' +# +# The ::Openstack::db() library routine allows a lookup from any recipe +# to this array, returning the host information for the server that contains +# the database for , where is one of 'compute' (Nova), +# 'image' (Glance), 'identity' (Keystone), 'network' (Quantum), or 'volume' (Cinder) +# +# The ::Openstack::db_connection(, , ) library routine +# returns the SQLAlchemy DB URI for , with the supplied user and password +# that a calling service might be using when connecting to the database. +# +# For example, let's assume that the database that is used by the OpenStack Identity +# service (Keystone) is configured as follows: +# +# host: 192.168.0.3 +# port: 3306 +# db_type: mysql +# db_name: keystone +# +# Further suppose that a node running the OpenStack Identity API service needs to +# connect to the above identity database server. It has the following in it's node +# attributes: +# +# node['db']['user'] = 'keystone' +# +# In a "keystone" recipe, you might find the following code: +# +# user = node['db']['user'] +# pass = secret 'passwords', 'keystone' +# +# sql_connection = ::Openstack::db_uri('identity', user, pass) +# +# The sql_connection variable would then be set to "mysql://keystone:password@192.168.0.3:keystone" +# and could then be written to the keystone.conf file in a template. + +# Default database attributes +default['openstack']['db']['server_role'] = "os-ops-database" +default['openstack']['db']['service_type'] = "mysql" +default['openstack']['db']['port'] = "3306" + +# Database used by the OpenStack Compute (Nova) service +default['openstack']['db']['compute']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['compute']['host'] = "127.0.0.1" +default['openstack']['db']['compute']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['compute']['db_name'] = "nova" + +# Database used by the OpenStack Identity (Keystone) service +default['openstack']['db']['identity']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['identity']['host'] = "127.0.0.1" +default['openstack']['db']['identity']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['identity']['db_name'] = "keystone" + +# Database used by the OpenStack Image (Glance) service +default['openstack']['db']['image']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['image']['host'] = "127.0.0.1" +default['openstack']['db']['image']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['image']['db_name'] = "glance" + +# Database used by the OpenStack Network (Quantum) service +default['openstack']['db']['network']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['network']['host'] = "127.0.0.1" +default['openstack']['db']['network']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['network']['db_name'] = "quantum" + +# Database used by the OpenStack Volume (Cinder) service +default['openstack']['db']['volume']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['volume']['host'] = "127.0.0.1" +default['openstack']['db']['volume']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['volume']['db_name'] = "cinder" + +# Database used by the OpenStack Dashboard (Horizon) +default['openstack']['db']['dashboard']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['dashboard']['host'] = "127.0.0.1" +default['openstack']['db']['dashboard']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['dashboard']['db_name'] = "horizon" + +# Database used by OpenStack Metering (Ceilometer) +default['openstack']['db']['metering']['db_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['metering']['host'] = "127.0.0.1" +default['openstack']['db']['metering']['port'] = node['openstack']['db']['port'] +default['openstack']['db']['metering']['db_name'] = "ceilometer" + +# Switch to store the MySQL root password in a databag instead of +# using the generated OpenSSL cookbook secure_password one. +default['openstack']['db']['root_user_use_databag'] = false + +# If above root_user_use_databag is true, the below string +# will be passed to the user_password library routine. +default['openstack']['db']['root_user_key'] = 'mysqlroot' + +# logging.conf list keypairs module_name => log level to write +default['openstack']['logging']['ignore'] = {'nova.api.openstack.wsgi' => 'WARNING', + 'nova.osapi_compute.wsgi.server' => 'WARNING'} + +default['openstack']['memcached_servers'] = nil + +# Default database attributes +default["openstack"]["mq"]["server_role"] = "os-ops-messaging" +default["openstack"]["mq"]["service_type"] = "rabbitmq" +default["openstack"]["mq"]["port"] = "5672" +default["openstack"]["mq"]["user"] = "guest" +default["openstack"]["mq"]["vhost"] = "/" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/database.rb new file mode 100644 index 000000000..089d0f719 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/database.rb @@ -0,0 +1,102 @@ +# +# Cookbook Name:: openstack-common +# library:: default +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module ::Openstack + # Library routine that uses the database cookbook to create the + # service's database and grant read/write access to the + # given user and password. + # + # A privileged "super user" and password is determined from the + # underlying database cookbooks. For instance, if a MySQL database + # is used, the node["mysql"]["server_root_password"] is used along + # with the "root" (super)user. + def db_create_with_user service, user, pass + root_user_use_databag = node['openstack']['db']['root_user_use_databag'] + info = db service + if info + host = info['host'] + port = info['port'].to_s + type = info['db_type'] + db_name = info['db_name'] + case type + when "postgresql", "pgsql" + include_recipe "database::postgresql" + db_prov = ::Chef::Provider::Database::Postgresql + user_prov = ::Chef::Provider::Database::PostgresqlUser + super_user = "postgres" + if root_user_use_databag + user_key = node['openstack']['db']['root_user_key'] + super_password = user_password user_key + else + super_password = node['postgresql']['password']['postgres'] + end + when "mysql" + # we have to install the 'mysql' gem, otherwise the provider won't work + include_recipe "database::mysql" + db_prov = ::Chef::Provider::Database::Mysql + user_prov = ::Chef::Provider::Database::MysqlUser + super_user = "root" + + if root_user_use_databag + user_key = node['openstack']['db']['root_user_key'] + super_password = user_password user_key + else + super_password = node['mysql']['server_root_password'] + end + else + ::Chef::Log.error("Unsupported database type #{type}") + end + + connection_info = { + :host => host, + :port => port.to_i, + :username => super_user, + :password => super_password + } + + # create database + database "create #{db_name} database" do + provider db_prov + connection connection_info + database_name db_name + action :create + end + + # create user + database_user user do + provider user_prov + connection connection_info + password pass + action :create + end + + # grant privs to user + database_user user do + provider user_prov + connection connection_info + password pass + database_name db_name + host '%' + privileges [:all] + action :grant + end + end + info + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/endpoints.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/endpoints.rb new file mode 100644 index 000000000..92812fa13 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/endpoints.rb @@ -0,0 +1,86 @@ +# +# Cookbook Name:: openstack-common +# library:: endpoints +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +module ::Openstack + # Shortcut to get the full URI for an endpoint. If the "uri" key isn't + # set in the endpoint hash, we use the ::Openstack.get_uri_from_mash + # library routine from the openstack-common cookbook to grab a URI object + # and construct the URI object from the endpoint parts. + def endpoint name + ep = endpoint_for name + if ep && ep['uri'] + ::URI.parse ::URI.encode(ep['uri']) + elsif ep + uri_from_hash ep + end + end + + # Useful for iterating over the OpenStack endpoints + def endpoints &block + node['openstack']['endpoints'].each do | name, info | + block.call(name, info) + end + rescue + nil + end + + # Instead of specifying the verbose node["openstack"]["db"][service], + # this shortcut allows the simpler and shorter db(service), where + # service is one of 'compute', 'image', 'identity', 'network', + # and 'volume' + def db service + node['openstack']['db'][service] + rescue + nil + end + + # Shortcut to get the SQLAlchemy DB URI for a named service + def db_uri service, user, pass + info = db(service) + if info + host = info['host'] + port = info['port'].to_s + type = info['db_type'] + name = info['db_name'] + if type == "pgsql" + # Normalize to the SQLAlchemy standard db type identifier + type = "postgresql" + end + case type + when "mysql", "postgresql" + result = "#{type}://#{user}:#{pass}@#{host}:#{port}/#{name}" + when "sqlite" + # SQLite uses filepaths not db name + path = info['path'] + result = "sqlite://#{path}" + end + end + end + +private + # Instead of specifying the verbose node["openstack"]["endpoints"][name], + # this shortcut allows the simpler and shorter endpoint(name) + def endpoint_for name + node['openstack']['endpoints'][name] + rescue + nil + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/network.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/network.rb new file mode 100644 index 000000000..fca7e28b5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/network.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: openstack-common +# library:: address +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module ::Openstack + # return the IPv4 (default) address of the given interface. + # + # @param [String] interface The interface to query. + # @param [String] family The protocol family to use. + # @return [String] The IPv4 address. + def address_for interface, family="inet" + interface_node = node["network"]["interfaces"][interface]["addresses"] + interface_node.select do |address, data| + if data['family'] == family + return address + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/parse.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/parse.rb new file mode 100644 index 000000000..50f0ffa15 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/parse.rb @@ -0,0 +1,63 @@ +# +# Cookbook Name:: openstack-common +# library:: parse +# +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module ::Openstack + + # The current state of (at least some) OpenStack CLI tools do not provide a + # mechanism for outputting data in formats other than PrettyTable output. + # Therefore this function is intended to parse PrettyTable output into a + # usable array of hashes. Similarly, it will flatten Property/Value tables + # into a single element array. + # table - the raw PrettyTable output of the CLI command + # output - array of hashes representing the data. + def prettytable_to_array table + ret = [] + return ret if table == nil + indicies = [] + (table.split(/$/).collect{|x| x.strip}).each { |line| + unless line.start_with?('+--') or line.empty? + cols = line.split('|').collect{|x| x.strip} + cols.shift + if indicies == [] + indicies = cols + next + end + newobj = {} + cols.each { |val| + newobj[indicies[newobj.length]] = val + } + ret.push(newobj) + end + } + + # this kinda sucks, but some prettytable data comes + # as Property Value pairs. If this is the case, then + # flatten it as expected. + newobj = {} + if indicies == ['Property', 'Value'] + ret.each { |x| + newobj[x['Property']] = x['Value'] + } + [newobj] + else + ret + end + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/passwords.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/passwords.rb new file mode 100644 index 000000000..9e58e16d7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/passwords.rb @@ -0,0 +1,71 @@ +# +# Cookbook Name:: openstack-common +# library:: passwords +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module ::Openstack + # Library routine that returns an encrypted data bag value + # for a supplied string. The key used in decrypting the + # encrypted value should be located at + # node["openstack"]["secret"]["key_path"]. + # + # Note that if node["openstack"]["developer_mode"] is true, + # then the value of the index parameter is just returned as-is. This + # means that in developer mode, if a cookbook does this: + # + # class Chef + # class Recipe + # include ::Openstack + # end + # end + # + # nova_password = secret "passwords", "nova" + # + # That means nova_password will == "nova". + def secret bag_name, index + if node["openstack"]["developer_mode"] + return index + end + key_path = node["openstack"]["secret"]["key_path"] + ::Chef::Log.info "Loading encrypted databag #{bag_name}.#{index} using key at #{key_path}" + secret = ::Chef::EncryptedDataBagItem.load_secret key_path + ::Chef::EncryptedDataBagItem.load(bag_name, index, secret)[index] + end + + # Ease-of-use/standardization routine that returns a service password + # for a named OpenStack service. Note that databases are named + # after the OpenStack project nickname, like "nova" or "glance" + def service_password service + bag = node["openstack"]["secret"]["service_passwords_data_bag"] + secret bag, service + end + + # Ease-of-use/standardization routine that returns a database password + # for a named OpenStack database. Note that databases are named + # after the OpenStack project nickname, like "nova" or "glance" + def db_password service + bag = node["openstack"]["secret"]["db_passwords_data_bag"] + secret bag, service + end + + # Ease-of-use/standardization routine that returns a password + # for a user. + def user_password user + bag = node["openstack"]["secret"]["user_passwords_data_bag"] + secret bag, user + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/search.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/search.rb new file mode 100644 index 000000000..8e97c6e2d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/search.rb @@ -0,0 +1,79 @@ +# +# Cookbook Name:: openstack-common +# library:: search +# +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module ::Openstack + # Search the nodes environment for the given role or recipe. + # + # @param [String] The role or recipe to be found. + # @return [Array] The matching result or an empty list. + def search_for r, &block + role_query = "(chef_environment:#{node.chef_environment} AND roles:#{r})" + recipe_query = "(chef_environment:#{node.chef_environment} AND recipes:#{r})".sub("::","\\:\\:") + query = "#{role_query} OR #{recipe_query}" + + resp = search(:node, query, &block) + resp ? resp : [] + end + + # Returns the value for ["openstack"]["memcached_servers"] when + # set, otherwise will perform a search. + # + # @param [String] role The role to be found (optional). + # @return [Array] A list of memcached servers in format + # ':'. + def memcached_servers role="infra-caching" + unless node['openstack']['memcached_servers'] + search_for(role).map do |n| + listen = n['memcached']['listen'] + port = n['memcached']['port'] || "11211" + + "#{listen}:#{port}" + end.sort + else + node['openstack']['memcached_servers'].length != 0 ? + node['openstack']['memcached_servers'] : [] + end + end + + # Returns all rabbit servers. + # Uses the value for ["openstack"]["mq"]["servers"] when set, otherwise + # will perform a search. + # + # @return [String] Rabbit servers joined by a comma in + # the format of ':'. + def rabbit_servers + if node["openstack"]["mq"]["servers"] + servers = node["openstack"]["mq"]["servers"] + port = node["openstack"]["mq"]["port"] + + servers.map { |s| "#{s}:#{port}" }.join "," + else + role = node["openstack"]["mq"]["server_role"] + search_for(role).map do |n| + # The listen attribute should be saved to the node + # in the wrapper cookbook. See the reference cookbook + # openstack-ops-messaging. + address = n["openstack"]["mq"]["listen"] + port = n["openstack"]["mq"]["port"] + + "#{address}:#{port}" + end.sort.join "," + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/uri.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/uri.rb new file mode 100644 index 000000000..15d255e92 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/libraries/uri.rb @@ -0,0 +1,56 @@ +# +# Cookbook Name:: openstack-common +# library:: uri +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +module ::Openstack + # Returns a uri::URI from a hash. If the hash has a "uri" key, the value + # of that is returned. If not, then the routine attempts to construct + # the URI from other parts of the hash, notably looking for keys of + # "host", "port", "scheme", and "path" to construct the URI. + # + # Returns nil if neither "uri" or "host" keys exist in the supplied + # hash. + def uri_from_hash hash + if hash['uri'] + ::URI.parse hash['uri'] + else + return nil unless hash['host'] + + scheme = hash['scheme'] ? hash['scheme'] : "http" + host = hash['host'] + port = hash['port'] # Returns nil if missing, which is fine. + path = hash['path'] # Returns nil if missing, which is fine. + ::URI::Generic.new scheme, nil, host, port, nil, path, nil, nil, nil + end + end + + # Helper for joining URI paths. The standard URI::join method is not + # intended for joining URI relative path segments. This function merely + # helps to accurately join supplied paths. + def uri_join_paths(*paths) + return nil if paths.length == 0 + leadingslash = paths[0][0] == '/' ? '/' : '' + trailingslash = paths[-1][-1] == '/' ? '/' : '' + paths.map! { |path| + path = path.sub(/^\/+/,'').sub(/\/+$/,'') + } + leadingslash + paths.join('/') + trailingslash + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/metadata.rb new file mode 100644 index 000000000..e02648663 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/metadata.rb @@ -0,0 +1,17 @@ +name "openstack-common" +maintainer "AT&T Services, Inc." +maintainer_email "cookbooks@lists.tfoundry.com" +license "Apache 2.0" +description "Common OpenStack attributes, libraries and recipes." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.4.3" + +recipe "openstack-common", "Installs/Configures common recipes" +recipe "openstack-common::logging", "Installs/Configures common logging" + +%w{ ubuntu suse }.each do |os| + supports os +end + +depends "apt" +depends "database" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/default.rb new file mode 100644 index 000000000..065342ab5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/default.rb @@ -0,0 +1,88 @@ +# +# Cookbook Name:: openstack-common +# library:: default +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node["platform_family"] +when "debian" + package "ubuntu-cloud-keyring" do + action :install + end + + apt_uri = node["openstack"]["apt"]["uri"] + apt_components = node["openstack"]["apt"]["components"] + + # Simple variable substitution for LSB codename and OpenStack release + apt_components.each do | comp | + comp = comp.gsub "%release%", node["openstack"]["release"] + comp = comp.gsub "%codename%", node["lsb"]["codename"] + end + + apt_repository "openstack-ppa" do + uri node["openstack"]["apt"]["uri"] + components apt_components + end + +when "suse" + if node["lsb"]["description"].nil? + # Workaround for SLE11 + # + # On SLE11 ohai is broken and prefers lsb-release. We need to + # install it to be able to detect if recipe is run on openSUSE or SLES. + # + # https://bugzilla.novell.com/show_bug.cgi?id=809129 + # + # + install_lsb_release = package "lsb-release" do + action :nothing + end + reload_ohai = ohai "reload_lsb" do + action :nothing + end + install_lsb_release.run_action(:install) + reload_ohai.run_action(:reload) + end + if node["lsb"]["description"][/^SUSE Linux Enterprise Server/] + release, patchlevel = node["platform_version"].split(".") + zypp_release = "SLE_#{release}_SP#{patchlevel}" + elsif node["lsb"]["description"][/^openSUSE/] + zypp_release = "openSUSE_" + node["lsb"]["release"] + end + zypp = node["openstack"]["zypp"] + repo_uri = zypp["uri"].gsub( + "%release%", node["openstack"]["release"].capitalize) + repo_uri.gsub! "%suse-release%", zypp_release + repo_alias = "Cloud:OpenStack:" + node["openstack"]["release"].capitalize + + # TODO(iartarisi) this should be moved to its own cookbook + bash "add repository key" do + cwd "/tmp" + code <<-EOH + gpg --keyserver pgp.mit.edu --recv-keys #{zypp["repo-key"]} + gpg --armor --export #{zypp["repo-key"]} > cloud.asc + rpm --import cloud.asc + rm -f cloud.asc + EOH + + not_if { `rpm -qa gpg-pubkey*`.include? zypp["repo-key"].downcase } + end + + execute "add repository" do + command "zypper addrepo --check #{repo_uri} #{repo_alias}" + not_if { `zypper repos --export -`.include? repo_uri } + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/logging.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/logging.rb new file mode 100644 index 000000000..877ff5f73 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/recipes/logging.rb @@ -0,0 +1,32 @@ +# +# Cookbook Name:: openstack-common +# library:: logging +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +directory "/etc/openstack" do + owner "root" + group "root" + mode 00755 + action :create +end + +template "/etc/openstack/logging.conf" do + source "logging.conf.erb" + owner "root" + group "root" + mode 00644 +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/database_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/database_spec.rb new file mode 100644 index 000000000..5b3f0fa77 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/database_spec.rb @@ -0,0 +1,39 @@ +require_relative "spec_helper" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "database" + +describe ::Openstack do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::CHEFSPEC_OPTS + @chef_run.converge "openstack-common::default" + @subject = ::Object.new.extend ::Openstack + @subject.stub :include_recipe + end + + describe "#db_create_with_user" do + it "returns nil when no such service was found" do + @subject.stub(:node).and_return @chef_run.node + @subject.db_create_with_user("nonexisting", "user", "pass").should be_nil + end + + it "returns db info and creates database with user when service found" do + @subject.stub(:database).and_return {} + @subject.stub(:database_user).and_return {} + @subject.stub(:node).and_return @chef_run.node + result = @subject.db_create_with_user "compute", "user", "pass" + result['host'].should == "127.0.0.1" + result['port'].should == "3306" + end + + it "creates database" do + pending "TODO: test this LWRP" + end + + it "creates database user" do + pending "TODO: test this LWRP" + end + + it "grants privs to database user" do + pending "TODO: test this LWRP" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default-suse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default-suse_spec.rb new file mode 100644 index 000000000..d0d011806 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default-suse_spec.rb @@ -0,0 +1,9 @@ +require_relative "spec_helper" + +describe "openstack-common::default" do + describe "suse" do + it "configures openstack repository" do + pending "TODO: implement" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default_spec.rb new file mode 100644 index 000000000..c2509451c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/default_spec.rb @@ -0,0 +1,24 @@ +require_relative "spec_helper" + +describe "openstack-common::default" do + describe "ubuntu" do + before do + opts = ::UBUNTU_OPTS.merge :step_into => ["apt_repository"] + @chef_run = ::ChefSpec::ChefRunner.new(opts) do |n| + n.set["lsb"]["codename"] = "precise" + end + @chef_run.converge "openstack-common::default" + end + + it "installs ubuntu-cloud-keyring package" do + expect(@chef_run).to install_package "ubuntu-cloud-keyring" + end + + it "configures openstack repository" do + file = "/etc/apt/sources.list.d/openstack-ppa.list" + expected = "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main" + + expect(@chef_run).to create_file_with_content file, expected + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/endpoints_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/endpoints_spec.rb new file mode 100644 index 000000000..db4928580 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/endpoints_spec.rb @@ -0,0 +1,133 @@ +require_relative "spec_helper" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "endpoints" + +describe ::Openstack do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::CHEFSPEC_OPTS + @chef_run.converge "openstack-common::default" + @subject = ::Object.new.extend ::Openstack + end + + describe "#endpoint" do + it "returns nil when no openstack.endpoints not in node attrs" do + @subject.stub(:node).and_return {} + @subject.endpoint("nonexisting").should be_nil + end + it "returns nil when no such endpoint was found" do + @subject.stub(:node).and_return @chef_run.node + @subject.endpoint("nonexisting").should be_nil + end + it "handles a URI needing escaped" do + uri_hash = { + "openstack" => { + "endpoints" => { + "compute-api" => { + "uri" => "http://localhost:8080/v2/%(tenant_id)s" + } + } + } + } + @subject.stub(:node).and_return uri_hash + result = @subject.endpoint "compute-api" + result.path.should == "/v2/%25(tenant_id)s" + end + it "returns endpoint URI object when uri key in endpoint hash" do + uri_hash = { + "openstack" => { + "endpoints" => { + "compute-api" => { + "uri" => "http://localhost:8080/path" + } + } + } + } + @subject.stub(:node).and_return uri_hash + result = @subject.endpoint "compute-api" + result.port.should == 8080 + end + it "returns endpoint URI string when uri key in endpoint hash and host also in hash" do + uri_hash = { + "openstack" => { + "endpoints" => { + "compute-api" => { + "uri" => "http://localhost", + "host" => "ignored" + } + } + } + } + @subject.stub(:node).and_return uri_hash + @subject.endpoint("compute-api").to_s.should == "http://localhost" + end + it "returns endpoint URI object when uri key not in endpoint hash but host is in hash" do + @subject.should_receive(:uri_from_hash).with({"host"=>"localhost", "port"=>"8080"}) + uri_hash = { + "openstack" => { + "endpoints" => { + "compute-api" => { + "host" => "localhost", + "port" => "8080" + } + } + } + } + @subject.stub(:node).and_return uri_hash + @subject.endpoint "compute-api" + end + end + + describe "#endpoints" do + it "does nothing when no endpoints" do + @subject.stub(:node).and_return {} + @subject.endpoints.should be_nil + end + it "does nothing when empty endpoints" do + @subject.stub(:node).and_return({"openstack" => { "endpoints" => {}}}) + @count = 0 + @subject.endpoints do | ep | + @count += 1 + end + @count.should == 0 + end + it "executes block count when have endpoints" do + @subject.stub(:node).and_return @chef_run.node + @count = 0 + @subject.endpoints do |ep| + @count += 1 + end + @count.should >= 1 + end + end + + describe "#db" do + it "returns nil when no openstack.db not in node attrs" do + @subject.stub(:node).and_return {} + @subject.db("nonexisting").should be_nil + end + it "returns nil when no such service was found" do + @subject.stub(:node).and_return @chef_run.node + @subject.db("nonexisting").should be_nil + end + it "returns db info hash when service found" do + @subject.stub(:node).and_return @chef_run.node + @subject.db("compute")['host'].should == "127.0.0.1" + @subject.db("compute").has_key?("uri").should be_false + end + end + + describe "#db_uri" do + it "returns nil when no openstack.db not in node attrs" do + @subject.stub(:node).and_return {} + @subject.db_uri("nonexisting", "user", "pass").should be_nil + end + it "returns nil when no such service was found" do + @subject.stub(:node).and_return @chef_run.node + @subject.db_uri("nonexisting", "user", "pass").should be_nil + end + it "returns db info hash when service found" do + @subject.stub(:node).and_return @chef_run.node + expect = "mysql://user:pass@127.0.0.1:3306/nova" + @subject.db_uri("compute", "user", "pass").should == expect + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/logging_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/logging_spec.rb new file mode 100644 index 000000000..437973e3a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/logging_spec.rb @@ -0,0 +1,56 @@ +require_relative "spec_helper" + +describe "openstack-common::logging" do + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-common::logging" + end + + describe "/etc/openstack" do + before do + @dir = @chef_run.directory "/etc/openstack" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "755" + end + end + + describe "logging.conf" do + before do + @file = "/etc/openstack/logging.conf" + end + + it "has proper owner" do + expect(@chef_run.template(@file)).to be_owned_by "root", "root" + end + + it "has proper modes" do + m = @chef_run.template(@file).mode + expect(sprintf("%o", m)).to eq "644" + end + + it "templates openstack.logging.ignore block" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-common::logging" + node = chef_run.node + node.set["openstack"]["logging"]["ignore"] = { + "test.nova.api.openstack.wsgi" => "WARNING" + } + + tmp = [ + "[logger_test_nova_api_openstack_wsgi]", + "level = WARNING", + "handlers = prod,debug", + "qualname = test.nova.api.openstack.wsgi" + ] + expect(chef_run).to create_file_with_content @file, tmp.join("\n") + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/network_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/network_spec.rb new file mode 100644 index 000000000..65977b52c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/network_spec.rb @@ -0,0 +1,46 @@ +require_relative "spec_helper" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "network" + +describe ::Openstack do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::CHEFSPEC_OPTS) do |n| + n.set["network"] = { + "interfaces" => { + "lo" => { + "addresses" => { + "127.0.0.1"=> { + "family" => "inet", + "prefixlen" => "8", + "netmask" => "255.0.0.0", + "scope" => "Node" + }, + "::1" => { + "family" => "inet6", + "prefixlen" => "128", + "scope" => "Node" + } + } + } + } + } + end + @chef_run.converge "openstack-common::default" + @subject = ::Object.new.extend ::Openstack + end + + describe "#address_for" do + it "returns ipv4 address" do + @subject.stub(:node).and_return @chef_run.node + resp = @subject.address_for "lo" + + expect(resp).to eq "127.0.0.1" + end + + it "returns ipv4 address" do + @subject.stub(:node).and_return @chef_run.node + resp = @subject.address_for "lo", "inet6" + + expect(resp).to eq "::1" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/parse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/parse_spec.rb new file mode 100644 index 000000000..2f8aee4b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/parse_spec.rb @@ -0,0 +1,79 @@ +require_relative "spec_helper" +require "uri" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "parse" + +describe ::Openstack do + before do + @subject = ::Object.new.extend(::Openstack) + end + + describe "#prettytable_to_array" do + it "returns [] when no table provided" do + @subject.prettytable_to_array(nil).should == [] + end + it "returns [] when table provided is empty" do + @subject.prettytable_to_array("").should == [] + end + it "returns proper array of hashes when proper table provided" do + table = +"+---------+----------------------------------+----------------------------------+ +| tenant | access | secret | ++---------+----------------------------------+----------------------------------+ +| service | 91af731b3be244beb8f30fc59b7bc96d | ce811442cfb549c39390a203778a4bf5 | ++---------+----------------------------------+----------------------------------+" + @subject.prettytable_to_array(table).should == + [{"tenant" => "service", + "access" => "91af731b3be244beb8f30fc59b7bc96d", + "secret" => "ce811442cfb549c39390a203778a4bf5"}] + end + it "returns proper array of hashes when proper table provided including whitespace" do + table = +"+---------+----------------------------------+----------------------------------+ +| tenant | access | secret | ++---------+----------------------------------+----------------------------------+ +| service | 91af731b3be244beb8f30fc59b7bc96d | ce811442cfb549c39390a203778a4bf5 | ++---------+----------------------------------+----------------------------------+ + + +" + @subject.prettytable_to_array(table).should == + [{"tenant" => "service", + "access" => "91af731b3be244beb8f30fc59b7bc96d", + "secret" => "ce811442cfb549c39390a203778a4bf5"}] + end + it "returns a flatten hash when provided a Property/Value table" do + table = +"+-----------+----------------------------------+ +| Property | Value | ++-----------+----------------------------------+ +| access | 91af731b3be244beb8f30fc59b7bc96d | +| secret | ce811442cfb549c39390a203778a4bf5 | +| tenant_id | 429271dd1cf54b7ca921a0017524d8ea | +| user_id | 1c4fc229560f40689c490c5d0838fd84 | ++-----------+----------------------------------+" + @subject.prettytable_to_array(table).should == + [{"tenant_id" => "429271dd1cf54b7ca921a0017524d8ea", + "access" => "91af731b3be244beb8f30fc59b7bc96d", + "secret" => "ce811442cfb549c39390a203778a4bf5", + "user_id" => "1c4fc229560f40689c490c5d0838fd84"}] + end + it "returns a flatten hash when provided a Property/Value table including whitespace" do + table = +" + ++-----------+----------------------------------+ +| Property | Value | ++-----------+----------------------------------+ +| access | 91af731b3be244beb8f30fc59b7bc96d | +| secret | ce811442cfb549c39390a203778a4bf5 | +| tenant_id | 429271dd1cf54b7ca921a0017524d8ea | +| user_id | 1c4fc229560f40689c490c5d0838fd84 | ++-----------+----------------------------------+" + @subject.prettytable_to_array(table).should == + [{"tenant_id" => "429271dd1cf54b7ca921a0017524d8ea", + "access" => "91af731b3be244beb8f30fc59b7bc96d", + "secret" => "ce811442cfb549c39390a203778a4bf5", + "user_id" => "1c4fc229560f40689c490c5d0838fd84"}] + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/password_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/password_spec.rb new file mode 100644 index 000000000..0e8f318f1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/password_spec.rb @@ -0,0 +1,90 @@ +require_relative "spec_helper" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "passwords" + +describe ::Openstack do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::CHEFSPEC_OPTS + @chef_run.converge "openstack-common::default" + @subject = ::Object.new.extend(::Openstack) + end + + describe "#secret" do + it "returns index param when developer_mode is true" do + @chef_run = ::ChefSpec::ChefRunner.new(::CHEFSPEC_OPTS) do |n| + n.set["openstack"]["developer_mode"] = true + end + @chef_run.converge "openstack-common::default" + @subject.stub(:node).and_return @chef_run.node + result = @subject.secret("passwords", "nova") + result.should == "nova" + end + it "returns databag when developer_mode is false" do + value = {"nova" => "this"} + ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret" + ::Chef::EncryptedDataBagItem.stub(:load).with("passwords", "nova", "secret").and_return value + @subject.stub(:node).and_return @chef_run.node + result = @subject.secret("passwords", "nova") + result.should == "this" + end + end + + describe "#service_password" do + it "returns index param when developer_mode is true" do + @chef_run = ::ChefSpec::ChefRunner.new(::CHEFSPEC_OPTS) do |n| + n.set["openstack"]["developer_mode"] = true + end + @chef_run.converge "openstack-common::default" + @subject.stub(:node).and_return @chef_run.node + result = @subject.service_password("nova") + result.should == "nova" + end + it "returns databag when developer_mode is false" do + value = {"nova" => "this"} + ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret" + ::Chef::EncryptedDataBagItem.stub(:load).with("service_passwords", "nova", "secret").and_return value + @subject.stub(:node).and_return @chef_run.node + result = @subject.service_password("nova") + result.should == "this" + end + end + + describe "#db_password" do + it "returns index param when developer_mode is true" do + @chef_run = ::ChefSpec::ChefRunner.new(::CHEFSPEC_OPTS) do |n| + n.set["openstack"]["developer_mode"] = true + end + @chef_run.converge "openstack-common::default" + @subject.stub(:node).and_return @chef_run.node + result = @subject.db_password("nova") + result.should == "nova" + end + it "returns databag when developer_mode is false" do + value = {"nova" => "this"} + ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret" + ::Chef::EncryptedDataBagItem.stub(:load).with("db_passwords", "nova", "secret").and_return value + @subject.stub(:node).and_return @chef_run.node + result = @subject.db_password("nova") + result.should == "this" + end + end + + describe "#user_password" do + it "returns index param when developer_mode is true" do + @chef_run = ::ChefSpec::ChefRunner.new(::CHEFSPEC_OPTS) do |n| + n.set["openstack"]["developer_mode"] = true + end + @chef_run.converge "openstack-common::default" + @subject.stub(:node).and_return @chef_run.node + result = @subject.user_password("nova") + result.should == "nova" + end + it "returns databag when developer_mode is false" do + value = {"nova" => "this"} + ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret" + ::Chef::EncryptedDataBagItem.stub(:load).with("user_passwords", "nova", "secret").and_return value + @subject.stub(:node).and_return @chef_run.node + result = @subject.user_password("nova") + result.should == "this" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/search_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/search_spec.rb new file mode 100644 index 000000000..c52da1e7b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/search_spec.rb @@ -0,0 +1,140 @@ +require_relative "spec_helper" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "search" + +describe ::Openstack do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::CHEFSPEC_OPTS) do |n| + n.set["openstack"]["mq"] = { + "server_role" => "openstack-ops-mq", + "port" => 5672 + } + end + @chef_run.converge "openstack-common::default" + @subject = ::Object.new.extend ::Openstack + end + + describe "#search_for" do + it "returns results" do + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search). + with(:node, "(chef_environment:_default AND roles:role) OR (chef_environment:_default AND recipes:role)"). + and_return [@chef_run.node] + resp = @subject.search_for("role") + + expect(resp[0]['fqdn']).to eq "chefspec.local" + end + + it "returns empty results" do + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search). + with(:node, "(chef_environment:_default AND roles:empty-role) OR (chef_environment:_default AND recipes:empty-role)"). + and_return [] + resp = @subject.search_for("empty-role") + + expect(resp).to eq [] + end + + it "always returns empty results" do + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search). + with(:node, "(chef_environment:_default AND roles:empty-role) OR (chef_environment:_default AND recipes:empty-role)"). + and_return nil + resp = @subject.search_for("empty-role") + + expect(resp).to eq [] + end + end + + describe "#memcached_servers" do + it "returns memcached list" do + nodes = [ + { "memcached" => { "listen" => "1.1.1.1", "port" => "11211" }}, + { "memcached" => { "listen" => "2.2.2.2", "port" => "11211" }} + ] + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search_for). + with("role"). + and_return nodes + resp = @subject.memcached_servers("role") + + expect(resp).to eq ["1.1.1.1:11211", "2.2.2.2:11211"] + end + + it "returns sorted memcached list" do + nodes = [ + { "memcached" => { "listen" => "3.3.3.3", "port" => "11211" }}, + { "memcached" => { "listen" => "1.1.1.1", "port" => "11211" }}, + { "memcached" => { "listen" => "2.2.2.2", "port" => "11211" }} + ] + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search_for). + with("role"). + and_return nodes + resp = @subject.memcached_servers("role") + + expect(resp).to eq ["1.1.1.1:11211", "2.2.2.2:11211", "3.3.3.3:11211"] + end + + it "returns memcached servers as defined by attributes" do + nodes = { + "openstack" => { + "memcached_servers" => ["1.1.1.1:11211", "2.2.2.2:11211"] + } + } + @subject.stub(:node).and_return @chef_run.node.merge nodes + resp = @subject.memcached_servers("role") + + expect(resp).to eq ["1.1.1.1:11211", "2.2.2.2:11211"] + end + + it "returns empty memcached servers as defined by attributes" do + nodes = { + "openstack" => { + "memcached_servers" => [] + } + } + @subject.stub(:node).and_return @chef_run.node.merge nodes + resp = @subject.memcached_servers("empty-role") + + expect(resp).to eq [] + end + end + + describe "#rabbit_servers" do + it "returns rabbit servers" do + nodes = [ + { "openstack" => { "mq" => { "listen" => "1.1.1.1", "port" => "5672" }}}, + { "openstack" => { "mq" => { "listen" => "2.2.2.2", "port" => "5672" }}}, + ] + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search_for). + and_return nodes + resp = @subject.rabbit_servers + + expect(resp).to eq "1.1.1.1:5672,2.2.2.2:5672" + end + + it "returns sorted rabbit servers" do + nodes = [ + { "openstack" => { "mq" => { "listen" => "3.3.3.3", "port" => "5672" }}}, + { "openstack" => { "mq" => { "listen" => "1.1.1.1", "port" => "5672" }}}, + { "openstack" => { "mq" => { "listen" => "2.2.2.2", "port" => "5672" }}} + ] + @subject.stub(:node).and_return @chef_run.node + @subject.stub(:search_for). + and_return nodes + resp = @subject.rabbit_servers + + expect(resp).to eq "1.1.1.1:5672,2.2.2.2:5672,3.3.3.3:5672" + end + + it "returns rabbit servers when not searching" do + node = @chef_run.node + node.set["openstack"]["mq"]["servers"] = ["1.1.1.1", "2.2.2.2"] + @subject.stub(:node).and_return @chef_run.node + resp = @subject.rabbit_servers + + expect(resp).to eq "1.1.1.1:5672,2.2.2.2:5672" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/spec_helper.rb new file mode 100644 index 000000000..67f67befc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/spec_helper.rb @@ -0,0 +1,11 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} +::CHEFSPEC_OPTS = { + :log_level => ::LOG_LEVEL +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/uri_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/uri_spec.rb new file mode 100644 index 000000000..a76045021 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/spec/uri_spec.rb @@ -0,0 +1,85 @@ +require_relative "spec_helper" +require ::File.join ::File.dirname(__FILE__), "..", "libraries", "uri" +require "uri" + +describe ::Openstack do + before do + @subject = ::Object.new.extend(::Openstack) + end + + describe "#uri_from_hash" do + it "returns nil when no host or uri key found" do + hash = { + "port" => 8888, + "path" => "/path" + } + @subject.uri_from_hash(hash).should be_nil + end + it "returns uri when uri key found, ignoring other parts" do + uri = "http://localhost/" + hash = { + "port" => 8888, + "path" => "/path", + "uri" => uri + } + result = @subject.uri_from_hash(hash) + result.should be_a URI + result.to_s.should == uri + end + it "constructs from host" do + uri = "https://localhost:8888/path" + hash = { + "scheme" => 'https', + "port" => 8888, + "path" => "/path", + "host" => "localhost" + } + result = @subject.uri_from_hash(hash) + result.to_s.should == uri + end + it "constructs with defaults" do + uri = "https://localhost" + hash = { + "scheme" => 'https', + "host" => "localhost" + } + result = @subject.uri_from_hash(hash) + result.to_s.should == uri + end + it "constructs with extraneous keys" do + uri = "http://localhost" + hash = { + "host" => "localhost", + "network" => "public" # To emulate the osops-utils::ip_location way... + } + result = @subject.uri_from_hash(hash) + result.to_s.should == uri + end + end + + describe "#uri_join_paths" do + it "returns nil when no paths are passed in" do + @subject.uri_join_paths().should be_nil + end + it "preserves absolute path when only absolute path passed in" do + path = "/abspath" + result = @subject.uri_join_paths(path) + result.should == path + end + it "preserves relative path when only relative path passed in" do + path = "abspath/" + result = @subject.uri_join_paths(path) + result.should == path + end + it "preserves leadng and trailing slashes" do + expected = "/path/to/resource/" + result = @subject.uri_join_paths("/path", "to", "resource/") + result.should == expected + end + it "removes extraneous intermediate slashes" do + expected = "/path/to/resource" + result = @subject.uri_join_paths("/path", "//to/", "/resource") + result.should == expected + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/templates/default/logging.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/templates/default/logging.conf.erb new file mode 100644 index 000000000..f45a888c4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-common/templates/default/logging.conf.erb @@ -0,0 +1,136 @@ +[loggers] +keys=root,ceilometer,cinder,glance,horizon,keystone,nova,quantum,swift,amqplib,sqlalchemy,boto,suds,eventletwsgi,<%= node["openstack"]["logging"]["ignore"].map{|k,v| k.gsub(/\W/, '_')}.join(',') %> + +[formatters] +keys=normal,normal_with_name,debug,syslog_with_name,syslog_debug + +[handlers] +keys=stderr,devel,prod,debug + +## FORMATTERS ## + +[formatter_debug] +format=[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s + +[formatter_normal] +format=%(asctime)s %(levelname)s %(message)s + +[formatter_normal_with_name] +format=[%(name)s]: %(asctime)s %(levelname)s %(message)s + +[formatter_syslog_with_name] +format=%(name)s: %(levelname)s %(message)s + +[formatter_syslog_debug] +format=%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s + +## LOGGERS ## + +[logger_amqplib] +level = WARNING +handlers = stderr +qualname = amqplib + +[logger_sqlalchemy] +level = WARNING +handlers = stderr +qualname = sqlalchemy +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARNING" logs neither. (Recommended for production systems.) + +[logger_boto] +level = WARNING +handlers = stderr +qualname = boto + +[logger_suds] +level = INFO +handlers = stderr +qualname = suds + +<% node["openstack"]["logging"]["ignore"].each do |k,v| %> +[logger_<%= k.gsub(/\W/, '_') %>] +level = <%= v %> +handlers = prod,debug +qualname = <%= k %> + +<% end %> +[logger_eventletwsgi] +level = WARNING +handlers = stderr +qualname = eventlet.wsgi.server + +[logger_root] +level=NOTSET +handlers=devel + +[logger_ceilometer] +level=DEBUG +handlers=prod,debug +qualname=ceilometer + +[logger_cinder] +level=DEBUG +handlers=prod,debug +qualname=cinder + +[logger_glance] +level=DEBUG +handlers=prod,debug +qualname=glance + +[logger_horizon] +level=DEBUG +handlers=prod,debug +qualname=horizon + +[logger_keystone] +level=DEBUG +handlers=prod,debug +qualname=keystone + +[logger_nova] +level=DEBUG +handlers=prod,debug +qualname=nova + +[logger_quantum] +level=DEBUG +handlers=prod,debug +qualname=quantum + +[logger_swift] +level=DEBUG +handlers=prod,debug +qualname=swift + +## HANDLERS ## + +[handler_stderr] +class = StreamHandler +args = (sys.stderr,) +formatter = debug + +[handler_devel] +class=StreamHandler +level=NOTSET +formatter=debug +args=(sys.stdout,) + +[handler_file] +class=FileHandler +formatter=debug +args=('/var/log/openstack/openstack.log', 'w') + +[handler_prod] +level=INFO +class=handlers.SysLogHandler +formatter=syslog_with_name +args=(('/dev/log'), handlers.SysLogHandler.LOG_LOCAL0) + +[handler_debug] +level=DEBUG +class=handlers.SysLogHandler +formatter=syslog_debug +args=(('/dev/log'), handlers.SysLogHandler.LOG_LOCAL1) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/.tailor new file mode 100644 index 000000000..0b41998fa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 50, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile new file mode 100644 index 000000000..046458ac3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile @@ -0,0 +1,12 @@ +metadata + +cookbook "openstack-image", + git: "git://github.com/stackforge/cookbook-openstack-image.git" +cookbook "openstack-identity", + git: "git://github.com/stackforge/cookbook-openstack-identity.git" +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" +cookbook "openstack-network", + git: "git://github.com/stackforge/cookbook-openstack-network.git" +cookbook "sysctl", + git: "git://github.com/Fewbytes/sysctl-cookbook.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile.lock new file mode 100644 index 000000000..1b4bc0892 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Berksfile.lock @@ -0,0 +1,65 @@ +{ + "sources": { + "openstack-compute": { + "path": "." + }, + "openstack-image": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-image.git", + "ref": "c06c440a371e4b8602a2de54b21e4c6a82a0fbf3" + }, + "openstack-identity": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-identity.git", + "ref": "b881af26095cfa869a6970067c49597a0ee63586" + }, + "openstack-common": { + "locked_version": "0.4.3", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "eb5eed7126b6a6efbaf803e8a594d610cf661e97" + }, + "openstack-network": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-network.git", + "ref": "2b6ecb00e81e98765343ecb4d8655c5d74fd46c9" + }, + "sysctl": { + "locked_version": "0.2.0", + "git": "git://github.com/Fewbytes/sysctl-cookbook.git", + "ref": "65a96b45d489c904515d916aae6bc474da35f1ca" + }, + "selinux": { + "locked_version": "0.5.6" + }, + "yum": { + "locked_version": "2.3.0" + }, + "python": { + "locked_version": "1.3.6" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "apt": { + "locked_version": "2.0.0" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "postgresql": { + "locked_version": "3.0.2" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile new file mode 100644 index 000000000..04ef97e41 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile.lock new file mode 100644 index 000000000..f1a0a65df --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Gemfile.lock @@ -0,0 +1,214 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.14) + i18n (~> 0.6, >= 0.6.4) + multi_json (~> 1.0) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (2.0.7) + activesupport (~> 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.9.0) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.8) + multipart-post (~> 1.2.0) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.2.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.1.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.4) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.2.0) + multi_json (1.7.7) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.9) + net-ssh (2.6.8) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.18.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.5) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.4) + rspec-expectations (2.14.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.14.2) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.8.0) + strainer (3.1.1) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.3) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + varia_model (0.1.1) + buff-extensions (~> 0.2) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/README.md new file mode 100644 index 000000000..f3d999bfa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/README.md @@ -0,0 +1,256 @@ +Description +=========== + +This cookbook installs the OpenStack Compute service **Nova** as part of the OpenStack reference deployment Chef for OpenStack. The http://github.com/mattray/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Nova is currently installed from packages. + +http://nova.openstack.org + +Requirements +============ + +Chef 0.10.0 or higher required (for Chef environment use). + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* apache2 +* openstack-common +* openstack-identity +* openstack-image +* selinux (Fedora) +* sysctl +* yum + +Usage +===== + +api-ec2 +---- +- Includes recipe `nova-common` +- Installs AWS EC2 compatible API and configures the service and endpoints in keystone + +api-metadata +---- +- Includes recipe `nova-common` +- Installs the nova metadata package + +api-os-compute +---- +- Includes recipe `nova-common` +- Installs OS API and configures the service and endpoints in keystone + +compute +---- +- Includes recipes `nova-common`, `api-metadata`, `network` +- Installs nova-compute service + +libvirt +---- +- Installs libvirt, used by nova compute for management of the virtual machine environment + +network +---- +- Includes recipe `nova-common` +- Installs nova network service + +nova-cert +---- +- Installs nova-cert service + +nova-common +---- +- May include recipe `selinux` (Fedora) +- Builds the basic nova.conf config file with details of the rabbitmq, mysql, glance and keystone servers +- Builds a openrc file for root with appropriate environment variables to interact with the nova client CLI + +nova-setup +---- +- Includes recipes `nova-common` +- Sets up the nova networks with `nova-manage` + +scheduler +---- +- Includes recipe `nova-common` +- Installs nova scheduler service + +vncproxy +---- +- Includes recipe `nova-common` +- Installs and configures the vncproxy service for console access to VMs + +Attributes +========== + +Openstack Compute attributes are in the attribute namespace ["openstack"]["compute"]. + +* `openstack["compute"]["identity_service_chef_role"]` - The name of the Chef role that sets up the Keystone Service API +* `openstack["compute"]["user"]` - User nova services run as +* `openstack["compute"]["group"]` - Group nova services run as +* `openstack["compute"]["db"]["username"]` - Username for nova database access +* `openstack["compute"]["rabbit"]["username"]` - Username for nova rabbit access +* `openstack["compute"]["rabbit"]["vhost"]` - The rabbit vhost to use +* `openstack["compute"]["rabbit"]["port"]` - The rabbit port to use +* `openstack["compute"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["compute"]["rabbit"]["ha"]` false). +* `openstack["compute"]["rabbit"]["ha"]` - Whether or not to use rabbit ha +* `openstack["compute"]["service_tenant_name"]` - Tenant name used by nova when interacting with keystone +* `openstack["compute"]["service_user"]` - User name used by nova when interacting with keystone +* `openstack["compute"]["service_role"]` - User role used by nova when interacting with keystone +* `openstack["compute"]["floating_cmd"]` - Path to the `nova-manage floating create` wrapper script. +* `openstack["compute"]["config"]["volume_api_class"]` - API Class used for Volume support +* `openstack["compute"]["compute"]["api"]["protocol"]` - Protocol used for the OS API +* `openstack["compute"]["compute"]["api"]["port"]` - Port on which OS API runs +* `openstack["compute"]["compute"]["api"]["version"]` - Version of the OS API used +* `openstack["compute"]["compute"]["adminURL"]` - URL used to access the OS API for admin functions +* `openstack["compute"]["compute"]["internalURL"]` - URL used to access the OS API for user functions from an internal network +* `openstack["compute"]["compute"]["publicURL"]` - URL used to access the OS API for user functions from an external network +* `openstack["compute"]["config"]["availability_zone"]` - Nova availability zone. Usually set at the node level to place a compute node in another az +* `openstack["compute"]["config"]["default_schedule_zone"]` - The availability zone to schedule instances in when no az is specified in the request +* `openstack["compute"]["config"]["force_raw_images"]` - Convert all images used as backing files for instances to raw (we default to false) +* `openstack["compute"]["config"]["allow_same_net_traffic"]` - Disable security groups for internal networks (we default to true) +* `openstack["compute"]["config"]["osapi_max_limit"]` - The maximum number of items returned in a single response from a collection resource (default is 1000) +* `openstack["compute"]["config"]["cpu_allocation_ratio"]` - Virtual CPU to Physical CPU allocation ratio (default 16.0) +* `openstack["compute"]["config"]["ram_allocation_ratio"]` - Virtual RAM to Physical RAM allocation ratio (default 1.5) +* `openstack["compute"]["config"]["snapshot_image_format"]` - Snapshot image format (valid options are : raw, qcow2, vmdk, vdi [we default to qcow2]). +* `openstack["compute"]["config"]["start_guests_on_host_boot"]` - Whether to restart guests when the host reboots +* `openstack["compute"]["config"]["resume_guests_state_on_host_boot"]` - Whether to start guests that were running before the host rebooted +* `openstack["compute"]["api"]["signing_dir"]` - Keystone PKI needs a location to hold the signed tokens +* `openstack["compute"]["api"]["signing_dir"]` - Keystone PKI needs a location to hold the signed tokens + +Networking Attributes +--------------------- + +Basic networking configuration is controlled with the following attributes: + +* `openstack["compute"]["network"]["network_manager"]` - Defaults to "nova.network.manager.FlatDHCPManager". Set to "nova.network.manager.VlanManager" to configure VLAN Networking. +* `openstack["compute"]["network"]["fixed_range"]` - The CIDR for the network that VMs will be assigned to. In the case of VLAN Networking, this should be the network in which all VLAN networks that tenants are assigned will fit. +* `openstack["compute"]["network"]["dmz_cidr"]` - A CIDR for the range of IP addresses that will NOT be SNAT'ed by the nova network controller +* `openstack["compute"]["network"]["public_interface"]` - Defaults to eth0. Refers to the network interface used for VM addresses in the `fixed_range`. +* `openstack["compute"]["network"]["vlan_interface"]` - Defaults to eth0. Refers to the network interface used for VM addresses when VMs are assigned in a VLAN subnet. + +You can have the cookbook automatically create networks in Nova for you by adding a Hash to the `openstack["compute"]["networks"]` Array. +**Note**: The `openstack-compute::nova-setup` recipe contains the code that creates these pre-defined networks. + +Each Hash must contain the following keys: + +* `ipv4_cidr` - The CIDR representation of the subnet. Supplied to the nova-manage network create command as `--fixed_ipv4_range` +* `label` - A name for the network + +In addition to the above required keys in the Hash, the below keys are optional: + +* `num_networks` - Passed as-is to `nova-manage network create` as the `--num_networks` option. This overrides the default `num_networks` nova.conf value. +* `network_size` - Passed as-is to `nova-manage network create` as the `--network_size` option. This overrides the default `network_size` nova.conf value. +* `bridge` - Passed as-is to `nova-manage network create` as the `--bridge` option. +* `bridge_interface` -- Passed as-is to `nova-manage network create` as the `--bridge_interface` option. This overrides the default `vlan_interface` nova.conf value. +* `dns1` - Passed as-is to `nova-manage network create` as the `--dns1` option. +* `dns2` - Passed as-is to `nova-manage network create` as the `--dns2` option. +* `multi_host` - Passed as-is to `nova-manage network create` as the `--multi_host` option. Values should be either 'T' or 'F' +* `vlan` - Passed as-is to `nova-manage network create` as the `--vlan` option. Should be the VLAN tag ID. + +By default, the `openstack["compute"]["networks"]` array has two networks: + +* `openstack["compute"]["networks"]["public"]["label"]` - Network label to be assigned to the public network on creation +* `openstack["compute"]["networks"]["public"]["ipv4_cidr"]` - Network to be created (in CIDR notation, e.g., 192.168.100.0/24) +* `openstack["compute"]["networks"]["public"]["num_networks"]` - Number of networks to be created +* `openstack["compute"]["networks"]["public"]["network_size"]` - Number of IP addresses to be used in this network +* `openstack["compute"]["networks"]["public"]["bridge"]` - Bridge to be created for accessing the VM network (e.g., br100) +* `openstack["compute"]["networks"]["public"]["bridge_dev"]` - Physical device on which the bridge device should be attached (e.g., eth2) +* `openstack["compute"]["networks"]["public"]["dns1"]` - DNS server 1 +* `openstack["compute"]["networks"]["public"]["dns2"]` - DNS server 2 + +* `openstack["compute"]["networks"]["private"]["label"]` - Network label to be assigned to the private network on creation +* `openstack["compute"]["networks"]["private"]["ipv4_cidr"]` - Network to be created (in CIDR notation e.g., 192.168.200.0/24) +* `openstack["compute"]["networks"]["private"]["num_networks"]` - Number of networks to be created +* `openstack["compute"]["networks"]["private"]["network_size"]` - Number of IP addresses to be used in this network +* `openstack["compute"]["networks"]["private"]["bridge"]` - Bridge to be created for accessing the VM network (e.g., br200) +* `openstack["compute"]["networks"]["private"]["bridge_dev"]` - Physical device on which the bridge device should be attached (e.g., eth3) + +VNC Configuration Attributes +---------------------------- + +Requires [network_addr](https://gist.github.com/jtimberman/1040543) Ohai plugin. + +* `openstack["compute"]["xvpvnc_proxy"]["service_port"]` - Port on which XvpVNC runs +* `openstack["compute"]["xvpvnc_proxy"]["bind_interface"]` - Determine the interface's IP address to bind to +* `openstack["compute"]["novnc_proxy"]["service_port"]` - Port on which NoVNC runs +* `openstack["compute"]["novnc_proxy"]["bind_interface"]` - Determine the interface's IP address to bind to + +Libvirt Configuration Attributes +--------------------------------- + +* `openstack["compute"]["libvirt"]["virt_type"]` - What hypervisor software layer to use with libvirt (e.g., kvm, qemu) +* `openstack["compute"]["libvirt"]["bind_interface"]` - Determine the interface's IP address (used for VNC). IP address on the hypervisor that libvirt listens for VNC requests on, and IP address on the hypervisor that libvirt exposes for VNC requests on. +* `openstack["compute"]["libvirt"]["auth_tcp"]` - Type of authentication your libvirt layer requires +* `openstack["compute"]["libvirt"]["ssh"]["private_key"]` - Private key to use if using SSH authentication to your libvirt layer +* `openstack["compute"]["libvirt"]["ssh"]["public_key"]` - Public key to use if using SSH authentication to your libvirt layer + +Scheduler Configuration Attributes +---------------------------------- + +* `openstack["compute"]["scheduler"]["scheduler_driver"]` - the scheduler driver to use +NOTE: The filter scheduler currently does not work with ec2. +* `openstack["compute"]["scheduler"]["default_filters"]` - a list of filters enabled for schedulers that support them. + +Syslog Configuration Attributes +------------------------------- + +* `openstack["compute"]["syslog"]["use"]` - Should nova log to syslog? +* `openstack["compute"]["syslog"]["facility"]` - Which facility nova should use when logging in python style (for example, `LOG_LOCAL1`) +* `openstack["compute"]["syslog"]["config_facility"]` - Which facility nova should use when logging in rsyslog style (for example, local1) + +OSAPI Compute Extentions +------------------------ + +* `openstack["compute"]["plugins"]` - Array of osapi compute exntesions to add to nova + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Justin Shepherd () | +| **Author** | Jason Cannavale () | +| **Author** | Ron Pedde () | +| **Author** | Joseph Breu () | +| **Author** | William Kelly () | +| **Author** | Darren Birkett () | +| **Author** | Evan Callicoat () | +| **Author** | Matt Ray () | +| **Author** | Jay Pipes () | +| **Author** | John Dewey () | +| **Author** | Kevin Bringard () | +| **Author** | Craig Tracey () | +| **Author** | Sean Gallagher () | +| **Author** | Ionut Artarisi () | +| | | +| **Copyright** | Copyright (c) 2012-2013, Rackspace US, Inc. | +| **Copyright** | Copyright (c) 2012-2013, Opscode, Inc. | +| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. | +| **Copyright** | Copyright (c) 2013, Craig Tracey | +| **Copyright** | Copyright (c) 2013, SUSE Linux GmbH | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb new file mode 100644 index 000000000..0c9572071 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb @@ -0,0 +1,337 @@ +######################################################################## +# Toggles - These can be overridden at the environment level +default["enable_monit"] = false # OS provides packages +######################################################################## + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["compute"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +# The name of the Chef role that knows about the message queue server +# that Nova uses +default["openstack"]["compute"]["rabbit_server_chef_role"] = "os-ops-messaging" + +default["openstack"]["compute"]["verbose"] = "False" +default["openstack"]["compute"]["debug"] = "False" + +# The name of the Chef role that sets up the Keystone Service API +default["openstack"]["compute"]["identity_service_chef_role"] = "os-identity" + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# db_password routine. +default["openstack"]["compute"]["db"]["username"] = "nova" + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["compute"]["rabbit"]["username"] = "guest" +default["openstack"]["compute"]["rabbit"]["vhost"] = "/" +default["openstack"]["compute"]["rabbit"]["port"] = 5672 +default["openstack"]["compute"]["rabbit"]["host"] = "127.0.0.1" +default["openstack"]["compute"]["rabbit"]["ha"] = false + +default["openstack"]["compute"]["service_tenant_name"] = "service" +default["openstack"]["compute"]["service_user"] = "nova" +default["openstack"]["compute"]["service_role"] = "admin" + +case platform +when "fedora", "redhat", "centos", "ubuntu" + default["openstack"]["compute"]["user"] = "nova" + default["openstack"]["compute"]["group"] = "nova" +when "suse" + default["openstack"]["compute"]["user"] = "openstack-nova" + default["openstack"]["compute"]["group"] = "openstack-nova" +end + +# Logging stuff +default["openstack"]["compute"]["syslog"]["use"] = false +default["openstack"]["compute"]["syslog"]["facility"] = "LOG_LOCAL1" +default["openstack"]["compute"]["syslog"]["config_facility"] = "local1" + +default["openstack"]["compute"]["region"] = "RegionOne" + +default["openstack"]["compute"]["floating_cmd"] = "/usr/local/bin/add_floaters.py" + +# Support multiple network types. Default network type is "nova" +# with the other option supported being "quantum" +default["openstack"]["compute"]["network"]["service_type"] = "nova" + +# if the network type is not nova, we will load the following +# plugins from openstack-network +default["openstack"]["compute"]["network"]["plugins"] = ["openvswitch"] + +# Quantum options +default["openstack"]["compute"]["network"]["quantum"]["network_api_class"] = "nova.network.quantumv2.api.API" +default["openstack"]["compute"]["network"]["quantum"]["auth_strategy"] = "keystone" +default["openstack"]["compute"]["network"]["quantum"]["admin_tenant_name"] = "service" +default["openstack"]["compute"]["network"]["quantum"]["admin_username"] = "quantum" +default["openstack"]["compute"]["network"]["quantum"]["libvirt_vif_driver"] = "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver" +default["openstack"]["compute"]["network"]["quantum"]["linuxnet_interface_driver"] = "nova.network.linux_net.LinuxOVSInterfaceDriver" +default["openstack"]["compute"]["network"]["quantum"]["security_group_api"] = "quantum" +default["openstack"]["compute"]["network"]["quantum"]["service_quantum_metadata_proxy"] = true +default["openstack"]["compute"]["network"]["quantum"]["metadata_secret_name"] = "quantum_metadata_shared_secret" +default["openstack"]["compute"]["network"]["quantum"]["public_network_name"] = "public" +default["openstack"]["compute"]["network"]["quantum"]["dns_server"] = "8.8.8.8" + +# TODO(shep): This should probably be ["openstack"]["compute"]["network"]["fixed"] +default["openstack"]["compute"]["networks"] = [ + { + "label" => "public", + "ipv4_cidr" => "192.168.100.0/24", + "num_networks" => "1", + "network_size" => "255", + "bridge" => "br100", + "bridge_dev" => "eth2", + "dns1" => "8.8.8.8", + "dns2" => "8.8.4.4", + "multi_host" => 'T' + }, + { + "label" => "private", + "ipv4_cidr" => "192.168.200.0/24", + "num_networks" => "1", + "network_size" => "255", + "bridge" => "br200", + "bridge_dev" => "eth3", + "dns1" => "8.8.8.8", + "dns2" => "8.8.4.4", + "multi_host" => 'T' + } +] + +# For VLAN Networking, do the following: +# +# default["openstack"]["compute"]["network"]["network_manager"] = "nova.network.manager.VlanManager" +# default["openstack"]["compute"]["network"]["vlan_interface"] = "eth1" # Or "eth2", "bond1", etc... +# # The fixed_range setting is the **entire** subnet/network that all your VLAN +# # networks will fit inside. +# default["openstack"]["compute"]["network"]["fixed_range"] = "10.0.0.0/8" # Or smaller for smaller deploys... +# +# In addition to the above, you typically either want to do one of the following: +# +# 1) Set default["openstack"]["compute"]["networks"] to an empty Array ([]) and create your +# VLAN networks (using nova-manage network create) **when you create a tenant**. +# +# 2) Set default["openstack"]["compute"]["networks"] to an Array of VLAN networks that get created +# **without a tenant assignment** for tenants to use when they are created later. +# Such an array might look like this: +# +# default["openstack"]["compute"]["networks"] = [ +# { +# "label": "vlan100", +# "vlan": "100", +# "ipv4_cidr": "10.0.100.0/24" +# }, +# { +# "label": "vlan101", +# "vlan": "101", +# "ipv4_cidr": "10.0.101.0/24" +# }, +# { +# "label": "vlan102", +# "vlan": "102", +# "ipv4_cidr": "10.0.102.0/24" +# }, +# ] + +default["openstack"]["compute"]["network"]["multi_host"] = false +default["openstack"]["compute"]["network"]["fixed_range"] = default["openstack"]["compute"]["networks"][0]["ipv4_cidr"] +# DMZ CIDR is a range of IP addresses that should not +# have their addresses SNAT'ed by the nova network controller +default["openstack"]["compute"]["network"]["dmz_cidr"] = "10.128.0.0/24" +default["openstack"]["compute"]["network"]["network_manager"] = "nova.network.manager.FlatDHCPManager" +default["openstack"]["compute"]["network"]["public_interface"] = "eth0" +default["openstack"]["compute"]["network"]["vlan_interface"] = "eth0" +# https://bugs.launchpad.net/nova/+bug/1075859 +default["openstack"]["compute"]["network"]["use_single_default_gateway"] = false + +default["openstack"]["compute"]["scheduler"]["scheduler_driver"] = "nova.scheduler.filter_scheduler.FilterScheduler" +default["openstack"]["compute"]["scheduler"]["default_filters"] = [ + "AvailabilityZoneFilter", + "RamFilter", + "ComputeFilter", + "CoreFilter", + "SameHostFilter", + "DifferentHostFilter" +] + +default["openstack"]["compute"]["xvpvnc_proxy"]["service_port"] = "6081" +default["openstack"]["compute"]["xvpvnc_proxy"]["bind_interface"] = "lo" +default["openstack"]["compute"]["novnc_proxy"]["service_port"] = "6080" +default["openstack"]["compute"]["novnc_proxy"]["bind_interface"] = "lo" + +default["openstack"]["compute"]["driver"] = "libvirt.LibvirtDriver" +default["openstack"]["compute"]["libvirt"]["virt_type"] = "kvm" +default["openstack"]["compute"]["libvirt"]["bind_interface"] = "lo" +default["openstack"]["compute"]["libvirt"]["auth_tcp"] = "none" +default["openstack"]["compute"]["libvirt"]["remove_unused_base_images"] = true +default["openstack"]["compute"]["libvirt"]["remove_unused_resized_minimum_age_seconds"] = 3600 +default["openstack"]["compute"]["libvirt"]["remove_unused_original_minimum_age_seconds"] = 3600 +default["openstack"]["compute"]["libvirt"]["checksum_base_images"] = false +if node["platform"] == "suse" + default["openstack"]["compute"]["libvirt"]["group"] = "libvirt" +else + default["openstack"]["compute"]["libvirt"]["group"] = "libvirtd" +end +default["openstack"]["compute"]["config"]["availability_zone"] = "nova" +default["openstack"]["compute"]["config"]["storage_availability_zone"] = "nova" +default["openstack"]["compute"]["config"]["default_schedule_zone"] = "nova" +default["openstack"]["compute"]["config"]["force_raw_images"] = false +default["openstack"]["compute"]["config"]["allow_same_net_traffic"] = true +default["openstack"]["compute"]["config"]["osapi_max_limit"] = 1000 +default["openstack"]["compute"]["config"]["cpu_allocation_ratio"] = 16.0 +default["openstack"]["compute"]["config"]["ram_allocation_ratio"] = 1.5 +default["openstack"]["compute"]["config"]["snapshot_image_format"] = "qcow2" +# `start` will cause nova-compute to error out if a VM is already running, where +# `resume` checks to see if it is running first. +default["openstack"]["compute"]["config"]["start_guests_on_host_boot"] = false +# requires https://review.openstack.org/#/c/8423/ +default["openstack"]["compute"]["config"]["resume_guests_state_on_host_boot"] = true + +# If true, create a config drive regardless of if the user specified --config-drive true in their nova boot call +default["openstack"]["compute"]["config"]["force_config_drive"] = "false" + +# Volume API class (driver) +default["openstack"]["compute"]["config"]["volume_api_class"] = "nova.volume.cinder.API" + +# quota settings +default["openstack"]["compute"]["config"]["quota_security_groups"] = 50 +default["openstack"]["compute"]["config"]["quota_security_group_rules"] = 20 +# (StrOpt) default driver to use for quota checks (default: nova.quota.DbQuotaDriver) +default["openstack"]["compute"]["config"]["quota_driver"] = "nova.quota.DbQuotaDriver" +# number of instance cores allowed per project (default: 20) +default["openstack"]["compute"]["config"]["quota_cores"] = 20 +# number of fixed ips allowed per project (this should be at least the number of instances allowed) (default: -1) +default["openstack"]["compute"]["config"]["quota_fixed_ips"] = -1 +# number of floating ips allowed per project (default: 10) +default["openstack"]["compute"]["config"]["quota_floating_ips"] = 10 +# number of bytes allowed per injected file (default: 10240) +default["openstack"]["compute"]["config"]["quota_injected_file_content_bytes"] = 10240 +# number of bytes allowed per injected file path (default: 255) +default["openstack"]["compute"]["config"]["quota_injected_file_path_bytes"] = 255 +# number of injected files allowed (default: 5) +default["openstack"]["compute"]["config"]["quota_injected_files"] = 5 +# number of instances allowed per project (defailt: 10) +default["openstack"]["compute"]["config"]["quota_instances"] = 10 +# number of key pairs per user (default: 100) +default["openstack"]["compute"]["config"]["quota_key_pairs"] = 100 +# number of metadata items allowed per instance (default: 128) +default["openstack"]["compute"]["config"]["quota_metadata_items"] = 128 +# megabytes of instance ram allowed per project (default: 51200) +default["openstack"]["compute"]["config"]["quota_ram"] = 51200 + +default["openstack"]["compute"]["ratelimit"]["settings"] = { + "generic-post-limit" => { "verb" => "POST", "uri" => "*", "regex" => ".*", "limit" => "10", "interval" => "MINUTE" }, + "create-servers-limit" => { "verb" => "POST", "uri" => "*/servers", "regex" => "^/servers", "limit" => "50", "interval" => "DAY" }, + "generic-put-limit" => { "verb" => "PUT", "uri" => "*", "regex" => ".*", "limit" => "10", "interval" => "MINUTE" }, + "changes-since-limit" => { "verb" => "GET", "uri" => "*changes-since*", "regex" => ".*changes-since.*", "limit" => "3", "interval" => "MINUTE" }, + "generic-delete-limit" => { "verb" => "DELETE", "uri" => "*", "regex" => ".*", "limit" => "100", "interval" => "MINUTE" } +} + +# Keystone settings +default["openstack"]["compute"]["api"]["auth_strategy"] = "keystone" + +# Setting this to v2.0. See discussion on +# https://bugs.launchpad.net/openstack-chef/+bug/1207504 +default["openstack"]["compute"]["api"]["auth"]["version"] = "v2.0" + +# Keystone PKI signing directories +default["openstack"]["compute"]["api"]["auth"]["cache_dir"] = "/var/cache/nova/api" + +# Perform nova-conductor operations locally (boolean value) +default["openstack"]["compute"]["conductor"]["use_local"] = "False" + +case platform +when "fedora", "redhat", "centos", "suse" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["compute"]["platform"] = { + "api_ec2_packages" => ["openstack-nova-api"], + "api_ec2_service" => "openstack-nova-api", + "api_os_compute_packages" => ["openstack-nova-api"], + "api_os_compute_service" => "openstack-nova-api", + "api_os_compute_process_name" => "nova-api", + "neutron_python_packages" => ["python-quantumclient", "python-pyparsing"], + "memcache_python_packages" => ["python-memcached"], + "compute_api_metadata_packages" => ["openstack-nova-api"], + "compute_api_metadata_process_name" => "nova-api", + "compute_api_metadata_service" => "openstack-nova-api", + "compute_compute_packages" => ["openstack-nova-compute"], + "compute_compute_service" => "openstack-nova-compute", + "compute_network_packages" => ["iptables", "openstack-nova-network"], + "compute_network_service" => "openstack-nova-network", + "compute_scheduler_packages" => ["openstack-nova-scheduler"], + "compute_scheduler_service" => "openstack-nova-scheduler", + "compute_conductor_packages" => ["openstack-nova-conductor"], + "compute_conductor_service" => "openstack-nova-conductor", + "compute_vncproxy_packages" => ["openstack-nova-novncproxy"], # me thinks this is right? + "compute_vncproxy_service" => "openstack-nova-novncproxy", + "compute_vncproxy_consoleauth_packages" => ["openstack-nova-console"], + "compute_vncproxy_consoleauth_service" => "openstack-nova-console", + "compute_vncproxy_consoleauth_process_name" => "nova-console", + "libvirt_packages" => ["libvirt"], + "libvirt_service" => "libvirtd", + "dbus_service" => "dbus", + "compute_cert_packages" => ["openstack-nova-cert"], + "compute_cert_service" => "openstack-nova-cert", + "mysql_service" => "mysqld", + "common_packages" => ["openstack-nova-common"], + "iscsi_helper" => "ietadm", + "nfs_packages" => ["nfs-utils", "nfs-utils-lib"], + "package_overrides" => "" + } + if platform == "redhat" || platform == "centos" + default["openstack"]["compute"]["platform"]["neutron_python_packages"] = ["python-quantumclient", "pyparsing"] + default["openstack"]["compute"]["platform"]["dbus_service"] = "messagebus" + end + if platform == "suse" + default["openstack"]["compute"]["platform"]["common_packages"] = ["openstack-nova"] + default["openstack"]["compute"]["platform"]["kvm_packages"] = ["kvm"] + default["openstack"]["compute"]["platform"]["xen_packages"] = ["kernel-xen", "xen", "xen-tools"] + default["openstack"]["compute"]["platform"]["lxc_packages"] = ["lxc"] + default["openstack"]["compute"]["platform"]["nfs_packages"] = ["nfs-utils"] + end +when "ubuntu" + default["openstack"]["compute"]["platform"] = { + "api_ec2_packages" => ["nova-api-ec2"], + "api_ec2_service" => "nova-api-ec2", + "api_os_compute_packages" => ["nova-api-os-compute"], + "api_os_compute_process_name" => "nova-api-os-compute", + "api_os_compute_service" => "nova-api-os-compute", + "memcache_python_packages" => ["python-memcache"], + "neutron_python_packages" => ["python-quantumclient", "python-pyparsing"], + "compute_api_metadata_packages" => ["nova-api-metadata"], + "compute_api_metadata_service" => "nova-api-metadata", + "compute_api_metadata_process_name" => "nova-api-metadata", + "compute_compute_packages" => ["nova-compute"], + "compute_compute_service" => "nova-compute", + "compute_network_packages" => ["iptables", "nova-network"], + "compute_network_service" => "nova-network", + "compute_scheduler_packages" => ["nova-scheduler"], + "compute_scheduler_service" => "nova-scheduler", + "compute_conductor_packages" => ["nova-conductor"], + "compute_conductor_service" => "nova-conductor", + # Websockify is needed due to https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1076442 + "compute_vncproxy_packages" => ["novnc", "websockify", "nova-novncproxy"], + "compute_vncproxy_service" => "nova-novncproxy", + "compute_vncproxy_consoleauth_packages" => ["nova-consoleauth"], + "compute_vncproxy_consoleauth_service" => "nova-consoleauth", + "compute_vncproxy_consoleauth_process_name" => "nova-consoleauth", + "libvirt_packages" => ["libvirt-bin"], + "libvirt_service" => "libvirt-bin", + "dbus_service" => "dbus", + "compute_cert_packages" => ["nova-cert"], + "compute_cert_service" => "nova-cert", + "mysql_service" => "mysql", + "common_packages" => ["nova-common"], + "iscsi_helper" => "tgtadm", + "nfs_packages" => ["nfs-common"], + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end + +# plugins +default["openstack"]["compute"]["plugins"] = nil diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb.ave b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb.ave new file mode 100644 index 000000000..e7b79803d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/attributes/default.rb.ave @@ -0,0 +1,333 @@ +######################################################################## +# Toggles - These can be overridden at the environment level +default["enable_monit"] = false # OS provides packages +######################################################################## + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["compute"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +# The name of the Chef role that knows about the message queue server +# that Nova uses +default["openstack"]["compute"]["rabbit_server_chef_role"] = "os-ops-messaging" + +default["openstack"]["compute"]["verbose"] = "False" +default["openstack"]["compute"]["debug"] = "False" + +# The name of the Chef role that sets up the Keystone Service API +default["openstack"]["compute"]["identity_service_chef_role"] = "os-identity" + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# db_password routine. +default["openstack"]["compute"]["db"]["username"] = "nova" + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["compute"]["rabbit"]["username"] = "guest" +default["openstack"]["compute"]["rabbit"]["vhost"] = "/" +default["openstack"]["compute"]["rabbit"]["port"] = 5672 +default["openstack"]["compute"]["rabbit"]["host"] = "127.0.0.1" +default["openstack"]["compute"]["rabbit"]["ha"] = false + +default["openstack"]["compute"]["service_tenant_name"] = "service" +default["openstack"]["compute"]["service_user"] = "nova" +default["openstack"]["compute"]["service_role"] = "admin" + +case platform +when "fedora", "redhat", "centos", "ubuntu" + default["openstack"]["compute"]["user"] = "nova" + default["openstack"]["compute"]["group"] = "nova" +when "suse" + default["openstack"]["compute"]["user"] = "openstack-nova" + default["openstack"]["compute"]["group"] = "openstack-nova" +end + +# Logging stuff +default["openstack"]["compute"]["syslog"]["use"] = false +default["openstack"]["compute"]["syslog"]["facility"] = "LOG_LOCAL1" +default["openstack"]["compute"]["syslog"]["config_facility"] = "local1" + +default["openstack"]["compute"]["region"] = "RegionOne" + +default["openstack"]["compute"]["floating_cmd"] = "/usr/local/bin/add_floaters.py" + +# Support multiple network types. Default network type is "nova" +# with the other option supported being "quantum" +default["openstack"]["compute"]["network"]["service_type"] = "nova" + +# if the network type is not nova, we will load the following +# plugins from openstack-network +default["openstack"]["compute"]["network"]["plugins"] = ["openvswitch"] + +# Quantum options +default["openstack"]["compute"]["network"]["quantum"]["network_api_class"] = "nova.network.quantumv2.api.API" +default["openstack"]["compute"]["network"]["quantum"]["auth_strategy"] = "keystone" +default["openstack"]["compute"]["network"]["quantum"]["admin_tenant_name"] = "service" +default["openstack"]["compute"]["network"]["quantum"]["admin_username"] = "quantum" +default["openstack"]["compute"]["network"]["quantum"]["libvirt_vif_driver"] = "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver" +default["openstack"]["compute"]["network"]["quantum"]["linuxnet_interface_driver"] = "nova.network.linux_net.LinuxOVSInterfaceDriver" +default["openstack"]["compute"]["network"]["quantum"]["security_group_api"] = "quantum" +default["openstack"]["compute"]["network"]["quantum"]["service_quantum_metadata_proxy"] = true +default["openstack"]["compute"]["network"]["quantum"]["metadata_secret_name"] = "quantum_metadata_shared_secret" +default["openstack"]["compute"]["network"]["quantum"]["public_network_name"] = "public" +default["openstack"]["compute"]["network"]["quantum"]["dns_server"] = "8.8.8.8" + +# TODO(shep): This should probably be ["openstack"]["compute"]["network"]["fixed"] +default["openstack"]["compute"]["networks"] = [ + { + "label" => "public", + "ipv4_cidr" => "192.168.100.0/24", + "num_networks" => "1", + "network_size" => "255", + "bridge" => "br100", + "bridge_dev" => "eth2", + "dns1" => "8.8.8.8", + "dns2" => "8.8.4.4", + "multi_host" => 'T' + }, + { + "label" => "private", + "ipv4_cidr" => "192.168.200.0/24", + "num_networks" => "1", + "network_size" => "255", + "bridge" => "br200", + "bridge_dev" => "eth3", + "dns1" => "8.8.8.8", + "dns2" => "8.8.4.4", + "multi_host" => 'T' + } +] + +# For VLAN Networking, do the following: +# +# default["openstack"]["compute"]["network"]["network_manager"] = "nova.network.manager.VlanManager" +# default["openstack"]["compute"]["network"]["vlan_interface"] = "eth1" # Or "eth2", "bond1", etc... +# # The fixed_range setting is the **entire** subnet/network that all your VLAN +# # networks will fit inside. +# default["openstack"]["compute"]["network"]["fixed_range"] = "10.0.0.0/8" # Or smaller for smaller deploys... +# +# In addition to the above, you typically either want to do one of the following: +# +# 1) Set default["openstack"]["compute"]["networks"] to an empty Array ([]) and create your +# VLAN networks (using nova-manage network create) **when you create a tenant**. +# +# 2) Set default["openstack"]["compute"]["networks"] to an Array of VLAN networks that get created +# **without a tenant assignment** for tenants to use when they are created later. +# Such an array might look like this: +# +# default["openstack"]["compute"]["networks"] = [ +# { +# "label": "vlan100", +# "vlan": "100", +# "ipv4_cidr": "10.0.100.0/24" +# }, +# { +# "label": "vlan101", +# "vlan": "101", +# "ipv4_cidr": "10.0.101.0/24" +# }, +# { +# "label": "vlan102", +# "vlan": "102", +# "ipv4_cidr": "10.0.102.0/24" +# }, +# ] + +default["openstack"]["compute"]["network"]["multi_host"] = false +default["openstack"]["compute"]["network"]["fixed_range"] = default["openstack"]["compute"]["networks"][0]["ipv4_cidr"] +# DMZ CIDR is a range of IP addresses that should not +# have their addresses SNAT'ed by the nova network controller +default["openstack"]["compute"]["network"]["dmz_cidr"] = "10.128.0.0/24" +default["openstack"]["compute"]["network"]["network_manager"] = "nova.network.manager.FlatDHCPManager" +default["openstack"]["compute"]["network"]["public_interface"] = "eth0" +default["openstack"]["compute"]["network"]["vlan_interface"] = "eth0" +# https://bugs.launchpad.net/nova/+bug/1075859 +default["openstack"]["compute"]["network"]["use_single_default_gateway"] = false + +default["openstack"]["compute"]["scheduler"]["scheduler_driver"] = "nova.scheduler.filter_scheduler.FilterScheduler" +default["openstack"]["compute"]["scheduler"]["default_filters"] = [ + "AvailabilityZoneFilter", + "RamFilter", + "ComputeFilter", + "CoreFilter", + "SameHostFilter", + "DifferentHostFilter" +] + +default["openstack"]["compute"]["xvpvnc_proxy"]["service_port"] = "6081" +default["openstack"]["compute"]["xvpvnc_proxy"]["bind_interface"] = "lo" +default["openstack"]["compute"]["novnc_proxy"]["service_port"] = "6080" +default["openstack"]["compute"]["novnc_proxy"]["bind_interface"] = "lo" + +default["openstack"]["compute"]["driver"] = "libvirt.LibvirtDriver" +default["openstack"]["compute"]["libvirt"]["virt_type"] = "kvm" +default["openstack"]["compute"]["libvirt"]["bind_interface"] = "lo" +default["openstack"]["compute"]["libvirt"]["auth_tcp"] = "none" +default["openstack"]["compute"]["libvirt"]["remove_unused_base_images"] = true +default["openstack"]["compute"]["libvirt"]["remove_unused_resized_minimum_age_seconds"] = 3600 +default["openstack"]["compute"]["libvirt"]["remove_unused_original_minimum_age_seconds"] = 3600 +default["openstack"]["compute"]["libvirt"]["checksum_base_images"] = false +if node["platform"] == "suse" + default["openstack"]["compute"]["libvirt"]["group"] = "libvirt" +else + default["openstack"]["compute"]["libvirt"]["group"] = "libvirtd" +end +default["openstack"]["compute"]["config"]["availability_zone"] = "nova" +default["openstack"]["compute"]["config"]["storage_availability_zone"] = "nova" +default["openstack"]["compute"]["config"]["default_schedule_zone"] = "nova" +default["openstack"]["compute"]["config"]["force_raw_images"] = false +default["openstack"]["compute"]["config"]["allow_same_net_traffic"] = true +default["openstack"]["compute"]["config"]["osapi_max_limit"] = 1000 +default["openstack"]["compute"]["config"]["cpu_allocation_ratio"] = 16.0 +default["openstack"]["compute"]["config"]["ram_allocation_ratio"] = 1.5 +default["openstack"]["compute"]["config"]["snapshot_image_format"] = "qcow2" +# `start` will cause nova-compute to error out if a VM is already running, where +# `resume` checks to see if it is running first. +default["openstack"]["compute"]["config"]["start_guests_on_host_boot"] = false +# requires https://review.openstack.org/#/c/8423/ +default["openstack"]["compute"]["config"]["resume_guests_state_on_host_boot"] = true + +# If true, create a config drive regardless of if the user specified --config-drive true in their nova boot call +default["openstack"]["compute"]["config"]["force_config_drive"] = "false" + +# Volume API class (driver) +default["openstack"]["compute"]["config"]["volume_api_class"] = "nova.volume.cinder.API" + +# quota settings +default["openstack"]["compute"]["config"]["quota_security_groups"] = 50 +default["openstack"]["compute"]["config"]["quota_security_group_rules"] = 20 +# (StrOpt) default driver to use for quota checks (default: nova.quota.DbQuotaDriver) +default["openstack"]["compute"]["config"]["quota_driver"] = "nova.quota.DbQuotaDriver" +# number of instance cores allowed per project (default: 20) +default["openstack"]["compute"]["config"]["quota_cores"] = 20 +# number of fixed ips allowed per project (this should be at least the number of instances allowed) (default: -1) +default["openstack"]["compute"]["config"]["quota_fixed_ips"] = -1 +# number of floating ips allowed per project (default: 10) +default["openstack"]["compute"]["config"]["quota_floating_ips"] = 10 +# number of bytes allowed per injected file (default: 10240) +default["openstack"]["compute"]["config"]["quota_injected_file_content_bytes"] = 10240 +# number of bytes allowed per injected file path (default: 255) +default["openstack"]["compute"]["config"]["quota_injected_file_path_bytes"] = 255 +# number of injected files allowed (default: 5) +default["openstack"]["compute"]["config"]["quota_injected_files"] = 5 +# number of instances allowed per project (defailt: 10) +default["openstack"]["compute"]["config"]["quota_instances"] = 10 +# number of key pairs per user (default: 100) +default["openstack"]["compute"]["config"]["quota_key_pairs"] = 100 +# number of metadata items allowed per instance (default: 128) +default["openstack"]["compute"]["config"]["quota_metadata_items"] = 128 +# megabytes of instance ram allowed per project (default: 51200) +default["openstack"]["compute"]["config"]["quota_ram"] = 51200 + +default["openstack"]["compute"]["ratelimit"]["settings"] = { + "generic-post-limit" => { "verb" => "POST", "uri" => "*", "regex" => ".*", "limit" => "10", "interval" => "MINUTE" }, + "create-servers-limit" => { "verb" => "POST", "uri" => "*/servers", "regex" => "^/servers", "limit" => "50", "interval" => "DAY" }, + "generic-put-limit" => { "verb" => "PUT", "uri" => "*", "regex" => ".*", "limit" => "10", "interval" => "MINUTE" }, + "changes-since-limit" => { "verb" => "GET", "uri" => "*changes-since*", "regex" => ".*changes-since.*", "limit" => "3", "interval" => "MINUTE" }, + "generic-delete-limit" => { "verb" => "DELETE", "uri" => "*", "regex" => ".*", "limit" => "100", "interval" => "MINUTE" } +} + +# Keystone settings +default["openstack"]["compute"]["api"]["auth_strategy"] = "keystone" + +# Setting this to v2.0. See discussion on +# https://bugs.launchpad.net/openstack-chef/+bug/1207504 +default["openstack"]["compute"]["api"]["auth"]["version"] = "v2.0" + +# Keystone PKI signing directories +default["openstack"]["compute"]["api"]["auth"]["cache_dir"] = "/var/cache/nova/api" + +# Perform nova-conductor operations locally (boolean value) +default["openstack"]["compute"]["conductor"]["use_local"] = "False" + +case platform +when "fedora", "redhat", "centos", "suse" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["compute"]["platform"] = { + "api_ec2_packages" => ["openstack-nova-api"], + "api_ec2_service" => "openstack-nova-api", + "api_os_compute_packages" => ["openstack-nova-api"], + "api_os_compute_service" => "openstack-nova-api", + "api_os_compute_process_name" => "nova-api", + "neutron_python_packages" => ["python-quantumclient", "pyparsing"], + "memcache_python_packages" => ["python-memcached"], + "compute_api_metadata_packages" => ["openstack-nova-api"], + "compute_api_metadata_process_name" => "nova-api", + "compute_api_metadata_service" => "openstack-nova-api", + "compute_compute_packages" => ["openstack-nova-compute"], + "compute_compute_service" => "openstack-nova-compute", + "compute_network_packages" => ["iptables", "openstack-nova-network"], + "compute_network_service" => "openstack-nova-network", + "compute_scheduler_packages" => ["openstack-nova-scheduler"], + "compute_scheduler_service" => "openstack-nova-scheduler", + "compute_conductor_packages" => ["openstack-nova-conductor"], + "compute_conductor_service" => "openstack-nova-conductor", + "compute_vncproxy_packages" => ["openstack-nova-novncproxy"], # me thinks this is right? + "compute_vncproxy_service" => "openstack-nova-novncproxy", + "compute_vncproxy_consoleauth_packages" => ["openstack-nova-console"], + "compute_vncproxy_consoleauth_service" => "openstack-nova-console", + "compute_vncproxy_consoleauth_process_name" => "nova-console", + "libvirt_packages" => ["libvirt"], + "libvirt_service" => "libvirtd", + "dbus_service" => "messagebus", + "compute_cert_packages" => ["openstack-nova-cert"], + "compute_cert_service" => "openstack-nova-cert", + "mysql_service" => "mysqld", + "common_packages" => ["openstack-nova-common"], + "iscsi_helper" => "ietadm", + "nfs_packages" => ["nfs-utils", "nfs-utils-lib"], + "package_overrides" => "" + } + if platform == "suse" + default["openstack"]["compute"]["platform"]["common_packages"] = ["openstack-nova"] + default["openstack"]["compute"]["platform"]["kvm_packages"] = ["kvm"] + default["openstack"]["compute"]["platform"]["xen_packages"] = ["kernel-xen", "xen", "xen-tools"] + default["openstack"]["compute"]["platform"]["lxc_packages"] = ["lxc"] + default["openstack"]["compute"]["platform"]["nfs_packages"] = ["nfs-utils"] + end +when "ubuntu" + default["openstack"]["compute"]["platform"] = { + "api_ec2_packages" => ["nova-api-ec2"], + "api_ec2_service" => "nova-api-ec2", + "api_os_compute_packages" => ["nova-api-os-compute"], + "api_os_compute_process_name" => "nova-api-os-compute", + "api_os_compute_service" => "nova-api-os-compute", + "memcache_python_packages" => ["python-memcache"], + "neutron_python_packages" => ["python-quantumclient", "python-pyparsing"], + "compute_api_metadata_packages" => ["nova-api-metadata"], + "compute_api_metadata_service" => "nova-api-metadata", + "compute_api_metadata_process_name" => "nova-api-metadata", + "compute_compute_packages" => ["nova-compute"], + "compute_compute_service" => "nova-compute", + "compute_network_packages" => ["iptables", "nova-network"], + "compute_network_service" => "nova-network", + "compute_scheduler_packages" => ["nova-scheduler"], + "compute_scheduler_service" => "nova-scheduler", + "compute_conductor_packages" => ["nova-conductor"], + "compute_conductor_service" => "nova-conductor", + # Websockify is needed due to https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1076442 + "compute_vncproxy_packages" => ["novnc", "websockify", "nova-novncproxy"], + "compute_vncproxy_service" => "nova-novncproxy", + "compute_vncproxy_consoleauth_packages" => ["nova-consoleauth"], + "compute_vncproxy_consoleauth_service" => "nova-consoleauth", + "compute_vncproxy_consoleauth_process_name" => "nova-consoleauth", + "libvirt_packages" => ["libvirt-bin"], + "libvirt_service" => "libvirt-bin", + "dbus_service" => "dbus", + "compute_cert_packages" => ["nova-cert"], + "compute_cert_service" => "nova-cert", + "mysql_service" => "mysql", + "common_packages" => ["nova-common"], + "iscsi_helper" => "tgtadm", + "nfs_packages" => ["nfs-common"], + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end + +# plugins +default["openstack"]["compute"]["plugins"] = nil diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/add_floaters.py b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/add_floaters.py new file mode 100644 index 000000000..0b80756bf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/add_floaters.py @@ -0,0 +1,148 @@ +#! /usr/bin/env python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2013 AT&T Services, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +import subprocess + +import netaddr + +DESCRIPTION = "A `nova-manage floating create` and `quantum net create` wrapper." + + +class FloatingAddress(object): + """ + A simple wrapper class for creating networks. Often + times there are reserved addresses at the start of a + network, nova-manage doesn't account for this. + + TODO(retr0h): This should really be added to nova-manage. + TODO(jaypipes): Instead of subprocess calls, just use the quantumclient + """ + + def __init__(self, args): + self._args = args + + def nova_add_cidr(self, cidr): + """ + Validates the provided cider address, and passes it to nova-manage. + + :param cidr: A string containing a valid CIDR address. + """ + netaddr.IPNetwork(cidr) + self.nova_add_floating(cidr) + + def nova_add_range(self, start, end): + """ + Takes a start and end range, and creates individual host addresses. + + :param start: A string containing the start of the range. + :param end: A string containing the end of the range. + """ + ip_list = list(netaddr.iter_iprange(start, end)) + for ip in ip_list: + self.nova_add_floating(ip) + + def nova_add_floating(self, ip): + cmd = "nova-manage floating create --ip_range={0}".format(ip) + if self._args.pool: + cmd += ' --pool={0}'.format(self._args.pool) + if self._args.interface: + cmd += ' --interface={0}'.format(self._args.interface) + + subprocess.check_call(cmd, shell=True) + + def neutron_add_floating(self, cidr): + + # convert cidr string to IPNetwork object + cidr = netaddr.IPNetwork(cidr) + + # ensure we have a public network and we only ever create one + cmd = "NETLIST=$(quantum net-list -c name); if [ $? -eq 0 ]; then if ! echo $NETLIST | grep -q %s; then quantum net-create %s -- --router:external=True; fi; fi;" % (self._args.pool, self._args.pool) + + try: + subprocess.check_call(cmd, shell=True) + except: + # we failed to query the quanutm api, we'll ignore this error + # and return now so any surrounding chef runs can continue + # since this script may actually be running on the quantum api + print "ERROR: Failed to query the quantum api for the public network" + return + + cmd = "quantum subnet-list -Fcidr -fcsv --quote=none | grep '%s'" % cidr + + res = subprocess.call(cmd, shell=True) + if res == 0: + # Subnet has already been created... + return + + # calculate the start and end values + ip_start = cidr.ip + ip_end = netaddr.IPAddress(cidr.last-1) + + # create a new subnet + cmd = "quantum subnet-create --allocation-pool start=%s,end=%s %s %s -- --enable_dhcp=False" % \ + (ip_start, ip_end, self._args.pool, cidr) + subprocess.check_call(cmd, shell=True) + + +def parse_args(): + ap = argparse.ArgumentParser(description=DESCRIPTION) + subparsers = ap.add_subparsers(help='sub-command help', dest='subparser_name') + + # create the parser for the "nova" command + parser_nova = subparsers.add_parser('nova', help='Use Nova Backend') + parser_nova.add_argument('--pool', + required=True, + help="Name of the floating pool") + parser_nova.add_argument('--interface', + required=False, + help="Network interface to bring the floating " + "addresses up on") + group = parser_nova.add_mutually_exclusive_group(required=True) + group.add_argument('--cidr', + help="A CIDR notation of addresses to add " + "(e.g. 192.168.0.0/24)") + group.add_argument('--ip-range', + help="A range of addresses to add " + "(e.g. 192.168.0.10,192.168.0.50)") + + # create the parser for the "neutron command" + parser_neutron = subparsers.add_parser('neutron', help='Use Neutron Backend') + parser_neutron.add_argument('--cidr', + required=True, + help="A CIDR notation of addresses to add " + "(e.g. 192.168.0.11/24 to start at .11 " + "and end at .254)") + parser_neutron.add_argument('--pool', + required=True, + help="Name of the public network") + return ap.parse_args() + +if __name__ == '__main__': + args = parse_args() + fa = FloatingAddress(args) + + if args.subparser_name == 'nova': + if args.cidr: + fa.nova_add_cidr(args.cidr) + elif args.ip_range: + start, end = args.ip_range.split(',') + fa.nova_add_range(start, end) + + elif args.subparser_name == 'neutron': + fa.neutron_add_floating(args.cidr) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova-compute.conf b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova-compute.conf new file mode 100644 index 000000000..099e72c1c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova-compute.conf @@ -0,0 +1,5 @@ +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +# +# P.S. Ubuntu YOUR DOING IT WRONG!! +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova_plugin.py b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova_plugin.py new file mode 100644 index 000000000..3876f19c6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/nova_plugin.py @@ -0,0 +1,135 @@ +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from keystoneclient.v2_0 import Client as KeystoneClient +from novaclient.client import Client as NovaClient +from novaclient import exceptions + +import collectd + +global NAME, OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL, VERBOSE_LOGGING + +NAME = "nova_plugin" +OS_USERNAME = "username" +OS_PASSWORD = "password" +OS_TENANT_NAME = "tenantname" +OS_AUTH_URL = "http://localhost:5000/v2.0" +VERBOSE_LOGGING = False + +def get_stats(user, passwd, tenant, url): + keystone = KeystoneClient(username=user, password=passwd, tenant_name=tenant, auth_url=url) + + # Find my uuid + user_list = keystone.users.list() + admin_uuid = "" + for usr in user_list: + if usr.name == user: + admin_uuid = usr.id + + # Find out which tenants I have roles in + tenant_list = keystone.tenants.list() + my_tenants = list() + for tenant in tenant_list: + if keystone.users.list_roles(user=admin_uuid, tenant=tenant.id): + my_tenants.append( { "name": tenant.name, "id": tenant.id } ) + + #prefix = "openstack.nova.cluster" + prefix = "openstack.nova" + + # Default data structure + data = dict() + + # Prep counters + data["%s.total.count" % (prefix)] = 0 + counters = ('ram', 'vcpus', 'disk', 'ephemeral') + for counter in counters: + data["%s.total.%s" % (prefix,counter)] = 0 + + # for tenant in tenant_list: + for tenant in my_tenants: + client = NovaClient("1.1",user,passwd,tenant['name'],url,service_type="compute") + + # Figure out how much ram has been allocated total for all servers + server_list = client.servers.list() + data["%s.total.count" % (prefix)] += len(server_list) + + data["%s.tenant.%s.count" % (prefix,tenant['name'])] = 0 + + for server in server_list: + flavor = client.flavors.get(int(server.flavor["id"])) + tenant_uuid = keystone.tenants.get(server.tenant_id).name + data["%s.tenant.%s.count" % (prefix,tenant_uuid)] += 1 + for counter in counters: + data["%s.total.%s" % (prefix,counter)] += int(flavor.__getattribute__(counter)) + if "%s.%s.%s" % (prefix,tenant_uuid, counter) in data: + data["%s.tenant.%s.%s" % (prefix,tenant_uuid,counter)] += int(flavor.__getattribute__(counter)) + else: + data["%s.tenant.%s.%s" % (prefix,tenant_uuid,counter)] = int(flavor.__getattribute__(counter)) + + ########## + # debug + for key in data.keys(): + print "%s = %s" % (key, data[key]) + ########## + + return data + + +def configure_callback(conf): + """Received configuration information""" + global OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL, VERBOSE_LOGGING + for node in conf.children: + if node.key == "Username": + OS_USERNAME = node.values[0] + elif node.key == "Password": + OS_PASSWORD = node.values[0] + elif node.key == "TenantName": + OS_TENANT_NAME = node.values[0] + elif node.key == "AuthURL": + OS_AUTH_URL = node.values[0] + elif node.key == "Verbose": + VERBOSE_LOGGING = node.values[0] + else: + logger("warn", "Unknown config key: %s" % node.key) + + +def read_callback(): + logger("verb", "read_callback") + info = get_stats(OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL) + + if not info: + logger("err", "No information received") + return + + for key in info.keys(): + logger('verb', 'Dispatching %s : %i' % (key, int(info[key]))) + val = collectd.Values(plugin=key) + val.type = 'gauge' + val.values = [int(info[key])] + val.dispatch() + + +def logger(t, msg): + if t == 'err': + collectd.error('%s: %s' % (NAME, msg)) + if t == 'warn': + collectd.warning('%s: %s' % (NAME, msg)) + elif t == 'verb' and VERBOSE_LOGGING == True: + collectd.info('%s: %s' % (NAME, msg)) + +collectd.register_config(configure_callback) +collectd.warning("Initializing nova plugin") +collectd.register_read(read_callback) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/policy.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/policy.json new file mode 100644 index 000000000..373c5688b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/files/default/policy.json @@ -0,0 +1,3 @@ +{ + "context_is_admin": [["role:admin"]] +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/metadata.rb new file mode 100644 index 000000000..dcfea7d72 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/metadata.rb @@ -0,0 +1,33 @@ +name "openstack-compute" +maintainer "Opscode, Inc." +maintainer_email "matt@opscode.com" +license "Apache 2.0" +description "The OpenStack Compute service Nova." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.0" + +recipe "openstack-compute::api-ec2", "Installs AWS EC2 compatible API" +recipe "openstack-compute::api-metadata", "Installs the nova metadata package" +recipe "openstack-compute::api-os-compute", "Installs OS API" +recipe "openstack-compute::compute", "nova-compute service" +recipe "openstack-compute::libvirt", "Installs libvirt, used by nova compute for management of the virtual machine environment" +recipe "openstack-compute::identity_registration", "Registers the API and EC2 endpoints with Keystone" +recipe "openstack-compute::network", "Installs nova network service" +recipe "openstack-compute::nova-cert", "Installs nova-cert service" +recipe "openstack-compute::nova-common", "Builds the basic nova.conf config file with details of the rabbitmq, mysql, glance and keystone servers" +recipe "openstack-compute::nova-setup", "Sets up the nova database on the mysql server, including the initial schema and subsequent creation of the appropriate networks" +recipe "openstack-compute::scheduler", "Installs nova scheduler service" +recipe "openstack-compute::vncproxy", "Installs and configures the vncproxy service for console access to VMs" + +%w{ ubuntu fedora redhat centos suse }.each do |os| + supports os +end + +depends "openstack-common", "~> 0.4.0" +depends "openstack-identity", "~> 7.0.0" +depends "openstack-image", "~> 7.0.0" +depends "openstack-network", "~> 7.0.0" +depends "selinux" +depends "sysctl" +depends "yum" +depends "python" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-ec2.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-ec2.rb new file mode 100644 index 000000000..6f4ea907c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-ec2.rb @@ -0,0 +1,83 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: api-ec2 +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +directory "/var/lock/nova" do + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00700 + + action :create +end + +package "python-keystone" do + action :upgrade +end + +platform_options["api_ec2_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +service "nova-api-ec2" do + service_name platform_options["api_ec2_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action :enable +end + +identity_endpoint = endpoint "identity-api" +identity_admin_endpoint = endpoint "identity-admin" +service_pass = service_password "openstack-compute" + +#TODO(jaypipes): Move this logic and stuff into the openstack-common +# library cookbook. +auth_uri = identity_endpoint.to_s +if node["openstack"]["compute"]["api"]["auth"]["version"] != "v2.0" + # The auth_uri should contain /v2.0 in most cases, but if the + # auth_version is v3.0, we leave it off. This is only necessary + # for environments that need to support V3 non-default-domain + # tokens, which is really the only reason to set version to + # something other than v2.0 (the default) + auth_uri = auth_uri.gsub('/v2.0', '') +end + +template "/etc/nova/api-paste.ini" do + source "api-paste.ini.erb" + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00644 + variables( + :auth_uri => auth_uri, + :identity_admin_endpoint => identity_admin_endpoint, + :service_pass => service_pass + ) + notifies :restart, "service[nova-api-ec2]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-metadata.rb new file mode 100644 index 000000000..555620312 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-metadata.rb @@ -0,0 +1,86 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: api-metadata +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +directory "/var/lock/nova" do + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00700 + + action :create +end + +package "python-keystone" do + action :upgrade +end + +platform_options["compute_api_metadata_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +service "nova-api-metadata" do + service_name platform_options["compute_api_metadata_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action :enable +end + +identity_endpoint = endpoint "identity-api" +identity_admin_endpoint = endpoint "identity-admin" +service_pass = service_password "openstack-compute" + +#TODO(jaypipes): Move this logic and stuff into the openstack-common +# library cookbook. +auth_uri = identity_endpoint.to_s +if node["openstack"]["compute"]["api"]["auth"]["version"] != "v2.0" + # The auth_uri should contain /v2.0 in most cases, but if the + # auth_version is v3.0, we leave it off. This is only necessary + # for environments that need to support V3 non-default-domain + # tokens, which is really the only reason to set version to + # something other than v2.0 (the default) + auth_uri = auth_uri.gsub('/v2.0', '') +end + +template "/etc/nova/api-paste.ini" do + source "api-paste.ini.erb" + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00644 + variables( + :auth_uri => auth_uri, + :identity_admin_endpoint => identity_admin_endpoint, + :service_pass => service_pass + ) + notifies :restart, "service[nova-api-metadata]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-os-compute.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-os-compute.rb new file mode 100644 index 000000000..d60b4eb0b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/api-os-compute.rb @@ -0,0 +1,87 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: api-os-compute +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +directory "/var/lock/nova" do + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00700 +end + +directory ::File.dirname(node["openstack"]["compute"]["api"]["auth"]["cache_dir"]) do + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00700 +end + +package "python-keystone" do + action :upgrade +end + +platform_options["api_os_compute_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +service "nova-api-os-compute" do + service_name platform_options["api_os_compute_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action [:enable, :start] +end + +identity_endpoint = endpoint "identity-api" +identity_admin_endpoint = endpoint "identity-admin" +service_pass = service_password "openstack-compute" + +#TODO(jaypipes): Move this logic and stuff into the openstack-common +# library cookbook. +auth_uri = identity_endpoint.to_s +if node["openstack"]["compute"]["api"]["auth"]["version"] != "v2.0" + # The auth_uri should contain /v2.0 in most cases, but if the + # auth_version is v3.0, we leave it off. This is only necessary + # for environments that need to support V3 non-default-domain + # tokens, which is really the only reason to set version to + # something other than v2.0 (the default) + auth_uri = auth_uri.gsub('/v2.0', '') +end + +template "/etc/nova/api-paste.ini" do + source "api-paste.ini.erb" + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00644 + variables( + :auth_uri => auth_uri, + :identity_admin_endpoint => identity_admin_endpoint, + :service_pass => service_pass + ) + notifies :restart, "service[nova-api-os-compute]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/compute.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/compute.rb new file mode 100644 index 000000000..ab563d1b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/compute.rb @@ -0,0 +1,78 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: compute +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-compute::nova-common" +include_recipe "openstack-compute::api-metadata" +unless node.run_list.include? "openstack-network::server" + include_recipe "openstack-compute::network" +end + +platform_options = node["openstack"]["compute"]["platform"] +# Note(maoy): Make sure compute_compute_packages is not a node object. +# so that this is compatible with chef 11 when being changed later. +compute_compute_packages = Array.new(platform_options["compute_compute_packages"]) + +if platform?(%w(ubuntu)) + if node["openstack"]["compute"]["libvirt"]["virt_type"] == "kvm" + compute_compute_packages << "nova-compute-kvm" + elsif node["openstack"]["compute"]["libvirt"]["virt_type"] == "qemu" + compute_compute_packages << "nova-compute-qemu" + end +end + +compute_compute_packages.each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +# Installing nfs client packages because in grizzly, cinder nfs is supported +# Never had to install iscsi packages because nova-compute package depends it +# So volume-attach 'just worked' before - alop +platform_options["nfs_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +cookbook_file "/etc/nova/nova-compute.conf" do + source "nova-compute.conf" + mode 00644 + + action :create +end + +service "nova-compute" do + service_name platform_options["compute_compute_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action [:enable, :start] +end + +include_recipe "openstack-compute::libvirt" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/conductor.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/conductor.rb new file mode 100644 index 000000000..fe80ba73d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/conductor.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: nova +# Recipe:: conductor +# +# Copyright 2012, Rackspace US, Inc. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +platform_options["compute_conductor_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :upgrade + end +end + +service "nova-conductor" do + service_name platform_options["compute_conductor_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + action [:enable, :start] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/default.rb new file mode 100644 index 000000000..6fa23bb3d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/identity_registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/identity_registration.rb new file mode 100644 index 000000000..a0726b821 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/identity_registration.rb @@ -0,0 +1,116 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: identity_registration +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +identity_admin_endpoint = endpoint "identity-admin" +bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" +auth_uri = ::URI.decode identity_admin_endpoint.to_s +service_pass = service_password "openstack-compute" +service_user = node["openstack"]["compute"]["service_user"] +service_role = node["openstack"]["compute"]["service_role"] +service_tenant_name = node["openstack"]["compute"]["service_tenant_name"] +nova_api_endpoint = endpoint "compute-api" +ec2_admin_endpoint = endpoint "compute-ec2-admin" +ec2_public_endpoint = endpoint "compute-ec2-api" +region = node["openstack"]["compute"]["region"] + +# Register Service Tenant +openstack_identity_register "Register Service Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + tenant_description "Service Tenant" + + action :create_tenant +end + +# Register Service User +openstack_identity_register "Register Service User" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + user_pass service_pass + + action :create_user +end + +## Grant Admin role to Service User for Service Tenant ## +openstack_identity_register "Grant 'admin' Role to Service User for Service Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + role_name service_role + + action :grant_role +end + +# Register Compute Service +openstack_identity_register "Register Compute Service" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name "nova" + service_type "compute" + service_description "Nova Compute Service" + + action :create_service +end + +# Register Compute Endpoint +openstack_identity_register "Register Compute Endpoint" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_type "compute" + endpoint_region region + endpoint_adminurl ::URI.decode nova_api_endpoint.to_s + endpoint_internalurl ::URI.decode nova_api_endpoint.to_s + endpoint_publicurl ::URI.decode nova_api_endpoint.to_s + + action :create_endpoint +end + +# Register EC2 Service +openstack_identity_register "Register EC2 Service" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name "ec2" + service_type "ec2" + service_description "EC2 Compatibility Layer" + + action :create_service +end + +# Register EC2 Endpoint +openstack_identity_register "Register EC2 Endpoint" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_type "ec2" + endpoint_region region + endpoint_adminurl ::URI.decode ec2_admin_endpoint.to_s + endpoint_internalurl ::URI.decode ec2_public_endpoint.to_s + endpoint_publicurl ::URI.decode ec2_public_endpoint.to_s + + action :create_endpoint +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/libvirt.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/libvirt.rb new file mode 100644 index 000000000..b003ec74b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/libvirt.rb @@ -0,0 +1,206 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: libvirt +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +platform_options = node["openstack"]["compute"]["platform"] + +platform_options["libvirt_packages"].each do |pkg| + package pkg do + action :install + end +end + +def set_grub_default_kernel(flavor='default') + default_boot, current_default = 0, nil + + # parse menu.lst, to find boot index for selected flavor + File.open('/boot/grub/menu.lst') do |f| + f.lines.each do |line| + current_default = line.scan(/\d/).first.to_i if line.start_with?('default') + + if line.start_with?('title') + if flavor.eql?('xen') + # found boot index + break if line.include?('Xen') + else + # take first kernel as default, unless we are searching for xen + # kernel + break + end + default_boot += 1 + end + end + end + + # change default option for /boot/grub/menu.lst + unless current_default.eql?(default_boot) + ::Chef::Log.info("Changed grub default to #{default_boot}") + %x[sed -i -e "s;^default.*;default #{default_boot};" /boot/grub/menu.lst] + end +end + +def set_grub2_default_kernel(flavor='default') + boot_entry = "'openSUSE GNU/Linux, with Xen hypervisor'" + if system("grub2-set-default #{boot_entry}") + ::Chef::Log.info("Changed grub2 default to #{boot_entry}") + else + ::Chef::Application.fatal!( + "Unable to change grub2 default to #{boot_entry}") + end +end + +def set_boot_kernel_and_trigger_reboot(flavor='default') + # only default and xen flavor is supported by this helper right now + if File.exists?("/boot/grub/menu.lst") + set_grub_default_kernel(flavor) + elsif File.exists?("/etc/default/grub") + set_grub2_default_kernel(flavor) + else + ::Chef::Application.fatal!( + "Unknown bootloader. Could not change boot kernel.") + end + + # trigger reboot through reboot_handler, if kernel-$flavor is not yet + # running + unless %x[uname -r].include?(flavor) + node.run_state["reboot"] = true + end +end + +# on suse nova-compute don't depends on any virtualization mechanism +case node["platform"] +when "suse" + case node["openstack"]["compute"]["libvirt"]["virt_type"] + when "kvm" + node["openstack"]["compute"]["platform"]["kvm_packages"].each do |pkg| + package pkg do + action :install + end + end + execute "loading kvm modules" do + command "grep -q vmx /proc/cpuinfo && /sbin/modprobe kvm-intel; grep -q svm /proc/cpuinfo && /sbin/modprobe kvm-amd; /sbin/modprobe vhost-net" + end + # NOTE(saschpe): Allow switching from XEN to KVM: + set_boot_kernel_and_trigger_reboot + + when "xen" + node["openstack"]["compute"]["platform"]["xen_packages"].each do |pkg| + package pkg do + action :install + end + end + set_boot_kernel_and_trigger_reboot('xen') + + when "qemu" + node["openstack"]["compute"]["platform"]["kvm_packages"].each do |pkg| + package pkg do + action :install + end + end + + when "lxc" + node["openstack"]["compute"]["platform"]["lxc_packages"].each do |pkg| + package pkg do + action :install + end + end + service "boot.cgroup" do + action [:enable, :start] + end + end +end + +group node["openstack"]["compute"]["libvirt"]["group"] do + append true + members [node["openstack"]["compute"]["group"]] + + action :create + only_if { platform? %w{suse fedora redhat centos} } +end + +# http://fedoraproject.org/wiki/Getting_started_with_OpenStack_EPEL#Installing_within_a_VM +# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-system-x86_64 +link "/usr/bin/qemu-system-x86_64" do + to "/usr/libexec/qemu-kvm" + + only_if { platform? %w{fedora redhat centos} } +end + +service "dbus" do + service_name platform_options["dbus_service"] + supports :status => true, :restart => true + + action [:enable, :start] +end + +service "libvirt-bin" do + service_name platform_options["libvirt_service"] + supports :status => true, :restart => true + + action [:enable, :start] +end + +execute "Disabling default libvirt network" do + command "virsh net-autostart default --disable" + + only_if "virsh net-list | grep -q default" +end + +execute "Deleting default libvirt network" do + command "virsh net-destroy default" + + only_if "virsh net-list | grep -q default" +end + +# TODO(breu): this section needs to be rewritten to support key privisioning +template "/etc/libvirt/libvirtd.conf" do + source "libvirtd.conf.erb" + owner "root" + group "root" + mode 00644 + variables( + :auth_tcp => node["openstack"]["compute"]["libvirt"]["auth_tcp"], + :libvirt_group => node["openstack"]["compute"]["libvirt"]["group"] + ) + + notifies :restart, "service[libvirt-bin]", :immediately + not_if { platform? "suse" } +end + +template "/etc/default/libvirt-bin" do + source "libvirt-bin.erb" + owner "root" + group "root" + mode 00644 + + notifies :restart, "service[libvirt-bin]", :immediately + + only_if { platform? %w{ubuntu debian} } +end + +template "/etc/sysconfig/libvirtd" do + source "libvirtd.erb" + owner "root" + group "root" + mode 00644 + + notifies :restart, "service[libvirt-bin]", :immediately + + only_if { platform? %w{fedora redhat centos} } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/network.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/network.rb new file mode 100644 index 000000000..b94822b05 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/network.rb @@ -0,0 +1,52 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: network +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +# the only type of network we process here is nova, otherwise for +# quantum, the network will be setup by the inclusion of +# openstack-network recipes + +if node["openstack"]["compute"]["network"]["service_type"] == "nova" + + platform_options["compute_network_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end + end + + service "nova-network" do + service_name platform_options["compute_network_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + action :enable + end + +else + + node["openstack"]["compute"]["network"]["plugins"].each do |plugin| + include_recipe "openstack-network::#{plugin}" + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-cert.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-cert.rb new file mode 100644 index 000000000..c947ddc74 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-cert.rb @@ -0,0 +1,38 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: nova-cert +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "openstack-compute::nova-common" + +platform_options=node["openstack"]["compute"]["platform"] + +platform_options["compute_cert_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +service "nova-cert" do + service_name platform_options["compute_cert_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action :enable +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-common.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-common.rb new file mode 100644 index 000000000..0f95d9a67 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-common.rb @@ -0,0 +1,208 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: nova-common +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +if platform?(%w(fedora redhat centos)) # :pragma-foodcritic: ~FC024 - won't fix this + include_recipe "yum::epel" +end +if node["openstack"]["compute"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform_options = node["openstack"]["compute"]["platform"] + +platform_options["common_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +# required to run more than one consoleauth process +platform_options["memcache_python_packages"].each do |pkg| + package pkg do + action :install + end +end + +directory "/etc/nova" do + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00700 + + action :create +end + +directory "/etc/nova/rootwrap.d" do + # Must be root! + owner "root" + group "root" + mode 00700 + + action :create +end + +db_user = node["openstack"]["compute"]["db"]["username"] +db_pass = db_password "nova" +sql_connection = db_uri("compute", db_user, db_pass) + +if node["openstack"]["compute"]["rabbit"]["ha"] + rabbit_hosts = rabbit_servers +end +rabbit_pass = user_password node["openstack"]["compute"]["rabbit"]["username"] + +identity_service_role = node["openstack"]["compute"]["identity_service_chef_role"] + +if node.run_list.roles.include?(identity_service_role) + # if role is on this node, just return the node hash + keystone = node +else + # otherwise go searching + keystone = search_for(identity_service_role).first +end + +ksadmin_tenant_name = keystone["openstack"]["identity"]["admin_tenant_name"] +ksadmin_user = keystone["openstack"]["identity"]["admin_user"] +ksadmin_pass = user_password ksadmin_user + +memcache_servers = memcached_servers.join "," + +# find the node attribute endpoint settings for the server holding a given role +identity_endpoint = endpoint "identity-api" +xvpvnc_endpoint = endpoint "compute-xvpvnc" || {} +novnc_endpoint = endpoint "compute-novnc" || {} +compute_api_endpoint = endpoint "compute-api" || {} +ec2_public_endpoint = endpoint "compute-ec2-api" || {} +network_endpoint = endpoint "network-api" || {} +image_endpoint = endpoint "image-api" + +Chef::Log.debug("openstack-compute::nova-common:keystone|#{keystone}") +Chef::Log.debug("openstack-compute::nova-common:ksadmin_user|#{ksadmin_user}") +Chef::Log.debug("openstack-compute::nova-common:ksadmin_tenant_name|#{ksadmin_tenant_name}") +Chef::Log.debug("openstack-compute::nova-common:identity_endpoint|#{identity_endpoint.to_s}") +Chef::Log.debug("openstack-compute::nova-common:xvpvnc_endpoint|#{xvpvnc_endpoint.to_s}") +Chef::Log.debug("openstack-compute::nova-common:novnc_endpoint|#{novnc_endpoint.to_s}") +Chef::Log.debug("openstack-compute::nova-common:compute_api_endpoint|#{::URI.decode compute_api_endpoint.to_s}") +Chef::Log.debug("openstack-compute::nova-common:ec2_public_endpoint|#{ec2_public_endpoint.to_s}") +Chef::Log.debug("openstack-compute::nova-common:network_endpoint|#{network_endpoint.to_s}") +Chef::Log.debug("openstack-compute::nova-common:image_endpoint|#{image_endpoint.to_s}") + +vnc_bind_ip = address_for node["openstack"]["compute"]["libvirt"]["bind_interface"] +xvpvnc_proxy_ip = address_for node["openstack"]["compute"]["xvpvnc_proxy"]["bind_interface"] +novnc_proxy_ip = address_for node["openstack"]["compute"]["novnc_proxy"]["bind_interface"] + +if node["openstack"]["compute"]["network"]["service_type"] == "quantum" + quantum_admin_password = service_password "openstack-network" + quantum_metadata_proxy_shared_secret = secret "secrets", "quantum_metadata_secret" +else + quantum_admin_password = nil + quantum_metadata_proxy_shared_secret = nil +end + +template "/etc/nova/nova.conf" do + source "nova.conf.erb" + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection, + :novncproxy_base_url => novnc_endpoint.to_s, + :xvpvncproxy_base_url => xvpvnc_endpoint.to_s, + :xvpvncproxy_bind_host => xvpvnc_proxy_ip, + :novncproxy_bind_host => novnc_proxy_ip, + :vncserver_listen => vnc_bind_ip, + :vncserver_proxyclient_address => vnc_bind_ip, + :memcache_servers => memcache_servers, + :rabbit_password => rabbit_pass, + :rabbit_hosts => rabbit_hosts, + :identity_endpoint => identity_endpoint, + # TODO(jaypipes): No support here for >1 image API servers + # with the glance_api_servers configuration option... + :glance_api_ipaddress => image_endpoint.host, + :glance_api_port => image_endpoint.port, + :iscsi_helper => platform_options["iscsi_helper"], + :scheduler_default_filters => node["openstack"]["compute"]["scheduler"]["default_filters"].join(","), + :osapi_compute_link_prefix => compute_api_endpoint.to_s, + :network_endpoint => network_endpoint, + :quantum_admin_password => quantum_admin_password, + :quantum_metadata_proxy_shared_secret => quantum_metadata_proxy_shared_secret + ) +end + +template "/etc/nova/rootwrap.conf" do + source "rootwrap.conf.erb" + # Must be root! + owner "root" + group "root" + mode 00644 +end + +template "/etc/nova/rootwrap.d/api-metadata.filters" do + source "rootwrap.d/api-metadata.filters.erb" + # Must be root! + owner "root" + group "root" + mode 00644 +end + +template "/etc/nova/rootwrap.d/compute.filters" do + source "rootwrap.d/compute.filters.erb" + # Must be root! + owner "root" + group "root" + mode 00644 +end + +template "/etc/nova/rootwrap.d/network.filters" do + source "rootwrap.d/network.filters.erb" + # Must be root! + owner "root" + group "root" + mode 00644 +end + +# TODO: need to re-evaluate this for accuracy +# TODO(jaypipes): This should be moved into openstack-common +# and evaluated only on nodes with admin privs. +template "/root/openrc" do + source "openrc.erb" + # Must be root! + owner "root" + group "root" + mode 00600 + variables( + :user => ksadmin_user, + :tenant => ksadmin_tenant_name, + :password => ksadmin_pass, + :identity_endpoint => identity_endpoint, + :auth_strategy => "keystone", + :ec2_url => ec2_public_endpoint.to_s + ) +end + +execute "enable nova login" do + command "usermod -s /bin/sh #{node["openstack"]["compute"]["user"]}" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-setup.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-setup.rb new file mode 100644 index 000000000..8bc3d12b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/nova-setup.rb @@ -0,0 +1,134 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: nova-setup +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-compute::nova-common" + +execute "nova-manage db sync" do + command "nova-manage db sync" + + action :run +end + +case node["openstack"]["compute"]["network"]["service_type"] +when "nova" + + next_vlan = 100 + node["openstack"]["compute"]["networks"].each do |net| + execute "nova-manage network create --label=#{net['label']}" do + # The only two required keys in each network Hash + # are "label" and "ipv4_cidr". + cmd = "nova-manage network create --label=#{net['label']} --fixed_range_v4=#{net['ipv4_cidr']}" + if net.has_key?("multi_host") + cmd += " --multi_host='#{net['multi_host']}'" + end + if net.has_key?("num_networks") + cmd += " --num_networks=#{net['num_networks']}" + end + if net.has_key?("network_size") + cmd += " --network_size=#{net['network_size']}" + end + if net.has_key?("bridge") + cmd += " --bridge=#{net['bridge']}" + end + # Older attributes have the key as "bridge_dev" instead + # of "bridge_interface"... + if net.has_key?("bridge_interface") or net.has_key?("bridge_dev") + val = net.has_key?("bridge_interface") ? net["bridge_interface"] : net["bridge_dev"] + cmd += " --bridge_interface=#{val}" + end + if net.has_key?("dns1") + cmd += " --dns1=#{net['dns1']}" + end + if net.has_key?("dns2") + cmd += " --dns2=#{net['dns2']}" + end + if net.has_key?("vlan") + cmd += " --vlan=#{net['vlan']}" + elsif node["openstack"]["compute"]["network"]["network_manager"] == "nova.network.manager.VlanManager" + cmd += " --vlan=#{next_vlan}" + next_vlan = next_vlan + 1 + end + + command cmd + not_if "nova-manage network list | grep #{net['ipv4_cidr']}" + + action :run + end + end + + cookbook_file node["openstack"]["compute"]["floating_cmd"] do + source "add_floaters.py" + mode 00755 + + action :create + end + + floating = node["openstack"]["compute"]["network"]["floating"] + if floating && (floating["ipv4_cidr"] || floating["ipv4_range"]) + cmd = "" + if floating["ipv4_cidr"] + cmd = "#{node["openstack"]["compute"]["floating_cmd"]} nova --cidr=#{floating["ipv4_cidr"]}" + elsif floating["ipv4_range"] + cmd = "#{node["openstack"]["compute"]["floating_cmd"]} nova --ip-range=#{floating["ipv4_range"]}" + end + + execute "nova-manage floating create" do + command cmd + + not_if "nova-manage floating list |grep -E '.*([0-9]{1,3}[\.]){3}[0-9]{1,3}*'" + + action :run + end + end + +when "quantum", "neutron" + + platform_options = node["openstack"]["compute"]["platform"] + + platform_options["neutron_python_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :upgrade + end + end + + cookbook_file node["openstack"]["compute"]["floating_cmd"] do + source "add_floaters.py" + mode 00755 + + action :create + end + + floating = node["openstack"]["compute"]["network"]["floating"] + if floating && floating["ipv4_cidr"] + cmd = ". /root/openrc && #{node["openstack"]["compute"]["floating_cmd"]} neutron --cidr=#{floating["ipv4_cidr"]} --pool=#{floating["public_network_name"]}" + + execute "quantum floating create" do + command cmd + not_if ". /root/openrc && quantum floatingip-list |grep -E '.*([0-9]{1,3}[\.]){3}[0-9]{1,3}*'" + only_if { File.exists?("/root/openrc") } + + action :run + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/scheduler.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/scheduler.rb new file mode 100644 index 000000000..22ecee75c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/scheduler.rb @@ -0,0 +1,47 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: scheduler +# Copyright 2013, Craig Tracey +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +directory "/var/lock/nova" do + owner node["openstack"]["compute"]["user"] + group node["openstack"]["compute"]["group"] + mode 00700 + + action :create +end + +platform_options["compute_scheduler_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +service "nova-scheduler" do + service_name platform_options["compute_scheduler_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action [:enable, :start] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/vncproxy.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/vncproxy.rb new file mode 100644 index 000000000..2a1631dc1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/recipes/vncproxy.rb @@ -0,0 +1,56 @@ +# +# Cookbook Name:: openstack-compute +# Recipe:: vncproxy +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-compute::nova-common" + +platform_options = node["openstack"]["compute"]["platform"] + +platform_options["compute_vncproxy_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + + action :upgrade + end +end + +# required for vnc console authentication +platform_options["compute_vncproxy_consoleauth_packages"].each do |pkg| + package pkg do + action :upgrade + end +end + +proxy_service = platform_options["compute_vncproxy_service"] + +service proxy_service do + service_name proxy_service + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action :enable +end + +service "nova-consoleauth" do + service_name platform_options["compute_vncproxy_consoleauth_service"] + supports :status => true, :restart => true + subscribes :restart, resources("template[/etc/nova/nova.conf]") + + action [:enable, :start] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2-redhat_spec.rb new file mode 100644 index 000000000..4e4606c90 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2-redhat_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-compute::api-ec2" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::api-ec2" + end + + it "installs ec2 api packages" do + expect(@chef_run).to upgrade_package "openstack-nova-api" + end + + it "starts ec2 api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-nova-api" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2_spec.rb new file mode 100644 index 000000000..2681ece67 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-ec2_spec.rb @@ -0,0 +1,27 @@ +require_relative "spec_helper" + +describe "openstack-compute::api-ec2" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::api-ec2" + end + + expect_runs_nova_common_recipe + + expect_creates_nova_lock_dir + + expect_installs_python_keystone + + it "installs ec2 api packages" do + expect(@chef_run).to upgrade_package "nova-api-ec2" + end + + it "starts ec2 api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-api-ec2" + end + + expect_creates_api_paste "service[nova-api-ec2]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata-redhat_spec.rb new file mode 100644 index 000000000..b00130a33 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata-redhat_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-compute::api-metadata" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::api-metadata" + end + + it "installs metadata api packages" do + expect(@chef_run).to upgrade_package "openstack-nova-api" + end + + it "starts metadata api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-nova-api" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata_spec.rb new file mode 100644 index 000000000..8b0cc84cf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-metadata_spec.rb @@ -0,0 +1,27 @@ +require_relative "spec_helper" + +describe "openstack-compute::api-metadata" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::api-metadata" + end + + expect_runs_nova_common_recipe + + expect_creates_nova_lock_dir + + expect_installs_python_keystone + + it "installs metadata api packages" do + expect(@chef_run).to upgrade_package "nova-api-metadata" + end + + it "starts metadata api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-api-metadata" + end + + expect_creates_api_paste "service[nova-api-metadata]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute-redhat_spec.rb new file mode 100644 index 000000000..b957c5cf9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute-redhat_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-compute::api-os-compute" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::api-os-compute" + end + + it "installs openstack api packages" do + expect(@chef_run).to upgrade_package "openstack-nova-api" + end + + it "starts openstack api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-nova-api" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute_spec.rb new file mode 100644 index 000000000..d2b828fae --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/api-os-compute_spec.rb @@ -0,0 +1,45 @@ +require_relative "spec_helper" + +describe "openstack-compute::api-os-compute" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::api-os-compute" + end + + expect_runs_nova_common_recipe + + expect_creates_nova_lock_dir + + describe "/var/cache/nova" do + before do + @dir = @chef_run.directory "/var/cache/nova" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "nova", "nova" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end + + expect_installs_python_keystone + + it "installs openstack api packages" do + expect(@chef_run).to upgrade_package "nova-api-os-compute" + end + + it "starts openstack api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-api-os-compute" + end + + it "starts openstack api now" do + expect(@chef_run).to start_service "nova-api-os-compute" + end + + expect_creates_api_paste "service[nova-api-os-compute]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-opensuse_spec.rb new file mode 100644 index 000000000..fa4c1cba4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-opensuse_spec.rb @@ -0,0 +1,16 @@ +require_relative "spec_helper" + +describe "openstack-compute::compute" do + before { compute_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-compute::compute" + end + + it "installs nfs client packages" do + expect(@chef_run).to upgrade_package "nfs-utils" + expect(@chef_run).not_to upgrade_package "nfs-utils-lib" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-redhat_spec.rb new file mode 100644 index 000000000..48b4e91cc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute-redhat_spec.rb @@ -0,0 +1,45 @@ +require_relative "spec_helper" + +describe "openstack-compute::compute" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::compute" + end + + it "does not install kvm when virt_type is 'kvm'" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "kvm" + chef_run.converge "openstack-compute::compute" + expect(chef_run).to_not upgrade_package "nova-compute-kvm" + end + + it "does not install qemu when virt_type is 'qemu'" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "qemu" + chef_run.converge "openstack-compute::compute" + expect(chef_run).to_not upgrade_package "nova-compute-qemu" + end + + it "installs nova compute packages" do + expect(@chef_run).to upgrade_package "openstack-nova-compute" + end + + it "installs nfs client packages" do + expect(@chef_run).to upgrade_package "nfs-utils" + expect(@chef_run).to upgrade_package "nfs-utils-lib" + end + + it "starts nova compute on boot" do + expected = "openstack-nova-compute" + expect(@chef_run).to set_service_to_start_on_boot expected + end + + it "starts nova compute" do + expect(@chef_run).to start_service "openstack-nova-compute" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute_spec.rb new file mode 100644 index 000000000..42d14a614 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/compute_spec.rb @@ -0,0 +1,84 @@ +require_relative "spec_helper" + +describe "openstack-compute::compute" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::compute" + end + + expect_runs_nova_common_recipe + + it "runs api-metadata recipe" do + expect(@chef_run).to include_recipe "openstack-compute::api-metadata" + end + + it "runs network recipe" do + expect(@chef_run).to include_recipe "openstack-compute::network" + end + + it "doesn't run network recipe with openstack-network::server" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.run_list.stub("include?").and_return true + chef_run.converge "openstack-compute::compute" + + expect(chef_run).not_to include_recipe "openstack-compute::network" + end + + it "installs nova compute packages" do + expect(@chef_run).to upgrade_package "nova-compute" + end + + it "installs nfs client packages" do + expect(@chef_run).to upgrade_package "nfs-common" + end + + it "installs kvm when virt_type is 'kvm'" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "kvm" + chef_run.converge "openstack-compute::compute" + + expect(chef_run).to upgrade_package "nova-compute-kvm" + expect(chef_run).not_to upgrade_package "nova-compute-qemu" + end + + it "installs qemu when virt_type is 'qemu'" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "qemu" + chef_run.converge "openstack-compute::compute" + + expect(chef_run).to upgrade_package "nova-compute-qemu" + expect(chef_run).not_to upgrade_package "nova-compute-kvm" + end + + describe "nova-compute.conf" do + before do + @file = @chef_run.cookbook_file "/etc/nova/nova-compute.conf" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + it "starts nova compute on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-compute" + end + + it "starts nova compute" do + expect(@chef_run).to start_service "nova-compute" + end + + it "runs libvirt recipe" do + expect(@chef_run).to include_recipe "openstack-compute::libvirt" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_redhat_spec.rb new file mode 100644 index 000000000..8b2bbe60e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_redhat_spec.rb @@ -0,0 +1,25 @@ +require_relative "spec_helper" + +describe "openstack-compute::conductor" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::conductor" + end + + expect_runs_nova_common_recipe + + it "installs conductor packages" do + expect(@chef_run).to upgrade_package "openstack-nova-conductor" + end + + it "starts nova-conductor on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-nova-conductor" + end + + it "starts nova-conductor" do + expect(@chef_run).to start_service "openstack-nova-conductor" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_spec.rb new file mode 100644 index 000000000..894b7bea2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/conductor_spec.rb @@ -0,0 +1,25 @@ +require_relative "spec_helper" + +describe "openstack-compute::conductor" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::conductor" + end + + expect_runs_nova_common_recipe + + it "installs conductor packages" do + expect(@chef_run).to upgrade_package "nova-conductor" + end + + it "starts nova-conductor on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-conductor" + end + + it "starts nova-conductor" do + expect(@chef_run).to start_service "nova-conductor" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/default_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/default_spec.rb new file mode 100644 index 000000000..dbbacb894 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/default_spec.rb @@ -0,0 +1,4 @@ +require_relative "spec_helper" + +describe "openstack-compute::default" do +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/identity_registration_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/identity_registration_spec.rb new file mode 100644 index 000000000..4666373d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/identity_registration_spec.rb @@ -0,0 +1,124 @@ +require_relative "spec_helper" + +describe "openstack-compute::identity_registration" do + before do + compute_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::identity_registration" + end + + it "registers service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :tenant_description => "Service Tenant", + :action => [:create_tenant] + ) + end + + it "registers service user" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Service User" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :user_name => "nova", + :user_pass => "nova-pass", + :action => [:create_user] + ) + end + + it "grants admin role to service user for service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Grant 'admin' Role to Service User for Service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :user_name => "nova", + :role_name => "admin", + :action => [:grant_role] + ) + end + + it "registers compute service" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Compute Service" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_name => "nova", + :service_type => "compute", + :service_description => "Nova Compute Service", + :action => [:create_service] + ) + end + + it "registers compute endpoint" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Compute Endpoint" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "compute", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "http://127.0.0.1:8774/v2/%(tenant_id)s", + :endpoint_internalurl => "http://127.0.0.1:8774/v2/%(tenant_id)s", + :endpoint_publicurl => "http://127.0.0.1:8774/v2/%(tenant_id)s", + :action => [:create_endpoint] + ) + end + + it "registers ec2 service" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register EC2 Service" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_name => "ec2", + :service_type => "ec2", + :service_description => "EC2 Compatibility Layer", + :action => [:create_service] + ) + end + + it "registers ec2 endpoint" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register EC2 Endpoint" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "ec2", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "http://127.0.0.1:8773/services/Admin", + :endpoint_internalurl => "http://127.0.0.1:8773/services/Cloud", + :endpoint_publicurl => "http://127.0.0.1:8773/services/Cloud", + :action => [:create_endpoint] + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-opensuse_spec.rb new file mode 100644 index 000000000..5b66c1f7a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-opensuse_spec.rb @@ -0,0 +1,96 @@ +require_relative "spec_helper" + +describe "openstack-compute::libvirt" do + before do + compute_stubs + + # This is stubbed b/c systems without '/boot/grub/menul.lst`, + # fail to pass tests. This can be removed if a check verifies + # the files existence prior to File#open. + ::File.stub(:open).and_call_original + end + + describe "suse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-compute::libvirt" + end + + it "installs libvirt packages" do + expect(@chef_run).to install_package "libvirt" + end + + it "starts libvirt" do + expect(@chef_run).to start_service "libvirtd" + end + + it "starts libvirt on boot" do + expect(@chef_run).to set_service_to_start_on_boot "libvirtd" + end + + describe "libvirtd" do + before do + @file = @chef_run.template "/etc/sysconfig/libvirtd" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies libvirt-bin restart" do + expect(@file).to notify "service[libvirt-bin]", :restart + end + end + + it "installs kvm packages" do + expect(@chef_run).to install_package "kvm" + end + + it "installs qemu packages" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |node| + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "qemu" + end + chef_run.converge "openstack-compute::libvirt" + expect(chef_run).to install_package "kvm" + end + + it "installs xen packages" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |node| + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "xen" + end + chef_run.converge "openstack-compute::libvirt" + ["kernel-xen", "xen", "xen-tools"].each do |pkg| + expect(chef_run).to install_package pkg + end + end + + describe "lxc" do + before do + @chef_run_lxc = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |node| + node.set["openstack"]["compute"]["libvirt"]["virt_type"] = "lxc" + end + @chef_run_lxc.converge "openstack-compute::libvirt" + end + + it "installs packages" do + expect(@chef_run_lxc).to install_package "lxc" + end + + it "starts boot.cgroupslxc" do + expect(@chef_run_lxc).to start_service "boot.cgroup" + end + + it "starts boot.cgroups on boot" do + expect(@chef_run_lxc).to set_service_to_start_on_boot "boot.cgroup" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-redhat_spec.rb new file mode 100644 index 000000000..47fa8e7c0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt-redhat_spec.rb @@ -0,0 +1,60 @@ +require_relative "spec_helper" + +describe "openstack-compute::libvirt" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::libvirt" + end + + it "installs libvirt packages" do + expect(@chef_run).to install_package "libvirt" + end + + it "creates libvirtd group and adds nova as a member" do + expect(@chef_run).to create_group "libvirtd" + libvirt_group = @chef_run.group("libvirtd") + libvirt_group.members.should == ["nova"] + end + + it "symlinks qemu-kvm" do + link = @chef_run.link "/usr/bin/qemu-system-x86_64" + expect(link).to link_to "/usr/libexec/qemu-kvm" + end + + it "starts libvirt" do + expect(@chef_run).to start_service "libvirtd" + end + + it "starts libvirt on boot" do + expect(@chef_run).to set_service_to_start_on_boot "libvirtd" + end + + it "does not create /etc/default/libvirt-bin" do + pending "TODO: how to test this" + end + + describe "libvirtd" do + before do + @file = @chef_run.template "/etc/sysconfig/libvirtd" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies libvirt-bin restart" do + expect(@file).to notify "service[libvirt-bin]", :restart + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt_spec.rb new file mode 100644 index 000000000..90d66a2b2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/libvirt_spec.rb @@ -0,0 +1,97 @@ +require_relative "spec_helper" + +describe "openstack-compute::libvirt" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::libvirt" + end + + it "installs libvirt packages" do + expect(@chef_run).to install_package "libvirt-bin" + end + + it "does not create libvirtd group and add to nova" do + pending "TODO: how to test this" + end + + it "does not symlink qemu-kvm" do + pending "TODO: how to test this" + end + + it "starts dbus" do + expect(@chef_run).to start_service "dbus" + end + + it "starts dbus on boot" do + expect(@chef_run).to set_service_to_start_on_boot "dbus" + end + + it "starts libvirt" do + expect(@chef_run).to start_service "libvirt-bin" + end + + it "starts libvirt on boot" do + expect(@chef_run).to set_service_to_start_on_boot "libvirt-bin" + end + + it "disables default libvirt network" do + cmd = "virsh net-autostart default --disable" + expect(@chef_run).to execute_command cmd + end + + it "deletes default libvirt network" do + cmd = "virsh net-destroy default" + expect(@chef_run).to execute_command cmd + end + + describe "libvirtd.conf" do + before do + @file = @chef_run.template "/etc/libvirt/libvirtd.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies libvirt-bin restart" do + expect(@file).to notify "service[libvirt-bin]", :restart + end + end + + describe "libvirt-bin" do + before do + @file = @chef_run.template "/etc/default/libvirt-bin" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies libvirt-bin restart" do + expect(@file).to notify "service[libvirt-bin]", :restart + end + end + + it "does not create /etc/sysconfig/libvirtd" do + pending "TODO: how to test this" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network-redhat_spec.rb new file mode 100644 index 000000000..599aae851 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network-redhat_spec.rb @@ -0,0 +1,21 @@ +require_relative "spec_helper" + +describe "openstack-compute::network" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::network" + end + + it "installs nova network packages" do + expect(@chef_run).to upgrade_package "iptables" + expect(@chef_run).to upgrade_package "openstack-nova-network" + end + + it "starts nova network on boot" do + expected = "openstack-nova-network" + expect(@chef_run).to set_service_to_start_on_boot expected + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network_spec.rb new file mode 100644 index 000000000..20066f5da --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/network_spec.rb @@ -0,0 +1,34 @@ +require_relative "spec_helper" + +describe "openstack-compute::network" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set["openstack"]["compute"]["network"]["service_type"] = "nova" + @chef_run.converge "openstack-compute::network" + end + + expect_runs_nova_common_recipe + + it "installs nova network packages" do + expect(@chef_run).to upgrade_package "iptables" + expect(@chef_run).to upgrade_package "nova-network" + end + + it "starts nova network on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-network" + end + + it "includes openstack-network recipes for quantum when service type is quantum" do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set["openstack"]["compute"]["network"]["service_type"] = "quantum" + @chef_run.converge "openstack-compute::network" + expect(@chef_run).to include_recipe "openstack-network::openvswitch" + expect(@chef_run).to include_recipe "openstack-network::dhcp_agent" + end + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert-redhat_spec.rb new file mode 100644 index 000000000..becd699e9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert-redhat_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-compute::nova-cert" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::nova-cert" + end + + it "installs nova cert packages" do + expect(@chef_run).to upgrade_package "openstack-nova-cert" + end + + it "starts nova cert on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-nova-cert" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert_spec.rb new file mode 100644 index 000000000..8dc8458ac --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-cert_spec.rb @@ -0,0 +1,21 @@ +require_relative "spec_helper" + +describe "openstack-compute::nova-cert" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::nova-cert" + end + + expect_runs_nova_common_recipe + + it "installs nova cert packages" do + expect(@chef_run).to upgrade_package "nova-cert" + end + + it "starts nova cert on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-cert" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common-redhat_spec.rb new file mode 100644 index 000000000..1cb0ad7b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common-redhat_spec.rb @@ -0,0 +1,42 @@ +require_relative "spec_helper" + +describe "openstack-compute::nova-common" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::nova-common" + end + + it "runs epel recipe" do + expect(@chef_run).to include_recipe "yum::epel" + end + + it "installs nova common packages" do + expect(@chef_run).to upgrade_package "openstack-nova-common" + end + + it "installs memcache python packages" do + expect(@chef_run).to install_package "python-memcached" + end + + describe "nova.conf" do + before do + @file = @chef_run.template "/etc/nova/nova.conf" + # README(shep) need this to evaluate nova.conf.erb template + @chef_run.node.set['cpu'] = Hash.new() + @chef_run.node.set.cpu.total = "2" + end + + it "has correct force_dhcp_release value" do + expect(@chef_run).to create_file_with_content "/etc/nova/nova.conf", + "force_dhcp_release=false" + end + + it "has ec2_private_dns_show_ip enabled" do + expect(@chef_run).to create_file_with_content "/etc/nova/nova.conf", + "ec2_private_dns_show_ip=True" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common_spec.rb new file mode 100644 index 000000000..8b1120801 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-common_spec.rb @@ -0,0 +1,341 @@ +require_relative "spec_helper" + +describe "openstack-compute::nova-common" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["openstack"]["mq"] = { + "host" => "127.0.0.1" + } + n.set["openstack"]["compute"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-compute::nova-common" + end + + it "doesn't run epel recipe" do + expect(@chef_run).to_not include_recipe 'yum::epel' + end + + it "runs logging recipe if node attributes say to" do + expect(@chef_run).to include_recipe "openstack-common::logging" + end + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-compute::nova-common" + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + it "can converge with quantum service type" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["network"]["service_type"] = "quantum" + chef_run.converge "openstack-compute::nova-common" + end + + it "installs nova common packages" do + expect(@chef_run).to upgrade_package "nova-common" + end + + it "installs memcache python packages" do + expect(@chef_run).to install_package "python-memcache" + end + + describe "/etc/nova" do + before do + @dir = @chef_run.directory "/etc/nova" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "nova", "nova" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end + + describe "/etc/nova/rootwrap.d" do + before do + @dir = @chef_run.directory "/etc/nova/rootwrap.d" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end + + describe "nova.conf" do + before do + @file = @chef_run.template "/etc/nova/nova.conf" + # README(shep) need this to evaluate nova.conf.erb template + @chef_run.node.set['cpu'] = Hash.new() + @chef_run.node.set.cpu.total = "2" + end + + it "has proper owner" do + expect(@file).to be_owned_by "nova", "nova" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has rabbit_user" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_userid=guest" + end + + it "has rabbit_password" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_password=rabbit-pass" + end + + it "has rabbit_virtual_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_virtual_host=/" + end + + it "has rabbit_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_host=127.0.0.1" + end + + it "does not have rabbit_hosts" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_hosts=" + end + + it "does not have rabbit_ha_queues" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_ha_queues=" + end + + it "has rabbit_port" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_port=5672" + end + + describe "rabbit ha" do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["openstack"]["compute"]["rabbit"]["ha"] = true + n.set["cpu"] = { + "total" => "2" + } + end + @chef_run.converge "openstack-compute::nova-common" + end + + it "has rabbit_hosts" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_hosts=1.1.1.1:5672,2.2.2.2:5672" + end + + it "has rabbit_ha_queues" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_ha_queues=True" + end + + it "does not have rabbit_host" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_host=127.0.0.1" + end + + it "does not have rabbit_port" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_port=5672" + end + end + + it "has vncserver_listen" do + expect(@chef_run).to create_file_with_content @file.name, + "vncserver_listen=127.0.1.1" + end + + it "has vncserver_proxyclient_address" do + expect(@chef_run).to create_file_with_content @file.name, + "vncserver_proxyclient_address=127.0.1.1" + end + + it "has xvpvncproxy_host" do + expect(@chef_run).to create_file_with_content @file.name, + "xvpvncproxy_host=127.0.1.1" + end + + it "has novncproxy_host" do + expect(@chef_run).to create_file_with_content @file.name, + "novncproxy_host=127.0.1.1" + end + + it "has correct force_dhcp_release value" do + expect(@chef_run).to create_file_with_content @file.name, + "force_dhcp_release=true" + end + + it "has virtio enabled" do + expect(@chef_run).to create_file_with_content @file.name, + "libvirt_use_virtio_for_bridges=true" + end + + it "does not have ec2_private_dns_show_ip option" do + expect(@chef_run).to_not create_file_with_content @file.name, + "ec2_private_dns_show_ip" + end + end + + +# describe "identity role local node" do +# before do +# @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| +# n.set["openstack"]["identity"]["admin_tenant_name"] = "admin-tenant" +# n.set["openstack"]["identity"]["admin_user"] = "admin-user" +# end +# @chef_run.converge 'role[os-identity]', "openstack-compute::nova-common" +# end +# it "has keystone_hash" do +# expect(@chef_run).to log 'openstack-compute::nova-common:keystone|node[???]' +# end +# it "has ksadmin_user" do +# expect(@chef_run).to log 'openstack-compute::nova-common:ksadmin_user|admin-user' +# end +# it "has ksadmin_tenant_name" do +# expect(@chef_run).to log 'openstack-compute::nova-common:ksadmin_tenant_name|admin-tenant' +# end +# end + + +# describe "identity role search" do +# before do +# @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| +# n.set["openstack"]["compute"]["identity_service_chef_role"] = "os-identity" +# end +# @chef_run.converge "openstack-compute::nova-common" +# end +# it "has keystone_hash" do +# expect(@chef_run).to log 'openstack-compute::nova-common:keystone|node[???]' +# end +# it "has ksadmin_user" do +# expect(@chef_run).to log 'openstack-compute::nova-common:ksadmin_user|admin-user' +# end +# it "has ksadmin_tenant_name" do +# expect(@chef_run).to log 'openstack-compute::nova-common:ksadmin_tenant_name|admin-tenant' +# end +# end + + describe "rootwrap.conf" do + before do + @file = @chef_run.template "/etc/nova/rootwrap.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + describe "api-metadata.filters" do + before do + @file = @chef_run.template "/etc/nova/rootwrap.d/api-metadata.filters" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + describe "compute.filters" do + before do + @file = @chef_run.template "/etc/nova/rootwrap.d/compute.filters" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + describe "network.filters" do + before do + @file = @chef_run.template "/etc/nova/rootwrap.d/network.filters" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + describe "openrc" do + before do + @file = @chef_run.template "/root/openrc" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "contains ksadmin_user" do + expect(@chef_run).to create_file_with_content @file.name, + "export OS_USERNAME=admin-user" + end + + it "contains ksadmin_tenant_name" do + expect(@chef_run).to create_file_with_content @file.name, + "export OS_TENANT_NAME=admin-tenant" + end + + it "contains ksadmin_pass" do + expect(@chef_run).to create_file_with_content @file.name, + "export OS_PASSWORD=admin-pass" + end + + it "rest of template contents" do + pending "TODO: implement" + end + end + + it "enables nova login" do + cmd = "usermod -s /bin/sh nova" + expect(@chef_run).to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-setup_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-setup_spec.rb new file mode 100644 index 000000000..01c88a1c7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/nova-setup_spec.rb @@ -0,0 +1,71 @@ +require_relative "spec_helper" + +describe "openstack-compute::nova-setup" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::nova-setup" + end + + expect_runs_nova_common_recipe + + it "runs db migrations" do + cmd = "nova-manage db sync" + expect(@chef_run).to execute_command cmd + end + + it "adds nova network ipv4 addresses" do + cmd = ["nova-manage network create --label=public", + "--fixed_range_v4=192.168.100.0/24", + "--multi_host='T'", + "--num_networks=1", + "--network_size=255", + "--bridge=br100", + "--bridge_interface=eth2", + "--dns1=8.8.8.8", + "--dns2=8.8.4.4"].join(' ') + expect(@chef_run).to execute_command cmd + end + + it "add_floaters.py has proper modes" do + file = @chef_run.cookbook_file "/usr/local/bin/add_floaters.py" + expect(sprintf("%o", file.mode)).to eq "755" + end + + it "adds cidr range of floating ipv4 addresses" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["network"]["floating"]["ipv4_cidr"] = "10.10.10.0/24" + chef_run.converge "openstack-compute::nova-setup" + + cmd = "/usr/local/bin/add_floaters.py nova --cidr=10.10.10.0/24" + expect(chef_run).to execute_command cmd + end + + it "adds range of floating ipv4 addresses" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["network"] = { + "floating" => { + "ipv4_range" => "10.10.10.1,10.10.10.5" + } + } + chef_run.converge "openstack-compute::nova-setup" + + cmd = "/usr/local/bin/add_floaters.py nova --ip-range=10.10.10.1,10.10.10.5" + expect(chef_run).to execute_command cmd + end + + it "adds cidr range of floating ipv4 addresses to neutron" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["compute"]["network"]["service_type"] = "neutron" + node.set["openstack"]["compute"]["network"]["floating"]["ipv4_cidr"] = "10.10.10.0/24" + node.set["openstack"]["compute"]["network"]["floating"]["public_network_name"] = "public" + chef_run.converge "openstack-compute::nova-setup" + cmd = ". /root/openrc && /usr/local/bin/add_floaters.py neutron --cidr=10.10.10.0/24 --pool=public" + expect(chef_run).to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler-redhat_spec.rb new file mode 100644 index 000000000..a66ec0144 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler-redhat_spec.rb @@ -0,0 +1,24 @@ +require_relative "spec_helper" + +describe "openstack-compute::scheduler" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::scheduler" + end + + it "installs nova scheduler packages" do + expect(@chef_run).to upgrade_package "openstack-nova-scheduler" + end + + it "starts nova scheduler" do + expect(@chef_run).to start_service "openstack-nova-scheduler" + end + + it "starts nova scheduler on boot" do + expected = "openstack-nova-scheduler" + expect(@chef_run).to set_service_to_start_on_boot expected + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler_spec.rb new file mode 100644 index 000000000..bd1b79c9c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/scheduler_spec.rb @@ -0,0 +1,27 @@ +require_relative "spec_helper" + +describe "openstack-compute::scheduler" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::scheduler" + end + + expect_runs_nova_common_recipe + + expect_creates_nova_lock_dir + + it "installs nova scheduler packages" do + expect(@chef_run).to upgrade_package "nova-scheduler" + end + + it "starts nova scheduler" do + expect(@chef_run).to start_service "nova-scheduler" + end + + it "starts nova scheduler on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-scheduler" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/spec_helper.rb new file mode 100644 index 000000000..e75a2aa54 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/spec_helper.rb @@ -0,0 +1,111 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def compute_stubs + ::Chef::Recipe.any_instance.stub(:rabbit_servers). + and_return "1.1.1.1:5672,2.2.2.2:5672" + ::Chef::Recipe.any_instance.stub(:address_for). + with("lo"). + and_return "127.0.1.1" + ::Chef::Recipe.any_instance.stub(:search_for). + with("os-identity").and_return( + [{ + 'openstack' => { + 'identity' => { + 'admin_tenant_name' => 'admin-tenant', + 'admin_user' => 'admin-user' + } + } + }] + ) + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "openstack_identity_bootstrap_token"). + and_return "bootstrap-token" + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "quantum_metadata_secret"). + and_return "metadata-secret" + ::Chef::Recipe.any_instance.stub(:db_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password). + with("guest"). + and_return "rabbit-pass" + ::Chef::Recipe.any_instance.stub(:user_password). + with("admin-user"). + and_return "admin-pass" + ::Chef::Recipe.any_instance.stub(:service_password).with("openstack-compute"). + and_return "nova-pass" + ::Chef::Recipe.any_instance.stub(:service_password).with("openstack-network"). + and_return "quantum-pass" + ::Chef::Recipe.any_instance.stub(:memcached_servers).and_return [] + ::Chef::Recipe.any_instance.stub(:system). + with("grub2-set-default 'openSUSE GNU/Linux, with Xen hypervisor'"). + and_return true +end + +def expect_runs_nova_common_recipe + it "installs nova-common" do + expect(@chef_run).to include_recipe "openstack-compute::nova-common" + end +end + +def expect_installs_python_keystone + it "installs python-keystone" do + expect(@chef_run).to upgrade_package "python-keystone" + end +end + +def expect_creates_nova_lock_dir + describe "/var/lock/nova" do + before do + @dir = @chef_run.directory "/var/lock/nova" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "nova", "nova" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end +end + +def expect_creates_api_paste service, action=:restart + describe "api-paste.ini" do + before do + @file = @chef_run.template "/etc/nova/api-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "nova", "nova" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies nova-api-ec2 restart" do + expect(@file).to notify service, action + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy-redhat_spec.rb new file mode 100644 index 000000000..dcffe4212 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy-redhat_spec.rb @@ -0,0 +1,25 @@ +require_relative "spec_helper" + +describe "openstack-compute::vncproxy" do + before { compute_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-compute::vncproxy" + end + + it "starts nova vncproxy on boot" do + expected = "openstack-nova-novncproxy" + expect(@chef_run).to set_service_to_start_on_boot expected + end + + it "starts nova consoleauth" do + expect(@chef_run).to start_service "openstack-nova-console" + end + + it "starts nova consoleauth on boot" do + expected = "openstack-nova-console" + expect(@chef_run).to set_service_to_start_on_boot expected + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy_spec.rb new file mode 100644 index 000000000..c800b463a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/spec/vncproxy_spec.rb @@ -0,0 +1,35 @@ +require_relative "spec_helper" + +describe "openstack-compute::vncproxy" do + before { compute_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-compute::vncproxy" + end + + expect_runs_nova_common_recipe + + it "installs vncproxy packages" do + expect(@chef_run).to upgrade_package "novnc" + expect(@chef_run).to upgrade_package "websockify" + expect(@chef_run).to upgrade_package "nova-novncproxy" + end + + it "installs consoleauth packages" do + expect(@chef_run).to upgrade_package "nova-consoleauth" + end + + it "starts nova vncproxy on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-novncproxy" + end + + it "starts nova consoleauth" do + expect(@chef_run).to start_service "nova-consoleauth" + end + + it "starts nova consoleauth on boot" do + expect(@chef_run).to set_service_to_start_on_boot "nova-consoleauth" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/api-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/api-paste.ini.erb new file mode 100644 index 000000000..d510c9ffb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/api-paste.ini.erb @@ -0,0 +1,113 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +############ +# Metadata # +############ +[composite:metadata] +use = egg:Paste#urlmap +/: meta + +[pipeline:meta] +pipeline = ec2faultwrap logrequest metaapp + +[app:metaapp] +paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory + +####### +# EC2 # +####### + +[composite:ec2] +use = egg:Paste#urlmap +/services/Cloud: ec2cloud + +[composite:ec2cloud] +use = call:nova.api.auth:pipeline_factory +noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor +keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor + +[filter:ec2faultwrap] +paste.filter_factory = nova.api.ec2:FaultWrapper.factory + +[filter:logrequest] +paste.filter_factory = nova.api.ec2:RequestLogging.factory + +[filter:ec2lockout] +paste.filter_factory = nova.api.ec2:Lockout.factory + +[filter:ec2keystoneauth] +paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory + +[filter:ec2noauth] +paste.filter_factory = nova.api.ec2:NoAuth.factory + +[filter:cloudrequest] +controller = nova.api.ec2.cloud.CloudController +paste.filter_factory = nova.api.ec2:Requestify.factory + +[filter:authorizer] +paste.filter_factory = nova.api.ec2:Authorizer.factory + +[filter:validator] +paste.filter_factory = nova.api.ec2:Validator.factory + +[app:ec2executor] +paste.app_factory = nova.api.ec2:Executor.factory + +############# +# Openstack # +############# + +[composite:osapi_compute] +use = call:nova.api.openstack.urlmap:urlmap_factory +/: oscomputeversions +/v1.1: openstack_compute_api_v2 +/v2: openstack_compute_api_v2 + +[composite:openstack_compute_api_v2] +use = call:nova.api.auth:pipeline_factory +noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 +keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 + +[filter:faultwrap] +paste.filter_factory = nova.api.openstack:FaultWrapper.factory + +[filter:noauth] +paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory + +[filter:ratelimit] +paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory +limits = +<%= node["openstack"]["compute"]["ratelimit"]["settings"].values.inject([]) { |output,v| output << " ( #{v['verb']}, #{v['uri']}, #{v['regex']}, #{v['limit']}, #{v['interval']} )" }.join(";\n") %> + +[filter:sizelimit] +paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory + +[app:osapi_compute_app_v2] +paste.app_factory = nova.api.openstack.compute:APIRouter.factory + +[pipeline:oscomputeversions] +pipeline = faultwrap oscomputeversionapp + +[app:oscomputeversionapp] +paste.app_factory = nova.api.openstack.compute.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +auth_uri = <%= @auth_uri %> +auth_host = <%= @identity_admin_endpoint.host %> +auth_port = <%= @identity_admin_endpoint.port %> +auth_protocol = <%= @identity_admin_endpoint.scheme %> +auth_version = <%= node["openstack"]["compute"]["api"]["auth"]["version"] %> +admin_tenant_name = <%= node["openstack"]["compute"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["compute"]["service_user"] %> +admin_password = <%= @service_pass %> +signing_dir = <%= node["openstack"]["compute"]["api"]["auth"]["cache_dir"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/collectd-plugin-mysql.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/collectd-plugin-mysql.conf.erb new file mode 100644 index 000000000..ec87b073b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/collectd-plugin-mysql.conf.erb @@ -0,0 +1,18 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +LoadPlugin "<%= @name %>" +<% if not @options.empty? %> +"> + <% @options[:databases].each_pair do |db, vars| %> + "> + <% vars.each_pair do |key, value| + if value.is_a? Array + value.each do |subvalue| %> + <%= collectd_key(key) %> <%= collectd_option(subvalue) %> + <% end else %> + <%= collectd_key(key) %> <%= collectd_option(value) %> + <% end end %> + + <% end %> + +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirt-bin.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirt-bin.erb new file mode 100644 index 000000000..e9a6848cf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirt-bin.erb @@ -0,0 +1,13 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin) +# This is a POSIX shell fragment + +# Start libvirtd to handle qemu/kvm: +start_libvirtd="yes" + +# options passed to libvirtd, add "-l" to listen on tcp +libvirtd_opts="-d -l" + +# pass in location of kerberos keytab +#export KRB5_KTNAME=/etc/libvirt/libvirt.keytab diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.conf.erb new file mode 100644 index 000000000..ca82e4a35 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.conf.erb @@ -0,0 +1,395 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# Master libvirt daemon configuration file +# +# For further information consult http://libvirt.org/format.html +# +# NOTE: the tests/daemon-conf regression test script requires +# that each "PARAMETER = VALUE" line in this file have the parameter +# name just after a leading "#". + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# Using the TCP socket requires SASL authentication by default. Only +# SASL mechanisms which support data encryption are allowed. This is +# DIGEST_MD5 and GSSAPI (Kerberos5) +# +# This is disabled by default, uncomment this to enable it. +listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +#tls_port = "16514" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +#tcp_port = "16509" + + +# Override the default configuration which binds to all network +# interfaces. This can be a numeric IPv4/6 address, or hostname +# +#listen_addr = "192.168.0.1" + + +# Flag toggling mDNS advertizement of the libvirt service. +# +# Alternatively can disable for all services on a host by +# stopping the Avahi daemon +# +# This is enabled by default, uncomment this to disable it +#mdns_adv = 0 + +# Override the default mDNS advertizement name. This must be +# unique on the immediate broadcast network. +# +# The default is "Virtualization Host HOSTNAME", where HOSTNAME +# is subsituted for the short hostname of the machine (without domain) +# +#mdns_name = "Virtualization Host Joe Demo" + + +################################################################# +# +# UNIX socket access controls +# + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This is restricted to 'root' by default. +unix_sock_group = "<%= @libvirt_group %>" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# Default allows any user. If setting group ownership may want to +# restrict this to: +#unix_sock_ro_perms = "0777" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# Default allows only root. If PolicyKit is enabled on the socket, +# the default will change to allow everyone (eg, 0777) +# +# If not using PolicyKit and setting group ownership for access +# control then you may want to relax this to: +unix_sock_rw_perms = "0770" + +# Set the name of the directory in which sockets will be found/created. +#unix_sock_dir = "/var/run/libvirt" + +################################################################# +# +# Authentication. +# +# - none: do not perform auth checks. If you can connect to the +# socket you are allowed. This is suitable if there are +# restrictions on connecting to the socket (eg, UNIX +# socket permissions), or if there is a lower layer in +# the network providing auth (eg, TLS/x509 certificates) +# +# - sasl: use SASL infrastructure. The actual auth scheme is then +# controlled from /etc/sasl2/libvirt.conf. For the TCP +# socket only GSSAPI & DIGEST-MD5 mechanisms will be used. +# For non-TCP or TLS sockets, any scheme is allowed. +# +# - polkit: use PolicyKit to authenticate. This is only suitable +# for use on the UNIX sockets. The default policy will +# require a user to supply their own password to gain +# full read/write access (aka sudo like), while anyone +# is allowed read/only access. +# +# Set an authentication scheme for UNIX read-only sockets +# By default socket permissions allow anyone to connect +# +# To restrict monitoring of domains you may wish to enable +# an authentication mechanism here +auth_unix_ro = "none" + +# Set an authentication scheme for UNIX read-write sockets +# By default socket permissions only allow root. If PolicyKit +# support was compiled into libvirt, the default will be to +# use 'polkit' auth. +# +# If the unix_sock_rw_perms are changed you may wish to enable +# an authentication mechanism here +auth_unix_rw = "none" + +# Change the authentication scheme for TCP sockets. +# +# If you don't enable SASL, then all TCP traffic is cleartext. +# Don't do this outside of a dev/test scenario. For real world +# use, always enable SASL and use the GSSAPI or DIGEST-MD5 +# mechanism in /etc/sasl2/libvirt.conf +auth_tcp = "<%= @auth_tcp %>" + +# Change the authentication scheme for TLS sockets. +# +# TLS sockets already have encryption provided by the TLS +# layer, and limited authentication is done by certificates +# +# It is possible to make use of any SASL authentication +# mechanism as well, by using 'sasl' for this option +#auth_tls = "none" + + + +################################################################# +# +# TLS x509 certificate configuration +# + + +# Override the default server key file path +# +#key_file = "/etc/pki/libvirt/private/serverkey.pem" + +# Override the default server certificate file path +# +#cert_file = "/etc/pki/libvirt/servercert.pem" + +# Override the default CA certificate path +# +#ca_file = "/etc/pki/CA/cacert.pem" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +#crl_file = "/etc/pki/CA/crl.pem" + + + +################################################################# +# +# Authorization controls +# + + +# Flag to disable verification of our own server certificates +# +# When libvirtd starts it performs some sanity checks against +# its own certificates. +# +# Default is to always run sanity checks. Uncommenting this +# will disable sanity checks which is not a good idea +#tls_no_sanity_certificate = 1 + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification - make sure an IP whitelist is set +#tls_no_verify_certificate = 1 + + +# A whitelist of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# "C=GB,ST=London,L=London,O=Red Hat,CN=*" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked +#tls_allowed_dn_list = ["DN1", "DN2"] + + +# A whitelist of allowed SASL usernames. The format for usernames +# depends on the SASL authentication mechanism. Kerberos usernames +# look like username@REALM +# +# This list may contain wildcards such as +# +# "*@EXAMPLE.COM" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no Username's are checked +#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] + + + +################################################################# +# +# Processing controls +# + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +#max_clients = 20 + + +# The minimum limit sets the number of workers to start up +# initially. If the number of active clients exceeds this, +# then more threads are spawned, upto max_workers limit. +# Typically you'd want max_workers to equal maximum number +# of clients allowed +#min_workers = 5 +#max_workers = 20 + + +# The number of priority workers. If all workers from above +# pool will stuck, some calls marked as high priority +# (notably domainDestroy) can be executed in this pool. +#prio_workers = 5 + +# Total global limit on concurrent RPC calls. Should be +# at least as large as max_workers. Beyond this, RPC requests +# will be read into memory and queued. This directly impact +# memory usage, currently each request requires 256 KB of +# memory. So by default upto 5 MB of memory is used +# +# XXX this isn't actually enforced yet, only the per-client +# limit is used so far +#max_requests = 20 + +# Limit on concurrent requests from a single client +# connection. To avoid one client monopolizing the server +# this should be a small fraction of the global max_requests +# and max_workers parameter +#max_client_requests = 5 + +################################################################# +# +# Logging controls +# + +# Logging level: 4 errors, 3 warnings, 2 information, 1 debug +# basically 1 will log everything possible +#log_level = 3 + +# Logging filters: +# A filter allows to select a different logging level for a given category +# of logs +# The format for a filter is: +# x:name +# where name is a match string e.g. remote or qemu +# the x prefix is the minimal level where matching messages should be logged +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple filter can be defined in a single @filters, they just need to be +# separated by spaces. +# +# e.g: +# log_filters="3:remote 4:event" +# to only get warning or errors from the remote layer and only errors from +# the event layer. + +# Logging outputs: +# An output is one of the places to save logging information +# The format for an output can be: +# x:stderr +# output goes to stderr +# x:syslog:name +# use syslog for the output and use the given name as the ident +# x:file:file_path +# output to a file, with the given filepath +# In all case the x prefix is the minimal level, acting as a filter +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple output can be defined, they just need to be separated by spaces. +# e.g.: +# log_outputs="3:syslog:libvirtd" +# to log all warnings and errors to syslog under the libvirtd ident + +# Log debug buffer size: default 64 +# The daemon keeps an internal debug log buffer which will be dumped in case +# of crash or upon receiving a SIGUSR2 signal. This setting allows to override +# the default buffer size in kilobytes. +# If value is 0 or less the debug log buffer is deactivated +#log_buffer_size = 64 + + +################################################################## +# +# Auditing +# +# This setting allows usage of the auditing subsystem to be altered: +# +# audit_level == 0 -> disable all auditing +# audit_level == 1 -> enable auditing, only if enabled on host (default) +# audit_level == 2 -> enable auditing, and exit if disabled on host +# +#audit_level = 2 +# +# If set to 1, then audit messages will also be sent +# via libvirt logging infrastructure. Defaults to 0 +# +#audit_logging = 1 + +################################################################### +# UUID of the host: +# Provide the UUID of the host here in case the command +# 'dmidecode -s system-uuid' does not provide a valid uuid. In case +# 'dmidecode' does not provide a valid UUID and none is provided here, a +# temporary UUID will be generated. +# Keep the format of the example UUID below. UUID must not have all digits +# be the same. + +# NB This default all-zeros UUID will not work. Replace +# it with the output of the 'uuidgen' command and then +# uncomment this entry +#host_uuid = "00000000-0000-0000-0000-000000000000" + +################################################################### +# Keepalive protocol: +# This allows libvirtd to detect broken client connections or even +# dead client. A keepalive message is sent to a client after +# keepalive_interval seconds of inactivity to check if the client is +# still responding; keepalive_count is a maximum number of keepalive +# messages that are allowed to be sent to the client without getting +# any response before the connection is considered broken. In other +# words, the connection is automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the client. If keepalive_interval is set to +# -1, libvirtd will never send keepalive requests; however clients +# can still send them and the deamon will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 +# +# If set to 1, libvirtd will refuse to talk to clients that do not +# support keepalive protocol. Defaults to 0. +# +#keepalive_required = 1 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.erb new file mode 100644 index 000000000..caa2351b3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/libvirtd.erb @@ -0,0 +1,26 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# Override the default config file +# NOTE: This setting is no longer honoured if using +# systemd. Set '--config /etc/libvirt/libvirtd.conf' +# in LIBVIRTD_ARGS instead. +#LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf + +# Listen for TCP/IP connections +# NB. must setup TLS/SSL keys prior to using this +LIBVIRTD_ARGS="--listen" + +# Override Kerberos service keytab for SASL/GSSAPI +#KRB5_KTNAME=/etc/libvirt/krb5.tab + +# Override the QEMU/SDL default audio driver probing when +# starting virtual machines using SDL graphics +# +# NB these have no effect for VMs using VNC, unless vnc_allow_host_audio +# is enabled in /etc/libvirt/qemu.conf +#QEMU_AUDIO_DRV=sdl +# +#SDL_AUDIODRIVER=pulse + +# Override the maximum number of opened files +#LIBVIRTD_NOFILES_LIMIT=2048 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/nova.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/nova.conf.erb new file mode 100644 index 000000000..f6c8d4ec4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/nova.conf.erb @@ -0,0 +1,238 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +[DEFAULT] + +# LOGS/STATE +debug=<%= node["openstack"]["compute"]["debug"] %> +verbose=<%= node["openstack"]["compute"]["verbose"] %> +auth_strategy=<%= node["openstack"]["compute"]["api"]["auth_strategy"] %> +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +<% if node["openstack"]["compute"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% end %> +state_path=/var/lib/nova +lock_path=/var/lock/nova + +##### RABBITMQ ##### +rabbit_userid=<%= node["openstack"]["compute"]["rabbit"]["username"] %> +rabbit_password=<%= @rabbit_password %> +rabbit_virtual_host=<%= node["openstack"]["compute"]["rabbit"]["vhost"] %> +<% if node["openstack"]["compute"]["rabbit"]["ha"] -%> +rabbit_hosts=<%= @rabbit_hosts %> +rabbit_ha_queues=True +<% else -%> +rabbit_host=<%= node["openstack"]["compute"]["rabbit"]["host"] %> +rabbit_port=<%= node["openstack"]["compute"]["rabbit"]["port"] %> +<% end -%> + +##### SCHEDULER ##### +# scheduler_manager=nova.scheduler.manager.SchedulerManager +compute_scheduler_driver=<%= node["openstack"]["compute"]["scheduler"]["scheduler_driver"] %> +scheduler_available_filters=nova.scheduler.filters.all_filters +# which filter class names to use for filtering hosts when not specified in the request. +scheduler_default_filters=<%= @scheduler_default_filters %> +default_availability_zone=<%= node["openstack"]["compute"]["config"]["availability_zone"] %> +default_schedule_zone=<%= node["openstack"]["compute"]["config"]["default_schedule_zone"] %> +storage_availability_zone=<%= node["openstack"]["compute"]["config"]["storage_availability_zone"] %> + +##### NETWORK ##### + + +<% case node["openstack"]["compute"]["network"]["service_type"] + +when "quantum" -%> + +# N.B. due to https://bugs.launchpad.net/nova/+bug/1206330 +# we override the endpoint scheme below, ignore the port +# and essentially force http +<% if @network_endpoint.port == 443 -%> +quantum_url=http://<%= @network_endpoint.host %>:80 +<% else -%> +quantum_url=http://<%= @network_endpoint.host %>:<%= @network_endpoint.port %> +<% end -%> +network_api_class=<%= node["openstack"]["compute"]["network"]["quantum"]["network_api_class"] %> +quantum_auth_strategy=<%= node["openstack"]["compute"]["network"]["quantum"]["auth_strategy"] %> +quantum_admin_tenant_name=<%= node["openstack"]["compute"]["network"]["quantum"]["admin_tenant_name"] %> +quantum_admin_username=<%= node["openstack"]["compute"]["network"]["quantum"]["admin_username"] %> +quantum_admin_password=<%= @quantum_admin_password %> +quantum_admin_auth_url=<%= @identity_endpoint.to_s %> +libvirt_vif_driver=<%= node["openstack"]["compute"]["network"]["quantum"]["libvirt_vif_driver"] %> +linuxnet_interface_driver=<%= node["openstack"]["compute"]["network"]["quantum"]["linuxnet_interface_driver"] %> +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api=<%= node["openstack"]["compute"]["network"]["quantum"]["security_group_api"] %> +service_quantum_metadata_proxy=<%= node["openstack"]["compute"]["network"]["quantum"]["service_quantum_metadata_proxy"] %> +quantum_metadata_proxy_shared_secret=<%= @quantum_metadata_proxy_shared_secret %> +default_floating_pool=<%= node["openstack"]["compute"]["network"]["quantum"]["public_network_name"] %> +dns_server=<%= node["openstack"]["compute"]["network"]["quantum"]["dns_server"] %> + +<% if node["openstack"]["compute"]["libvirt"]["virt_type"] == "qemu" -%> +libvirt_use_virtio_for_bridges=false +libvirt_cpu_mode = none +<% else -%> +libvirt_use_virtio_for_bridges=true +<% end -%> + + + +<% when "nova" -%> +multi_host=<%= node["openstack"]["compute"]["network"]["multi_host"] %> +network_manager=<%= node["openstack"]["compute"]["network"]["network_manager"] %> +public_interface=<%= node["openstack"]["compute"]["network"]["public_interface"] %> +fixed_range=<%= node["openstack"]["compute"]["network"]["fixed_range"] %> +dmz_cidr=<%= node["openstack"]["compute"]["network"]["dmz_cidr"] %> +<% if %w(fedora redhat centos).include? node.platform -%> +# https://bugzilla.redhat.com/show_bug.cgi?id=788485 - not released in epel yet +force_dhcp_release=false +<% else -%> +force_dhcp_release=true +<% end -%> +<% if node["openstack"]["compute"]["dhcp_domain"] -%> +dhcp_domain=<%= node["openstack"]["compute"]["dhcp_domain"] %> +<% end %> +send_arp_for_ha=true +use_single_default_gateway=<%= node["openstack"]["compute"]["network"]["use_single_default_gateway"] %> +<% if node["openstack"]["compute"]["libvirt"]["virt_type"] == "qemu" -%> +libvirt_use_virtio_for_bridges=false +<% else -%> +libvirt_use_virtio_for_bridges=true +<% end -%> +vlan_interface=<%= node["openstack"]["compute"]["network"]["vlan_interface"] %> + +<% end -%> + +##### GLANCE ##### +image_service=nova.image.glance.GlanceImageService +glance_api_servers=<%= @glance_api_ipaddress %>:<%= @glance_api_port %> + +##### COMPUTE ##### +compute_driver=<%= node["openstack"]["compute"]["driver"] %> +compute_manager=nova.compute.manager.ComputeManager +sql_connection=<%= @sql_connection %> +connection_type=libvirt +libvirt_type=<%= node["openstack"]["compute"]["libvirt"]["virt_type"] %> +# Command prefix to use for running commands as root (default: sudo) +rootwrap_config=/etc/nova/rootwrap.conf +# Should unused base images be removed? (default: false) +remove_unused_base_images=<%= node["openstack"]["compute"]["libvirt"]["remove_unused_base_images"] %> +# Unused resized base images younger than this will not be removed (default: 3600) +remove_unused_resized_minimum_age_seconds=<%= node["openstack"]["compute"]["libvirt"]["remove_unused_resized_minimum_age_seconds"] %> +# Unused unresized base images younger than this will not be removed (default: 86400) +remove_unused_original_minimum_age_seconds=<%= node["openstack"]["compute"]["libvirt"]["remove_unused_original_minimum_age_seconds"] %> +# Write a checksum for files in _base to disk (default: false) +checksum_base_images=<%= node["openstack"]["compute"]["libvirt"]["checksum_base_images"] %> + +##### VNCPROXY ##### +novncproxy_base_url=<%= @novncproxy_base_url %> +xvpvncproxy_base_url=<%= @xvpvncproxy_base_url %> + +# This is only required on the server running xvpvncproxy +xvpvncproxy_host=<%= @xvpvncproxy_bind_host %> +xvpvncproxy_port=<%= node["openstack"]["compute"]["xvpvnc_proxy"]["service_port"] %> + +# This is only required on the server running novncproxy +novncproxy_host=<%= @novncproxy_bind_host %> +novncproxy_port=<%= node["openstack"]["compute"]["novnc_proxy"]["service_port"] %> + +vncserver_listen=<%= @vncserver_listen %> +vncserver_proxyclient_address=<%= @vncserver_proxyclient_address %> + +# store consoleauth tokens in memcached +<% unless @memcache_servers.empty? -%> +memcached_servers=<%= @memcache_servers %> +<% end -%> + +##### MISC ##### +# force backing images to raw format +force_raw_images=<%= node["openstack"]["compute"]["config"]["force_raw_images"] %> +allow_same_net_traffic=<%= node["openstack"]["compute"]["config"]["allow_same_net_traffic"] %> +osapi_max_limit=<%= node["openstack"]["compute"]["config"]["osapi_max_limit"] %> +# If you terminate SSL with a load balancer, the HTTP_HOST environ +# variable that generates the request_uri in webob.Request will lack +# the HTTPS scheme. Setting this overrides the default and allows +# URIs returned in the various links collections to contain the proper +# HTTPS endpoint. +osapi_compute_link_prefix = <%= @osapi_compute_link_prefix %> +snapshot_image_format=<%= node["openstack"]["compute"]["config"]["snapshot_image_format"] %> +start_guests_on_host_boot=<%= node["openstack"]["compute"]["config"]["start_guests_on_host_boot"] %> +resume_guests_state_on_host_boot=<%= node["openstack"]["compute"]["config"]["resume_guests_state_on_host_boot"] %> + +##### QUOTAS ##### +# (StrOpt) default driver to use for quota checks (default: nova.quota.DbQuotaDriver) +quota_driver=<%= node["openstack"]["compute"]["config"]["quota_driver"] %> +# number of security groups per project (default: 10) +quota_security_groups=<%= node["openstack"]["compute"]["config"]["quota_security_groups"] %> +# number of security rules per security group (default: 20) +quota_security_group_rules=<%= node["openstack"]["compute"]["config"]["quota_security_group_rules"] %> +# number of instance cores allowed per project (default: 20) +quota_cores=<%= node["openstack"]["compute"]["config"]["quota_cores"] %> +# number of fixed ips allowed per project (this should be at least the number of instances allowed) (default: -1) +quota_fixed_ips=<%= node["openstack"]["compute"]["config"]["quota_fixed_ips"] %> +# number of floating ips allowed per project (default: 10) +quota_floating_ips=<%= node["openstack"]["compute"]["config"]["quota_floating_ips"] %> +# number of bytes allowed per injected file (default: 10240) +quota_injected_file_content_bytes=<%= node["openstack"]["compute"]["config"]["quota_injected_file_content_bytes"] %> +# number of bytes allowed per injected file path (default: 255) +quota_injected_file_path_bytes=<%= node["openstack"]["compute"]["config"]["quota_injected_file_path_bytes"] %> +# number of injected files allowed (default: 5) +quota_injected_files=<%= node["openstack"]["compute"]["config"]["quota_injected_files"] %> +# number of instances allowed per project (defailt: 10) +quota_instances=<%= node["openstack"]["compute"]["config"]["quota_instances"] %> +# number of key pairs per user (default: 100) +quota_key_pairs=<%= node["openstack"]["compute"]["config"]["quota_key_pairs"] %> +# number of metadata items allowed per instance (default: 128) +quota_metadata_items=<%= node["openstack"]["compute"]["config"]["quota_metadata_items"] %> +# megabytes of instance ram allowed per project (default: 51200) +quota_ram=<%= node["openstack"]["compute"]["config"]["quota_ram"] %> + + +<%- if /FilterScheduler/.match(node["openstack"]["compute"]["scheduler"]["scheduler_driver"]) or + /MultiScheduler/.match(node["openstack"]["compute"]["scheduler"]["scheduler_driver"]) %> +# FilterScheduler Only Options +<%- if /ComputeFilter/.match(@scheduler_default_filters) %> +# virtual CPU to Physical CPU allocation ratio (default: 16.0) +cpu_allocation_ratio=<%= node["openstack"]["compute"]["config"]["cpu_allocation_ratio"] %> +<%- end %> +<%- if /RamFilter/.match(@scheduler_default_filters) %> +# virtual ram to physical ram allocation ratio (default: 1.5) +ram_allocation_ratio=<%= node["openstack"]["compute"]["config"]["ram_allocation_ratio"] %> +<%- end %> +<%- elsif /SimpleScheduler/.match(node["openstack"]["compute"]["scheduler"]["scheduler_driver"]) %> +# SimpleScheduler Only Options +# maximum number of instance cores to allow per host +max_cores=<%= node["openstack"]["compute"]["config"]["cpu_allocation_ratio"].to_i * node["cpu"]["total"].to_i %> +<%- end %> + +# If true, force creation of config drive regardless of if --config-drive was specified in the API call +force_config_drive=<%= node["openstack"]["compute"]["config"]["force_config_drive"] %> + +<% if %w(fedora redhat centos).include? node.platform -%> +# Adding support for non-modded euca2ools to display ip address info +# https://bugs.launchpad.net/nova/+bug/901594 +ec2_private_dns_show_ip=True +<% end -%> + +##### WORKERS ###### +ec2_workers=<%= node["cpu"]["total"] %> +osapi_compute_workers=<%= node["cpu"]["total"] %> +metadata_workers=<%= node["cpu"]["total"] %> + +##### KEYSTONE ##### +keystone_ec2_url=<%= @identity_endpoint.scheme %>://<%= @identity_endpoint.host %>:<%= @identity_endpoint.port %>/v2.0/ec2tokens + +##### VOLUMES ##### +# iscsi target user-land tool to use +iscsi_helper=<%= @iscsi_helper %> +volume_api_class=<%= node["openstack"]["compute"]["config"]["volume_api_class"] %> + +##### THIRD PARTY ADDITIONS ##### +<% if node["openstack"]["compute"]["plugins"] %> +<% node["openstack"]["compute"]["plugins"].each do |p| %> +osapi_compute_extension=<%= p %> +<% end %> +<% end %> + +[conductor] + +use_local=<%= node["openstack"]["compute"]["conductor"]["use_local"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/openrc.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/openrc.erb new file mode 100644 index 000000000..1f59170f5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/openrc.erb @@ -0,0 +1,23 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# COMMON OPENSTACK ENVS +export OS_USERNAME=<%= @user %> +export OS_PASSWORD=<%= @password %> +export OS_TENANT_NAME=<%= @tenant %> +export OS_AUTH_URL=<%= @identity_endpoint.to_s %> +export OS_AUTH_STRATEGY=<%= @auth_strategy %> +export OS_REGION_NAME=<%= node["openstack"]["compute"]["region"] %> + +# LEGACY NOVA ENVS +export NOVA_USERNAME=${OS_USERNAME} +export NOVA_PROJECT_ID=${OS_TENANT_NAME} +export NOVA_PASSWORD=${OS_PASSWORD} +export NOVA_API_KEY=${OS_PASSWORD} +export NOVA_URL=${OS_AUTH_URL} +export NOVA_VERSION=<%= @nova_api_version %> +export NOVA_REGION_NAME=<%= node["openstack"]["compute"]["region"] %> + +# EUCA2OOLs ENV VARIABLES +export EC2_ACCESS_KEY=<%= node["credentials"]["EC2"]["admin"]["access"] %> +export EC2_SECRET_KEY=<%= node["credentials"]["EC2"]["admin"]["secret"] %> +export EC2_URL=<%= @ec2_url %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.conf.erb new file mode 100644 index 000000000..6d496c341 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.conf.erb @@ -0,0 +1,29 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# Configuration for nova-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, user0, user1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/api-metadata.filters.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/api-metadata.filters.erb new file mode 100644 index 000000000..cc623d217 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/api-metadata.filters.erb @@ -0,0 +1,15 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# nova-rootwrap command filters for api-metadata nodes +# This is needed on nova-api hosts running with "metadata" in enabled_apis +# or when running nova-api-metadata +# This file should be owned by (and only-writeable by) the root user + +[Filters] +# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... +iptables-save: CommandFilter, iptables-save, root +ip6tables-save: CommandFilter, ip6tables-save, root + +# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) +iptables-restore: CommandFilter, iptables-restore, root +ip6tables-restore: CommandFilter, ip6tables-restore, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/compute.filters.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/compute.filters.erb new file mode 100644 index 000000000..e9009bc5f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/compute.filters.erb @@ -0,0 +1,203 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +# nova-rootwrap command filters for compute nodes +# This file should be owned by (and only-writeable by) the root user + +[Filters] +# nova/virt/disk/mount/api.py: 'kpartx', '-a', device +# nova/virt/disk/mount/api.py: 'kpartx', '-d', device +kpartx: CommandFilter, /sbin/kpartx, root + +# nova/virt/xenapi/vm_utils.py: tune2fs, -O ^has_journal, part_path +# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path +tune2fs: CommandFilter, /sbin/tune2fs, root + +# nova/virt/disk/mount/api.py: 'mount', mapped_device +# nova/virt/disk/api.py: 'mount', '-o', 'bind', src, target +# nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'.. +# nova/virt/configdrive.py: 'mount', device, mountdir +# nova/virt/libvirt/volume.py: 'mount', '-t', 'sofs' ... +mount: CommandFilter, /bin/mount, root + +# nova/virt/disk/mount/api.py: 'umount', mapped_device +# nova/virt/disk/api.py: 'umount' target +# nova/virt/xenapi/vm_utils.py: 'umount', dev_path +# nova/virt/configdrive.py: 'umount', mountdir +umount: CommandFilter, /bin/umount, root + +# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-c', device, image +# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-d', device +qemu-nbd: CommandFilter, /usr/bin/qemu-nbd, root + +# nova/virt/disk/mount/loop.py: 'losetup', '--find', '--show', image +# nova/virt/disk/mount/loop.py: 'losetup', '--detach', device +losetup: CommandFilter, /sbin/losetup, root + +# nova/virt/disk/vfs/localfs.py: 'tee', canonpath +tee: CommandFilter, /usr/bin/tee, root + +# nova/virt/disk/vfs/localfs.py: 'mkdir', canonpath +mkdir: CommandFilter, /bin/mkdir, root + +# nova/virt/disk/vfs/localfs.py: 'chown' +# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log +# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log +# nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk') +# nova/utils.py: 'chown', owner_uid, path +chown: CommandFilter, /bin/chown, root + +# nova/virt/disk/vfs/localfs.py: 'chmod' +chmod: CommandFilter, /bin/chmod, root + +# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' +# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' +# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev +# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i.. +# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. +# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. +# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. +# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) +# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] +# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge +# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. +# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. +# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... +# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,.. +# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' +# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' +# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. +# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, .. +# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' +# nova/network/linux_net.py: 'ip', 'route', 'add', .. +# nova/network/linux_net.py: 'ip', 'route', 'del', . +# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev +ip: CommandFilter, /sbin/ip, root + +# nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev +# nova/network/linux_net.py: 'tunctl', '-b', '-t', dev +tunctl: CommandFilter, tunctl, root + +# nova/virt/libvirt/vif.py: 'ovs-vsctl', ... +# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ... +# nova/network/linux_net.py: 'ovs-vsctl', .... +ovs-vsctl: CommandFilter, /usr/bin/ovs-vsctl, root + +# nova/network/linux_net.py: 'ovs-ofctl', .... +ovs-ofctl: CommandFilter, /usr/bin/ovs-ofctl, root + +# nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ... +dd: CommandFilter, /bin/dd, root + +# nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ... +iscsiadm: CommandFilter, iscsiadm, root + +# nova/virt/libvirt/volume.py: 'aoe-revalidate', aoedev +# nova/virt/libvirt/volume.py: 'aoe-discover' +aoe-revalidate: CommandFilter, /usr/sbin/aoe-revalidate, root +aoe-discover: CommandFilter, /usr/sbin/aoe-discover, root + +# nova/virt/xenapi/vm_utils.py: parted, --script, ... +# nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*. +parted: CommandFilter, parted, root + +# nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path +pygrub: CommandFilter, /usr/bin/pygrub, root + +# nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s +fdisk: CommandFilter, /sbin/fdisk, root + +# nova/virt/xenapi/vm_utils.py: e2fsck, -f, -p, partition_path +# nova/virt/disk/api.py: e2fsck, -f, -p, image +e2fsck: CommandFilter, /sbin/e2fsck, root + +# nova/virt/xenapi/vm_utils.py: resize2fs, partition_path +# nova/virt/disk/api.py: resize2fs, image +resize2fs: CommandFilter, /sbin/resize2fs, root + +# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... +iptables-save: CommandFilter, iptables-save, root +ip6tables-save: CommandFilter, ip6tables-save, root + +# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) +iptables-restore: CommandFilter, iptables-restore, root +ip6tables-restore: CommandFilter, ip6tables-restore, root + +# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... +# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. +arping: CommandFilter, arping, root + +# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address +dhcp_release: CommandFilter, /usr/bin/dhcp_release, root + +# nova/network/linux_net.py: 'kill', '-9', pid +# nova/network/linux_net.py: 'kill', '-HUP', pid +kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP + +# nova/network/linux_net.py: 'kill', pid +kill_radvd: KillFilter, root, /usr/sbin/radvd + +# nova/network/linux_net.py: dnsmasq call +dnsmasq: DnsmasqFilter, /usr/sbin/dnsmasq, root +dnsmasq_deprecated: DeprecatedDnsmasqFilter, /usr/sbin/dnsmasq, root + +# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'.. +radvd: CommandFilter, /usr/sbin/radvd, root + +# nova/network/linux_net.py: 'brctl', 'addbr', bridge +# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 +# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' +# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface +brctl: CommandFilter, brctl, root + +# nova/virt/libvirt/utils.py: 'mkswap' +# nova/virt/xenapi/vm_utils.py: 'mkswap' +mkswap: CommandFilter, /sbin/mkswap, root + +# nova/virt/xenapi/vm_utils.py: 'mkfs' +mkfs: CommandFilter, /sbin/mkfs, root + +# nova/virt/libvirt/utils.py: 'qemu-img' +qemu-img: CommandFilter, /usr/bin/qemu-img, root + +# nova/virt/disk/vfs/localfs.py: 'readlink', '-e' +readlink: CommandFilter, readlink, root + +# nova/virt/disk/api.py: 'touch', target +touch: CommandFilter, /usr/bin/touch, root + +# nova/virt/disk/api.py: +mkfs.ext3: CommandFilter, /sbin/mkfs.ext3, root +mkfs.ntfs: CommandFilter, /sbin/mkfs.ntfs, root + +# nova/virt/libvirt/connection.py: +read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi + +# nova/virt/libvirt/connection.py: +lvremove: CommandFilter, /sbin/lvremove, root + +# nova/virt/libvirt/utils.py: +lvcreate: CommandFilter, /sbin/lvcreate, root + +# nova/virt/libvirt/utils.py: +lvs: CommandFilter, /sbin/lvs, root + +# nova/virt/libvirt/utils.py: +vgs: CommandFilter, /sbin/vgs, root + +# nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ... +tgtadm: CommandFilter, /usr/sbin/tgtadm, root + +# nova/utils.py:read_file_as_root: 'cat', file_path +# (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file) +read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd +read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow + +# nova/virt/libvirt/volume.py: 'multipath' '-R' +multipath: CommandFilter, /sbin/multipath, root + +# nova/virt/libvirt/utils.py: +systool: CommandFilter, /usr/bin/systool, root + +# nova/virt/libvirt/volume.py: +sginfo: CommandFilter, /usr/bin/sginfo, root +sg_scan: CommandFilter, /usr/bin/sg_scan, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/network.filters.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/network.filters.erb new file mode 100644 index 000000000..bb74ea2e7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-compute/templates/default/rootwrap.d/network.filters.erb @@ -0,0 +1,77 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +[Filters] +# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' +# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' +# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev +# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i.. +# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. +# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. +# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. +# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) +# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] +# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge +# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. +# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. +# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... +# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,.. +# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' +# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' +# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. +# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, .. +# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' +# nova/network/linux_net.py: 'ip', 'route', 'add', .. +# nova/network/linux_net.py: 'ip', 'route', 'del', . +# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev +ip: CommandFilter, /sbin/ip, root + +# nova/virt/libvirt/vif.py: 'ovs-vsctl', ... +# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ... +# nova/network/linux_net.py: 'ovs-vsctl', .... +ovs-vsctl: CommandFilter, /usr/bin/ovs-vsctl, root + +# nova/network/linux_net.py: 'ovs-ofctl', .... +ovs-ofctl: CommandFilter, /usr/bin/ovs-ofctl, root + +# nova/network/linux_net.py: 'ebtables', '-D' ... +# nova/network/linux_net.py: 'ebtables', '-I' ... +ebtables: CommandFilter, /sbin/ebtables, root +ebtables_usr: CommandFilter, /usr/sbin/ebtables, root + +# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... +iptables-save: CommandFilter, iptables-save, root +ip6tables-save: CommandFilter, ip6tables-save, root + +# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) +iptables-restore: CommandFilter, iptables-restore, root +ip6tables-restore: CommandFilter, ip6tables-restore, root + +# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... +# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. +arping: CommandFilter, arping, root + +# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address +dhcp_release: CommandFilter, /usr/bin/dhcp_release, root + +# nova/network/linux_net.py: 'kill', '-9', pid +# nova/network/linux_net.py: 'kill', '-HUP', pid +kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP + +# nova/network/linux_net.py: 'kill', pid +kill_radvd: KillFilter, root, /usr/sbin/radvd + +# nova/network/linux_net.py: dnsmasq call +dnsmasq: DnsmasqFilter, /usr/sbin/dnsmasq, root +dnsmasq_deprecated: DeprecatedDnsmasqFilter, /usr/sbin/dnsmasq, root + +# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'.. +radvd: CommandFilter, /usr/sbin/radvd, root + +# nova/network/linux_net.py: 'brctl', 'addbr', bridge +# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 +# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' +# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface +brctl: CommandFilter, brctl, root + +# nova/network/linux_net.py: 'sysctl', .... +sysctl: CommandFilter, /sbin/sysctl, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Berksfile new file mode 100644 index 000000000..84e5b6dfb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Berksfile @@ -0,0 +1,4 @@ +metadata + +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile new file mode 100644 index 000000000..ffbff4a11 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 1.4.5" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile.lock new file mode 100644 index 000000000..fb9593e0b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Gemfile.lock @@ -0,0 +1,207 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + addressable (2.3.4) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (1.4.5) + activesupport (>= 3.2.0) + addressable + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + json (>= 1.5.0) + minitar + mixlib-config (~> 1.1) + mixlib-shellout (~> 1.1) + multi_json (~> 1.5) + retryable + ridley (~> 0.12.4) + solve (>= 0.4.2) + thor (~> 0.18.0) + yajl-ruby + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.0) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.8.4) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.8.1) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.1) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.4) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.6) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rak (1.4) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (0.12.4) + addressable + celluloid (~> 0.14.0) + chozo (>= 0.6.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + mixlib-authentication (>= 1.3.0) + mixlib-config (>= 1.1.0) + mixlib-log (>= 1.3.0) + mixlib-shellout (>= 1.1.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + winrm (~> 1.1.0) + rspec (2.13.0) + rspec-core (~> 2.13.0) + rspec-expectations (~> 2.13.0) + rspec-mocks (~> 2.13.0) + rspec-core (2.13.1) + rspec-expectations (2.13.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.13.1) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.4.4) + json + strainer (2.1.0) + berkshelf (~> 1.3) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.0) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 1.4.5) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/README.md new file mode 100644 index 000000000..5144dd53d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/README.md @@ -0,0 +1,93 @@ +Description +=========== + +Installs the OpenStack Dashboard service **Horizon** as part of the OpenStack reference deployment Chef for OpenStack. The http://github.com/mattray/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Horizon is currently installed from packages. + +http://horizon.openstack.org + +Requirements +============ + +* Chef 0.10.0 or higher required (for Chef environment use). + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* apache2 +* openstack-common + +Usage +===== + +server +------ + +Sets up the Horizon dashboard within an Apache `mod_wsgi` container. + +```json +"run_list": [ + "recipe[openstack-dashboard::server]" +] +``` + +Attributes +========== + +* `openstack["dashboard"]["db"]["username"]` - username for horizon database access +* `openstack["dashboard"]["server_hostname"]` - sets the ServerName in the Apache config. +* `openstack["dashboard"]["use_ssl"]` - toggle for using ssl with dashboard (default true) +* `openstack["dashboard"]["ssl"]["dir"]` - directory where ssl certs are stored on this system +* `openstack["dashboard"]["ssl"]["cert"]` - name to use when creating the ssl certificate +* `openstack["dashboard"]["ssl"]["key"]` - name to use when creating the ssl key +* `openstack["dashboard"]["dash_path"]` - base path for dashboard files (document root) +* `openstack["dashboard"]["wsgi_path"]` - path for wsgi dir +* `openstack["dashboard"]["ssl_offload"]` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL +* `openstack["dashboard"]["plugins"]` - Array of plugins to include via INSTALED\_APPS + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Justin Shepherd () | +| **Author** | Jason Cannavale () | +| **Author** | Ron Pedde () | +| **Author** | Joseph Breu () | +| **Author** | William Kelly () | +| **Author** | Darren Birkett () | +| **Author** | Evan Callicoat () | +| **Author** | Jay Pipes () | +| **Author** | John Dewey () | +| **Author** | Matt Ray () | +| **Author** | Sean Gallagher () | +| | | +| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. | +| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. | +| **Copyright** | Copyright (c) 2013, Opscode, Inc. | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/attributes/default.rb new file mode 100644 index 000000000..f03279d2f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/attributes/default.rb @@ -0,0 +1,114 @@ +# +# Cookbook Name:: openstack-dashboard +# Attributes:: default +# +# Copyright 2012, AT&T, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["dashboard"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +default["openstack"]["dashboard"]["debug"] = false + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# db_password routine. +default["openstack"]["dashboard"]["db"]["username"] = "dash" + +# The Keystone role used by default for users logging into the dashboard +default["openstack"]["dashboard"]["keystone_default_role"] = "Member" + +# This is the name of the Chef role that will install the Keystone Service API +default["openstack"]["dashboard"]["keystone_service_chef_role"] = "keystone" + +default["openstack"]["dashboard"]["server_hostname"] = nil +default["openstack"]["dashboard"]["use_ssl"] = true +default["openstack"]["dashboard"]["ssl"]["cert"] = "horizon.pem" +default["openstack"]["dashboard"]["ssl"]["key"] = "horizon.key" + +default["openstack"]["dashboard"]["swift"]["enabled"] = "False" + +default["openstack"]["dashboard"]["theme"] = "default" + +default["openstack"]["dashboard"]["apache"]["sites-path"] = "#{node["apache"]["dir"]}/openstack-dashboard" + +case node["platform"] +when "fedora", "centos", "redhat" + default["openstack"]["dashboard"]["ssl"]["dir"] = "/etc/pki/tls" + default["openstack"]["dashboard"]["local_settings_path"] = "/etc/openstack-dashboard/local_settings" + default["openstack"]["dashboard"]["static_path"] = "/usr/share/openstack-dashboard/static" + # TODO(shep) - Fedora does not generate self signed certs by default + default["openstack"]["dashboard"]["platform"] = { + "mysql_python_packages" => ["MySQL-python"], + "postgresql_python_packages" => ["python-psycopg2"], + "horizon_packages" => ["openstack-dashboard"], + "memcache_python_packages" => ["python-memcached"], + "package_overrides" => "" + } + if node["platform"] == "fedora" + default["openstack"]["dashboard"]["apache"]["sites-path"] = "#{node["apache"]["dir"]}/conf.d/openstack-dashboard.conf" + else + default["openstack"]["dashboard"]["apache"]["sites-path"] = "#{node["apache"]["dir"]}/conf.d/openstack-dashboard" + end +when "suse" + default["openstack"]["dashboard"]["ssl"]["dir"] = "/etc/ssl" + default["openstack"]["dashboard"]["local_settings_path"] = "/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py" + default["openstack"]["dashboard"]["static_path"] = "/usr/share/openstack-dashboard/static" + default["openstack"]["dashboard"]["platform"] = { + "mysql_python_packages" => ["python-mysql"], + "postgresql_python_packages" => ["python-psycopg2"], + "horizon_packages" => ["openstack-dashboard"], + "memcache_python_packages" => ["python-python-memcached"], + "package_overrides" => "" + } + default["openstack"]["dashboard"]["apache"]["sites-path"] = "#{node["apache"]["dir"]}/conf.d/openstack-dashboard.conf" +when "ubuntu" + default["openstack"]["dashboard"]["ssl"]["dir"] = "/etc/ssl" + default["openstack"]["dashboard"]["local_settings_path"] = "/etc/openstack-dashboard/local_settings.py" + default["openstack"]["dashboard"]["static_path"] = "/usr/share/openstack-dashboard/openstack_dashboard/static" + default["openstack"]["dashboard"]["platform"] = { + "mysql_python_packages" => ["python-mysqldb"], + "postgresql_python_packages" => ["python-psycopg2"], + "memcache_python_packages" => ["python-memcache"], + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } + # lessc became node-less in 12.10 + if node['lsb']['release'] > '12.04' + default["openstack"]["dashboard"]["platform"]["horizon_packages"] = ["node-less", "openstack-dashboard"] + else + default["openstack"]["dashboard"]["platform"]["horizon_packages"] = ["lessc", "openstack-dashboard"] + end + default["openstack"]["dashboard"]["apache"]["sites-path"] = "#{node["apache"]["dir"]}/sites-available/openstack-dashboard" +end + +default["openstack"]["dashboard"]["dash_path"] = "/usr/share/openstack-dashboard/openstack_dashboard" +default["openstack"]["dashboard"]["stylesheet_path"] = "/usr/share/openstack-dashboard/openstack_dashboard/templates/_stylesheets.html" +default["openstack"]["dashboard"]["wsgi_path"] = node["openstack"]["dashboard"]["dash_path"] + "/wsgi/django.wsgi" +default["openstack"]["dashboard"]["session_backend"] = "memcached" + +default["openstack"]["dashboard"]["ssl_offload"] = false +default["openstack"]["dashboard"]["plugins"] = nil + +default["openstack"]["dashboard"]["error_log"] = "openstack-dashboard-error.log" +default["openstack"]["dashboard"]["access_log"] = "openstack-dashboard-access.log" + +default["openstack"]["dashboard"]["help_url"] = "http://docs.openstack.org" + +default["openstack"]["dashboard"]["csrf_cookie_secure"] = true +default["openstack"]["dashboard"]["session_cookie_secure"] = true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/css/folsom.css b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/css/folsom.css new file mode 100644 index 000000000..12e8c6789 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/css/folsom.css @@ -0,0 +1,6363 @@ +article,aside,details,figcaption,figure,footer,header,hgroup,nav,section +{ + display: block; +} + +audio,canvas,video +{ + display: inline-block; + *display: inline; + *zoom: 1; +} + +audio:not([controls]) +{ + display: none; +} + +html +{ + font-size: 100%; + -webkit-text-size-adjust: 100%; + -ms-text-size-adjust: 100%; + background-color: #ddd; +} + +a:focus +{ + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} + +a:hover,a:active +{ + outline: 0; +} + +sub,sup +{ + position: relative; + font-size: 75%; + line-height: 0; + vertical-align: baseline; +} + +sup +{ + top: -0.5em; +} + +sub +{ + bottom: -0.25em; +} + +img +{ + max-width: 100%; + height: auto; + border: 0; + -ms-interpolation-mode: bicubic; +} + +button,input,select,textarea +{ + margin: 0; + font-size: 100%; + vertical-align: middle; +} + +button,input +{ + *overflow: visible; + line-height: normal; +} + +button::-moz-focus-inner,input::-moz-focus-inner +{ + padding: 0; + border: 0; +} + +button,input[type="button"],input[type="reset"],input[type="submit"] +{ + cursor: pointer; + -webkit-appearance: button; +} + +input[type="search"] +{ + -webkit-appearance: textfield; + -webkit-box-sizing: content-box; + -moz-box-sizing: content-box; + box-sizing: content-box; +} + +input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button +{ + -webkit-appearance: none; +} + +textarea +{ + overflow: auto; + vertical-align: top; +} + +.clearfix +{ + *zoom: 1; +} + +.clearfix:before,.clearfix:after +{ + display: table; + content: ""; +} + +.clearfix:after +{ + clear: both; +} + +body +{ + margin: 0; + font-family: Arial,"Helvetica Neue",Helvetica,sans-serif; + font-size: 13px; + line-height: 18px; + color: #333333; + background-color: #ffffff; +} + +a +{ + color: #1d71bf; + text-decoration: none; +} + +a:hover +{ + color: #1d71bf; + text-decoration: underline; +} + +.row +{ + margin-left: -20px; + *zoom: 1; +} + +.row:before,.row:after +{ + display: table; + content: ""; +} + +.row:after +{ + clear: both; +} + +[class*="span"] +{ + float: left; + margin-left: 20px; +} + +.span1 +{ + width: 60px; +} + +.span2 +{ + width: 140px; +} + +.span3 +{ + width: 220px; +} + +.span4 +{ + width: 300px; +} + +.span5 +{ + width: 380px; +} + +.span6 +{ + width: 460px; +} + +.span7 +{ + width: 540px; +} + +.span8 +{ + width: 620px; +} + +.span9 +{ + width: 700px; +} + +.span10 +{ + width: 780px; +} + +.span11 +{ + width: 860px; +} + +.span12,.container +{ + width: 940px; +} + +.offset1 +{ + margin-left: 100px; +} + +.offset2 +{ + margin-left: 180px; +} + +.offset3 +{ + margin-left: 260px; +} + +.offset4 +{ + margin-left: 340px; +} + +.offset5 +{ + margin-left: 420px; +} + +.offset6 +{ + margin-left: 500px; +} + +.offset7 +{ + margin-left: 580px; +} + +.offset8 +{ + margin-left: 660px; +} + +.offset9 +{ + margin-left: 740px; +} + +.offset10 +{ + margin-left: 820px; +} + +.offset11 +{ + margin-left: 900px; +} + +.row-fluid +{ + width: 100%; + *zoom: 1; +} + +.row-fluid:before,.row-fluid:after +{ + display: table; + content: ""; +} + +.row-fluid:after +{ + clear: both; +} + +.row-fluid>[class*="span"] +{ + float: left; + margin-left: 2.127659574%; +} + +.row-fluid>[class*="span"]:first-child +{ + margin-left: 0; +} + +.row-fluid>.span1 +{ + width: 6.382978723%; +} + +.row-fluid>.span2 +{ + width: 14.89361702%; +} + +.row-fluid>.span3 +{ + width: 23.404255317%; +} + +.row-fluid>.span4 +{ + width: 31.914893614%; +} + +.row-fluid>.span5 +{ + width: 40.425531911%; +} + +.row-fluid>.span6 +{ + width: 48.93617020799999%; +} + +.row-fluid>.span7 +{ + width: 57.446808505%; +} + +.row-fluid>.span8 +{ + width: 65.95744680199999%; +} + +.row-fluid>.span9 +{ + width: 74.468085099%; +} + +.row-fluid>.span10 +{ + width: 82.97872339599999%; +} + +.row-fluid>.span11 +{ + width: 91.489361693%; +} + +.row-fluid>.span12 +{ + width: 99.99999998999999%; +} + +.container +{ + width: 940px; + margin-left: auto; + margin-right: auto; + *zoom: 1; +} + +.container:before,.container:after +{ + display: table; + content: ""; +} + +.container:after +{ + clear: both; +} + +.container-fluid +{ + padding-left: 20px; + padding-right: 20px; + *zoom: 1; +} + +.container-fluid:before,.container-fluid:after +{ + display: table; + content: ""; +} + +.container-fluid:after +{ + clear: both; +} + +p +{ + margin: 0 0 9px; + font-family: Arial,"Helvetica Neue",Helvetica,sans-serif; + font-size: 13px; + line-height: 18px; +} + +p small +{ + font-size: 11px; + color: #999999; +} + +.lead +{ + margin-bottom: 18px; + font-size: 20px; + font-weight: 200; + line-height: 27px; +} + +h1,h2,h3,h4,h5,h6 +{ + margin: 0; + font-weight: bold; + color: #333333; + text-rendering: optimizelegibility; +} + +h1 small,h2 small,h3 small,h4 small,h5 small,h6 small +{ + font-weight: normal; + color: #999999; +} + +h1 +{ + font-size: 30px; + line-height: 36px; +} + +h1 small +{ + font-size: 18px; +} + +h2 +{ + font-size: 24px; + line-height: 36px; +} + +h2 small +{ + font-size: 18px; +} + +h3 +{ + line-height: 27px; + font-size: 18px; +} + +h3 small +{ + font-size: 14px; +} + +h4,h5,h6 +{ + line-height: 18px; +} + +h4 +{ + font-size: 14px; +} + +h4 small +{ + font-size: 12px; +} + +h5 +{ + font-size: 12px; +} + +h6 +{ + font-size: 11px; + color: #999999; + text-transform: uppercase; +} + +.page-header +{ + padding-bottom: 17px; + margin: 18px 0; + border-bottom: 1px solid #eeeeee; +} + +.page-header h1 +{ + line-height: 1; +} + +ul,ol +{ + padding: 0; + margin: 0 0 9px 25px; +} + +ul ul,ul ol,ol ol,ol ul +{ + margin-bottom: 0; +} + +ul +{ + list-style: disc; +} + +ol +{ + list-style: decimal; +} + +li +{ + line-height: 18px; +} + +ul.unstyled,ol.unstyled +{ + margin-left: 0; + list-style: none; +} + +dl +{ + margin-bottom: 18px; +} + +dt,dd +{ + line-height: 18px; +} + +dt +{ + font-weight: bold; +} + +dd +{ + margin-left: 9px; +} + +hr +{ + margin: 18px 0; + border: 0; + border-top: 1px solid #eeeeee; + border-bottom: 1px solid #ffffff; +} + +strong +{ + font-weight: bold; +} + +em +{ + font-style: italic; +} + +.muted +{ + color: #999999; +} + +abbr +{ + font-size: 90%; + text-transform: uppercase; + border-bottom: 1px dotted #ddd; + cursor: help; +} + +blockquote +{ + padding: 0 0 0 15px; + margin: 0 0 18px; + border-left: 5px solid #eeeeee; +} + +blockquote p +{ + margin-bottom: 0; + font-size: 16px; + font-weight: 300; + line-height: 22.5px; +} + +blockquote small +{ + display: block; + line-height: 18px; + color: #999999; +} + +blockquote small:before +{ + content: '\2014 \00A0'; +} + +blockquote.pull-right +{ + float: right; + padding-left: 0; + padding-right: 15px; + border-left: 0; + border-right: 5px solid #eeeeee; +} + +blockquote.pull-right p,blockquote.pull-right small +{ + text-align: right; +} + +q:before,q:after,blockquote:before,blockquote:after +{ + content: ""; +} + +address +{ + display: block; + margin-bottom: 18px; + line-height: 18px; + font-style: normal; +} + +small +{ + font-size: 100%; +} + +cite +{ + font-style: normal; +} + +code,pre +{ + padding: 0 3px 2px; + font-family: Menlo,Monaco,"Courier New",monospace; + font-size: 12px; + color: #333333; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} + +code +{ + padding: 3px 4px; + color: #d14; + background-color: #f7f7f9; + border: 1px solid #e1e1e8; +} + +pre +{ + display: block; + padding: 8.5px; + margin: 0 0 9px; + font-size: 12px; + line-height: 18px; + background-color: #f5f5f5; + border: 1px solid #ccc; + border: 1px solid rgba(0, 0, 0, 0.15); + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + white-space: pre; + white-space: pre-wrap; + word-break: break-all; + word-wrap: break-word; +} + +pre.prettyprint +{ + margin-bottom: 18px; +} + +pre code +{ + padding: 0; + color: inherit; + background-color: transparent; + border: 0; +} + +.pre-scrollable +{ + max-height: 340px; + overflow-y: scroll; +} + +form +{ + margin: 0px; +} + +fieldset +{ + padding: 0; + margin: 0; + border: 0; +} + +legend +{ + display: block; + width: 100%; + padding: 0; + margin-bottom: 27px; + font-size: 19.5px; + line-height: 36px; + color: #333333; + border: 0; + border-bottom: 1px solid #eee; +} + +legend small +{ + font-size: 13.5px; + color: #999999; +} + +label,input,button,select,textarea +{ + font-size: 13px; + font-weight: normal; + line-height: 18px; +} + +input,button,select,textarea +{ + font-family: Arial,"Helvetica Neue",Helvetica,sans-serif; +} + +label +{ + display: block; + margin-bottom: 5px; + color: #333333; +} + +input,textarea,select,.uneditable-input +{ + display: inline-block; + width: 210px; + height: 18px; + padding: 4px; + margin-bottom: 9px; + font-size: 13px; + line-height: 18px; + color: #555555; + border: 1px solid #ccc; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} + +.uneditable-textarea +{ + width: auto; + height: auto; +} + +label input,label textarea,label select +{ + display: block; +} + +input[type="image"],input[type="checkbox"],input[type="radio"] +{ + width: auto; + height: auto; + padding: 0; + margin: 3px 0; + *margin-top: 0; + line-height: normal; + cursor: pointer; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0; + border: 0 \9; +} + +input[type="image"] +{ + border: 0; +} + +input[type="file"] +{ + width: auto; + padding: initial; + line-height: initial; + border: initial; + background-color: #ffffff; + background-color: initial; + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; +} + +input[type="button"],input[type="reset"],input[type="submit"] +{ + width: auto; + height: auto; +} + +select,input[type="file"] +{ + height: 28px; + *margin-top: 4px; + line-height: 28px; +} + +input[type="file"] +{ + line-height: 18px \9; +} + +select +{ + width: 220px; + background-color: #ffffff; +} + +select[multiple],select[size] +{ + height: auto; +} + +input[type="image"] +{ + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; +} + +textarea +{ + height: auto; +} + +input[type="hidden"] +{ + display: none; +} + +.radio,.checkbox +{ + padding-left: 18px; +} + +.radio input[type="radio"],.checkbox input[type="checkbox"] +{ + float: left; + margin-left: -18px; +} + +.controls>.radio:first-child,.controls>.checkbox:first-child +{ + padding-top: 5px; +} + +.radio.inline,.checkbox.inline +{ + display: inline-block; + padding-top: 5px; + margin-bottom: 0; + vertical-align: middle; +} + +.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline +{ + margin-left: 10px; +} + +input,textarea +{ + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -webkit-transition: border linear 0.2s,box-shadow linear 0.2s; + -moz-transition: border linear 0.2s,box-shadow linear 0.2s; + -ms-transition: border linear 0.2s,box-shadow linear 0.2s; + -o-transition: border linear 0.2s,box-shadow linear 0.2s; + transition: border linear 0.2s,box-shadow linear 0.2s; +} + +input:focus,textarea:focus +{ + border-color: rgba(82, 168, 236, 0.8); + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 8px rgba(82, 168, 236, 0.6); + -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 8px rgba(82, 168, 236, 0.6); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 8px rgba(82, 168, 236, 0.6); + outline: 0; + outline: thin dotted \9; +} + +input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus,select:focus +{ + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} + +.input-mini +{ + width: 60px; +} + +.input-small +{ + width: 90px; +} + +.input-medium +{ + width: 150px; +} + +.input-large +{ + width: 210px; +} + +.input-xlarge +{ + width: 270px; +} + +.input-xxlarge +{ + width: 530px; +} + +input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input +{ + float: none; + margin-left: 0; +} + +input.span1,textarea.span1,.uneditable-input.span1 +{ + width: 50px; +} + +input.span2,textarea.span2,.uneditable-input.span2 +{ + width: 130px; +} + +input.span3,textarea.span3,.uneditable-input.span3 +{ + width: 210px; +} + +input.span4,textarea.span4,.uneditable-input.span4 +{ + width: 290px; +} + +input.span5,textarea.span5,.uneditable-input.span5 +{ + width: 370px; +} + +input.span6,textarea.span6,.uneditable-input.span6 +{ + width: 450px; +} + +input.span7,textarea.span7,.uneditable-input.span7 +{ + width: 530px; +} + +input.span8,textarea.span8,.uneditable-input.span8 +{ + width: 610px; +} + +input.span9,textarea.span9,.uneditable-input.span9 +{ + width: 690px; +} + +input.span10,textarea.span10,.uneditable-input.span10 +{ + width: 770px; +} + +input.span11,textarea.span11,.uneditable-input.span11 +{ + width: 850px; +} + +input.span12,textarea.span12,.uneditable-input.span12 +{ + width: 930px; +} + +input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly] +{ + background-color: #f5f5f5; + border-color: #ddd; + cursor: not-allowed; +} + +.control-group.warning>label,.control-group.warning .help-block,.control-group.warning .help-inline +{ + color: #c09853; +} + +.control-group.warning input,.control-group.warning select,.control-group.warning textarea +{ + color: #c09853; + border-color: #c09853; +} + +.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus +{ + border-color: #a47e3c; + -webkit-box-shadow: 0 0 6px #dbc59e; + -moz-box-shadow: 0 0 6px #dbc59e; + box-shadow: 0 0 6px #dbc59e; +} + +.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on +{ + color: #c09853; + background-color: #fcf8e3; + border-color: #c09853; +} + +.control-group.error>label,.control-group.error .help-block,.control-group.error .help-inline +{ + color: #c40022; +} + +.control-group.error input,.control-group.error select,.control-group.error textarea +{ + color: #333; + border-color: #c40022; +} + +.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus +{ + border-color: #953b39; + -webkit-box-shadow: 0 0 6px #d59392; + -moz-box-shadow: 0 0 6px #d59392; + box-shadow: 0 0 6px #d59392; +} + +.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on +{ + color: #b94a48; + background-color: #f2dede; + border-color: #b94a48; +} + +.control-group.success>label,.control-group.success .help-block,.control-group.success .help-inline +{ + color: #468847; +} + +.control-group.success input,.control-group.success select,.control-group.success textarea +{ + color: #468847; + border-color: #468847; +} + +.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus +{ + border-color: #356635; + -webkit-box-shadow: 0 0 6px #7aba7b; + -moz-box-shadow: 0 0 6px #7aba7b; + box-shadow: 0 0 6px #7aba7b; +} + +.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on +{ + color: #468847; + background-color: #dff0d8; + border-color: #468847; +} + +input:focus:required:invalid,textarea:focus:required:invalid,select:focus:required:invalid +{ + color: #b94a48; + border-color: #ee5f5b; +} + +input:focus:required:invalid:focus,textarea:focus:required:invalid:focus,select:focus:required:invalid:focus +{ + border-color: #e9322d; + -webkit-box-shadow: 0 0 6px #f8b9b7; + -moz-box-shadow: 0 0 6px #f8b9b7; + box-shadow: 0 0 6px #f8b9b7; +} + +.form-actions +{ + padding: 17px 20px 18px; + margin-top: 18px; + margin-bottom: 18px; + background-color: #f5f5f5; + border-top: 1px solid #ddd; +} + +.uneditable-input +{ + display: block; + background-color: #ffffff; + border-color: #eee; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); + -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); + cursor: not-allowed; +} + +:-moz-placeholder +{ + color: #999999; +} + +::-webkit-input-placeholder +{ + color: #999999; +} + +.help-block +{ + display: block; + margin-top: 5px; + margin-bottom: 0; + color: #999999; +} + +.help-inline +{ + display: inline-block; + *display: inline; + *zoom: 1; + margin-bottom: 9px; + vertical-align: middle; + padding-left: 5px; +} + +.input-prepend,.input-append +{ + margin-bottom: 5px; + *zoom: 1; +} + +.input-prepend:before,.input-append:before,.input-prepend:after,.input-append:after +{ + display: table; + content: ""; +} + +.input-prepend:after,.input-append:after +{ + clear: both; +} + +.input-prepend input,.input-append input,.input-prepend .uneditable-input,.input-append .uneditable-input +{ + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0; +} + +.input-prepend input:focus,.input-append input:focus,.input-prepend .uneditable-input:focus,.input-append .uneditable-input:focus +{ + position: relative; + z-index: 2; +} + +.input-prepend .uneditable-input,.input-append .uneditable-input +{ + border-left-color: #ccc; +} + +.input-prepend .add-on,.input-append .add-on +{ + float: left; + display: block; + width: auto; + min-width: 16px; + height: 18px; + margin-right: -1px; + padding: 4px 5px; + font-weight: normal; + line-height: 18px; + color: #999999; + text-align: center; + text-shadow: 0 1px 0 #ffffff; + background-color: #f5f5f5; + border: 1px solid #ccc; + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px; +} + +.input-prepend .active,.input-append .active +{ + background-color: #a9dba9; + border-color: #46a546; +} + +.input-prepend .add-on +{ + *margin-top: 1px; +} + +.input-append input,.input-append .uneditable-input +{ + float: left; + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px; +} + +.input-append .uneditable-input +{ + border-left-color: #eee; + border-right-color: #ccc; +} + +.input-append .add-on +{ + margin-right: 0; + margin-left: -1px; + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0; +} + +.input-append input:first-child +{ + *margin-left: -160px; +} + +.input-append input:first-child+.add-on +{ + *margin-left: -21px; +} + +.search-query +{ + padding-left: 14px; + padding-right: 14px; + margin-bottom: 0; + -webkit-border-radius: 14px; + -moz-border-radius: 14px; + border-radius: 14px; +} + +.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input +{ + display: inline-block; + margin-bottom: 0; +} + +.form-search .hide,.form-inline .hide,.form-horizontal .hide +{ + display: none; +} + +.form-search label,.form-inline label,.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend +{ + display: inline-block; +} + +.form-search .input-append .add-on,.form-inline .input-prepend .add-on,.form-search .input-append .add-on,.form-inline .input-prepend .add-on +{ + vertical-align: middle; +} + +.form-search .radio,.form-inline .radio,.form-search .checkbox,.form-inline .checkbox +{ + margin-bottom: 0; + vertical-align: middle; +} + +.control-group +{ + margin-bottom: 9px; +} + +legend+.control-group +{ + margin-top: 18px; + -webkit-margin-top-collapse: separate; +} + +.form-horizontal .control-group +{ + margin-bottom: 18px; + *zoom: 1; +} + +.form-horizontal .control-group:before,.form-horizontal .control-group:after +{ + display: table; + content: ""; +} + +.form-horizontal .control-group:after +{ + clear: both; +} + +.form-horizontal .control-label +{ + float: left; + width: 140px; + padding-top: 5px; + text-align: right; +} + +.form-horizontal .controls +{ + margin-left: 160px; +} + +.form-horizontal .form-actions +{ + padding-left: 160px; +} + +table +{ + max-width: 100%; + border-collapse: collapse; + border-spacing: 0; +} + +.table +{ + width: 100%; + margin-bottom: 18px; +} + +.table th,.table td +{ + padding: 10px; + line-height: 20px; + text-align: left; + border-top: 1px solid #ddd; + color: #333; +} + +.table tbody td +{ + border-left: none !important; + background-color: #fff; +} + +.table th +{ + font-weight: normal; + color: #aaa; + padding: 0px 10px; + background-color: #fff; + line-height: 20px; + +} + +.table thead th +{ + vertical-align: middle; + border-left: none; + white-space: nowrap; +} + +.table thead:first-child tr th,.table thead:first-child tr td +{ + border-top: 0; +} + +.table tbody+tbody +{ + border-top: 2px solid #ddd; +} + +.table-condensed th,.table-condensed td +{ + padding: 4px 5px; +} + +.table-bordered +{ + border: 1px solid #ddd; + border-collapse: separate; + *border-collapse: collapsed; +} + +.table-bordered th+th,.table-bordered td+td,.table-bordered th+td,.table-bordered td+th +{ + +} + +.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td +{ + border-top: 0; +} + +.table-striped tbody tr:nth-child(odd) td,.table-striped tbody tr:nth-child(odd) th +{ + background-color: #f9f9f9; +} + +.table tbody tr:hover td,.table tbody tr:hover th +{ + background-color: #f5f5f5; +} + +table .span1 +{ + float: none; + width: 44px; + margin-left: 0; +} + +table .span2 +{ + float: none; + width: 124px; + margin-left: 0; +} + +table .span3 +{ + float: none; + width: 204px; + margin-left: 0; +} + +table .span4 +{ + float: none; + width: 284px; + margin-left: 0; +} + +table .span5 +{ + float: none; + width: 364px; + margin-left: 0; +} + +table .span6 +{ + float: none; + width: 444px; + margin-left: 0; +} + +table .span7 +{ + float: none; + width: 524px; + margin-left: 0; +} + +table .span8 +{ + float: none; + width: 604px; + margin-left: 0; +} + +table .span9 +{ + float: none; + width: 684px; + margin-left: 0; +} + +table .span10 +{ + float: none; + width: 764px; + margin-left: 0; +} + +table .span11 +{ + float: none; + width: 844px; + margin-left: 0; +} + +table .span12 +{ + float: none; + width: 924px; + margin-left: 0; +} + +[class^="icon-"],[class*=" icon-"] +{ + display: inline-block; + width: 14px; + height: 14px; + line-height: 14px; + vertical-align: text-top; + background-image: url("../img/glyphicons-halflings.png"); + background-position: 14px 14px; + background-repeat: no-repeat; + *margin-right: .3em; +} + +[class^="icon-"]:last-child,[class*=" icon-"]:last-child +{ + *margin-left: 0; +} + +.icon-white +{ + background-image: url("../img/glyphicons-halflings-white.png"); +} + +.icon-glass +{ + background-position: 0 0; +} + +.icon-music +{ + background-position: -24px 0; +} + +.icon-search +{ + background-position: -48px 0; +} + +.icon-envelope +{ + background-position: -72px 0; +} + +.icon-heart +{ + background-position: -96px 0; +} + +.icon-star +{ + background-position: -120px 0; +} + +.icon-star-empty +{ + background-position: -144px 0; +} + +.icon-user +{ + background-position: -168px 0; +} + +.icon-film +{ + background-position: -192px 0; +} + +.icon-th-large +{ + background-position: -216px 0; +} + +.icon-th +{ + background-position: -240px 0; +} + +.icon-th-list +{ + background-position: -264px 0; +} + +.icon-ok +{ + background-position: -288px 0; +} + +.icon-remove +{ + background-position: -312px 0; +} + +.icon-zoom-in +{ + background-position: -336px 0; +} + +.icon-zoom-out +{ + background-position: -360px 0; +} + +.icon-off +{ + background-position: -384px 0; +} + +.icon-signal +{ + background-position: -408px 0; +} + +.icon-cog +{ + background-position: -432px 0; +} + +.icon-trash +{ + background-position: -456px 0; +} + +.icon-home +{ + background-position: 0 -24px; +} + +.icon-file +{ + background-position: -24px -24px; +} + +.icon-time +{ + background-position: -48px -24px; +} + +.icon-road +{ + background-position: -72px -24px; +} + +.icon-download-alt +{ + background-position: -96px -24px; +} + +.icon-download +{ + background-position: -120px -24px; +} + +.icon-upload +{ + background-position: -144px -24px; +} + +.icon-inbox +{ + background-position: -168px -24px; +} + +.icon-play-circle +{ + background-position: -192px -24px; +} + +.icon-repeat +{ + background-position: -216px -24px; +} + +.icon-refresh +{ + background-position: -240px -24px; +} + +.icon-list-alt +{ + background-position: -264px -24px; +} + +.icon-lock +{ + background-position: -287px -24px; +} + +.icon-flag +{ + background-position: -312px -24px; +} + +.icon-headphones +{ + background-position: -336px -24px; +} + +.icon-volume-off +{ + background-position: -360px -24px; +} + +.icon-volume-down +{ + background-position: -384px -24px; +} + +.icon-volume-up +{ + background-position: -408px -24px; +} + +.icon-qrcode +{ + background-position: -432px -24px; +} + +.icon-barcode +{ + background-position: -456px -24px; +} + +.icon-tag +{ + background-position: 0 -48px; +} + +.icon-tags +{ + background-position: -25px -48px; +} + +.icon-book +{ + background-position: -48px -48px; +} + +.icon-bookmark +{ + background-position: -72px -48px; +} + +.icon-print +{ + background-position: -96px -48px; +} + +.icon-camera +{ + background-position: -120px -48px; +} + +.icon-font +{ + background-position: -144px -48px; +} + +.icon-bold +{ + background-position: -167px -48px; +} + +.icon-italic +{ + background-position: -192px -48px; +} + +.icon-text-height +{ + background-position: -216px -48px; +} + +.icon-text-width +{ + background-position: -240px -48px; +} + +.icon-align-left +{ + background-position: -264px -48px; +} + +.icon-align-center +{ + background-position: -288px -48px; +} + +.icon-align-right +{ + background-position: -312px -48px; +} + +.icon-align-justify +{ + background-position: -336px -48px; +} + +.icon-list +{ + background-position: -360px -48px; +} + +.icon-indent-left +{ + background-position: -384px -48px; +} + +.icon-indent-right +{ + background-position: -408px -48px; +} + +.icon-facetime-video +{ + background-position: -432px -48px; +} + +.icon-picture +{ + background-position: -456px -48px; +} + +.icon-pencil +{ + background-position: 0 -72px; +} + +.icon-map-marker +{ + background-position: -24px -72px; +} + +.icon-adjust +{ + background-position: -48px -72px; +} + +.icon-tint +{ + background-position: -72px -72px; +} + +.icon-edit +{ + background-position: -96px -72px; +} + +.icon-share +{ + background-position: -120px -72px; +} + +.icon-check +{ + background-position: -144px -72px; +} + +.icon-move +{ + background-position: -168px -72px; +} + +.icon-step-backward +{ + background-position: -192px -72px; +} + +.icon-fast-backward +{ + background-position: -216px -72px; +} + +.icon-backward +{ + background-position: -240px -72px; +} + +.icon-play +{ + background-position: -264px -72px; +} + +.icon-pause +{ + background-position: -288px -72px; +} + +.icon-stop +{ + background-position: -312px -72px; +} + +.icon-forward +{ + background-position: -336px -72px; +} + +.icon-fast-forward +{ + background-position: -360px -72px; +} + +.icon-step-forward +{ + background-position: -384px -72px; +} + +.icon-eject +{ + background-position: -408px -72px; +} + +.icon-chevron-left +{ + background-position: -432px -72px; +} + +.icon-chevron-right +{ + background-position: -456px -72px; +} + +.icon-plus-sign +{ + background-position: 0 -96px; +} + +.icon-minus-sign +{ + background-position: -24px -96px; +} + +.icon-remove-sign +{ + background-position: -48px -96px; +} + +.icon-ok-sign +{ + background-position: -72px -96px; +} + +.icon-question-sign +{ + background-position: -96px -96px; +} + +.icon-info-sign +{ + background-position: -120px -96px; +} + +.icon-screenshot +{ + background-position: -144px -96px; +} + +.icon-remove-circle +{ + background-position: -168px -96px; +} + +.icon-ok-circle +{ + background-position: -192px -96px; +} + +.icon-ban-circle +{ + background-position: -216px -96px; +} + +.icon-arrow-left +{ + background-position: -240px -96px; +} + +.icon-arrow-right +{ + background-position: -264px -96px; +} + +.icon-arrow-up +{ + background-position: -289px -96px; +} + +.icon-arrow-down +{ + background-position: -312px -96px; +} + +.icon-share-alt +{ + background-position: -336px -96px; +} + +.icon-resize-full +{ + background-position: -360px -96px; +} + +.icon-resize-small +{ + background-position: -384px -96px; +} + +.icon-plus +{ + background-position: -408px -96px; +} + +.icon-minus +{ + background-position: -433px -96px; +} + +.icon-asterisk +{ + background-position: -456px -96px; +} + +.icon-exclamation-sign +{ + background-position: 0 -120px; +} + +.icon-gift +{ + background-position: -24px -120px; +} + +.icon-leaf +{ + background-position: -48px -120px; +} + +.icon-fire +{ + background-position: -72px -120px; +} + +.icon-eye-open +{ + background-position: -96px -120px; +} + +.icon-eye-close +{ + background-position: -120px -120px; +} + +.icon-warning-sign +{ + background-position: -144px -120px; +} + +.icon-plane +{ + background-position: -168px -120px; +} + +.icon-calendar +{ + background-position: -192px -120px; +} + +.icon-random +{ + background-position: -216px -120px; +} + +.icon-comment +{ + background-position: -240px -120px; +} + +.icon-magnet +{ + background-position: -264px -120px; +} + +.icon-chevron-up +{ + background-position: -288px -120px; +} + +.icon-chevron-down +{ + background-position: -313px -119px; +} + +.icon-retweet +{ + background-position: -336px -120px; +} + +.icon-shopping-cart +{ + background-position: -360px -120px; +} + +.icon-folder-close +{ + background-position: -384px -120px; +} + +.icon-folder-open +{ + background-position: -408px -120px; +} + +.icon-resize-vertical +{ + background-position: -432px -119px; +} + +.icon-resize-horizontal +{ + background-position: -456px -118px; +} + +.dropdown +{ + position: relative; +} + +.dropdown-toggle +{ + *margin-bottom: -3px; +} + +.dropdown-toggle:active,.open .dropdown-toggle +{ + outline: 0; +} + +.caret +{ + display: inline-block; + width: 0; + height: 0; + text-indent: -99999px; + *text-indent: 0; + vertical-align: top; + border-left: 4px solid transparent; + border-right: 4px solid transparent; + border-top: 4px solid #000000; + opacity: 0.3; + filter: alpha(opacity=30); + content: "\2193"; +} + +.dropdown .caret +{ + margin-top: 8px; + margin-left: 2px; +} + +.dropdown:hover .caret,.open.dropdown .caret +{ + opacity: 1; + filter: alpha(opacity=100); +} + +.dropdown-menu +{ + position: absolute; + top: 100%; + left: 0; + z-index: 1000; + float: left; + display: none; + min-width: 160px; + _width: 160px; + padding: 4px 0; + margin: 0; + list-style: none; + background-color: #ffffff; + border-color: #ccc; + border-color: rgba(0, 0, 0, 0.2); + border-style: solid; + border-width: 1px; + -webkit-border-radius: 0 0 5px 5px; + -moz-border-radius: 0 0 5px 5px; + border-radius: 0 0 5px 5px; + -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + -webkit-background-clip: padding-box; + -moz-background-clip: padding; + background-clip: padding-box; + *border-right-width: 2px; + *border-bottom-width: 2px; +} + +.dropdown-menu.bottom-up +{ + top: auto; + bottom: 100%; + margin-bottom: 2px; +} + +.dropdown-menu .divider +{ + height: 1px; + margin: 5px 1px; + overflow: hidden; + background-color: #e5e5e5; + border-bottom: 1px solid #ffffff; + *width: 100%; + *margin: -5px 0 5px; +} + +.dropdown-menu a +{ + display: block; + padding: 3px 15px; + clear: both; + font-weight: normal; + line-height: 18px; + color: #555555; + white-space: nowrap; +} + +.dropdown-menu li>a:hover,.dropdown-menu .active>a,.dropdown-menu .active>a:hover +{ + color: #ffffff; + text-decoration: none; + background-color: #0088cc; +} + +.dropdown.open +{ + *z-index: 1000; +} + +.dropdown.open .dropdown-toggle +{ + color: #ffffff; + background: #ccc; + background: rgba(0, 0, 0, 0.3); +} + +.dropdown.open .dropdown-menu +{ + display: block; +} + +.typeahead +{ + margin-top: 2px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.well +{ + min-height: 20px; + padding: 19px; + margin-bottom: 20px; + background-color: #f5f5f5; + border: 1px solid #eee; + border: 1px solid rgba(0, 0, 0, 0.05); + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); +} + +.well blockquote +{ + border-color: #ddd; + border-color: rgba(0, 0, 0, 0.15); +} + +.fade +{ + -webkit-transition: opacity 0.15s linear; + -moz-transition: opacity 0.15s linear; + -ms-transition: opacity 0.15s linear; + -o-transition: opacity 0.15s linear; + transition: opacity 0.15s linear; + opacity: 0; +} + +.fade.in +{ + opacity: 1; +} + +.collapse +{ + -webkit-transition: height 0.35s ease; + -moz-transition: height 0.35s ease; + -ms-transition: height 0.35s ease; + -o-transition: height 0.35s ease; + transition: height 0.35s ease; + position: relative; + overflow: hidden; + height: 0; +} + +.collapse.in +{ + height: auto; +} + +.close +{ + float: right; + font-size: 20px; + font-weight: bold; + line-height: 18px; + color: #000000; + text-shadow: 0 1px 0 #ffffff; + opacity: 0.2; + filter: alpha(opacity=20); +} + +.close:hover +{ + color: #000000; + text-decoration: none !important; + opacity: 0.4; + filter: alpha(opacity=40); + cursor: pointer; +} + +.btn +{ + display: inline-block; + padding: 4px 10px 4px; + margin-bottom: 0; + font-size: 13px; + line-height: 18px; + color: #333333; + text-align: center; + text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); + vertical-align: middle; + background-color: #f5f5f5; + background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6); + background-image: -ms-linear-gradient(top, #ffffff, #e6e6e6); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6)); + background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6); + background-image: -o-linear-gradient(top, #ffffff, #e6e6e6); + background-image: linear-gradient(top, #ffffff, #e6e6e6); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0); + border-color: #e6e6e6 #e6e6e6 #bfbfbf; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + border: 1px solid #ccc; + border-bottom-color: #bbb; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + cursor: pointer; + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + *margin-left: .3em; +} + +.btn:hover,.btn:active,.btn.active,.btn.disabled,.btn[disabled] +{ + background-color: #e6e6e6; +} + +.btn:active,.btn.active +{ + background-color: #cccccc \9; +} + +.btn:first-child +{ + *margin-left: 0; +} + +.btn:hover +{ + color: #333333; + text-decoration: none; + background-color: #e6e6e6; + background-position: 0 -15px; + -webkit-transition: background-position 0.1s linear; + -moz-transition: background-position 0.1s linear; + -ms-transition: background-position 0.1s linear; + -o-transition: background-position 0.1s linear; + transition: background-position 0.1s linear; +} + +.btn:focus +{ + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} + +.btn.active,.btn:active +{ + background-image: none; + -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05); + background-color: #e6e6e6; + background-color: #d9d9d9 \9; + outline: 0; +} + +.btn.disabled,.btn[disabled] +{ + cursor: default; + background-image: none; + background-color: #e6e6e6; + opacity: 0.65; + filter: alpha(opacity=65); + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; +} + +.btn-large +{ + padding: 9px 14px; + font-size: 15px; + line-height: normal; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} + +.btn-large [class^="icon-"] +{ + margin-top: 1px; +} + +.btn-small +{ + padding: 5px 9px; + font-size: 11px; + line-height: 16px; +} + +.btn-small [class^="icon-"] +{ + margin-top: -1px; +} + +.btn-mini +{ + padding: 2px 6px; + font-size: 11px; + line-height: 14px; +} + +.btn-primary,.btn-primary:hover,.btn-warning,.btn-warning:hover,.btn-danger,.btn-danger:hover,.btn-success,.btn-success:hover,.btn-info,.btn-info:hover,.btn-inverse,.btn-inverse:hover +{ + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); + color: #ffffff; +} + +.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-dark.active +{ + color: rgba(255, 255, 255, 0.75); +} + +.btn-primary +{ + background-color: #393939; + background-image: -moz-linear-gradient(top, #454545, #262626); + background-image: -ms-linear-gradient(top, #454545, #262626); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#454545), to(#262626)); + background-image: -webkit-linear-gradient(top, #454545, #262626); + background-image: -o-linear-gradient(top, #454545, #262626); + background-image: linear-gradient(top, #454545, #262626); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#454545', endColorstr='#262626', GradientType=0); + border-color: #262626 #262626 #000000; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); +} + +.btn-primary:hover,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled] +{ + background-color: #262626; +} + +.btn-primary:active,.btn-primary.active +{ + background-color: #003399 \9; +} + +.btn-warning +{ + background-color: #faa732; + background-image: -moz-linear-gradient(top, #fbb450, #f89406); + background-image: -ms-linear-gradient(top, #fbb450, #f89406); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); + background-image: -webkit-linear-gradient(top, #fbb450, #f89406); + background-image: -o-linear-gradient(top, #fbb450, #f89406); + background-image: linear-gradient(top, #fbb450, #f89406); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fbb450', endColorstr='#f89406', GradientType=0); + border-color: #f89406 #f89406 #ad6704; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); +} + +.btn-warning:hover,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled] +{ + background-color: #f89406; +} + +.btn-warning:active,.btn-warning.active +{ + background-color: #c67605 \9; +} + +.btn-danger +{ + background-color: #da4f49; + background-image: -moz-linear-gradient(top, #ee5f5b, #bd362f); + background-image: -ms-linear-gradient(top, #ee5f5b, #bd362f); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f)); + background-image: -webkit-linear-gradient(top, #ee5f5b, #bd362f); + background-image: -o-linear-gradient(top, #ee5f5b, #bd362f); + background-image: linear-gradient(top, #ee5f5b, #bd362f); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#bd362f', GradientType=0); + border-color: #bd362f #bd362f #802420; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); +} + +.btn-danger:hover,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled] +{ + background-color: #bd362f; +} + +.btn-danger:active,.btn-danger.active +{ + background-color: #942a25 \9; +} + +.btn-success +{ + background-color: #5bb75b; + background-image: -moz-linear-gradient(top, #62c462, #51a351); + background-image: -ms-linear-gradient(top, #62c462, #51a351); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351)); + background-image: -webkit-linear-gradient(top, #62c462, #51a351); + background-image: -o-linear-gradient(top, #62c462, #51a351); + background-image: linear-gradient(top, #62c462, #51a351); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#62c462', endColorstr='#51a351', GradientType=0); + border-color: #51a351 #51a351 #387038; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); +} + +.btn-success:hover,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled] +{ + background-color: #51a351; +} + +.btn-success:active,.btn-success.active +{ + background-color: #408140 \9; +} + +.btn-info +{ + background-color: #49afcd; + background-image: -moz-linear-gradient(top, #5bc0de, #2f96b4); + background-image: -ms-linear-gradient(top, #5bc0de, #2f96b4); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4)); + background-image: -webkit-linear-gradient(top, #5bc0de, #2f96b4); + background-image: -o-linear-gradient(top, #5bc0de, #2f96b4); + background-image: linear-gradient(top, #5bc0de, #2f96b4); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#5bc0de', endColorstr='#2f96b4', GradientType=0); + border-color: #2f96b4 #2f96b4 #1f6377; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); +} + +.btn-info:hover,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled] +{ + background-color: #2f96b4; +} + +.btn-info:active,.btn-info.active +{ + background-color: #24748c \9; +} + +.btn-inverse +{ + background-color: #393939; + background-image: -moz-linear-gradient(top, #454545, #262626); + background-image: -ms-linear-gradient(top, #454545, #262626); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#454545), to(#262626)); + background-image: -webkit-linear-gradient(top, #454545, #262626); + background-image: -o-linear-gradient(top, #454545, #262626); + background-image: linear-gradient(top, #454545, #262626); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#454545', endColorstr='#262626', GradientType=0); + border-color: #262626 #262626 #000000; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); +} + +.btn-inverse:hover,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled] +{ + background-color: #262626; +} + +.btn-inverse:active,.btn-inverse.active +{ + background-color: #0c0c0c \9; +} + +button.btn,input[type="submit"].btn +{ + *padding-top: 2px; + *padding-bottom: 2px; +} + +button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner +{ + padding: 0; + border: 0; +} + +button.btn.large,input[type="submit"].btn.large +{ + *padding-top: 7px; + *padding-bottom: 7px; +} + +button.btn.small,input[type="submit"].btn.small +{ + *padding-top: 3px; + *padding-bottom: 3px; +} + +.btn-group +{ + position: relative; + *zoom: 1; + *margin-left: .3em; +} + +.btn-group:before,.btn-group:after +{ + display: table; + content: ""; +} + +.btn-group:after +{ + clear: both; +} + +.btn-group:first-child +{ + *margin-left: 0; +} + +.btn-group+.btn-group +{ + margin-left: 5px; +} + +.btn-toolbar +{ + margin-top: 9px; + margin-bottom: 9px; +} + +.btn-toolbar .btn-group +{ + display: inline-block; + *display: inline; + *zoom: 1; +} + +.btn-group .btn +{ + position: relative; + float: left; + margin-left: -1px; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0; +} + +.btn-group .btn:first-child +{ + margin-left: 0; + -webkit-border-top-left-radius: 4px; + -moz-border-radius-topleft: 4px; + border-top-left-radius: 4px; + -webkit-border-bottom-left-radius: 4px; + -moz-border-radius-bottomleft: 4px; + border-bottom-left-radius: 4px; +} + +.btn-group .btn:last-child,.btn-group .dropdown-toggle +{ + -webkit-border-top-right-radius: 4px; + -moz-border-radius-topright: 4px; + border-top-right-radius: 4px; + -webkit-border-bottom-right-radius: 4px; + -moz-border-radius-bottomright: 4px; + border-bottom-right-radius: 4px; +} + +.btn-group .btn.large:first-child +{ + margin-left: 0; + -webkit-border-top-left-radius: 6px; + -moz-border-radius-topleft: 6px; + border-top-left-radius: 6px; + -webkit-border-bottom-left-radius: 6px; + -moz-border-radius-bottomleft: 6px; + border-bottom-left-radius: 6px; +} + +.btn-group .btn.large:last-child,.btn-group .large.dropdown-toggle +{ + -webkit-border-top-right-radius: 6px; + -moz-border-radius-topright: 6px; + border-top-right-radius: 6px; + -webkit-border-bottom-right-radius: 6px; + -moz-border-radius-bottomright: 6px; + border-bottom-right-radius: 6px; +} + +.btn-group .btn:hover,.btn-group .btn:focus,.btn-group .btn:active,.btn-group .btn.active +{ + z-index: 2; +} + +.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle +{ + outline: 0; +} + +.btn-group .dropdown-toggle +{ + padding-left: 8px; + padding-right: 8px; + -webkit-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125),inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125),inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125),inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + *padding-top: 5px; + *padding-bottom: 5px; +} + +.btn-group.open +{ + *z-index: 1000; +} + +.btn-group.open .dropdown-menu +{ + display: block; + margin-top: 1px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} + +.btn-group.open .dropdown-toggle +{ + background-image: none; + -webkit-box-shadow: inset 0 1px 6px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 1px 6px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 6px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05); +} + +.btn .caret +{ + margin-top: 7px; + margin-left: 0; +} + +.btn:hover .caret,.open.btn-group .caret +{ + opacity: 1; + filter: alpha(opacity=100); +} + +.btn-primary .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret +{ + border-top-color: #ffffff; + opacity: 0.75; + filter: alpha(opacity=75); +} + +.btn-small .caret +{ + margin-top: 4px; +} + +.alert +{ + padding: 8px 35px 8px 14px; + margin-bottom: 18px; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); + background-color: #fcf8e3; + border: 1px solid #fbeed5; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.alert,.alert-heading +{ + color: #c40022; +} + +.alert .close +{ + position: relative; + top: -2px; + right: -25px; + line-height: 18px; +} + +.alert-success +{ + background-color: #dff0d8; + border-color: #d6e9c6; +} + +.alert-success,.alert-success .alert-heading +{ + color: #468847; +} + +.alert-danger,.alert-error +{ + background-color: #f2dede; + border-color: #eed3d7; +} + +.alert-danger,.alert-error,.alert-danger .alert-heading,.alert-error .alert-heading +{ + color: #c40022; +} + +.alert-info +{ + background-color: #d9edf7; + border-color: #bce8f1; +} + +.alert-info,.alert-info .alert-heading +{ + color: #3a87ad; +} + +.alert-block +{ + padding-top: 10px; + padding-bottom: 10px; +} + +.alert-block>p,.alert-block>ul +{ + margin-bottom: 0; +} + +.alert-block p+p +{ + margin-top: 5px; +} + +.nav +{ + margin-left: 0; + margin-bottom: 18px; + list-style: none; +} + +.nav>li>a +{ + display: block; +} + +.nav>li>a:hover +{ + text-decoration: none; + background-color: #eeeeee; +} + +.nav .nav-header +{ + display: block; + padding: 3px 15px; + font-size: 11px; + font-weight: bold; + line-height: 18px; + color: #999999; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); + text-transform: uppercase; +} + +.nav li+.nav-header +{ + margin-top: 9px; +} + +.nav-list +{ + padding-left: 14px; + padding-right: 14px; + margin-bottom: 0; +} + +.nav-list>li>a,.nav-list .nav-header +{ + margin-left: -15px; + margin-right: -15px; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); +} + +.nav-list>li>a +{ + padding: 3px 15px; +} + +.nav-list .active>a,.nav-list .active>a:hover +{ + color: #ffffff; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.2); + background-color: #0088cc; +} + +.nav-list [class^="icon-"] +{ + margin-right: 2px; +} + +.nav-tabs,.nav-pills +{ + *zoom: 1; +} + +.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after +{ + display: table; + content: ""; +} + +.nav-tabs:after,.nav-pills:after +{ + clear: both; +} + +.nav-tabs>li,.nav-pills>li +{ + float: left; +} + +.nav-tabs>li>a,.nav-pills>li>a +{ + padding-right: 12px; + padding-left: 12px; + margin-right: 2px; + line-height: 14px; +} + +.nav-tabs +{ + border-bottom: 1px solid #ddd; +} + +.nav-tabs>li +{ + margin-bottom: -1px; +} + +.nav-tabs>li>a +{ + padding-top: 9px; + padding-bottom: 9px; + border: 1px solid transparent; + -webkit-border-radius: 4px 4px 0 0; + -moz-border-radius: 4px 4px 0 0; + border-radius: 4px 4px 0 0; +} + +.nav-tabs>li>a:hover +{ + border-color: #eeeeee #eeeeee #dddddd; +} + +.nav-tabs>.active>a,.nav-tabs>.active>a:hover +{ + color: #555555; + background-color: #ffffff; + border: 1px solid #ddd; + border-bottom-color: transparent; + cursor: default; +} + +.nav-pills>li>a +{ + padding-top: 8px; + padding-bottom: 8px; + margin-top: 2px; + margin-bottom: 2px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} + +.nav-pills .active>a,.nav-pills .active>a:hover +{ + color: #ffffff; + background-color: #222; +} + +.nav-stacked>li +{ + float: none; +} + +.nav-stacked>li>a +{ + margin-right: 0; +} + +.nav-tabs.nav-stacked +{ + border-bottom: 0; +} + +.nav-tabs.nav-stacked>li>a +{ + border: 1px solid #ddd; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0; +} + +.nav-tabs.nav-stacked>li:first-child>a +{ + -webkit-border-radius: 4px 4px 0 0; + -moz-border-radius: 4px 4px 0 0; + border-radius: 4px 4px 0 0; +} + +.nav-tabs.nav-stacked>li:last-child>a +{ + -webkit-border-radius: 0 0 4px 4px; + -moz-border-radius: 0 0 4px 4px; + border-radius: 0 0 4px 4px; +} + +.nav-tabs.nav-stacked>li>a:hover +{ + border-color: #ddd; + z-index: 2; +} + +.nav-pills.nav-stacked>li>a +{ + margin-bottom: 3px; +} + +.nav-pills.nav-stacked>li:last-child>a +{ + margin-bottom: 1px; +} + +.nav-tabs .dropdown-menu,.nav-pills .dropdown-menu +{ + margin-top: 1px; + border-width: 1px; +} + +.nav-pills .dropdown-menu +{ + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.nav-tabs .dropdown-toggle .caret,.nav-pills .dropdown-toggle .caret +{ + border-top-color: #0088cc; + margin-top: 6px; +} + +.nav-tabs .dropdown-toggle:hover .caret,.nav-pills .dropdown-toggle:hover .caret +{ + border-top-color: #005580; +} + +.nav-tabs .active .dropdown-toggle .caret,.nav-pills .active .dropdown-toggle .caret +{ + border-top-color: #333333; +} + +.nav>.dropdown.active>a:hover +{ + color: #000000; + cursor: pointer; +} + +.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>.open.active>a:hover +{ + color: #ffffff; + background-color: #999999; + border-color: #999999; +} + +.nav .open .caret,.nav .open.active .caret,.nav .open a:hover .caret +{ + border-top-color: #ffffff; + opacity: 1; + filter: alpha(opacity=100); +} + +.tabs-stacked .open>a:hover +{ + border-color: #999999; +} + +.tabbable +{ + *zoom: 1; +} + +.tabbable:before,.tabbable:after +{ + display: table; + content: ""; +} + +.tabbable:after +{ + clear: both; +} + +.tab-content +{ + overflow: hidden; +} + +.tab-content.dropdown_fix +{ + overflow: visible; +} + +.tabs-below .nav-tabs,.tabs-right .nav-tabs,.tabs-left .nav-tabs +{ + border-bottom: 0; +} + +.tab-content>.tab-pane,.pill-content>.pill-pane +{ + display: none; +} + +.tab-content>.active,.pill-content>.active +{ + display: block; +} + +.tabs-below .nav-tabs +{ + border-top: 1px solid #ddd; +} + +.tabs-below .nav-tabs>li +{ + margin-top: -1px; + margin-bottom: 0; +} + +.tabs-below .nav-tabs>li>a +{ + -webkit-border-radius: 0 0 4px 4px; + -moz-border-radius: 0 0 4px 4px; + border-radius: 0 0 4px 4px; +} + +.tabs-below .nav-tabs>li>a:hover +{ + border-bottom-color: transparent; + border-top-color: #ddd; +} + +.tabs-below .nav-tabs .active>a,.tabs-below .nav-tabs .active>a:hover +{ + border-color: transparent #ddd #ddd #ddd; +} + +.tabs-left .nav-tabs>li,.tabs-right .nav-tabs>li +{ + float: none; +} + +.tabs-left .nav-tabs>li>a,.tabs-right .nav-tabs>li>a +{ + min-width: 74px; + margin-right: 0; + margin-bottom: 3px; +} + +.tabs-left .nav-tabs +{ + float: left; + margin-right: 19px; + border-right: 1px solid #ddd; +} + +.tabs-left .nav-tabs>li>a +{ + margin-right: -1px; + -webkit-border-radius: 4px 0 0 4px; + -moz-border-radius: 4px 0 0 4px; + border-radius: 4px 0 0 4px; +} + +.tabs-left .nav-tabs>li>a:hover +{ + border-color: #eeeeee #dddddd #eeeeee #eeeeee; +} + +.tabs-left .nav-tabs .active>a,.tabs-left .nav-tabs .active>a:hover +{ + border-color: #ddd transparent #ddd #ddd; + *border-right-color: #ffffff; +} + +.tabs-right .nav-tabs +{ + float: right; + margin-left: 19px; + border-left: 1px solid #ddd; +} + +.tabs-right .nav-tabs>li>a +{ + margin-left: -1px; + -webkit-border-radius: 0 4px 4px 0; + -moz-border-radius: 0 4px 4px 0; + border-radius: 0 4px 4px 0; +} + +.tabs-right .nav-tabs>li>a:hover +{ + border-color: #eeeeee #eeeeee #eeeeee #dddddd; +} + +.tabs-right .nav-tabs .active>a,.tabs-right .nav-tabs .active>a:hover +{ + border-color: #ddd #ddd #ddd transparent; + *border-left-color: #ffffff; +} + +.navbar +{ + overflow: visible; + margin-bottom: 18px; +} + +.navbar-inner +{ + padding-left: 20px; + padding-right: 20px; + background-color: #2c2c2c; + background-image: -moz-linear-gradient(top, #333333, #222222); + background-image: -ms-linear-gradient(top, #333333, #222222); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#333333), to(#222222)); + background-image: -webkit-linear-gradient(top, #333333, #222222); + background-image: -o-linear-gradient(top, #333333, #222222); + background-image: linear-gradient(top, #333333, #222222); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#333333', endColorstr='#222222', GradientType=0); + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25),inset 0 -1px 0 rgba(0, 0, 0, 0.1); + -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25),inset 0 -1px 0 rgba(0, 0, 0, 0.1); + box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25),inset 0 -1px 0 rgba(0, 0, 0, 0.1); +} + +.btn-navbar +{ + display: none; + float: right; + padding: 7px 10px; + margin-left: 5px; + margin-right: 5px; + background-color: #2c2c2c; + background-image: -moz-linear-gradient(top, #333333, #222222); + background-image: -ms-linear-gradient(top, #333333, #222222); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#333333), to(#222222)); + background-image: -webkit-linear-gradient(top, #333333, #222222); + background-image: -o-linear-gradient(top, #333333, #222222); + background-image: linear-gradient(top, #333333, #222222); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#333333', endColorstr='#222222', GradientType=0); + border-color: #222222 #222222 #000000; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.075); + -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.075); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.075); +} + +.btn-navbar:hover,.btn-navbar:active,.btn-navbar.active,.btn-navbar.disabled,.btn-navbar[disabled] +{ + background-color: #222222; +} + +.btn-navbar:active,.btn-navbar.active +{ + background-color: #080808 \9; +} + +.btn-navbar .icon-bar +{ + display: block; + width: 18px; + height: 2px; + background-color: #f5f5f5; + -webkit-border-radius: 1px; + -moz-border-radius: 1px; + border-radius: 1px; + -webkit-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); + -moz-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); + box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); +} + +.btn-navbar .icon-bar+.icon-bar +{ + margin-top: 3px; +} + +.nav-collapse.collapse +{ + height: auto; +} + +.navbar .brand:hover +{ + text-decoration: none; +} + +.navbar .brand +{ + float: left; + display: block; + padding: 8px 20px 12px; + margin-left: -20px; + font-size: 20px; + font-weight: 200; + line-height: 1; + color: #ffffff; +} + +.navbar .navbar-text +{ + margin-bottom: 0; + line-height: 40px; + color: #999999; +} + +.navbar .navbar-text a:hover +{ + color: #ffffff; + background-color: transparent; +} + +.navbar .btn,.navbar .btn-group +{ + margin-top: 5px; +} + +.navbar .btn-group .btn +{ + margin-top: 0; +} + +.navbar-form +{ + margin-bottom: 0; + *zoom: 1; +} + +.navbar-form:before,.navbar-form:after +{ + display: table; + content: ""; +} + +.navbar-form:after +{ + clear: both; +} + +.navbar-form input,.navbar-form select +{ + display: inline-block; + margin-top: 5px; + margin-bottom: 0; +} + +.navbar-form .radio,.navbar-form .checkbox +{ + margin-top: 5px; +} + +.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"] +{ + margin-top: 3px; +} + +.navbar-form .input-append,.navbar-form .input-prepend +{ + margin-top: 6px; + white-space: nowrap; +} + +.navbar-form .input-append input,.navbar-form .input-prepend input +{ + margin-top: 0; +} + +.navbar-search +{ + position: relative; + float: left; + margin-top: 6px; + margin-bottom: 0; +} + +.navbar-search .search-query +{ + padding: 4px 9px; + font-family: Arial,"Helvetica Neue",Helvetica,sans-serif; + font-size: 13px; + font-weight: normal; + line-height: 1; + color: #ffffff; + color: rgba(255, 255, 255, 0.75); + background: #666; + background: rgba(255, 255, 255, 0.3); + border: 1px solid #111; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1),0 1px 0px rgba(255, 255, 255, 0.15); + -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1),0 1px 0px rgba(255, 255, 255, 0.15); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1),0 1px 0px rgba(255, 255, 255, 0.15); + -webkit-transition: none; + -moz-transition: none; + -ms-transition: none; + -o-transition: none; + transition: none; +} + +.navbar-search .search-query :-moz-placeholder +{ + color: #eeeeee; +} + +.navbar-search .search-query::-webkit-input-placeholder +{ + color: #eeeeee; +} + +.navbar-search .search-query:hover +{ + color: #ffffff; + background-color: #999999; + background-color: rgba(255, 255, 255, 0.5); +} + +.navbar-search .search-query:focus,.navbar-search .search-query.focused +{ + padding: 5px 10px; + color: #333333; + text-shadow: 0 1px 0 #ffffff; + background-color: #ffffff; + border: 0; + -webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); + -moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); + box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); + outline: 0; +} + +.navbar-fixed-top +{ + position: fixed; + top: 0; + right: 0; + left: 0; + z-index: 1030; +} + +.navbar-fixed-top .navbar-inner +{ + padding-left: 0; + padding-right: 0; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0; +} + +.navbar .nav +{ + position: relative; + left: 0; + display: block; + float: left; + margin: 0 10px 0 0; +} + +.navbar .nav.pull-right +{ + float: right; +} + +.navbar .nav>li +{ + display: block; + float: left; +} + +.navbar .nav>li>a +{ + float: none; + padding: 10px 10px 11px; + line-height: 19px; + color: #999999; + text-decoration: none; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); +} + +.navbar .nav>li>a:hover +{ + background-color: transparent; + color: #ffffff; + text-decoration: none; +} + +.navbar .nav .active>a,.navbar .nav .active>a:hover +{ + color: #ffffff; + text-decoration: none; + background-color: #222222; +} + +.navbar .divider-vertical +{ + height: 40px; + width: 1px; + margin: 0 9px; + overflow: hidden; + background-color: #222222; + border-right: 1px solid #333333; +} + +.navbar .nav.pull-right +{ + margin-left: 10px; + margin-right: 0; +} + +.navbar .dropdown-menu +{ + margin-top: 1px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.navbar .dropdown-menu:before +{ + content: ''; + display: inline-block; + border-left: 7px solid transparent; + border-right: 7px solid transparent; + border-bottom: 7px solid #ccc; + border-bottom-color: rgba(0, 0, 0, 0.2); + position: absolute; + top: -7px; + left: 9px; +} + +.navbar .dropdown-menu:after +{ + content: ''; + display: inline-block; + border-left: 6px solid transparent; + border-right: 6px solid transparent; + border-bottom: 6px solid #ffffff; + position: absolute; + top: -6px; + left: 10px; +} + +.navbar .nav .dropdown-toggle .caret,.navbar .nav .open.dropdown .caret +{ + border-top-color: #ffffff; +} + +.navbar .nav .active .caret +{ + opacity: 1; + filter: alpha(opacity=100); +} + +.navbar .nav .open>.dropdown-toggle,.navbar .nav .active>.dropdown-toggle,.navbar .nav .open.active>.dropdown-toggle +{ + background-color: transparent; +} + +.navbar .nav .active>.dropdown-toggle:hover +{ + color: #ffffff; +} + +.navbar .nav.pull-right .dropdown-menu +{ + left: auto; + right: 0; +} + +.navbar .nav.pull-right .dropdown-menu:before +{ + left: auto; + right: 12px; +} + +.navbar .nav.pull-right .dropdown-menu:after +{ + left: auto; + right: 13px; +} + +.breadcrumb +{ + padding: 7px 14px; + margin: 0 0 18px; + background-color: #fbfbfb; + background-image: -moz-linear-gradient(top, #ffffff, #f5f5f5); + background-image: -ms-linear-gradient(top, #ffffff, #f5f5f5); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#f5f5f5)); + background-image: -webkit-linear-gradient(top, #ffffff, #f5f5f5); + background-image: -o-linear-gradient(top, #ffffff, #f5f5f5); + background-image: linear-gradient(top, #ffffff, #f5f5f5); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#f5f5f5', GradientType=0); + border: 1px solid #ddd; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; + -webkit-box-shadow: inset 0 1px 0 #ffffff; + -moz-box-shadow: inset 0 1px 0 #ffffff; + box-shadow: inset 0 1px 0 #ffffff; +} + +.breadcrumb li +{ + display: inline-block; + text-shadow: 0 1px 0 #ffffff; +} + +.breadcrumb .divider +{ + padding: 0 5px; + color: #999999; +} + +.breadcrumb .active a +{ + color: #333333; +} + +.pagination +{ + height: 36px; + margin: 18px 0; +} + +.pagination ul +{ + display: inline-block; + *display: inline; + *zoom: 1; + margin-left: 0; + margin-bottom: 0; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; + -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); +} + +.pagination li +{ + display: inline; +} + +.pagination a +{ + float: left; + padding: 0 14px; + line-height: 34px; + text-decoration: none; + border: 1px solid #ddd; + border-left-width: 0; +} + +.pagination a:hover,.pagination .active a +{ + background-color: #f5f5f5; +} + +.pagination .active a +{ + color: #999999; + cursor: default; +} + +.pagination .disabled a,.pagination .disabled a:hover +{ + color: #999999; + background-color: transparent; + cursor: default; +} + +.pagination li:first-child a +{ + border-left-width: 1px; + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px; +} + +.pagination li:last-child a +{ + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0; +} + +.pagination-centered +{ + text-align: center; +} + +.pagination-right +{ + text-align: right; +} + +.pager +{ + margin-left: 0; + margin-bottom: 18px; + list-style: none; + text-align: center; + *zoom: 1; +} + +.pager:before,.pager:after +{ + display: table; + content: ""; +} + +.pager:after +{ + clear: both; +} + +.pager li +{ + display: inline; +} + +.pager a +{ + display: inline-block; + padding: 5px 14px; + background-color: #fff; + border: 1px solid #ddd; + -webkit-border-radius: 15px; + -moz-border-radius: 15px; + border-radius: 15px; +} + +.pager a:hover +{ + text-decoration: none; + background-color: #f5f5f5; +} + +.pager .next a +{ + float: right; +} + +.pager .previous a +{ + float: left; +} + +.modal-open .dropdown-menu +{ + z-index: 2050; +} + +.modal-open .dropdown.open +{ + *z-index: 2050; +} + +.modal-open .popover +{ + z-index: 2060; +} + +.modal-open .tooltip +{ + z-index: 2070; +} + +.modal-backdrop +{ + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1040; + background-color: #000; +} + +.modal-backdrop.fade +{ + opacity: 0; +} + +.modal-backdrop,.modal-backdrop.fade.in +{ + opacity: 0.3; + filter: alpha(opacity=30); +} + +.modal +{ + position: fixed; + top: 50%; + left: 50%; + z-index: 1050; + max-height: 500px; + overflow: auto; + width: 560px; + margin: -250px 0 0 -280px; + background-color: #ffffff; + border: 1px solid #999; + border: 1px solid rgba(0, 0, 0, 0.3); + *border: 1px solid #999; + -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + -webkit-background-clip: padding-box; + -moz-background-clip: padding-box; + background-clip: padding-box; +} + +.modal.loading +{ + height: 200px; + overflow: hidden; +} + +.modal.loading p +{ + font-size: 18px; + font-weight: bold; + text-align: center; + margin: 20px; + color: #999; +} + +.modal.fade +{ + -webkit-transition: opacity .3s linear, top .3s ease-out; + -moz-transition: opacity .3s linear, top .3s ease-out; + -ms-transition: opacity .3s linear, top .3s ease-out; + -o-transition: opacity .3s linear, top .3s ease-out; + transition: opacity .3s linear, top .3s ease-out; + top: -25%; +} + +.modal.fade.in +{ + top: 50%; +} + +.modal-header +{ + padding: 10px 20px; +} + +.modal-header .close +{ + margin-top: 2px; +} + +.modal-body +{ + padding: 10px 20px; + max-height: 300px; + overflow-y:auto; + border-top: 1px #ccc solid; +} + +.modal-body .modal-form +{ + margin-bottom: 0; +} + +.modal-footer +{ + margin-bottom: 0; + background-color: #fff; + *zoom: 1; + padding: 10px 20px; + border-top: 1px #ccc solid; +} + +.modal-footer:before,.modal-footer:after +{ + display: table; + content: ""; +} + +.modal-footer:after +{ + clear: both; +} + +.modal-footer .btn +{ + float: left; + margin-right: 5px; + margin-bottom: 0; +} + +.tooltip +{ + position: absolute; + z-index: 1020; + display: block; + visibility: visible; + padding: 5px; + font-size: 11px; + opacity: 0; + filter: alpha(opacity=0); +} + +.tooltip.in +{ + opacity: 0.8; + filter: alpha(opacity=80); +} + +.tooltip.top +{ + margin-top: -2px; +} + +.tooltip.right +{ + margin-left: 2px; +} + +.tooltip.bottom +{ + margin-top: 2px; +} + +.tooltip.left +{ + margin-left: -2px; +} + +.tooltip.top .tooltip-arrow +{ + bottom: 0; + left: 50%; + margin-left: -5px; + border-left: 5px solid transparent; + border-right: 5px solid transparent; + border-top: 5px solid #000000; +} + +.tooltip.left .tooltip-arrow +{ + top: 50%; + right: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-bottom: 5px solid transparent; + border-left: 5px solid #000000; +} + +.tooltip.bottom .tooltip-arrow +{ + top: 0; + left: 50%; + margin-left: -5px; + border-left: 5px solid transparent; + border-right: 5px solid transparent; + border-bottom: 5px solid #000000; +} + +.tooltip.right .tooltip-arrow +{ + top: 50%; + left: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-bottom: 5px solid transparent; + border-right: 5px solid #000000; +} + +.tooltip-inner +{ + max-width: 200px; + padding: 3px 8px; + color: #ffffff; + text-align: center; + text-decoration: none; + background-color: #000000; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.tooltip-arrow +{ + position: absolute; + width: 0; + height: 0; +} + +.popover +{ + position: absolute; + top: 0; + left: 0; + z-index: 1010; + display: none; + padding: 5px; +} + +.popover.top +{ + margin-top: -5px; +} + +.popover.right +{ + margin-left: 5px; +} + +.popover.bottom +{ + margin-top: 5px; +} + +.popover.left +{ + margin-left: -5px; +} + +.popover.top .arrow +{ + bottom: 0; + left: 50%; + margin-left: -5px; + border-left: 5px solid transparent; + border-right: 5px solid transparent; + border-top: 5px solid #000000; +} + +.popover.right .arrow +{ + top: 50%; + left: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-bottom: 5px solid transparent; + border-right: 5px solid #000000; +} + +.popover.bottom .arrow +{ + top: 0; + left: 50%; + margin-left: -5px; + border-left: 5px solid transparent; + border-right: 5px solid transparent; + border-bottom: 5px solid #000000; +} + +.popover.left .arrow +{ + top: 50%; + right: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-bottom: 5px solid transparent; + border-left: 5px solid #000000; +} + +.popover .arrow +{ + position: absolute; + width: 0; + height: 0; +} + +.popover-inner +{ + padding: 3px; + width: 280px; + overflow: hidden; + background: #000000; + background: rgba(0, 0, 0, 0.8); + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; + -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); +} + +.popover-title +{ + padding: 9px 15px; + line-height: 1; + background-color: #f5f5f5; + border-bottom: 1px solid #eee; + -webkit-border-radius: 3px 3px 0 0; + -moz-border-radius: 3px 3px 0 0; + border-radius: 3px 3px 0 0; +} + +.popover-content +{ + padding: 14px; + background-color: #ffffff; + -webkit-border-radius: 0 0 3px 3px; + -moz-border-radius: 0 0 3px 3px; + border-radius: 0 0 3px 3px; + -webkit-background-clip: padding-box; + -moz-background-clip: padding-box; + background-clip: padding-box; +} + +.popover-content p,.popover-content ul,.popover-content ol +{ + margin-bottom: 0; +} + +.thumbnails +{ + margin-left: -20px; + list-style: none; + *zoom: 1; +} + +.thumbnails:before,.thumbnails:after +{ + display: table; + content: ""; +} + +.thumbnails:after +{ + clear: both; +} + +.thumbnails>li +{ + float: left; + margin: 0 0 18px 20px; +} + +.thumbnail +{ + display: block; + padding: 4px; + line-height: 1; + border: 1px solid #ddd; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.075); + -moz-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: 0 1px 1px rgba(0, 0, 0, 0.075); +} + +a.thumbnail:hover +{ + border-color: #0088cc; + -webkit-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); + -moz-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); + box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); +} + +.thumbnail>img +{ + display: block; + max-width: 100%; + margin-left: auto; + margin-right: auto; +} + +.thumbnail .caption +{ + padding: 9px; +} + +.label +{ + padding: 2px 4px 3px; + font-size: 11.049999999999999px; + font-weight: bold; + color: #ffffff; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); + background-color: #999999; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} + +.label:hover +{ + color: #ffffff; + text-decoration: none; +} + +.label-important +{ + background-color: #b94a48; +} + +.label-important:hover +{ + background-color: #953b39; +} + +.label-warning +{ + background-color: #f89406; +} + +.label-warning:hover +{ + background-color: #c67605; +} + +.label-success +{ + background-color: #468847; +} + +.label-success:hover +{ + background-color: #356635; +} + +.label-info +{ + background-color: #3a87ad; +} + +.label-info:hover +{ + background-color: #2d6987; +} + +@-webkit-keyframes progress-bar-stripes +{ + from{background-position: 0 0; +} + +to +{ + background-position: 40px 0; +} + +}@-moz-keyframes progress-bar-stripes +{ + from{background-position: 0 0; +} + +to +{ + background-position: 40px 0; +} + +}@keyframes progress-bar-stripes +{ + from{background-position: 0 0; +} + +to +{ + background-position: 40px 0; +} + +}.progress +{ + overflow: hidden; + height: 18px; + margin-bottom: 18px; + background-color: #f7f7f7; + background-image: -moz-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: -ms-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9)); + background-image: -webkit-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: -o-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: linear-gradient(top, #f5f5f5, #f9f9f9); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#f5f5f5', endColorstr='#f9f9f9', GradientType=0); + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.progress .bar +{ + width: 0%; + height: 18px; + color: #ffffff; + font-size: 12px; + text-align: center; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); + background-color: #0e90d2; + background-image: -moz-linear-gradient(top, #149bdf, #0480be); + background-image: -ms-linear-gradient(top, #149bdf, #0480be); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be)); + background-image: -webkit-linear-gradient(top, #149bdf, #0480be); + background-image: -o-linear-gradient(top, #149bdf, #0480be); + background-image: linear-gradient(top, #149bdf, #0480be); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#149bdf', endColorstr='#0480be', GradientType=0); + -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + -moz-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; + -webkit-transition: width 0.6s ease; + -moz-transition: width 0.6s ease; + -ms-transition: width 0.6s ease; + -o-transition: width 0.6s ease; + transition: width 0.6s ease; +} + +.progress-striped .bar +{ + background-color: #62c462; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + -webkit-background-size: 40px 40px; + -moz-background-size: 40px 40px; + -o-background-size: 40px 40px; + background-size: 40px 40px; +} + +.progress.active .bar +{ + -webkit-animation: progress-bar-stripes 2s linear infinite; + -moz-animation: progress-bar-stripes 2s linear infinite; + animation: progress-bar-stripes 2s linear infinite; +} + +.progress-danger .bar +{ + background-color: #dd514c; + background-image: -moz-linear-gradient(top, #ee5f5b, #c43c35); + background-image: -ms-linear-gradient(top, #ee5f5b, #c43c35); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35)); + background-image: -webkit-linear-gradient(top, #ee5f5b, #c43c35); + background-image: -o-linear-gradient(top, #ee5f5b, #c43c35); + background-image: linear-gradient(top, #ee5f5b, #c43c35); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#c43c35', GradientType=0); +} + +.progress-danger.progress-striped .bar +{ + background-color: #ee5f5b; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.progress-success .bar +{ + background-color: #5eb95e; + background-image: -moz-linear-gradient(top, #62c462, #57a957); + background-image: -ms-linear-gradient(top, #62c462, #57a957); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957)); + background-image: -webkit-linear-gradient(top, #62c462, #57a957); + background-image: -o-linear-gradient(top, #62c462, #57a957); + background-image: linear-gradient(top, #62c462, #57a957); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#62c462', endColorstr='#57a957', GradientType=0); +} + +.progress-success.progress-striped .bar +{ + background-color: #62c462; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.progress-info .bar +{ + background-color: #4bb1cf; + background-image: -moz-linear-gradient(top, #5bc0de, #339bb9); + background-image: -ms-linear-gradient(top, #5bc0de, #339bb9); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9)); + background-image: -webkit-linear-gradient(top, #5bc0de, #339bb9); + background-image: -o-linear-gradient(top, #5bc0de, #339bb9); + background-image: linear-gradient(top, #5bc0de, #339bb9); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#5bc0de', endColorstr='#339bb9', GradientType=0); +} + +.progress-info.progress-striped .bar +{ + background-color: #5bc0de; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.accordion +{ + margin-bottom: 18px; +} + +.accordion-group +{ + margin-bottom: 2px; + border: 1px solid #e5e5e5; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.accordion-heading +{ + border-bottom: 0; +} + +.accordion-heading .accordion-toggle +{ + display: block; + padding: 8px 15px; +} + +.accordion-inner +{ + padding: 9px 15px; + border-top: 1px solid #e5e5e5; +} + +.carousel +{ + position: relative; + margin-bottom: 18px; + line-height: 1; +} + +.carousel-inner +{ + overflow: hidden; + width: 100%; + position: relative; +} + +.carousel .item +{ + display: none; + position: relative; + -webkit-transition: 0.6s ease-in-out left; + -moz-transition: 0.6s ease-in-out left; + -ms-transition: 0.6s ease-in-out left; + -o-transition: 0.6s ease-in-out left; + transition: 0.6s ease-in-out left; +} + +.carousel .item>img +{ + display: block; + line-height: 1; +} + +.carousel .active,.carousel .next,.carousel .prev +{ + display: block; +} + +.carousel .active +{ + left: 0; +} + +.carousel .next,.carousel .prev +{ + position: absolute; + top: 0; + width: 100%; +} + +.carousel .next +{ + left: 100%; +} + +.carousel .prev +{ + left: -100%; +} + +.carousel .next.left,.carousel .prev.right +{ + left: 0; +} + +.carousel .active.left +{ + left: -100%; +} + +.carousel .active.right +{ + left: 100%; +} + +.carousel-control +{ + position: absolute; + top: 40%; + left: 15px; + width: 40px; + height: 40px; + margin-top: -20px; + font-size: 60px; + font-weight: 100; + line-height: 30px; + color: #ffffff; + text-align: center; + background: #222222; + border: 3px solid #ffffff; + -webkit-border-radius: 23px; + -moz-border-radius: 23px; + border-radius: 23px; + opacity: 0.5; + filter: alpha(opacity=50); +} + +.carousel-control.right +{ + left: auto; + right: 15px; +} + +.carousel-control:hover +{ + color: #ffffff; + text-decoration: none; + opacity: 0.9; + filter: alpha(opacity=90); +} + +.carousel-caption +{ + position: absolute; + left: 0; + right: 0; + bottom: 0; + padding: 10px 15px 5px; + background: #333333; + background: rgba(0, 0, 0, 0.75); +} + +.carousel-caption h4,.carousel-caption p +{ + color: #ffffff; +} + +.hero-unit +{ + padding: 60px; + margin-bottom: 30px; + background-color: #f5f5f5; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; +} + +.hero-unit h1 +{ + margin-bottom: 0; + font-size: 60px; + line-height: 1; + letter-spacing: -1px; +} + +.hero-unit p +{ + font-size: 18px; + font-weight: 200; + line-height: 27px; +} + +.pull-right +{ + float: right; +} + +.pull-left +{ + float: left; +} + +.hide +{ + display: none; +} + +.show +{ + display: block; +} + +.invisible +{ + visibility: hidden; +} + +/* new clearfix */ + +.clearfix:after +{ + visibility: hidden; + display: block; + font-size: 0; + content: " "; + clear: both; + height: 0; +} + +* html .clearfix +{ + zoom: 1; +} + +/* IE6 */ + +*:first-child+html .clearfix +{ + zoom: 1; +} + + +a +{ + color: #1d71bf; +} + +ul +{ + list-style: none; + margin: 0; +} + +dt +{ + font-weight: bold; +} + +#main_content +{ + /*padding-left: 250px; + padding-right: 25px;*/ + width: 970px; + padding: 30px; + margin: 0 auto; + background-color: #fff; + border: 1px #ccc solid; + margin-top: 52px; +} + +.topbar +{ + +} + +.topbar .switcher_bar +{ + display: inline-block; + height: auto; + width: 160px; + background-position: 140px center; + margin-bottom: 0; + font-size: 11px; + padding: 0; +} + +.topbar .switcher_bar a +{ + padding: 2px 10px 1px; + margin-left: 0; + display: block; +} + +.topbar .switcher_bar ul +{ + width: 130px; +} + +#user_info +{ + color: #ccc; + margin: auto 0; + margin-top: -170px; +} + +#user_info > a +{ + margin-left: 25px; + font-size: 13px !important; + color: #ccc; +} + +.page-header +{ + margin: 0; + padding: 0; + border: 0; + font-family: Arial,"Helvetica Neue",Helvetica,sans-serif; +} + +h2 +{ + color: #c40022; + font-size: 24px; + font-weight: bold; + margin-bottom: 10px; +} + +body +{ + background-color: #ddd; + min-width: 890px; +} + +/* Login Splash Page */ + +#splash +{ + +} + +#splash .login +{ + padding-left: 290px; + background: #fff url(../img/Rackspace_Cloud_Company.png) no-repeat 49px 135px; + width: 360px; + min-height: 364px; + position: absolute; + top: 50%; + left: 50%; + margin: -192px 0 0 -325px; + -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.2); + -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.2); + box-shadow: 0 3px 7px rgba(0, 0, 0, 0.2); + -webkit-background-clip: padding-box; + -moz-background-clip: padding-box; + background-clip: padding-box; +} + +#splash .login .alert +{ + margin-left: 50px; + margin-right: 70px; + padding: 10px; +} + +#splash .login form +{ + border-left: 1px #ddd solid; + padding: 0; +} + +#splash .login .modal-body +{ + padding: 0; + border-top: none; +} + +#splash .login .modal-header +{ + margin-top: 28px; + border-bottom: none; + border-left: 1px #ddd solid; + padding-left: 49px; + padding-top: 45px; + padding-bottom: 20px; +} + +#splash .login .modal-header h3 +{ + font-size: 13px; +} + +#splash .alert-block +{ + margin-left: 48px; + margin-right: 49px; + padding-right: 20px; + padding-left: 6px; +} + +#splash .alert-block .close +{ + right: -10px; + top: 0; +} + +#splash .modal-footer +{ + background-color: #fff; + border-top: none; + padding-bottom: 45px; + margin-bottom: 28px; + padding-left: 45px; +} + +#splash .modal-footer button +{ + cursor: pointer; + margin: 0; + line-height: 20px; + font-size: 13px; + text-align: center; + padding: 1px 10px 2px; + border-radius: 3px; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-width: 1px; + border-style: solid; + text-shadow: 0 -1px 1px rgba(0,0,0,0.4); + background-color: #a60004; + border-color: #a60004; + color: #fff; + background: #d81436; + background: -moz-linear-gradient(top,#d81436 0,#a60004 100%); + background: -webkit-gradient(linear,left top,left bottom,color-stop(0%,#d81436),color-stop(100%,#a60004)); + background: -webkit-linear-gradient(top,#d81436 0,#a60004 100%); + background: -o-linear-gradient(top,#d81436 0,#a60004 100%); + background: -ms-linear-gradient(top,#d81436 0,#a60004 100%); + background: linear-gradient(top,#d81436 0,#a60004 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d81436',endColorstr='#a60004',GradientType=0); +} + +#splash .modal-footer button::-moz-focus-inner +{ + border: none; + padding: 0; +} + +#splash .modal-footer button[disabled] +{ + cursor: default; + color: #fff; + background-color: #e9a7b2; + border-color: #e9a7b2; + background-image: none; +} + +#splash .modal-footer button:not([disabled]):hover +{ + background: #d81436; + background: -moz-linear-gradient(top,#d81436 0,#c40022 100%); + background: -webkit-gradient(linear,left top,left bottom,color-stop(0%,#d81436),color-stop(100%,#c40022)); + background: -webkit-linear-gradient(top,#d81436 0,#c40022 100%); + background: -o-linear-gradient(top,#d81436 0,#c40022 100%); + background: -ms-linear-gradient(top,#d81436 0,#c40022 100%); + background: linear-gradient(top,#d81436 0,#c40022 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d81436',endColorstr='#c40022',GradientType=0); +} + +#splash .modal-footer button:not([disabled]):active +{ + background-color: #c40022; + background-image: none; + box-shadow: inset 0 0 4px 0 rgba(0,0,0,0.5); + -moz-box-shadow: inset 0 0 4px 0 rgba(0,0,0,0.5); + -webkit-box-shadow: inset 0 0 4px 0 rgba(0,0,0,0.5); +} + +#splash .modal-footer .pull-right +{ + float: none; +} + + +#splash .login form .control-group +{ + padding-left: 49px; +} + +#splash .login input +{ + width: 244px; +} + + +#splash .help-block +{ + display: none; +} + +#container +{ + background: url(../img/body_bkg.gif) repeat-x 0 0; +} + +.nav li a +{ + text-shadow: none; +} + +.container-fluid +{ + padding-left: 0; +} + +.sidebar +{ + width: 1030px; + margin: 0 auto; +} + +.sidebar h4 +{ +display: none; +} + +.sidebar .nav-tabs +{ + margin: 0; + float: left; + margin-top: 55px; + border-bottom: none; +} + +.sidebar .nav-tabs li +{ + margin-left: 20px; +} + +.sidebar .nav-tabs li a +{ + background-color: transparent; + border: none; + font-weight: bold; + color: #888; + font-size: 14px; + display: inline-block; + padding: 6px 10px; + text-decoration: none; + text-shadow: 0 1px #fff; + margin: 0; + outline: none; +} + +.sidebar .nav-tabs li.active a +{ + border-radius: 5px; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border: 1px #ccc solid; + background-color: #fff; + color: #333; + margin-top: -1px; +} + + + + + +h1.brand +{ + margin: 0; + float: left; + margin-top: 20px; +} + +h1.brand:before { + content: ''; + display: block; + height: 20px; + margin-bottom: -20px; + background-color: #fff; + border-radius: 2px 2px 0 0; + -moz-border-radius: 2px 2px 0 0; + -webkit-border-radius: 2px 2px 0 0; +} + + +h1.brand a +{ + display: block; + float: left; + width: 150px; + height: 46px; + text-indent: -9999px; + position: ; + background: url(../img/Rackspace_Cloud_Company_Small.png) no-repeat center center; + padding: 24px 24px 8px 16px; +} + +/* Tenant Dropdown */ + +a.current_item +{ + width: 163px; + float: left; +} + +a.current_item:hover +{ + text-decoration: none; +} + +a.current_item:hover h3, a.current_item:hover h4 +{ + color: #39738c; +} + +.switcher_bar +{ + width: 226px; + height: 25px; + float: left; + margin-bottom: 0; + font-size: 13px; + line-height: 18px; + color: #333333; + text-align: left; + text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); + vertical-align: middle; + background-color: #f5f5f5; + background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6); + background-image: -ms-linear-gradient(top, #ffffff, #e6e6e6); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6)); + background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6); + background-image: -o-linear-gradient(top, #ffffff, #e6e6e6); + background-image: linear-gradient(top, #ffffff, #e6e6e6); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0); + border-color: #e6e6e6 #e6e6e6 #bfbfbf; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + border: 1px solid #ccc; + border-bottom-color: #bbb; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05); + cursor: pointer; + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + *margin-left: .3em; + margin-top: 2px; +} + +.switcher_bar:hover +{ + background-image: none; + background-color: #fefefe; + background-image: -moz-linear-gradient(top, #ffffff, #efefef); + background-image: -ms-linear-gradient(top, #ffffff, #efefef); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#efefef)); + background-image: -webkit-linear-gradient(top, #ffffff, #efefef); + background-image: -o-linear-gradient(top, #ffffff, #efefef); + background-image: linear-gradient(top, #ffffff, #efefef); + background-repeat: repeat-x; +} + +a.dropdown-toggle:hover h3 +{ + text-decoration: none; + color: #c41022; +} + +.switcher_bar:focus +{ + outline: none; +} + +.switcher_bar h3 +{ + color: #666; + font-size: 16px; + margin: 0; + padding: 0px 0 0 16px; + text-shadow: 0 1px #fff; + text-align: left; + width: 176px; + overflow: hidden; + border-right: 1px #ccc solid; +} + +.switcher_bar .dropdown-toggle, .switcher_bar .open .dropdown-toggle +{ + text-decoration: none; + background-image: url(../img/drop_arrow.png) !important; + background-color: transparent !important; + background-repeat: no-repeat !important; + background-position: 202px center !important; + width: 100%; + display: inline-block; +} + +.switcher_bar h4 +{ + color: #6fabc4; + font-size: 10px; + text-transform: uppercase; + font-weight: normal; + padding: 0; +} + +.switcher_bar ul +{ + border: 1px solid #ccc; + + width: 224px; + margin-top: 0; + padding-top: 0; + padding-bottom: 10px; +} + +.switcher_bar .dropdown-menu li a +{ + color: #1d71bf; + font-size: 16px !important; + line-height: 26px; + padding-top: 0; + padding-bottom: 0; +} + +.switcher_bar .dropdown-menu li a:hover +{ + text-decoration: underline !important; + background: transparent !important; + color: #1d71bf !important; +} + +#usage +{ + margin-bottom: 25px; + height: 125px; +} + +.usage_block +{ + background: #e8f8ff; + color: #84b6c5; + border: 1px solid #afe3fb; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; + float: left; + width: 29%; + margin-right: 5%; + min-height: 125px; +} + +.usage_block.last +{ + margin-right: 0; +} + +.usage_block h3 +{ + background: #cef0ff; + color: #4fa5bf; + font-weight: normal; + padding: 0 0 0 10px; + border-bottom: 1px solid #c6e7f5; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; +} + +.usage_block ul +{ + margin: 10px; +} + +.usage_block .quantity +{ + font-size: 25px; +} + +.usage_block li +{ + font-size: 11px; + margin: 0 0 15px 0; +} + +.usage_block .unit +{ + font-size: 11px; + text-transform: uppercase; + padding: 0 0 0 1px; +} + +.table-bordered +{ + border: none; +} + +.table_header +{ + min-height: 35px; + padding: 0 !important; +} + +.table_caption th +{ + background-color: transparent; + border: none; +} + +.table-bordered tr.table_caption + tr th +{ + border-top: 1px solid #ddd; +} + +.table-bordered tr.table_caption + tr th:first-child, +.table-bordered tr.table_caption + tr th.hide + th +{ + border-left: 1px solid #ddd; +} + +.table-bordered tr.table_caption + tr th:last-child +{ + border-right: 1px solid #ddd; +} + +.table-bordered tbody tr td:first-child, +.table-bordered tfoot tr td:first-child +{ + border-left: 1px solid #ddd !important; +} + +.table-bordered tbody tr td:last-child, +.table-bordered tfoot tr td:last-child +{ + border-right: 1px solid #ddd; +} + +.table-bordered tfoot tr td:first-child +{ + border-bottom: 1px solid #ddd; +} + +.table-bordered tfoot tr td:last-child +{ + border-bottom: 1px solid #ddd; +} + +.table_title h3, .table_header h3 +{ + color: #333; + font-size: 18px; + font-weight: bold; + margin-bottom: 5px; + float: left; +} + +th +{ + background: #f1f1f1; +} + +small +{ + font-size: 11px; +} + +.main_nav +{ + list-style: none; + float: left; + margin: 0; + padding-left: 10px; + height: 30px; +} + +.main_nav a +{ + color: #888; + font-size: 13px; + font-weight: bold; + float: left; + padding: 7px 20px; + outline: none; + text-shadow: 0 1px #fff; +} + +.main_nav a:hover +{ + text-decoration: none; + color: #c41022; +} + +.main_nav li +{ + float: left; +} + +.main_nav a.active +{ + background: url(../img/selected_arrow.png) no-repeat center bottom; +} + +table form +{ + margin-bottom: 0; + width: 1px; +} + +.alert-block .alert-actions +{ + margin-top: -23px; + margin-right: -23px; +} + +.modal > form, +.login > form, +.alert-actions > form +{ + margin-bottom: 0; +} + +.alert-block p +{ + overflow: hidden; + word-wrap: break-word; +} + +.alert-block p:last-child +{ + margin-bottom: 0; +} + +#actions.single +{ + width: 90px; +} + +.table-striped tr td +{ + transition: background 0.2s; + -webkit-transition: background 0.2s; + -moz-transition: background 0.2s; + -o-transition: background 0.2s; +} + +.inspect +{ + float: left; + display: block; + margin-top: 5px; + margin-right: 25px; +} + +.table +{ + margin-bottom: 0px; + margin-top: 30px; +} + +.table tr td +{ + vertical-align: middle; +} + +.table tr.empty td +{ + text-align: center; +} + +.table tfoot tr td +{ + border-top: 1px solid #DDD; + font-size: 13px; + line-height: 20px; + padding: 2px 10px; + color: #aaa; +} + +.table_actions +{ + float: right; + min-width: 400px; + margin-bottom: 10px; +} + +.table_actions .table_search +{ + display: inline-block; +} + +.table_search input +{ + background: url(../img/search.png) no-repeat 190px 5px; + display: inline-block; + margin-bottom: 0; +} + +.table_actions a, .table_actions button +{ + float: right; + margin-left: 10px; +} + +.table_actions button.filter +{ + margin-left: 0; +} + +.table_header .table_actions +{ + min-width: 0; +} + +.table_header .table_actions a, .table_header .table_actions button +{ + display: inline-block; + float: none; +} + +.table_actions form +{ + float: right; + margin-left: 10px; +} + +.hidden +{ + display: none; +} + +.table-striped tbody tr.status_unknown:nth-child(odd) td +{ + background-color: #ffffb5; +} + +.table-striped tbody tr.status_unknown:nth-child(even) td +{ + background-color: #ffffc6; +} + +tbody .nowrap-col +{ + white-space: nowrap; + max-width: 100px; + overflow: hidden; + text-overflow: ellipsis; + cursor: default; +} + +tbody .nowrap-col:hover +{ + overflow: visible; + max-width: none; + background-color: #eee !important; +} + +.icon-updating.ajax-updating +{ + background: transparent url(../img/spinner.gif) no-repeat center center; + padding: 1px; +} + +td .icon-updating.ajax-updating +{ + margin-right: 5px; +} + +.overview +{ + font-size: 24px; +} + +#monitoring +{ + background: #f8f8f8; + font-size: 14px; + height: 20px; + margin: -18px 0 25px; + padding: 10px; + border: 1px solid #e1e1e1; + font-family: "anivers"; +} + +#monitoring h3 +{ + font-size: 14px; + font-weight: normal; + float: left; + line-height: 18px; +} + +#external_links, #external_links li +{ + float: left; +} + +#external_links li +{ + margin: 0 0 0 15px; +} + +/* Forms */ + +form label +{ + text-align: left; + color: #333; +} + +.modal +{ + max-height: none; + /* Prevents large modals from scrolling unnecessarily */ + top: 80px; + margin-top: 0; + position: absolute; + width: auto; + width: 560px +} + + +form.horizontal .form-field +{ + float: left; +} + +form.horizontal.split_half .form-field +{ + width: 334px; +/* + +Fits 2 fields to a row */ +} + +form.horizontal.split_quarter .form-field +{ + width: 167px; +/* + +Fits 4 fields to a row */ +} + +form.horizontal.split_five .form-field +{ + width: 133px; +/* + +Fits 5 fields to a row */ +} + +form.horizontal fieldset +{ + width: 100%; +} + +.modal-body table td +{ + vertical-align: top; +} + +.modal-body ~ hr +{ + margin-bottom: 0; +} + +.static_page +{ + width: 700px; + background-color: #FFF; + border: 1px solid #DDD; +} + +.static_page > form +{ + margin-bottom: 0; +} + +.left +{ + float: left; + width: 347px; + margin-right: 15px; +} + +.left form +{ + margin: 0; +} + +.right +{ + float: left; + width: 308px; +} + +.clear +{ + clear: both; + width: 0; + height: 0; + padding: 0; + margin: 0; +} + +.modal-body fieldset +{ + margin: 0; + padding: 0; +} + +.modal-body fieldset ul +{ + width: 90%; +} + +.modal-body .left, .modal-body .right +{ + float: left; + width: 48%; + margin: 0; + margin-right: 1%; +} + + + +.modal-body fieldset .form-field input, +.modal-body fieldset .form-field select, +.modal-body fieldset .form-field textarea +{ + width: 90%; +} + +.modal-footer input +{ + width: auto; +} + +.modal-body .modal-footer +{ + width: 670px; + margin-left: -25px; + margin-right: -15px; +} + +.modal-footer a.close +{ + margin-top: 0; + margin-right: 5px; + font-size: 12px; + color: #666; + font-weight: normal; + filter: alpha(opacity=100); + -khtml-opacity: 1; + -moz-opacity: 1; + opacity: 1; + float: left; +} + +.modal-footer .pull-right +{ + float: left; +} + +.modal-footer a.close:hover +{ + color: #333; + text-decoration: underline; +} + +.modal-body .help-block +{ + text-align: left; + float: left; + width: 100%; + margin-bottom: 10px; +} + +#create_keypair_modal .clearfix +{ + margin-bottom: 115px; +} + +#actions +{ + width: 90px; +} + +#actions .btn +{ + margin-bottom: 5px; +} + +#actions a.btn +{ + width: 70px; +} + +#actions input.btn +{ + text-align: left; +} + +#images #actions +{ + width: 100px; +} + +/*New List Patches*/ + +.details-modal .modal-body +{ + padding-bottom: 20px; +} + +.form-inline +{ + display: inline; +} + +td.select +{ + width: 10px; +} + +/* Actions dropdown */ + +td.actions_column +{ + padding: 10px; + position: relative; + min-width: 115px; + min-height: 20px; +} + +td.actions_column .row_actions a, +td.actions_column .row_actions input, +td.actions_column .row_actions button +{ + background: none; + float: none; + display: block; + padding: 5px 10px; + color: #1d71bf; + text-align: left; + border-radius: 0; + border: 0 none; + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; + font-size: 13px; +} + +td.actions_column .row_actions .hide +{ + display: none; +} + +/* Makes size consistent across browsers when mixing "btn-group" and "small" */ + +.btn.hide, .btn-group .hide +{ + display: none; +} + +.btn-group .dropdown-toggle:focus +{ + outline: none; +} + +.dropdown-menu button +{ + line-height: 18px; + + +/* Matches rule for ".dropdown-menu a" in bootstrap */ + width: 100%; +} + +.btn-group .dropdown-menu .btn +{ + border-radius: 0; +} + +.dropdown-menu .btn.btn-danger, +.dropdown-menu .btn.btn-danger:hover, +.dropdown-menu .btn.btn-success, +.dropdown-menu .btn.btn-success:hover, +.dropdown-menu .btn.btn-info, +.dropdown-menu .btn.btn-info:hover +{ + text-shadow: none; +/ + +* remove default bootstrap shadowing from button text. */ +} + +.dropdown-menu li.divider +{ + margin-bottom: 10px; + margin-top: 0; +} + +.dropdown-menu li:hover +{ + background: none; +} + +.dropdown-menu li.divider:hover +{ + background-color: #E5E5E5; +} + +td.actions_column .dropdown-menu a:hover, +td.actions_column .dropdown-menu button:hover +{ + text-decoration: underline; +} + +.dropdown-menu .btn.btn-danger +{ + color: #C43C35; +} + +.dropdown-menu .btn.btn-danger:hover +{ +} + +/* Overrides for single-action rows (no dropdown) */ + +tr td.actions_column ul.row_actions.single, +tr:hover td.actions_column ul.row_actions.single, +td.actions_column ul.row_actions.single, +td.actions_column ul.row_actions.single:hover +{ + border: none; +} + +td.actions_column ul.row_actions.single li.action +{ + display: block; +} + +td.actions_column ul.row_actions.single li.action:hover +{ + background-color: transparent; +} + +td.actions_column ul.row_actions.single a, +td.actions_column ul.row_actions.single input, +td.actions_column ul.row_actions.single button +{ + color: #43a1d6; +} + +td.actions_column ul.row_actions.single a:hover, +td.actions_column ul.row_actions.single input:hover, +td.actions_column ul.row_actions.single button:hover +{ + color: black; +} + +th.multi_select_column, td.multi_select_column +{ + +} + +th.multi_select_column, td.multi_select_column +{ + text-align: center; +} + +.table input[type="checkbox"] +{ + display: inline; +} + +div.input input[type="checkbox"] +{ + float: left; + width: 25px; +} + +.table_title a +{ + font-size: 11px; + float: right; + margin-left: 10px; + margin-top: 10px; +} + +tr.terminated +{ + color: #999999; +} + +#instance_tabs +{ + float: left; + width: 100%; + border-bottom: 1px solid #e1e1e1; +} + +#instance_tabs li a +{ + background: #f2f2f2; + display: block; + font-size: 14px; + float: left; + padding: 5px 10px; + margin-right: 10px; + border: 1px solid #e1e1e1; + border-bottom: none; +} + +#instance_tabs li.active a +{ + background: #fff; + padding-bottom: 8px; + margin-bottom: -5px; +} + +#main_content .nav-tabs +{ + margin-bottom: 0; +} + +#main_content .tab-content +{ + border: 1px solid #ddd; + border-top: 0 none; + padding: 30px; +} + +.tab_wrapper +{ + padding-top: 50px; +} + +/* Fix tooltip z-index to show above modals. Bootstrap bug 582*/ + +.tooltip +{ + z-index: 12000; +} + +.volume_boot_disclosure +{ + font-weight: bold; + color: #555; + cursor: pointer; + background-image: url(../img/right_droparrow.png); + background-repeat: no-repeat; + background-position: 130px center; +} + +.volume_boot_disclosure.on +{ + width: 334px; + margin-bottom: 10px; + border-bottom: solid 1px #E1E1E1; + background-image: url(../img/drop_arrow.png); +} + +#splash form div.clearfix.error +{ + width: 254px; +} + +/* Region selector in header */ + +#region_selector +{ + position: absolute; + z-index: 9999; + right: 0; + top: 24px; +} + +#region_selector a +{ + margin-left: 0; +} + +#region_selector ul +{ + float: left; + margin-left: 5px; + padding-right: 21px; + width: 125px; +} + +#region_selector ul:hover a +{ + display: block; +} + +#region_selector li a +{ + padding: 3px 3px 3px 5px; + display: none; + background: #E1E1E1; + margin-top: -10px; +} + +#region_selector li:first-child p +{ + background: #EDEDED url(../img/drop_arrow.png) no-repeat 106px 9px !important; + display: block; + border: 1px solid #e1e1e1; + padding: 5px; +} + +iframe +{ + border: none; +} + +.item_detail ul li label +{ + color: #000; + font-weight: bold; + display: block; + margin-top: 5px; +} + +.progress_bar +{ + width: 100%; + height: 15px; + border: 1px solid #ddd; + background-color: #efefef; +} + +.progress_bar_fill +{ + height: 100%; + background-color: #006dcc; + background-image: -moz-linear-gradient(top, #0088cc, #0044cc); + background-image: -ms-linear-gradient(top, #0088cc, #0044cc); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0044cc)); + background-image: -webkit-linear-gradient(top, #0088cc, #0044cc); + background-image: -o-linear-gradient(top, #0088cc, #0044cc); + background-image: linear-gradient(top, #0088cc, #0044cc); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#0088cc', endColorstr='#0044cc', GradientType=0); +} + +.quota_title +{ + color: #999; +} + +.quota_title strong +{ + color: #000; +} + +.quota_title strong span +{ + font-weight: normal; +} + +.quota_title p +{ + float: right; +} + +.quota_bar +{ + height: 15px; + margin: -5px 0 20px; +} + +#main_content .row-fluid +{ + margin: 0px; + +} + + +#main_content .tab-content .row-fluid h4 +{ + border-top: 1px solid #ccc; + color: #333; + font-size: 18px; + font-weight: bold; + margin-right: -30px; + margin-left: -30px; + padding-top: 20px; + padding-left: 30px; + margin-top: 0px; +} + +#main_content h3 +{ + margin-bottom: 20px; +} + +#main_content .row-fluid:last-child +{ + margin-bottom: 0; +} + +#main_content dt +{ + position: absolute; + width: 150px; + text-align: right; + line-height: 30px; + color: #999; + font-weight: normal; +} + +#main_content dd +{ + margin-left: 170px; + line-height: 30px; + color: #333; +} + +#main_content dd li +{ + line-height: 30px; +} + +.header_rule +{ + display: none; +} + +.item_detail .detail_section +{ + margin-bottom: 25px; + float: left; + margin-right: 50px; +} + +.error .help-inline +{ + display: block; + background: url(../img/alert_red.png) no-repeat 0 center; + padding-left: 20px; +} + +label.log-length +{ + line-height: 28px; + margin-right: 10px; +} + +.split_five div.control-group input[type="text"], +.split_five div.control-group select +{ + width: 120px; +} + +.form-row +{ + +} + +#activity +{ + padding: 10px 10px 0; + border: 1px #e6e6e6 solid; + margin-top: 20px; +} + +#activity span +{ + display: block; + margin-bottom: 10px; +} + +#activity span strong +{ + float: left; + width: 200px; + text-align: right; + margin-right: 20px; + font-weight: normal; + color: #999; +} + +.fake_table +{ + border: 1px #ccc solid; + margin: 0; +} + +.fake_table ul +{ + margin: 0 !important; + padding: 0; + width: 100% !important; +} + +.fake_table.fake_table_header +{ + padding: 5px 10px; + background-color: #eee; + border-bottom: none; +} + +.fake_table ul li .user_name +{ + float: left; + padding: 7px; + width: 90px; + overflow: hidden; +} + +.fake_table ul .active +{ + float: right; + padding: 2px; +} + +.fake_table ul .active .btn +{ + padding: 4px 8px; +} + +.fake_table .dropdown-menu li +{ + color: #006ec5; + line-height: 20px; + padding: 2px 10px; + cursor: pointer; +} + +.fake_table .dropdown-menu li:hover +{ + text-decoration: underline; +} + +.fake_table .dark_stripe +{ + background-color: #EFEFEF; +} + +.project_membership .header .help_text +{ + margin: 10px 0px; +} + +.no_results +{ + padding: 5px !important; +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.key b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.key new file mode 100644 index 000000000..afd6e4829 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyH7O7R1/awNE2 +yVhLYchI1WOCojq9/O1iW1mlkbko77GwhvvoCcOGj+F60DLEtbVM3nLJnJE10JNF +qsI8fO1H3wUmvuJgBtbIvYHENuW9PoNlvzpH7PLAg0pruJK5qxZ1t6xA+mYC3Ozd +BriAVfOgaax1fzoH7hxidGz078DapjZA08Ay2vBkQiYiXw7qxfPtOiURowPOyFaO +8oRAbbRu5CZco7NdrDV1/a/9F1kxWCZQCJRugX5/F5XxWbu5Onh5GDj8NioePH2c +t00TYLIp801MOkhG+sCevDG2CIv6zQo4PtcrqbOKfih/HEwnKMgsloOQyp/FBPcP +Y8nrLUbdAgMBAAECggEBAIlI087A6QkB2X3fWzTmTWaNSN/zR1EM8qz++S4aDVqW +ux3yO48Qj2lT1ZZBhw+DeROg01m+WVDfy9JDFOdn5b2iDydYscMPIlWfcbeYFCNy +XfV6mGG9Jy/nQOGbZULCsVHTWWjPVPZZ7hlAR81p8ZauO6RnhYN9KtVbJGr3qm0Z +qizveBZloATAl/sBwQLWZKpPUv/9YSIAbP6UxbO9Izpe5iGgZM2Kpc2n360jD70n +OUYPO8q7CIY11qyk2LHqIg1Gxsc0cGARaMTdvV+gVnHDPX/i+imfu2oAGeV+Bdc9 +nTeffQyJugmh9lP2T/xEvrmTBkIqWrH01Nz4h/SChsUCgYEA4s7yFV4pxSoNmVZJ +qq7fcXoekGaePoH5p11VwYfnb313ZlLqcs20Z9bCDQrWIWIinKfr7rYypn6mJt8C +SDxOnPp3fBt4S/7A/vO6KbsRIRbSMollpqRZALKBLnxfKK5h2i5T9V2E9AAPibV+ +OiaoD+k522ZHlwE9FbVoWImQmi8CgYEAyQypQhJeVQCtlcj/lT2SJZOKCmfnUE2/ +SYP2MVTsy0257Rtabx/RBk7tzWxAt4Wfw90SciA2TBKOFcMsc2Xgh7cVXfSjae1B +8ja38hxPUBwoSjgUv7zDlwN7FyU08blL7gJNLnd9EaDsv21bk2UzAQVIZSNbhfKj +gwNRqd3ACLMCgYBZfRGjQK32bytCbvtN7wWWfnqEuxiAzUO1t2vYmkjEgpqTsu9y +MJuXxPJ3tujZ7yB88vxyCU1ex+XCvIbn/XN/GIwAWc5THccEUSIIyRhvF9QDwJZs +87dyQPwbXVMmd/d/4Hub+jQ1GbkHuqZ9RzdUX89GM8rXV9PENvlexZhaXQKBgHuc +YzySWplcr11WlX3Gu2KLEeZP9/JxutiSX/34vxZIlbXoiXOlVjjQsnkIw8mSSKZ9 +9+dfUsL27ZEHzP6udpw6vtJjpU1taIxphDNBoKoahdMMJAW3I3Jn23hhkenFCaAu +nhGhua3rCWSw8grvv6oy+03jrVPv2QSmN8F+66DtAoGAIcssttVuxPAuK63lTjLg +k2ozCJIZzdR23k/wUOpoXT8TXi9CXJGL5ddYb30mIeCMwR/A8zCopBBFqO8PmJtG +KMmKJmYVN2wuumlCziuM+G41fHdyYhnngRGco2F2BA7aRI3GEsDXbi8gwrcyaF88 +HRYlp01a5r41I/4FOxQ0djA= +-----END PRIVATE KEY----- diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.pem b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.pem new file mode 100644 index 000000000..bee3ddce0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/files/default/horizon.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvjCCAaYCCQDz0B/8RKp2+TANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZj +b250cm9sbGVyLmV4YW1wbGUuY29tMB4XDTEyMDQxMDE5NTU1NVoXDTIyMDQwODE5 +NTU1NVowITEfMB0GA1UEAxMWY29udHJvbGxlci5leGFtcGxlLmNvbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALIfs7tHX9rA0TbJWEthyEjVY4KiOr38 +7WJbWaWRuSjvsbCG++gJw4aP4XrQMsS1tUzecsmckTXQk0Wqwjx87UffBSa+4mAG +1si9gcQ25b0+g2W/Okfs8sCDSmu4krmrFnW3rED6ZgLc7N0GuIBV86BprHV/Ogfu +HGJ0bPTvwNqmNkDTwDLa8GRCJiJfDurF8+06JRGjA87IVo7yhEBttG7kJlyjs12s +NXX9r/0XWTFYJlAIlG6Bfn8XlfFZu7k6eHkYOPw2Kh48fZy3TRNgsinzTUw6SEb6 +wJ68MbYIi/rNCjg+1yups4p+KH8cTCcoyCyWg5DKn8UE9w9jyestRt0CAwEAATAN +BgkqhkiG9w0BAQUFAAOCAQEAZuc+mrUyuhfmwkj8CzJSOoJ9NznHblE4z3wZBzqj +lbGX7cjUubAnCobuiJkiizJP1uqt5pCRKU7saGu31dYwZ3WR6xp+iAwss9feYeu0 +6atNz/e8RLHal+uP6FQaKL7QuiQx1O+g3ntKT+iWY3wYa1h3JuFV/VxOjGcwTJDX +lhpcz41B4L5C03V9VfJbk8Np/oRaNMT3DsUOwofafKWPnK7/snGKHd/I93rxk5z4 +xrvrkH0mohDkAOsUyd4Jgl3n7vQOeVq4uqkXdY4jlgRWykrGfn3JFkdol9VAU0ld +eHRZWBbIl9zOTZqHqtOCzHghhNAb+dy6+hrxta11ZqT/nA== +-----END CERTIFICATE----- diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/metadata.rb new file mode 100644 index 000000000..2965ea153 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/metadata.rb @@ -0,0 +1,16 @@ +name "openstack-dashboard" +maintainer "AT&T Services, Inc." +maintainer_email "cookbooks@lists.tfoundry.com" +license "Apache 2.0" +description "Installs/Configures the OpenStack Dasboard (Horizon)" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.0" + +recipe "openstack-dashboard::server", "Sets up the Horizon dashboard within an Apache `mod_wsgi` container." + +%w{ ubuntu fedora redhat centos suse }.each do |os| + supports os +end + +depends "apache2" +depends "openstack-common", "~> 0.4.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/default.rb new file mode 100644 index 000000000..2b3bb4a16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: openstack-dashboard +# Recipe:: default +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/server.rb new file mode 100644 index 000000000..ad4b995e1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/recipes/server.rb @@ -0,0 +1,200 @@ +# +# Cookbook Name:: openstack-dashboard +# Recipe:: server +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +# +# Workaround to install apache2 on a fedora machine with selinux set to enforcing +# TODO(breu): this should move to a subscription of the template from the apache2 recipe +# and it should simply be a restorecon on the configuration file(s) and not +# change the selinux mode +# +execute "set-selinux-permissive" do + command "/sbin/setenforce Permissive" + action :run + + only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]" +end + +platform_options = node["openstack"]["dashboard"]["platform"] + +include_recipe "apache2" +include_recipe "apache2::mod_wsgi" +include_recipe "apache2::mod_rewrite" +include_recipe "apache2::mod_ssl" + +# +# Workaround to re-enable selinux after installing apache on a fedora machine that has +# selinux enabled and is currently permissive and the configuration set to enforcing. +# TODO(breu): get the other one working and this won't be necessary +# +execute "set-selinux-enforcing" do + command "/sbin/setenforce Enforcing ; restorecon -R /etc/httpd" + action :run + + only_if "[ -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*permissive') -eq 1 ] && [ $(/sbin/sestatus | grep -c '^Mode from config file:.*enforcing') -eq 1 ]" +end + +identity_admin_endpoint = endpoint "identity-admin" +auth_admin_uri = ::URI.decode identity_admin_endpoint.to_s +identity_endpoint = endpoint "identity-api" +auth_uri = ::URI.decode identity_endpoint.to_s + +db_pass = db_password "horizon" +db_info = db "dashboard" + +python_packages = platform_options["#{db_info['db_type']}_python_packages"] +(platform_options["horizon_packages"] + python_packages).each do |pkg| + package pkg do + action :upgrade + options platform_options["package_overrides"] + end +end + +if node["openstack"]["dashboard"]["session_backend"] == "memcached" + platform_options["memcache_python_packages"].each do |pkg| + package pkg + end +end + +memcached = memcached_servers + +template node["openstack"]["dashboard"]["local_settings_path"] do + source "local_settings.py.erb" + owner "root" + group "root" + mode 00644 + + variables( + :db_pass => db_pass, + :db_info => db_info, + :auth_uri => auth_uri, + :auth_admin_uri => auth_admin_uri, + :memcached_servers => memcached + ) + + notifies :restart, "service[apache2]" +end + +# FIXME: this shouldn't run every chef run +execute "openstack-dashboard syncdb" do + cwd "/usr/share/openstack-dashboard" + environment ({'PYTHONPATH' => '/etc/openstack-dashboard:/usr/share/openstack-dashboard:$PYTHONPATH'}) + command "python manage.py syncdb --noinput" + action :run + # not_if "/usr/bin/mysql -u root -e 'describe #{node["dash"]["db"]}.django_content_type'" +end + +cookbook_file "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/certs/#{node["openstack"]["dashboard"]["ssl"]["cert"]}" do + source "horizon.pem" + mode 00644 + owner "root" + group "root" + + notifies :run, "execute[restore-selinux-context]", :immediately +end + +case node["platform"] +when "ubuntu","debian" + grp = "ssl-cert" +else + grp = "root" +end + +cookbook_file "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/private/#{node["openstack"]["dashboard"]["ssl"]["key"]}" do + source "horizon.key" + mode 00640 + owner "root" + group grp # Don't know about fedora + + notifies :run, "execute[restore-selinux-context]", :immediately +end + +# stop apache bitching +directory "#{node["openstack"]["dashboard"]["dash_path"]}/.blackhole" do + owner "root" + action :create +end + +template node["openstack"]["dashboard"]["apache"]["sites-path"] do + source "dash-site.erb" + owner "root" + group "root" + mode 00644 + + variables( + :ssl_cert_file => "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/certs/#{node["openstack"]["dashboard"]["ssl"]["cert"]}", + :ssl_key_file => "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/private/#{node["openstack"]["dashboard"]["ssl"]["key"]}" + ) + + notifies :run, "execute[restore-selinux-context]", :immediately +end + +file "#{node["apache"]["dir"]}/conf.d/openstack-dashboard.conf" do + action :delete + backup false + + only_if { platform?("fedora", "redhat", "centos") } # :pragma-foodcritic: ~FC024 - won't fix this +end + +# ubuntu includes their own branding - we need to delete this until ubuntu makes this a +# configurable paramter +package "openstack-dashboard-ubuntu-theme" do + action :purge + + only_if { platform?("ubuntu")} +end + +# The `apache_site` provided by the apache2 cookbook +# is not an LWRP. Guards do not apply to definitions. +# http://tickets.opscode.com/browse/CHEF-778 +if platform?("debian","ubuntu") then + apache_site "000-default" do + enable false + end +elsif platform?("fedora") then + apache_site "default" do + enable false + + notifies :run, "execute[restore-selinux-context]", :immediately + end +end + +apache_site "openstack-dashboard" do + enable true + + notifies :run, "execute[restore-selinux-context]", :immediately + notifies :reload, "service[apache2]", :immediately +end + +execute "restore-selinux-context" do + command "restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :" + action :nothing + + only_if { platform?("fedora") } +end + +# TODO(shep) +# Horizon has a forced dependency on there being a volume service endpoint in your keystone catalog +# https://answers.launchpad.net/horizon/+question/189551 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/default_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/default_spec.rb new file mode 100644 index 000000000..d9376b5e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/default_spec.rb @@ -0,0 +1,4 @@ +require_relative "spec_helper" + +describe "openstack-dashboard::default" do +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-fedora_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-fedora_spec.rb new file mode 100644 index 000000000..b299da9a5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-fedora_spec.rb @@ -0,0 +1,56 @@ +require_relative "spec_helper" + +describe "openstack-dashboard::server" do + before { dashboard_stubs } + + describe "fedora" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::FEDORA_OPTS + @chef_run.converge "openstack-dashboard::server" + end + + it "deletes openstack-dashboard.conf" do + opts = ::FEDORA_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, true) + chef_run.converge "openstack-dashboard::server" + file = "/etc/httpd/conf.d/openstack-dashboard.conf" + + expect(chef_run).to delete_file file + end + + it "doesn't remove the default ubuntu virtualhost" do + resource = @chef_run.find_resource( + "execute", + "a2dissite 000-default" + ) + + expect(resource).to be_nil + end + + it "removes default virtualhost" do + resource = @chef_run.find_resource( + "execute", + "a2dissite default" + ).to_hash + + expect(resource[:params]).to include( + :enable => false + ) + end + + it "notifies restore-selinux-context" do + pending "TODO: how to test this occured on apache_site 'default'" + end + + it "executes restore-selinux-context" do + opts = ::FEDORA_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, true) + chef_run.converge "openstack-dashboard::server" + cmd = "restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :" + + expect(chef_run).to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-opensuse_spec.rb new file mode 100644 index 000000000..c018c0a60 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-opensuse_spec.rb @@ -0,0 +1,65 @@ +require_relative "spec_helper" + +describe "openstack-dashboard::server" do + before { dashboard_stubs } + + describe "opensuse" do + context "mysql backend" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + ::Chef::Recipe.any_instance.stub(:db).with("dashboard").and_return( + {"db_type" => "mysql", "db_name" => "flying_dolphin"}) + + @chef_run.converge "openstack-dashboard::server" + end + + it "installs mysql packages when mysql backend is configured" do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + ::Chef::Recipe.any_instance.stub(:db).with("dashboard").and_return( + {"db_type" => "mysql", "db_name" => "flying_dolphin"}) + @chef_run.converge "openstack-dashboard::server" + + expect(@chef_run).to upgrade_package "python-mysql" + end + end + + context "postgresql backend" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + ::Chef::Recipe.any_instance.stub(:db).with("dashboard").and_return( + {"db_type" => "postgresql", "db_name" => "flying_elephant"}) + @chef_run.converge "openstack-dashboard::server" + end + + it "installs packages" do + expect(@chef_run).to upgrade_package "openstack-dashboard" + end + + it "installs postgresql packages" do + expect(@chef_run).to upgrade_package "python-psycopg2" + end + + it "creates local_settings.py" do + file = @chef_run.template "/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py" + + expect(@chef_run).to create_file_with_content(file.name, "autogenerated") + end + + it "creates .blackhole dir with proper owner" do + dir = "/usr/share/openstack-dashboard/openstack_dashboard/.blackhole" + + expect(@chef_run.directory(dir)).to be_owned_by "root" + end + + it "creates an openstack-dashboard virtual host with proper DocRoot" do + # XXX this should be hardcoded to /etc/apache2/... , but the + # upstream cookbook is broken for SUSE + # see for e.g. http://tickets.opscode.com/browse/COOK-2434 + file = @chef_run.template "#{@chef_run.node["apache"]["dir"]}/conf.d/openstack-dashboard.conf" + + expect(@chef_run).to create_file_with_content(file.name, + "DocumentRoot /usr/share/openstack-dashboard/openstack_dashboard/.blackhole/") + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-redhat_spec.rb new file mode 100644 index 000000000..b437d1ef2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server-redhat_spec.rb @@ -0,0 +1,138 @@ +require_relative "spec_helper" + +describe "openstack-dashboard::server" do + before { dashboard_stubs } + + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-dashboard::server" + end + + it "executes set-selinux-permissive" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, true) + chef_run.converge "openstack-dashboard::server" + cmd = "/sbin/setenforce Permissive" + + expect(chef_run).to execute_command cmd + end + + it "installs packages" do + expect(@chef_run).to upgrade_package "openstack-dashboard" + expect(@chef_run).to upgrade_package "MySQL-python" + end + + it "executes set-selinux-enforcing" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, true) + chef_run.converge "openstack-dashboard::server" + cmd = "/sbin/setenforce Enforcing ; restorecon -R /etc/httpd" + + expect(chef_run).to execute_command cmd + end + + describe "local_settings" do + before do + @file = @chef_run.template "/etc/openstack-dashboard/local_settings" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "rh specific template" do + expect(@chef_run).to create_file_with_content @file.name, "WEBROOT" + end + end + + describe "certs" do + before do + @crt = @chef_run.cookbook_file "/etc/pki/tls/certs/horizon.pem" + @key = @chef_run.cookbook_file "/etc/pki/tls/private/horizon.key" + end + + it "has proper owner" do + expect(@crt).to be_owned_by "root", "root" + expect(@key).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @crt.mode)).to eq "644" + expect(sprintf("%o", @key.mode)).to eq "640" + end + + it "notifies restore-selinux-context" do + expect(@crt).to notify "execute[restore-selinux-context]", :run + expect(@key).to notify "execute[restore-selinux-context]", :run + end + end + + describe "openstack-dashboard virtual host" do + before do + f = "/etc/httpd/conf.d/openstack-dashboard" + @file = @chef_run.template f + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "sets the ServerName directive " do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS do |n| + n.set["openstack"]["dashboard"]["server_hostname"] = "spec-test-host" + end + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).to create_file_with_content @file.name, "spec-test-host" + end + + it "notifies restore-selinux-context" do + expect(@file).to notify "execute[restore-selinux-context]", :run + end + end + + it "deletes openstack-dashboard.conf" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, true) + chef_run.converge "openstack-dashboard::server" + file = "/etc/httpd/conf.d/openstack-dashboard.conf" + + expect(chef_run).to delete_file file + end + + it "does not remove openstack-dashboard-ubuntu-theme package" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, false) + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).not_to purge_package "openstack-dashboard-ubuntu-theme" + end + + it "doesn't remove default apache site" do + pending "TODO: how to properly test this" + end + + it "doesn't execute restore-selinux-context" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, false) + chef_run.converge "openstack-dashboard::server" + cmd = "restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :" + + expect(chef_run).not_to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server_spec.rb new file mode 100644 index 000000000..b77a7c5e9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/server_spec.rb @@ -0,0 +1,247 @@ +require_relative "spec_helper" + +describe "openstack-dashboard::server" do + before { dashboard_stubs } + + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-dashboard::server" + end + + it "doesn't execute set-selinux-permissive" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, false) + chef_run.converge "openstack-dashboard::server" + cmd = "/sbin/setenforce Permissive" + + expect(chef_run).not_to execute_command cmd + end + + it "installs apache packages" do + expect(@chef_run).to include_recipe "apache2" + expect(@chef_run).to include_recipe "apache2::mod_wsgi" + expect(@chef_run).to include_recipe "apache2::mod_rewrite" + expect(@chef_run).to include_recipe "apache2::mod_ssl" + end + + it "doesn't execute set-selinux-enforcing" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, false) + chef_run.converge "openstack-dashboard::server" + cmd = "/sbin/setenforce Enforcing ; restorecon -R /etc/httpd" + + expect(chef_run).not_to execute_command cmd + end + + it "installs packages" do + expect(@chef_run).to upgrade_package "lessc" + expect(@chef_run).to upgrade_package "openstack-dashboard" + expect(@chef_run).to upgrade_package "python-mysqldb" + end + + describe "local_settings.py" do + before do + @file = @chef_run.template "/etc/openstack-dashboard/local_settings.py" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has the customer banner" do + expect(@chef_run).to create_file_with_content @file.name, "autogenerated" + end + + it "has the memcached servers" do + expect(@chef_run).to create_file_with_content @file.name, "hostA" + end + + it "does not configure caching when backend == memcache and no servers provided" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + ::Chef::Recipe.any_instance.stub(:memcached_servers). + and_return nil + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).not_to create_file_with_content @file.name, + "django.core.cache.backends.memcached.MemcachedCache" + end + + it "does not configure caching when memcache_servers is empty" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + ::Chef::Recipe.any_instance.stub(:memcached_servers). + and_return [] + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).not_to create_file_with_content @file.name, + "django.core.cache.backends.memcached.MemcachedCache" + end + + it "has some plugins enabled" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["dashboard"]["plugins"] = ["testPlugin1" ] + end + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).to create_file_with_content @file.name, "testPlugin1" + end + + it "notifies apache2 restart" do + expect(@file).to notify "service[apache2]", :restart + end + + it "does not configure ssl proxy when ssl_offload is false" do + expect(@chef_run).not_to( + create_file_with_content @file.name, "SECURE_PROXY_SSL_HEADER") + end + + it "configures ssl proxy when ssl_offload is set to true" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["dashboard"]["ssl_offload"] = true + end + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).to( + create_file_with_content @file.name, "SECURE_PROXY_SSL_HEADER") + end + + it "has a help_url" do + expect(@chef_run).to create_file_with_content @file.name, "docs.openstack.org" + end + + it "configures CSRF_COOKIE_SECURE & SESSION_COOKIE_SECURE when use_ssl is true" do + expect(@chef_run).to create_file_with_content @file.name, "CSRF_COOKIE_SECURE = True" + expect(@chef_run).to create_file_with_content @file.name, "SESSION_COOKIE_SECURE = True" + end + end + + it "executes openstack-dashboard syncdb" do + cmd = "python manage.py syncdb --noinput" + expect(@chef_run).to execute_command(cmd).with( + :cwd => "/usr/share/openstack-dashboard", + :environment => { + "PYTHONPATH" => "/etc/openstack-dashboard:" \ + "/usr/share/openstack-dashboard:" \ + "$PYTHONPATH" + } + ) + end + + describe "certs" do + before do + @crt = @chef_run.cookbook_file "/etc/ssl/certs/horizon.pem" + @key = @chef_run.cookbook_file "/etc/ssl/private/horizon.key" + end + + it "has proper owner" do + expect(@crt).to be_owned_by "root", "root" + expect(@key).to be_owned_by "root", "ssl-cert" + end + + it "has proper modes" do + expect(sprintf("%o", @crt.mode)).to eq "644" + expect(sprintf("%o", @key.mode)).to eq "640" + end + + it "notifies restore-selinux-context" do + expect(@crt).to notify "execute[restore-selinux-context]", :run + expect(@key).to notify "execute[restore-selinux-context]", :run + end + end + + it "creates .blackhole dir with proper owner" do + dir = "/usr/share/openstack-dashboard/openstack_dashboard/.blackhole" + + expect(@chef_run.directory(dir)).to be_owned_by "root" + end + + describe "openstack-dashboard virtual host" do + before do + f = "/etc/apache2/sites-available/openstack-dashboard" + @file = @chef_run.template f + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has the default banner" do + expect(@chef_run).to create_file_with_content @file.name, "autogenerated" + end + + it "has the default DocRoot" do + expect(@chef_run).to create_file_with_content @file.name, + "DocumentRoot /usr/share/openstack-dashboard/openstack_dashboard/.blackhole/" + end + + it "sets the ServerName directive " do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["dashboard"]["server_hostname"] = "spec-test-host" + end + chef_run.converge "openstack-dashboard::server" + + expect(chef_run).to create_file_with_content @file.name, "spec-test-host" + end + + it "notifies restore-selinux-context" do + expect(@file).to notify "execute[restore-selinux-context]", :run + end + end + + it "does not delete openstack-dashboard.conf" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, false) + chef_run.converge "openstack-dashboard::server" + file = "/etc/httpd/conf.d/openstack-dashboard.conf" + + expect(chef_run).not_to delete_file file + end + + it "removes openstack-dashboard-ubuntu-theme package" do + expect(@chef_run).to purge_package "openstack-dashboard-ubuntu-theme" + end + + it "removes default virtualhost" do + opts = ::UBUNTU_OPTS.merge(:step_into => ["apache_site"]) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-dashboard::server" + cmd = "/usr/sbin/a2dissite 000-default" + + expect(chef_run).to execute_command cmd + end + + it "enables virtualhost" do + opts = ::UBUNTU_OPTS.merge(:step_into => ["apache_site"]) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-dashboard::server" + cmd = "/usr/sbin/a2ensite openstack-dashboard" + + expect(chef_run).to execute_command cmd + end + + it "notifies apache2 restart" do + pending "TODO: how to test when tied to an LWRP" + end + + it "doesn't execute restore-selinux-context" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command(/.*/, false) + chef_run.converge "openstack-dashboard::server" + cmd = "restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :" + + expect(chef_run).not_to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/spec_helper.rb new file mode 100644 index 000000000..65068215a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/spec/spec_helper.rb @@ -0,0 +1,30 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::FEDORA_OPTS = { + :platform => "fedora", + :version => "18", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} + +def dashboard_stubs + ::Chef::Recipe.any_instance.stub(:memcached_servers). + and_return ["hostA:port", "hostB:port"] + ::Chef::Recipe.any_instance.stub(:db_password).with("horizon"). + and_return "test-pass" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/dash-site.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/dash-site.erb new file mode 100644 index 000000000..89c47ec7b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/dash-site.erb @@ -0,0 +1,58 @@ +<%= node["openstack"]["dashboard"]["custom_template_banner"] %> + +<% if node["openstack"]["dashboard"]["server_hostname"] -%> + ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %> +<% end -%> +<% if node["openstack"]["dashboard"]["use_ssl"] %> + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] + + + +<% if node["openstack"]["dashboard"]["server_hostname"] -%> + ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %> +<% end -%> +<% end %> + ServerAdmin <%= node["apache"]["contact"] %> + WSGIScriptAlias / <%= node["openstack"]["dashboard"]["wsgi_path"] %> + WSGIDaemonProcess dashboard user=<%= node["apache"]["user"] %> group=<%= node["apache"]["group"] %> processes=3 threads=10 python-path=<%= node["openstack"]["dashboard"]["dash_path"] %> + WSGIProcessGroup dashboard + + DocumentRoot <%= node["openstack"]["dashboard"]["dash_path"] %>/.blackhole/ + Alias /static <%= node["openstack"]["dashboard"]["static_path"] %> + + + Options FollowSymLinks + AllowOverride None + + + > + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + > + Options FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + <% if node["openstack"]["dashboard"]["use_ssl"] %> + SSLEngine on + SSLCertificateFile <%= @ssl_cert_file %> + SSLCertificateKeyFile <%= @ssl_key_file %> + <% end %> + + # Allow custom files to overlay the site (such as logo.png) + RewriteEngine On + RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s + RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L] + + ErrorLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["error_log"] %> + LogLevel warn + CustomLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/default_stylesheets.html.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/default_stylesheets.html.erb new file mode 100644 index 000000000..66c40a6fc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/default_stylesheets.html.erb @@ -0,0 +1,7 @@ +{% load compress %} + +{% compress css %} + +{% endcompress %} + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/local_settings.py.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/local_settings.py.erb new file mode 100644 index 000000000..8ecd34cfc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/local_settings.py.erb @@ -0,0 +1,258 @@ +<%= node["openstack"]["dashboard"]["custom_template_banner"] %> + +import os + +from django.utils.translation import ugettext_lazy as _ + +from openstack_dashboard import exceptions + +DEBUG = <%= node["openstack"]["dashboard"]["debug"] ? "True" : "False" %> +TEMPLATE_DEBUG = DEBUG + +<% if %w(fedora redhat centos scientific).include? node.platform -%> +WEBROOT='' +LOGIN_URL = WEBROOT+'/auth/login/' +LOGOUT_URL = WEBROOT+'/auth/logout/' +LOGIN_REDIRECT_URL = WEBROOT+'/syspanel' +<% end %> + +<% if node["openstack"]["dashboard"]["ssl_offload"] %> +# Set SSL proxy settings: +# For Django 1.4+ pass this header from the proxy after terminating the SSL, +# and don't forget to strip it from the client's request. +# For more information see: +# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') +<% end %> + +# If Horizon is being served through SSL, then uncomment the following two +# settings to better secure the cookies from security exploits +<% if node["openstack"]["dashboard"]["use_ssl"] %> +CSRF_COOKIE_SECURE = <%= node["openstack"]["dashboard"]["csrf_cookie_secure"] ? "True" : "False" %> +SESSION_COOKIE_SECURE = <%= node["openstack"]["dashboard"]["session_cookie_secure"] ? "True" : "False" %> +<% end %> + +# Default OpenStack Dashboard configuration. +HORIZON_CONFIG = { + 'dashboards': ('project', 'admin', 'settings',), + 'default_dashboard': 'project', + 'user_home': 'openstack_dashboard.views.get_user_home', + 'ajax_queue_limit': 10, + 'auto_fade_alerts': { + 'delay': 3000, + 'fade_duration': 1500, + 'types': ['alert-success', 'alert-info'] + }, + 'help_url': "<%= node["openstack"]["dashboard"]["help_url"] %>", + 'exceptions': {'recoverable': exceptions.RECOVERABLE, + 'not_found': exceptions.NOT_FOUND, + 'unauthorized': exceptions.UNAUTHORIZED}, +} + +# Specify a regular expression to validate user passwords. +# HORIZON_CONFIG["password_validator"] = { +# "regex": '.*', +# "help_text": _("Your password does not meet the requirements.") +# } + +# Disable simplified floating IP address management for deployments with +# multiple floating IP pools or complex network requirements. +# HORIZON_CONFIG["simple_ip_management"] = False + +# Turn off browser autocompletion for the login form if so desired. +# HORIZON_CONFIG["password_autocomplete"] = "off" + +LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) + +# Set custom secret key: +# You can either set it to a specific value or you can let horizion generate a +# default secret key that is unique on this machine, e.i. regardless of the +# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there +# may be situations where you would want to set this explicitly, e.g. when +# multiple dashboard instances are distributed on different machines (usually +# behind a load-balancer). Either you have to make sure that a session gets all +# requests routed to the same dashboard instance or you set the same SECRET_KEY +# for all of them. +# from horizon.utils import secret_key +# SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store')) + +# We recommend you use memcached for development; otherwise after every reload +# of the django development server, you will have to login again. To use +# memcached set CACHE_BACKED to something like 'memcached://127.0.0.1:11211/' +<% case node["openstack"]["dashboard"]["session_backend"] + when "file" %> +SESSION_ENGINE = 'django.contrib.sessions.backends.file' +<% when "memcached" + if @memcached_servers && !@memcached_servers.empty? +%> +SESSION_ENGINE = 'django.contrib.sessions.backends.cache' +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': [ +<% @memcached_servers.each do |address| %> + '<%= address %>', +<% end %> + ] + } +} +<% end + when "sql" +%> +SESSION_ENGINE = 'django.contrib.sessions.backends.db' +<% end %> + +# Send email to the console by default +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +# Or send them to /dev/null +#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' + +# Configure these for your outgoing email host +# EMAIL_HOST = 'smtp.my-company.com' +# EMAIL_PORT = 25 +# EMAIL_HOST_USER = 'djangomail' +# EMAIL_HOST_PASSWORD = 'top-secret!' + +# For multiple regions uncomment this configuration, and add (endpoint, title). +# AVAILABLE_REGIONS = [ +# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), +# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), +# ] + +OPENSTACK_KEYSTONE_URL = "<%= @auth_uri %>" +OPENSTACK_KEYSTONE_ADMIN_URL = "<%= @auth_admin_uri %>" +OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= node["openstack"]["dashboard"]["keystone_default_role"] %>" + +# Disable SSL certificate checks (useful for self-signed certificates): +# OPENSTACK_SSL_NO_VERIFY = True + +# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the +# capabilities of the auth backend for Keystone. +# If Keystone has been configured to use LDAP as the auth backend then set +# can_edit_user to False and name to 'ldap'. +# +# TODO(tres): Remove these once Keystone has an API to identify auth backend. +OPENSTACK_KEYSTONE_BACKEND = { + 'name': 'native', + 'can_edit_user': True, + 'can_edit_project': True +} + +OPENSTACK_HYPERVISOR_FEATURES = { + 'can_set_mount_point': True, + + # NOTE: as of Grizzly this is not yet supported in Nova so enabling this + # setting will not do anything useful + 'can_encrypt_volumes': False +} + +# The OPENSTACK_QUANTUM_NETWORK settings can be used to enable optional +# services provided by quantum. Currently only the load balancer service +# is available. +OPENSTACK_QUANTUM_NETWORK = { + 'enable_lb': False +} + +# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is 'internalURL'. +#OPENSTACK_ENDPOINT_TYPE = "publicURL" + +# The number of objects (Swift containers/objects or images) to display +# on a single page before providing a paging element (a "more" link) +# to paginate results. +API_RESULT_LIMIT = 1000 +API_RESULT_PAGE_SIZE = 20 + +# The timezone of the server. This should correspond with the timezone +# of your entire OpenStack installation, and hopefully be in UTC. +TIME_ZONE = "UTC" + +LOGGING = { + 'version': 1, + # When set to True this will disable all logging except + # for loggers specified in this configuration dictionary. Note that + # if nothing is specified here and disable_existing_loggers is True, + # django.db.backends will still log unless it is disabled explicitly. + 'disable_existing_loggers': False, + 'handlers': { + 'null': { + 'level': 'DEBUG', + 'class': 'django.utils.log.NullHandler', + }, + 'console': { + # Set the level to "DEBUG" for verbose output logging. + 'level': '<%= node["openstack"]["dashboard"]["debug"] ? "DEBUG" : "INFO" %>', + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + # Logging from django.db.backends is VERY verbose, send to null + # by default. + 'django.db.backends': { + 'handlers': ['null'], + 'propagate': False, + }, + 'requests': { + 'handlers': ['null'], + 'propagate': False, + }, + 'horizon': { + 'handlers': ['console'], + 'propagate': False, + }, + 'openstack_dashboard': { + 'handlers': ['console'], + 'propagate': False, + }, + 'novaclient': { + 'handlers': ['console'], + 'propagate': False, + }, + 'keystoneclient': { + 'handlers': ['console'], + 'propagate': False, + }, + 'glanceclient': { + 'handlers': ['console'], + 'propagate': False, + }, + 'nose.plugins.manager': { + 'handlers': ['console'], + 'propagate': False, + } + } +} + +<% django_backends = {'mysql' => 'mysql', + 'postgresql' => 'postgresql_psycopg2'} + engine = django_backends[@db_info['db_type']] %> + +# A dictionary containing the settings for all databases to be used with +# Django. It is a nested dictionary whose contents maps database aliases +# to a dictionary containing the options for an individual database. +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.<%= engine %>', + 'NAME': '<%= @db_info["db_name"] %>', + 'USER': '<%= node["openstack"]["dashboard"]["db"]["username"] %>', + 'PASSWORD': '<%= @db_pass %>', + 'HOST': '<%= @db_info["host"] %>', + 'default-character-set': 'utf8' + }, +} + +# Boolean that decides if compression should also be done outside of the +# request/response loop - independent from user requests. This allows to +# pre-compress CSS and JavaScript files and works just like the automatic +# compression with the {% compress %} tag. +COMPRESS_OFFLINE = True + +# Add additional plugins. +<% if node["openstack"]["dashboard"]["plugins"] %> +import sys +mod = sys.modules['openstack_dashboard.settings'] +<% node["openstack"]["dashboard"]["plugins"].each do |p| %> +mod.INSTALLED_APPS += ('<%= p %>', ) +<% end %> +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/rs_stylesheets.html.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/rs_stylesheets.html.erb new file mode 100644 index 000000000..5995f0b72 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-dashboard/templates/default/rs_stylesheets.html.erb @@ -0,0 +1,7 @@ +{% load compress %} + +{% compress css %} + +{% endcompress %} + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile new file mode 100644 index 000000000..84e5b6dfb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile @@ -0,0 +1,4 @@ +metadata + +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile.lock new file mode 100644 index 000000000..368e102d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Berksfile.lock @@ -0,0 +1,37 @@ +{ + "sha": "591cb6e4f1ccfb699c80c54dca3009a15e14b06f", + "sources": { + "openstack-identity": { + "path": "." + }, + "openstack-common": { + "locked_version": "0.3.0", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "ae80d36e8f8d5705e01bb6c14238eccb5450a229" + }, + "apt": { + "locked_version": "2.0.0" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "postgresql": { + "locked_version": "3.0.2" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile new file mode 100644 index 000000000..04ef97e41 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile.lock new file mode 100644 index 000000000..2d00f7d7f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Gemfile.lock @@ -0,0 +1,223 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (4.0.0) + i18n (~> 0.6, >= 0.6.4) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + atomic (1.1.10) + berkshelf (2.0.5) + activesupport (>= 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.8.4) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.4) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.7) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rak (1.4) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.3) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.13.0) + rspec-core (~> 2.13.0) + rspec-expectations (~> 2.13.0) + rspec-mocks (~> 2.13.0) + rspec-core (2.13.1) + rspec-expectations (2.13.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.13.1) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.6.0) + strainer (3.0.3) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + thread_safe (0.1.0) + atomic + timers (1.1.0) + tins (0.8.2) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.37) + uuidtools (2.1.4) + varia_model (0.1.0) + buff-extensions (~> 0.1) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/README.md new file mode 100644 index 000000000..be43628d4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/README.md @@ -0,0 +1,290 @@ +Description +=========== + +This cookbook installs the OpenStack Identity Service **Keystone** as part of the OpenStack reference deployment Chef for OpenStack. The http://github.com/mattray/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Keystone is installed from packages, creating the default user, tenant, and roles. It also registers the identity service and identity endpoint. + +http://keystone.openstack.org/ + +Requirements +============ + +Chef 0.10.0 or higher required (for Chef environment use) + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* openstack-common + +Usage +===== + +server +------ + +Installs and Configures Keystone Service + +```json +"run_list": [ + "recipe[openstack-identity::server]" +] +``` + +Resources/Providers +=================== + +These resources provide an abstraction layer for interacting with the keystone server's API, allowing for other nodes to register any required users, tenants, roles, services, or endpoints. + +register +-------- + +Register users, tenants, roles, services and endpoints with Keystone + +### Actions + +- :create_tenant: Create a tenant +- :create_user: Create a user for a specified tenant +- :create_role: Create a role +- :grant_role: Grant a role to a specified user for a specified tenant +- :create_service: Create a service +- :create_endpoint: Create an endpoint for a sepcified service + +### General Attributes + +- auth_protocol: Required communication protocol with Keystone server + - Acceptable values are [ "http", "https" ] +- auth_host: Keystone server IP Address +- auth_port: Port Keystone server is listening on +- api_ver: API Version for Keystone server + - Accepted values are [ "/v2.0" ] +- auth_token: Auth Token for communication with Keystone server + +### :create_tenant Specific Attributes + +- tenant_name: Name of tenant to create +- tenant_description: Description of tenant to create +- tenant_enabled: Enable or Disable tenant + - Accepted values are [ "true", "false" ] + - Default is "true" + +### :create_user Specific Attributes + +- user_name: Name of user account to create +- user_pass: Password for the user account +- user_enabled: Enable or Disable user + - Accepted values are [ "true", "false" ] + - Default is "true" +- tenant_name: Name of tenant to create user in + +### :create_role Specific Attributes + +- role_name: Name of the role to create + +### :grant_role Specific Attributes + +- role_name: Name of the role to grant +- user_name: User name to grant the role to +- tenant_name: Name of tenant to grant role in + +### :create_service Specific Attributes + +- service_name: Name of service +- service_description: Description of service +- service_type: Type of service to create + - Accepted values are [ "image", "identity", "compute", "storage", "ec2", "volume" ] + +### :create_endpoint Specific Attributes + +- endpoint_region: Default value is "RegionOne" +- endpoint_adminurl: URL to admin endpoint (using admin port) +- endpoint_internalurl: URL to service endpoint (using service port) +- endpoint_publicurl: URL to public endpoint + - Default is same as endpoint_internalURL +- service_type: Type of service to create endpoint for + - Accepted values are [ "image", "identity", "compute", "storage", "ec2", "volume" ] + +### Examples + + # Create 'openstack' tenant + openstack_identity_register "Register 'openstack' Tenant" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + tenant_name "openstack" + tenant_description "Default Tenant" + tenant_enabled "true" # Not required as this is the default + action :create_tenant + end + + # Create 'admin' user + openstack_identity_register "Register 'admin' User" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + tenant_name "openstack" + user_name "admin" + user_pass "secrete" + user_enabled "true" # Not required as this is the default + action :create_user + end + + # Create 'admin' role + openstack_identity_register "Register 'admin' Role" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + role_name role_key + action :create_role + end + + + # Grant 'admin' role to 'admin' user in the 'openstack' tenant + openstack_identity_register "Grant 'admin' Role to 'admin' User" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + tenant_name "openstack" + user_name "admin" + role_name "admin" + action :grant_role + end + + # Create 'identity' service + openstack_identity_register "Register Identity Service" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + service_name "keystone" + service_type "identity" + service_description "Keystone Identity Service" + action :create_service + end + + # Create 'identity' endpoint + openstack_identity_register "Register Identity Endpoint" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + service_type "identity" + endpoint_region "RegionOne" + endpoint_adminurl "http://192.168.1.10:35357/v2.0" + endpoint_internalurl "http://192.168.1.10:5001/v2.0" + endpoint_publicurl "http://1.2.3.4:5001/v2.0" + action :create_endpoint + end + +credentials +----------- + +Create EC2 credentials for a given user in the specified tenant + +### Actions + +- :create_ec2: create EC2 credentials + +### General Attributes + +- auth_protocol: Required communication protocol with Keystone server. Acceptable values are [ "http", "https" ] +- auth_host: Keystone server IP Address +- auth_port: Port Keystone server is listening on +- api_ver: API Version for Keystone server + - Accepted values are [ "/v2.0" ] +- auth_token: Auth Token for communication with Keystone server + +### :create_ec2 Specific Attributes + +- user_name: User name to grant the credentials for +- tenant_name: Tenant name to grant the credentials in + +### Examples + + openstack_identity_credentials "Create EC2 credentials for 'admin' user" do + auth_host "192.168.1.10" + auth_port "35357" + auth_protocol "http" + api_ver "/v2.0" + auth_token "123456789876" + user_name "admin" + tenant_name "openstack" + end + +Attributes +========== + +* `openstack['identity']['db_server_chef_role']` - The name of the Chef role that knows about the db server +* `openstack['identity']['bind_interface']` - Interface to bind keystone to +* `openstack['identity']['service_port']` - Port to listen on for client functions +* `openstack['identity']['admin_port']` - Port to listen on for admin functions +* `openstack['identity']['user']` - User keystone runs as +* `openstack['identity']['group']` - Group keystone runs as +* `openstack['identity']['db']` - Name of keystone database +* `openstack['identity']['db_user']` - Username for keystone database access +* `openstack['identity']['db_passwd']` - Password for keystone database access +* `openstack['identity']['db_ipaddress']` - IP address of the keystone database +* `openstack['identity']['api_ipaddress']` - IP address for the keystone API to bind to. _TODO_: Rename to bind_address +* `openstack['identity']['verbose']` - Enables/disables verbose output for keystone API server +* `openstack['identity']['debug']` - Enables/disables debug output for keystone API server +* `openstack['identity']['service_port']` - Port for the keystone service API to bind to +* `openstack['identity']['admin_port']` - Port for the keystone admin service to bind to +* `openstack['identity']['admin_token']` - Admin token for bootstraping keystone server +* `openstack['identity']['roles']` - Array of roles to create in the keystone server +* `openstack['identity']['users']` - Array of users to create in the keystone server + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +Author:: Justin Shepherd () +Author:: Jason Cannavale () +Author:: Ron Pedde () +Author:: Joseph Breu () +Author:: William Kelly () +Author:: Darren Birkett () +Author:: Evan Callicoat () +Author:: Matt Ray () +Author:: Jay Pipes () +Author:: John Dewey () +Author:: Sean Gallagher () +Author:: Ionut Artarisi () + +Copyright 2012, Rackspace US, Inc. +Copyright 2012-2013, Opscode, Inc. +Copyright 2012-2013, AT&T Services, Inc. +Copyright 2013, SUSE Linux GmbH + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/attributes/default.rb new file mode 100644 index 000000000..cdea214b7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/attributes/default.rb @@ -0,0 +1,202 @@ +# +# Cookbook Name:: openstack-identity +# Recipe:: default +# +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["identity"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +# Adding these as blank +# this needs to be here for the initial deep-merge to work +default["credentials"]["EC2"]["admin"]["access"] = "" +default["credentials"]["EC2"]["admin"]["secret"] = "" + +default["openstack"]["identity"]["db"]["username"] = "keystone" +# Execute database migrations. There are cases where migrations should not be +# executed. For example when upgrading a zone, and the identity database is +# replicated across many zones. +default["openstack"]["identity"]["db"]["migrate"] = true + +default["openstack"]["identity"]["verbose"] = "False" +default["openstack"]["identity"]["debug"] = "False" + +default["openstack"]["identity"]["service_port"] = "5000" +default["openstack"]["identity"]["admin_port"] = "35357" +default["openstack"]["identity"]["region"] = "RegionOne" + +default["openstack"]["identity"]["bind_interface"] = "lo" + +# Logging stuff +default["openstack"]["identity"]["syslog"]["use"] = false +default["openstack"]["identity"]["syslog"]["facility"] = "LOG_LOCAL2" +default["openstack"]["identity"]["syslog"]["config_facility"] = "local2" + +default["openstack"]["identity"]["admin_user"] = "admin" +default["openstack"]["identity"]["admin_tenant_name"] = "admin" + +default["openstack"]["identity"]["users"] = { + default["openstack"]["identity"]["admin_user"] => { + "password" => nil, + "default_tenant" => default["openstack"]["identity"]["admin_tenant_name"], + "roles" => { + "admin" => [ "admin" ], + "KeystoneAdmin" => [ "admin" ], + "KeystoneServiceAdmin" => [ "admin" ] + } + }, + "monitoring" => { + "password" => nil, + "default_tenant" => "service", + "roles" => { + "Member" => [ "admin" ] + } + } +} + +# PKI signing. Corresponds to the [signing] section of keystone.conf +# Note this section is only written if node["openstack"]["auth"]["straegy"] == "pki" +default["openstack"]["identity"]["signing"]["basedir"] = "/etc/keystone/ssl" +default["openstack"]["identity"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem" +default["openstack"]["identity"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem" +default["openstack"]["identity"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem" +default["openstack"]["identity"]["signing"]["key_size"] = "1024" +default["openstack"]["identity"]["signing"]["valid_days"] = "3650" +default["openstack"]["identity"]["signing"]["ca_password"] = nil + +# These switches set the various drivers for the different Keystone components +default["openstack"]["identity"]["identity"]["backend"] = "sql" +default["openstack"]["identity"]["token"]["backend"] = "sql" +default["openstack"]["identity"]["catalog"]["backend"] = "sql" + +# LDAP backend general settings +default["openstack"]["identity"]["ldap"]["url"] = "ldap://localhost" +default["openstack"]["identity"]["ldap"]["user"] = "dc=Manager,dc=example,dc=com" +default["openstack"]["identity"]["ldap"]["password"] = nil +default["openstack"]["identity"]["ldap"]["suffix"] = "cn=example,cn=com" +default["openstack"]["identity"]["ldap"]["use_dumb_member"] = false +default["openstack"]["identity"]["ldap"]["allow_subtree_delete"] = false +default["openstack"]["identity"]["ldap"]["dumb_member"] = "cn=dumb,dc=example,dc=com" +default["openstack"]["identity"]["ldap"]["page_size"] = 0 +default["openstack"]["identity"]["ldap"]["alias_dereferencing"] = "default" +default["openstack"]["identity"]["ldap"]["query_scope"] = "one" + +# LDAP backend user related settings +default["openstack"]["identity"]["ldap"]["user_tree_dn"] = nil +default["openstack"]["identity"]["ldap"]["user_filter"] = nil +default["openstack"]["identity"]["ldap"]["user_objectclass"] = "inetOrgPerson" +default["openstack"]["identity"]["ldap"]["user_id_attribute"] = "cn" +default["openstack"]["identity"]["ldap"]["user_name_attribute"] = "sn" +default["openstack"]["identity"]["ldap"]["user_mail_attribute"] = "email" +default["openstack"]["identity"]["ldap"]["user_pass_attribute"] = "userPassword" +default["openstack"]["identity"]["ldap"]["user_enabled_attribute"] = "enabled" +default["openstack"]["identity"]["ldap"]["user_domain_id_attribute"] = "businessCategory" +default["openstack"]["identity"]["ldap"]["user_enabled_mask"] = 0 +default["openstack"]["identity"]["ldap"]["user_enabled_default"] = "true" +default["openstack"]["identity"]["ldap"]["user_attribute_ignore"] = "tenant_id,tenants" +default["openstack"]["identity"]["ldap"]["user_allow_create"] = true +default["openstack"]["identity"]["ldap"]["user_allow_update"] = true +default["openstack"]["identity"]["ldap"]["user_allow_delete"] = true +default["openstack"]["identity"]["ldap"]["user_enabled_emulation"] = false +default["openstack"]["identity"]["ldap"]["user_enabled_emulation_dn"] = nil + +# LDAP backend tenant related settings +default["openstack"]["identity"]["ldap"]["tenant_tree_dn"] = nil +default["openstack"]["identity"]["ldap"]["tenant_filter"] = nil +default["openstack"]["identity"]["ldap"]["tenant_objectclass"] = "groupOfNames" +default["openstack"]["identity"]["ldap"]["tenant_id_attribute"] = "cn" +default["openstack"]["identity"]["ldap"]["tenant_member_attribute"] = "member" +default["openstack"]["identity"]["ldap"]["tenant_name_attribute"] = "ou" +default["openstack"]["identity"]["ldap"]["tenant_desc_attribute"] = "description" +default["openstack"]["identity"]["ldap"]["tenant_enabled_attribute"] = "enabled" +default["openstack"]["identity"]["ldap"]["tenant_domain_id_attribute"] = "businessCategory" +default["openstack"]["identity"]["ldap"]["tenant_attribute_ignore"] = nil +default["openstack"]["identity"]["ldap"]["tenant_allow_create"] = true +default["openstack"]["identity"]["ldap"]["tenant_allow_update"] = true +default["openstack"]["identity"]["ldap"]["tenant_allow_delete"] = true +default["openstack"]["identity"]["ldap"]["tenant_enabled_emulation"] = false +default["openstack"]["identity"]["ldap"]["tenant_enabled_emulation_dn"] = nil + +# LDAP backend role related settings +default["openstack"]["identity"]["ldap"]["role_tree_dn"] = nil +default["openstack"]["identity"]["ldap"]["role_filter"] = nil +default["openstack"]["identity"]["ldap"]["role_objectclass"] = "organizationalRole" +default["openstack"]["identity"]["ldap"]["role_id_attribute"] = "cn" +default["openstack"]["identity"]["ldap"]["role_name_attribute"] = "ou" +default["openstack"]["identity"]["ldap"]["role_member_attribute"] = "roleOccupant" +default["openstack"]["identity"]["ldap"]["role_attribute_ignore"] = nil +default["openstack"]["identity"]["ldap"]["role_allow_create"] = true +default["openstack"]["identity"]["ldap"]["role_allow_update"] = true +default["openstack"]["identity"]["ldap"]["role_allow_delete"] = true + +# LDAP backend group related settings +default["openstack"]["identity"]["ldap"]["group_tree_dn"] = nil +default["openstack"]["identity"]["ldap"]["group_filter"] = nil +default["openstack"]["identity"]["ldap"]["group_objectclass"] = "groupOfNames" +default["openstack"]["identity"]["ldap"]["group_id_attribute"] = "cn" +default["openstack"]["identity"]["ldap"]["group_name_attribute"] = "ou" +default["openstack"]["identity"]["ldap"]["group_member_attribute"] = "member" +default["openstack"]["identity"]["ldap"]["group_desc_attribute"] = "description" +default["openstack"]["identity"]["ldap"]["group_domain_id_attribute"] = "businessCategory" +default["openstack"]["identity"]["ldap"]["group_attribute_ignore"] = nil +default["openstack"]["identity"]["ldap"]["group_allow_create"] = true +default["openstack"]["identity"]["ldap"]["group_allow_update"] = true +default["openstack"]["identity"]["ldap"]["group_allow_delete"] = true + +# platform defaults +case platform +when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["identity"]["user"] = "keystone" + default["openstack"]["identity"]["group"] = "keystone" + default["openstack"]["identity"]["platform"] = { + "mysql_python_packages" => [ "MySQL-python" ], + "postgresql_python_packages" => [ "python-psycopg2" ], + "memcache_python_packages" => [ "python-memcached" ], + "keystone_packages" => [ "openstack-keystone" ], + "keystone_service" => "openstack-keystone", + "keystone_process_name" => "keystone-all", + "package_options" => "" + } +when "suse" + default["openstack"]["identity"]["user"] = "openstack-keystone" + default["openstack"]["identity"]["group"] = "openstack-keystone" + default["openstack"]["identity"]["platform"] = { + "mysql_python_packages" => [ "python-mysql" ], + "postgresql_python_packages" => [ "python-psycopg2" ], + "memcache_python_packages" => [ "python-python-memcached" ], + "keystone_packages" => [ "openstack-keystone" ], + "keystone_service" => "openstack-keystone", + "keystone_process_name" => "keystone-all", + "package_options" => "" + } +when "ubuntu" + default["openstack"]["identity"]["user"] = "keystone" + default["openstack"]["identity"]["group"] = "keystone" + default["openstack"]["identity"]["platform"] = { + "mysql_python_packages" => [ "python-mysqldb" ], + "postgresql_python_packages" => [ "python-psycopg2" ], + "memcache_python_packages" => [ "python-memcache" ], + "keystone_packages" => [ "keystone" ], + "keystone_service" => "keystone", + "keystone_process_name" => "keystone-all", + "package_options" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/metadata.rb new file mode 100644 index 000000000..cdfc4eecc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/metadata.rb @@ -0,0 +1,16 @@ +name "openstack-identity" +maintainer "Opscode, Inc." +maintainer_email "matt@opscode.com" +license "Apache 2.0" +description "The OpenStack Identity service Keystone." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.0" + +recipe "openstack-identity::server", "Installs and Configures Keystone Service" +recipe "openstack-identity::registration", "Adds user, tenant, role and endpoint records to Keystone" + +%w{ ubuntu fedora redhat centos suse }.each do |os| + supports os +end + +depends "openstack-common", "~> 0.4.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/providers/register.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/providers/register.rb new file mode 100644 index 000000000..2e6fa099b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/providers/register.rb @@ -0,0 +1,301 @@ +# +# Cookbook Name:: openstack-identity +# Provider:: register +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Opscode, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/shell_out' +include Chef::Mixin::ShellOut +include ::Openstack + +private +def generate_creds resource + { + 'OS_SERVICE_ENDPOINT' => resource.auth_uri, + 'OS_SERVICE_TOKEN' => resource.bootstrap_token + } +end + +private +def identity_command resource, cmd, args={} + keystonecmd = ['keystone'] << cmd + args.each { |key, val| + keystonecmd << "--#{key}" << val.to_s + } + Chef::Log.debug("Running identity command: #{keystonecmd}") + rc = shell_out(keystonecmd, :env => generate_creds(resource)) + if rc.exitstatus != 0 + raise RuntimeError, "#{rc.stderr} (#{rc.exitstatus})" + end + rc.stdout +end + +private +def identity_uuid resource, type, key, value, args={}, uuid_field='id' + begin + output = identity_command resource, "#{type}-list", args + output = prettytable_to_array(output) + output.each { |obj| + if obj.has_key?(uuid_field) and obj[key] == value + return obj[uuid_field] + end + } + rescue RuntimeError => e + raise RuntimeError, "Could not lookup uuid for #{type}:#{key}=>#{value}. Error was #{e.message}" + end + nil +end + +action :create_service do + if node["openstack"]["identity"]["catalog"]["backend"] == "templated" + Chef::Log.info("Skipping service creation - templated catalog backend in use.") + new_resource.updated_by_last_action(false) + else + begin + service_uuid = identity_uuid new_resource, "service", "type", new_resource.service_type + + unless service_uuid + identity_command new_resource, "service-create", + { 'type' => new_resource.service_type, + 'name' => new_resource.service_name, + 'description' => new_resource.service_description } + Chef::Log.info("Created service '#{new_resource.service_name}'") + new_resource.updated_by_last_action(true) + else + Chef::Log.info("Service Type '#{new_resource.service_type}' already exists.. Not creating.") + Chef::Log.info("Service UUID: #{service_uuid}") + new_resource.updated_by_last_action(false) + end + rescue Exception => e + Chef::Log.error("Unable to create service '#{new_resource.service_name}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end + end +end + +action :create_endpoint do + if node["openstack"]["identity"]["catalog"]["backend"] == "templated" + Chef::Log.info("Skipping endpoint creation - templated catalog backend in use.") + new_resource.updated_by_last_action(false) + else + begin + service_uuid = identity_uuid new_resource, "service", "type", new_resource.service_type + unless service_uuid + Chef::Log.error("Unable to find service type '#{new_resource.service_type}'") + new_resource.updated_by_last_action(false) + next + end + + endpoint_uuid = identity_uuid new_resource, "endpoint", "service_id", service_uuid + unless endpoint_uuid + identity_command new_resource, "endpoint-create", + { 'region' => new_resource.endpoint_region, + 'service_id' => service_uuid, + 'publicurl' => new_resource.endpoint_publicurl, + 'internalurl' => new_resource.endpoint_internalurl, + 'adminurl' => new_resource.endpoint_adminurl } + Chef::Log.info("Created endpoint for service type '#{new_resource.service_type}'") + new_resource.updated_by_last_action(true) + else + Chef::Log.info("Endpoint already exists for Service Type '#{new_resource.service_type}' already exists.. Not creating.") + new_resource.updated_by_last_action(false) + end + rescue Exception => e + Chef::Log.error("Unable to create endpoint for service type '#{new_resource.service_type}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end + end +end + +action :create_tenant do + begin + tenant_uuid = identity_uuid new_resource, "tenant", "name", new_resource.tenant_name + + unless tenant_uuid + identity_command new_resource, "tenant-create", + { 'name' => new_resource.tenant_name, + 'description' => new_resource.tenant_description, + 'enabled' => new_resource.tenant_enabled } + Chef::Log.info("Created tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(true) + else + Chef::Log.info("Tenant '#{new_resource.tenant_name}' already exists.. Not creating.") + Chef::Log.info("Tenant UUID: #{tenant_uuid}") if tenant_uuid + new_resource.updated_by_last_action(false) + end + rescue Exception => e + Chef::Log.error("Unable to create tenant '#{new_resource.tenant_name}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end +end + +action :create_role do + begin + role_uuid = identity_uuid new_resource, "role", "name", new_resource.role_name + + unless role_uuid + identity_command new_resource, "role-create", + { 'name' => new_resource.role_name } + Chef::Log.info("Created Role '#{new_resource.role_name}'") + new_resource.updated_by_last_action(true) + else + Chef::Log.info("Role '#{new_resource.role_name}' already exists.. Not creating.") + Chef::Log.info("Role UUID: #{role_uuid}") + new_resource.updated_by_last_action(false) + end + rescue Exception => e + Chef::Log.error("Unable to create role '#{new_resource.role_name}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end +end + +action :create_user do + begin + tenant_uuid = identity_uuid new_resource, "tenant", "name", new_resource.tenant_name + unless tenant_uuid + Chef::Log.error("Unable to find tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(false) + next + end + + output = identity_command new_resource, "user-list", {'tenant-id' => tenant_uuid} + users = prettytable_to_array output + user_found = false + users.each { |user| + if user['name'] == new_resource.user_name + user_found = true + end + } + + if user_found + Chef::Log.info("User '#{new_resource.user_name}' already exists for tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(false) + next + end + + identity_command new_resource, "user-create", + { 'name' => new_resource.user_name, + 'tenant-id' => tenant_uuid, + 'pass' => new_resource.user_pass, + 'enabled' => new_resource.user_enabled } + Chef::Log.info("Created user '#{new_resource.user_name}' for tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(true) + rescue Exception => e + Chef::Log.error("Unable to create user '#{new_resource.user_name}' for tenant '#{new_resource.tenant_name}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end +end + +action :grant_role do + begin + tenant_uuid = identity_uuid new_resource, "tenant", "name", new_resource.tenant_name + unless tenant_uuid + Chef::Log.error("Unable to find tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(false) + next + end + + user_uuid = identity_uuid new_resource, "user", "name", new_resource.user_name + unless tenant_uuid + Chef::Log.error("Unable to find user '#{new_resource.user_name}'") + new_resource.updated_by_last_action(false) + next + end + + role_uuid = identity_uuid new_resource, "role", "name", new_resource.role_name + unless tenant_uuid + Chef::Log.error("Unable to find role '#{new_resource.role_name}'") + new_resource.updated_by_last_action(false) + next + end + + assigned_role_uuid = identity_uuid new_resource, "user-role", "name", new_resource.role_name, + { 'tenant-id' => tenant_uuid, + 'user-id' => user_uuid } + unless role_uuid == assigned_role_uuid + identity_command new_resource, "user-role-add", + { 'tenant-id' => tenant_uuid, + 'role-id' => role_uuid, + 'user-id' => user_uuid } + Chef::Log.info("Granted Role '#{new_resource.role_name}' to User '#{new_resource.user_name}' in Tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(true) + else + Chef::Log.info("Role '#{new_resource.role_name}' already granted to User '#{new_resource.user_name}' in Tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(false) + end + rescue Exception => e + Chef::Log.error("Unable to grant role '#{new_resource.role_name}' to user '#{new_resource.user_name}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end +end + +action :create_ec2_credentials do + begin + tenant_uuid = identity_uuid new_resource, "tenant", "name", new_resource.tenant_name + unless tenant_uuid + Chef::Log.error("Unable to find tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(false) + next + end + + user_uuid = identity_uuid new_resource, "user", "name", new_resource.user_name, {'tenant-id' => tenant_uuid} + unless tenant_uuid + Chef::Log.error("Unable to find user '#{new_resource.user_name}'") + new_resource.updated_by_last_action(false) + next + end + + # this is not really a uuid, but this will work nonetheless + access = identity_uuid new_resource, "ec2-credentials", "tenant", new_resource.tenant_name, {'user-id' => user_uuid}, "access" + unless access + output = identity_command new_resource, "ec2-credentials-create", + { 'user-id' => user_uuid, + 'tenant-id' => tenant_uuid } + Chef::Log.info("Created EC2 Credentials for User '#{new_resource.user_name}' in Tenant '#{new_resource.tenant_name}'") + data = prettytable_to_array(output) + + if data.length != 1 + Chef::Log.error("Got bad data when creating ec2 credentials for #{new_resource.user_name}") + Chef::Log.error("Data: #{data}") + else + # Update node attributes + node.set['credentials']['EC2'][new_resource.user_name]['access'] = data[0]['access'] + node.set['credentials']['EC2'][new_resource.user_name]['secret'] = data[0]['secret'] + node.save unless Chef::Config[:solo] + new_resource.updated_by_last_action(true) + end + else + Chef::Log.info("EC2 credentials already exist for '#{new_resource.user_name}' in tenant '#{new_resource.tenant_name}'") + new_resource.updated_by_last_action(false) + end + rescue Exception => e + Chef::Log.error("Unable to create EC2 Credentials for User '#{new_resource.user_name}' in Tenant '#{new_resource.tenant_name}'") + Chef::Log.error("Error was: #{e.message}") + new_resource.updated_by_last_action(false) + end +end + + + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/default.rb new file mode 100644 index 000000000..9c0e915c3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: openstack-identity +# Recipe:: default +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/registration.rb new file mode 100644 index 000000000..dbbd11f55 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/registration.rb @@ -0,0 +1,171 @@ +# +# Cookbook Name:: openstack-identity +# Recipe:: setup +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +identity_admin_endpoint = endpoint "identity-admin" +identity_endpoint = endpoint "identity-api" + +admin_tenant_name = node["openstack"]["identity"]["admin_tenant_name"] +admin_user = node["openstack"]["identity"]["admin_user"] +admin_pass = user_password node["openstack"]["identity"]["admin_user"] +auth_uri = ::URI.decode identity_admin_endpoint.to_s + +bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" + +# We need to bootstrap the keystone admin user so that calls +# to keystone_register will succeed, since those provider calls +# use the admin tenant/user/pass to get an admin token. +bash "bootstrap-keystone-admin" do + # A shortcut bootstrap command was added to python-keystoneclient + # in early Grizzly timeframe... but we need to do all the commands + # here manually since the python-keystoneclient package included + # in CloudArchive (for now) doesn't have it... + insecure = node["openstack"]["auth"]["validate_certs"] ? "" : " --insecure" + base_ks_cmd = "keystone#{insecure} --endpoint=#{auth_uri} --token=#{bootstrap_token}" + code <<-EOF +set -x +function get_id () { + echo `"$@" | grep ' id ' | awk '{print $4}'` +} +#{base_ks_cmd} tenant-list | grep #{admin_tenant_name} +if [[ $? -eq 1 ]]; then + ADMIN_TENANT=$(get_id #{base_ks_cmd} tenant-create --name=#{admin_tenant_name}) +else + ADMIN_TENANT=$(#{base_ks_cmd} tenant-list | grep #{admin_tenant_name} | awk '{print $2}') +fi +#{base_ks_cmd} role-list | grep admin +if [[ $? -eq 1 ]]; then + ADMIN_ROLE=$(get_id #{base_ks_cmd} role-create --name=admin) +else + ADMIN_ROLE=$(#{base_ks_cmd} role-list | grep admin | awk '{print $2}') +fi +#{base_ks_cmd} user-list | grep #{admin_user} +if [[ $? -eq 1 ]]; then + ADMIN_USER=$(get_id #{base_ks_cmd} user-create --name=#{admin_user} --pass="#{admin_pass}" --email=#{admin_user}@example.com) +else + ADMIN_USER=$(#{base_ks_cmd} user-list | grep #{admin_user} | awk '{print $2}') +fi +#{base_ks_cmd} user-role-list --user-id=$ADMIN_USER --tenant-id=$ADMIN_TENANT | grep admin +if [[ $? -eq 1 ]]; then + #{base_ks_cmd} user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT +fi +exit 0 +EOF +end + +# Register all the tenants specified in the users hash +node["openstack"]["identity"]["users"].values.map do |user_info| + user_info["roles"].values.push(user_info["default_tenant"]) +end.flatten.uniq.each do |tenant_name| + openstack_identity_register "Register '#{tenant_name}' Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name tenant_name + tenant_description "#{tenant_name} Tenant" + + action :create_tenant + end +end + +# Register all the roles from the users hash +node["openstack"]["identity"]["users"].values.map do |user_info| + user_info["roles"].keys +end.flatten.uniq.each do |role_name| + openstack_identity_register "Register '#{role_name.to_s}' Role" do + auth_uri auth_uri + bootstrap_token bootstrap_token + role_name role_name + + action :create_role + end +end + +node["openstack"]["identity"]["users"].each do |username, user_info| + openstack_identity_register "Register '#{username}' User" do + auth_uri auth_uri + bootstrap_token bootstrap_token + user_name username + user_pass user_info["password"] + tenant_name user_info["default_tenant"] + user_enabled true # Not required as this is the default + + action :create_user + end + + user_info["roles"].each do |rolename, tenant_list| + tenant_list.each do |tenantname| + openstack_identity_register "Grant '#{rolename}' Role to '#{username}' User in '#{tenantname}' Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + user_name username + role_name rolename + tenant_name tenantname + + action :grant_role + end + end + end +end + +openstack_identity_register "Register Identity Service" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name "keystone" + service_type "identity" + service_description "Keystone Identity Service" + + action :create_service +end + +node.set["openstack"]["identity"]["adminURL"] = identity_admin_endpoint.to_s +node.set["openstack"]["identity"]["internalURL"] = identity_endpoint.to_s +node.set["openstack"]["identity"]["publicURL"] = identity_endpoint.to_s + +Chef::Log.info "Keystone AdminURL: #{identity_admin_endpoint.to_s}" +Chef::Log.info "Keystone InternalURL: #{identity_endpoint.to_s}" +Chef::Log.info "Keystone PublicURL: #{identity_endpoint.to_s}" + +openstack_identity_register "Register Identity Endpoint" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_type "identity" + endpoint_region node["openstack"]["identity"]["region"] + endpoint_adminurl node["openstack"]["identity"]["adminURL"] + endpoint_internalurl node["openstack"]["identity"]["adminURL"] + endpoint_publicurl node["openstack"]["identity"]["publicURL"] + + action :create_endpoint +end + +node["openstack"]["identity"]["users"].each do |username, user_info| + openstack_identity_register "Create EC2 credentials for '#{username}' user" do + auth_uri auth_uri + bootstrap_token bootstrap_token + user_name username + tenant_name user_info["default_tenant"] + + action :create_ec2_credentials + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/server.rb new file mode 100644 index 000000000..498e64ce4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/recipes/server.rb @@ -0,0 +1,169 @@ +# +# Cookbook Name:: openstack-identity +# Recipe:: server +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, Opscode, Inc. +# Copyright 2013 SUSE LINUX Products GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +if node["openstack"]["identity"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform_options = node["openstack"]["identity"]["platform"] + +db_type = node['openstack']['db']['identity']['db_type'] +platform_options["#{db_type}_python_packages"].each do |pkg| + package pkg do + action :install + end +end + +platform_options["memcache_python_packages"].each do |pkg| + package pkg do + action :install + end +end + +platform_options["keystone_packages"].each do |pkg| + package pkg do + options platform_options["package_options"] + + action :upgrade + end +end + +execute "Keystone: sleep" do + command "sleep 10s" + + action :nothing +end + +service "keystone" do + service_name platform_options["keystone_service"] + supports :status => true, :restart => true + + action [ :enable ] + + notifies :run, "execute[Keystone: sleep]", :immediately +end + +directory "/etc/keystone" do + owner node["openstack"]["identity"]["user"] + group node["openstack"]["identity"]["group"] + mode 00700 +end + +directory node["openstack"]["identity"]["signing"]["basedir"] do + owner node["openstack"]["identity"]["user"] + group node["openstack"]["identity"]["group"] + mode 00700 + + only_if { node["openstack"]["auth"]["strategy"] == "pki" } +end + +file "/var/lib/keystone/keystone.db" do + action :delete +end + +execute "keystone-manage pki_setup" do + user node["openstack"]["identity"]["user"] + + only_if { node["openstack"]["auth"]["strategy"] == "pki" } + not_if { ::FileTest.exists? node["openstack"]["identity"]["signing"]["keyfile"] } +end + +identity_admin_endpoint = endpoint "identity-admin" +identity_endpoint = endpoint "identity-api" +compute_endpoint = endpoint "compute-api" +ec2_endpoint = endpoint "compute-ec2-api" +image_endpoint = endpoint "image-api" +network_endpoint = endpoint "network-api" +volume_endpoint = endpoint "volume-api" + +db_user = node["openstack"]["identity"]["db"]["username"] +db_pass = db_password "keystone" +sql_connection = db_uri("identity", db_user, db_pass) + +bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" + +ip_address = address_for node["openstack"]["identity"]["bind_interface"] + +# If the search role is set, we search for memcache +# servers via a Chef search. If not, we look at the +# memcache.servers attribute. +memcache_servers = memcached_servers.join "," # from openstack-common lib + +uris = { + 'identity-admin' => identity_admin_endpoint.to_s.gsub('%25','%'), + 'identity' => identity_endpoint.to_s.gsub('%25','%'), + 'image' => image_endpoint.to_s.gsub('%25','%'), + 'compute' => compute_endpoint.to_s.gsub('%25','%'), + 'ec2' => ec2_endpoint.to_s.gsub('%25','%'), + 'network' => network_endpoint.to_s.gsub('%25','%'), + 'volume' => volume_endpoint.to_s.gsub('%25','%') +} + +# These configuration endpoints must not have the path (v2.0, etc) +# added to them, as these values are used in returning the version +# listing information from the root / endpoint. +ie = identity_endpoint +public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/" +ae = identity_admin_endpoint +admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/" + +template "/etc/keystone/keystone.conf" do + source "keystone.conf.erb" + owner node["openstack"]["identity"]["user"] + group node["openstack"]["identity"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection, + :ip_address => ip_address, + "bootstrap_token" => bootstrap_token, + "memcache_servers" => memcache_servers, + "uris" => uris, + "public_endpoint" => public_endpoint, + "admin_endpoint" => admin_endpoint, + "ldap" => node["openstack"]["identity"]["ldap"] + ) + + notifies :restart, "service[keystone]", :immediately +end + +template "/etc/keystone/default_catalog.templates" do + source "default_catalog.templates.erb" + owner node["openstack"]["identity"]["user"] + group node["openstack"]["identity"]["group"] + mode 00644 + variables( + "uris" => uris + ) + + notifies :restart, "service[keystone]", :immediately + only_if { node["openstack"]["identity"]["catalog"]["backend"] == "templated" } +end + +# sync db after keystone.conf is generated +execute "keystone-manage db_sync" do + only_if { node["openstack"]["identity"]["db"]["migrate"] } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/resources/register.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/resources/register.rb new file mode 100644 index 000000000..2e6b0866c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/resources/register.rb @@ -0,0 +1,61 @@ +# +# Cookbook Name:: openstack-identity +# Resource:: register +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create_service, :create_endpoint, :create_tenant, :create_user, :create_role, :grant_role, :create_ec2_credentials + +# In earlier versions of Chef the LWRP DSL doesn't support specifying +# a default action, so you need to drop into Ruby. +def initialize(*args) + super + @action = :create +end + +Boolean = [TrueClass, FalseClass] + +attribute :auth_uri, :kind_of => String +attribute :bootstrap_token, :kind_of => String + +# Used by both :create_service and :create_endpoint +attribute :service_type, :kind_of => String, :equal_to => [ "image", "identity", "compute", "storage", "ec2", "volume", "object-store", "metering", "network" ] + +# :create_service specific attributes +attribute :service_name, :kind_of => String +attribute :service_description, :kind_of => String + +# :create_endpoint specific attributes +attribute :endpoint_region, :kind_of => String, :default => "RegionOne" +attribute :endpoint_adminurl, :kind_of => String +attribute :endpoint_internalurl, :kind_of => String +attribute :endpoint_publicurl, :kind_of => String + +# Used by both :create_tenant and :create_user +attribute :tenant_name, :kind_of => String + +# :create_tenant specific attributes +attribute :tenant_description, :kind_of => String +attribute :tenant_enabled, :kind_of => Boolean, :default => true + +# :create_user specific attributes +attribute :user_name, :kind_of => String +attribute :user_pass, :kind_of => String +# attribute :user_email, :kind_of => String +attribute :user_enabled, :kind_of => Boolean, :default => true + +# Used by :create_role and :grant_role specific attributes +attribute :role_name, :kind_of => String diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/default_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/default_spec.rb new file mode 100644 index 000000000..808fe79f9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/default_spec.rb @@ -0,0 +1,4 @@ +require_relative "spec_helper" + +describe "openstack-identity::default" do +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/register_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/register_spec.rb new file mode 100644 index 000000000..04e6a3be8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/register_spec.rb @@ -0,0 +1,215 @@ +require_relative "spec_helper" + +describe Chef::Provider::Execute do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-identity::default" + @node = @chef_run.node + @node.set["openstack"] = { + "identity" => { + "catalog" => { + "backend" => "sql" + } + } + } + @cookbook_collection = Chef::CookbookCollection.new([]) + @events = Chef::EventDispatch::Dispatcher.new + @run_context = Chef::RunContext.new(@node, @cookbook_collection, @events) + + @tenant_resource = Chef::Resource::OpenstackIdentityRegister.new("tenant1", @run_context) + @tenant_resource.tenant_name "tenant1" + @tenant_resource.tenant_description "tenant1 Tenant" + + @service_resource = Chef::Resource::OpenstackIdentityRegister.new("service1", @run_context) + @service_resource.service_type "compute" + @service_resource.service_name "service1" + @service_resource.service_description "service1 Service" + + @endpoint_resource = Chef::Resource::OpenstackIdentityRegister.new("endpoint1", @run_context) + @endpoint_resource.endpoint_region "Region One" + @endpoint_resource.service_type "compute" + @endpoint_resource.endpoint_publicurl "http://public" + @endpoint_resource.endpoint_internalurl "http://internal" + @endpoint_resource.endpoint_adminurl "http://admin" + + @role_resource = Chef::Resource::OpenstackIdentityRegister.new("role1", @run_context) + @role_resource.role_name "role1" + + @user_resource = Chef::Resource::OpenstackIdentityRegister.new("user1", @run_context) + @user_resource.user_name "user1" + @user_resource.tenant_name "tenant1" + @user_resource.user_pass "password" + + @grant_resource = Chef::Resource::OpenstackIdentityRegister.new("grant1", @run_context) + @grant_resource.user_name "user1" + @grant_resource.tenant_name "tenant1" + @grant_resource.role_name "role1" + + @ec2_resource = Chef::Resource::OpenstackIdentityRegister.new("ec2", @run_context) + @ec2_resource.user_name "user1" + @ec2_resource.tenant_name "tenant1" + end + + it "should create a tenant" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@tenant_resource, @run_context) + provider.stub!(:identity_uuid).with(@tenant_resource, "tenant", "name", "tenant1") + provider.stub!(:identity_command).with(@tenant_resource, "tenant-create", + {"name" => "tenant1", "description" => "tenant1 Tenant", "enabled" => true}) + provider.run_action(:create_tenant) + @tenant_resource.should be_updated + end + it "should not create a new tenant if already exists" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@tenant_resource, @run_context) + provider.stub!(:identity_uuid).with(@tenant_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.run_action(:create_tenant) + @tenant_resource.should_not be_updated + end + it "should create a service" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@service_resource, @run_context) + provider.stub!(:identity_uuid).with(@service_resource, "service", "type", "compute") + provider.stub!(:identity_command).with(@service_resource, "service-create", + {"type" => "compute", "name" => "service1", "description" => "service1 Service"}) + provider.run_action(:create_service) + @service_resource.should be_updated + end + it "should not create a service if already exists" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@service_resource, @run_context) + provider.stub!(:identity_uuid).with(@service_resource, "service", "type", "compute").and_return("1234567890ABCDEFGH") + provider.run_action(:create_service) + @service_resource.should_not be_updated + end + it "should not create a service if using a templated backend" do + node = Chef::Node.new + node.set["openstack"] = {"identity" => {"catalog" => { "backend" => "templated" }} } + cookbook_collection = Chef::CookbookCollection.new([]) + events = Chef::EventDispatch::Dispatcher.new + run_context = Chef::RunContext.new(node, cookbook_collection, events) + provider = Chef::Provider::OpenstackIdentityRegister.new(@service_resource, run_context) + provider.run_action(:create_service) + @service_resource.should_not be_updated + end + it "should create an endpoint" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@endpoint_resource, @run_context) + provider.stub!(:identity_uuid).with(@endpoint_resource, "service", "type", "compute").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_uuid).with(@endpoint_resource, "endpoint", "service_id", "1234567890ABCDEFGH") + provider.stub!(:identity_command).with(@endpoint_resource, "endpoint-create", { + "region" => "Region One", "service_id" => "1234567890ABCDEFGH", "publicurl" => "http://public", + "internalurl" => "http://internal", "adminurl" => "http://admin"}) + provider.run_action(:create_endpoint) + @endpoint_resource.should be_updated + end + it "should not create a endpoint if already exists" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@endpoint_resource, @run_context) + provider.stub!(:identity_uuid).with(@endpoint_resource, "service", "type", "compute").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_uuid).with(@endpoint_resource, "endpoint", "service_id", "1234567890ABCDEFGH").and_return("0987654321HGFEDCBA") + provider.run_action(:create_endpoint) + @endpoint_resource.should_not be_updated + end + it "should not create an endpoint if using a templated backend" do + node = Chef::Node.new + node.set["openstack"] = {"identity" => {"catalog" => { "backend" => "templated" }} } + cookbook_collection = Chef::CookbookCollection.new([]) + events = Chef::EventDispatch::Dispatcher.new + run_context = Chef::RunContext.new(node, cookbook_collection, events) + provider = Chef::Provider::OpenstackIdentityRegister.new(@endpoint_resource, run_context) + provider.run_action(:create_endpoint) + @endpoint_resource.should_not be_updated + end + it "should create a role" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@role_resource, @run_context) + provider.stub!(:identity_uuid).with(@role_resource, "role", "name", "role1") + provider.stub!(:identity_command).with(@role_resource, "role-create", {"name" => "role1"}) + provider.run_action(:create_role) + @role_resource.should be_updated + end + it "should not create a role if already exists" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@role_resource, @run_context) + provider.stub!(:identity_uuid).with(@role_resource, "role", "name", "role1").and_return("1234567890ABCDEFGH") + provider.run_action(:create_role) + @role_resource.should_not be_updated + end + it "should create a user" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@user_resource, @run_context) + provider.stub!(:identity_uuid).with(@user_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_command).with(@user_resource, "user-list", {"tenant-id" => "1234567890ABCDEFGH"}) + provider.stub!(:identity_command).with(@user_resource, "user-create", + {"name" => "user1", "tenant-id" => "1234567890ABCDEFGH", "pass" => "password", "enabled" => true}) + provider.stub!(:prettytable_to_array).and_return([]) + provider.run_action(:create_user) + @user_resource.should be_updated + end + it "should not create a user if already exists" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@user_resource, @run_context) + provider.stub!(:identity_uuid).with(@user_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_command).with(@user_resource, "user-list", {"tenant-id" => "1234567890ABCDEFGH"}) + provider.stub!(:prettytable_to_array).and_return([{"name" => "user1"}]) + provider.stub!(:identity_uuid).with(@user_resource, "user", "name", "user1").and_return("HGFEDCBA0987654321") + provider.run_action(:create_user) + @user_resource.should_not be_updated + end + it "should grant a role" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@grant_resource, @run_context) + provider.stub!(:identity_uuid).with(@grant_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_uuid).with(@grant_resource, "user", "name", "user1").and_return("HGFEDCBA0987654321") + provider.stub!(:identity_uuid).with(@grant_resource, "role", "name", "role1").and_return("ABC1234567890DEF") + provider.stub!(:identity_uuid).with(@grant_resource, "user-role", "name", "role1", + { "tenant-id" => "1234567890ABCDEFGH", "user-id" => "HGFEDCBA0987654321" }).and_return("ABCD1234567890EFGH") + provider.stub!(:identity_command).with(@grant_resource, "user-role-add", + {"tenant-id" => "1234567890ABCDEFGH", "role-id" => "ABC1234567890DEF", "user-id" => "HGFEDCBA0987654321"}) + provider.run_action(:grant_role) + @grant_resource.should be_updated + end + it "should not grant a role if already granted" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@grant_resource, @run_context) + provider.stub!(:identity_uuid).with(@grant_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_uuid).with(@grant_resource, "user", "name", "user1").and_return("HGFEDCBA0987654321") + provider.stub!(:identity_uuid).with(@grant_resource, "role", "name", "role1").and_return("ABC1234567890DEF") + provider.stub!(:identity_uuid).with(@grant_resource, "user-role", "name", "role1", + {"tenant-id" => "1234567890ABCDEFGH", "user-id" => "HGFEDCBA0987654321" }).and_return("ABC1234567890DEF") + provider.stub!(:identity_command).with(@grant_resource, "user-role-add", + {"tenant-id" => "1234567890ABCDEFGH", "role-id" => "ABC1234567890DEF", "user-id" => "HGFEDCBA0987654321"}) + provider.run_action(:grant_role) + @grant_resource.should_not be_updated + end + it "should grant ec2 creds" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@ec2_resource, @run_context) + provider.stub!(:identity_uuid).with(@ec2_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_uuid).with(@ec2_resource, "user", "name", "user1", + {"tenant-id" => "1234567890ABCDEFGH"}).and_return("HGFEDCBA0987654321") + provider.stub!(:identity_uuid).with(@ec2_resource, "ec2-credentials", "tenant", "tenant1", + {"user-id" => "HGFEDCBA0987654321"}, "access") + provider.stub!(:identity_command).with(@ec2_resource, "ec2-credentials-create", + {"user-id" => "HGFEDCBA0987654321", "tenant-id" => "1234567890ABCDEFGH"}) + provider.stub!(:prettytable_to_array).and_return([{"access" => "access", "secret" => "secret"}]) + provider.run_action(:create_ec2_credentials) + @ec2_resource.should be_updated + end + it "should grant ec2 creds if they already exist" do + provider = Chef::Provider::OpenstackIdentityRegister.new(@ec2_resource, @run_context) + provider.stub!(:identity_uuid).with(@ec2_resource, "tenant", "name", "tenant1").and_return("1234567890ABCDEFGH") + provider.stub!(:identity_uuid).with(@ec2_resource, "user", "name", "user1", + {"tenant-id" => "1234567890ABCDEFGH"}).and_return("HGFEDCBA0987654321") + provider.stub!(:identity_uuid).with(@ec2_resource, "ec2-credentials", "tenant", "tenant1", + {"user-id" => "HGFEDCBA0987654321"}, "access").and_return("ABC1234567890DEF") + provider.run_action(:create_ec2_credentials) + @ec2_resource.should_not be_updated + end + + describe "#identity_command" do + it "should handle false values and long descriptions" do + provider = Chef::Provider::OpenstackIdentityRegister.new( + @user_resource, @run_context) + + provider.stub!(:shell_out).with( + ["keystone", "user-create", "--enabled", "false", + "--description", "more than one word"], + {:env => {"OS_SERVICE_ENDPOINT" => nil, "OS_SERVICE_TOKEN" => nil}} + ).and_return double("shell_out", :exitstatus => 0, :stdout => "good") + + provider.send( + :identity_command, @user_resource, "user-create", + {"enabled" => false, "description" => "more than one word"} + ).should eq "good" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/registration_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/registration_spec.rb new file mode 100644 index 000000000..0ca3eae8e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/registration_spec.rb @@ -0,0 +1,190 @@ +require_relative "spec_helper" + +describe "openstack-identity::registration" do + before { identity_stubs } + + describe "ubuntu" do + let(:chef_run) { + runner = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + runner.converge "openstack-identity::registration" + } + + let(:chef_run_test_users) { + runner = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + runner.node.set["openstack"]["identity"]["users"] = { + "user1" => { + "default_tenant" => "default_tenant1", + "password" => "secret1", + "roles" => { + "role1" => [ "role_tenant1" ], + "role2" => [ "default_tenant1" ] + } + }, + } + runner.converge "openstack-identity::registration" + } + + describe "tenant registration" do + context "default tenants" do + ["admin", "service"].each do |tenant_name| + it "registers the #{tenant_name} tenant" do + resource = chef_run.find_resource( + "openstack-identity_register", + "Register '#{tenant_name}' Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => tenant_name, + :tenant_description => "#{tenant_name} Tenant", + :action => [:create_tenant] + ) + end + end + end + + context "configured tenants from users attribute" do + tenants = ["default_tenant1", "role_tenant1"] + + tenants.each do |tenant_name| + it "registers the #{tenant_name} tenant" do + resource = chef_run_test_users.find_resource( + "openstack-identity_register", + "Register '#{tenant_name}' Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => tenant_name, + :tenant_description => "#{tenant_name} Tenant", + :action => [:create_tenant] + ) + end + end + end + end + + describe "role registration" do + context "default roles" do + ["admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin" + ].each do |role_name| + it "registers the #{role_name} role" do + resource = chef_run.find_resource( + "openstack-identity_register", + "Register '#{role_name}' Role" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :role_name => role_name, + :action => [:create_role] + ) + end + end + end + + context "configured roles derived from users attribute" do + + roles = ["role1", "role2"] + + roles.each do |role_name| + it "registers the #{role_name} role" do + resource = chef_run_test_users.find_resource( + "openstack-identity_register", + "Register '#{role_name}' Role" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :role_name => role_name, + :action => [:create_role] + ) + end + end + end + end + + describe "user registration" do + context "default users" do + [ + ["admin", "admin", ["admin", "KeystoneAdmin", "KeystoneServiceAdmin"]], + ["monitoring", "service", ["Member"]] + ].each do |user, tenant, roles| + context "#{user} user" do + it "registers the #{user} user" do + user_resource = chef_run.find_resource( + "openstack-identity_register", + "Register '#{user}' User" + ).to_hash + + expect(user_resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :user_name => user, + :user_pass => nil, + :tenant_name => tenant, + :action => [:create_user] + ) + end + + roles.each do |role| + it "grants '#{role}' role to '#{user}' user in 'admin' tenant" do + grant_resource = chef_run.find_resource( + "openstack-identity_register", + "Grant '#{role}' Role to '#{user}' User in 'admin' Tenant" + ).to_hash + + expect(grant_resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :user_name => user, + :role_name => role, + :tenant_name => "admin", + :action => [:grant_role] + ) + end + end + end + end + end + + context "configured user" do + it "registers the user1 user" do + resource = chef_run_test_users.find_resource( + "openstack-identity_register", + "Register 'user1' User" + ).to_hash + + expect(resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :user_name => "user1", + :user_pass => "secret1", + :tenant_name => "default_tenant1", + :action => [:create_user] + ) + end + + it "grants 'role1' role to 'user1' user in 'role_tenant1' tenant" do + grant_resource = chef_run_test_users.find_resource( + "openstack-identity_register", + "Grant 'role1' Role to 'user1' User in 'role_tenant1' Tenant" + ).to_hash + + expect(grant_resource).to include( + :auth_uri => "https://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :user_name => "user1", + :role_name => "role1", + :tenant_name => "role_tenant1", + :action => [:grant_role] + ) + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-opensuse_spec.rb new file mode 100644 index 000000000..77e18ea59 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-opensuse_spec.rb @@ -0,0 +1,115 @@ +require_relative "spec_helper" + +describe "openstack-identity::server" do + before { identity_stubs } + describe "suse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-identity::server" + end + + it "installs mysql python packages" do + expect(@chef_run).to install_package "python-mysql" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["openstack"]["db"]["identity"]["db_type"] = "postgresql" + end + chef_run.converge "openstack-identity::server" + + expect(chef_run).to install_package "python-psycopg2" + end + + it "installs memcache python packages" do + expect(@chef_run).to install_package "python-python-memcached" + end + + it "installs keystone packages" do + expect(@chef_run).to upgrade_package "openstack-keystone" + end + + it "starts keystone on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-keystone" + end + + describe "/etc/keystone" do + before do + @dir = @chef_run.directory "/etc/keystone" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "openstack-keystone", "openstack-keystone" + end + end + + describe "/etc/keystone/ssl" do + before do + opts = ::OPENSUSE_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["openstack"]["auth"]["strategy"] = "pki" + end + chef_run.converge "openstack-identity::server" + @dir = chef_run.directory "/etc/keystone/ssl" + end + + it "has proper owner" do + expect(@dir). + to be_owned_by "openstack-keystone", "openstack-keystone" + end + end + + it "deletes keystone.db" do + expect(@chef_run).to delete_file "/var/lib/keystone/keystone.db" + end + + it "runs pki setup" do + opts = ::OPENSUSE_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["openstack"]["auth"]["strategy"] = "pki" + end + chef_run.converge "openstack-identity::server" + cmd = "keystone-manage pki_setup" + + expect(chef_run).to execute_command(cmd).with( + :user => "openstack-keystone" + ) + end + + describe "keystone.conf" do + before do + @template = @chef_run.template "/etc/keystone/keystone.conf" + end + + it "has proper owner" do + expect(@template). + to be_owned_by "openstack-keystone", "openstack-keystone" + end + + it "template contents" do + pending "TODO: implement" + end + end + + describe "default_catalog.templates" do + before do + opts = ::OPENSUSE_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["openstack"]["identity"]["catalog"]["backend"] = "templated" + end + chef_run.converge "openstack-identity::server" + @template = chef_run. + template "/etc/keystone/default_catalog.templates" + end + + it "has proper owner" do + expect(@template). + to be_owned_by "openstack-keystone", "openstack-keystone" + end + + it "template contents" do + pending "TODO: implement" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-redhat_spec.rb new file mode 100644 index 000000000..7061d33df --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server-redhat_spec.rb @@ -0,0 +1,36 @@ +require_relative "spec_helper" + +describe "openstack-identity::server" do + before { identity_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-identity::server" + end + + it "installs mysql python packages" do + expect(@chef_run).to install_package "MySQL-python" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS do |n| + n.set["openstack"]["db"]["identity"]["db_type"] = "postgresql" + end + chef_run.converge "openstack-identity::server" + + expect(chef_run).to install_package "python-psycopg2" + end + + it "installs memcache python packages" do + expect(@chef_run).to install_package "python-memcached" + end + + it "installs keystone packages" do + expect(@chef_run).to upgrade_package "openstack-keystone" + end + + it "starts keystone on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-keystone" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server_spec.rb new file mode 100644 index 000000000..842aa6d62 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/server_spec.rb @@ -0,0 +1,312 @@ +require_relative "spec_helper" + +describe "openstack-identity::server" do + before { identity_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["identity"]["syslog"]["use"] = true + n.set["openstack"]["endpoints"]["identity-api"] = { + "host" => "127.0.1.1", + "port" => "5000", + "scheme" => "https" + } + n.set["openstack"]["endpoints"]["identity-admin"] = { + "host" => "127.0.1.1", + "port" => "35357", + "scheme" => "https" + } + end + @chef_run.converge "openstack-identity::server" + end + + it "runs logging recipe if node attributes say to" do + expect(@chef_run).to include_recipe "openstack-common::logging" + end + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-identity::server" + + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + it "installs mysql python packages" do + expect(@chef_run).to install_package "python-mysqldb" + end + + it "installs postgresql python packages if explicitly told" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["db"]["identity"]["db_type"] = "postgresql" + chef_run.converge "openstack-identity::server" + + expect(chef_run).to install_package "python-psycopg2" + end + + it "installs memcache python packages" do + expect(@chef_run).to install_package "python-memcache" + end + + it "installs keystone packages" do + expect(@chef_run).to upgrade_package "keystone" + end + + it "starts keystone on boot" do + expect(@chef_run).to set_service_to_start_on_boot "keystone" + end + + it "sleep on keystone service enable" do + expect(@chef_run.service("keystone")). + to notify "execute[Keystone: sleep]", :run + end + + describe "/etc/keystone" do + before do + @dir = @chef_run.directory "/etc/keystone" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "keystone", "keystone" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end + + describe "/etc/keystone/ssl" do + before { @dir = "/etc/keystone/ssl" } + + describe "without pki" do + it "doesn't create" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-identity::server" + + expect(chef_run).not_to create_directory @dir + end + end + + describe "with pki" do + before do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + @chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["openstack"]["auth"]["strategy"] = "pki" + end + @chef_run.converge "openstack-identity::server" + @directory = @chef_run.directory @dir + end + + it "creates" do + expect(@chef_run).to create_directory @directory.name + end + + it "has proper owner" do + expect(@directory).to be_owned_by "keystone", "keystone" + end + + it "has proper modes" do + expect(sprintf("%o", @directory.mode)).to eq "700" + end + end + end + + it "deletes keystone.db" do + expect(@chef_run).to delete_file "/var/lib/keystone/keystone.db" + end + + describe "pki setup" do + before { @cmd = "keystone-manage pki_setup" } + + describe "without pki" do + it "doesn't execute" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + + expect(chef_run).not_to execute_command(@cmd).with( + :user => "keystone" + ) + end + end + + describe "with pki" do + before do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + @chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["openstack"]["auth"]["strategy"] = "pki" + end + end + + it "executes" do + ::FileTest.should_receive(:exists?). + with("/etc/keystone/ssl/private/signing_key.pem"). + and_return(false) + @chef_run.converge "openstack-identity::server" + + expect(@chef_run).to execute_command(@cmd).with( + :user => "keystone" + ) + end + + it "doesn't execute when dir exists" do + ::FileTest.should_receive(:exists?). + with("/etc/keystone/ssl/private/signing_key.pem"). + and_return(true) + @chef_run.converge "openstack-identity::server" + + expect(@chef_run).not_to execute_command(@cmd).with( + :user => "keystone" + ) + end + end + end + + describe "keystone.conf" do + before do + @template = @chef_run.template "/etc/keystone/keystone.conf" + end + + it "has proper owner" do + expect(@template).to be_owned_by "keystone", "keystone" + end + + it "has proper modes" do + expect(sprintf("%o", @template.mode)).to eq "644" + end + + it "has bind host" do + expect(@chef_run).to create_file_with_content @template.name, + "bind_host = 127.0.1.1" + end + + it "has proper public and admin endpoint" do + expect(@chef_run).to create_file_with_content @template.name, + "public_endpoint = https://127.0.1.1:5000/" + expect(@chef_run).to create_file_with_content @template.name, + "admin_endpoint = https://127.0.1.1:35357/" + end + + it "notifies keystone restart" do + expect(@template).to notify "service[keystone]", :restart + end + + describe "optional LDAP attributes" do + optional_attrs = ["group_tree_dn", "group_filter", + "user_filter", "user_tree_dn", "user_enabled_emulation_dn", + "group_attribute_ignore", "role_attribute_ignore", + "role_tree_dn", "role_filter", "tenant_tree_dn", + "tenant_enabled_emulation_dn", "tenant_filter", + "tenant_attribute_ignore"] + + optional_attrs.each do |setting| + it "does not have the optional #{setting} LDAP attribute" do + expect(@chef_run).not_to( + create_file_with_content( + @template.name, /^#{Regexp.quote(setting)} =/)) + end + + it "has the optional #{setting} LDAP attribute commented out" do + expect(@chef_run).to( + create_file_with_content( + @template.name, /^# #{Regexp.quote(setting)} =$/)) + end + end + end + + ["url", "user", "suffix", "use_dumb_member", + "allow_subtree_delete", "dumb_member", "page_size", + "alias_dereferencing", "query_scope", "user_objectclass", + "user_id_attribute", "user_name_attribute", + "user_mail_attribute", "user_pass_attribute", + "user_enabled_attribute", "user_domain_id_attribute", + "user_attribute_ignore", "user_enabled_mask", + "user_enabled_default", "user_allow_create", + "user_allow_update", "user_allow_delete", + "user_enabled_emulation", "tenant_objectclass", + "tenant_id_attribute", "tenant_member_attribute", + "tenant_name_attribute", "tenant_desc_attribute", + "tenant_enabled_attribute", "tenant_domain_id_attribute", + "tenant_allow_create", "tenant_allow_update", + "tenant_allow_delete", "tenant_enabled_emulation", + "role_objectclass", "role_id_attribute", "role_name_attribute", + "role_member_attribute", "role_allow_create", + "role_allow_update", "role_allow_delete", "group_objectclass", + "group_id_attribute", "group_name_attribute", + "group_member_attribute", "group_desc_attribute", + "group_domain_id_attribute", "group_allow_create", + "group_allow_update", "group_allow_delete", + ].each do |setting| + it "has a #{setting} LDAP attribute" do + expect(@chef_run).to create_file_with_content @template.name, + /^#{Regexp.quote(setting)} = \w+/ + end + end + end + + describe "default_catalog.templates" do + before { @file = "/etc/keystone/default_catalog.templates" } + + describe "without templated" do + it "doesn't create" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-identity::server" + + expect(chef_run).not_to create_file @file + end + end + + describe "with templated" do + before do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + @chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["openstack"]["identity"]["catalog"]["backend"] = "templated" + end + @chef_run.converge "openstack-identity::server" + @template = @chef_run.template @file + end + + it "creates" do + expect(@chef_run).to create_file @file + end + + it "has proper owner" do + expect(@template).to be_owned_by "keystone", "keystone" + end + + it "has proper modes" do + expect(sprintf("%o", @template.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies keystone restart" do + expect(@template).to notify "service[keystone]", :restart + end + end + end + + describe "db_sync" do + before do + @cmd = "keystone-manage db_sync" + end + + it "runs migrations" do + expect(@chef_run).to execute_command @cmd + end + + it "doesn't run migrations" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new(opts) do |n| + n.set["openstack"]["identity"]["db"]["migrate"] = false + end + chef_run.converge "openstack-identity::server" + + expect(chef_run).not_to execute_command @cmd + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/spec_helper.rb new file mode 100644 index 000000000..a160eae96 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/spec/spec_helper.rb @@ -0,0 +1,30 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def identity_stubs + ::Chef::Recipe.any_instance.stub(:address_for). + with("lo"). + and_return "127.0.1.1" + ::Chef::Recipe.any_instance.stub(:memcached_servers).and_return [] + ::Chef::Recipe.any_instance.stub(:db_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "openstack_identity_bootstrap_token"). + and_return "bootstrap-token" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/default_catalog.templates.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/default_catalog.templates.erb new file mode 100644 index 000000000..580b1a1c3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/default_catalog.templates.erb @@ -0,0 +1,29 @@ +catalog.<%= node["openstack"]["identity"]["region"] %>.identity.publicURL = <%= @uris["identity"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.identity.adminURL = <%= @uris["identity-admin"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.identity.internalURL = <%= @uris["identity"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.identity.name = Identity Service + +catalog.<%= node["openstack"]["identity"]["region"] %>.compute.publicURL = <%= @uris["compute"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.compute.adminURL = <%= @uris["compute"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.compute.internalURL = <%= @uris["compute"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.compute.name = Compute Service + +catalog.<%= node["openstack"]["identity"]["region"] %>.volume.publicURL = <%= @uris["volume"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.volume.adminURL = <%= @uris["volume"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.volume.internalURL = <%= @uris["volume"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.volume.name = Volume Service + +catalog.<%= node["openstack"]["identity"]["region"] %>.ec2.publicURL = <%= @uris["ec2"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.ec2.adminURL = <%= @uris["ec2"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.ec2.internalURL = <%= @uris["ec2"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.ec2.name = EC2 Service + +catalog.<%= node["openstack"]["identity"]["region"] %>.image.publicURL = <%= @uris["image"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.image.adminURL = <%= @uris["image"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.image.internalURL = <%= @uris["image"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.image.name = Image Service + +catalog.<%= node["openstack"]["identity"]["region"] %>.network.publicURL = <%= @uris["network"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.network.adminURL = <%= @uris["network"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.network.internalURL = <%= @uris["network"].to_s %> +catalog.<%= node["openstack"]["identity"]["region"] %>.network.name = Network Service diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/keystone.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/keystone.conf.erb new file mode 100644 index 000000000..bfe252565 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-identity/templates/default/keystone.conf.erb @@ -0,0 +1,289 @@ +<%= node["openstack"]["identity"]["custom_template_banner"] %> + +[DEFAULT] +public_port = <%= node["openstack"]["identity"]["service_port"] %> +admin_port = <%= node["openstack"]["identity"]["admin_port"] %> +admin_token = <%= @bootstrap_token %> +bind_host = <%= @ip_address %> +compute_port = 8774 +verbose = <%= node["openstack"]["identity"]["verbose"] %> +debug = <%= node["openstack"]["identity"]["debug"] %> +<% if node["openstack"]["identity"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% else %> +log_file = /var/log/keystone/keystone.log +<% end %> +public_endpoint = <%= @public_endpoint %> +admin_endpoint = <%= @admin_endpoint %> + +<% if @memcache_servers -%> +[memcache] +servers = <%= @memcache_servers %> + +<% end -%> +[sql] +connection = <%= @sql_connection %> +idle_timeout = 200 +min_pool_size = 5 +max_pool_size = 10 +pool_timeout = 200 + +[ldap] +url = <%= @ldap["url"] %> +user = <%= @ldap["user"] %> +<% if @ldap["password"] -%> +password = <%= @ldap["password"] %> +<% else -%> +# password = None +<% end -%> +suffix = <%= @ldap["suffix"] %> +use_dumb_member = <%= @ldap["use_dumb_member"] %> +allow_subtree_delete = <%= @ldap["allow_subtree_delete"] %> +dumb_member = <%= @ldap["dumb_member"] %> +page_size = <%= @ldap["page_size"] %> +alias_dereferencing = <%= @ldap["alias_dereferencing"] %> +query_scope = <%= @ldap["query_scope"] %> + +<% if @ldap["user_tree_dn"] -%> +user_tree_dn = <%= @ldap["user_tree_dn"] %> +<% else -%> +# user_tree_dn = +<% end -%> +<% if @ldap["user_filter"] -%> +user_filter = <%= @ldap["user_filter"] %> +<% else -%> +# user_filter = +<% end -%> +user_objectclass = <%= @ldap["user_objectclass"] %> +user_id_attribute = <%= @ldap["user_id_attribute"] %> +user_name_attribute = <%= @ldap["user_name_attribute"] %> +user_mail_attribute = <%= @ldap["user_mail_attribute"] %> +user_pass_attribute = <%= @ldap["user_pass_attribute"] %> +user_enabled_attribute = <%= @ldap["user_enabled_attribute"] %> +user_domain_id_attribute = <%= @ldap["user_domain_id_attribute"] %> +user_enabled_mask = <%= @ldap["user_enabled_mask"] %> +user_enabled_default = <%= @ldap["user_enabled_default"] %> +user_attribute_ignore = <%= @ldap["user_attribute_ignore"] %> +user_allow_create = <%= @ldap["user_allow_create"] %> +user_allow_update = <%= @ldap["user_allow_update"] %> +user_allow_delete = <%= @ldap["user_allow_delete"] %> +user_enabled_emulation = <%= @ldap["user_enabled_emulation"] %> +<% if @ldap["user_enabled_emulation_dn"] -%> +user_enabled_emulation_dn = <%= @ldap["user_enabled_emulation_dn"] %> +<% else -%> +# user_enabled_emulation_dn = +<% end -%> + +<% if @ldap["tenant_tree_dn"] -%> +tenant_tree_dn = <%= @ldap["tenant_tree_dn"] %> +<% else -%> +# tenant_tree_dn = +<% end -%> +<% if @ldap["tenant_filter"] -%> +tenant_filter = <%= @ldap["tenant_filter"] %> +<% else -%> +# tenant_filter = +<% end -%> +tenant_objectclass = <%= @ldap["tenant_objectclass"] %> +tenant_id_attribute = <%= @ldap["tenant_id_attribute"] %> +tenant_member_attribute = <%= @ldap["tenant_member_attribute"] %> +tenant_name_attribute = <%= @ldap["tenant_name_attribute"] %> +tenant_desc_attribute = <%= @ldap["tenant_desc_attribute"] %> +tenant_enabled_attribute = <%= @ldap["tenant_enabled_attribute"] %> +tenant_domain_id_attribute = <%= @ldap["tenant_domain_id_attribute"] %> +<% if @ldap["tenant_attribute_ignore"] -%> +tenant_attribute_ignore = <%= @ldap["tenant_attribute_ignore"] %> +<% else -%> +# tenant_attribute_ignore = +<% end -%> +tenant_allow_create = <%= @ldap["tenant_allow_create"] %> +tenant_allow_update = <%= @ldap["tenant_allow_update"] %> +tenant_allow_delete = <%= @ldap["tenant_allow_delete"] %> +tenant_enabled_emulation = <%= @ldap["tenant_enabled_emulation"] %> +<% if @ldap["tenant_enabled_emulation_dn"] -%> +tenant_enabled_emulation_dn = <%= @ldap["tenant_enabled_emulation_dn"] %> +<% else -%> +# tenant_enabled_emulation_dn = +<% end -%> + +<% if @ldap["role_tree_dn"] -%> +role_tree_dn = <%= @ldap["role_tree_dn"] %> +<% else -%> +# role_tree_dn = +<% end -%> +<% if @ldap["role_filter"] -%> +role_filter = <%= @ldap["role_filter"] %> +<% else -%> +# role_filter = +<% end -%> +role_objectclass = <%= @ldap["role_objectclass"] %> +role_id_attribute = <%= @ldap["role_id_attribute"] %> +role_name_attribute = <%= @ldap["role_name_attribute"] %> +role_member_attribute = <%= @ldap["role_member_attribute"] %> +<% if @ldap["role_attribute_ignore"] -%> +role_attribute_ignore = <%= @ldap["role_attribute_ignore"] %> +<% else -%> +# role_attribute_ignore = +<% end -%> +role_allow_create = <%= @ldap["role_allow_create"] %> +role_allow_update = <%= @ldap["role_allow_update"] %> +role_allow_delete = <%= @ldap["role_allow_delete"] %> + +<% if @ldap["group_tree_dn"] -%> +group_tree_dn = <%= @ldap["group_tree_dn"] %> +<% else -%> +# group_tree_dn = +<% end -%> +<% if @ldap["group_filter"] -%> +group_filter = <%= @ldap["group_filter"] %> +<% else -%> +# group_filter = +<% end -%> +group_objectclass = <%= @ldap["group_objectclass"] %> +group_id_attribute = <%= @ldap["group_id_attribute"] %> +group_name_attribute = <%= @ldap["group_name_attribute"] %> +group_member_attribute = <%= @ldap["group_member_attribute"] %> +group_desc_attribute = <%= @ldap["group_desc_attribute"] %> +group_domain_id_attribute = <%= @ldap["group_domain_id_attribute"] %> +<% if @ldap["group_attribute_ignore"] -%> +group_attribute_ignore = <%= @ldap["group_attribute_ignore"] %> +<% else -%> +# group_attribute_ignore = +<% end -%> +group_allow_create = <%= @ldap["group_allow_create"] %> +group_allow_update = <%= @ldap["group_allow_update"] %> +group_allow_delete = <%= @ldap["group_allow_delete"] %> + + +[identity] +driver = keystone.identity.backends.<%= node["openstack"]["identity"]["identity"]["backend"] %>.Identity + +[catalog] +<% if node["openstack"]["identity"]["catalog"]["backend"] == "templated" -%> +# templated driver uses different class name :( +driver = keystone.catalog.backends.templated.TemplatedCatalog +<% else -%> +driver = keystone.catalog.backends.<%= node["openstack"]["identity"]["catalog"]["backend"] %>.Catalog +<% end -%> +template_file = /etc/keystone/default_catalog.templates + +[token] +driver = keystone.token.backends.<%= node["openstack"]["identity"]["token"]["backend"] %>.Token + +# Amount of time a token should remain valid (in seconds) +expiration = 86400 + +[policy] +driver = keystone.policy.backends.rules.Policy + +[ec2] +driver = keystone.contrib.ec2.backends.sql.Ec2 + +[ssl] +#enable = True +#certfile = /etc/keystone/ssl/certs/keystone.pem +#keyfile = /etc/keystone/ssl/private/keystonekey.pem +#ca_certs = /etc/keystone/ssl/certs/ca.pem +#cert_required = True + +[signing] +<% if node["openstack"]["auth"]["strategy"] == "pki" -%> +token_format = PKI +certfile = <%= node["openstack"]["identity"]["signing"]["certfile"] %> +keyfile = <%= node["openstack"]["identity"]["signing"]["keyfile"] %> +ca_certs = <%= node["openstack"]["identity"]["signing"]["ca_certs"] %> +key_size = <%= node["openstack"]["identity"]["signing"]["key_size"] %> +valid_days = <%= node["openstack"]["identity"]["signing"]["valid_days"] %> +ca_password = <%= node["openstack"]["identity"]["signing"]["ca_password"] %> +<% else -%> +token_format = UUID +<% end -%> + +[auth] +methods = password,token +password = keystone.auth.plugins.password.Password +token = keystone.auth.plugins.token.Token + +[filter:debug] +paste.filter_factory = keystone.common.wsgi:Debug.factory + +[filter:token_auth] +paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory + +[filter:admin_token_auth] +paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory + +[filter:xml_body] +paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory + +[filter:json_body] +paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory + +[filter:user_crud_extension] +paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory + +[filter:crud_extension] +paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory + +[filter:ec2_extension] +paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory + +[filter:s3_extension] +paste.filter_factory = keystone.contrib.s3:S3Extension.factory + +[filter:url_normalize] +paste.filter_factory = keystone.middleware:NormalizingFilter.factory + +[filter:sizelimit] +paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory + +[filter:stats_monitoring] +paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory + +[filter:stats_reporting] +paste.filter_factory = keystone.contrib.stats:StatsExtension.factory + +[filter:access_log] +paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory + +[app:public_service] +paste.app_factory = keystone.service:public_app_factory + +[app:service_v3] +paste.app_factory = keystone.service:v3_app_factory + +[app:admin_service] +paste.app_factory = keystone.service:admin_app_factory + +[pipeline:public_api] +pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service + +[pipeline:admin_api] +pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service + +[pipeline:api_v3] +pipeline = access_log sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3 + +[app:public_version_service] +paste.app_factory = keystone.service:public_version_app_factory + +[app:admin_version_service] +paste.app_factory = keystone.service:admin_version_app_factory + +[pipeline:public_version_api] +pipeline = access_log sizelimit stats_monitoring url_normalize xml_body public_version_service + +[pipeline:admin_version_api] +pipeline = access_log sizelimit stats_monitoring url_normalize xml_body admin_version_service + +[composite:main] +use = egg:Paste#urlmap +/v2.0 = public_api +/v3 = api_v3 +/ = public_version_api + +[composite:admin] +use = egg:Paste#urlmap +/v2.0 = admin_api +/v3 = api_v3 +/ = admin_version_api diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile new file mode 100644 index 000000000..99c714558 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile @@ -0,0 +1,6 @@ +metadata + +cookbook "openstack-identity", + git: "git://github.com/stackforge/cookbook-openstack-identity.git" +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile.lock new file mode 100644 index 000000000..9b12c3ca2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Berksfile.lock @@ -0,0 +1,41 @@ +{ + "sources": { + "openstack-image": { + "path": "." + }, + "openstack-identity": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-identity.git", + "ref": "b881af26095cfa869a6970067c49597a0ee63586" + }, + "openstack-common": { + "locked_version": "0.4.2", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "6354e0280ac91b86f244923287380d66ff2f06c6" + }, + "apt": { + "locked_version": "2.0.0" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "postgresql": { + "locked_version": "3.0.2" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile new file mode 100644 index 000000000..04ef97e41 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile.lock new file mode 100644 index 000000000..dcf7d6c27 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Gemfile.lock @@ -0,0 +1,214 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.14) + i18n (~> 0.6, >= 0.6.4) + multi_json (~> 1.0) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (2.0.8) + activesupport (~> 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.9.0) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.8) + multipart-post (~> 1.2.0) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.2.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.1.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.4) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.2.0) + multi_json (1.7.7) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.9) + net-ssh (2.6.8) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.18.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.5) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.4) + rspec-expectations (2.14.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.14.2) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.8.0) + strainer (3.1.1) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.3) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + varia_model (0.1.1) + buff-extensions (~> 0.2) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/README.md new file mode 100644 index 000000000..92b7c233f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/README.md @@ -0,0 +1,166 @@ +Description +=========== + +This cookbook installs the OpenStack Image service **Glance** as part of an OpenStack reference deployment Chef for OpenStack. The http://github.com/mattray/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Glance is installed from packages, optionally populating the repository with default images. + +http://glance.openstack.org/ + +Requirements +============ + +Chef 0.10.0 or higher required (for Chef environment use). + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* openstack-common +* openstack-identity + +Usage +===== + +api +------ +- Installs the image-api server + +registry +-------- +- Installs the image-registry server + +keystone-registration +--------------------- +- Registers the API endpoint and glance service Keystone user + +The Glance cookbook currently supports file, swift, and Rackspace Cloud Files (swift API compliant) backing stores. NOTE: changing the storage location from cloudfiles to swift (and vice versa) requires that you manually export and import your stored images. + +To enable these features set the following in the default attributes section in your environment: + +Files +----- + +```json +"openstack": { + "image": { + "api": { + "default_store": "file" + }, + "upload_images": [ + "cirros" + ], + "image_upload": true + } +} +``` + +Swift +----- + +```json +"openstack": { + "image": { + "api": { + "default_store": "swift" + }, + "upload_images": [ + "cirros" + ], + "image_upload": true + } +} +``` + +Providers +========= + +image +----- + +Action: `:upload` + +- `:image_url`: Location of the image to be loaded into Glance. +- `:image_name`: A name for the image. +- `:image_type`: `qcow2` or `ami`. Defaults to `qcow2`. +- `:identity_user`: Username of the Keystone admin user. +- `:identity_pass`: Password for the Keystone admin user. +- `:identity_tenant`: Name of the Keystone admin user's tenant. +- `:identity_uri`: URI of the Identity API endpoint. + +Attributes +========== + +Attributes for the Image service are in the ['openstack']['image'] namespace. + +* `openstack['image']['verbose']` - Enables/disables verbose output for glance services. +* `openstack['image']['debug']` - Enables/disables debug output for glance services. +* `openstack['image']['identity_service_chef_role']` - The name of the Chef role that installs the Keystone Service API +* `openstack['image']['user'] - User glance runs as +* `openstack['image']['group'] - Group glance runs as +* `openstack['image']['db']['username']` - Username for glance database access +* `openstack['image']['api']['adminURL']` - Used when registering image endpoint with keystone +* `openstack['image']['api']['internalURL']` - Used when registering image endpoint with keystone +* `openstack['image']['api']['publicURL']` - Used when registering image endpoint with keystone +* `openstack['image']['service_tenant_name']` - Tenant name used by glance when interacting with keystone - used in the API and registry paste.ini files +* `openstack['image']['service_user']` - User name used by glance when interacting with keystone - used in the API and registry paste.ini files +* `openstack['image']['service_role']` - User role used by glance when interacting with keystone - used in the API and registry paste.ini files +* `openstack['image']['api']['auth']['cache_dir']` - Defaults to `/var/cache/glance/api`. Directory where `auth_token` middleware writes certificates for glance-api +* `openstack['image']['registry']['auth']['cache_dir']` - Defaults to `/var/cache/glance/registry`. Directory where `auth_token` middleware writes certificates for glance-registry +* `openstack['image']['image_upload']` - Toggles whether to automatically upload images in the `openstack['image']['upload_images']` array +* `openstack['image']['upload_images']` - Default list of images to upload to the glance repository as part of the install +* `openstack['image']['upload_image']['']` - URL location of the `` image. There can be multiple instances of this line to define multiple imagess (eg natty, maverick, fedora17 etc) +--- example `openstack['image']['upload_image']['natty']` - "http://c250663.r63.cf1.rackcdn.com/ubuntu-11.04-server-uec-amd64-multinic.tar.gz" +* `openstack['image']['api']['default_store']` - Toggles the backend storage type. Currently supported is "file" and "swift" +* `openstack['image']['api']['swift']['store_container']` - Set the container used by glance to store images and snapshots. Defaults to "glance" +* `openstack['image']['api']['swift']['store_large_object_size']` - Set the size at which glance starts to chunnk files. Defaults to "200" MB +* `openstack['image']['api']['swift']['store_large_object_chunk_size']` - Set the chunk size for glance. Defaults to "200" MB +* `openstack['image']['api']['rbd']['rbd_store_ceph_conf']` - Default location of ceph.conf +* `openstack['image']['api']['rbd']['rbd_store_user']` - User for connecting to ceph store +* `openstack['image']['api']['rbd']['rbd_store_pool']` - RADOS pool for images +* `openstack['image']['api']['rbd']['rbd_store_chunk_size']` - Size in MB of chunks for RADOS Store, should be a power of 2 + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +Author:: Justin Shepherd () +Author:: Jason Cannavale () +Author:: Ron Pedde () +Author:: Joseph Breu () +Author:: William Kelly () +Author:: Darren Birkett () +Author:: Evan Callicoat () +Author:: Matt Ray () +Author:: Jay Pipes () +Author:: John Dewey () +Author:: Craig Tracey () +Author:: Sean Gallagher () + +Copyright 2012, Rackspace US, Inc. +Copyright 2012-2013, Opscode, Inc. +Copyright 2012-2013, AT&T Services, Inc. +Copyright 2013, Craig Tracey + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/attributes/default.rb new file mode 100644 index 000000000..691cf950f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/attributes/default.rb @@ -0,0 +1,160 @@ +# +# Cookbook Name:: openstack-image +# Attributes:: default +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Craig Tracey +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["image"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +default["openstack"]["image"]["verbose"] = "False" +default["openstack"]["image"]["debug"] = "False" +# This is the name of the Chef role that will install the Keystone Service API +default["openstack"]["image"]["identity_service_chef_role"] = "os-identity" + +# Gets set in the Image Endpoint when registering with Keystone +default["openstack"]["image"]["region"] = "RegionOne" + +# The name of the Chef role that knows about the message queue server +# that Glance uses +default["openstack"]["image"]["rabbit_server_chef_role"] = "os-ops-messaging" + +default["openstack"]["image"]["db"]["username"] = "glance" +# Execute database migrations. There are cases where migrations should not be +# executed. For example when upgrading a zone, and the image database is +# replicated across many zones. +default["openstack"]["image"]["db"]["migrate"] = true + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["image"]["rabbit"]["username"] = "guest" +default["openstack"]["image"]["rabbit"]["vhost"] = "/" +default["openstack"]["image"]["rabbit"]["port"] = 5672 +default["openstack"]["image"]["rabbit"]["host"] = "127.0.0.1" + +default["openstack"]["image"]["service_tenant_name"] = "service" +default["openstack"]["image"]["service_user"] = "glance" +default["openstack"]["image"]["service_role"] = "admin" + +# Setting this to v2.0. See discussion on +# https://bugs.launchpad.net/openstack-chef/+bug/1207504 +default["openstack"]["image"]["api"]["auth"]["version"] = "v2.0" + +# Keystone PKI signing directories +# XXX keystoneclient wants these dirs to exist even if it doesn't use them +default["openstack"]["image"]["api"]["auth"]["cache_dir"] = "/var/cache/glance/api" +default["openstack"]["image"]["registry"]["auth"]["cache_dir"] = "/var/cache/glance/registry" + +# Whether to use any of the default caching pipelines from the paste configuration file +default["openstack"]["image"]["api"]["caching"] = false +default["openstack"]["image"]["api"]["cache_management"] = false + +default["openstack"]["image"]["api"]["default_store"] = "file" + +default["openstack"]["image"]["filesystem_store_datadir"] = "/var/lib/glance/images" + +# If set, glance API service will bind to the address on this interface, +# otherwise it will bind to the API endpoint's host. +default["openstack"]["image"]["api"]["bind_interface"] = nil +default["openstack"]["image"]["api"]["swift"]["container"] = "glance" +default["openstack"]["image"]["api"]["swift"]["large_object_size"] = "200" +default["openstack"]["image"]["api"]["swift"]["large_object_chunk_size"] = "200" +default["openstack"]["image"]["api"]["cache"]["image_cache_max_size"] = "10737418240" + +# Directory for the Image Cache +default["openstack"]["image"]["cache"]["dir"] = "/var/lib/glance/image-cache/" +# Number of seconds until an incomplete image is considered stalled an +# eligible for reaping +default["openstack"]["image"]["cache"]["stall_time"] = 86400 +# Number of seconds to leave invalid images around before they are eligible to be reaped +default["openstack"]["image"]["cache"]["grace_period"] = 3600 + +# Ceph Options +default["openstack"]["image"]["api"]["rbd"]["rbd_store_ceph_conf"] = "/etc/ceph/ceph.conf" +default["openstack"]["image"]["api"]["rbd"]["rbd_store_user"] = "glance" +default["openstack"]["image"]["api"]["rbd"]["rbd_store_pool"] = "images" +default["openstack"]["image"]["api"]["rbd"]["rbd_store_chunk_size"] = "8" + +# If set, glance registry service will bind to the address on this interface, +# otherwise it will bind to the API endpoint's host. +default["openstack"]["image"]["registry"]["bind_interface"] = nil + +# API to use for accessing data. Default value points to sqlalchemy +# package. +default["openstack"]["image"]["data_api"] = "glance.db.sqlalchemy.api" + +# Default Image Locations +default["openstack"]["image"]["image_upload"] = false +default["openstack"]["image"]["upload_images"] = [ "cirros" ] +default["openstack"]["image"]["upload_image"]["precise"] = "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img" +default["openstack"]["image"]["upload_image"]["oneiric"] = "http://cloud-images.ubuntu.com/oneiric/current/oneiric-server-cloudimg-amd64-disk1.img" +default["openstack"]["image"]["upload_image"]["natty"] = "http://cloud-images.ubuntu.com/natty/current/natty-server-cloudimg-amd64-disk1.img" +default["openstack"]["image"]["upload_image"]["cirros"] = "https://launchpadlibrarian.net/83305348/cirros-0.3.0-x86_64-disk.img" +# more images available at https://github.com/rackerjoe/oz-image-build +default["openstack"]["image"]["upload_image"]["centos"] = "http://c250663.r63.cf1.rackcdn.com/centos60_x86_64.qcow2" + +# logging attribute +default["openstack"]["image"]["syslog"]["use"] = false +default["openstack"]["image"]["syslog"]["facility"] = "LOG_LOCAL2" +default["openstack"]["image"]["syslog"]["config_facility"] = "local2" + +# platform-specific settings +case platform +when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["image"]["user"] = "glance" + default["openstack"]["image"]["group"] = "glance" + default["openstack"]["image"]["platform"] = { + "postgresql_python_packages" => [ "python-psycopg2" ], + "mysql_python_packages" => [ "MySQL-python" ], + "image_packages" => [ "openstack-glance", "openstack-swift", "cronie" ], + "image_api_service" => "openstack-glance-api", + "image_registry_service" => "openstack-glance-registry", + "image_api_process_name" => "glance-api", + "package_overrides" => "" + } +when "suse" + default["openstack"]["image"]["user"] = "openstack-glance" + default["openstack"]["image"]["group"] = "openstack-glance" + default["openstack"]["image"]["platform"] = { + "postgresql_python_packages" => [ "python-psycopg2" ], + "mysql_python_packages" => [ "python-mysql" ], + "image_packages" => [ "openstack-glance", "openstack-swift", "python-glanceclient" ], + "image_api_service" => "openstack-glance-api", + "image_registry_service" => "openstack-glance-registry", + "image_api_process_name" => "glance-api", + "package_overrides" => "" + } +when "ubuntu" + default["openstack"]["image"]["user"] = "glance" + default["openstack"]["image"]["group"] = "glance" + default["openstack"]["image"]["platform"] = { + "postgresql_python_packages" => [ "python-psycopg2" ], + "mysql_python_packages" => [ "python-mysqldb" ], + "image_packages" => [ "glance", "python-swift" ], + "image_api_service" => "glance-api", + "image_registry_service" => "glance-registry", + "image_registry_process_name" => "glance-registry", + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/files/default/glance_plugin.py b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/files/default/glance_plugin.py new file mode 100644 index 000000000..214dc88a4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/files/default/glance_plugin.py @@ -0,0 +1,117 @@ +from glance.client import V1Client +from glance.common import exception + +import collectd + +global NAME, OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL, OS_AUTH_STRATEGY, VERBOSE_LOGGING + +NAME = "glance_plugin" +OS_USERNAME = "username" +OS_PASSWORD = "password" +OS_TENANT_NAME = "tenantname" +OS_AUTH_URL = "http://localhost:5000/v2.0" +OS_AUTH_STRATEGY = "keystone" +VERBOSE_LOGGING = False + +def get_stats(user, passwd, tenant, url, host=None): + creds = {"username": user, "password": passwd, "tenant": tenant,"auth_url": url, "strategy": OS_AUTH_STRATEGY} + client = V1Client(host,creds=creds) + try: + image_list = client.get_images_detailed() + except exception.NotAuthenticated: + msg = "Client credentials appear to be invalid" + raise exception.ClientConnectionError(msg) + else: + # TODO(shep): this needs to be rewritten more inline with the keystone|nova plugins + data = dict() + data["count"] = int(len(image_list)) + data["bytes"] = 0 + data["snapshot.count"] = 0 + data["snapshot.bytes"] = 0 + data["tenant"] = dict() + for image in image_list: + data["bytes"] += int(image["size"]) + if "image_type" in image["properties"] and image["properties"]["image_type"] == "snapshot": + data["snapshot.count"] += 1 + data["snapshot.bytes"] += int(image["size"]) + uuid = str(image["owner"]) + if uuid in data["tenant"]: + data["tenant"][uuid]["count"] += 1 + data["tenant"][uuid]["bytes"] += int(image["size"]) + if "image_type" in image["properties"] and image["properties"]["image_type"] == "snapshot": + data["tenant"][uuid]["snapshot.count"] += 1 + data["tenant"][uuid]["snapshot.bytes"] += int(image["size"]) + else: + data["tenant"][uuid] = dict() + data["tenant"][uuid]["count"] = 1 + data["tenant"][uuid]["bytes"] = int(image["size"]) + data["tenant"][uuid]["snapshot.count"] = 0 + data["tenant"][uuid]["snapshot.bytes"] = 0 + if "image_type" in image["properties"] and image["properties"]["image_type"] == "snapshot": + data["tenant"][uuid]["snapshot.count"] += 1 + data["tenant"][uuid]["snapshot.bytes"] += int(image["size"]) + # debug + #for key in data.keys(): + # if key == "tenant": + # for uuid in data[key].keys(): + # for field in data[key][uuid]: + # print "glance.images.tenant.%s.%s : %i" % (uuid, field, data[key][uuid][field]) + # else: + # print "glance.images.%s : %i" % (key, data[key]) + ########## + return data + +def configure_callback(conf): + """Received configuration information""" + global OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL + for node in conf.children: + if node.key == "Username": + OS_USERNAME = node.values[0] + elif node.key == "Password": + OS_PASSWORD = node.values[0] + elif node.key == "TenantName": + OS_TENANT_NAME = node.values[0] + elif node.key == "AuthURL": + OS_AUTH_URL = node.values[0] + elif node.key == "Verbose": + VERBOSE_LOGGING = node.values[0] + else: + logger("warn", "Unknown config key: %s" % node.key) + +def read_callback(): + logger("verb", "read_callback") + info = get_stats(OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL) + + if not info: + logger("err", "No information received") + return + + for key in info.keys(): + if key == "tenant": + for uuid in info[key].keys(): + for field in info[key][uuid]: + logger('verb', 'Dispatching glance.images.tenant.%s.%s : %i' % (uuid, field, int(info[key][uuid][field]))) + path = 'glance.images.%s.%s' % (uuid, field) + val = collectd.Values(plugin=path) + val.type = 'gauge' + val.values = [int(info[key][uuid][field])] + val.dispatch() + else: + logger('verb', 'Dispatching %s : %i' % (key, int(info[key]))) + path = 'glance.images.%s' % (key) + val = collectd.Values(plugin=path) + val.type = 'gauge' + val.values = [int(info[key])] + val.dispatch() + +def logger(t, msg): + if t == 'err': + collectd.error('%s: %s' % (NAME, msg)) + if t == 'warn': + collectd.warning('%s: %s' % (NAME, msg)) + elif t == 'verb' and VERBOSE_LOGGING == True: + collectd.info('%s: %s' % (NAME, msg)) + +collectd.register_config(configure_callback) +collectd.warning("Initializing glance plugin") +collectd.register_read(read_callback) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/metadata.rb new file mode 100644 index 000000000..c8f841b5c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/metadata.rb @@ -0,0 +1,16 @@ +name "openstack-image" +maintainer "Opscode, Inc." +license "Apache 2.0" +description "Installs and configures the Glance Image Registry and Delivery Service" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.0" +recipe "openstack-image::api", "Installs packages required for a glance api server" +recipe "openstack-image::registry", "Installs packages required for a glance registry server" +recipe "openstack-image::identity_registration", "Registers Glance endpoints and service with Keystone" + +%w{ ubuntu fedora redhat centos suse }.each do |os| + supports os +end + +depends "openstack-common", "~> 0.4.0" +depends "openstack-identity", "~> 7.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/providers/image.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/providers/image.rb new file mode 100644 index 000000000..cecf9f750 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/providers/image.rb @@ -0,0 +1,108 @@ +# +# Cookbook Name:: openstack-image +# Provider:: image +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :upload do + @user = new_resource.identity_user + @pass = new_resource.identity_pass + @tenant = new_resource.identity_tenant + @ks_uri = new_resource.identity_uri + + name = new_resource.image_name + url = new_resource.image_url + type = new_resource.image_type + if type == "unknown" + type = _determine_type(url) + end + _upload_image(type, name, url) + new_resource.updated_by_last_action(true) +end + +private +def _determine_type(url) + # Lets do our best to determine the type from the file extension + case ::File.extname(url) + when ".gz", ".tgz" + return "ami" + when ".qcow2", ".img" + return "qcow" + end +end + +private +def _upload_image(type, name, url) + case type + when 'ami' + _upload_ami(name, url) + when 'qcow' + _upload_qcow(name, url) + end +end + +private +def _upload_qcow(name, url) + glance_cmd = "glance --insecure -I #{@user} -K #{@pass} -T #{@tenant} -N #{@ks_uri}" + c_fmt = "--container-format bare" + d_fmt = "--disk-format qcow2" + + execute "Uploading QCOW2 image #{name}" do + cwd "/tmp" + command "#{glance_cmd} image-create --name #{name} --is-public true #{c_fmt} #{d_fmt} --location #{url}" + not_if "#{glance_cmd} image-list | grep #{name.to_s}" + end +end + +private +def _upload_ami(name, url) + glance_cmd = "glance --insecure -I #{@user} -K #{@pass} -T #{@tenant} -N #{@ks_uri}" + aki_fmt = "--container-format aki --disk-format aki" + ari_fmt = "--container-format ari --disk-format ari" + ami_fmt = "--container-format ami --disk-format ami" + + bash "Uploading AMI image #{name}" do + cwd "/tmp" + user "root" + code <<-EOH + set -x + mkdir -p images/#{name} + cd images/#{name} + + curl -L #{url} | tar -zx + image_name=$(basename #{url} .tar.gz) + + image_name=${image_name%-multinic} + + kernel_file=$(ls *vmlinuz-virtual | head -n1) + if [ ${#kernel_file} -eq 0 ]; then + kernel_file=$(ls *vmlinuz | head -n1) + fi + + ramdisk=$(ls *-initrd | head -n1) + if [ ${#ramdisk} -eq 0 ]; then + ramdisk=$(ls *-loader | head -n1) + fi + + kernel=$(ls *.img | head -n1) + + kid=$(#{glance_cmd} image-create --name "${image_name}-kernel" --is-public true #{aki_fmt} < ${kernel_file} | cut -d: -f2 | sed 's/ //') + rid=$(#{glance_cmd} image-create --name "${image_name}-initrd" --is-public true #{ari_fmt} < ${ramdisk} | cut -d: -f2 | sed 's/ //') + #{glance_cmd} image-create --name "#{name}" --is-public true #{ami_fmt} --property "kernel_id=$kid" --property "ramdisk_id=$rid" < ${kernel} + EOH + not_if "#{glance_cmd} image-list | grep #{name.to_s}" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/api.rb new file mode 100644 index 000000000..e70d3a221 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/api.rb @@ -0,0 +1,244 @@ +# +# Cookbook Name:: openstack-image +# Recipe:: api +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012-2013, Opscode, Inc. +# Copyright 2012-2013, AT&T Services, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +if node["openstack"]["image"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform_options = node["openstack"]["image"]["platform"] + +package "python-keystone" do + action :install +end + +package "curl" do + action :install +end + +platform_options["image_packages"].each do |pkg| + package pkg do + action :upgrade + end +end + +service "image-api" do + service_name platform_options["image_api_service"] + supports :status => true, :restart => true + + action :enable +end + +directory "/etc/glance" do + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00700 +end + +directory ::File.dirname node["openstack"]["image"]["api"]["auth"]["cache_dir"] do + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00700 +end + +template "/etc/glance/policy.json" do + source "policy.json.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 + + notifies :restart, "service[image-api]", :immediately +end + +glance = node["openstack"]["image"] + +identity_endpoint = endpoint "identity-api" +identity_admin_endpoint = endpoint "identity-admin" +service_pass = service_password "openstack-image" + +#TODO(jaypipes): Move this logic and stuff into the openstack-common +# library cookbook. +auth_uri = identity_endpoint.to_s +if node["openstack"]["image"]["api"]["auth"]["version"] != "v2.0" + # The auth_uri should contain /v2.0 in most cases, but if the + # auth_version is v3.0, we leave it off. This is only necessary + # for environments that need to support V3 non-default-domain + # tokens, which is really the only reason to set version to + # something other than v2.0 (the default) + auth_uri = auth_uri.gsub('/v2.0', '') +end + +db_user = node["openstack"]["image"]["db"]["username"] +db_pass = db_password "glance" +sql_connection = db_uri("image", db_user, db_pass) + +registry_endpoint = endpoint "image-registry" +api_endpoint = endpoint "image-api" +service_pass = service_password "openstack-image" +service_tenant_name = node["openstack"]["image"]["service_tenant_name"] +service_user = node["openstack"]["image"]["service_user"] + +# Possible combinations of options here +# - default_store=file +# * no other options required +# - default_store=swift +# * if swift_store_auth_address is not defined +# - default to local swift +# * else if swift_store_auth_address is defined +# - get swift_store_auth_address, swift_store_user, swift_store_key, and +# swift_store_auth_version from the node attributes and use them to connect +# to the swift compatible API service running elsewhere - possibly +# Rackspace Cloud Files. +if glance["api"]["swift_store_auth_address"].nil? + swift_store_auth_address = auth_uri + swift_store_user="#{service_tenant_name}:#{service_user}" + swift_user_tenant = nil + swift_store_key = service_pass + swift_store_auth_version=2 +else + swift_store_auth_address=glance["api"]["swift_store_auth_address"] + swift_user_tenant = glance["api"]["swift_user_tenant"] + swift_store_user=glance["api"]["swift_store_user"] + swift_store_key = service_password swift_store_user + swift_store_auth_version=glance["api"]["swift_store_auth_version"] +end + +glance_flavor = "keystone" +if glance["api"]["cache_management"] + glance_flavor += "+cachemanagement" +elsif glance["api"]["caching"] + glance_flavor += "+caching" +end + +if node["openstack"]["image"]["api"]["bind_interface"].nil? + bind_address = api_endpoint.host +else + bind_address = address_for node["openstack"]["image"]["api"]["bind_interface"] +end + +template "/etc/glance/glance-api.conf" do + source "glance-api.conf.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 + variables( + :api_bind_address => bind_address, + :api_bind_port => api_endpoint.port, + :registry_ip_address => registry_endpoint.host, + :registry_port => registry_endpoint.port, + :sql_connection => sql_connection, + :glance_flavor => glance_flavor, + :auth_uri => auth_uri, + :identity_admin_endpoint => identity_admin_endpoint, + :service_pass => service_pass, + :swift_store_key => swift_store_key, + :swift_user_tenant => swift_user_tenant, + :swift_store_user => swift_store_user, + :swift_store_auth_address => swift_store_auth_address, + :swift_store_auth_version => swift_store_auth_version + ) + + notifies :restart, "service[image-api]", :immediately +end + +template "/etc/glance/glance-api-paste.ini" do + source "glance-api-paste.ini.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 + + notifies :restart, "service[image-api]", :immediately +end + +template "/etc/glance/glance-cache.conf" do + source "glance-cache.conf.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 + variables( + :registry_ip_address => registry_endpoint.host, + :registry_port => registry_endpoint.port + ) + + notifies :restart, "service[image-api]" +end + +#TODO(jaypipes) I don't think this even exists or at least isn't +# used, since the Glance cache middleware goes in the api-paste.ini... +template "/etc/glance/glance-cache-paste.ini" do + source "glance-cache-paste.ini.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 + + notifies :restart, "service[image-api]" +end + +template "/etc/glance/glance-scrubber.conf" do + source "glance-scrubber.conf.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 + variables( + :registry_ip_address => registry_endpoint.host, + :registry_port => registry_endpoint.port + ) +end + +# Configure glance-cache-pruner to run every 30 minutes +cron "glance-cache-pruner" do + minute "*/30" + command "/usr/bin/glance-cache-pruner > /dev/null 2>&1" +end + +# Configure glance-cache-cleaner to run at 00:01 everyday +cron "glance-cache-cleaner" do + minute "01" + hour "00" + command "/usr/bin/glance-cache-cleaner > /dev/null 2>&1" +end + +template "/etc/glance/glance-scrubber-paste.ini" do + source "glance-scrubber-paste.ini.erb" + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00644 +end + +if node["openstack"]["image"]["image_upload"] + node["openstack"]["image"]["upload_images"].each do |img| + openstack_image_image "Image setup for #{img.to_s}" do + image_url node["openstack"]["image"]["upload_image"][img.to_sym] + image_name img + identity_user service_user + identity_pass service_pass + identity_tenant service_tenant_name + identity_uri auth_uri + action :upload + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/identity_registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/identity_registration.rb new file mode 100644 index 000000000..27ab5a75f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/identity_registration.rb @@ -0,0 +1,99 @@ +# +# Cookbook Name:: openstack-image +# Recipe:: identity_registration +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, Craig Tracey +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +identity_admin_endpoint = endpoint "identity-admin" + +token = secret "secrets", "openstack_identity_bootstrap_token" +auth_url = ::URI.decode identity_admin_endpoint.to_s + +registry_endpoint = endpoint "image-registry" +api_endpoint = endpoint "image-api" + +service_pass = service_password "openstack-image" +service_tenant_name = node["openstack"]["image"]["service_tenant_name"] +service_user = node["openstack"]["image"]["service_user"] +service_role = node["openstack"]["image"]["service_role"] +region = node["openstack"]["image"]["region"] + +# Register Image Service +openstack_identity_register "Register Image Service" do + auth_uri auth_url + bootstrap_token token + service_name "glance" + service_type "image" + service_description "Glance Image Service" + + action :create_service +end + +# Register Image Endpoint +openstack_identity_register "Register Image Endpoint" do + auth_uri auth_url + bootstrap_token token + service_type "image" + endpoint_region region + endpoint_adminurl api_endpoint.to_s + endpoint_internalurl api_endpoint.to_s + endpoint_publicurl api_endpoint.to_s + + action :create_endpoint +end + +# Register Service Tenant +openstack_identity_register "Register Service Tenant" do + auth_uri auth_url + bootstrap_token token + tenant_name service_tenant_name + tenant_description "Service Tenant" + tenant_enabled true # Not required as this is the default + + action :create_tenant +end + +# Register Service User +openstack_identity_register "Register #{service_user} User" do + auth_uri auth_url + bootstrap_token token + tenant_name service_tenant_name + user_name service_user + user_pass service_pass + # String until https://review.openstack.org/#/c/29498/ merged + user_enabled true + + action :create_user +end + +## Grant Admin role to Service User for Service Tenant ## +openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do + auth_uri auth_url + bootstrap_token token + tenant_name service_tenant_name + user_name service_user + role_name service_role + + action :grant_role +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/registry.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/registry.rb new file mode 100644 index 000000000..4f5c267eb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/recipes/registry.rb @@ -0,0 +1,123 @@ +# +# Cookbook Name:: openstack-image +# Recipe:: registry +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +if node["openstack"]["image"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform_options = node["openstack"]["image"]["platform"] + +package "python-keystone" do + action :install +end + +db_user = node["openstack"]["image"]["db"]["username"] +db_pass = db_password "glance" +sql_connection = db_uri("image", db_user, db_pass) + +identity_endpoint = endpoint "identity-admin" +registry_endpoint = endpoint "image-registry" +service_pass = service_password "openstack-image" + +package "curl" do + action :install +end + +db_type = node['openstack']['db']['identity']['db_type'] +platform_options["#{db_type}_python_packages"].each do |pkg| + package pkg do + action :install + end +end + +platform_options["image_packages"].each do |pkg| + package pkg do + action :upgrade + end +end + +directory ::File.dirname(node["openstack"]["image"]["registry"]["auth"]["cache_dir"]) do + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00700 +end + +service "image-registry" do + service_name platform_options["image_registry_service"] + supports :status => true, :restart => true + + action :enable +end + +# Having to manually version the database because of Ubuntu bug +# https://bugs.launchpad.net/ubuntu/+source/glance/+bug/981111 +execute "glance-manage version_control 0" do + not_if "glance-manage db_version" + only_if { platform?(%w{ubuntu debian}) } +end + +file "/var/lib/glance/glance.sqlite" do + action :delete +end + +directory "/etc/glance" do + owner node["openstack"]["image"]["user"] + group node["openstack"]["image"]["group"] + mode 00700 +end + +if node["openstack"]["image"]["registry"]["bind_interface"].nil? + bind_address = registry_endpoint.host +else + bind_address = address_for node["openstack"]["image"]["registry"]["bind_interface"] +end + +template "/etc/glance/glance-registry.conf" do + source "glance-registry.conf.erb" + owner "root" + group "root" + mode 00644 + variables( + :registry_bind_address => bind_address, + :registry_port => registry_endpoint.port, + :sql_connection => sql_connection, + "identity_endpoint" => identity_endpoint, + "service_pass" => service_pass + ) + + notifies :restart, "service[image-registry]", :immediately +end + +execute "glance-manage db_sync" do + only_if { node["openstack"]["image"]["db"]["migrate"] } +end + +template "/etc/glance/glance-registry-paste.ini" do + source "glance-registry-paste.ini.erb" + owner "root" + group "root" + mode 00644 + + notifies :restart, "service[image-registry]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/resources/image.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/resources/image.rb new file mode 100644 index 000000000..774d431c2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/resources/image.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: openstack-image +# Resource:: image +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :upload + +# In earlier versions of Chef the LWRP DSL doesn't support specifying +# a default action, so you need to drop into Ruby. +def initialize(*args) + super + @action = :upload +end + +attribute :image_url, :kind_of => String +attribute :image_type, :kind_of => String, :default => "unknown", :equal_to => ["unknown", "ami", "qcow"] +attribute :image_name, :kind_of => String, :default => "default" +attribute :identity_user, :kind_of => String +attribute :identity_pass, :kind_of => String +attribute :identity_tenant, :kind_of => String +attribute :identity_uri, :kind_of => String diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api-redhat_spec.rb new file mode 100644 index 000000000..8656aaacb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api-redhat_spec.rb @@ -0,0 +1,15 @@ +require_relative "spec_helper" + +describe "openstack-image::api" do + before { image_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-image::api" + end + + it "starts glance api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-glance-api" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api_spec.rb new file mode 100644 index 000000000..9d74e86c6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/api_spec.rb @@ -0,0 +1,340 @@ +require_relative "spec_helper" + +describe "openstack-image::api" do + before { image_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["syslog"]["use"] = true + n.set["cpu"] = { 'total' => '1' } + end + @chef_run.converge "openstack-image::api" + end + + expect_runs_openstack_common_logging_recipe + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-image::api" + + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + expect_installs_python_keystone + + expect_installs_curl + + expect_installs_ubuntu_glance_packages + + it "starts glance api on boot" do + expect(@chef_run).to set_service_to_start_on_boot "glance-api" + end + + expect_creates_glance_dir + + expect_creates_cache_dir + + describe "policy.json" do + before do + @file = @chef_run.template "/etc/glance/policy.json" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "notifies image-api restart" do + expect(@file).to notify "service[image-api]", :restart + end + end + + describe "glance-api.conf" do + before do + @file = @chef_run.template "/etc/glance/glance-api.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has bind host when bind_interface not specified" do + expect(@chef_run).to create_file_with_content @file.name, + "bind_host = 127.0.0.1" + end + + it "has bind host when bind_interface specified" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["api"]["bind_interface"] = "lo" + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + "bind_host = 127.0.1.1" + end + + it "has default filesystem_store_datadir setting" do + + expect(@chef_run).to create_file_with_content @file.name, + "filesystem_store_datadir = /var/lib/glance/images" + end + + it "has configurable filesystem_store_datadir setting" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["filesystem_store_datadir"] = "foo" + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^filesystem_store_datadir = foo$/ + end + + it "notifies image-api restart" do + expect(@file).to notify "service[image-api]", :restart + end + + it "does not have caching enabled by default" do + expect(@chef_run).to create_file_with_content @file.name, /^flavor = keystone$/ + end + + it "enables caching when attribute is set" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["api"]["caching"] = true + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^flavor = keystone\+caching$/ + end + + it "enables cache_management when attribute is set" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["api"]["cache_management"] = true + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^flavor = keystone\+cachemanagement$/ + end + + it "enables only cache_management when it and the caching attributes are set" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["api"]["cache_management"] = true + n.set["openstack"]["image"]["api"]["caching"] = true + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^flavor = keystone\+cachemanagement$/ + end + end + + describe "glance-api-paste.ini" do + before do + @file = @chef_run.template "/etc/glance/glance-api-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies image-api restart" do + expect(@file).to notify "service[image-api]", :restart + end + end + + describe "glance-cache.conf" do + before do + @file = @chef_run.template "/etc/glance/glance-cache.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies image-api restart" do + expect(@file).to notify "service[image-api]", :restart + end + + it "has the default image_cache_dir setting" do + expect(@chef_run).to create_file_with_content @file.name, + /^image_cache_dir = \/var\/lib\/glance\/image\-cache\/$/ + end + + it "has a configurable image_cache_dir setting" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["cache"]["dir"] = "foo" + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^image_cache_dir = foo$/ + end + + it "has the default cache stall_time setting" do + expect(@chef_run).to create_file_with_content @file.name, + /^image_cache_stall_time = 86400$/ + end + + it "has a configurable stall_time setting" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["cache"]["stall_time"] = "42" + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^image_cache_stall_time = 42$/ + end + + it "has the default grace_period setting" do + expect(@chef_run).to create_file_with_content @file.name, + /^image_cache_invalid_entry_grace_period = 3600$/ + end + + it "has a configurable grace_period setting" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["cache"]["grace_period"] = "42" + n.set["cpu"] = { 'total' => '1' } + end + chef_run.converge "openstack-image::api" + + expect(chef_run).to create_file_with_content @file.name, + /^image_cache_invalid_entry_grace_period = 42$/ + end + end + + describe "glance-cache-paste.ini" do + before do + @file = @chef_run.template "/etc/glance/glance-cache-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies image-api restart" do + expect(@file).to notify "service[image-api]", :restart + end + end + + describe "glance-scrubber.conf" do + before do + @file = @chef_run.template "/etc/glance/glance-scrubber.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + it "has glance-cache-pruner cronjob running every 30 minutes" do + cron = @chef_run.cron "glance-cache-pruner" + + expect(cron.command).to eq "/usr/bin/glance-cache-pruner > /dev/null 2>&1" + expect(cron.minute).to eq "*/30" + end + + it "has glance-cache-cleaner to run at 00:01 each day" do + cron = @chef_run.cron "glance-cache-cleaner" + + expect(cron.command).to eq "/usr/bin/glance-cache-cleaner > /dev/null 2>&1" + expect(cron.minute).to eq "01" + expect(cron.hour).to eq "00" + end + + describe "glance-scrubber-paste.ini" do + before do + @file = @chef_run.template "/etc/glance/glance-scrubber-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + end + + it "uploads qcow images" do + opts = { + :step_into => ["openstack-image_image"] + } + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS.merge(opts) do |n| + n.set["openstack"]["image"] = { + "image_upload" => true, + "upload_images" => [ + "image1" + ], + "upload_image" => { + "image1" => "http://example.com/image.qcow2" + } + } + end + chef_run.converge "openstack-image::api" + cmd = "glance --insecure " \ + "-I glance " \ + "-K glance-pass " \ + "-T service " \ + "-N http://127.0.0.1:5000/v2.0 " \ + "image-create " \ + "--name image1 " \ + "--is-public true " \ + "--container-format bare "\ + "--disk-format qcow2 " \ + "--location http://example.com/image.qcow2" + + expect(chef_run).to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/default_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/default_spec.rb new file mode 100644 index 000000000..d9376b5e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/default_spec.rb @@ -0,0 +1,4 @@ +require_relative "spec_helper" + +describe "openstack-dashboard::default" do +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/identity_registration_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/identity_registration_spec.rb new file mode 100644 index 000000000..5b957f86a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/identity_registration_spec.rb @@ -0,0 +1,91 @@ +require_relative "spec_helper" + +describe "openstack-image::identity_registration" do + before do + image_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-image::identity_registration" + end + + it "registers image service" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Image Service" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "image", + :service_description => "Glance Image Service", + :action => [:create_service] + ) + end + + it "registers image endpoint" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Image Endpoint" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "image", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "http://127.0.0.1:9292/v2", + :endpoint_internalurl => "http://127.0.0.1:9292/v2", + :endpoint_publicurl => "http://127.0.0.1:9292/v2", + :action => [:create_endpoint] + ) + end + + it "registers service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :tenant_description => "Service Tenant", + :tenant_enabled => true, + :action => [:create_tenant] + ) + end + + it "registers service user" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register glance User" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :user_name => "glance", + :user_pass => "glance-pass", + :user_enabled => true, + :action => [:create_user] + ) + end + + it "grants admin role to service user for service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Grant 'admin' Role to glance User for service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :role_name => "admin", + :user_name => "glance", + :action => [:grant_role] + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry-redhat_spec.rb new file mode 100644 index 000000000..e855fc919 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry-redhat_spec.rb @@ -0,0 +1,36 @@ +require_relative "spec_helper" + +describe "openstack-image::registry" do + before { image_stubs } + describe "redhat" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @chef_run.converge "openstack-image::registry" + end + + it "installs mysql python packages" do + expect(@chef_run).to install_package "MySQL-python" + end + + it "installs glance packages" do + expect(@chef_run).to upgrade_package "openstack-glance" + expect(@chef_run).to upgrade_package "openstack-swift" + expect(@chef_run).to upgrade_package "cronie" + end + + it "starts glance registry on boot" do + expected = "openstack-glance-registry" + expect(@chef_run).to set_service_to_start_on_boot expected + end + + it "doesn't version the database" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command("glance-manage db_version", false) + chef_run.converge "openstack-image::registry" + cmd = "glance-manage version_control 0" + + expect(chef_run).not_to execute_command cmd + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry_spec.rb new file mode 100644 index 000000000..7e9678c94 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/registry_spec.rb @@ -0,0 +1,144 @@ +require_relative "spec_helper" + +describe "openstack-image::registry" do + before { image_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-image::registry" + end + + expect_runs_openstack_common_logging_recipe + + it "doesn't run logging recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-image::registry" + + expect(chef_run).not_to include_recipe "openstack-common::logging" + end + + expect_installs_python_keystone + + expect_installs_curl + + it "installs mysql python packages" do + expect(@chef_run).to install_package "python-mysqldb" + end + + expect_installs_ubuntu_glance_packages + + expect_creates_cache_dir + + it "starts glance registry on boot" do + expect(@chef_run).to set_service_to_start_on_boot "glance-registry" + end + + describe "version_control" do + before { @cmd = "glance-manage version_control 0" } + + it "versions the database" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command("glance-manage db_version", false) + chef_run.converge "openstack-image::registry" + + expect(chef_run).to execute_command @cmd + end + + it "doesn't version when glance-manage db_version false" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.stub_command("glance-manage db_version", true) + chef_run.converge "openstack-image::registry" + + expect(chef_run).not_to execute_command @cmd + end + end + + it "deletes glance.sqlite" do + expect(@chef_run).to delete_file "/var/lib/glance/glance.sqlite" + end + + expect_creates_glance_dir + + describe "glance-registry.conf" do + before do + @file = @chef_run.template "/etc/glance/glance-registry.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has bind host when bind_interface not specified" do + expect(@chef_run).to create_file_with_content @file.name, + "bind_host = 127.0.0.1" + end + + it "has bind host when bind_interface specified" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["image"]["registry"]["bind_interface"] = "lo" + end + chef_run.converge "openstack-image::registry" + + expect(chef_run).to create_file_with_content @file.name, + "bind_host = 127.0.1.1" + end + + it "notifies image-registry restart" do + expect(@file).to notify "service[image-registry]", :restart + end + end + + describe "db_sync" do + before do + @cmd = "glance-manage db_sync" + end + + it "runs migrations" do + expect(@chef_run).to execute_command @cmd + end + + it "doesn't run migrations" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new(opts) do |n| + n.set["openstack"]["image"]["db"]["migrate"] = false + end + # Lame we must still stub this, since the recipe contains shell + # guards. Need to work on a way to resolve this. + chef_run.stub_command("glance-manage db_version", false) + chef_run.converge "openstack-image::registry" + + expect(chef_run).not_to execute_command @cmd + end + end + + describe "glance-registry-paste.ini" do + before do + @file = @chef_run.template "/etc/glance/glance-registry-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + it "notifies image-registry restart" do + expect(@file).to notify "service[image-registry]", :restart + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/spec_helper.rb new file mode 100644 index 000000000..2edf9c09c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/spec/spec_helper.rb @@ -0,0 +1,87 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def image_stubs + ::Chef::Recipe.any_instance.stub(:address_for). + with("lo"). + and_return "127.0.1.1" + ::Chef::Recipe.any_instance.stub(:config_by_role). + with("rabbitmq-server", "queue").and_return( + {'host' => 'rabbit-host', 'port' => 'rabbit-port'} + ) + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "openstack_identity_bootstrap_token"). + and_return "bootstrap-token" + ::Chef::Recipe.any_instance.stub(:db_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:service_password).with("openstack-image"). + and_return "glance-pass" +end + +def expect_runs_openstack_common_logging_recipe + it "runs logging recipe if node attributes say to" do + expect(@chef_run).to include_recipe "openstack-common::logging" + end +end + +def expect_creates_cache_dir + describe "/var/cache/glance" do + before do + @dir = @chef_run.directory "/var/cache/glance" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end +end + +def expect_installs_python_keystone + it "installs python-keystone package" do + expect(@chef_run).to install_package "python-keystone" + end +end + +def expect_installs_curl + it "installs curl package" do + expect(@chef_run).to install_package "curl" + end +end + +def expect_installs_ubuntu_glance_packages + it "installs glance packages" do + expect(@chef_run).to upgrade_package "glance" + expect(@chef_run).to upgrade_package "python-swift" + end +end + +def expect_creates_glance_dir + describe "/etc/glance" do + before do + @dir = @chef_run.directory "/etc/glance" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "glance", "glance" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api-paste.ini.erb new file mode 100644 index 000000000..1af607c10 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api-paste.ini.erb @@ -0,0 +1,59 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +# Use this pipeline for no auth or image caching - DEFAULT +[pipeline:glance-api] +pipeline = versionnegotiation unauthenticated-context rootapp + +# Use this pipeline for image caching and no auth +[pipeline:glance-api-caching] +pipeline = versionnegotiation unauthenticated-context cache rootapp + +# Use this pipeline for caching w/ management interface but no auth +[pipeline:glance-api-cachemanagement] +pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp + +# Use this pipeline for keystone auth +[pipeline:glance-api-keystone] +pipeline = versionnegotiation authtoken context rootapp + +# Use this pipeline for keystone auth with image caching +[pipeline:glance-api-keystone+caching] +pipeline = versionnegotiation authtoken context cache rootapp + +# Use this pipeline for keystone auth with caching and cache management +[pipeline:glance-api-keystone+cachemanagement] +pipeline = versionnegotiation authtoken context cache cachemanage rootapp + +[composite:rootapp] +paste.composite_factory = glance.api:root_app_factory +/: apiversions +/v1: apiv1app +/v2: apiv2app + +[app:apiversions] +paste.app_factory = glance.api.versions:create_resource + +[app:apiv1app] +paste.app_factory = glance.api.v1.router:API.factory + +[app:apiv2app] +paste.app_factory = glance.api.v2.router:API.factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory + +[filter:cache] +paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory + +[filter:cachemanage] +paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +delay_auth_decision = true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api.conf.erb new file mode 100644 index 000000000..f409d4f58 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-api.conf.erb @@ -0,0 +1,267 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = <%= node["openstack"]["image"]["verbose"] %> + +# Show debugging output in logs (sets DEBUG log level output) +debug = <%= node["openstack"]["image"]["debug"] %> + +# Which backend store should Glance use by default is not specified +# in a request to add a new image to Glance? Default: 'file' +# Available choices are 'file', 'swift', and 's3' +default_store = <%= node["openstack"]["image"]["api"]["default_store"] %> + +# Address to bind the API server +bind_host = <%= @api_bind_address %> + +# Port the bind the API server to +bind_port = <%= @api_bind_port %> + +# Backlog requests when creating socket +backlog = 4096 + +# Number of Glance API worker processes to start. +# On machines with more than one CPU increasing this value +# may improve performance (especially if using SSL with +# compression turned on). It is typically recommended to set +# this value to the number of CPUs present on your machine. +workers = <%= node["cpu"]["total"] %> + +# SQLAlchemy connection string for the reference implementation +# registry server. Any valid SQLAlchemy connection string is fine. +# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine +sql_connection = <%= @sql_connection %> + +# Role used to identify an authenticated user as administrator +#admin_role = admin + +# ================= Syslog Options ============================ + +<% if node["openstack"]["image"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% else %> +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /var/log/glance/api.log +<% end %> + + +# ================= SSL Options =============================== + +# Certificate file to use when starting API server securely +# cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# key_file = /path/to/keyfile + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +# metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# ============ Registry Options =============================== + +# Address to find the registry server +registry_host = <%= @registry_ip_address %> + +# Port the registry server is listening on +registry_port = <%= @registry_port %> + +# What protocol to use when connecting to the registry server? +# Set to https for secure HTTP communication +registry_client_protocol = http + +# The path to the key file to use in SSL connections to the +# registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file +# registry_client_key_file = /path/to/key/file + +# The path to the cert file to use in SSL connections to the +# registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file +# registry_client_cert_file = /path/to/cert/file + +# The path to the certifying authority cert file to use in SSL connections +# to the registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file +# registry_client_ca_file = /path/to/ca/file + +# ============ Notification System Options ===================== + +# Notifications can be sent when images are create, updated or deleted. +# There are three methods of sending notifications, logging (via the +# log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid +# message queue), or noop (no notifications sent, the default) +notifier_strategy = noop + +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 +rabbit_use_ssl = false +rabbit_userid = guest +rabbit_password = guest +rabbit_virtual_host = / +rabbit_notification_exchange = glance +rabbit_notification_topic = glance_notifications + +# Configuration options if sending notifications via Qpid (these are +# the defaults) +qpid_notification_exchange = glance +qpid_notification_topic = glance_notifications +qpid_host = localhost +qpid_port = 5672 +qpid_username = +qpid_password = +qpid_sasl_mechanisms = +qpid_reconnect_timeout = 0 +qpid_reconnect_limit = 0 +qpid_reconnect_interval_min = 0 +qpid_reconnect_interval_max = 0 +qpid_reconnect_interval = 0 +qpid_heartbeat = 5 +# Set to 'ssl' to enable SSL +qpid_protocol = tcp +qpid_tcp_nodelay = True + +# ============ Filesystem Store Options ======================== + +# Directory that the Filesystem backend store +# writes image data to +filesystem_store_datadir = <%= node["openstack"]["image"]["filesystem_store_datadir"] %> + +# ============ Swift Store Options ============================= + + +# Address where the Swift authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'https://' +swift_store_auth_address = <%= @swift_store_auth_address %> + +# Authentication version to use. Current Rackspace CloudFiles supports +# Version 1 while swift backed with keystone supports Version 2. +swift_store_auth_version = <%= @swift_store_auth_version %> + +# User to authenticate against the Swift authentication service +# If you use Swift authentication service, set it to 'account':'user' +# where 'account' is a Swift storage account and 'user' +# is a user in that account +swift_store_user = <%= @swift_user_tenant %>:<%= @swift_store_user %> + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = <%= @swift_store_key %> + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = <%= node["openstack"]["image"]["api"]["swift"]["container"] %> + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = True + +# What size, in MB, should Glance start chunking image files +# and do a large object manifest in Swift? By default, this is +# the maximum object size in Swift, which is 5GB +swift_store_large_object_size = <%= node["openstack"]["image"]["api"]["swift"]["large_object_size"] %> + +# When doing a large object manifest, what size, in MB, should +# Glance write chunks to Swift? This amount of data is written +# to a temporary disk buffer during the process of chunking +# the image file, and the default is 200MB +swift_store_large_object_chunk_size = <%= node["openstack"]["image"]["api"]["swift"]["large_object_chunk_size"] %> + +# Whether to use ServiceNET to communicate with the Swift storage servers. +# (If you aren't RACKSPACE, leave this False!) +# +# To use ServiceNET for authentication, prefix hostname of +# `swift_store_auth_address` with 'snet-'. +# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ +swift_enable_snet = False + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'http://' +s3_store_host = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the S3 authentication service +s3_store_access_key = <20-char AWS access key> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <40-char AWS secret key> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = glance + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = False + +# When sending images to S3, the data will first be written to a +# temporary buffer on disk. By default the platform's temporary directory +# will be used. If required, an alternative directory can be specified here. +# s3_store_object_buffer_dir = /path/to/dir + +# ============ RBD Store Options ============================= + +# Ceph configuration file path +# If using cephx authentication, this file should +# include a reference to the right keyring +# in a client. section +rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_ceph_conf"] %> + +# RADOS user to authenticate as (only applicable if using cephx) +rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_user"] %> + +# RADOS pool in which images are stored +rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_pool"] %> + +# Images will be chunked into objects of this size (in megabytes). +# For best performance, this should be a power of two +rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_chunk_size"] %> + +# ============ Delayed Delete Options ============================= + +# Turn on/off delayed delete +delayed_delete = False + +# Delayed delete time in seconds +scrub_time = 43200 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-scrubber.conf +scrubber_datadir = /var/lib/glance/scrubber + +# =============== Image Cache Options ============================= + +# Base directory that the Image Cache uses +image_cache_dir = /var/lib/glance/image-cache/ + +[keystone_authtoken] +auth_uri = <%= @auth_uri %> +auth_host = <%= @identity_admin_endpoint.host %> +auth_port = <%= @identity_admin_endpoint.port %> +auth_protocol = <%= @identity_admin_endpoint.scheme %> +<% if node["openstack"]["image"]["api"]["auth"]["version"] != "v2.0" %> +auth_version = <%= node["openstack"]["image"]["api"]["auth"]["version"] %> +<% end %> +admin_tenant_name = <%= node["openstack"]["image"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["image"]["service_user"] %> +admin_password = <%= @service_pass %> +signing_dir = <%= node["openstack"]["image"]["api"]["auth"]["cache_dir"] %> + +[paste_deploy] +# Partial name of a pipeline in your paste configuration file with the +# service name removed. For example, if your paste section name is +# [pipeline:glance-api-keystone], you would configure the flavor below +# as 'keystone'. +flavor = <%= @glance_flavor %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache-paste.ini.erb new file mode 100644 index 000000000..91740195d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache-paste.ini.erb @@ -0,0 +1,17 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +[app:glance-pruner] +paste.app_factory = glance.common.wsgi:app_factory +glance.app_factory = glance.image_cache.pruner:Pruner + +[app:glance-prefetcher] +paste.app_factory = glance.common.wsgi:app_factory +glance.app_factory = glance.image_cache.prefetcher:Prefetcher + +[app:glance-cleaner] +paste.app_factory = glance.common.wsgi:app_factory +glance.app_factory = glance.image_cache.cleaner:Cleaner + +[app:glance-queue-image] +paste.app_factory = glance.common.wsgi:app_factory +glance.app_factory = glance.image_cache.queue_image:Queuer diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache.conf.erb new file mode 100644 index 000000000..7c811b335 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-cache.conf.erb @@ -0,0 +1,59 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = <%= node["openstack"]["image"]["verbose"] %> + +# Show debugging output in logs (sets DEBUG log level output) +debug = <%= node["openstack"]["image"]["debug"] %> + +# =============== Image Cache Options ============================= + +# Directory that the Image Cache writes data to +image_cache_dir = <%= node["openstack"]["image"]["cache"]["dir"] %> + +# Number of seconds after which we should consider an incomplete image to be +# stalled and eligible for reaping +image_cache_stall_time = <%= node["openstack"]["image"]["cache"]["stall_time"] %> + +# image_cache_invalid_entry_grace_period - seconds +# +# If an exception is raised as we're writing to the cache, the cache-entry is +# deemed invalid and moved to /invalid so that it can be +# inspected for debugging purposes. +# +# This is number of seconds to leave these invalid images around before they +# are elibible to be reaped. +image_cache_invalid_entry_grace_period = <%= node["openstack"]["image"]["cache"]["grace_period"] %> + +# Max cache size in bytes +image_cache_max_size = <%= node["openstack"]["image"]["api"]["cache"]["image_cache_max_size"] %> + +# ================= Syslog Options ============================ + +<% if node["openstack"]["image"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% else %> +log_file = /var/log/glance/image-cache.log +<% end %> + +# ============ Registry Options =============================== + +# Address to find the registry server +registry_host = <%= @registry_ip_address %> + +# Port the registry server is listening on +registry_port = <%= @registry_port %> + +# Auth settings if using Keystone +# auth_url = http://127.0.0.1:5000/v2.0/ +# admin_tenant_name = %SERVICE_TENANT_NAME% +# admin_user = %SERVICE_USER% +# admin_password = %SERVICE_PASSWORD% + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry-paste.ini.erb new file mode 100644 index 000000000..3e8e75202 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry-paste.ini.erb @@ -0,0 +1,23 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +# Default minimal pipeline +# Use this pipeline for no auth - DEFAULT +[pipeline:glance-registry] +pipeline = unauthenticated-context registryapp + +# Use this pipeline for keystone auth +[pipeline:glance-registry-keystone] +pipeline = authtoken context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.api.v1:API.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +delay_auth_decision = true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry.conf.erb new file mode 100644 index 000000000..4a02e2fc4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-registry.conf.erb @@ -0,0 +1,74 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = <%= node["openstack"]["image"]["verbose"] %> + +# Show debugging output in logs (sets DEBUG log level output) +debug = <%= node["openstack"]["image"]["debug"] %> + +# Address to bind the registry server +bind_host = <%= @registry_bind_address %> + +# Port the bind the registry server to +bind_port = <%= @registry_port %> + +# Backlog requests when creating socket +backlog = 4096 + +# API to use for accessing data. Default value points to sqlalchemy +# package. +data_api = <%= node["openstack"]["image"]["data_api"] %> + +# SQLAlchemy connection string for the reference implementation +# registry server. Any valid SQLAlchemy connection string is fine. +# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine +sql_connection = <%= @sql_connection %> + +# Period in seconds after which SQLAlchemy should reestablish its connection +# to the database. +# +# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop +# idle connections. This can result in 'MySQL Gone Away' exceptions. If you +# notice this, you can lower this value to ensure that SQLAlchemy reconnects +# before MySQL can drop the connection. +sql_idle_timeout = 3600 + +# Limit the api to return `param_limit_max` items in a call to a container. If +# a larger `limit` query param is provided, it will be reduced to this value. +api_limit_max = 1000 + +# If a `limit` query param is not provided in an api request, it will +# default to `limit_param_default` +limit_param_default = 25 + +# ================= Syslog Options ============================ + +<% if node["openstack"]["image"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% else %> +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /var/log/glance/registry.log +<% end %> + +# ================= SSL Options =============================== + +# Certificate file to use when starting registry server securely +# cert_file = /path/to/certfile + +# Private key file to use when starting registry server securely +# key_file = /path/to/keyfile + +# ================= Keystone authtoken =============================== +[keystone_authtoken] +auth_host = <%= @identity_endpoint.host %> +auth_port = <%= @identity_endpoint.port %> +auth_protocol = <%= @identity_endpoint.scheme %> +admin_tenant_name = <%= node["openstack"]["image"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["image"]["service_user"] %> +admin_password = <%= @service_pass %> +signing_dir = <%= node["openstack"]["image"]["registry"]["auth"]["cache_dir"] %> + +[paste_deploy] +flavor = keystone diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber-paste.ini.erb new file mode 100644 index 000000000..d719b8f4b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber-paste.ini.erb @@ -0,0 +1,5 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +[app:glance-scrubber] +paste.app_factory = glance.common.wsgi:app_factory +glance.app_factory = glance.store.scrubber:Scrubber diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber.conf.erb new file mode 100644 index 000000000..15a13f548 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/glance-scrubber.conf.erb @@ -0,0 +1,38 @@ +<%= node["openstack"]["image"]["custom_template_banner"] %> + +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = <%= node["openstack"]["image"]["verbose"] %> + +# Show debugging output in logs (sets DEBUG log level output) +debug = <%= node["openstack"]["image"]["debug"] %> + +<% if node["openstack"]["image"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% else %> +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /var/log/glance/scrubber.log +<% end %> + +# Should we run our own loop or rely on cron/scheduler to run us +daemon = False + +# Loop time between checking the db for new items to schedule for delete +wakeup_time = 300 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-api.conf +scrubber_datadir = /var/lib/glance/scrubber + +# Only one server in your deployment should be designated the cleanup host +cleanup_scrubber = False + +# pending_delete items older than this time are candidates for cleanup +cleanup_scrubber_time = 86400 + +# Address to find the registry server for cleanups +registry_host = <%= @registry_ip_address %> + +# Port the registry server is listening on +registry_port = <%= @registry_port %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/policy.json.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/policy.json.erb new file mode 100644 index 000000000..9e373abc4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-image/templates/default/policy.json.erb @@ -0,0 +1,4 @@ +{ + "default": [], + "manage_image_cache": [["role:admin"]] +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile new file mode 100644 index 000000000..6ee299fa9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile @@ -0,0 +1,6 @@ +metadata + +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" +cookbook "openstack-identity", + git: "git://github.com/stackforge/cookbook-openstack-identity.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile.lock new file mode 100644 index 000000000..086f87c9f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Berksfile.lock @@ -0,0 +1,41 @@ +{ + "sources": { + "openstack-metering": { + "path": "." + }, + "openstack-common": { + "locked_version": "0.4.3", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "eb5eed7126b6a6efbaf803e8a594d610cf661e97" + }, + "openstack-identity": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-identity.git", + "ref": "b881af26095cfa869a6970067c49597a0ee63586" + }, + "apt": { + "locked_version": "2.0.0" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "postgresql": { + "locked_version": "3.0.2" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/CHANGELOG.md new file mode 100644 index 000000000..de64e383f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/CHANGELOG.md @@ -0,0 +1,23 @@ +openstack-metering Cookbook CHANGELOG +============================== +This file is used to list changes made in each version of the openstack-metering cookbook. + +v7.0.4 +------ +### Bug +- Ubuntu package dependency for python-mysqldb missing for ceilometer-collector + +v7.0.3 +------ +### Bug +- Ubuntu cloud archive dpkg failing to install init script properly for agent-compute + +v7.0.2 +------ +### Improvement +- Add optional host to the ceilometer.conf + +v7.0.1 +------ +### Bug +- Fix naming inconsistency for db password databag. This makes the metering cookbook consistent with all the others. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile new file mode 100644 index 000000000..04ef97e41 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile.lock new file mode 100644 index 000000000..314252302 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Gemfile.lock @@ -0,0 +1,214 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.14) + i18n (~> 0.6, >= 0.6.4) + multi_json (~> 1.0) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (2.0.7) + activesupport (~> 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.9.0) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.2.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.4) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.2.0) + multi_json (1.7.7) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.9) + net-ssh (2.6.8) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.18.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.4) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.4) + rspec-expectations (2.14.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.14.1) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.6.1) + strainer (3.0.5) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.3) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + varia_model (0.1.1) + buff-extensions (~> 0.2) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/README.md new file mode 100644 index 000000000..455e47a57 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/README.md @@ -0,0 +1,81 @@ +Description +=========== + +Installs the OpenStack Metering service **Ceilometer** as part of the OpenStack +reference deployment Chef for OpenStack. Ceilometer is currently installed +from packages. + +https://wiki.openstack.org/wiki/Ceilometer + +Requirements +============ + +Cookbooks +--------- + +Usage +===== + +agent-central +---- +- Installs agent central service. + +agent-compute +---- +- Installs agent compute service. + +api +---- +- Installs API service. + +collector +---- +- Installs nova network service. + +common +---- +- Common metering configuration. + +identity_registration +---- +- Registers the endpoints with Keystone. + +Attributes +========== + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Matt Ray () | +| **Author** | John Dewey () | +| | | +| **Copyright** | Copyright (c) 2013, Opscode, Inc. | +| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. | + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/attributes/default.rb new file mode 100644 index 000000000..6987b52e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/attributes/default.rb @@ -0,0 +1,73 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: default +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# The name of the Chef role that knows about the message queue server +# that Nova uses +default["openstack"]["metering"]["rabbit_server_chef_role"] = "os-ops-messaging" + +# This user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["metering"]["rabbit"]["username"] = "guest" +default["openstack"]["metering"]["rabbit"]["vhost"] = "/" +default["openstack"]["metering"]["rabbit"]["port"] = 5672 +default["openstack"]["metering"]["rabbit"]["host"] = "127.0.0.1" +default["openstack"]["metering"]["rabbit"]["ha"] = false + +default["openstack"]["metering"]["conf_dir"] = "/etc/ceilometer" +default["openstack"]["metering"]["conf"] = ::File.join(node["openstack"]["metering"]["conf_dir"], "ceilometer.conf") +default["openstack"]["metering"]["db"]["username"] = "ceilometer" +default["openstack"]["metering"]["periodic_interval"] = 600 +default["openstack"]["metering"]["syslog"]["use"] = false + +default["openstack"]["metering"]["api"]["auth"]["cache_dir"] = "/var/cache/ceilometer/api" + +default["openstack"]["metering"]["user"] = "ceilometer" +default["openstack"]["metering"]["group"] = "ceilometer" + +default["openstack"]["metering"]["region"] = "RegionOne" + +case platform +when "suse" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["metering"]["platform"] = { + "common_packages" => ["openstack-ceilometer"], + "agent_central_packages" => ["openstack-ceilometer-agent-central"], + "agent_central_service" => "openstack-ceilometer-agent-central", + "agent_compute_packages" => ["openstack-ceilometer-agent-compute"], + "agent_compute_service" => "openstack-ceilometer-agent-compute", + "api_packages" => ["openstack-ceilometer-api"], + "api_service" => "openstack-ceilometer-api", + "collector_packages" => ["openstack-ceilometer-collector"], + "collector_service" => "openstack-ceilometer-collector" + } +when "ubuntu" + default["openstack"]["metering"]["platform"] = { + "common_packages" => ["ceilometer-common"], + "agent_central_packages" => ["ceilometer-agent-central"], + "agent_central_service" => "ceilometer-agent-central", + "agent_compute_packages" => ["ceilometer-agent-compute"], + "agent_compute_service" => "ceilometer-agent-compute", + "api_packages" => ["ceilometer-api"], + "api_service" => "ceilometer-api", + "collector_packages" => ["ceilometer-collector", "python-mysqldb"], + "collector_service" => "ceilometer-collector" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/files/default/policy.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/files/default/policy.json new file mode 100644 index 000000000..373c5688b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/files/default/policy.json @@ -0,0 +1,3 @@ +{ + "context_is_admin": [["role:admin"]] +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/metadata.rb new file mode 100644 index 000000000..0d3e7dd1a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/metadata.rb @@ -0,0 +1,21 @@ +name "openstack-metering" +maintainer "AT&T Services, Inc." +maintainer_email "cookbooks@lists.tfoundry.com" +license "Apache 2.0" +description "The OpenStack Metering service Ceilometer." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.4" + +recipe "openstack-metering::agent-central", "Installs agent central service." +recipe "openstack-metering::agent-compute", "Installs agent compute service." +recipe "openstack-metering::api", "Installs API service." +recipe "openstack-metering::collector", "Installs nova network service." +recipe "openstack-metering::common", "Common metering configuration." +recipe "openstack-metering::identity_registration", "Registers the endpoints with Keystone" + +%w{ ubuntu suse }.each do |os| + supports os +end + +depends "openstack-common", "~> 0.4.0" +depends "openstack-identity", "~> 7.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-central.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-central.rb new file mode 100644 index 000000000..5ba85b8ab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-central.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: agent-central +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-metering::common" + +platform = node["openstack"]["metering"]["platform"] +platform["agent_central_packages"].each do |pkg| + package pkg +end + +service platform["agent_central_service"] do + action :start +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-compute.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-compute.rb new file mode 100644 index 000000000..f9dbf0931 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/agent-compute.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: agent-compute +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-metering::common" + +platform = node["openstack"]["metering"]["platform"] +platform["agent_compute_packages"].each do |pkg| + package pkg +end + +# temp fix for compute-agent init not installing properly ubuntu +# See https://bugs.launchpad.net/cloud-archive/+bug/1221945 +if node["platform"] == "ubuntu" + init_script = "/etc/init/ceilometer-agent-compute.conf" + execute "fix init script" do + command "cp #{init_script}.dpkg-new #{init_script}" + not_if { ::File.exists?(init_script) } + end +end + +service platform["agent_compute_service"] do + action :start +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/api.rb new file mode 100644 index 000000000..ce611f2f6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/api.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: api +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, Craig Tracey +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-metering::common" + +directory ::File.dirname(node["openstack"]["metering"]["api"]["auth"]["cache_dir"]) do + owner node["openstack"]["metering"]["user"] + group node["openstack"]["metering"]["group"] + mode 00700 +end + +platform = node["openstack"]["metering"]["platform"] +platform["api_packages"].each do |pkg| + package pkg +end + +service platform["api_service"] do + action :start +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/collector.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/collector.rb new file mode 100644 index 000000000..a42cd3600 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/collector.rb @@ -0,0 +1,47 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: collector +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, Craig Tracey +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-metering::common" + +conf_switch = "--config-file #{node["openstack"]["metering"]["conf"]}" + +execute "database migration" do + command "ceilometer-dbsync #{conf_switch}" +end + +platform = node["openstack"]["metering"]["platform"] +platform["collector_packages"].each do |pkg| + package pkg +end + +# temp fix for collector init not installing properly ubuntu +# See https://bugs.launchpad.net/cloud-archive/+bug/1221945 +if node["platform"] == "ubuntu" + init_script = "/etc/init/ceilometer-collector.conf" + execute "fix init script" do + command "cp #{init_script}.dpkg-new #{init_script}" + not_if { ::File.exists?(init_script) } + end +end + +service platform["collector_service"] do + action :start +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/common.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/common.rb new file mode 100644 index 000000000..252072360 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/common.rb @@ -0,0 +1,85 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: common +# +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, Craig Tracey +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +if node["openstack"]["metering"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform = node["openstack"]["metering"]["platform"] +platform["common_packages"].each do |pkg| + package pkg +end + +rabbit_pass = user_password node["openstack"]["metering"]["rabbit"]["username"] + +db_info = db "metering" +db_user = node["openstack"]["metering"]["db"]["username"] +db_pass = db_password "ceilometer" +db_query = db_info["db_type"] == "mysql" ? "?charset=utf8" : "" +db_uri = db_uri("metering", db_user, db_pass).to_s + db_query + +service_user = node["openstack"]["metering"]["service_user"] +service_pass = service_password "openstack-compute" +service_tenant = node["openstack"]["metering"]["service_tenant_name"] + +identity_endpoint = endpoint "identity-api" +image_endpoint = endpoint "image-api" + +Chef::Log.debug("openstack-metering::common:service_user|#{service_user}") +Chef::Log.debug("openstack-metering::common:service_tenant|#{service_tenant}") +Chef::Log.debug("openstack-metering::common:identity_endpoint|#{identity_endpoint.to_s}") + +directory node["openstack"]["metering"]["conf_dir"] do + owner node["openstack"]["metering"]["user"] + group node["openstack"]["metering"]["group"] + mode 00750 + + action :create +end + +template node["openstack"]["metering"]["conf"] do + source "ceilometer.conf.erb" + owner node["openstack"]["metering"]["user"] + group node["openstack"]["metering"]["group"] + mode 00640 + + variables( + :auth_uri => ::URI.decode(identity_endpoint.to_s), + :database_connection => db_uri, + :image_endpoint => image_endpoint, + :identity_endpoint => identity_endpoint, + :rabbit_pass => rabbit_pass, + :service_pass => service_pass, + :service_tenant_name => service_tenant, + :service_user => service_user + ) +end + +cookbook_file "/etc/ceilometer/policy.json" do + source "policy.json" + mode 00640 + owner node["openstack"]["metering"]["user"] + group node["openstack"]["metering"]["group"] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/identity_registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/identity_registration.rb new file mode 100644 index 000000000..fa78086b2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/recipes/identity_registration.rb @@ -0,0 +1,51 @@ +# +# Cookbook Name:: openstack-metering +# Recipe:: identity_registration +# +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +api_endpoint = endpoint "metering-api" +identity_admin_endpoint = endpoint "identity-admin" +bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" +auth_uri = ::URI.decode identity_admin_endpoint.to_s + +openstack_identity_register "Register Metering Service" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name "ceilometer" + service_type "metering" + service_description "Ceilometer Service" + + action :create_service +end + +openstack_identity_register "Register Metering Endpoint" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_type "metering" + endpoint_region node["openstack"]["metering"]["region"] + endpoint_adminurl ::URI.decode api_endpoint.to_s + endpoint_internalurl ::URI.decode api_endpoint.to_s + endpoint_publicurl ::URI.decode api_endpoint.to_s + + action :create_endpoint +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central-opensuse_spec.rb new file mode 100644 index 000000000..e8607f480 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central-opensuse_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-metering::agent-central" do + before { metering_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-metering::agent-central" + end + + it "installs the agent-central package" do + expect(@chef_run).to install_package "openstack-ceilometer-agent-central" + end + + it "starts the agent-central service" do + expect(@chef_run).to start_service "openstack-ceilometer-agent-central" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central_spec.rb new file mode 100644 index 000000000..39e995a93 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-central_spec.rb @@ -0,0 +1,21 @@ +require_relative "spec_helper" + +describe "openstack-metering::agent-central" do + before { metering_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-metering::agent-central" + end + + expect_runs_common_recipe + + it "installs the agent-central package" do + expect(@chef_run).to install_package "ceilometer-agent-central" + end + + it "starts agent-central service" do + expect(@chef_run).to start_service("ceilometer-agent-central") + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute-opensuse_spec.rb new file mode 100644 index 000000000..e38ddadb5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute-opensuse_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-metering::agent-compute" do + before { metering_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-metering::agent-compute" + end + + it "installs the agent-compute package" do + expect(@chef_run).to install_package "openstack-ceilometer-agent-compute" + end + + it "starts the agent-compute service" do + expect(@chef_run).to start_service "openstack-ceilometer-agent-compute" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute_spec.rb new file mode 100644 index 000000000..e6f9a3a6b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/agent-compute_spec.rb @@ -0,0 +1,21 @@ +require_relative "spec_helper" + +describe "openstack-metering::agent-compute" do + before { metering_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-metering::agent-compute" + end + + expect_runs_common_recipe + + it "installs the agent-compute package" do + expect(@chef_run).to install_package "ceilometer-agent-compute" + end + + it "starts ceilometer-agent-compute service" do + expect(@chef_run).to start_service("ceilometer-agent-compute") + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api-opensuse_spec.rb new file mode 100644 index 000000000..7f65d70f5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api-opensuse_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-metering::api" do + before { metering_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-metering::api" + end + + it "installs the api package" do + expect(@chef_run).to install_package("openstack-ceilometer-api") + end + + it "starts api service" do + expect(@chef_run).to start_service("openstack-ceilometer-api") + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api_spec.rb new file mode 100644 index 000000000..9399b12c0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/api_spec.rb @@ -0,0 +1,35 @@ +require_relative "spec_helper" + +describe "openstack-metering::api" do + before { metering_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-metering::api" + end + + expect_runs_common_recipe + + describe "/var/cache/ceilometer" do + before do + @dir = @chef_run.directory "/var/cache/ceilometer" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "ceilometer", "ceilometer" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "700" + end + end + + it "starts api service" do + expect(@chef_run).to start_service("ceilometer-api") + end + + it "starts api service" do + expect(@chef_run).to start_service("ceilometer-api") + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector-opensuse_spec.rb new file mode 100644 index 000000000..14aac9d49 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector-opensuse_spec.rb @@ -0,0 +1,19 @@ +require_relative "spec_helper" + +describe "openstack-metering::collector" do + before { metering_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-metering::collector" + end + + it "installs the collector package" do + expect(@chef_run).to install_package "openstack-ceilometer-collector" + end + + it "starts the collector service" do + expect(@chef_run).to start_service "openstack-ceilometer-collector" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector_spec.rb new file mode 100644 index 000000000..0d92c2230 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/collector_spec.rb @@ -0,0 +1,26 @@ +require_relative "spec_helper" + +describe "openstack-metering::collector" do + before { metering_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-metering::collector" + end + + expect_runs_common_recipe + + it "executes ceilometer dbsync" do + command = "ceilometer-dbsync --config-file /etc/ceilometer/ceilometer.conf" + expect(@chef_run).to execute_command command + end + + it "installs python-mysqldb", :A => true do + expect(@chef_run).to install_package "python-mysqldb" + end + + it "starts collector service" do + expect(@chef_run).to start_service("ceilometer-collector") + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common-opensuse_spec.rb new file mode 100644 index 000000000..c3ae81818 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common-opensuse_spec.rb @@ -0,0 +1,15 @@ +require_relative "spec_helper" + +describe "openstack-metering::common" do + before { metering_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-metering::common" + end + + it "installs the common package" do + expect(@chef_run).to install_package "openstack-ceilometer" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common_spec.rb new file mode 100644 index 000000000..4d7c3fe22 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/common_spec.rb @@ -0,0 +1,88 @@ +require_relative "spec_helper" + +describe "openstack-metering::common" do + before { metering_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["openstack"]["metering"]["syslog"]["use"] = true + end + @chef_run.converge "openstack-metering::common" + end + + it "runs logging recipe" do + expect(@chef_run).to include_recipe "openstack-common::logging" + end + + it "installs the common package" do + expect(@chef_run).to install_package "ceilometer-common" + end + + describe "/etc/ceilometer" do + before do + @dir = @chef_run.directory "/etc/ceilometer" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "ceilometer", "ceilometer" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "750" + end + end + + describe "/etc/ceilometer" do + before do + @file = @chef_run.template "/etc/ceilometer/ceilometer.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by("ceilometer", "ceilometer") + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq("640") + end + + it "has rabbit_user" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_userid = guest" + end + + it "has rabbit_password" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_password = rabbit-pass" + end + + it "has rabbit_port" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_port = 5672" + end + + it "has rabbit_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_host = 127.0.0.1" + end + + it "has rabbit_virtual_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_virtual_host = /" + end + end + + describe "/etc/ceilometer/policy.json" do + before do + @dir = @chef_run.cookbook_file "/etc/ceilometer/policy.json" + end + + it "has proper owner" do + expect(@dir).to be_owned_by "ceilometer", "ceilometer" + end + + it "has proper modes" do + expect(sprintf("%o", @dir.mode)).to eq "640" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/identity_registration_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/identity_registration_spec.rb new file mode 100644 index 000000000..92dea7b0a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/identity_registration_spec.rb @@ -0,0 +1,42 @@ +require_relative "spec_helper" + +describe "openstack-metering::identity_registration" do + before do + metering_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-metering::identity_registration" + end + + it "registers metering service" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Metering Service" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_name => "ceilometer", + :service_type => "metering", + :action => [:create_service] + ) + end + + it "registers metering endpoint" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Metering Endpoint" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "metering", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "http://127.0.0.1:8777/v1", + :endpoint_internalurl => "http://127.0.0.1:8777/v1", + :endpoint_publicurl => "http://127.0.0.1:8777/v1", + :action => [:create_endpoint] + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/spec_helper.rb new file mode 100644 index 000000000..bd0b397fe --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/spec/spec_helper.rb @@ -0,0 +1,37 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def metering_stubs + ::Chef::Recipe.any_instance.stub(:memcached_servers).and_return [] + ::Chef::Recipe.any_instance.stub(:service_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:db_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:user_password). + with("guest"). + and_return "rabbit-pass" + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "openstack_identity_bootstrap_token"). + and_return "bootstrap-token" +end + +def expect_runs_common_recipe + it "runs common recipe" do + expect(@chef_run).to include_recipe "openstack-metering::common" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/templates/default/ceilometer.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/templates/default/ceilometer.conf.erb new file mode 100644 index 000000000..97d0cec8a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-metering/templates/default/ceilometer.conf.erb @@ -0,0 +1,36 @@ +[DEFAULT] +<% if node["openstack"]["metering"]["host"] %> +host = <%= node["openstack"]["metering"]["host"] %> +<% end %> +os_auth_url = <%= @auth_uri %> +os_tenant_name = <%= @service_tenant_name %> +os_password = <%= @service_pass %> +os_username = <%= @service_user %> +policy_file = /etc/ceilometer/policy.json +database_connection = <%= @database_connection %> +rabbit_userid = <%= node["openstack"]["metering"]["rabbit"]["username"] %> +rabbit_password = <%= @rabbit_pass %> +rabbit_port = <%= node["openstack"]["metering"]["rabbit"]["port"] %> +rabbit_host = <%= node["openstack"]["metering"]["rabbit"]["host"] %> +rabbit_virtual_host = <%= node["openstack"]["metering"]["rabbit"]["vhost"] %> +verbose = True +notification_topics = notifications,glance_notifications +rpc_backend = ceilometer.openstack.common.rpc.impl_kombu +<% if node["openstack"]["metering"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% end %> +<% if node["openstack"]["metering"]["debug"] %> +debug = True +<% end %> +glance_registry_host = <%= @image_endpoint.host %> +periodic_interval = <%= node["openstack"]["metering"]["periodic_interval"] %> + +[keystone_authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +auth_host = <%= @identity_endpoint.host %> +auth_port = <%= @identity_endpoint.port %> +auth_protocol = <%= @identity_endpoint.scheme %> +admin_tenant_name = <%= @service_tenant_name %> +admin_user = <%= @service_user %> +admin_password = <%= @service_pass %> +signing_dir = <%= node["openstack"]["metering"]["api"]["auth"]["cache_dir"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile new file mode 100644 index 000000000..c00fec3bb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile @@ -0,0 +1,6 @@ +metadata + +cookbook 'openstack-identity', :git => 'https://github.com/stackforge/cookbook-openstack-identity.git' +cookbook 'openstack-common', :git => 'https://github.com/stackforge/cookbook-openstack-common.git' +cookbook 'database' +cookbook 'mysql' \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile.lock new file mode 100644 index 000000000..319646211 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Berksfile.lock @@ -0,0 +1,41 @@ +{ + "sources": { + "openstack-network": { + "path": "." + }, + "openstack-identity": { + "locked_version": "7.0.0", + "git": "https://github.com/stackforge/cookbook-openstack-identity.git", + "ref": "b881af26095cfa869a6970067c49597a0ee63586" + }, + "openstack-common": { + "locked_version": "0.4.3", + "git": "https://github.com/stackforge/cookbook-openstack-common.git", + "ref": "eb5eed7126b6a6efbaf803e8a594d610cf661e97" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.0" + }, + "postgresql": { + "locked_version": "3.0.4" + }, + "apt": { + "locked_version": "2.1.1" + }, + "build-essential": { + "locked_version": "1.4.2" + }, + "openssl": { + "locked_version": "1.1.0" + }, + "aws": { + "locked_version": "0.101.4" + }, + "xfs": { + "locked_version": "1.1.0" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/CHANGELOG.md new file mode 100644 index 000000000..a9f15b036 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/CHANGELOG.md @@ -0,0 +1,15 @@ +# CHANGELOG for cookbook-openstack-network + +This file is used to list changes made in each version of cookbook-openstack-common. + +## 7.0.3: +* Parameterize agent_down_time and report_interval settings + +## 7.0.2: +* Add delay to quantum-ha-tool.py script to prevent aggressive migrations + +## 7.0.1: +* Allow quota driver to be set dynamically (LP #1234324) + +## 7.0.0: +* Start Grizzly + Neutron deployment diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile new file mode 100644 index 000000000..bb25f5caa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile @@ -0,0 +1,11 @@ +# A sample Gemfile +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef dependency +gem "berkshelf", "~> 2.0.6" +gem "chefspec", "~> 2.0.0" +gem "foodcritic" +gem "strainer" +gem "webmock", "~> 1.11.0" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile.lock new file mode 100644 index 000000000..955443e27 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Gemfile.lock @@ -0,0 +1,223 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (2.0.6) + activesupport (~> 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (2.0.0) + chef (>= 10.0) + erubis + fauxhai (~> 1.1) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.9.0) + builder (>= 2.1.2) + crack (0.4.0) + safe_yaml (~> 0.9.0) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.1) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.7) + multi_xml (0.5.5) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rak (1.4) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.4) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.5) + rspec-expectations (2.14.2) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.14.3) + rubyntlm (0.1.1) + safe_yaml (0.9.3) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.6.0) + strainer (3.0.4) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + timers (1.1.0) + tins (0.8.2) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + varia_model (0.1.0) + buff-extensions (~> 0.1) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + webmock (1.11.0) + addressable (>= 2.2.7) + crack (>= 0.3.2) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.6) + chef (~> 11.4.4) + chefspec (~> 2.0.0) + foodcritic + json (<= 1.7.7) + strainer + tailor + webmock (~> 1.11.0) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/README.md new file mode 100644 index 000000000..a20a2f77d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/README.md @@ -0,0 +1,100 @@ +Description +=========== + +This cookbook installs the **OpenStack Network** service (formerly project-named Quantum) +as part of a Chef reference deployment of OpenStack. + +More information about the OpenStack Network service is available +[here](http://docs.openstack.org/trunk/openstack-network/admin/content/index.html) + +Usage +===== + +OpenStack Network's design is modular, with plugins available that handle L2 and +L3 networking for various hardware vendors and standards. + +Requirements +============ + +Chef 11.4.4 or higher required (for Chef environment use) + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* identity +* openstack-common `>= 2.0.0` + +Recipes +======= + +server +------ + +- Installs the openstack-network API server + +dhcp\_agent +-------- + +- Installs the DHCP agent + +l3\_agent +-------- + +- Installs the L3 agent and metadata agent + +Identity-registration +--------------------- + +- Registers the OpenStack Network API endpoint and service user with Keystone + +Attributes +========== + +TODO + +Templates +========= + +* `api-paste.ini.erb` - Paste config for OpenStack Network server +* `quantum.conf.erb` - Config file for OpenStack Network server +* `policy.json.erb` - Configuration of ACLs for glance API server + +Testing +======= + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Authors** | Alan Meadows () | +| | Jay Pipes () | +| | Ionut Artarisi () | +| | | +| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. | +| | Copyright (c) 2013, SUSE Linux GmbH | +| | Copyright (c) 2012, Rackspace US, Inc. | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb new file mode 100644 index 000000000..258750910 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb @@ -0,0 +1,832 @@ +# +# Cookbook Name:: openstack-network +# Attributes:: default +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["network"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +default["openstack"]["network"]["verbose"] = "False" +default["openstack"]["network"]["debug"] = "False" + +# Gets set in the Network Endpoint when registering with Keystone +default["openstack"]["network"]["region"] = "RegionOne" +default["openstack"]["network"]["service_user"] = "quantum" +default["openstack"]["network"]["service_role"] = "admin" +default["openstack"]["network"]["service_name"] = "quantum" +default["openstack"]["network"]["service_type"] = "network" +default["openstack"]["network"]["description"] = "OpenStack Networking service" + +# The rabbit user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["network"]["rabbit_server_chef_role"] = "rabbitmq-server" +default["openstack"]["network"]["rabbit"]["username"] = "guest" +default["openstack"]["network"]["rabbit"]["vhost"] = "/" +default["openstack"]["network"]["rabbit"]["port"] = 5672 +default["openstack"]["network"]["rabbit"]["host"] = "127.0.0.1" +default["openstack"]["network"]["rabbit"]["ha"] = false + +# The database username for the quantum database +default["openstack"]["network"]["db"]["username"] = "quantum" + +# Used in the Keystone authtoken middleware configuration +default["openstack"]["network"]["service_tenant_name"] = "service" +default["openstack"]["network"]["service_user"] = "quantum" +default["openstack"]["network"]["service_role"] = "admin" + +# The maximum number of seconds we will wait for an agent to checkin +default["openstack"]["network"]["api"]["agent"]["agent_down_time"] = 15 + +# The default agent reporting interval in seconds +default["openstack"]["network"]["api"]["agent"]["agent_report_interval"] = 4 + +# The agent signing directory for api server +default["openstack"]["network"]["api"]["agent"]["signing_dir"] = "/var/lib/quantum/keystone-signing" + +# Keystone PKI signing directory. +default["openstack"]["network"]["api"]["auth"]["cache_dir"] = "/var/cache/quantum/api" + +# If bind_interface is set, the quantum API service will bind to the +# address on this interface and use the port in bind_port. Otherwise, +# it will bind to the API endpoint's host. +default["openstack"]["network"]["api"]["bind_interface"] = nil +default["openstack"]["network"]["api"]["bind_port"] = 9696 + +# logging attribute +default["openstack"]["network"]["syslog"]["use"] = false + +# The driver for Quota management in Neutron. Possible values: +# quantum.quota.ConfDriver (default) +# quantum.quota.DbDriver +# +# Note: set this to the DbDriver if you want to be able to update +# quotas for networks/subnets/security groups! +default["openstack"]["network"]["quota"]["driver"] = "quantum.quota.ConfDriver" + +# Whether or not we want to disable offloading +# on all the NIC interfaces (currently only supports +# ubuntu and debian). This can help if openvswitch +# or nicira plugins are crashing the sdn routers +default['openstack']['network']['disable_offload'] = false + +# configure quantum ha tool installation parameters +default["openstack"]["network"]["quantum_ha_cmd_cron"] = false +default["openstack"]["network"]["quantum_ha_cmd"] = "/usr/local/bin/quantum-ha-tool.py" +default["openstack"]["network"]["cron_l3_healthcheck"] = "*/1" +default["openstack"]["network"]["cron_replicate_dhcp"] = "*/1" + +# the plugins to install on the server. this will be +# quantum-plugin-%plugin% and the first plugin in the +# list should match the core plugin below +# N.B. this will be ignored on SUSE as all plugins are installed by +# default by the main openstack-quantum package +default["openstack"]["network"]["plugins"] = ['openvswitch', 'openvswitch-agent' ] + +# the core plugin to use for quantum +default["openstack"]["network"]["core_plugin"] = "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" + +# The bridging interface driver. +# +# Options are: +# +# - quantum.agent.linux.interface.OVSInterfaceDriver +# - quantum.agent.linux.interface.BridgeInterfaceDriver +# + +default["openstack"]["network"]["interface_driver"] = 'quantum.agent.linux.interface.OVSInterfaceDriver' + +# maps the above driver to a plugin name +default["openstack"]["network"]["interface_driver_map"] = { + 'ovsinterfacedriver' => 'openvswitch', + 'bridgeinterfacedriver' => 'linuxbridge' +} + +default["openstack"]["network"]["plugin_conf_map"] = { + 'ovsinterfacedriver' => 'openvswitch/ovs_quantum_plugin.ini', + 'bridgeinterfacedriver' => 'linuxbridge/linuxbridge_conf.ini' +} + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +default["openstack"]["network"]["dhcp_driver"] = 'quantum.agent.linux.dhcp.Dnsmasq' + +# Use namespaces and optionally allow overlapping IPs. You +# must enable namespaces to use overlapping ips. Also, +# you must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces. +default["openstack"]["network"]["use_namespaces"] = "True" +default["openstack"]["network"]["allow_overlapping_ips"] = "False" + +# use quantum root wrap +default["openstack"]["network"]["use_rootwrap"] = true + +# ============================= DHCP Agent Configuration =================== + +# The scheduler class to use for scheduling to DHCP agents +default["openstack"]["network"]["dhcp"]["scheduler"] = "quantum.scheduler.dhcp_agent_scheduler.ChanceScheduler" + +# Override the default mtu setting given to virtual machines +# to 1454 to allow for tunnel and other encapsulation overhead. You +# can adjust this from 1454 to 1500 if you do not want any lowering +# of the default guest MTU. +default["openstack"]["network"]["dhcp"]["dhcp-option"] = "26,1454" + +# Number of seconds between sync of DHCP agent with Quantum API server +default["openstack"]["network"]["dhcp"]["resync_interval"] = 5 + +# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS +# as OpenFlow switch and check port status +default["openstack"]["network"]["dhcp"]["ovs_use_veth"] = "True" + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet gateway_ip is None. The guest instance must +# be configured to request host routes via DHCP (Option 121). +default["openstack"]["network"]["dhcp"]["enable_isolated_metadata"] = "False" + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Quantum router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +default["openstack"]["network"]["dhcp"]["enable_metadata_network"] = "False" + +# On ubuntu precise, we build dnsmasq from source to fetch a more recent +# version of dnsmasq since a backport is not available. For any other +# platform, dnsmasq will be installed as a package +# +# See https://lists.launchpad.net/openstack/msg11696.html +default["openstack"]["network"]["dhcp"]["dnsmasq_url"] = "https://github.com/guns/dnsmasq/archive/v2.65.tar.gz" + +# The name of the file we will fetch +default["openstack"]["network"]["dhcp"]["dnsmasq_filename"] = "v2.65.tar.gz" + +# The checksum of the remote file we fetched +default["openstack"]["network"]["dhcp"]["dnsmasq_checksum"] = "f6cab8c64cb612089174f50927a05e2b" + +# The package architecture that will be built which should match the +# archecture of the server this cookbook will run on which will be +# amd64 or i386 +default["openstack"]["network"]["dhcp"]["dnsmasq_architecture"] = "amd64" + +# The debian package version that the above tarball will produce +default["openstack"]["network"]["dhcp"]["dnsmasq_dpkgversion"] = "2.65-1" + +# Upstream resolver to use +# This will be used by dnsmasq to resolve recursively +# but will not be used if the tenant specifies a dns +# server in their subnet +# +# Defaults are spread out across multiple, presumably +# reliable, upstream providers +# +# 8.8.8.8 is Google +# 209.244.0.3 is Level3 +# +# May be a comma separated list of servers +default["openstack"]["network"]["dhcp"]["upstream_dns_servers"] = ["8.8.8.8", "209.244.0.3"] + +# Set the default domain in dnsmasq +default["openstack"]["network"]["dhcp"]["default_domain"] = "openstacklocal" + +# ============================= L3 Agent Configuration ===================== + +# The scheduler class to use for scheduling routers to L3 agents +default["openstack"]["network"]["l3"]["scheduler"] = "quantum.scheduler.l3_agent_scheduler.ChanceScheduler" + +# If use_namespaces is set as False then the agent can only configure one router. +# This is done by setting the specific router_id. +default["openstack"]["network"]["l3"]["router_id"] = nil + +# Each L3 agent can be associated with at most one external network. This +# value should be set to the UUID of that external network. If empty, +# the agent will enforce that only a single external networks exists and +# use that external network id +default["openstack"]["network"]["l3"]["gateway_external_network_id"] = nil + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Quantum deployment, and may be False for all agents +# if all routers must have an external network gateway +default["openstack"]["network"]["l3"]["handle_internal_only_routers"] = "True" + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge +default["openstack"]["network"]["l3"]["external_network_bridge"] = "br-ex" + +# Interface to use for external bridge. +default["openstack"]["network"]["l3"]["external_network_bridge_interface"] = "eth1" + +# TCP Port used by Quantum metadata server +default["openstack"]["network"]["l3"]["metadata_port"] = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +default["openstack"]["network"]["l3"]["send_arp_for_ha"] = 3 + +# seconds between re-sync routers' data if needed +default["openstack"]["network"]["l3"]["periodic_interval"] = 40 + +# seconds to start to sync routers' data after +# starting agent +default["openstack"]["network"]["l3"]["periodic_fuzzy_delay"] = 5 + +# ============================= Metadata Agent Configuration =============== + +# The location of the Nova Metadata API service to proxy to (nil uses default) +default["openstack"]["network"]["metadata"]["nova_metadata_ip"] = "127.0.0.1" +default["openstack"]["network"]["metadata"]["nova_metadata_port"] = 8775 + +# The name of the secret databag containing the metadata secret +default["openstack"]["network"]["metadata"]["secret_name"] = "quantum_metadata_secret" + + +# ============================= LBaaS Agent Configuration ================== + +# Enable or disable quantum loadbalancer +default["openstack"]["network"]["quantum_loadbalancer"] = false + +# Plugin configuration path +default["openstack"]["network"]["lbaas_config_path"] = "/etc/quantum/plugins/services/agent_loadbalancer" + +# Number of seconds between sync of LBaaS agent with Quantum API server +default["openstack"]["network"]["lbaas"]["periodic_interval"] = 10 + +# Set lbaas plugin +# Supported types are: "ovs" (ovs based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)) +# and "linuxbridge". +default["openstack"]["network"]["lbaas_plugin"] = "ovs" + +# ============================= OVS Plugin Configuration =================== + +# Type of network to allocate for tenant networks. The default value 'local' is +# useful only for single-box testing and provides no connectivity between hosts. +# You MUST either change this to 'vlan' and configure network_vlan_ranges below +# or change this to 'gre' and configure tunnel_id_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to disable creation +# of tenant networks. +default["openstack"]["network"]["openvswitch"]["tenant_network_type"] = 'local' + +# Comma-separated list of [::] tuples enumerating +# ranges of VLAN IDs on named physical networks that are available for allocation. +# All physical networks listed are available for flat and VLAN provider network +# creation. Specified ranges of VLAN IDs are available for tenant network +# allocation if tenant_network_type is 'vlan'. If empty, only gre and local +# networks may be created +# +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] = nil + +# Set to True in the server and the agents to enable support +# for GRE networks. Requires kernel support for OVS patch ports and +# GRE tunneling. +default["openstack"]["network"]["openvswitch"]["enable_tunneling"] = "False" + +# Comma-separated list of : tuples +# enumerating ranges of GRE tunnel IDs that are available for tenant +# network allocation if tenant_network_type is 'gre'. +# +# Example: tunnel_id_ranges = 1:1000 +default["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] = nil + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch bay". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity +default["openstack"]["network"]["openvswitch"]["integration_bridge"] = 'br-int' + +# Only used for the agent if tunnel_id_ranges (above) is not empty for +# the server. In most cases, the default value should be fine +default["openstack"]["network"]["openvswitch"]["tunnel_bridge"] = "br-tun" + +# Peer patch port in integration bridge for tunnel bridge (nil uses default) +default["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] = nil + +# Peer patch port in tunnel bridge for integration bridge (nil uses default) +default["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] = nil + +# Uncomment this line for the agent if tunnel_id_ranges (above) is not +# empty for the server. Set local_ip to be the local IP address of +# this hypervisor or set the local_ip_interface parameter to use the IP +# address of the specified interface. If local_ip_interface is set +# it will take precedence. +default["openstack"]["network"]["openvswitch"]["local_ip"] = "127.0.0.1" +default["openstack"]["network"]["openvswitch"]["local_ip_interface"] = nil + +# Comma-separated list of : tuples +# mapping physical network names to the agent's node-specific OVS +# bridge names to be used for flat and VLAN networks. The length of +# bridge names should be no more than 11. Each bridge must +# exist, and should have a physical network interface configured as a +# port. All physical networks listed in network_vlan_ranges on the +# server should have mappings to appropriate bridges on each agent. +# +# Example: bridge_mappings = physnet1:br-eth1 +default["openstack"]["network"]["openvswitch"]["bridge_mappings"] = nil + +# Firewall driver for realizing quantum security group function +default["openstack"]["network"]["openvswitch"]["fw_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + +# The newest version of OVS which comes with 12.04 Precise is 1.4.0 +# Which is legacy. Should we compile a newer version from source? +# If so, set ['openstack']['network']['openvswitch']['use_source_version'] +# to true, and configure the packages, versions, checksums, etc. you wish +# to use +default['openstack']['network']['openvswitch']['use_source_version'] = false + +# Url of the OVS source tarball +default['openstack']['network']['openvswitch']['openvswitch_url'] = "http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=snapshot;h=88dbaa9dc554d0ace1867bf23144788bd6f700bb;sf=tgz" + +# Filename the above URL actually downloads. +default['openstack']['network']['openvswitch']['openvswitch_filename'] = "openvswitch-88dbaa9.tar.gz" + +# What is the base filename (essentially, the above without the .tar.gz) +default['openstack']['network']['openvswitch']['openvswitch_base_filename'] = "openvswitch-88dbaa9" + +# Checksum of the file for verification +default['openstack']['network']['openvswitch']['openvswitch_checksum'] = "22df718eb81fcfe93228e9bba8575e50" + +# What version of the package does this install +default['openstack']['network']['openvswitch']['openvswitch_dpkgversion'] = "1.10.2-1" + +# What arch are we building for +default['openstack']['network']['openvswitch']['openvswitch_architecture'] = "amd64" + +# ============================= LinuxBridge Plugin Configuration =========== + +# Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST change this to +# 'vlan' and configure network_vlan_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +default["openstack"]["network"]["linuxbridge"]["tenant_network_type"] = 'local' + +# Comma-separated list of [::] tuples enumerating +# ranges of VLAN IDs on named physical networks that are available for allocation. +# All physical networks listed are available for flat and VLAN provider network +# creation. Specified ranges of VLAN IDs are available for tenant network +# allocation if tenant_network_type is 'vlan'. If empty, only gre and local +# networks may be created. +# +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["linuxbridge"]["network_vlan_ranges"] = "" + +# (ListOpt) Comma-separated list of +# : tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# Example: physical_interface_mappings = physnet1:eth1 +default["openstack"]["network"]["linuxbridge"]["physical_interface_mappings"] = "" + +# ============================= BigSwitch Plugin Configuration ============= + +# Not really sure what this is... +default["openstack"]["network"]["bigswitch"]["servers"] = "localhost:8080" + +# ============================= Brocade Plugin Configuration =============== + +# username = +default["openstack"]["network"]["brocade"]["switch_username"] = "admin" + +# password = +default["openstack"]["network"]["brocade"]["switch_password"] = "admin" + +# address = +default["openstack"]["network"]["brocade"]["switch_address"] = "127.0.0.1" + +# ostype = NOS +default["openstack"]["network"]["brocade"]["switch_ostype"] = "NOS" + +# physical_interface = +# +# Example: +# physical_interface = physnet1 +default["openstack"]["network"]["brocade"]["physical_interface"] = "physnet1" + +# (ListOpt) Comma-separated list of +# [::] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. +# +# Default: network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["brocade"]["network_vlan_ranges"] = "" + +# (ListOpt) Comma-separated list of +# : tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# Example: physical_interface_mappings = physnet1:eth1 +default["openstack"]["network"]["brocade"]["physical_interface_mappings"] = "" + +# ============================= Cisco Plugin Configuration ================= + +# The module and class name path for the nexus plugin +default["openstack"]["network"]["cisco"]["nexus_plugin"] = "quantum.plugins.cisco.nexus.cisco_nexus_plugin_v2.NexusPlugin" + +# The module and class name path for the vswitch plugin +default["openstack"]["network"]["cisco"]["vswitch_plugin"] = "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" + +# Start of the tenant VLAN range +default["openstack"]["network"]["cisco"]["vlan_start"] = 100 + +# End of the tenant VLAN range +default["openstack"]["network"]["cisco"]["vlan_end"] = 3000 + +# Prefix for tenant VLANs +default["openstack"]["network"]["cisco"]["vlan_name_prefix"] = "q-" + +# Maximum number of ports +default["openstack"]["network"]["cisco"]["max_ports"] = 100 +# Max number of port profiles +default["openstack"]["network"]["cisco"]["max_port_profiles"] = 65568 + +# Maximum number of networks +default["openstack"]["network"]["cisco"]["max_networks"] = 65568 + +# Module and class path for switch model +default["openstack"]["network"]["cisco"]["model_class"] = "quantum.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2" + +# Module and class path for VLAN network manager +default["openstack"]["network"]["cisco"]["manager_class"] = "quantum.plugins.cisco.segmentation.l2network_vlan_mgr_v2.L2NetworkVLANMgr" + +# Module and class path for the Nexus driver +default["openstack"]["network"]["cisco"]["nexus_driver"] = "quantum.plugins.cisco.tests.unit.v2.nexus.fake_nexus_driver.CiscoNEXUSFakeDriver" + +# For each Nexus switch, add a hash to the +# node["openstack"]["network"]["cisco"]["nexus_switches"] Hash, +# using the switch's IP address as the outer Hash key with each +# hash containing this information: +# +# - ssh_port= +# - username= +# - password= +# - hosts = [ (,), ... ] +# +# Example: +# +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["ssh_port"] = 22 +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["username"] = "admin" +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["password"] = "mySecretPassword" +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["hosts"] = [ [ "compute1", "1/1" ], +# [ "compute2", "1/2" ]] +# +# +# will write the following to the Cisco plugin config INI file: +# [NEXUS_SWITCH:1.1.1.1] +# compute1=1/1 +# compute2=1/2 +# ssh_port=22 +# username=admin +# password=mySecretPassword +# +default["openstack"]["network"]["cisco"]["nexus_switches"] = {} + +# ============================= Hyper-V Plugin Configuration =============== + +# Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST change this to +# 'vlan' and configure network_vlan_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +default["openstack"]["network"]["hyperv"]["tenant_network_type"] = 'local' + +# Comma-separated list of [::] tuples enumerating +# ranges of VLAN IDs on named physical networks that are available for allocation. +# All physical networks listed are available for flat and VLAN provider network +# creation. Specified ranges of VLAN IDs are available for tenant network +# allocation if tenant_network_type is 'vlan'. If empty, only gre and local +# networks may be created. +# +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["hyperv"]["network_vlan_ranges"] = "" + +# Agent's polling interval in seconds +default["openstack"]["network"]["hyperv"]["polling_interval"] = 2 + +# (ListOpt) Comma separated list of : +# where the physical networks can be expressed with wildcards, +# e.g.: ."*:external". +# The referred external virtual switches need to be already present on +# the Hyper-V server. +# If a given physical network name will not match any value in the list +# the plugin will look for a virtual switch with the same name. +# +# Default: physical_network_vswitch_mappings = *:external +# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 +default["openstack"]["network"]["hyperv"]["physical_network_vswitch_mappings"] = "*:external" + +# (StrOpt) Private virtual switch name used for local networking. +# +# Default: local_network_vswitch = private +# Example: local_network_vswitch = custom_vswitch +default["openstack"]["network"]["hyperv"]["local_network_vswitch"] = "private" + +# ============================= Metaplugin Plugin Configuration ============ + +## This is list of flavor:quantum_plugins +# extension method is used in the order of this list +default["openstack"]["network"]["metaplugin"]["plugin_list"] = "openvswitch:quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2,linuxbridge:quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2" +default["openstack"]["network"]["metaplugin"]["l3_plugin_list"] = "openvswitch:quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2,linuxbridge:quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2" + +# Default "flavor" for L2 and L3 +default["openstack"]["network"]["metaplugin"]["default_flavor"] = "openvswitch" +default["openstack"]["network"]["metaplugin"]["default_l3_flavor"] = "openvswitch" + +# ============================= Midonet Plugin Configuration =============== + +# MidoNet API server URI +default["openstack"]["network"]["midonet"]["midonet_uri"] = "http://localhost:8080/midonet-api" + +# MidoNet admin username +default["openstack"]["network"]["midonet"]["username"] = "admin" + +# MidoNet admin password +default["openstack"]["network"]["midonet"]["password"] = "passw0rd" + +# ID of the project that MidoNet admin user belongs to +default["openstack"]["network"]["midonet"]["project_id"] = "77777777-7777-7777-7777-777777777777" + +# Virtual provider router ID +default["openstack"]["network"]["midonet"]["provider_router_id"] = "00112233-0011-0011-0011-001122334455" + +# Virtual metadata router ID +default["openstack"]["network"]["midonet"]["metadata_router_id"] = "ffeeddcc-ffee-ffee-ffee-ffeeddccbbaa" + +# ============================= NEC Plugin Configuration =================== + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +default["openstack"]["network"]["nec"]["integration_bridge"] = "br-int" + +# Agent's polling interval in seconds +default["openstack"]["network"]["nec"]["polling_interval"] = 2 + +# Firewall driver for realizing quantum security group function +default["openstack"]["network"]["nec"]["firewall_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + +# Specify OpenFlow Controller Host, Port and Driver to connect. +default["openstack"]["network"]["nec"]["ofc_host"] = "127.0.0.1" +default["openstack"]["network"]["nec"]["ofc_port"] = 8888 + +# Drivers are in quantum/plugins/nec/drivers/ . +default["openstack"]["network"]["nec"]["ofc_driver"] = "trema" + +# PacketFilter is available when it's enabled in this configuration +# and supported by the driver. +default["openstack"]["network"]["nec"]["ofc_enable_packet_filter"] = "true" + +# ============================= Nicira Plugin Configuration ================ + +# User name for NVP controller +default["openstack"]["network"]["nicira"]["nvp_user"] = "admin" + +# Password for NVP controller +default["openstack"]["network"]["nicira"]["nvp_password"] = "admin" + +# Total time limit for a cluster request +# (including retries across different controllers) +default["openstack"]["network"]["nicira"]["req_timeout"] = 30 + +# Time before aborting a request on an unresponsive controller +default["openstack"]["network"]["nicira"]["http_timeout"] = 10 + +# Maximum number of times a particular request should be retried +default["openstack"]["network"]["nicira"]["retries"] = 2 + +# Maximum number of times a redirect response should be followed +default["openstack"]["network"]["nicira"]["redirects"] = 2 + +# Comma-separated list of NVP controller endpoints (:). When port +# is omitted, 443 is assumed. This option MUST be specified, e.g.: +default["openstack"]["network"]["nicira"]["nvp_controllers"] = "xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80" + +# UUID of the pre-existing default NVP Transport zone to be used for creating +# tunneled isolated "Quantum" networks. This option MUST be specified, e.g.: +default["openstack"]["network"]["nicira"]["default_tz_uuid"] = "1e8e52cf-fa7f-46b0-a14a-f99835a9cb53" + +# (Optional) UUID of the cluster in NVP. It can be retrieved from NVP management +# console "admin" section. +default["openstack"]["network"]["nicira"]["nvp_cluster_uuid"] = "615be8e4-82e9-4fd2-b4b3-fd141e51a5a7" + +# (Optional) UUID for the default l3 gateway service to use with this cluster. +# To be specified if planning to use logical routers with external gateways. +default["openstack"]["network"]["nicira"]["default_l3_gw_service_uuid"] = "" + +# (Optional) UUID for the default l2 gateway service to use with this cluster. +# To be specified for providing a predefined gateway tenant for connecting their networks. +default["openstack"]["network"]["nicira"]["default_l2_gw_service_uuid"] = "" + +# Name of the default interface name to be used on network-gateway. This value +# will be used for any device associated with a network gateway for which an +# interface name was not specified +default["openstack"]["network"]["nicira"]["default_iface_name"] = "breth0" + +# number of network gateways allowed per tenant, -1 means unlimited +default["openstack"]["network"]["nicira"]["quota_network_gateway"] = 5 + +# Maximum number of ports for each bridged logical switch +default["openstack"]["network"]["nicira"]["max_lp_per_bridged_ls"] = 64 + +# Maximum number of ports for each overlay (stt, gre) logical switch +default["openstack"]["network"]["nicira"]["max_lp_per_overlay_ls"] = 256 + +# Number of connects to each controller node. +default["openstack"]["network"]["nicira"]["concurrent_connections"] = 3 + +# Acceptable values for 'metadata_mode' are: +# - 'access_network': this enables a dedicated connection to the metadata +# proxy for metadata server access via Quantum router. +# - 'dhcp_host_route': this enables host route injection via the dhcp agent. +# This option is only useful if running on a host that does not support +# namespaces otherwise access_network should be used. +default["openstack"]["network"]["nicira"]["metadata_mode"] = "access_network" + +# ============================= PLUMGrid Plugin Configuration ============== + +# This line should be pointing to the NOS server, +# for the PLUMgrid platform. In other deployments, +# this is known as controller +default["openstack"]["network"]["plumgrid"]["nos_server"] = "127.0.0.1" +default["openstack"]["network"]["plumgrid"]["nos_server_port"] = "" + +# Authentification parameters for the NOS server. +# These are the admin credentials to manage and control +# the NOS server. +default["openstack"]["network"]["plumgrid"]["username"] = "" +default["openstack"]["network"]["plumgrid"]["password"] = "" +default["openstack"]["network"]["plumgrid"]["servertimeout"] = 5 + +# Name of the network topology to be deployed by NOS +default["openstack"]["network"]["plumgrid"]["topologyname"] = "" + +# ============================= Ryu Plugin Configuration =================== + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +default["openstack"]["network"]["ryu"]["integration_bridge"] = "br-int" + +# openflow_rest_api = : +default["openstack"]["network"]["ryu"]["openflow_rest_api"] = "127.0.0.1:8080" + +# tunnel key range: 0 < tunnel_key_min < tunnel_key_max +# VLAN: 12bits, GRE, VXLAN: 24bits +default["openstack"]["network"]["ryu"]["tunnel_key_min"] = 1 +default["openstack"]["network"]["ryu"]["tunnel_key_max"] = "0xffffff" + +# tunnel_ip = +# tunnel_interface = interface for tunneling +# when tunnel_ip is NOT specified, ip address is read +# from this interface +default["openstack"]["network"]["ryu"]["tunnel_ip"] = "" +default["openstack"]["network"]["ryu"]["tunnel_interface"] = "eth0" + +# ovsdb_port = port number on which ovsdb is listening +# ryu-agent uses this parameter to setup ovsdb. +# ovs-vsctl set-manager ptcp: +# See set-manager section of man ovs-vsctl for details. +# currently ptcp is only supported. +# ovsdb_ip = +# ovsdb_interface = interface for ovsdb +# when ovsdb_addr NOT specifiied, ip address is gotten +# from this interface +default["openstack"]["network"]["ryu"]["ovsdb_port"] = 6634 +default["openstack"]["network"]["ryu"]["ovsdb_ip"] = "" +default["openstack"]["network"]["ryu"]["ovsdb_interface"] = "eth0" + +# Firewall driver for realizing quantum security group function +default["openstack"]["network"]["ryu"]["firewall_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + +# Agent's polling interval in seconds +default["openstack"]["network"]["ryu"]["polling_interval"] = 2 + +# platform-specific settings +case platform +when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["network"]["platform"] = { + "user" => "quantum", + "group" => "quantum", + "mysql_python_packages" => [ "MySQL-python" ], + "postgresql_python_packages" => ["python-psycopg2"], + "nova_network_packages" => [ "openstack-nova-network" ], + "quantum_packages" => [ "openstack-quantum" ], + "quantum_client_packages" => [], + "quantum_dhcp_packages" => [ "openstack-quantum" ], + "quantum_dhcp_build_packages" => [], + "quantum_l3_packages" => [ "quantum-l3-agent" ], + "quantum_openvswitch_packages" => ["openvswitch"], + "quantum_openvswitch_agent_packages" => ["openstack-quantum-openvswitch-agent"], + "quantum_linuxbridge_agent_packages" => ["openstack-quantum-linuxbridge"], + "quantum_metadata_agent_packages" => [], + "quantum_plugin_package" => "openstack-quantum-%plugin%", + "quantum_server_packages" => [], + "quantum_dhcp_agent_service" => "quantum-dhcp-agent", + "quantum_l3_agent_service" => "quantum-l3-agent", + "quantum_metadata_agent_service" => "quantum-metadata-agent", + "quantum_openvswitch_service" => "openvswitch", + "quantum_openvswitch_agent_service" => "openstack-quantum-openvswitch-agent", + "quantum_linuxbridge_agent_service" => "quantum-linuxbridge-agent", + "quantum_server_service" => "quantum-server", + "package_overrides" => "" + } + if platform == "redhat" || platform == "centos" + default["openstack"]["network"]["platform"]["quantum_openvswitch_agent_packages"] = ["openstack-quantum-openvswitch"] + default["openstack"]["network"]["platform"]["quantum_openvswitch_agent_service"] = "quantum-openvswitch-agent" + end +when "suse" + default["openstack"]["network"]["platform"] = { + "user" => "openstack-quantum", + "group" => "openstack-quantum", + "mysql_python_packages" => ["python-mysql"], + "postgresql_python_packages" => ["python-psycopg2"], + "nova_network_packages" => ["openstack-nova-network"], + "quantum_packages" => ["openstack-quantum"], + "quantum_client_packages" => [], + "quantum_dhcp_packages" => ["openstack-quantum-dhcp-agent"], + "quantum_dhcp_build_packages" => [], + "quantum_l3_packages" => ["openstack-quantum-l3-agent"], + # plugins are installed by the main openstack-quantum package on SUSE + "quantum_plugin_package" => "", + "quantum_metadata_agent_packages" => ["openstack-quantum-metadata-agent"], + "quantum_openvswitch_packages" => ["openvswitch-switch"], + "quantum_openvswitch_agent_packages" => ["openstack-quantum-openvswitch-agent"], + "quantum_linuxbridge_agent_packages" => ["openstack-quantum-linuxbridge-agent"], + "quantum_metadata_agent_packages" => ["openstack-quantum-metadata-agent"], + "quantum_server_packages" => [], + "quantum_dhcp_agent_service" => "openstack-quantum-dhcp-agent", + "quantum_l3_agent_service" => "openstack-quantum-l3-agent", + "quantum_metadata_agent_service" => "openstack-quantum-metadata-agent", + "quantum_openvswitch_service" => "openvswitch-switch", + "quantum_openvswitch_agent_service" => "openstack-quantum-openvswitch-agent", + "quantum_linuxbridge_agent_service" => "openstack-quantum-linuxbridge-agent", + "quantum_server_service" => "openstack-quantum", + "package_overrides" => "" + } +when "ubuntu" + default["openstack"]["network"]["platform"] = { + "user" => "quantum", + "group" => "quantum", + "mysql_python_packages" => [ "python-mysqldb" ], + "postgresql_python_packages" => [ "python-psycopg2" ], + "nova_network_packages" => [ "nova-network" ], + "quantum_lb_packages" => ["quantum-lbaas-agent", "haproxy"], + "quantum_packages" => [ "quantum-common", "python-pyparsing", "python-cliff" ], + "quantum_client_packages" => [ "python-quantumclient", "python-pyparsing" ], + "quantum_dhcp_packages" => [ "quantum-dhcp-agent" ], + "quantum_dhcp_build_packages" => [ "build-essential", "pkg-config", "libidn11-dev", "libdbus-1-dev", "libnetfilter-conntrack-dev", "gettext" ], + "quantum_l3_packages" => [ "quantum-l3-agent" ], + "quantum_openvswitch_packages" => [ "openvswitch-switch", "openvswitch-datapath-dkms", "bridge-utils" ], + "quantum_openvswitch_build_packages" => [ "build-essential", "pkg-config", "fakeroot", "libssl-dev", "openssl", "debhelper", "autoconf", "dkms", "python-all", "python-qt4", "python-zopeinterface", "python-twisted-conch" ], + "quantum_openvswitch_agent_packages" => [ "quantum-plugin-openvswitch", "quantum-plugin-openvswitch-agent" ], + "quantum_linuxbridge_agent_packages" => [ "quantum-plugin-linuxbridge", "quantum-plugin-linuxbridge-agent" ], + "quantum_metadata_agent_packages" => [ "quantum-metadata-agent" ], + "quantum_plugin_package" => "quantum-plugin-%plugin%", + "quantum_server_packages" => ["quantum-server"], + "quantum_dhcp_agent_service" => "quantum-dhcp-agent", + "quantum_l3_agent_service" => "quantum-l3-agent", + "quantum_metadata_agent_service" => "quantum-metadata-agent", + "quantum_openvswitch_service" => "openvswitch-switch", + "quantum_openvswitch_agent_service" => "quantum-plugin-openvswitch-agent", + "quantum_linuxbridge_agent_service" => "quantum-plugin-linuxbridge-agent", + "quantum_server_service" => "quantum-server", + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb.save b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb.save new file mode 100644 index 000000000..7fe134055 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/attributes/default.rb.save @@ -0,0 +1,828 @@ +# +# Cookbook Name:: openstack-network +# Attributes:: default +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["openstack"]["network"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +default["openstack"]["network"]["verbose"] = "False" +default["openstack"]["network"]["debug"] = "False" + +# Gets set in the Network Endpoint when registering with Keystone +default["openstack"]["network"]["region"] = "RegionOne" +default["openstack"]["network"]["service_user"] = "quantum" +default["openstack"]["network"]["service_role"] = "admin" +default["openstack"]["network"]["service_name"] = "quantum" +default["openstack"]["network"]["service_type"] = "network" +default["openstack"]["network"]["description"] = "OpenStack Networking service" + +# The rabbit user's password is stored in an encrypted databag +# and accessed with openstack-common cookbook library's +# user_password routine. You are expected to create +# the user, pass, vhost in a wrapper rabbitmq cookbook. +default["openstack"]["network"]["rabbit_server_chef_role"] = "rabbitmq-server" +default["openstack"]["network"]["rabbit"]["username"] = "guest" +default["openstack"]["network"]["rabbit"]["vhost"] = "/" +default["openstack"]["network"]["rabbit"]["port"] = 5672 +default["openstack"]["network"]["rabbit"]["host"] = "127.0.0.1" +default["openstack"]["network"]["rabbit"]["ha"] = false + +# The database username for the quantum database +default["openstack"]["network"]["db"]["username"] = "quantum" + +# Used in the Keystone authtoken middleware configuration +default["openstack"]["network"]["service_tenant_name"] = "service" +default["openstack"]["network"]["service_user"] = "quantum" +default["openstack"]["network"]["service_role"] = "admin" + +# The maximum number of seconds we will wait for an agent to checkin +default["openstack"]["network"]["api"]["agent"]["agent_down_time"] = 15 + +# The default agent reporting interval in seconds +default["openstack"]["network"]["api"]["agent"]["agent_report_interval"] = 4 + +# The agent signing directory for api server +default["openstack"]["network"]["api"]["agent"]["signing_dir"] = "/var/lib/quantum/keystone-signing" + +# Keystone PKI signing directory. +default["openstack"]["network"]["api"]["auth"]["cache_dir"] = "/var/cache/quantum/api" + +# If bind_interface is set, the quantum API service will bind to the +# address on this interface and use the port in bind_port. Otherwise, +# it will bind to the API endpoint's host. +default["openstack"]["network"]["api"]["bind_interface"] = nil +default["openstack"]["network"]["api"]["bind_port"] = 9696 + +# logging attribute +default["openstack"]["network"]["syslog"]["use"] = false + +# The driver for Quota management in Neutron. Possible values: +# quantum.quota.ConfDriver (default) +# quantum.quota.DbDriver +# +# Note: set this to the DbDriver if you want to be able to update +# quotas for networks/subnets/security groups! +default["openstack"]["network"]["quota"]["driver"] = "quantum.quota.ConfDriver" + +# Whether or not we want to disable offloading +# on all the NIC interfaces (currently only supports +# ubuntu and debian). This can help if openvswitch +# or nicira plugins are crashing the sdn routers +default['openstack']['network']['disable_offload'] = false + +# configure quantum ha tool installation parameters +default["openstack"]["network"]["quantum_ha_cmd_cron"] = false +default["openstack"]["network"]["quantum_ha_cmd"] = "/usr/local/bin/quantum-ha-tool.py" +default["openstack"]["network"]["cron_l3_healthcheck"] = "*/1" +default["openstack"]["network"]["cron_replicate_dhcp"] = "*/1" + +# the plugins to install on the server. this will be +# quantum-plugin-%plugin% and the first plugin in the +# list should match the core plugin below +# N.B. this will be ignored on SUSE as all plugins are installed by +# default by the main openstack-quantum package +default["openstack"]["network"]["plugins"] = ['openvswitch', 'openvswitch-agent' ] + +# the core plugin to use for quantum +default["openstack"]["network"]["core_plugin"] = "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" + +# The bridging interface driver. +# +# Options are: +# +# - quantum.agent.linux.interface.OVSInterfaceDriver +# - quantum.agent.linux.interface.BridgeInterfaceDriver +# + +default["openstack"]["network"]["interface_driver"] = 'quantum.agent.linux.interface.OVSInterfaceDriver' + +# maps the above driver to a plugin name +default["openstack"]["network"]["interface_driver_map"] = { + 'ovsinterfacedriver' => 'openvswitch', + 'bridgeinterfacedriver' => 'linuxbridge' +} + +default["openstack"]["network"]["plugin_conf_map"] = { + 'ovsinterfacedriver' => 'openvswitch/ovs_quantum_plugin.ini', + 'bridgeinterfacedriver' => 'linuxbridge/linuxbridge_conf.ini' +} + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +default["openstack"]["network"]["dhcp_driver"] = 'quantum.agent.linux.dhcp.Dnsmasq' + +# Use namespaces and optionally allow overlapping IPs. You +# must enable namespaces to use overlapping ips. Also, +# you must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces. +default["openstack"]["network"]["use_namespaces"] = "True" +default["openstack"]["network"]["allow_overlapping_ips"] = "False" + +# use quantum root wrap +default["openstack"]["network"]["use_rootwrap"] = true + +# ============================= DHCP Agent Configuration =================== + +# The scheduler class to use for scheduling to DHCP agents +default["openstack"]["network"]["dhcp"]["scheduler"] = "quantum.scheduler.dhcp_agent_scheduler.ChanceScheduler" + +# Override the default mtu setting given to virtual machines +# to 1454 to allow for tunnel and other encapsulation overhead. You +# can adjust this from 1454 to 1500 if you do not want any lowering +# of the default guest MTU. +default["openstack"]["network"]["dhcp"]["dhcp-option"] = "26,1454" + +# Number of seconds between sync of DHCP agent with Quantum API server +default["openstack"]["network"]["dhcp"]["resync_interval"] = 5 + +# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS +# as OpenFlow switch and check port status +default["openstack"]["network"]["dhcp"]["ovs_use_veth"] = "True" + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet gateway_ip is None. The guest instance must +# be configured to request host routes via DHCP (Option 121). +default["openstack"]["network"]["dhcp"]["enable_isolated_metadata"] = "False" + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Quantum router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +default["openstack"]["network"]["dhcp"]["enable_metadata_network"] = "False" + +# On ubuntu precise, we build dnsmasq from source to fetch a more recent +# version of dnsmasq since a backport is not available. For any other +# platform, dnsmasq will be installed as a package +# +# See https://lists.launchpad.net/openstack/msg11696.html +default["openstack"]["network"]["dhcp"]["dnsmasq_url"] = "https://github.com/guns/dnsmasq/archive/v2.65.tar.gz" + +# The name of the file we will fetch +default["openstack"]["network"]["dhcp"]["dnsmasq_filename"] = "v2.65.tar.gz" + +# The checksum of the remote file we fetched +default["openstack"]["network"]["dhcp"]["dnsmasq_checksum"] = "f6cab8c64cb612089174f50927a05e2b" + +# The package architecture that will be built which should match the +# archecture of the server this cookbook will run on which will be +# amd64 or i386 +default["openstack"]["network"]["dhcp"]["dnsmasq_architecture"] = "amd64" + +# The debian package version that the above tarball will produce +default["openstack"]["network"]["dhcp"]["dnsmasq_dpkgversion"] = "2.65-1" + +# Upstream resolver to use +# This will be used by dnsmasq to resolve recursively +# but will not be used if the tenant specifies a dns +# server in their subnet +# +# Defaults are spread out across multiple, presumably +# reliable, upstream providers +# +# 8.8.8.8 is Google +# 209.244.0.3 is Level3 +# +# May be a comma separated list of servers +default["openstack"]["network"]["dhcp"]["upstream_dns_servers"] = ["8.8.8.8", "209.244.0.3"] + +# Set the default domain in dnsmasq +default["openstack"]["network"]["dhcp"]["default_domain"] = "openstacklocal" + +# ============================= L3 Agent Configuration ===================== + +# The scheduler class to use for scheduling routers to L3 agents +default["openstack"]["network"]["l3"]["scheduler"] = "quantum.scheduler.l3_agent_scheduler.ChanceScheduler" + +# If use_namespaces is set as False then the agent can only configure one router. +# This is done by setting the specific router_id. +default["openstack"]["network"]["l3"]["router_id"] = nil + +# Each L3 agent can be associated with at most one external network. This +# value should be set to the UUID of that external network. If empty, +# the agent will enforce that only a single external networks exists and +# use that external network id +default["openstack"]["network"]["l3"]["gateway_external_network_id"] = nil + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Quantum deployment, and may be False for all agents +# if all routers must have an external network gateway +default["openstack"]["network"]["l3"]["handle_internal_only_routers"] = "True" + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge +default["openstack"]["network"]["l3"]["external_network_bridge"] = "br-ex" + +# Interface to use for external bridge. +default["openstack"]["network"]["l3"]["external_network_bridge_interface"] = "eth1" + +# TCP Port used by Quantum metadata server +default["openstack"]["network"]["l3"]["metadata_port"] = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +default["openstack"]["network"]["l3"]["send_arp_for_ha"] = 3 + +# seconds between re-sync routers' data if needed +default["openstack"]["network"]["l3"]["periodic_interval"] = 40 + +# seconds to start to sync routers' data after +# starting agent +default["openstack"]["network"]["l3"]["periodic_fuzzy_delay"] = 5 + +# ============================= Metadata Agent Configuration =============== + +# The location of the Nova Metadata API service to proxy to (nil uses default) +default["openstack"]["network"]["metadata"]["nova_metadata_ip"] = "127.0.0.1" +default["openstack"]["network"]["metadata"]["nova_metadata_port"] = 8775 + +# The name of the secret databag containing the metadata secret +default["openstack"]["network"]["metadata"]["secret_name"] = "quantum_metadata_secret" + + +# ============================= LBaaS Agent Configuration ================== + +# Enable or disable quantum loadbalancer +default["openstack"]["network"]["quantum_loadbalancer"] = false + +# Plugin configuration path +default["openstack"]["network"]["lbaas_config_path"] = "/etc/quantum/plugins/services/agent_loadbalancer" + +# Number of seconds between sync of LBaaS agent with Quantum API server +default["openstack"]["network"]["lbaas"]["periodic_interval"] = 10 + +# Set lbaas plugin +# Supported types are: "ovs" (ovs based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)) +# and "linuxbridge". +default["openstack"]["network"]["lbaas_plugin"] = "ovs" + +# ============================= OVS Plugin Configuration =================== + +# Type of network to allocate for tenant networks. The default value 'local' is +# useful only for single-box testing and provides no connectivity between hosts. +# You MUST either change this to 'vlan' and configure network_vlan_ranges below +# or change this to 'gre' and configure tunnel_id_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to disable creation +# of tenant networks. +default["openstack"]["network"]["openvswitch"]["tenant_network_type"] = 'local' + +# Comma-separated list of [::] tuples enumerating +# ranges of VLAN IDs on named physical networks that are available for allocation. +# All physical networks listed are available for flat and VLAN provider network +# creation. Specified ranges of VLAN IDs are available for tenant network +# allocation if tenant_network_type is 'vlan'. If empty, only gre and local +# networks may be created +# +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] = nil + +# Set to True in the server and the agents to enable support +# for GRE networks. Requires kernel support for OVS patch ports and +# GRE tunneling. +default["openstack"]["network"]["openvswitch"]["enable_tunneling"] = "False" + +# Comma-separated list of : tuples +# enumerating ranges of GRE tunnel IDs that are available for tenant +# network allocation if tenant_network_type is 'gre'. +# +# Example: tunnel_id_ranges = 1:1000 +default["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] = nil + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch bay". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity +default["openstack"]["network"]["openvswitch"]["integration_bridge"] = 'br-int' + +# Only used for the agent if tunnel_id_ranges (above) is not empty for +# the server. In most cases, the default value should be fine +default["openstack"]["network"]["openvswitch"]["tunnel_bridge"] = "br-tun" + +# Peer patch port in integration bridge for tunnel bridge (nil uses default) +default["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] = nil + +# Peer patch port in tunnel bridge for integration bridge (nil uses default) +default["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] = nil + +# Uncomment this line for the agent if tunnel_id_ranges (above) is not +# empty for the server. Set local_ip to be the local IP address of +# this hypervisor or set the local_ip_interface parameter to use the IP +# address of the specified interface. If local_ip_interface is set +# it will take precedence. +default["openstack"]["network"]["openvswitch"]["local_ip"] = "127.0.0.1" +default["openstack"]["network"]["openvswitch"]["local_ip_interface"] = nil + +# Comma-separated list of : tuples +# mapping physical network names to the agent's node-specific OVS +# bridge names to be used for flat and VLAN networks. The length of +# bridge names should be no more than 11. Each bridge must +# exist, and should have a physical network interface configured as a +# port. All physical networks listed in network_vlan_ranges on the +# server should have mappings to appropriate bridges on each agent. +# +# Example: bridge_mappings = physnet1:br-eth1 +default["openstack"]["network"]["openvswitch"]["bridge_mappings"] = nil + +# Firewall driver for realizing quantum security group function +default["openstack"]["network"]["openvswitch"]["fw_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + +# The newest version of OVS which comes with 12.04 Precise is 1.4.0 +# Which is legacy. Should we compile a newer version from source? +# If so, set ['openstack']['network']['openvswitch']['use_source_version'] +# to true, and configure the packages, versions, checksums, etc. you wish +# to use +default['openstack']['network']['openvswitch']['use_source_version'] = false + +# Url of the OVS source tarball +default['openstack']['network']['openvswitch']['openvswitch_url'] = "http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=snapshot;h=88dbaa9dc554d0ace1867bf23144788bd6f700bb;sf=tgz" + +# Filename the above URL actually downloads. +default['openstack']['network']['openvswitch']['openvswitch_filename'] = "openvswitch-88dbaa9.tar.gz" + +# What is the base filename (essentially, the above without the .tar.gz) +default['openstack']['network']['openvswitch']['openvswitch_base_filename'] = "openvswitch-88dbaa9" + +# Checksum of the file for verification +default['openstack']['network']['openvswitch']['openvswitch_checksum'] = "22df718eb81fcfe93228e9bba8575e50" + +# What version of the package does this install +default['openstack']['network']['openvswitch']['openvswitch_dpkgversion'] = "1.10.2-1" + +# What arch are we building for +default['openstack']['network']['openvswitch']['openvswitch_architecture'] = "amd64" + +# ============================= LinuxBridge Plugin Configuration =========== + +# Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST change this to +# 'vlan' and configure network_vlan_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +default["openstack"]["network"]["linuxbridge"]["tenant_network_type"] = 'local' + +# Comma-separated list of [::] tuples enumerating +# ranges of VLAN IDs on named physical networks that are available for allocation. +# All physical networks listed are available for flat and VLAN provider network +# creation. Specified ranges of VLAN IDs are available for tenant network +# allocation if tenant_network_type is 'vlan'. If empty, only gre and local +# networks may be created. +# +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["linuxbridge"]["network_vlan_ranges"] = "" + +# (ListOpt) Comma-separated list of +# : tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# Example: physical_interface_mappings = physnet1:eth1 +default["openstack"]["network"]["linuxbridge"]["physical_interface_mappings"] = "" + +# ============================= BigSwitch Plugin Configuration ============= + +# Not really sure what this is... +default["openstack"]["network"]["bigswitch"]["servers"] = "localhost:8080" + +# ============================= Brocade Plugin Configuration =============== + +# username = +default["openstack"]["network"]["brocade"]["switch_username"] = "admin" + +# password = +default["openstack"]["network"]["brocade"]["switch_password"] = "admin" + +# address = +default["openstack"]["network"]["brocade"]["switch_address"] = "127.0.0.1" + +# ostype = NOS +default["openstack"]["network"]["brocade"]["switch_ostype"] = "NOS" + +# physical_interface = +# +# Example: +# physical_interface = physnet1 +default["openstack"]["network"]["brocade"]["physical_interface"] = "physnet1" + +# (ListOpt) Comma-separated list of +# [::] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. +# +# Default: network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["brocade"]["network_vlan_ranges"] = "" + +# (ListOpt) Comma-separated list of +# : tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# Example: physical_interface_mappings = physnet1:eth1 +default["openstack"]["network"]["brocade"]["physical_interface_mappings"] = "" + +# ============================= Cisco Plugin Configuration ================= + +# The module and class name path for the nexus plugin +default["openstack"]["network"]["cisco"]["nexus_plugin"] = "quantum.plugins.cisco.nexus.cisco_nexus_plugin_v2.NexusPlugin" + +# The module and class name path for the vswitch plugin +default["openstack"]["network"]["cisco"]["vswitch_plugin"] = "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" + +# Start of the tenant VLAN range +default["openstack"]["network"]["cisco"]["vlan_start"] = 100 + +# End of the tenant VLAN range +default["openstack"]["network"]["cisco"]["vlan_end"] = 3000 + +# Prefix for tenant VLANs +default["openstack"]["network"]["cisco"]["vlan_name_prefix"] = "q-" + +# Maximum number of ports +default["openstack"]["network"]["cisco"]["max_ports"] = 100 +# Max number of port profiles +default["openstack"]["network"]["cisco"]["max_port_profiles"] = 65568 + +# Maximum number of networks +default["openstack"]["network"]["cisco"]["max_networks"] = 65568 + +# Module and class path for switch model +default["openstack"]["network"]["cisco"]["model_class"] = "quantum.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2" + +# Module and class path for VLAN network manager +default["openstack"]["network"]["cisco"]["manager_class"] = "quantum.plugins.cisco.segmentation.l2network_vlan_mgr_v2.L2NetworkVLANMgr" + +# Module and class path for the Nexus driver +default["openstack"]["network"]["cisco"]["nexus_driver"] = "quantum.plugins.cisco.tests.unit.v2.nexus.fake_nexus_driver.CiscoNEXUSFakeDriver" + +# For each Nexus switch, add a hash to the +# node["openstack"]["network"]["cisco"]["nexus_switches"] Hash, +# using the switch's IP address as the outer Hash key with each +# hash containing this information: +# +# - ssh_port= +# - username= +# - password= +# - hosts = [ (,), ... ] +# +# Example: +# +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["ssh_port"] = 22 +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["username"] = "admin" +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["password"] = "mySecretPassword" +# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["hosts"] = [ [ "compute1", "1/1" ], +# [ "compute2", "1/2" ]] +# +# +# will write the following to the Cisco plugin config INI file: +# [NEXUS_SWITCH:1.1.1.1] +# compute1=1/1 +# compute2=1/2 +# ssh_port=22 +# username=admin +# password=mySecretPassword +# +default["openstack"]["network"]["cisco"]["nexus_switches"] = {} + +# ============================= Hyper-V Plugin Configuration =============== + +# Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST change this to +# 'vlan' and configure network_vlan_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +default["openstack"]["network"]["hyperv"]["tenant_network_type"] = 'local' + +# Comma-separated list of [::] tuples enumerating +# ranges of VLAN IDs on named physical networks that are available for allocation. +# All physical networks listed are available for flat and VLAN provider network +# creation. Specified ranges of VLAN IDs are available for tenant network +# allocation if tenant_network_type is 'vlan'. If empty, only gre and local +# networks may be created. +# +# Example: network_vlan_ranges = physnet1:1000:2999 +default["openstack"]["network"]["hyperv"]["network_vlan_ranges"] = "" + +# Agent's polling interval in seconds +default["openstack"]["network"]["hyperv"]["polling_interval"] = 2 + +# (ListOpt) Comma separated list of : +# where the physical networks can be expressed with wildcards, +# e.g.: ."*:external". +# The referred external virtual switches need to be already present on +# the Hyper-V server. +# If a given physical network name will not match any value in the list +# the plugin will look for a virtual switch with the same name. +# +# Default: physical_network_vswitch_mappings = *:external +# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 +default["openstack"]["network"]["hyperv"]["physical_network_vswitch_mappings"] = "*:external" + +# (StrOpt) Private virtual switch name used for local networking. +# +# Default: local_network_vswitch = private +# Example: local_network_vswitch = custom_vswitch +default["openstack"]["network"]["hyperv"]["local_network_vswitch"] = "private" + +# ============================= Metaplugin Plugin Configuration ============ + +## This is list of flavor:quantum_plugins +# extension method is used in the order of this list +default["openstack"]["network"]["metaplugin"]["plugin_list"] = "openvswitch:quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2,linuxbridge:quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2" +default["openstack"]["network"]["metaplugin"]["l3_plugin_list"] = "openvswitch:quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2,linuxbridge:quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2" + +# Default "flavor" for L2 and L3 +default["openstack"]["network"]["metaplugin"]["default_flavor"] = "openvswitch" +default["openstack"]["network"]["metaplugin"]["default_l3_flavor"] = "openvswitch" + +# ============================= Midonet Plugin Configuration =============== + +# MidoNet API server URI +default["openstack"]["network"]["midonet"]["midonet_uri"] = "http://localhost:8080/midonet-api" + +# MidoNet admin username +default["openstack"]["network"]["midonet"]["username"] = "admin" + +# MidoNet admin password +default["openstack"]["network"]["midonet"]["password"] = "passw0rd" + +# ID of the project that MidoNet admin user belongs to +default["openstack"]["network"]["midonet"]["project_id"] = "77777777-7777-7777-7777-777777777777" + +# Virtual provider router ID +default["openstack"]["network"]["midonet"]["provider_router_id"] = "00112233-0011-0011-0011-001122334455" + +# Virtual metadata router ID +default["openstack"]["network"]["midonet"]["metadata_router_id"] = "ffeeddcc-ffee-ffee-ffee-ffeeddccbbaa" + +# ============================= NEC Plugin Configuration =================== + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +default["openstack"]["network"]["nec"]["integration_bridge"] = "br-int" + +# Agent's polling interval in seconds +default["openstack"]["network"]["nec"]["polling_interval"] = 2 + +# Firewall driver for realizing quantum security group function +default["openstack"]["network"]["nec"]["firewall_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + +# Specify OpenFlow Controller Host, Port and Driver to connect. +default["openstack"]["network"]["nec"]["ofc_host"] = "127.0.0.1" +default["openstack"]["network"]["nec"]["ofc_port"] = 8888 + +# Drivers are in quantum/plugins/nec/drivers/ . +default["openstack"]["network"]["nec"]["ofc_driver"] = "trema" + +# PacketFilter is available when it's enabled in this configuration +# and supported by the driver. +default["openstack"]["network"]["nec"]["ofc_enable_packet_filter"] = "true" + +# ============================= Nicira Plugin Configuration ================ + +# User name for NVP controller +default["openstack"]["network"]["nicira"]["nvp_user"] = "admin" + +# Password for NVP controller +default["openstack"]["network"]["nicira"]["nvp_password"] = "admin" + +# Total time limit for a cluster request +# (including retries across different controllers) +default["openstack"]["network"]["nicira"]["req_timeout"] = 30 + +# Time before aborting a request on an unresponsive controller +default["openstack"]["network"]["nicira"]["http_timeout"] = 10 + +# Maximum number of times a particular request should be retried +default["openstack"]["network"]["nicira"]["retries"] = 2 + +# Maximum number of times a redirect response should be followed +default["openstack"]["network"]["nicira"]["redirects"] = 2 + +# Comma-separated list of NVP controller endpoints (:). When port +# is omitted, 443 is assumed. This option MUST be specified, e.g.: +default["openstack"]["network"]["nicira"]["nvp_controllers"] = "xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80" + +# UUID of the pre-existing default NVP Transport zone to be used for creating +# tunneled isolated "Quantum" networks. This option MUST be specified, e.g.: +default["openstack"]["network"]["nicira"]["default_tz_uuid"] = "1e8e52cf-fa7f-46b0-a14a-f99835a9cb53" + +# (Optional) UUID of the cluster in NVP. It can be retrieved from NVP management +# console "admin" section. +default["openstack"]["network"]["nicira"]["nvp_cluster_uuid"] = "615be8e4-82e9-4fd2-b4b3-fd141e51a5a7" + +# (Optional) UUID for the default l3 gateway service to use with this cluster. +# To be specified if planning to use logical routers with external gateways. +default["openstack"]["network"]["nicira"]["default_l3_gw_service_uuid"] = "" + +# (Optional) UUID for the default l2 gateway service to use with this cluster. +# To be specified for providing a predefined gateway tenant for connecting their networks. +default["openstack"]["network"]["nicira"]["default_l2_gw_service_uuid"] = "" + +# Name of the default interface name to be used on network-gateway. This value +# will be used for any device associated with a network gateway for which an +# interface name was not specified +default["openstack"]["network"]["nicira"]["default_iface_name"] = "breth0" + +# number of network gateways allowed per tenant, -1 means unlimited +default["openstack"]["network"]["nicira"]["quota_network_gateway"] = 5 + +# Maximum number of ports for each bridged logical switch +default["openstack"]["network"]["nicira"]["max_lp_per_bridged_ls"] = 64 + +# Maximum number of ports for each overlay (stt, gre) logical switch +default["openstack"]["network"]["nicira"]["max_lp_per_overlay_ls"] = 256 + +# Number of connects to each controller node. +default["openstack"]["network"]["nicira"]["concurrent_connections"] = 3 + +# Acceptable values for 'metadata_mode' are: +# - 'access_network': this enables a dedicated connection to the metadata +# proxy for metadata server access via Quantum router. +# - 'dhcp_host_route': this enables host route injection via the dhcp agent. +# This option is only useful if running on a host that does not support +# namespaces otherwise access_network should be used. +default["openstack"]["network"]["nicira"]["metadata_mode"] = "access_network" + +# ============================= PLUMGrid Plugin Configuration ============== + +# This line should be pointing to the NOS server, +# for the PLUMgrid platform. In other deployments, +# this is known as controller +default["openstack"]["network"]["plumgrid"]["nos_server"] = "127.0.0.1" +default["openstack"]["network"]["plumgrid"]["nos_server_port"] = "" + +# Authentification parameters for the NOS server. +# These are the admin credentials to manage and control +# the NOS server. +default["openstack"]["network"]["plumgrid"]["username"] = "" +default["openstack"]["network"]["plumgrid"]["password"] = "" +default["openstack"]["network"]["plumgrid"]["servertimeout"] = 5 + +# Name of the network topology to be deployed by NOS +default["openstack"]["network"]["plumgrid"]["topologyname"] = "" + +# ============================= Ryu Plugin Configuration =================== + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +default["openstack"]["network"]["ryu"]["integration_bridge"] = "br-int" + +# openflow_rest_api = : +default["openstack"]["network"]["ryu"]["openflow_rest_api"] = "127.0.0.1:8080" + +# tunnel key range: 0 < tunnel_key_min < tunnel_key_max +# VLAN: 12bits, GRE, VXLAN: 24bits +default["openstack"]["network"]["ryu"]["tunnel_key_min"] = 1 +default["openstack"]["network"]["ryu"]["tunnel_key_max"] = "0xffffff" + +# tunnel_ip = +# tunnel_interface = interface for tunneling +# when tunnel_ip is NOT specified, ip address is read +# from this interface +default["openstack"]["network"]["ryu"]["tunnel_ip"] = "" +default["openstack"]["network"]["ryu"]["tunnel_interface"] = "eth0" + +# ovsdb_port = port number on which ovsdb is listening +# ryu-agent uses this parameter to setup ovsdb. +# ovs-vsctl set-manager ptcp: +# See set-manager section of man ovs-vsctl for details. +# currently ptcp is only supported. +# ovsdb_ip = +# ovsdb_interface = interface for ovsdb +# when ovsdb_addr NOT specifiied, ip address is gotten +# from this interface +default["openstack"]["network"]["ryu"]["ovsdb_port"] = 6634 +default["openstack"]["network"]["ryu"]["ovsdb_ip"] = "" +default["openstack"]["network"]["ryu"]["ovsdb_interface"] = "eth0" + +# Firewall driver for realizing quantum security group function +default["openstack"]["network"]["ryu"]["firewall_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + +# Agent's polling interval in seconds +default["openstack"]["network"]["ryu"]["polling_interval"] = 2 + +# platform-specific settings +case platform +when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this + default["openstack"]["network"]["platform"] = { + "user" => "quantum", + "group" => "quantum", + "mysql_python_packages" => [ "MySQL-python" ], + "postgresql_python_packages" => ["python-psycopg2"], + "nova_network_packages" => [ "openstack-nova-network" ], + "quantum_packages" => [ "openstack-quantum" ], + "quantum_client_packages" => [], + "quantum_dhcp_packages" => [ "openstack-quantum" ], + "quantum_dhcp_build_packages" => [], + "quantum_l3_packages" => [ "quantum-l3-agent" ], + "quantum_openvswitch_packages" => ["openvswitch"], + "quantum_openvswitch_agent_packages" => ["openstack-quantum-openvswitch"], + "quantum_linuxbridge_agent_packages" => ["openstack-quantum-linuxbridge"], + "quantum_metadata_agent_packages" => [], + "quantum_plugin_package" => "openstack-quantum-%plugin%", + "quantum_server_packages" => [], + "quantum_dhcp_agent_service" => "quantum-dhcp-agent", + "quantum_l3_agent_service" => "quantum-l3-agent", + "quantum_metadata_agent_service" => "quantum-metadata-agent", + "quantum_openvswitch_service" => "openvswitch", + "quantum_openvswitch_agent_service" => "quantum-openvswitch-agent", + "quantum_linuxbridge_agent_service" => "quantum-linuxbridge-agent", + "quantum_server_service" => "quantum-server", + "package_overrides" => "" + } +when "suse" + default["openstack"]["network"]["platform"] = { + "user" => "openstack-quantum", + "group" => "openstack-quantum", + "mysql_python_packages" => ["python-mysql"], + "postgresql_python_packages" => ["python-psycopg2"], + "nova_network_packages" => ["openstack-nova-network"], + "quantum_packages" => ["openstack-quantum"], + "quantum_client_packages" => [], + "quantum_dhcp_packages" => ["openstack-quantum-dhcp-agent"], + "quantum_dhcp_build_packages" => [], + "quantum_l3_packages" => ["openstack-quantum-l3-agent"], + # plugins are installed by the main openstack-quantum package on SUSE + "quantum_plugin_package" => "", + "quantum_metadata_agent_packages" => ["openstack-quantum-metadata-agent"], + "quantum_openvswitch_packages" => ["openvswitch-switch"], + "quantum_openvswitch_agent_packages" => ["openstack-quantum-openvswitch-agent"], + "quantum_linuxbridge_agent_packages" => ["openstack-quantum-linuxbridge-agent"], + "quantum_metadata_agent_packages" => ["openstack-quantum-metadata-agent"], + "quantum_server_packages" => [], + "quantum_dhcp_agent_service" => "openstack-quantum-dhcp-agent", + "quantum_l3_agent_service" => "openstack-quantum-l3-agent", + "quantum_metadata_agent_service" => "openstack-quantum-metadata-agent", + "quantum_openvswitch_service" => "openvswitch-switch", + "quantum_openvswitch_agent_service" => "openstack-quantum-openvswitch-agent", + "quantum_linuxbridge_agent_service" => "openstack-quantum-linuxbridge-agent", + "quantum_server_service" => "openstack-quantum", + "package_overrides" => "" + } +when "ubuntu" + default["openstack"]["network"]["platform"] = { + "user" => "quantum", + "group" => "quantum", + "mysql_python_packages" => [ "python-mysqldb" ], + "postgresql_python_packages" => [ "python-psycopg2" ], + "nova_network_packages" => [ "nova-network" ], + "quantum_lb_packages" => ["quantum-lbaas-agent", "haproxy"], + "quantum_packages" => [ "quantum-common", "python-pyparsing", "python-cliff" ], + "quantum_client_packages" => [ "python-quantumclient", "python-pyparsing" ], + "quantum_dhcp_packages" => [ "quantum-dhcp-agent" ], + "quantum_dhcp_build_packages" => [ "build-essential", "pkg-config", "libidn11-dev", "libdbus-1-dev", "libnetfilter-conntrack-dev", "gettext" ], + "quantum_l3_packages" => [ "quantum-l3-agent" ], + "quantum_openvswitch_packages" => [ "openvswitch-switch", "openvswitch-datapath-dkms", "bridge-utils" ], + "quantum_openvswitch_build_packages" => [ "build-essential", "pkg-config", "fakeroot", "libssl-dev", "openssl", "debhelper", "autoconf", "dkms", "python-all", "python-qt4", "python-zopeinterface", "python-twisted-conch" ], + "quantum_openvswitch_agent_packages" => [ "quantum-plugin-openvswitch", "quantum-plugin-openvswitch-agent" ], + "quantum_linuxbridge_agent_packages" => [ "quantum-plugin-linuxbridge", "quantum-plugin-linuxbridge-agent" ], + "quantum_metadata_agent_packages" => [ "quantum-metadata-agent" ], + "quantum_plugin_package" => "quantum-plugin-%plugin%", + "quantum_server_packages" => ["quantum-server"], + "quantum_dhcp_agent_service" => "quantum-dhcp-agent", + "quantum_l3_agent_service" => "quantum-l3-agent", + "quantum_metadata_agent_service" => "quantum-metadata-agent", + "quantum_openvswitch_service" => "openvswitch-switch", + "quantum_openvswitch_agent_service" => "quantum-plugin-openvswitch-agent", + "quantum_linuxbridge_agent_service" => "quantum-plugin-linuxbridge-agent", + "quantum_server_service" => "quantum-server", + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/disable-eth-offload.sh b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/disable-eth-offload.sh new file mode 100755 index 000000000..2ffad12ad --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/disable-eth-offload.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash +# +# Copyright (C) 2013 ATT Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +### BEGIN INIT INFO +# Provides: disable-eth-offload +# Required-Start: $network +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Disable NIC Offloads +### END INIT INFO + +function check_setting() { + setting_on="false" + INTERFACE=$1 + SETTING=$2 + if [ -z $INTERFACE ] || [ -z $SETTING ]; then + echo "You didn't call check_setting right, it needs interfaces as \$1 and setting as \$2" + exit 1 + fi + + if [ $LOGGING == "true" ]; then + ethtool -k $INTERFACE | grep $SETTING | grep ": on" + fi + + ethtool -k $INTERFACE | grep $SETTING | grep ": on" > /dev/null + if [ $? == 0 ]; then + setting_on="true" + fi +} + +start () { + + INTERFACES=$( grep auto /etc/network/interfaces | grep -v lo | awk '{ print $NF }' ) + declare -A SETTINGS + SETTINGS=( ["lro"]="large-receive-offload" ["tso"]="tcp-segmentation-offload" ["gso"]="generic-segmentation-offload" ["gro"]="generic-receive-offload" ) + ETHTOOL_BIN="/sbin/ethtool" + LOGGING="false" + setting_on="false" + + for interface in $INTERFACES; do + for setting in "${!SETTINGS[@]}"; do + check_setting $interface ${SETTINGS[$setting]} + if [ $setting_on == "true" ]; then + $ETHTOOL_BIN -K $interface $setting off + if [ $LOGGING == "true" ]; then + echo "RUNNING: $ETHTOOL_BIN -K $interface $setting off" + fi + fi + done + done +} + +case $1 in + start) + start + ;; + *) + echo "Usage: $0 {start}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/debug.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/debug.filters new file mode 100644 index 000000000..6dbb4d7d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/debug.filters @@ -0,0 +1,14 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# This is needed because we should ping +# from inside a namespace which requires root +ping: RegExpFilter, /bin/ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+ +ping6: RegExpFilter, /bin/ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+ diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/dhcp.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/dhcp.filters new file mode 100644 index 000000000..89abb02ad --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/dhcp.filters @@ -0,0 +1,40 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# dhcp-agent +ip_exec_dnsmasq: DnsmasqNetnsFilter, /sbin/ip, root +dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root +dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root +# dhcp-agent uses kill as well, that's handled by the generic KillFilter +# it looks like these are the only signals needed, per +# quantum/agent/linux/dhcp.py +kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP +kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP + +# dhcp-agent uses cat +cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline +ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root +ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root +ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root +ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root + +# metadata proxy +metadata_proxy: CommandFilter, /usr/bin/quantum-ns-metadata-proxy, root +# If installed from source (say, by devstack), the prefix will be +# /usr/local instead of /usr/bin. +metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root +kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9 +kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9 + +# ip_lib +ip: IpFilter, /sbin/ip, root +ip_usr: IpFilter, /usr/sbin/ip, root +ip_exec: IpNetnsExecFilter, /sbin/ip, root +ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/iptables-firewall.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/iptables-firewall.filters new file mode 100644 index 000000000..2049e0e9f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/iptables-firewall.filters @@ -0,0 +1,21 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# quantum/agent/linux/iptables_manager.py +# "iptables-save", ... +iptables-save: CommandFilter, /sbin/iptables-save, root +iptables-restore: CommandFilter, /sbin/iptables-restore, root +ip6tables-save: CommandFilter, /sbin/ip6tables-save, root +ip6tables-restore: CommandFilter, /sbin/ip6tables-restore, root + +# quantum/agent/linux/iptables_manager.py +# "iptables", "-A", ... +iptables: CommandFilter, /sbin/iptables, root +ip6tables: CommandFilter, /sbin/ip6tables, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/l3.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/l3.filters new file mode 100644 index 000000000..ec08d595e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/l3.filters @@ -0,0 +1,43 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# arping +arping: CommandFilter, /usr/bin/arping, root +arping_sbin: CommandFilter, /sbin/arping, root + +# l3_agent +sysctl: CommandFilter, /sbin/sysctl, root +route: CommandFilter, /sbin/route, root + +# metadata proxy +metadata_proxy: CommandFilter, /usr/bin/quantum-ns-metadata-proxy, root +# If installed from source (say, by devstack), the prefix will be +# /usr/local instead of /usr/bin. +metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root +kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9 +kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9 + +# ip_lib +ip: IpFilter, /sbin/ip, root +ip_usr: IpFilter, /usr/sbin/ip, root +ip_exec: IpNetnsExecFilter, /sbin/ip, root +ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root + +# ovs_lib (if OVSInterfaceDriver is used) +ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root +ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root +ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root +ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root + +# iptables_manager +iptables-save: CommandFilter, /sbin/iptables-save, root +iptables-restore: CommandFilter, /sbin/iptables-restore, root +ip6tables-save: CommandFilter, /sbin/ip6tables-save, root +ip6tables-restore: CommandFilter, /sbin/ip6tables-restore, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/lbaas-haproxy.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/lbaas-haproxy.filters new file mode 100644 index 000000000..e00a7197a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/lbaas-haproxy.filters @@ -0,0 +1,29 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# haproxy +haproxy: CommandFilter, /usr/sbin/haproxy, root + +# lbaas-agent uses kill as well, that's handled by the generic KillFilter +kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP + +# lbaas-agent uses cat +cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline + +ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root +ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root +ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root +ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root + +# ip_lib +ip: IpFilter, /sbin/ip, root +ip_usr: IpFilter, /usr/sbin/ip, root +ip_exec: IpNetnsExecFilter, /sbin/ip, root +ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/linuxbridge-plugin.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/linuxbridge-plugin.filters new file mode 100644 index 000000000..301280cb0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/linuxbridge-plugin.filters @@ -0,0 +1,21 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# linuxbridge-agent +# unclear whether both variants are necessary, but I'm transliterating +# from the old mechanism +brctl: CommandFilter, /sbin/brctl, root +brctl_usr: CommandFilter, /usr/sbin/brctl, root + +# ip_lib +ip: IpFilter, /sbin/ip, root +ip_usr: IpFilter, /usr/sbin/ip, root +ip_exec: IpNetnsExecFilter, /sbin/ip, root +ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/nec-plugin.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/nec-plugin.filters new file mode 100644 index 000000000..6d8f9c2a1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/nec-plugin.filters @@ -0,0 +1,15 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# nec_quantum_agent +ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root +ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root +ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root +ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/openvswitch-plugin.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/openvswitch-plugin.filters new file mode 100644 index 000000000..c3164480c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/openvswitch-plugin.filters @@ -0,0 +1,29 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# openvswitch-agent +# unclear whether both variants are necessary, but I'm transliterating +# from the old mechanism +ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root +ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root +ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root +ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root +ovs-ofctl: CommandFilter, /bin/ovs-ofctl, root +ovs-ofctl_usr: CommandFilter, /usr/bin/ovs-ofctl, root +ovs-ofctl_sbin: CommandFilter, /sbin/ovs-ofctl, root +ovs-ofctl_sbin_usr: CommandFilter, /usr/sbin/ovs-ofctl, root +xe: CommandFilter, /sbin/xe, root +xe_usr: CommandFilter, /usr/sbin/xe, root + +# ip_lib +ip: IpFilter, /sbin/ip, root +ip_usr: IpFilter, /usr/sbin/ip, root +ip_exec: IpNetnsExecFilter, /sbin/ip, root +ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/ryu-plugin.filters b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/ryu-plugin.filters new file mode 100644 index 000000000..696c7d39a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/etc/quantum/rootwrap.d/ryu-plugin.filters @@ -0,0 +1,25 @@ +# quantum-rootwrap command filters for nodes on which quantum is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# ryu-agent +# unclear whether both variants are necessary, but I'm transliterating +# from the old mechanism + +# quantum/plugins/ryu/agent/ryu_quantum_agent.py: +# "ovs-vsctl", "--timeout=2", ... +ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root +ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root +ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root +ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root + +# quantum/plugins/ryu/agent/ryu_quantum_agent.py: +# "xe", "vif-param-get", ... +xe: CommandFilter, /bin/xe, root +xe_usr: CommandFilter, /usr/bin/xe, root diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/ovs-dpctl-top b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/ovs-dpctl-top new file mode 100644 index 000000000..de6f2b09b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/ovs-dpctl-top @@ -0,0 +1,1687 @@ +#!/usr/bin/env python +# +# Copyright (c) 2013 Nicira, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# The approximate_size code was copied from +# http://getpython3.com/diveintopython3/your-first-python-program.html#divingin +# which is licensed under # "Dive Into Python 3," Copyright 2011 Mark Pilgrim, +# used under a Creative Commons Attribution-Share-Alike license: +# http://creativecommons.org/licenses/by-sa/3.0/ +# +# + +"""Top like behavior for ovs-dpctl dump-flows output. + +This program summarizes ovs-dpctl flow content by aggregating the number +of packets, total bytes and occurrence of the following fields: + + - Datapath in_port + + - Ethernet type + + - Source and destination MAC addresses + + - IP protocol + + - Source and destination IPv4 addresses + + - Source and destination IPv6 addresses + + - UDP and TCP destination port + + - Tunnel source and destination addresses + + +Output shows four values: + - FIELDS: the flow fields for example in_port(1). + + - PACKETS: the total number of packets containing the flow field. + + - BYTES: the total number of bytes containing the flow field. If units are + not present then values are in bytes. + + - AVERAGE: the average packets size (BYTES/PACKET). + + - COUNT: the number of lines in the dump-flow output contain the flow field. + +Top Behavior + +While in top mode, the default behavior, the following single character +commands are supported: + + a - toggles top in accumulate and live mode. Accumulate mode is described + below. + + s - toggles which column is used to sort content in decreasing order. A + DESC title is placed over the column. + + _ - a space indicating to collect dump-flow content again + + h - halt output. Any character will restart sampling + + f - cycle through flow fields + + q - q for quit. + +Accumulate Mode + +There are two supported modes: live and accumulate. The default is live. +The parameter --accumulate or the 'a' character in top mode enables the +latter. In live mode, recent dump-flow content is presented. +Where as accumulate mode keeps track of the prior historical +information until the flow is reset not when the flow is purged. Reset +flows are determined when the packet count for a flow has decreased from +its previous sample. There is one caveat, eventually the system will +run out of memory if, after the accumulate-decay period any flows that +have not been refreshed are purged. The goal here is to free memory +of flows that are not active. Statistics are not decremented. Their purpose +is to reflect the overall history of the flow fields. + + +Debugging Errors + +Parsing errors are counted and displayed in the status line at the beginning +of the output. Use the --verbose option with --script to see what output + was not parsed, like this: +$ ovs-dpctl dump-flows | ovs-dpctl-top --script --verbose + +Error messages will identify content that failed to parse. + + +Access Remote Hosts + +The --host must follow the format user@hostname. This script simply calls +'ssh user@Hostname' without checking for login credentials therefore public +keys should be installed on the system identified by hostname, such as: + +$ ssh-copy-id user@hostname + +Consult ssh-copy-id man pages for more details. + + +Expected usage + +$ ovs-dpctl-top + +or to run as a script: +$ ovs-dpctl dump-flows > dump-flows.log +$ ovs-dpctl-top --script --flow-file dump-flows.log + +""" + +# pylint: disable-msg=C0103 +# pylint: disable-msg=C0302 +# pylint: disable-msg=R0902 +# pylint: disable-msg=R0903 +# pylint: disable-msg=R0904 +# pylint: disable-msg=R0912 +# pylint: disable-msg=R0913 +# pylint: disable-msg=R0914 + +import sys +import os +try: + ## + # Arg parse is not installed on older Python distributions. + # ovs ships with a version in the directory mentioned below. + import argparse +except ImportError: + sys.path.append(os.path.join("@pkgdatadir@", "python")) + import argparse +import logging +import re +import unittest +import copy +import curses +import operator +import subprocess +import fcntl +import struct +import termios +import datetime +import threading +import time +import socket + + +## +# The following two definitions provide the necessary netaddr functionality. +# Python netaddr module is not part of the core installation. Packaging +# netaddr was involved and seems inappropriate given that only two +# methods where used. +def ipv4_to_network(ip_str): + """ Calculate the network given a ipv4/mask value. + If a mask is not present simply return ip_str. + """ + pack_length = '!HH' + try: + (ip, mask) = ip_str.split("/") + except ValueError: + # just an ip address no mask. + return ip_str + + ip_p = socket.inet_pton(socket.AF_INET, ip) + ip_t = struct.unpack(pack_length, ip_p) + mask_t = struct.unpack(pack_length, socket.inet_pton(socket.AF_INET, mask)) + network_n = [ii & jj for (ii, jj) in zip(ip_t, mask_t)] + + return socket.inet_ntop(socket.AF_INET, + struct.pack('!HH', network_n[0], network_n[1])) + + +def ipv6_to_network(ip_str): + """ Calculate the network given a ipv6/mask value. + If a mask is not present simply return ip_str. + """ + pack_length = '!HHHHHHHH' + try: + (ip, mask) = ip_str.split("/") + except ValueError: + # just an ip address no mask. + return ip_str + + ip_p = socket.inet_pton(socket.AF_INET6, ip) + ip_t = struct.unpack(pack_length, ip_p) + mask_t = struct.unpack(pack_length, + socket.inet_pton(socket.AF_INET6, mask)) + network_n = [ii & jj for (ii, jj) in zip(ip_t, mask_t)] + + return socket.inet_ntop(socket.AF_INET6, + struct.pack(pack_length, + network_n[0], network_n[1], + network_n[2], network_n[3], + network_n[4], network_n[5], + network_n[6], network_n[7])) + + +## +# columns displayed +## +class Columns: + """ Holds column specific content. + Titles needs to be less than 8 characters. + """ + VALUE_WIDTH = 9 + FIELDS = "fields" + PACKETS = "packets" + COUNT = "count" + BYTES = "bytes" + AVERAGE = "average" + + def __init__(self): + pass + + @staticmethod + def assoc_list(obj): + """ Return a associated list. """ + return [(Columns.FIELDS, repr(obj)), + (Columns.PACKETS, obj.packets), + (Columns.BYTES, obj.bytes), + (Columns.COUNT, obj.count), + (Columns.AVERAGE, obj.average), + ] + + +def element_eth_get(field_type, element, stats_dict): + """ Extract eth frame src and dst from a dump-flow element.""" + fmt = "%s(src=%s,dst=%s)" + + element = fmt % (field_type, element["src"], element["dst"]) + return SumData(field_type, element, stats_dict["packets"], + stats_dict["bytes"], element) + + +def element_ipv4_get(field_type, element, stats_dict): + """ Extract src and dst from a dump-flow element.""" + fmt = "%s(src=%s,dst=%s)" + element_show = fmt % (field_type, element["src"], element["dst"]) + + element_key = fmt % (field_type, ipv4_to_network(element["src"]), + ipv4_to_network(element["dst"])) + + return SumData(field_type, element_show, stats_dict["packets"], + stats_dict["bytes"], element_key) + + +def element_tunnel_get(field_type, element, stats_dict): + """ Extract src and dst from a tunnel.""" + return element_ipv4_get(field_type, element, stats_dict) + + +def element_ipv6_get(field_type, element, stats_dict): + """ Extract src and dst from a dump-flow element.""" + + fmt = "%s(src=%s,dst=%s)" + element_show = fmt % (field_type, element["src"], element["dst"]) + + element_key = fmt % (field_type, ipv6_to_network(element["src"]), + ipv6_to_network(element["dst"])) + + return SumData(field_type, element_show, stats_dict["packets"], + stats_dict["bytes"], element_key) + + +def element_dst_port_get(field_type, element, stats_dict): + """ Extract src and dst from a dump-flow element.""" + element_key = "%s(dst=%s)" % (field_type, element["dst"]) + return SumData(field_type, element_key, stats_dict["packets"], + stats_dict["bytes"], element_key) + + +def element_passthrough_get(field_type, element, stats_dict): + """ Extract src and dst from a dump-flow element.""" + element_key = "%s(%s)" % (field_type, element) + return SumData(field_type, element_key, + stats_dict["packets"], stats_dict["bytes"], element_key) + + +# pylint: disable-msg=R0903 +class OutputFormat: + """ Holds field_type and function to extract element value. """ + def __init__(self, field_type, generator): + self.field_type = field_type + self.generator = generator + +OUTPUT_FORMAT = [ + OutputFormat("eth", element_eth_get), + OutputFormat("ipv4", element_ipv4_get), + OutputFormat("ipv6", element_ipv6_get), + OutputFormat("tunnel", element_tunnel_get), + OutputFormat("udp", element_dst_port_get), + OutputFormat("tcp", element_dst_port_get), + OutputFormat("eth_type", element_passthrough_get), + OutputFormat("in_port", element_passthrough_get) + ] + + +ELEMENT_KEY = { + "udp": "udp.dst", + "tcp": "tcp.dst" + } + + +def top_input_get(args): + """ Return subprocess stdout.""" + cmd = [] + if (args.host): + cmd += ["ssh", args.host] + cmd += ["ovs-dpctl", "dump-flows"] + + return subprocess.Popen(cmd, stderr=subprocess.STDOUT, + stdout=subprocess.PIPE).stdout + + +def args_get(): + """ read program parameters handle any necessary validation of input. """ + + parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + description=__doc__) + ## + # None is a special value indicating to read flows from stdin. + # This handles the case + # ovs-dpctl dump-flows | ovs-dpctl-flows.py + parser.add_argument("-v", "--version", version="@VERSION@", + action="version", help="show version") + parser.add_argument("-f", "--flow-file", dest="flowFiles", default=None, + action="append", + help="file containing flows from ovs-dpctl dump-flow") + parser.add_argument("-V", "--verbose", dest="verbose", + default=logging.CRITICAL, + action="store_const", const=logging.DEBUG, + help="enable debug level verbosity") + parser.add_argument("-s", "--script", dest="top", action="store_false", + help="Run from a script (no user interface)") + parser.add_argument("--host", dest="host", + help="Specify a user@host for retrieving flows see" + "Accessing Remote Hosts for more information") + + parser.add_argument("-a", "--accumulate", dest="accumulate", + action="store_true", default=False, + help="Accumulate dump-flow content") + parser.add_argument("--accumulate-decay", dest="accumulateDecay", + default=5.0 * 60, type=float, + help="Decay old accumulated flows. " + "The default is 5 minutes. " + "A value of 0 disables decay.") + parser.add_argument("-d", "--delay", dest="delay", type=int, + default=1000, + help="Delay in milliseconds to collect dump-flow " + "content (sample rate).") + + args = parser.parse_args() + + logging.basicConfig(level=args.verbose) + + return args + +### +# Code to parse a single line in dump-flow +### +# key(values) +FIELDS_CMPND = re.compile("([\w]+)\((.+)\)") +# key:value +FIELDS_CMPND_ELEMENT = re.compile("([\w:]+)=([/\.\w:]+)") +FIELDS_ELEMENT = re.compile("([\w]+):([-\.\w]+)") + + +def flow_line_iter(line): + """ iterate over flow dump elements. + return tuples of (true, element) or (false, remaining element) + """ + # splits by , except for when in a (). Actions element was not + # split properly but we don't need it. + rc = [] + + element = "" + paren_count = 0 + + for ch in line: + if (ch == '('): + paren_count += 1 + elif (ch == ')'): + paren_count -= 1 + + if (ch == ' '): + # ignore white space. + continue + elif ((ch == ',') and (paren_count == 0)): + rc.append(element) + element = "" + else: + element += ch + + if (paren_count): + raise ValueError(line) + else: + if (len(element) > 0): + rc.append(element) + return rc + + +def flow_line_compound_parse(compound): + """ Parse compound element + for example + src=00:50:56:b4:4e:f8,dst=33:33:00:01:00:03 + which is in + eth(src=00:50:56:b4:4e:f8,dst=33:33:00:01:00:03) + """ + result = {} + for element in flow_line_iter(compound): + match = FIELDS_CMPND_ELEMENT.search(element) + if (match): + key = match.group(1) + value = match.group(2) + result[key] = value + + match = FIELDS_CMPND.search(element) + if (match): + key = match.group(1) + value = match.group(2) + result[key] = flow_line_compound_parse(value) + continue + + if (len(result.keys()) == 0): + return compound + return result + + +def flow_line_split(line): + """ Convert a flow dump line into ([fields], [stats], actions) tuple. + Where fields and stats are lists. + This function relies on a the following ovs-dpctl dump-flow + output characteristics: + 1. The dumpe flow line consists of a list of frame fields, list of stats + and action. + 2. list of frame fields, each stat and action field are delimited by ', '. + 3. That all other non stat field are not delimited by ', '. + + """ + + results = re.split(', ', line) + + (field, stats, action) = (results[0], results[1:-1], results[-1]) + + fields = flow_line_iter(field) + return (fields, stats, action) + + +def elements_to_dict(elements): + """ Convert line to a hierarchy of dictionaries. """ + result = {} + for element in elements: + match = FIELDS_CMPND.search(element) + if (match): + key = match.group(1) + value = match.group(2) + result[key] = flow_line_compound_parse(value) + continue + + match = FIELDS_ELEMENT.search(element) + if (match): + key = match.group(1) + value = match.group(2) + result[key] = value + else: + raise ValueError("can't parse >%s<" % element) + return result + + +# pylint: disable-msg=R0903 +class SumData(object): + """ Interface that all data going into SumDb must implement. + Holds the flow field and its corresponding count, total packets, + total bytes and calculates average. + + __repr__ is used as key into SumData singleton. + __str__ is used as human readable output. + """ + + def __init__(self, field_type, field, packets, flow_bytes, key): + # Count is the number of lines in the dump-flow log. + self.field_type = field_type + self.field = field + self.count = 1 + self.packets = int(packets) + self.bytes = int(flow_bytes) + self.key = key + + def decrement(self, decr_packets, decr_bytes, decr_count): + """ Decrement content to calculate delta from previous flow sample.""" + self.packets -= decr_packets + self.bytes -= decr_bytes + self.count -= decr_count + + def __iadd__(self, other): + """ Add two objects. """ + + if (self.key != other.key): + raise ValueError("adding two unrelated types") + + self.count += other.count + self.packets += other.packets + self.bytes += other.bytes + return self + + def __isub__(self, other): + """ Decrement two objects. """ + + if (self.key != other.key): + raise ValueError("adding two unrelated types") + + self.count -= other.count + self.packets -= other.packets + self.bytes -= other.bytes + return self + + def __getattr__(self, name): + """ Handle average. """ + if (name == "average"): + if (self.packets == 0): + return float(0.0) + else: + return float(self.bytes) / float(self.packets) + raise AttributeError(name) + + def __str__(self): + """ Used for debugging. """ + return "%s %s %s %s" % (self.field, self.count, + self.packets, self.bytes) + + def __repr__(self): + """ Used as key in the FlowDB table. """ + return self.key + + +def flow_aggregate(fields_dict, stats_dict): + """ Search for content in a line. + Passed the flow port of the dump-flows plus the current stats consisting + of packets, bytes, etc + """ + result = [] + + for output_format in OUTPUT_FORMAT: + field = fields_dict.get(output_format.field_type, None) + if (field): + obj = output_format.generator(output_format.field_type, + field, stats_dict) + result.append(obj) + + return result + + +def flows_read(ihdl, flow_db): + """ read flow content from ihdl and insert into flow_db. """ + + done = False + while (not done): + line = ihdl.readline() + if (len(line) == 0): + # end of input + break + + try: + flow_db.flow_line_add(line) + except ValueError, arg: + logging.error(arg) + + return flow_db + + +def get_terminal_size(): + """ + return column width and height of the terminal + """ + for fd_io in [0, 1, 2]: + try: + result = struct.unpack('hh', + fcntl.ioctl(fd_io, termios.TIOCGWINSZ, + '1234')) + except IOError: + result = None + continue + + if (result is None or result == (0, 0)): + # Maybe we can't get the width. In that case assume (25, 80) + result = (25, 80) + + return result + +## +# Content derived from: +# http://getpython3.com/diveintopython3/your-first-python-program.html#divingin +## +SUFFIXES = {1000: ['KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'], + 1024: ['KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB']} + + +def approximate_size(size, a_kilobyte_is_1024_bytes=True): + """Convert a file size to human-readable form. + + Keyword arguments: + size -- file size in bytes + a_kilobyte_is_1024_bytes -- if True (default), use multiples of 1024 + if False, use multiples of 1000 + + Returns: string + + """ + size = float(size) + if size < 0: + raise ValueError('number must be non-negative') + + if (a_kilobyte_is_1024_bytes): + multiple = 1024 + else: + multiple = 1000 + for suffix in SUFFIXES[multiple]: + size /= multiple + if size < multiple: + return "%.1f %s" % (size, suffix) + + raise ValueError('number too large') + + +## +# End copied content +## +class ColMeta: + """ Concepts about columns. """ + def __init__(self, sortable, width): + self.sortable = sortable + self.width = width + + +class RowMeta: + """ How to render rows. """ + def __init__(self, label, fmt): + self.label = label + self.fmt = fmt + + +def fmt_packet(obj, width): + """ Provide a string for packets that is appropriate for output.""" + return str(obj.packets).rjust(width) + + +def fmt_count(obj, width): + """ Provide a string for average that is appropriate for output.""" + return str(obj.count).rjust(width) + + +def fmt_avg(obj, width): + """ Provide a string for average that is appropriate for output.""" + return str(int(obj.average)).rjust(width) + + +def fmt_field(obj, width): + """ truncate really long flow and insert ellipses to help make it + clear. + """ + + ellipses = " ... " + value = obj.field + if (len(obj.field) > width): + value = value[:(width - len(ellipses))] + ellipses + return value.ljust(width) + + +def fmt_bytes(obj, width): + """ Provide a string for average that is appropriate for output.""" + if (len(str(obj.bytes)) <= width): + value = str(obj.bytes) + else: + value = approximate_size(obj.bytes) + return value.rjust(width) + + +def title_center(value, width): + """ Center a column title.""" + return value.upper().center(width) + + +def title_rjust(value, width): + """ Right justify a column title. """ + return value.upper().rjust(width) + + +def column_picker(order, obj): + """ return the column as specified by order. """ + if (order == 1): + return obj.count + elif (order == 2): + return obj.packets + elif (order == 3): + return obj.bytes + elif (order == 4): + return obj.average + else: + raise ValueError("order outside of range %s" % order) + + +class Render: + """ Renders flow data. """ + def __init__(self, console_width): + """ Calculate column widths taking into account changes in format.""" + + self._start_time = datetime.datetime.now() + + self._cols = [ColMeta(False, 0), + ColMeta(True, Columns.VALUE_WIDTH), + ColMeta(True, Columns.VALUE_WIDTH), + ColMeta(True, Columns.VALUE_WIDTH), + ColMeta(True, Columns.VALUE_WIDTH)] + self._console_width = console_width + self.console_width_set(console_width) + + # Order in this array dictate the order of the columns. + # The 0 width for the first entry is a place holder. This is + # dynamically calculated. The first column is special. We need a + # way to indicate which field are presented. + self._descs = [RowMeta("", title_rjust), + RowMeta("", title_rjust), + RowMeta("", title_rjust), + RowMeta("", title_rjust), + RowMeta("", title_rjust)] + self._column_sort_select = 0 + self.column_select_event() + + self._titles = [ + RowMeta(Columns.FIELDS, title_center), + RowMeta(Columns.COUNT, title_rjust), + RowMeta(Columns.PACKETS, title_rjust), + RowMeta(Columns.BYTES, title_rjust), + RowMeta(Columns.AVERAGE, title_rjust) + ] + + self._datas = [ + RowMeta(None, fmt_field), + RowMeta(None, fmt_count), + RowMeta(None, fmt_packet), + RowMeta(None, fmt_bytes), + RowMeta(None, fmt_avg) + ] + + ## + # _field_types hold which fields are displayed in the field + # column, with the keyword all implying all fields. + ## + self._field_types = ["all"] + [ii.field_type for ii in OUTPUT_FORMAT] + + ## + # The default is to show all field types. + ## + self._field_type_select = -1 + self.field_type_toggle() + + def _field_type_select_get(self): + """ Return which field type to display. """ + return self._field_types[self._field_type_select] + + def field_type_toggle(self): + """ toggle which field types to show. """ + self._field_type_select += 1 + if (self._field_type_select >= len(self._field_types)): + self._field_type_select = 0 + value = Columns.FIELDS + " (%s)" % self._field_type_select_get() + self._titles[0].label = value + + def column_select_event(self): + """ Handles column select toggle. """ + + self._descs[self._column_sort_select].label = "" + for _ in range(len(self._cols)): + self._column_sort_select += 1 + if (self._column_sort_select >= len(self._cols)): + self._column_sort_select = 0 + + # Now look for the next sortable column + if (self._cols[self._column_sort_select].sortable): + break + self._descs[self._column_sort_select].label = "DESC" + + def console_width_set(self, console_width): + """ Adjust the output given the new console_width. """ + self._console_width = console_width + + spaces = len(self._cols) - 1 + ## + # Calculating column width can be tedious but important. The + # flow field value can be long. The goal here is to dedicate + # fixed column space for packets, bytes, average and counts. Give the + # remaining space to the flow column. When numbers get large + # transition output to output generated by approximate_size which + # limits output to ###.# XiB in other words 9 characters. + ## + # At this point, we know the maximum length values. We may + # truncate the flow column to get everything to fit. + self._cols[0].width = 0 + values_max_length = sum([ii.width for ii in self._cols]) + spaces + flow_max_length = console_width - values_max_length + self._cols[0].width = flow_max_length + + def format(self, flow_db): + """ shows flows based on --script parameter.""" + + rc = [] + ## + # Top output consists of + # Title + # Column title (2 rows) + # data + # statistics and status + + ## + # Title + ## + rc.append("Flow Summary".center(self._console_width)) + + stats = " Total: %(flow_total)s errors: %(flow_errors)s " % \ + flow_db.flow_stats_get() + accumulate = flow_db.accumulate_get() + if (accumulate): + stats += "Accumulate: on " + else: + stats += "Accumulate: off " + + duration = datetime.datetime.now() - self._start_time + stats += "Duration: %s " % str(duration) + rc.append(stats.ljust(self._console_width)) + + ## + # 2 rows for columns. + ## + # Indicate which column is in descending order. + rc.append(" ".join([ii.fmt(ii.label, col.width) + for (ii, col) in zip(self._descs, self._cols)])) + + rc.append(" ".join([ii.fmt(ii.label, col.width) + for (ii, col) in zip(self._titles, self._cols)])) + + ## + # Data. + ## + for dd in flow_db.field_values_in_order(self._field_type_select_get(), + self._column_sort_select): + rc.append(" ".join([ii.fmt(dd, col.width) + for (ii, col) in zip(self._datas, + self._cols)])) + + return rc + + +def curses_screen_begin(): + """ begin curses screen control. """ + stdscr = curses.initscr() + curses.cbreak() + curses.noecho() + stdscr.keypad(1) + return stdscr + + +def curses_screen_end(stdscr): + """ end curses screen control. """ + curses.nocbreak() + stdscr.keypad(0) + curses.echo() + curses.endwin() + + +class FlowDB: + """ Implements live vs accumulate mode. + + Flows are stored as key value pairs. The key consists of the content + prior to stat fields. The value portion consists of stats in a dictionary + form. + + @ \todo future add filtering here. + """ + def __init__(self, accumulate): + self._accumulate = accumulate + self._error_count = 0 + # Values are (stats, last update time.) + # The last update time is used for aging. + self._flow_lock = threading.Lock() + # This dictionary holds individual flows. + self._flows = {} + # This dictionary holds aggregate of flow fields. + self._fields = {} + + def accumulate_get(self): + """ Return the current accumulate state. """ + return self._accumulate + + def accumulate_toggle(self): + """ toggle accumulate flow behavior. """ + self._accumulate = not self._accumulate + + def begin(self): + """ Indicate the beginning of processing flow content. + if accumulate is false clear current set of flows. """ + + if (not self._accumulate): + self._flow_lock.acquire() + try: + self._flows.clear() + finally: + self._flow_lock.release() + self._fields.clear() + + def flow_line_add(self, line): + """ Split a line from a ovs-dpctl dump-flow into key and stats. + The order of the content in the flow should be: + - flow content + - stats for the flow + - actions + + This method also assumes that the dump flow output does not + change order of fields of the same flow. + """ + + line = line.rstrip("\n") + (fields, stats, _) = flow_line_split(line) + + try: + fields_dict = elements_to_dict(fields) + + if (len(fields_dict) == 0): + raise ValueError("flow fields are missing %s", line) + + stats_dict = elements_to_dict(stats) + if (len(stats_dict) == 0): + raise ValueError("statistics are missing %s.", line) + + ## + # In accumulate mode, the Flow database can reach 10,000's of + # persistent flows. The interaction of the script with this many + # flows is too slow. Instead, delta are sent to the flow_db + # database allow incremental changes to be done in O(m) time + # where m is the current flow list, instead of iterating over + # all flows in O(n) time where n is the entire history of flows. + key = ",".join(fields) + + self._flow_lock.acquire() + try: + (stats_old_dict, _) = self._flows.get(key, (None, None)) + finally: + self._flow_lock.release() + + self.flow_event(fields_dict, stats_old_dict, stats_dict) + + except ValueError, arg: + logging.error(arg) + self._error_count += 1 + raise + + self._flow_lock.acquire() + try: + self._flows[key] = (stats_dict, datetime.datetime.now()) + finally: + self._flow_lock.release() + + def decay(self, decayTimeInSeconds): + """ Decay content. """ + now = datetime.datetime.now() + for (key, value) in self._flows.items(): + (stats_dict, updateTime) = value + delta = now - updateTime + + if (delta.seconds > decayTimeInSeconds): + self._flow_lock.acquire() + try: + del self._flows[key] + + fields_dict = elements_to_dict(flow_line_iter(key)) + matches = flow_aggregate(fields_dict, stats_dict) + for match in matches: + self.field_dec(match) + + finally: + self._flow_lock.release() + + def flow_stats_get(self): + """ Return statistics in a form of a dictionary. """ + rc = None + self._flow_lock.acquire() + try: + rc = {"flow_total": len(self._flows), + "flow_errors": self._error_count} + finally: + self._flow_lock.release() + return rc + + def field_types_get(self): + """ Return the set of types stored in the singleton. """ + types = set((ii.field_type for ii in self._fields.values())) + return types + + def field_add(self, data): + """ Collect dump-flow data to sum number of times item appears. """ + current = self._fields.get(repr(data), None) + if (current is None): + current = copy.copy(data) + else: + current += data + self._fields[repr(current)] = current + + def field_dec(self, data): + """ Collect dump-flow data to sum number of times item appears. """ + current = self._fields.get(repr(data), None) + if (current is None): + raise ValueError("decrementing field missing %s" % repr(data)) + + current -= data + self._fields[repr(current)] = current + if (current.count == 0): + del self._fields[repr(current)] + + def field_values_in_order(self, field_type_select, column_order): + """ Return a list of items in order maximum first. """ + values = self._fields.values() + if (field_type_select != "all"): + # If a field type other than "all" then reduce the list. + values = [ii for ii in values + if (ii.field_type == field_type_select)] + values = [(column_picker(column_order, ii), ii) for ii in values] + values.sort(key=operator.itemgetter(0)) + values.reverse() + values = [ii[1] for ii in values] + return values + + def flow_event(self, fields_dict, stats_old_dict, stats_new_dict): + """ Receives new flow information. """ + + # In order to avoid processing every flow at every sample + # period, changes in flow packet count is used to determine the + # delta in the flow statistics. This delta is used in the call + # to self.decrement prior to self.field_add + + if (stats_old_dict is None): + # This is a new flow + matches = flow_aggregate(fields_dict, stats_new_dict) + for match in matches: + self.field_add(match) + else: + old_packets = int(stats_old_dict.get("packets", 0)) + new_packets = int(stats_new_dict.get("packets", 0)) + if (old_packets == new_packets): + # ignore. same data. + pass + else: + old_bytes = stats_old_dict.get("bytes", 0) + # old_packets != new_packets + # if old_packets > new_packets then we end up decrementing + # packets and bytes. + matches = flow_aggregate(fields_dict, stats_new_dict) + for match in matches: + match.decrement(int(old_packets), int(old_bytes), 1) + self.field_add(match) + + +class DecayThread(threading.Thread): + """ Periodically call flow database to see if any flows are old. """ + def __init__(self, flow_db, interval): + """ Start decay thread. """ + threading.Thread.__init__(self) + + self._interval = max(1, interval) + self._min_interval = min(1, interval / 10) + self._flow_db = flow_db + self._event = threading.Event() + self._running = True + + self.daemon = True + + def run(self): + """ Worker thread which handles decaying accumulated flows. """ + + while(self._running): + self._event.wait(self._min_interval) + if (self._running): + self._flow_db.decay(self._interval) + + def stop(self): + """ Stop thread. """ + self._running = False + self._event.set() + ## + # Give the calling thread time to terminate but not too long. + # this thread is a daemon so the application will terminate if + # we timeout during the join. This is just a cleaner way to + # release resources. + self.join(2.0) + + +def flow_top_command(stdscr, render, flow_db): + """ Handle input while in top mode. """ + ch = stdscr.getch() + ## + # Any character will restart sampling. + if (ch == ord('h')): + # halt output. + ch = stdscr.getch() + while (ch == -1): + ch = stdscr.getch() + + if (ch == ord('s')): + # toggle which column sorts data in descending order. + render.column_select_event() + elif (ch == ord('a')): + flow_db.accumulate_toggle() + elif (ch == ord('f')): + render.field_type_toggle() + elif (ch == ord(' ')): + # resample + pass + + return ch + + +def decay_timer_start(flow_db, accumulateDecay): + """ If accumulateDecay greater than zero then start timer. """ + if (accumulateDecay > 0): + decay_timer = DecayThread(flow_db, accumulateDecay) + decay_timer.start() + return decay_timer + else: + return None + + +def flows_top(args): + """ handles top like behavior when --script is not specified. """ + + flow_db = FlowDB(args.accumulate) + render = Render(0) + + decay_timer = decay_timer_start(flow_db, args.accumulateDecay) + lines = [] + + try: + stdscr = curses_screen_begin() + try: + ch = 'X' + #stdscr.nodelay(1) + stdscr.timeout(args.delay) + + while (ch != ord('q')): + flow_db.begin() + + try: + ihdl = top_input_get(args) + try: + flows_read(ihdl, flow_db) + finally: + ihdl.close() + except OSError, arg: + logging.critical(arg) + break + + (console_height, console_width) = stdscr.getmaxyx() + render.console_width_set(console_width) + + output_height = console_height - 1 + line_count = range(output_height) + line_output = render.format(flow_db) + lines = zip(line_count, line_output[:output_height]) + + stdscr.erase() + for (count, line) in lines: + stdscr.addstr(count, 0, line[:console_width]) + stdscr.refresh() + + ch = flow_top_command(stdscr, render, flow_db) + + finally: + curses_screen_end(stdscr) + except KeyboardInterrupt: + pass + if (decay_timer): + decay_timer.stop() + + # repeat output + for (count, line) in lines: + print line + + +def flows_script(args): + """ handles --script option. """ + + flow_db = FlowDB(args.accumulate) + flow_db.begin() + + if (args.flowFiles is None): + logging.info("reading flows from stdin") + ihdl = os.fdopen(sys.stdin.fileno(), 'r', 0) + try: + flow_db = flows_read(ihdl, flow_db) + finally: + ihdl.close() + else: + for flowFile in args.flowFiles: + logging.info("reading flows from %s", flowFile) + ihdl = open(flowFile, "r") + try: + flow_db = flows_read(ihdl, flow_db) + finally: + ihdl.close() + + (_, console_width) = get_terminal_size() + render = Render(console_width) + + for line in render.format(flow_db): + print line + + +def main(): + """ Return 0 on success or 1 on failure. + + Algorithm + There are four stages to the process ovs-dpctl dump-flow content. + 1. Retrieve current input + 2. store in FlowDB and maintain history + 3. Iterate over FlowDB and aggregating stats for each flow field + 4. present data. + + Retrieving current input is currently trivial, the ovs-dpctl dump-flow + is called. Future version will have more elaborate means for collecting + dump-flow content. FlowDB returns all data as in the form of a hierarchical + dictionary. Input will vary. + + In the case of accumulate mode, flows are not purged from the FlowDB + manager. Instead at the very least, merely the latest statistics are + kept. In the case, of live output the FlowDB is purged prior to sampling + data. + + Aggregating results requires identify flow fields to aggregate out + of the flow and summing stats. + + """ + args = args_get() + + try: + if (args.top): + flows_top(args) + else: + flows_script(args) + except KeyboardInterrupt: + return 1 + return 0 + +if __name__ == '__main__': + sys.exit(main()) +elif __name__ == 'ovs-dpctl-top': + # pylint: disable-msg=R0915 + + ## + # Test case beyond this point. + # pylint: disable-msg=R0904 + class TestsuiteFlowParse(unittest.TestCase): + """ + parse flow into hierarchy of dictionaries. + """ + def test_flow_parse(self): + """ test_flow_parse. """ + line = "in_port(4),eth(src=00:50:56:b4:4e:f8,"\ + "dst=33:33:00:01:00:03),eth_type(0x86dd),"\ + "ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3,"\ + "label=0,proto=17,tclass=0,hlimit=1,frag=no),"\ + "udp(src=61252,dst=5355), packets:1, bytes:92, "\ + "used:0.703s, actions:3,8,11,14,17,20,23,26,29,32,35,"\ + "38,41,44,47,50,53,56,59,62,65" + + (fields, stats, _) = flow_line_split(line) + flow_dict = elements_to_dict(fields + stats) + self.assertEqual(flow_dict["eth"]["src"], "00:50:56:b4:4e:f8") + self.assertEqual(flow_dict["eth"]["dst"], "33:33:00:01:00:03") + self.assertEqual(flow_dict["ipv6"]["src"], + "fe80::55bf:fe42:bc96:2812") + self.assertEqual(flow_dict["ipv6"]["dst"], "ff02::1:3") + self.assertEqual(flow_dict["packets"], "1") + self.assertEqual(flow_dict["bytes"], "92") + + line = "in_port(4),eth(src=00:50:56:b4:4e:f8,"\ + "dst=33:33:00:01:00:03),eth_type(0x86dd),"\ + "ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3,"\ + "label=0,proto=17,tclass=0,hlimit=1,frag=no),"\ + "udp(src=61252,dst=5355), packets:1, bytes:92, "\ + "used:-0.703s, actions:3,8,11,14,17,20,23,26,29,32,35,"\ + "38,41,44,47,50,53,56,59,62,65" + + (fields, stats, _) = flow_line_split(line) + flow_dict = elements_to_dict(fields + stats) + self.assertEqual(flow_dict["used"], "-0.703s") + self.assertEqual(flow_dict["packets"], "1") + self.assertEqual(flow_dict["bytes"], "92") + + def test_flow_sum(self): + """ test_flow_sum. """ + line = "in_port(4),eth(src=00:50:56:b4:4e:f8,"\ + "dst=33:33:00:01:00:03),eth_type(0x86dd),"\ + "ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3,"\ + "label=0,proto=17,tclass=0,hlimit=1,frag=no),"\ + "udp(src=61252,dst=5355), packets:2, bytes:92, "\ + "used:0.703s, actions:3,8,11,14,17,20,23,26,29,32,35,"\ + "38,41,44,47,50,53,56,59,62,65" + + (fields, stats, _) = flow_line_split(line) + stats_dict = elements_to_dict(stats) + fields_dict = elements_to_dict(fields) + ## + # Test simple case of one line. + flow_db = FlowDB(False) + matches = flow_aggregate(fields_dict, stats_dict) + for match in matches: + flow_db.field_add(match) + + flow_types = flow_db.field_types_get() + expected_flow_types = ["eth", "eth_type", "udp", "in_port", "ipv6"] + self.assert_(len(flow_types) == len(expected_flow_types)) + for flow_type in flow_types: + self.assertTrue(flow_type in expected_flow_types) + + for flow_type in flow_types: + sum_value = flow_db.field_values_in_order("all", 1) + self.assert_(len(sum_value) == 5) + self.assert_(sum_value[0].packets == 2) + self.assert_(sum_value[0].count == 1) + self.assert_(sum_value[0].bytes == 92) + + ## + # Add line again just to see counts go up. + matches = flow_aggregate(fields_dict, stats_dict) + for match in matches: + flow_db.field_add(match) + + flow_types = flow_db.field_types_get() + self.assert_(len(flow_types) == len(expected_flow_types)) + for flow_type in flow_types: + self.assertTrue(flow_type in expected_flow_types) + + for flow_type in flow_types: + sum_value = flow_db.field_values_in_order("all", 1) + self.assert_(len(sum_value) == 5) + self.assert_(sum_value[0].packets == 4) + self.assert_(sum_value[0].count == 2) + self.assert_(sum_value[0].bytes == 2 * 92) + + def test_assoc_list(self): + """ test_assoc_list. """ + line = "in_port(4),eth(src=00:50:56:b4:4e:f8,"\ + "dst=33:33:00:01:00:03),eth_type(0x86dd),"\ + "ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3,"\ + "label=0,proto=17,tclass=0,hlimit=1,frag=no),"\ + "udp(src=61252,dst=5355), packets:2, bytes:92, "\ + "used:0.703s, actions:3,8,11,14,17,20,23,26,29,32,35,"\ + "38,41,44,47,50,53,56,59,62,65" + + valid_flows = [ + 'eth_type(0x86dd)', + 'udp(dst=5355)', + 'in_port(4)', + 'ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3)', + 'eth(src=00:50:56:b4:4e:f8,dst=33:33:00:01:00:03)' + ] + + (fields, stats, _) = flow_line_split(line) + stats_dict = elements_to_dict(stats) + fields_dict = elements_to_dict(fields) + + ## + # Test simple case of one line. + flow_db = FlowDB(False) + matches = flow_aggregate(fields_dict, stats_dict) + for match in matches: + flow_db.field_add(match) + + for sum_value in flow_db.field_values_in_order("all", 1): + assoc_list = Columns.assoc_list(sum_value) + for item in assoc_list: + if (item[0] == "fields"): + self.assertTrue(item[1] in valid_flows) + elif (item[0] == "packets"): + self.assertTrue(item[1] == 2) + elif (item[0] == "count"): + self.assertTrue(item[1] == 1) + elif (item[0] == "average"): + self.assertTrue(item[1] == 46.0) + elif (item[0] == "bytes"): + self.assertTrue(item[1] == 92) + else: + raise ValueError("unknown %s", item[0]) + + def test_human_format(self): + """ test_assoc_list. """ + + self.assertEqual(approximate_size(0.0), "0.0 KiB") + self.assertEqual(approximate_size(1024), "1.0 KiB") + self.assertEqual(approximate_size(1024 * 1024), "1.0 MiB") + self.assertEqual(approximate_size((1024 * 1024) + 100000), + "1.1 MiB") + value = (1024 * 1024 * 1024) + 100000000 + self.assertEqual(approximate_size(value), "1.1 GiB") + + def test_flow_line_split(self): + """ Splitting a flow line is not trivial. + There is no clear delimiter. Comma is used liberally.""" + expected_fields = ["in_port(4)", + "eth(src=00:50:56:b4:4e:f8,dst=33:33:00:01:00:03)", + "eth_type(0x86dd)", + "ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3," + "label=0,proto=17,tclass=0,hlimit=1,frag=no)", + "udp(src=61252,dst=5355)"] + expected_stats = ["packets:2", "bytes:92", "used:0.703s"] + expected_actions = "actions:3,8,11,14,17,20,23,26,29,32,35," \ + "38,41,44,47,50,53,56,59,62,65" + + line = "in_port(4),eth(src=00:50:56:b4:4e:f8,"\ + "dst=33:33:00:01:00:03),eth_type(0x86dd),"\ + "ipv6(src=fe80::55bf:fe42:bc96:2812,dst=ff02::1:3,"\ + "label=0,proto=17,tclass=0,hlimit=1,frag=no),"\ + "udp(src=61252,dst=5355), packets:2, bytes:92, "\ + "used:0.703s, actions:3,8,11,14,17,20,23,26,29,32,35,"\ + "38,41,44,47,50,53,56,59,62,65" + + (fields, stats, actions) = flow_line_split(line) + + self.assertEqual(fields, expected_fields) + self.assertEqual(stats, expected_stats) + self.assertEqual(actions, expected_actions) + + def test_accumulate_decay(self): + """ test_accumulate_decay: test accumulated decay. """ + lines = ["in_port(1),eth(src=00:50:56:4f:dc:3b," + "dst=ff:ff:ff:ff:ff:ff)," + "eth_type(0x0806),arp(sip=10.24.105.107/255.255.255.255," + "tip=10.24.104.230/255.255.255.255,op=1/0xff," + "sha=00:50:56:4f:dc:3b/00:00:00:00:00:00," + "tha=00:00:00:00:00:00/00:00:00:00:00:00), " + "packets:1, bytes:120, used:0.004s, actions:1"] + + flow_db = FlowDB(True) + flow_db.begin() + flow_db.flow_line_add(lines[0]) + + # Make sure we decay + time.sleep(4) + self.assertEqual(flow_db.flow_stats_get()["flow_total"], 1) + flow_db.decay(1) + self.assertEqual(flow_db.flow_stats_get()["flow_total"], 0) + + flow_db.flow_line_add(lines[0]) + self.assertEqual(flow_db.flow_stats_get()["flow_total"], 1) + flow_db.decay(30) + # Should not be deleted. + self.assertEqual(flow_db.flow_stats_get()["flow_total"], 1) + + flow_db.flow_line_add(lines[0]) + self.assertEqual(flow_db.flow_stats_get()["flow_total"], 1) + timer = decay_timer_start(flow_db, 2) + time.sleep(10) + self.assertEqual(flow_db.flow_stats_get()["flow_total"], 0) + timer.stop() + + def test_accumulate(self): + """ test_accumulate test that FlowDB supports accumulate. """ + + lines = ["in_port(1),eth(src=00:50:56:4f:dc:3b," + "dst=ff:ff:ff:ff:ff:ff)," + "eth_type(0x0806),arp(sip=10.24.105.107/255.255.255.255," + "tip=10.24.104.230/255.255.255.255,op=1/0xff," + "sha=00:50:56:4f:dc:3b/00:00:00:00:00:00," + "tha=00:00:00:00:00:00/00:00:00:00:00:00), " + "packets:1, bytes:120, used:0.004s, actions:1", + "in_port(2)," + "eth(src=68:ef:bd:25:ef:c0,dst=33:33:00:00:00:66)," + "eth_type(0x86dd),ipv6(src=fe80::6aef:bdff:fe25:efc0/::," + "dst=ff02::66/::,label=0/0,proto=17/0xff,tclass=0xe0/0," + "hlimit=255/0,frag=no/0),udp(src=2029,dst=2029), " + "packets:2, bytes:5026, used:0.348s, actions:1", + "in_port(1),eth(src=ee:ee:ee:ee:ee:ee," + "dst=ff:ff:ff:ff:ff:ff)," + "eth_type(0x0806),arp(sip=10.24.105.107/255.255.255.255," + "tip=10.24.104.230/255.255.255.255,op=1/0xff," + "sha=00:50:56:4f:dc:3b/00:00:00:00:00:00," + "tha=00:00:00:00:00:00/00:00:00:00:00:00), packets:2, " + "bytes:240, used:0.004s, actions:1"] + + lines = [ + "in_port(1),eth_type(0x0806), packets:1, bytes:120, actions:1", + "in_port(2),eth_type(0x0806), packets:2, bytes:126, actions:1", + "in_port(1),eth_type(0x0806), packets:2, bytes:240, actions:1", + "in_port(1),eth_type(0x0800), packets:1, bytes:120, actions:1", + "in_port(1),eth_type(0x0800), packets:2, bytes:240, actions:1", + "in_port(1),eth_type(0x0806), packets:1, bytes:120, actions:1", + ] + + # Turn on accumulate. + flow_db = FlowDB(True) + flow_db.begin() + + flow_db.flow_line_add(lines[0]) + + # Test one flow exist. + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 1) + self.assertEqual(in_ports[0].bytes, 120) + self.assertEqual(in_ports[0].count, 1) + + # simulate another sample + # Test two different flows exist. + flow_db.begin() + flow_db.flow_line_add(lines[1]) + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 1) + self.assertEqual(in_ports[0].bytes, 120) + self.assertEqual(in_ports[0].count, 1) + + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(2)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 2) + self.assertEqual(in_ports[0].bytes, 126) + self.assertEqual(in_ports[0].count, 1) + + # Test first flow increments packets. + flow_db.begin() + flow_db.flow_line_add(lines[2]) + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 2) + self.assertEqual(in_ports[0].bytes, 240) + self.assertEqual(in_ports[0].count, 1) + + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(2)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 2) + self.assertEqual(in_ports[0].bytes, 126) + self.assertEqual(in_ports[0].count, 1) + + # Test third flow but with the same in_port(1) as the first flow. + flow_db.begin() + flow_db.flow_line_add(lines[3]) + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 3) + self.assertEqual(in_ports[0].bytes, 360) + self.assertEqual(in_ports[0].count, 2) + + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(2)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 2) + self.assertEqual(in_ports[0].bytes, 126) + self.assertEqual(in_ports[0].count, 1) + + # Third flow has changes. + flow_db.begin() + flow_db.flow_line_add(lines[4]) + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 4) + self.assertEqual(in_ports[0].bytes, 480) + self.assertEqual(in_ports[0].count, 2) + + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(2)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 2) + self.assertEqual(in_ports[0].bytes, 126) + self.assertEqual(in_ports[0].count, 1) + + # First flow reset. + flow_db.begin() + flow_db.flow_line_add(lines[5]) + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 3) + self.assertEqual(in_ports[0].bytes, 360) + self.assertEqual(in_ports[0].count, 2) + + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(2)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 2) + self.assertEqual(in_ports[0].bytes, 126) + self.assertEqual(in_ports[0].count, 1) + + def test_parse_character_errors(self): + """ test_parsing errors. + The flow parses is purposely loose. Its not designed to validate + input. Merely pull out what it can but there are situations + that a parse error can be detected. + """ + + lines = ["complete garbage", + "in_port(2),eth(src=68:ef:bd:25:ef:c0," + "dst=33:33:00:00:00:66)," + "eth_type(0x86dd),ipv6(src=fe80::6aef:bdff:fe25:efc0/::," + "dst=ff02::66/::,label=0/0,proto=17/0xff,tclass=0xe0/0," + "hlimit=255/0,frag=no/0),udp(src=2029,dst=2029)," + "packets:2,bytes:5026,actions:1"] + + flow_db = FlowDB(False) + flow_db.begin() + for line in lines: + try: + flow_db.flow_line_add(line) + except ValueError: + # We want an exception. That is how we know we have + # correctly found a simple parsing error. We are not + # looking to validate flow output just catch simple issues. + continue + self.assertTrue(False) + + def test_tunnel_parsing(self): + """ test_tunnel_parsing test parse flows with tunnel. """ + lines = [ + "tunnel(tun_id=0x0,src=192.168.1.1,dst=192.168.1.10," + "tos=0x0,ttl=64,flags(key)),in_port(1)," + "eth(src=9e:40:f5:ef:ec:ee,dst=01:23:20:00:00:30)," + "eth_type(0x8902), packets:6, bytes:534, used:0.128s, " + "actions:userspace(pid=4294962691,slow_path(cfm))" + ] + flow_db = FlowDB(False) + flow_db.begin() + flow_db.flow_line_add(lines[0]) + sum_values = flow_db.field_values_in_order("all", 1) + in_ports = [ii for ii in sum_values if (repr(ii) == "in_port(1)")] + self.assertEqual(len(in_ports), 1) + self.assertEqual(in_ports[0].packets, 6) + self.assertEqual(in_ports[0].bytes, 534) + self.assertEqual(in_ports[0].count, 1) + + def test_flow_multiple_paren(self): + """ test_flow_multiple_paren. """ + line = "tunnel(tun_id=0x0,src=192.168.1.1,flags(key)),in_port(2)" + valid = ["tunnel(tun_id=0x0,src=192.168.1.1,flags(key))", + "in_port(2)"] + rc = flow_line_iter(line) + self.assertEqual(valid, rc) + + def test_to_network(self): + """ test_to_network test ipv4_to_network and ipv6_to_network. """ + ipv4s = [ + ("192.168.0.1", "192.168.0.1"), + ("192.168.0.1/255.255.255.255", "192.168.0.1"), + ("192.168.0.1/255.255.255.0", "192.168.0.0"), + ("192.168.0.1/255.255.0.0", "192.168.0.0"), + ("192.168.0.1/255.0.0.0", "192.0.0.0"), + ("192.168.0.1/0.0.0.0", "0.0.0.0"), + ("10.24.106.230/255.255.255.255", "10.24.106.230"), + ("10.24.106.230/255.255.255.0", "10.24.106.0"), + ("10.24.106.0/255.255.255.0", "10.24.106.0"), + ("10.24.106.0/255.255.252.0", "10.24.104.0") + ] + + ipv6s = [ + ("1::192:168:0:1", "1::192:168:0:1"), + ("1::192:168:0:1/1::ffff:ffff:ffff:ffff", "1::192:168:0:1"), + ("1::192:168:0:1/1::ffff:ffff:ffff:0", "1::192:168:0:0"), + ("1::192:168:0:1/1::ffff:ffff:0:0", "1::192:168:0:0"), + ("1::192:168:0:1/1::ffff:0:0:0", "1::192:0:0:0"), + ("1::192:168:0:1/1::0:0:0:0", "1::"), + ("1::192:168:0:1/::", "::") + ] + + for (ipv4_test, ipv4_check) in ipv4s: + self.assertEqual(ipv4_to_network(ipv4_test), ipv4_check) + + for (ipv6_test, ipv6_check) in ipv6s: + self.assertEqual(ipv6_to_network(ipv6_test), ipv6_check) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/quantum-ha-tool.py b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/quantum-ha-tool.py new file mode 100755 index 000000000..fdb68ac3b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/files/default/quantum-ha-tool.py @@ -0,0 +1,443 @@ +#! /usr/bin/env python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2013 AT&T Services, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import logging +import os +import sys +import json +import argparse +import random +import time +from logging.handlers import SysLogHandler +from collections import OrderedDict +from random import choice +from quantumclient.quantum import client + +LOG = logging.getLogger('quantum-ha-tool') +LOG_FORMAT='%(asctime)s %(name)-12s %(levelname)-8s %(message)s' +LOG_DATE = '%m-%d %H:%M' +DESCRIPTION = "Quantum High Availability Tool" +TAKEOVER_DELAY = int(random.random()*30+30) + + +def parse_args(): + + # ensure environment has necessary items to authenticate + for key in ['OS_TENANT_NAME', 'OS_USERNAME', 'OS_PASSWORD', + 'OS_AUTH_URL']: + if key not in os.environ.keys(): + LOG.exception("Your environment is missing '%s'") + + ap = argparse.ArgumentParser(description=DESCRIPTION) + ap.add_argument('-d', '--debug', action='store_true', + default=False, help='Show debugging output') + ap.add_argument('-n', '--noop', action='store_true', + default=False, help='Do not do any modifying operations (dry-run)') + ap.add_argument('--l3-agent-check', action='store_true', + default=False, help='Show routers associated with offline l3 agents') + ap.add_argument('--l3-agent-migrate', action='store_true', + default=False, help='Migrate routers away from offline l3 agents') + ap.add_argument('--l3-agent-rebalance', action='store_true', + default=False, help='Rebalance router count on all l3 agents') + ap.add_argument('--replicate-dhcp', action='store_true', + default=False, help='Replicate DHCP configuration to all agents') + return ap.parse_args() + +def setup_logging(args): + level = logging.INFO + if args.debug: + level = logging.DEBUG + logging.basicConfig(level=level, format=LOG_FORMAT, date_fmt=LOG_DATE) + handler = SysLogHandler(address = '/dev/log') + syslog_formatter = logging.Formatter('%(name)s: %(levelname)s %(message)s') + handler.setFormatter(syslog_formatter) + LOG.addHandler(handler) + +def run(args): + + # instantiate client + qclient = client.Client('2.0', auth_url=os.environ['OS_AUTH_URL'], + username=os.environ['OS_USERNAME'], + tenant_name=os.environ['OS_TENANT_NAME'], + password=os.environ['OS_PASSWORD']) + + # set json return type + qclient.format = 'json' + + if args.l3_agent_check: + LOG.info("Performing L3 Agent Health Check") + l3_agent_check(qclient, args.noop) + + if args.l3_agent_migrate: + LOG.info("Performing L3 Agent Migration for Offline L3 Agents") + l3_agent_migrate(qclient, args.noop) + + if args.l3_agent_rebalance: + LOG.info("Rebalancing L3 Agent Router Count") + l3_agent_rebalance(qclient, args.noop) + + if args.replicate_dhcp: + LOG.info("Performing DHCP Replication of Networks to Agents") + replicate_dhcp(qclient, args.noop) + +def l3_agent_rebalance(qclient, noop=False): + """ + Rebalance l3 agent router count across agents. The number of routers + on each l3 agent will be as close as possible which should help + distribute load as new l3 agents come online. + + :param qclient: A quantumclient + :param noop: Optional noop flag + """ + + # {u'binary': u'quantum-l3-agent', u'description': None, u'admin_state_up': True, u'heartbeat_timestamp': u'2013-07-02 22:20:23', u'alive': True, u'topic': + # u'l3_agent', u'host': u'o3r3.int.san3.attcompute.com', u'agent_type': u'L3 agent', u'created_at': u'2013-07-02 14:50:58', u'started_at': u'2013-07-02 18:00:55', + # u'id': u'6efe494a-616c-41ea-9c8f-2c592f4d46ff', u'configurations': {u'router_id': u'', u'gateway_external_network_id': u'', u'handle_internal_only_routers': True, + # u'use_namespaces': True, u'routers': 5, u'interfaces': 3, u'floating_ips': 9, u'interface_driver': u'quantum.agent.linux.interface.OVSInterfaceDriver', u'ex_gw_ports': 3}}, + + l3_agent_dict={} + agents = list_agents(qclient, agent_type='L3 agent') + num_agents = len(agents) + if num_agents <= 1: + LOG.info("No rebalancing required for 1 or fewer agents") + return + + for l3_agent in agents: + num_routers=l3_agent['configurations']['routers'] + l3_agent_dict[l3_agent['id']] = list_routers_on_l3_agent(qclient, l3_agent['id']) + + ordered_l3_agent_dict = OrderedDict(sorted(l3_agent_dict.items(), key=lambda t: len(t[0]))) + ordered_l3_agent_list = list(ordered_l3_agent_dict) + num_agents = len(ordered_l3_agent_list) + LOG.info("Agent list: %s", ordered_l3_agent_list[0:(num_agents-1/2)+1]) + i=0 + for agent in ordered_l3_agent_list[0:num_agents-1/2]: + low_agent_id=ordered_l3_agent_list[i] + hgh_agent_id=ordered_l3_agent_list[-(i+1)] + + # do nothing if we end up comparing the same router + if low_agent_id == hgh_agent_id: + continue + + LOG.info("Examining low_agent=%s, high_agent=%s", low_agent_id, hgh_agent_id) + + low_agent_router_count = len(l3_agent_dict[low_agent_id]) + hgh_agent_router_count = len(l3_agent_dict[hgh_agent_id]) + + LOG.info("Low Count=%s, High Count=%s", low_agent_router_count, hgh_agent_router_count) + + for router_id in l3_agent_dict[hgh_agent_id]: + if low_agent_router_count >= hgh_agent_router_count: + break + else: + LOG.info("Migrating router=%s from agent=%s to agent=%s", router_id, hgh_agent_id, low_agent_id) + try: + if not noop: + migrate_router(qclient, router_id, hgh_agent_id, low_agent_id) + low_agent_router_count += 1 + hgh_agent_router_count -= 1 + except: + LOG.traceback("Failed to migrate router=%s from agent=%s to agent=%s" % (router_id, hgh_agent_id, low_agent_id)) + continue + i+=1 + +def l3_agent_check(qclient, noop=False): + """ + Walk the l3 agents searching for agents that are offline. Show routers + that are offline and where we would migrate them too. + + :param qclient: A quantumclient + :param noop: Optional noop flag + + """ + + migration_count = 0 + agent_list = list_agents(qclient) + agent_dead_list = agent_dead_id_list(agent_list, 'L3 agent') + agent_alive_list = agent_alive_id_list(agent_list, 'L3 agent') + LOG.info("There are %s offline L3 agents and %s online L3 agents", len(agent_dead_list), len(agent_alive_list)) + + if len(agent_dead_list) > 0: + + for agent_id in agent_dead_list: + + LOG.info("Querying agent_id=%s for routers to migrate", agent_id) + router_id_list = list_routers_on_l3_agent(qclient, agent_id) + + for router_id in router_id_list: + + try: + target_id = choice(agent_alive_list) + except: + LOG.warn("There are no l3 agents alive we could migrate routers onto") + target_id = None + + LOG.info("Would like to migrate router=%s to agent=%s", router_id, target_id) + +def l3_agent_migrate(qclient, noop=False): + """ + Walk the l3 agents searching for agents that are offline. For those that are + offline, we will retrieve a list of routers on them and migrate them to a + random l3 agent that is online. + + :param qclient: A quantumclient + :param noop: Optional noop flag + + """ + + migration_count = 0 + agent_list = list_agents(qclient) + agent_dead_list = agent_dead_id_list(agent_list, 'L3 agent') + agent_alive_list = agent_alive_id_list(agent_list, 'L3 agent') + LOG.info("There are %s offline L3 agents and %s online L3 agents", len(agent_dead_list), len(agent_alive_list)) + + if len(agent_dead_list) > 0: + + if len(agent_alive_list) < 1: + LOG.exception("There are no l3 agents alive to migrate routers onto") + + timeout = 0 + + while timeout < TAKEOVER_DELAY: + + agent_list_new = list_agents(qclient) + agent_dead_list_new = agent_dead_id_list(agent_list_new, 'L3 agent') + if len(agent_dead_list_new) < len(agent_dead_list): + LOG.info("Skipping router failover since an agent came online while ensuring agents offline for seconds=%s" % TAKEOVER_DELAY) + sys.exit(0) + + LOG.info("Agent found offline for seconds=%s but waiting seconds=%s before migration" % (timeout, TAKEOVER_DELAY)) + timeout += 1 + time.sleep(1) + + + for agent_id in agent_dead_list: + + LOG.info("Querying agent_id=%s for routers to migrate", agent_id) + router_id_list = list_routers_on_l3_agent(qclient, agent_id) + + for router_id in router_id_list: + + target_id = choice(agent_alive_list) + LOG.info("Migrating router=%s to agent=%s", router_id, target_id) + router_body = {'router_id': router_id} + + try: + + if not noop: + migrate_router(qclient, router_id, agent_id, target_id) + migration_count+=1 + + except: + + LOG.exception("There was an error migrating a router") + continue + + LOG.info("%s routers required migration from offline L3 agents", migration_count) + +def replicate_dhcp(qclient, noop=False): + """ + Retrieve a network list and then probe each DHCP agent to ensure they have that + network assigned. + + :param qclient: A quantumclient + :param noop: Optional noop flag + """ + + added=0 + networks = list_networks(qclient) + network_id_list = [n['id'] for n in networks] + agents = list_agents(qclient, agent_type='DHCP agent') + LOG.info("Replicating %s networks to %s DHCP agents", len(networks), len(agents)) + for dhcp_agent_id in [a['id'] for a in agents]: + networks_on_agent = qclient.list_networks_on_dhcp_agent(dhcp_agent_id)['networks'] + network_id_on_agent = [n['id'] for n in networks_on_agent] + for network_id in network_id_list: + if network_id not in network_id_on_agent: + try: + dhcp_body = {'network_id': network_id} + if not noop: + qclient.add_network_to_dhcp_agent(dhcp_agent_id, dhcp_body) + LOG.info("Added missing network=%s to dhcp agent=%s", network_id, dhcp_agent_id) + added+=1 + except: + LOG.exception("Failed to add network_id=%s to dhcp_agent=%s", network_id, dhcp_agent_id) + continue + + LOG.info("Added %s networks to DHCP agents", added) + + +def migrate_router(qclient, router_id, agent_id, target_id): + """ + Returns nothing, and raises on exception + + :param qclient: A quantumclient + :param router_id: The id of the router to migrate + :param agent_id: The id of the l3 agent to migrate from + :param target_id: The id of the l3 agent to migrate to + """ + + # N.B. The quantum API will return "success" even when there is a subsequent + # failure during the add or remove process so we must check to ensure the + # router has been added or removed + + # remove the router from the dead agent + qclient.remove_router_from_l3_agent(agent_id, router_id) + + # ensure it is removed or log an error + if router_id in list_routers_on_l3_agent(qclient, agent_id): + LOG.exception("Failed to remove router_id=%s from agent_id=%s", router_id, agent_id) + + + # add the router id to a live agent + router_body = {'router_id': router_id} + qclient.add_router_to_l3_agent(target_id, router_body) + + # ensure it is removed or log an error + if router_id not in list_routers_on_l3_agent(qclient, target_id): + LOG.exception("Failed to add router_id=%s from agent_id=%s", router_id, agent_id) + + +def list_networks(qclient): + """ + Return a list of network objects + + :param qclient: A quantumclient + """ + + resp = qclient.list_networks() + LOG.debug("list_networks: %s", resp) + return resp['networks'] + +def list_dhcp_agent_networks(qclient, agent_id): + """ + Return a list of network ids assigned to a particular DHCP agent + + :param qclient: A quantumclient + :param agent_id: A DHCP agent id + """ + + resp = qclient.list_networks_on_dhcp_agent(agent_id) + LOG.debug("list_networks_on_dhcp_agent: %s", resp) + return [s['id'] for s in resp['networks']] + + + +def list_routers(qclient): + """ + Return a list of router objects + + :param qclient: A quantumclient + + # {'routers': [{u'status': u'ACTIVE', u'external_gateway_info': {u'network_id': u'b970297c-d80e-4527-86d7-e49d2da9fdef'}, u'name': u'router1', + # u'admin_state_up': True, u'tenant_id': u'5603b97ee7f047ea999e25492c7fcb23', u'routes': [], u'id': u'0a122e5c-1623-412e-8c53-a1e21d1daff8'}, + + """ + + resp = qclient.list_routers() + LOG.debug("list_routers: %s", resp) + return resp['routers'] + +def list_routers_on_l3_agent(qclient, agent_id): + """ + Return a list of router ids on an agent + + :param qclient: A quantumclient + """ + + resp = qclient.list_routers_on_l3_agent(agent_id) + LOG.debug("list_routers_on_l3_agent: %s", resp) + return [r['id'] for r in resp['routers']] + +def list_agents(qclient, agent_type=None): + """ + Return a list of agent objects + + :param qclient: A quantumclient + + # openvswitch + # + # {u'agents': [{u'binary': u'quantum-openvswitch-agent', u'description': None, u'admin_state_up': True, u'heartbeat_timestamp': u'2013-07-02 22:20:25' + # u'alive': True, u'topic': u'N/A', u'host': u'o3r3.int.san3.attcompute.com', u'agent_type': u'Open vSwitch agent', u'created_at': u'2013-07-02 14:50:57', + # u'started_at': u'2013-07-02 14:50:57', u'id': u'3a577f1d-d86e-4f1a-a395-8d4c8e4df1e2', u'configurations': {u'devices': 10}}, + # + # dhcp + # + # {u'binary': u'quantum-dhcp-agent', u'description': None, u'admin_state_up': True, u'heartbeat_timestamp': u'2013-07-02 22:20:23', u'alive': True, + # u'topic': u'dhcp_agent', u'host': u'o5r4.int.san3.attcompute.com', u'agent_type': u'DHCP agent', u'created_at': u'2013-06-26 16:21:02', u'started_at': + # u'2013-06-28 13:32:52', u'id': u'3e8be28e-05a0-472b-9288-a59f8d8d2271', u'configurations': {u'subnets': 4, u'use_namespaces': True, u'dhcp_driver': + # u'quantum.agent.linux.dhcp.Dnsmasq', u'networks': 4, u'dhcp_lease_time': 120, u'ports': 38}}, + # + # l3 + # + # {u'binary': u'quantum-l3-agent', u'description': None, u'admin_state_up': True, u'heartbeat_timestamp': u'2013-07-02 22:20:23', u'alive': True, u'topic': + # u'l3_agent', u'host': u'o3r3.int.san3.attcompute.com', u'agent_type': u'L3 agent', u'created_at': u'2013-07-02 14:50:58', u'started_at': u'2013-07-02 18:00:55', + # u'id': u'6efe494a-616c-41ea-9c8f-2c592f4d46ff', u'configurations': {u'router_id': u'', u'gateway_external_network_id': u'', u'handle_internal_only_routers': True, + # u'use_namespaces': True, u'routers': 5, u'interfaces': 3, u'floating_ips': 9, u'interface_driver': u'quantum.agent.linux.interface.OVSInterfaceDriver', u'ex_gw_ports': 3}}, + """ + + resp = qclient.list_agents() + LOG.debug("list_agents: %s", resp) + if agent_type: + filtered=[] + for agent in resp['agents']: + if agent['agent_type'] == agent_type: + filtered.append(agent) + return filtered + return resp['agents'] + +def agent_alive_id_list(agent_list, agent_type): + """ + Return a list of agents that are alive from an API list of agents + + :param agent_list: API response for list_agents() + + """ + live_list=[] + for agent in agent_list: + if agent['agent_type'] == agent_type and agent['alive'] is True: + live_list.append(agent['id']) + return live_list + +def agent_dead_id_list(agent_list, agent_type): + """ + Return a list of agents that are dead from an API list of agents + + :param agent_list: API response for list_agents() + + """ + dead_list=[] + for agent in agent_list: + if agent['agent_type'] == agent_type and agent['alive'] is False: + dead_list.append(agent['id']) + return dead_list + +if __name__ == '__main__': + + args = parse_args() + setup_logging(args) + + try: + run(args) + sys.exit(0) + except Exception as err: + print "ERROR: %s" % err + sys.exit(1) + except KeyboardInterrupt: + sys.exit(1) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/metadata.rb new file mode 100644 index 000000000..7922cfbd4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/metadata.rb @@ -0,0 +1,19 @@ +name "openstack-network" +maintainer "Jay Pipes " +license "Apache 2.0" +description "Installs and configures the OpenStack Network API Service and various agents and plugins" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "7.0.3" +recipe "openstack-network::server", "Installs packages required for a OpenStack Network server" +recipe "openstack-network::openvswitch", "Installs packages required for OVS" +recipe "openstack-network::metadata_agent", "Installs packages required for a OpenStack Network Metadata Agent" +recipe "openstack-network::identity_registration", "Registers OpenStack Network endpoints and service user with Keystone" + +%w{ ubuntu fedora redhat centos suse }.each do |os| + supports os +end + +depends "openstack-identity", "~> 7.0" +depends "openstack-common", "~> 0.4.0" +depends "mysql" +depends "postgresql" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/balancer.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/balancer.rb new file mode 100644 index 000000000..e0b060176 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/balancer.rb @@ -0,0 +1,48 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: balancer +# +# Copyright 2013, Mirantis IT +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This recipe should be placed in the run_list of the node that +# runs the network server or network controller server. + +platform_options = node["openstack"]["network"]["platform"] + +service "quantum-server" do + service_name platform_options["quantum_server_service"] + supports :status => true, :restart => true + + action :nothing +end + +platform_options["quantum_lb_packages"].each do |pkg| + package pkg do + action :install + end +end + +directory node["openstack"]["network"]["lbaas_config_path"] do + action :create + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + recursive true +end + +template "#{node["openstack"]["network"]["lbaas_config_path"]}/lbaas_agent.ini" do + source "lbaas_agent.ini.erb" + notifies :restart, "service[quantum-server]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/bigswitch.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/bigswitch.rb new file mode 100644 index 000000000..4e387b28e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/bigswitch.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: bigswitch +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/brocade.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/brocade.rb new file mode 100644 index 000000000..8c191ceda --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/brocade.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: brocade +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/build_openvswitch_source.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/build_openvswitch_source.rb new file mode 100644 index 000000000..a30ed9ea3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/build_openvswitch_source.rb @@ -0,0 +1,96 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: build_openvswitch_source +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +platform_options = node["openstack"]["network"]["platform"] + +platform_options["quantum_openvswitch_build_packages"].each do |pkg| + package pkg do + action :install + end +end + +ovs_options = node['openstack']['network']['openvswitch'] +src_filename = ovs_options['openvswitch_filename'] +src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}" +extract_path = "#{Chef::Config['file_cache_path']}/#{ovs_options['openvswitch_checksum']}" + +remote_file src_filepath do + source ovs_options['openvswitch_url'] + checksum ovs_options['openvswitch_checksum'] + owner 'root' + group 'root' + mode 00644 + not_if { ::File.exists?("#{Chef::Config['file_cache_path']}/#{ovs_options['openvswitch_filename']}") } +end + +bash "disable_openvswitch_before_upgrade" do + cwd '/tmp' + not_if "dpkg -l | grep openvswitch-switch | grep #{ovs_options['openvswitch_dpkgversion']}" + code <<-EOH + # Politely stop OVS + service openvswitch-switch stop || exit 0 + + sleep 2; + + # After stopping it, ensure it's down + killall -9 ovs-vswitchd || exit 0 + killall -9 ovsdb-server || exit 0 + fi + EOH +end + +bash 'extract_package' do + cwd ::File.dirname(src_filepath) + code <<-EOH + rm -rf #{extract_path} + mkdir -p #{extract_path} + tar xzf #{src_filename} -C #{extract_path} + cd #{extract_path}/#{ovs_options['openvswitch_base_filename']} + DEB_BUILD_OPTIONS='parallel=8' fakeroot debian/rules binary + EOH + not_if "dpkg -l | grep openvswitch-switch | grep #{ovs_options['openvswitch_dpkgversion']}" + notifies :install, "dpkg_package[openvswitch-common]", :immediately + notifies :install, "dpkg_package[openvswitch-datapath-dkms]", :immediately + notifies :install, "dpkg_package[openvswitch-pki]", :immediately + notifies :install, "dpkg_package[openvswitch-switch]", :immediately +end + +dpkg_package "openvswitch-common" do + source "#{extract_path}/openvswitch-common_#{ovs_options['openvswitch_dpkgversion']}_#{ovs_options['openvswitch_architecture']}.deb" + action :nothing +end +dpkg_package "openvswitch-common" do + source "#{extract_path}/openvswitch-common_#{ovs_options['openvswitch_dpkgversion']}_#{ovs_options['openvswitch_architecture']}.deb" + action :nothing +end + +dpkg_package "openvswitch-datapath-dkms" do + source "#{extract_path}/openvswitch-datapath-dkms_#{ovs_options['openvswitch_dpkgversion']}_all.deb" + action :nothing +end + +dpkg_package "openvswitch-pki" do + source "#{extract_path}/openvswitch-pki_#{ovs_options['openvswitch_dpkgversion']}_all.deb" + action :nothing +end + +dpkg_package "openvswitch-switch" do + source "#{extract_path}/openvswitch-switch_#{ovs_options['openvswitch_dpkgversion']}_#{ovs_options['openvswitch_architecture']}.deb" + action :nothing +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/cisco.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/cisco.rb new file mode 100644 index 000000000..17a8c9ba6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/cisco.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: cisco +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/common.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/common.rb new file mode 100644 index 000000000..df6365721 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/common.rb @@ -0,0 +1,385 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: common +# +# Copyright 2013, AT&T +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +platform_options = node["openstack"]["network"]["platform"] + +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] +core_plugin = node["openstack"]["network"]["core_plugin"] + +if node["openstack"]["network"]["syslog"]["use"] + include_recipe "openstack-common::logging" +end + +platform_options["nova_network_packages"].each do |pkg| + package pkg do + action :purge + end +end + +platform_options["quantum_packages"].each do |pkg| + package pkg do + action :install + end +end + +directory "/etc/quantum/plugins" do + recursive true + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00700 + action :create +end + +directory "/var/cache/quantum" do + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00700 + action :create +end + +directory ::File.dirname node["openstack"]["network"]["api"]["auth"]["cache_dir"] do + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00700 + + only_if { node["openstack"]["auth"]["strategy"] == "pki" } +end + +# This will copy recursively all the files in +# /files/default/etc/quantum/rootwrap.d +remote_directory "/etc/quantum/rootwrap.d" do + source "etc/quantum/rootwrap.d" + files_owner node["openstack"]["network"]["platform"]["user"] + files_group node["openstack"]["network"]["platform"]["group"] + files_mode 00700 +end + +template "/etc/quantum/rootwrap.conf" do + source "rootwrap.conf.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 +end + +template "/etc/quantum/policy.json" do + source "policy.json.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + + notifies :restart, "service[quantum-server]", :delayed +end + +rabbit_server_role = node["openstack"]["network"]["rabbit_server_chef_role"] +if node["openstack"]["network"]["rabbit"]["ha"] + rabbit_hosts = rabbit_servers +end +rabbit_pass = user_password node["openstack"]["network"]["rabbit"]["username"] + +identity_endpoint = endpoint "identity-api" +auth_uri = ::URI.decode identity_endpoint.to_s + +db_user = node["openstack"]["network"]["db"]["username"] +db_pass = db_password "quantum" +sql_connection = db_uri("network", db_user, db_pass) + +api_endpoint = endpoint "network-api" +service_pass = service_password "openstack-network" +service_tenant_name = node["openstack"]["network"]["service_tenant_name"] +service_user = node["openstack"]["network"]["service_user"] + +if node["openstack"]["network"]["api"]["bind_interface"].nil? + bind_address = api_endpoint.host + bind_port = api_endpoint.port +else + bind_address = address_for node["openstack"]["network"]["api"]["bind_interface"] + bind_port = node["openstack"]["network"]["api"]["bind_port"] +end + +# retrieve the local interface for tunnels +if node["openstack"]["network"]["openvswitch"]["local_ip_interface"].nil? + local_ip = node["openstack"]["network"]["openvswitch"]["local_ip"] +else + local_ip = address_for node["openstack"]["network"]["openvswitch"]["local_ip_interface"] +end + +platform_options["quantum_client_packages"].each do |pkg| + package pkg do + action :upgrade + options platform_options["package_overrides"] + end +end + +# all recipes include common.rb, and some servers +# may just be running a subset of agents (like l3_agent) +# and not the api server components, so we ignore restart +# failures here as there may be no quantum-server process +service "quantum-server" do + service_name platform_options["quantum_server_service"] + supports :status => true, :restart => true + ignore_failure true + + action :nothing +end + +template "/etc/quantum/quantum.conf" do + source "quantum.conf.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :bind_address => bind_address, + :bind_port => bind_port, + :rabbit_hosts => rabbit_hosts, + :rabbit_pass => rabbit_pass, + :core_plugin => core_plugin, + :identity_endpoint => identity_endpoint, + :service_pass => service_pass + ) + + notifies :restart, "service[quantum-server]", :delayed +end + +template "/etc/quantum/api-paste.ini" do + source "api-paste.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + "identity_endpoint" => identity_endpoint, + "service_pass" => service_pass + ) + + notifies :restart, "service[quantum-server]", :delayed +end + +directory "/etc/quantum/plugins/#{main_plugin}" do + recursive true + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00700 +end + +# For several plugins, the plugin configuration +# is required by both the quantum-server and +# ancillary services that may be on different +# physical servers like the l3 agent, so we assume +# the plugin configuration is a "common" file + +template_file = nil + +case main_plugin +when "bigswitch" + + template_file = "/etc/quantum/plugins/bigswitch/restproxy.ini" + template "/etc/quantum/plugins/bigswitch/restproxy.ini" do + source "plugins/bigswitch/restproxy.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "brocade" + + template_file = "/etc/quantum/plugins/brocade/brocade.ini" + template "/etc/quantum/plugins/brocade/brocade.ini" do + source "plugins/brocade/brocade.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "cisco" + + template_file = "/etc/quantum/plugins/cisco/cisco_plugins.ini" + template "/etc/quantum/plugins/cisco/cisco_plugins.ini" do + source "plugins/cisco/cisco_plugins.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "hyperv" + + template_file = "/etc/quantum/plugins/hyperv/hyperv_quantum_plugin.ini.erb" + template "/etc/quantum/plugins/hyperv/hyperv_quantum_plugin.ini.erb" do + source "plugins/hyperv/hyperv_quantum_plugin.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "linuxbridge" + + template_file = "/etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini" + template "/etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini" do + source "plugins/linuxbridge/linuxbridge_conf.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "midonet" + + template_file = "/etc/quantum/plugins/metaplugin/metaplugin.ini" + template "/etc/quantum/plugins/metaplugin/metaplugin.ini" do + source "plugins/metaplugin/metaplugin.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "nec" + + template_file = "/etc/quantum/plugins/nec/nec.ini" + template "/etc/quantum/plugins/nec/nec.ini" do + source "plugins/nec/nec.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "nicira" + + template_file = "/etc/quantum/plugins/nicira/nvp.ini" + template "/etc/quantum/plugins/nicira/nvp.ini" do + source "plugins/nicira/nvp.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "openvswitch" + + template_file = "/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini" + + service "quantum-plugin-openvswitch-agent" do + service_name platform_options["quantum_openvswitch_agent_service"] + action :nothing + end + + template "/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini" do + source "plugins/openvswitch/ovs_quantum_plugin.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection, + :local_ip => local_ip + ) + notifies :restart, "service[quantum-server]", :delayed + if node.run_list.expand(node.chef_environment).recipes.include?("openstack-network::openvswitch") + notifies :restart, "service[quantum-plugin-openvswitch-agent]", :delayed + end + end + + +when "plumgrid" + + template_file = "/etc/quantum/plugins/plumgrid/plumgrid.ini" + template "/etc/quantum/plugins/plumgrid/plumgrid.ini" do + source "plugins/plumgrid/plumgrid.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +when "ryu" + + template_file = "/etc/quantum/plugins/ryu/ryu.ini" + template "/etc/quantum/plugins/ryu/ryu.ini" do + source "plugins/ryu/ryu.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :sql_connection => sql_connection + ) + + notifies :restart, "service[quantum-server]", :delayed + end + +end + +template "/etc/default/quantum-server" do + source "quantum-server.erb" + owner "root" + group "root" + mode 00644 + variables( + :plugin_config => template_file + ) + only_if { + node.run_list.expand(node.chef_environment).recipes.include?("openstack-network::server") + platform?(%w{ubuntu debian}) + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb new file mode 100644 index 000000000..3f37cb914 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb @@ -0,0 +1,131 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: dhcp_agent +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] + +platform_options["quantum_dhcp_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :install + end +end + +service "quantum-dhcp-agent" do + service_name platform_options["quantum_dhcp_agent_service"] + supports :status => true, :restart => true + + action :enable +end + +# Some plugins have DHCP functionality, so we install the plugin +# Python package and include the plugin-specific recipe here... +package platform_options["quantum_plugin_package"].gsub("%plugin%", main_plugin) do + options platform_options["package_overrides"] + action :install + # plugins are installed by the main openstack-quantum package on SUSE + not_if { platform_family? "suse" } +end + +execute "quantum-dhcp-setup --plugin #{main_plugin}" do + only_if { platform?(%w(fedora redhat centos)) } # :pragma-foodcritic: ~FC024 - won't fix this +end + +template "/etc/quantum/dnsmasq.conf" do + source "dnsmasq.conf.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + notifies :restart, "service[quantum-dhcp-agent]", :delayed +end + +template "/etc/quantum/dhcp_agent.ini" do + source "dhcp_agent.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + notifies :restart, "service[quantum-dhcp-agent]", :immediately +end + +# Deal with ubuntu precise dnsmasq 2.59 version by custom +# compiling a more recent version of dnsmasq +# +# See: +# https://lists.launchpad.net/openstack/msg11696.html +# https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1013529 +# https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1103357 +# http://www.thekelleys.org.uk/dnsmasq/CHANGELOG (SO_BINDTODEVICE) +# +# Would prefer a PPA or backport but there are none and upstream +# has no plans to fix +if node['lsb'] && node['lsb']['codename'] == "precise" + + platform_options["quantum_dhcp_build_packages"].each do |pkg| + package pkg do + action :install + end + end + + dhcp_options = node['openstack']['network']['dhcp'] + + src_filename = dhcp_options['dnsmasq_filename'] + src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}" + extract_path = "#{Chef::Config['file_cache_path']}/#{dhcp_options['dnsmasq_checksum']}" + + remote_file src_filepath do + source dhcp_options['dnsmasq_url'] + checksum dhcp_options['dnsmasq_checksum'] + owner 'root' + group 'root' + mode 00644 + end + + bash 'extract_package' do + cwd ::File.dirname(src_filepath) + code <<-EOH + mkdir -p #{extract_path} + tar xzf #{src_filename} -C #{extract_path} + mv #{extract_path}/*/* #{extract_path}/ + cd #{extract_path}/ + echo '2.65' > VERSION + debian/rules binary + EOH + not_if { ::File.exists?(extract_path) } + notifies :install, "dpkg_package[dnsmasq-utils]", :immediately + notifies :install, "dpkg_package[dnsmasq-base]", :immediately + notifies :install, "dpkg_package[dnsmasq]", :immediately + end + + dpkg_package "dnsmasq-utils" do + source "#{extract_path}/../dnsmasq-utils_#{dhcp_options['dnsmasq_dpkgversion']}_#{dhcp_options['dnsmasq_architecture']}.deb" + action :nothing + end + dpkg_package "dnsmasq-base" do + source "#{extract_path}/../dnsmasq-base_#{dhcp_options['dnsmasq_dpkgversion']}_#{dhcp_options['dnsmasq_architecture']}.deb" + action :nothing + end + dpkg_package "dnsmasq" do + source "#{extract_path}/../dnsmasq_#{dhcp_options['dnsmasq_dpkgversion']}_all.deb" + action :nothing + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb.bak b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb.bak new file mode 100644 index 000000000..da3ea40d1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/dhcp_agent.rb.bak @@ -0,0 +1,121 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: dhcp_agent +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] + +platform_options["quantum_dhcp_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :install + end +end + +service "quantum-dhcp-agent" do + service_name platform_options["quantum_dhcp_agent_service"] + supports :status => true, :restart => true + + action :enable +end + +# Some plugins have DHCP functionality, so we install the plugin +# Python package and include the plugin-specific recipe here... +package platform_options["quantum_plugin_package"].gsub("%plugin%", main_plugin) do + options platform_options["package_overrides"] + action :install +end + +execute "quantum-dhcp-setup --plugin #{main_plugin}" do + only_if { platform?(%w(fedora redhat centos)) } # :pragma-foodcritic: ~FC024 - won't fix this +end + +template "/etc/quantum/dhcp_agent.ini" do + source "dhcp_agent.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + notifies :restart, "service[quantum-dhcp-agent]", :immediately +end + +# Deal with ubuntu precise dnsmasq 2.59 version by custom +# compiling a more recent version of dnsmasq +# +# See: +# https://lists.launchpad.net/openstack/msg11696.html +# https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1013529 +# https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1103357 +# http://www.thekelleys.org.uk/dnsmasq/CHANGELOG (SO_BINDTODEVICE) +# +# Would prefer a PPA or backport but there are none and upstream +# has no plans to fix +if node['lsb']['codename'] == "precise" + + platform_options["quantum_dhcp_build_packages"].each do |pkg| + package pkg do + action :install + end + end + + dhcp_options = node['openstack']['network']['dhcp'] + + src_filename = dhcp_options['dnsmasq_filename'] + src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}" + extract_path = "#{Chef::Config['file_cache_path']}/#{dhcp_options['dnsmasq_checksum']}" + +# remote_file src_filepath do +# source dhcp_options['dnsmasq_url'] +# checksum dhcp_options['dnsmasq_checksum'] +# owner 'root' +# group 'root' +# mode 00644 +# end + + bash 'extract_package' do + cwd ::File.dirname(src_filepath) + code <<-EOH + mkdir -p #{extract_path} + tar xzf #{src_filename} -C #{extract_path} + mv #{extract_path}/*/* #{extract_path}/ + cd #{extract_path}/ + echo '2.65' > VERSION + debian/rules binary + EOH + not_if { ::File.exists?(extract_path) } + notifies :install, "dpkg_package[dnsmasq-utils]", :immediately + notifies :install, "dpkg_package[dnsmasq-base]", :immediately + notifies :install, "dpkg_package[dnsmasq]", :immediately + end + + dpkg_package "dnsmasq-utils" do + source "#{extract_path}/../dnsmasq-utils_#{dhcp_options['dnsmasq_dpkgversion']}_#{dhcp_options['dnsmasq_architecture']}.deb" + action :nothing + end + dpkg_package "dnsmasq-base" do + source "#{extract_path}/../dnsmasq-base_#{dhcp_options['dnsmasq_dpkgversion']}_#{dhcp_options['dnsmasq_architecture']}.deb" + action :nothing + end + dpkg_package "dnsmasq" do + source "#{extract_path}/../dnsmasq_#{dhcp_options['dnsmasq_dpkgversion']}_all.deb" + action :nothing + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/hyperv.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/hyperv.rb new file mode 100644 index 000000000..dff4b5ece --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/hyperv.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: hyperv +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/identity_registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/identity_registration.rb new file mode 100644 index 000000000..9a84924a6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/identity_registration.rb @@ -0,0 +1,88 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: identity_registration +# +# Copyright 2013, AT&T +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "uri" + +class ::Chef::Recipe + include ::Openstack +end + +identity_admin_endpoint = endpoint "identity-admin" + +bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" +auth_uri = ::URI.decode identity_admin_endpoint.to_s + +api_endpoint = endpoint "network-api" + +service_pass = service_password "openstack-network" +service_tenant_name = node["openstack"]["network"]["service_tenant_name"] +service_user = node["openstack"]["network"]["service_user"] +service_role = node["openstack"]["network"]["service_role"] + +openstack_identity_register "Register Network API Service" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name node["openstack"]["network"]["service_name"] + service_type node["openstack"]["network"]["service_type"] + service_description "OpenStack Network Service" + + action :create_service +end + +openstack_identity_register "Register Network Endpoint" do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_type node["openstack"]["network"]["service_type"] + endpoint_region node["openstack"]["network"]["region"] + endpoint_adminurl api_endpoint.to_s + endpoint_internalurl api_endpoint.to_s + endpoint_publicurl api_endpoint.to_s + + action :create_endpoint +end + +openstack_identity_register "Register Service Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + tenant_description "Service Tenant" + + action :create_tenant +end + +openstack_identity_register "Register #{service_user} User" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + user_pass service_pass + + action :create_user +end + +openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + role_name service_role + + action :grant_role +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/l3_agent.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/l3_agent.rb new file mode 100644 index 000000000..4f7a0dd74 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/l3_agent.rb @@ -0,0 +1,67 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: l3_agent +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] + +platform_options["quantum_l3_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :install + # The providers below do not use the generic L3 agent... + not_if { ["nicira", "plumgrid", "bigswitch"].include?(main_plugin) } + end +end + +service "quantum-l3-agent" do + service_name platform_options["quantum_l3_agent_service"] + supports :status => true, :restart => true + + action :enable +end + +execute "quantum-l3-setup --plugin #{main_plugin}" do + only_if { + platform?(%w(fedora redhat centos)) and not # :pragma-foodcritic: ~FC024 - won't fix this + ["nicira", "plumgrid", "bigswitch"].include?(main_plugin) + } +end + +template "/etc/quantum/l3_agent.ini" do + source "l3_agent.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + notifies :restart, "service[quantum-l3-agent]", :immediately +end + +if not ["nicira", "plumgrid", "bigswitch", "linuxbridge"].include?(main_plugin) + # See http://docs.openstack.org/trunk/openstack-network/admin/content/install_quantum-l3.html + ext_bridge = node["openstack"]["network"]["l3"]["external_network_bridge"] + ext_bridge_iface = node["openstack"]["network"]["l3"]["external_network_bridge_interface"] + execute "create external network bridge" do + command "ovs-vsctl add-br #{ext_bridge} && ovs-vsctl add-port #{ext_bridge} #{ext_bridge_iface}" + action :run + not_if "ovs-vsctl show | grep 'Bridge #{ext_bridge}'" + only_if "ip link show #{ext_bridge_iface}" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/linuxbridge.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/linuxbridge.rb new file mode 100644 index 000000000..d34df3036 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/linuxbridge.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: linuxbridge +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] + +platform_options["quantum_linuxbridge_agent_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :install + end +end + +service "quantum-plugin-linuxbridge-agent" do + service_name platform_options["quantum_linuxbridge_agent_service"] + supports :status => true, :restart => true + action :enable +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metadata_agent.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metadata_agent.rb new file mode 100644 index 000000000..c1d95fa88 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metadata_agent.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: metadata_agent +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] + +identity_endpoint = endpoint "identity-api" +service_pass = service_password "openstack-network" +metadata_secret = secret "secrets", node["openstack"]["network"]["metadata"]["secret_name"] + +template "/etc/quantum/metadata_agent.ini" do + source "metadata_agent.ini.erb" + owner node["openstack"]["network"]["platform"]["user"] + group node["openstack"]["network"]["platform"]["group"] + mode 00644 + variables( + :identity_endpoint => identity_endpoint, + :metadata_secret => metadata_secret, + :service_pass => service_pass + ) + notifies :restart, "service[quantum-metadata-agent]", :immediately + action :create +end + +platform_options["quantum_metadata_agent_packages"].each do |pkg| + package pkg do + action :install + options platform_options["package_overrides"] + end +end + +service "quantum-metadata-agent" do + service_name platform_options["quantum_metadata_agent_service"] + supports :status => true, :restart => true + action :enable +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metaplugin.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metaplugin.rb new file mode 100644 index 000000000..235101282 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/metaplugin.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: metaplugin +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/midonet.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/midonet.rb new file mode 100644 index 000000000..fd12cc36a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/midonet.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: midonet +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nec.rb new file mode 100644 index 000000000..89a8cd0b1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nec.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: nec +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nicira.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nicira.rb new file mode 100644 index 000000000..abe667e64 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/nicira.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: nicira +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/openvswitch.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/openvswitch.rb new file mode 100644 index 000000000..541663747 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/openvswitch.rb @@ -0,0 +1,152 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: opensvswitch +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'uri' + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] +core_plugin = node["openstack"]["network"]["core_plugin"] + +if platform?("ubuntu", "debian") + + # obtain kernel version for kernel header + # installation on ubuntu and debian + kernel_ver = node["kernel"]["release"] + package "linux-headers-#{kernel_ver}" do + options platform_options["package_overrides"] + action :install + end + +end + +if node['openstack']['network']['openvswitch']['use_source_version'] + if node['lsb'] && node['lsb']['codename'] == "precise" + include_recipe "openstack-network::build_openvswitch_source" + end +else + platform_options["quantum_openvswitch_packages"].each do |pkg| + package pkg do + action :install + end + end +end + +if node.run_list.expand(node.chef_environment).recipes.include?("openstack-network::server") + service "quantum-server" do + service_name node["openstack"]["network"]["platform"]["quantum_server_service"] + supports :status => true, :restart => true + action :nothing + end +end + +service "quantum-openvswitch-switch" do + service_name platform_options["quantum_openvswitch_service"] + supports :status => true, :restart => true + action :enable +end + +if node.run_list.expand(node.chef_environment).recipes.include?("openstack-network::server") + service "quantum-server" do + service_name platform_options["quantum_server_service"] + supports :status => true, :restart => true + ignore_failure true + action :nothing + end +end + +platform_options["quantum_openvswitch_agent_packages"].each do |pkg| + package pkg do + action :install + options platform_options["package_overrides"] + end +end + +service "quantum-plugin-openvswitch-agent" do + service_name platform_options["quantum_openvswitch_agent_service"] + supports :status => true, :restart => true + action :enable +end + +execute "quantum-node-setup --plugin openvswitch" do + only_if { platform?(%w(fedora redhat centos)) } # :pragma-foodcritic: ~FC024 - won't fix this +end + +if not ["nicira", "plumgrid", "bigswitch"].include?(main_plugin) + int_bridge = node["openstack"]["network"]["openvswitch"]["integration_bridge"] + execute "create internal network bridge" do + ignore_failure true + command "ovs-vsctl add-br #{int_bridge}" + action :run + not_if "ovs-vsctl show | grep 'Bridge #{int_bridge}'" + notifies :restart, "service[quantum-plugin-openvswitch-agent]", :delayed + end +end + +if not ["nicira", "plumgrid", "bigswitch"].include?(main_plugin) + tun_bridge = node["openstack"]["network"]["openvswitch"]["tunnel_bridge"] + execute "create tunnel network bridge" do + ignore_failure true + command "ovs-vsctl add-br #{tun_bridge}" + action :run + not_if "ovs-vsctl show | grep 'Bridge #{tun_bridge}'" + notifies :restart, "service[quantum-plugin-openvswitch-agent]", :delayed + end +end + +if node['openstack']['network']['disable_offload'] + + package "ethtool" do + action :install + options platform_options["package_overrides"] + end + + service "disable-eth-offload" do + supports :restart => false, :start => true, :stop => false, :reload => false + priority({ 2 => [ :start, 19 ]}) + action :nothing + end + + # a priority of 19 ensures we start before openvswitch + # at least on ubuntu and debian + cookbook_file "disable-eth-offload-script" do + path "/etc/init.d/disable-eth-offload" + source "disable-eth-offload.sh" + owner "root" + group "root" + mode "0755" + notifies :enable, "service[disable-eth-offload]" + notifies :start, "service[disable-eth-offload]" + end +end + +# From http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=utilities/ovs-dpctl-top.in;h=f43fdeb7ab52e3ef642a22579036249ec3a4bc22;hb=14b4c575c28421d1181b509dbeae6e4849c7da69 +cookbook_file "ovs-dpctl-top" do + path "/usr/bin/ovs-dpctl-top" + source "ovs-dpctl-top" + owner "root" + group "root" + mode "0755" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/plumgrid.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/plumgrid.rb new file mode 100644 index 000000000..bd715ae9d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/plumgrid.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: plumgrid +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/ryu.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/ryu.rb new file mode 100644 index 000000000..0be3e5471 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/ryu.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: ryu +# +# Copyright 2013, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-network::common" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/server.rb new file mode 100644 index 000000000..140c38149 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/recipes/server.rb @@ -0,0 +1,86 @@ +# +# Cookbook Name:: openstack-network +# Recipe:: server +# +# Copyright 2013, AT&T +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +include_recipe "openstack-network::common" + +platform_options = node["openstack"]["network"]["platform"] +driver_name = node["openstack"]["network"]["interface_driver"].split('.').last.downcase +main_plugin = node["openstack"]["network"]["interface_driver_map"][driver_name] +core_plugin = node["openstack"]["network"]["core_plugin"] + +platform_options = node["openstack"]["network"]["platform"] + +platform_options["quantum_server_packages"].each do |pkg| + package pkg do + options platform_options["package_overrides"] + action :install + end +end + +service "quantum-server" do + service_name platform_options["quantum_server_service"] + supports :status => true, :restart => true + action :enable +end + +cookbook_file "quantum-ha-tool" do + source "quantum-ha-tool.py" + path node["openstack"]["network"]["quantum_ha_cmd"] + owner "root" + group "root" + mode 00755 +end + +if node["openstack"]["network"]["quantum_ha_cmd_cron"] + # ensure period checks are offset between multiple l3 agent nodes + # and assumes splay will remain constant (i.e. based on hostname) + # Generate a uniformly distributed unique number to sleep. + checksum = Digest::MD5.hexdigest(node['fqdn'] || 'unknown-hostname') + splay = node['chef_client']['splay'].to_i || 3000 + sleep_time = checksum.to_s.hex % splay + + cron "quantum-ha-healthcheck" do + minute node["openstack"]["network"]["cron_l3_healthcheck"] + command "sleep #{sleep_time} ; . /root/openrc && #{node["openstack"]["network"]["quantum_ha_cmd"]} --l3-agent-migrate > /dev/null 2>&1" + end + + cron "quantum-ha-replicate-dhcp" do + minute node["openstack"]["network"]["cron_replicate_dhcp"] + command "sleep #{sleep_time} ; . /root/openrc && #{node["openstack"]["network"]["quantum_ha_cmd"]} --replicate-dhcp > /dev/null 2>&1" + end +end + +# the default SUSE initfile uses this sysconfig file to determine the +# quantum plugin to use +template "/etc/sysconfig/quantum" do + only_if { platform? "suse" } + source "quantum.sysconfig.erb" + owner "root" + group "root" + mode 00644 + variables( + :plugin_conf => node["openstack"]["network"]["plugin_conf_map"][driver_name] + ) + notifies :restart, "service[quantum-server]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/balancer_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/balancer_spec.rb new file mode 100644 index 000000000..750e732ab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/balancer_spec.rb @@ -0,0 +1,32 @@ +require_relative 'spec_helper' + +describe 'openstack-network::balancer' do + + describe "ubuntu" do + + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-network::balancer" + end + + ['haproxy', 'quantum-lbaas-agent'].each do |pack| + it "installs #{pack} package" do + expect(@chef_run).to install_package pack + end + end + + it 'creates directory /etc/quantum/plugins/services/agent_loadbalancer' do + expect(@chef_run).to create_directory '/etc/quantum/plugins/services/agent_loadbalancer' + end + + it 'balancer config' do + configf = "/etc/quantum/plugins/services/agent_loadbalancer/lbaas_agent.ini" + expect(@chef_run).to create_file configf + expect(@chef_run).to create_file_with_content configf, /periodic_interval = 10/ + expect(@chef_run).to create_file_with_content configf, /interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver/ + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/build_openvswitch_source_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/build_openvswitch_source_spec.rb new file mode 100644 index 000000000..1bd1da09b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/build_openvswitch_source_spec.rb @@ -0,0 +1,46 @@ +require_relative 'spec_helper' + +describe "openvswitch::build_openvswitch_source" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) + @chef_run.converge "openstack-network::openvswitch" + @chef_run.converge "openstack-network::build_openvswitch_source" + end + + # since our mocked version of ubuntu is precise, our compile + # utilities should be installed to build OVS from source + it "installs openvswitch build dependencies" do + [ "build-essential", "pkg-config", "fakeroot", "libssl-dev", "openssl", "debhelper", "autoconf" ].each do |pkg| + expect(@chef_run).to install_package pkg + end + end + + it "installs openvswitch switch dpkg" do + pkg = @chef_run.dpkg_package("openvswitch-switch") + + pkg.source.should == "/var/chef/cache/22df718eb81fcfe93228e9bba8575e50/openvswitch-switch_1.10.2-1_amd64.deb" + pkg.action.should == [:nothing] + end + + it "installs openvswitch datapath dkms dpkg" do + pkg = @chef_run.dpkg_package("openvswitch-datapath-dkms") + + pkg.source.should == "/var/chef/cache/22df718eb81fcfe93228e9bba8575e50/openvswitch-datapath-dkms_1.10.2-1_all.deb" + pkg.action.should == [:nothing] + end + + it "installs openvswitch pki dpkg" do + pkg = @chef_run.dpkg_package("openvswitch-pki") + + pkg.source.should == "/var/chef/cache/22df718eb81fcfe93228e9bba8575e50/openvswitch-pki_1.10.2-1_all.deb" + pkg.action.should == [:nothing] + end + + it "installs openvswitch common dpkg" do + pkg = @chef_run.dpkg_package("openvswitch-common") + + pkg.source.should == "/var/chef/cache/22df718eb81fcfe93228e9bba8575e50/openvswitch-common_1.10.2-1_amd64.deb" + pkg.action.should == [:nothing] + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/common_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/common_spec.rb new file mode 100644 index 000000000..3190d9761 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/common_spec.rb @@ -0,0 +1,19 @@ +require_relative 'spec_helper' + +describe "openstack-network::common" do + describe "ubuntu" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-network::common" + end + + it "upgrades python quantumclient" do + expect(@chef_run).to upgrade_package "python-quantumclient" + end + + it "upgrades python pyparsing" do + expect(@chef_run).to upgrade_package "python-pyparsing" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent-opensuse_spec.rb new file mode 100644 index 000000000..fb43e3826 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent-opensuse_spec.rb @@ -0,0 +1,37 @@ +require_relative 'spec_helper' + +describe 'openstack-network::dhcp_agent' do + + describe "opensuse" do + + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-network::dhcp_agent" + end + + it "installs quamtum dhcp package" do + expect(@chef_run).to install_package "openstack-quantum-dhcp-agent" + end + + it "installs plugin packages" do + expect(@chef_run).not_to install_package(/openvswitch/) + expect(@chef_run).not_to install_package(/plugin/) + end + + it "starts the dhcp agent on boot" do + expect(@chef_run).to( + set_service_to_start_on_boot "openstack-quantum-dhcp-agent") + end + + it "/etc/quantum/dhcp_agent.ini has the proper owner" do + expect(@chef_run.template "/etc/quantum/dhcp_agent.ini").to( + be_owned_by "openstack-quantum", "openstack-quantum") + end + + it "/etc/quantum/dnsmasq.conf has the proper owner" do + expect(@chef_run.template "/etc/quantum/dnsmasq.conf").to( + be_owned_by "openstack-quantum", "openstack-quantum") + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent_spec.rb new file mode 100644 index 000000000..61ed837a5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/dhcp_agent_spec.rb @@ -0,0 +1,91 @@ +require_relative 'spec_helper' + +describe 'openstack-network::dhcp_agent' do + + describe "ubuntu" do + + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-network::dhcp_agent" + end + + # since our mocked version of ubuntu is precise, our compile + # utilities should be installed to build dnsmasq + it "installs dnsmasq build dependencies" do + [ "build-essential", "pkg-config", "libidn11-dev", "libdbus-1-dev", "libnetfilter-conntrack-dev", "gettext" ].each do |pkg| + expect(@chef_run).to install_package pkg + end + end + + it "installs quamtum dhcp package" do + expect(@chef_run).to install_package "quantum-dhcp-agent" + end + + it "installs plugin packages" do + expect(@chef_run).to install_package "quantum-plugin-openvswitch" + end + + it "starts the dhcp agent on boot" do + expect(@chef_run).to set_service_to_start_on_boot "quantum-dhcp-agent" + end + + describe "/etc/quantum/plugins" do + before do + @file = @chef_run.directory "/etc/quantum/plugins" + end + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "700" + end + end + + describe "/etc/quantum/dhcp_agent.ini" do + before do + @file = @chef_run.template "/etc/quantum/dhcp_agent.ini" + end + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + it "uses ovs driver" do + expect(@chef_run).to create_file_with_content @file.name, + "interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver" + end + it "uses namespaces" do + expect(@chef_run).to create_file_with_content @file.name, + "use_namespaces = True" + end + it "checks dhcp domain" do + expect(@chef_run).to create_file_with_content @file.name, + /^dhcp_domain = openstacklocal$/ + end + end + + describe "/etc/quantum/dnsmasq.conf" do + before do + @file = @chef_run.template "/etc/quantum/dnsmasq.conf" + end + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + it "overrides dhcp options" do + expect(@chef_run).to create_file_with_content @file.name, + "dhcp-option=26,1454" + end + it "checks upstream resolvers" do + expect(@chef_run).to create_file_with_content @file.name, + /^server=209.244.0.3$/ + expect(@chef_run).to create_file_with_content @file.name, + /^server=8.8.8.8$/ + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/identity_registration_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/identity_registration_spec.rb new file mode 100644 index 000000000..920a370af --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/identity_registration_spec.rb @@ -0,0 +1,89 @@ +require_relative "spec_helper" + +describe "openstack-network::identity_registration" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-network::identity_registration" + end + + it "registers network service" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Network API Service" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "network", + :service_description => "OpenStack Network Service", + :action => [:create_service] + ) + end + + it "registers network endpoint" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Network Endpoint" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :service_type => "network", + :endpoint_region => "RegionOne", + :endpoint_adminurl => "http://127.0.0.1:9696", + :endpoint_internalurl => "http://127.0.0.1:9696", + :endpoint_publicurl => "http://127.0.0.1:9696", + :action => [:create_endpoint] + ) + end + + it "registers service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register Service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :tenant_description => "Service Tenant", + :action => [:create_tenant] + ) + end + + it "registers service user" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Register quantum User" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :user_name => "quantum", + :user_pass => "quantum-pass", + :action => [:create_user] + ) + end + + it "grants admin role to service user for service tenant" do + resource = @chef_run.find_resource( + "openstack-identity_register", + "Grant 'admin' Role to quantum User for service Tenant" + ).to_hash + + expect(resource).to include( + :auth_uri => "http://127.0.0.1:35357/v2.0", + :bootstrap_token => "bootstrap-token", + :tenant_name => "service", + :role_name => "admin", + :user_name => "quantum", + :action => [:grant_role] + ) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/l3_agent_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/l3_agent_spec.rb new file mode 100644 index 000000000..7f9ae6546 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/l3_agent_spec.rb @@ -0,0 +1,90 @@ +require_relative 'spec_helper' + +describe 'openstack-network::l3_agent' do + + describe "ubuntu" do + + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-network::l3_agent" + end + + it "installs quamtum l3 package" do + expect(@chef_run).to install_package "quantum-l3-agent" + end + + describe "l3_agent.ini" do + + before do + @file = @chef_run.template "/etc/quantum/l3_agent.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "it has ovs driver" do + expect(@chef_run).to create_file_with_content @file.name, + "interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver" + end + + it "sets fuzzy delay to default" do + expect(@chef_run).to create_file_with_content @file.name, + "periodic_fuzzy_delay = 5" + end + + it "it does not set a nil router_id" do + expect(@chef_run).not_to create_file_with_content @file.name, + /^router_id =/ + end + + it "it does not set a nil router_id" do + expect(@chef_run).not_to create_file_with_content @file.name, + /^gateway_external_network_id =/ + end + end + + describe "create ovs bridges" do + before do + quantum_stubs + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + @chef_run = ::ChefSpec::ChefRunner.new opts + end + + cmd = "ovs-vsctl add-br br-ex && ovs-vsctl add-port br-ex eth1" + + it "doesn't add the external bridge if it already exists" do + @chef_run.stub_command(/ovs-vsctl show/, true) + @chef_run.stub_command(/ip link show eth1/, true) + @chef_run.converge "openstack-network::l3_agent" + expect(@chef_run).not_to execute_command(cmd) + end + + it "doesn't add the external bridge if the physical interface doesn't exist" do + @chef_run.stub_command(/ovs-vsctl show/, true) + @chef_run.stub_command(/ip link show eth1/, false) + @chef_run.converge "openstack-network::l3_agent" + expect(@chef_run).not_to execute_command(cmd) + end + + it "adds the external bridge if it does not yet exist" do + @chef_run.stub_command(/ovs-vsctl show/, false) + @chef_run.stub_command(/ip link show eth1/, true) + @chef_run.converge "openstack-network::l3_agent" + expect(@chef_run).to execute_command(cmd) + end + + it "adds the external bridge if the physical interface exists" do + @chef_run.stub_command(/ovs-vsctl show/, false) + @chef_run.stub_command(/ip link show eth1/, true) + @chef_run.converge "openstack-network::l3_agent" + expect(@chef_run).to execute_command(cmd) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-opensuse_spec.rb new file mode 100644 index 000000000..f8bf4db1e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-opensuse_spec.rb @@ -0,0 +1,23 @@ +require_relative 'spec_helper' + +describe 'openstack-network::linuxbridge' do + + describe "opensuse" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["openstack"]["network"]["interface_driver"] = "quantum.agent.linux.interface.BridgeInterfaceDriver" + end + @chef_run.converge "openstack-network::linuxbridge" + end + + it "installs linuxbridge agent" do + expect(@chef_run).to install_package "openstack-quantum-linuxbridge-agent" + end + + it "sets the linuxbridge service to start on boot" do + expect(@chef_run).to set_service_to_start_on_boot "openstack-quantum-linuxbridge-agent" + end + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-redhat_spec.rb new file mode 100644 index 000000000..5fde89f68 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge-redhat_spec.rb @@ -0,0 +1,23 @@ +require_relative 'spec_helper' + +describe 'openstack-network::linuxbridge' do + + describe "redhat" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS do |n| + n.set["openstack"]["network"]["interface_driver"] = "quantum.agent.linux.interface.BridgeInterfaceDriver" + end + @chef_run.converge "openstack-network::linuxbridge" + end + + it "installs linuxbridge agent" do + expect(@chef_run).to install_package "openstack-quantum-linuxbridge" + end + + it "sets the linuxbridge service to start on boot" do + expect(@chef_run).to set_service_to_start_on_boot "quantum-linuxbridge-agent" + end + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge_spec.rb new file mode 100644 index 000000000..d2efb05a8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/linuxbridge_spec.rb @@ -0,0 +1,42 @@ +require_relative 'spec_helper' + +describe 'openstack-network::linuxbridge' do + + describe "ubuntu" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["network"]["interface_driver"] = "quantum.agent.linux.interface.BridgeInterfaceDriver" + end + @chef_run.converge "openstack-network::linuxbridge" + end + + it "installs linuxbridge agent" do + expect(@chef_run).to install_package "quantum-plugin-linuxbridge-agent" + end + + it "sets the linuxbridge service to start on boot" do + expect(@chef_run).to set_service_to_start_on_boot "quantum-plugin-linuxbridge-agent" + end + + describe "/etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini" do + before do + @file = @chef_run.template( + "/etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini") + end + + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has a correct sql_connection value" do + expect(@chef_run).to create_file_with_content( + @file.name, "mysql://quantum:quantum-pass@127.0.0.1:3306/quantum") + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/metadata_agent_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/metadata_agent_spec.rb new file mode 100644 index 000000000..2c08975db --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/metadata_agent_spec.rb @@ -0,0 +1,65 @@ +require_relative 'spec_helper' + +describe 'openstack-network::metadata_agent' do + + describe "ubuntu" do + + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-network::metadata_agent" + end + + it "installs quamtum metadata agent" do + expect(@chef_run).to install_package "quantum-metadata-agent" + end + + describe "metadata_agent.ini" do + + before do + @file = @chef_run.template "/etc/quantum/metadata_agent.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "sets auth url correctly" do + expect(@chef_run).to create_file_with_content @file.name, + "auth_url = http://127.0.0.1:5000/v2.0" + end + it "sets auth region correctly" do + expect(@chef_run).to create_file_with_content @file.name, + "auth_region = RegionOne" + end + it "sets admin tenant name" do + expect(@chef_run).to create_file_with_content @file.name, + "admin_tenant_name = service" + end + it "sets admin user" do + expect(@chef_run).to create_file_with_content @file.name, + "admin_user = quantum" + end + it "sets admin password" do + expect(@chef_run).to create_file_with_content @file.name, + "admin_password = quantum-pass" + end + it "sets nova metadata ip correctly" do + expect(@chef_run).to create_file_with_content @file.name, + "nova_metadata_ip = 127.0.0.1" + end + it "sets nova metadata ip correctly" do + expect(@chef_run).to create_file_with_content @file.name, + "nova_metadata_port = 8775" + end + it "sets quantum secret correctly" do + expect(@chef_run).to create_file_with_content @file.name, + "metadata_proxy_shared_secret = metadata-secret" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch-opensuse_spec.rb new file mode 100644 index 000000000..8bef084e1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch-opensuse_spec.rb @@ -0,0 +1,26 @@ +require_relative "spec_helper" + +describe 'openstack-network::server' do + describe "opensuse" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["chef_client"]["splay"] = 300 + end + @node = @chef_run.node + @chef_run.converge "openstack-network::openvswitch" + end + + it "installs the openvswitch package" do + expect(@chef_run).to install_package "openvswitch-switch" + end + + it "installs the openvswitch-agent package" do + expect(@chef_run).to install_package "openstack-quantum-openvswitch-agent" + end + + it "starts the openvswitch-switch service" do + expect(@chef_run).to set_service_to_start_on_boot "openvswitch-switch" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch_spec.rb new file mode 100644 index 000000000..33dd9d7b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/openvswitch_spec.rb @@ -0,0 +1,117 @@ +require_relative 'spec_helper' + +describe 'openstack-network::openvswitch' do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.automatic_attrs["kernel"]["release"] = "1.2.3" + n.set["openstack"]["network"]["local_ip_interface"] = "eth0" + end + @chef_run.converge "openstack-network::openvswitch" + end + + it "installs openvswitch switch" do + expect(@chef_run).to install_package "openvswitch-switch" + end + + it "installs openvswitch datapath dkms" do + expect(@chef_run).to install_package "openvswitch-datapath-dkms" + end + + it "installs linux bridge utils" do + expect(@chef_run).to install_package "bridge-utils" + end + + it "installs linux linux headers" do + expect(@chef_run).to install_package "linux-headers-1.2.3" + end + + it "sets the openvswitch service to start on boot" do + expect(@chef_run).to set_service_to_start_on_boot 'openvswitch-switch' + end + + it "installs openvswitch agent" do + expect(@chef_run).to install_package "quantum-plugin-openvswitch-agent" + end + + it "sets the openvswitch service to start on boot" do + expect(@chef_run).to set_service_to_start_on_boot "quantum-plugin-openvswitch-agent" + end + + describe "ovs-dpctl-top" do + before do + @file = @chef_run.cookbook_file "ovs-dpctl-top" + end + + it "creates the ovs-dpctl-top file" do + expect(@chef_run).to create_file "/usr/bin/ovs-dpctl-top" + end + + it "has the proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has the proper mode" do + expect(sprintf("%o", @file.mode)).to eq "755" + end + + it "has the proper interpreter line" do + expect(@chef_run).to create_file_with_content @file.name, + /^#!\/usr\/bin\/env python/ + end + end + + describe "ovs_quantum_plugin.ini" do + before do + @file = @chef_run.template "/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "uses default network_vlan_range" do + expect(@chef_run).not_to create_file_with_content @file.name, + /^network_vlan_ranges =/ + end + + it "uses default tunnel_id_ranges" do + expect(@chef_run).not_to create_file_with_content @file.name, + /^tunnel_id_ranges =/ + end + + it "uses default integration_bridge" do + expect(@chef_run).to create_file_with_content @file.name, + "integration_bridge = br-int" + end + + it "uses default tunnel bridge" do + expect(@chef_run).to create_file_with_content @file.name, + "tunnel_bridge = br-tun" + end + + it "uses default int_peer_patch_port" do + expect(@chef_run).not_to create_file_with_content @file.name, + /^int_peer_patch_port =/ + end + + it "uses default tun_peer_patch_port" do + expect(@chef_run).not_to create_file_with_content @file.name, + /^tun_peer_patch_port =/ + end + + it "it has firewall driver" do + expect(@chef_run).to create_file_with_content @file.name, + "firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" + end + + it "it uses local_ip from eth0 when local_ip_interface is set" do + expect(@chef_run).to create_file_with_content @file.name, + "local_ip = 10.0.0.3" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-opensuse_spec.rb new file mode 100644 index 000000000..b08d56432 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-opensuse_spec.rb @@ -0,0 +1,63 @@ +require_relative "spec_helper" + +describe 'openstack-network::server' do + describe "opensuse" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["chef_client"]["splay"] = 300 + end + @node = @chef_run.node + @chef_run.converge "openstack-network::server" + end + + it "installs openstack-quantum packages" do + expect(@chef_run).to install_package "openstack-quantum" + end + + it "enables openstack-quantum service" do + expect(@chef_run).to enable_service "openstack-quantum" + end + + it "does not install openvswitch package" do + opts = ::OPENSUSE_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts do |n| + n.set["chef_client"]["splay"] = 300 + end + chef_run.converge "openstack-network::server" + + expect(chef_run).not_to install_package "openstack-quantum-openvswitch" + end + + describe "/etc/sysconfig/quantum" do + before do + @file = @chef_run.template("/etc/sysconfig/quantum") + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has the correct plugin config location - ovs by default" do + expect(@chef_run).to create_file_with_content( + @file.name, "/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini") + end + + it "uses linuxbridge when configured to use it" do + chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS do |n| + n.set["openstack"]["network"]["interface_driver"] = "quantum.agent.linux.interface.BridgeInterfaceDriver" + end + chef_run.converge "openstack-network::server" + + expect(chef_run).to create_file_with_content( + "/etc/sysconfig/quantum", + "/etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini" + ) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-redhat_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-redhat_spec.rb new file mode 100644 index 000000000..31cced46f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server-redhat_spec.rb @@ -0,0 +1,28 @@ +require_relative "spec_helper" + +describe 'openstack-network::server' do + describe "redhat" do + before do + quantum_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS + @node = @chef_run.node + @chef_run.converge "openstack-network::server" + end + + it "installs openstack-quantum packages" do + expect(@chef_run).to install_package "openstack-quantum" + end + + it "enables openstack-quantum server service" do + expect(@chef_run).to enable_service "quantum-server" + end + + it "does not install openvswitch package" do + opts = ::REDHAT_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-network::server" + expect(chef_run).not_to install_package "openvswitch" + expect(chef_run).not_to enable_service "openstack-quantum-openvswitch-agent" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server_spec.rb new file mode 100644 index 000000000..1c9ca9ce7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/server_spec.rb @@ -0,0 +1,224 @@ +require_relative 'spec_helper' + +describe 'openstack-network::server' do + before { quantum_stubs } + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["mq"] = { + "host" => "127.0.0.1" + } + n.set["chef_client"]["splay"] = 300 + n.set["openstack"]["network"]["quota"]["driver"] = "my.quota.Driver" + end + @chef_run.converge "openstack-network::server" + end + + describe "package and services" do + + it "installs quantum packages" do + expect(@chef_run).to install_package "quantum-server" + end + + it "starts server service" do + expect(@chef_run).to enable_service "quantum-server" + end + + it "does not install openvswitch package or the agent" do + expect(@chef_run).not_to install_package "openvswitch" + expect(@chef_run).not_to install_package "quantum-plugin-openvswitch-agent" + expect(@chef_run).not_to enable_service "quantum-plugin-openvswitch-agent" + end + + end + + describe "api-paste.ini" do + + before do + @file = @chef_run.template "/etc/quantum/api-paste.ini" + end + + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has quantum pass" do + expect(@chef_run).to create_file_with_content @file.name, + "admin_password = quantum-pass" + end + + end + + it "should create quantum-ha-tool.py script" do + expect(@chef_run).to create_cookbook_file "/usr/local/bin/quantum-ha-tool.py" + end + + describe "quantum.conf" do + + before do + @file = @chef_run.template "/etc/quantum/quantum.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "quantum", "quantum" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "it sets agent_down_time correctly" do + expect(@chef_run).to create_file_with_content @file.name, + 'agent_down_time = 15' + end + + it "it sets agent report interval correctly" do + expect(@chef_run).to create_file_with_content @file.name, + 'report_interval = 4' + end + + it "it sets root_helper" do + expect(@chef_run).to create_file_with_content @file.name, + 'root_helper = "sudo quantum-rootwrap /etc/quantum/rootwrap.conf"' + end + + it "binds to appropriate api ip" do + expect(@chef_run).to create_file_with_content @file.name, + "bind_host = 127.0.0.1" + end + + it "binds to appropriate api port" do + expect(@chef_run).to create_file_with_content @file.name, + "bind_port = 9696" + end + + it "has appropriate auth host for agents" do + expect(@chef_run).to create_file_with_content @file.name, + "auth_host = 127.0.0.1" + end + + it "has appropriate auth port for agents" do + expect(@chef_run).to create_file_with_content @file.name, + "auth_port = 5000" + end + + it "has appropriate admin password for agents" do + expect(@chef_run).to create_file_with_content @file.name, + "admin_password = quantum-pass" + end + + it "has rabbit_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_host=127.0.0.1" + end + + it "does not have rabbit_hosts" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_hosts=" + end + + it "does not have rabbit_ha_queues" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_ha_queues=" + end + + it "has rabbit_port" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_port=5672" + end + + it "has rabbit_userid" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_userid=guest" + end + + it "has rabbit_password" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_password=rabbit-pass" + end + + it "has rabbit_virtual_host" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_virtual_host=/" + end + + it "it does not allow overlapping ips by default" do + expect(@chef_run).to create_file_with_content @file.name, + "allow_overlapping_ips = False" + end + + it "it has correct default scheduler classes" do + expect(@chef_run).to create_file_with_content @file.name, + "network_scheduler_driver = quantum.scheduler.dhcp_agent_scheduler.ChanceScheduler" + expect(@chef_run).to create_file_with_content @file.name, + "router_scheduler_driver = quantum.scheduler.l3_agent_scheduler.ChanceScheduler" + end + + it "writes the quota driver properly" do + expect(@chef_run).to create_file_with_content @file.name, + "quota_driver = my.quota.Driver" + end + + describe "quantum.conf with rabbit ha" do + + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["openstack"]["network"]["rabbit"]["ha"] = true + n.set["chef_client"]["splay"] = 300 + end + @chef_run.converge "openstack-network::server" + end + + it "has rabbit_hosts" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_hosts=1.1.1.1:5672,2.2.2.2:5672" + end + + it "has rabbit_ha_queues" do + expect(@chef_run).to create_file_with_content @file.name, + "rabbit_ha_queues=True" + end + + it "does not have rabbit_host" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_host=127.0.0.1" + end + + it "does not have rabbit_port" do + expect(@chef_run).not_to create_file_with_content @file.name, + "rabbit_port=5672" + end + end + + describe "/etc/default/quantum-server" do + before do + @file = @chef_run.template( + "/etc/default/quantum-server") + end + + it "has proper owner" do + expect(@file).to be_owned_by "root", "root" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "has a correct plugin config path" do + expect(@chef_run).to create_file_with_content( + @file.name, "/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini") + end + end + + it "does not install sysconfig template" do + chef_run = ::ChefSpec::ChefRunner.new( + ::UBUNTU_OPTS.merge(:evaluate_guards => true)) + chef_run.stub_command(/python/, true) + chef_run.converge "openstack-network::server" + expect(chef_run).not_to create_file "/etc/sysconfig/quantum" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/spec_helper.rb new file mode 100644 index 000000000..2cec4e0b1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/spec/spec_helper.rb @@ -0,0 +1,69 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +MOCK_NODE_NETWORK_DATA = + { + "ipaddress" => '10.0.0.2', + "fqdn" => 'localhost.localdomain', + "hostname" => 'localhost', + "network" => { + "default_interface" => "eth0", + "interfaces" => { + "eth0" => { + "addresses" => { + "fe80::a00:27ff:feca:ab08" => {"scope" => "Link", "prefixlen" => "64", "family" => "inet6"}, + "10.0.0.2" => {"netmask" => "255.255.255.0", "broadcast" => "10.0.0.255", "family" => "inet"}, + "08:00:27:CA:AB:08" => {"family" => "lladdr"} + }, + }, + "lo" => { + "addresses" => { + "::1" => {"scope" => "Node", "prefixlen" => "128", "family" => "inet6"}, + "127.0.0.1" => {"netmask" => "255.0.0.0", "family" => "inet"} + }, + }, + }, + } + } + +def quantum_stubs + + ::Chef::Recipe.any_instance.stub(:rabbit_servers). + and_return "1.1.1.1:5672,2.2.2.2:5672" + ::Chef::Recipe.any_instance.stub(:config_by_role). + with("rabbitmq-server", "queue").and_return( + {'host' => 'rabbit-host', 'port' => 'rabbit-port'} + ) + ::Chef::Recipe.any_instance.stub(:config_by_role). + with("glance-api", "glance").and_return [] + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "openstack_identity_bootstrap_token"). + and_return "bootstrap-token" + ::Chef::Recipe.any_instance.stub(:db_password).and_return "quantum-pass" + ::Chef::Recipe.any_instance.stub(:secret). + with("secrets", "quantum_metadata_secret"). + and_return "metadata-secret" + ::Chef::Recipe.any_instance.stub(:user_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:service_password).and_return String.new + ::Chef::Recipe.any_instance.stub(:service_password).with("openstack-network"). + and_return "quantum-pass" + ::Chef::Recipe.any_instance.stub(:user_password).with("guest"). + and_return("rabbit-password") + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/api-paste.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/api-paste.ini.erb new file mode 100644 index 000000000..87fce93a4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/api-paste.ini.erb @@ -0,0 +1,34 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +[composite:quantum] +use = egg:Paste#urlmap +/: quantumversions +/v2.0: quantumapi_v2_0 + +[composite:quantumapi_v2_0] +use = call:quantum.auth:pipeline_factory +noauth = extensions quantumapiapp_v2_0 +keystone = authtoken keystonecontext extensions quantumapiapp_v2_0 + +[filter:keystonecontext] +paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory + +[filter:extensions] +paste.filter_factory = quantum.api.extensions:plugin_aware_extension_middleware_factory + +[app:quantumversions] +paste.app_factory = quantum.api.versions:Versions.factory + +[app:quantumapiapp_v2_0] +paste.app_factory = quantum.api.v2.router:APIRouter.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +auth_host = <%= @identity_endpoint.host %> +auth_port = <%= @identity_endpoint.port %> +auth_protocol = <%= @identity_endpoint.scheme %> +admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["network"]["service_user"] %> +admin_password = <%= @service_pass %> +delay_auth_decision = true +signing_dir = <%= node["openstack"]["network"]["api"]["auth"]["cache_dir"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dhcp_agent.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dhcp_agent.ini.erb new file mode 100644 index 000000000..202ec1f68 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dhcp_agent.ini.erb @@ -0,0 +1,55 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = <%= node["openstack"]["network"]["debug"] %> + +# The DHCP agent will resync its state with Quantum to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +resync_interval = <%= node["openstack"]["network"]["dhcp"]["resync_interval"] %> + +# The DHCP requires that an inteface driver be set. Choose the one that best +# matches your plugin. + +# OVS based plugins (OVS, Ryu, NEC, NVP, BigSwitch/Floodlight) +# interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver +# LinuxBridge +#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver +interface_driver = <%= node["openstack"]["network"]["interface_driver"] %> + +# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS +# as OpenFlow switch and check port status +ovs_use_veth = <%= node["openstack"]["network"]["dhcp"]["ovs_use_veth"] %> + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +dhcp_driver = <%= node["openstack"]["network"]["dhcp_driver"] %> + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = <%= node["openstack"]["network"]["use_namespaces"] %> + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet gateway_ip is None. The guest instance must +# be configured to request host routes via DHCP (Option 121). +enable_isolated_metadata = <%= node["openstack"]["network"]["dhcp"]["enable_isolated_metadata"] %> + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Quantum router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +enable_metadata_network = <%= node["openstack"]["network"]["dhcp"]["enable_metadata_network"] %> + +# Domain to use for building the host names of instances. +# If not set, it will default to "openstacklocal" +dhcp_domain = <%= node["openstack"]["network"]["dhcp"]["default_domain"] %> + +# Pass a config file to dnsmasq so we can override settings +# like the mtu passed to the virtual machine +dnsmasq_config_file = /etc/quantum/dnsmasq.conf + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dnsmasq.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dnsmasq.conf.erb new file mode 100644 index 000000000..0f4225288 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/dnsmasq.conf.erb @@ -0,0 +1,7 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +dhcp-option=<%= node["openstack"]["network"]["dhcp"]["dhcp-option"] %> + +<% node["openstack"]["network"]["dhcp"]["upstream_dns_servers"].each do |dns_server| -%> +server=<%= dns_server %> +<% end -%> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/l3_agent.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/l3_agent.ini.erb new file mode 100644 index 000000000..da9edfa2a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/l3_agent.ini.erb @@ -0,0 +1,58 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = <%= node["openstack"]["network"]["debug"] %> + +# L3 requires that an interface driver be set. Choose the one that best +# matches your plugin. + +# OVS based plugins (OVS, Ryu, NEC, NVP, BigSwitch/Floodlight) +# interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver +# LinuxBridge +# interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver +interface_driver = <%= node["openstack"]["network"]["interface_driver"] %> + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = <%= node["openstack"]["network"]["use_namespaces"] %> + +# If use_namespaces is set as False then the agent can only configure one router. +# This is done by setting the specific router_id. +# Default: router_id = +<% if node["openstack"]["network"]["l3"]["router_id"] -%> +router_id = <%= node["openstack"]["network"]["l3"]["router_id"] %> +<% end -%> + +# Each L3 agent can be associated with at most one external network. This +# value should be set to the UUID of that external network. If empty, +# the agent will enforce that only a single external networks exists and +# use that external network id +# Default: gateway_external_network_id = +<% if node["openstack"]["network"]["l3"]["gateway_external_network_id"] -%> +gateway_external_network_id = <%= node["openstack"]["network"]["l3"]["gateway_external_network_id"] %> +<% end -%> + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Quantum deployment, and may be False for all agents +# if all routers must have an external network gateway +handle_internal_only_routers = <%= node["openstack"]["network"]["l3"]["handle_internal_only_routers"] %> + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge +external_network_bridge = <%= node["openstack"]["network"]["l3"]["external_network_bridge"] %> + +# TCP Port used by Quantum metadata server +metadata_port = <%= node["openstack"]["network"]["l3"]["metadata_port"] %> + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +send_arp_for_ha = <%= node["openstack"]["network"]["l3"]["send_arp_for_ha"] %> + +# seconds between re-sync routers' data if needed +periodic_interval = <%= node["openstack"]["network"]["l3"]["periodic_interval"] %> + +# seconds to start to sync routers' data after +# starting agent +periodic_fuzzy_delay = <%= node["openstack"]["network"]["l3"]["periodic_fuzzy_delay"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/lbaas_agent.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/lbaas_agent.ini.erb new file mode 100644 index 000000000..b6e3913f7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/lbaas_agent.ini.erb @@ -0,0 +1,37 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = <%= node["openstack"]["network"]["debug"] %> + +# The LBaaS agent will resync its state with Quantum to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +periodic_interval = <%= node["openstack"]["network"]["lbaas"]["periodic_interval"] %> + +<% case node["openstack"]["network"]["lbaas_plugin"] +when "ovs" %> +# OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight) +interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver +# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS +# as OpenFlow switch and check port status +#ovs_use_veth = True +<% when "linuxbridge" %> +# LinuxBridge +interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver +<% else %> +# LBaaS currently supports openvswitch and linuxbridge drivers only. +# Please use one of them. +interface_driver = +<% end %> + +# The agent requires a driver to manage the loadbalancer. HAProxy is the +# opensource version. +device_driver = quantum.plugins.services.agent_loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +# use_namespaces = True + +# The user group +# user_group = nogroup diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/metadata_agent.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/metadata_agent.ini.erb new file mode 100644 index 000000000..a020b34de --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/metadata_agent.ini.erb @@ -0,0 +1,30 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = <%= node["openstack"]["network"]["debug"] %> + +# The Quantum user information for accessing the Quantum API. +auth_url = <%= @identity_endpoint.to_s %> +auth_region = <%= node["openstack"]["network"]["region"] %> +admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["network"]["service_user"] %> +admin_password = <%= @service_pass %> + +# IP address used by Nova metadata server +# Default: nova_metadata_ip = 127.0.0.1 +<% if node["openstack"]["network"]["metadata"]["nova_metadata_ip"] -%> +nova_metadata_ip = <%= node["openstack"]["network"]["metadata"]["nova_metadata_ip"] %> +<% end -%> + +# TCP Port used by Nova metadata server +# Default: nova_metadata_port = 8775 +<% if node["openstack"]["network"]["metadata"]["nova_metadata_port"] -%> +nova_metadata_port = <%= node["openstack"]["network"]["metadata"]["nova_metadata_port"] %> +<% end -%> + +# When proxying metadata requests, Quantum signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: quantum_metadata_proxy_shared_secret +metadata_proxy_shared_secret = <%= @metadata_secret %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/bigswitch/restproxy.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/bigswitch/restproxy.ini.erb new file mode 100644 index 000000000..708f1843f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/bigswitch/restproxy.ini.erb @@ -0,0 +1,39 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:pass@127.0.0.1:3306/restproxy_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[RESTPROXY] +# All configuration for this plugin is in section '[restproxy]' +# +# The following parameters are supported: +# servers : [,]* (Error if not set) +# server_auth : (default: no auth) +# server_ssl : True | False (default: False) +# sync_data : True | False (default: False) +# server_timeout : 10 (default: 10 seconds) +# +servers = <%= node["openstack"]["network"]["bigswitch"]["servers"] %> +#server_auth=username:password +#server_ssl=True +#sync_data=True +#server_timeout=10 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/brocade/brocade.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/brocade/brocade.ini.erb new file mode 100644 index 000000000..cc0f4b36d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/brocade/brocade.ini.erb @@ -0,0 +1,57 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[SWITCH] +# username = +username = <%= node["openstack"]["network"]["brocade"]["switch_username"] %> +# password = +password = <%= node["openstack"]["network"]["brocade"]["switch_password"] %> +# address = +address = <%= node["openstack"]["network"]["brocade"]["switch_address"] %> +# ostype = NOS +ostype = <%= node["openstack"]["network"]["brocade"]["switch_ostype"] %> + +# Example: +# username = admin +# password = password +# address = 10.24.84.38 +# ostype = NOS + +[DATABASE] +# sql_connection = sqlite:// +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 +# +# Example: +# sql_connection = mysql://root:pass@localhost/brcd_quantum?charset=utf8 +sql_connection = <%= @sql_connection %> + +[PHYSICAL_INTERFACE] +# physical_interface = +# +# Example: +# physical_interface = physnet1 +physical_interface = <%= node["openstack"]["network"]["brocade"]["physical_interface"] %> + +[VLANS] +# network_vlan_ranges = :nnnn:mmmm +# +# Example: +# network_vlan_ranges = physnet1:1000:2999 +network_vlan_ranges = <%= node["openstack"]["network"]["brocade"]["network_vlan_ranges"] %> + +[AGENT] +# Example: +# root_helper = sudo /usr/local/bin/quantum-rootwrap /etc/quantum/rootwrap.conf + +[LINUX_BRIDGE] +# physical_interface_mappings = : +# +# Example: +# physical_interface_mappings = physnet1:em1 +physical_interface_mappings = <%= node["openstack"]["network"]["brocade"]["physical_interface_mappings"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/cisco/cisco_plugins.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/cisco/cisco_plugins.ini.erb new file mode 100644 index 000000000..656d9de6a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/cisco/cisco_plugins.ini.erb @@ -0,0 +1,36 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[CISCO_PLUGINS] +nexus_plugin = <%= node["openstack"]["network"]["cisco"]["nexus_plugin"] %> +vswitch_plugin = <%= node["openstack"]["network"]["cisco"]["vswitch_plugin"] %> + +[CISCO] +vlan_start = <%= node["openstack"]["network"]["cisco"]["vlan_start"] %> +vlan_end = <%= node["openstack"]["network"]["cisco"]["vlan_end"] %> +vlan_name_prefix = <%= node["openstack"]["network"]["cisco"]["vlan_name_prefix"] %> +max_ports = <%= node["openstack"]["network"]["cisco"]["max_ports"] %> +max_port_profiles = <%= node["openstack"]["network"]["cisco"]["max_port_profiles"] %> +max_networks = <%= node["openstack"]["network"]["cisco"]["max_networks"] %> +model_class = <%= node["openstack"]["network"]["cisco"]["model_class"] %> +manager_class = <%= node["openstack"]["network"]["cisco"]["manager_class"] %> +nexus_driver = <%= node["openstack"]["network"]["cisco"]["nexus_driver"] %> + +<%- node["openstack"]["network"]["cisco"]["nexus_switch"].each_pair do | ip, info | -%> +[NEXUS_SWITCH:<%= @ip %>] +<%- @info["hosts"].each do | host_info | -%> +<%= @host_info[0] %> = <%= @host_info[1] %> +<%- end -%> +ssh_port = <%= @info["ssh_port"] %> +username = <%= @info["username"] %> +password = <%= @info["password"] %> + +<%- end -%> + +[DATABASE] +# +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://quantum:password@127.0.0.1:3306/cisco_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +# +sql_connection = <%= @sql_connection %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/hyperv/hyperv_quantum_plugin.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/hyperv/hyperv_quantum_plugin.ini.erb new file mode 100644 index 000000000..947e048d8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/hyperv/hyperv_quantum_plugin.ini.erb @@ -0,0 +1,68 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://quantum:password@127.0.0.1:3306/hyperv_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[HYPERV] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST either change this +# to 'vlan' and configure network_vlan_ranges below or to 'flat'. +# Set to 'none' to disable creation of tenant networks. +# +# Default: tenant_network_type = local +# Example: tenant_network_type = vlan +tenant_network_type = <%= node["openstack"]["network"]["hyperv"]["tenant_network_type"] %> + +# (ListOpt) Comma-separated list of +# [::] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only gre and local networks may be created. +# +# Default: network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 +network_vlan_ranges = <%= node["openstack"]["network"]["hyperv"]["network_vlan_ranges"] %> + +[AGENT] +# Agent's polling interval in seconds +polling_interval = <%= node["openstack"]["network"]["hyperv"]["polling_interval"] %> + +# (ListOpt) Comma separated list of : +# where the physical networks can be expressed with wildcards, +# e.g.: ."*:external". +# The referred external virtual switches need to be already present on +# the Hyper-V server. +# If a given physical network name will not match any value in the list +# the plugin will look for a virtual switch with the same name. +# +# Default: physical_network_vswitch_mappings = *:external +# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 +physical_network_vswitch_mappings = <%= node["openstack"]["network"]["hyperv"]["physical_network_vswitch_mappings"] %> + +# (StrOpt) Private virtual switch name used for local networking. +# +# Default: local_network_vswitch = private +# Example: local_network_vswitch = custom_vswitch +local_network_vswitch = <%= node["openstack"]["network"]["hyperv"]["local_network_vswitch"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/linuxbridge/linuxbridge_conf.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/linuxbridge/linuxbridge_conf.ini.erb new file mode 100644 index 000000000..f5816f0c9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/linuxbridge/linuxbridge_conf.ini.erb @@ -0,0 +1,67 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[VLANS] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST change this to +# 'vlan' and configure network_vlan_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +# +# Default: tenant_network_type = local +# Example: tenant_network_type = vlan +tenant_network_type = <%= node["openstack"]["network"]["linuxbridge"]["tenant_network_type"] %> + +# (ListOpt) Comma-separated list of +# [::] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only local networks may be created. +# +# Default: network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 +network_vlan_ranges = <%= node["openstack"]["network"]["linuxbridge"]["network_vlan_ranges"] %> + +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:nova@127.0.0.1:3306/quantum_linux_bridge +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[LINUX_BRIDGE] +# (ListOpt) Comma-separated list of +# : tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# Default: physical_interface_mappings = +# Example: physical_interface_mappings = physnet1:eth1 +physical_interface_mappings = <%= node["openstack"]["network"]["linuxbridge"]["physical_interface_mappings"] %> + +[AGENT] +# Agent's polling interval in seconds +polling_interval = 2 + +[SECURITYGROUP] +# Firewall driver for realizing quantum security group function +firewall_driver = quantum.agent.linux.iptables_firewall.IptablesFirewallDriver diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/metaplugin/metaplugin.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/metaplugin/metaplugin.ini.erb new file mode 100644 index 000000000..9582a92ae --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/metaplugin/metaplugin.ini.erb @@ -0,0 +1,40 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implgies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 + +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[META] +## This is list of flavor:quantum_plugins +# extension method is used in the order of this list +plugin_list = <%= node["openstack"]["network"]["metaplugin"]["plugin_list"] %> +l3_plugin_list = <%= node["openstack"]["network"]["metaplugin"]["l3_plugin_list"] %> + +# Default value of flavor +default_flavor = <%= node["openstack"]["network"]["metaplugin"]["default_flavor"] %> +default_l3_flavor = <%= node["openstack"]["network"]["metaplugin"]["default_l3_flavor"] %> + +# supported extentions +supported_extension_aliases = providernet +# specific method map for each flavor to extensions +extension_map = get_port_stats:nvp diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/midonet/midonet.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/midonet/midonet.ini.erb new file mode 100644 index 000000000..cc21d04a7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/midonet/midonet.ini.erb @@ -0,0 +1,43 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:pass@127.0.0.1:3306/midonet_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[MIDONET] +# MidoNet API server URI +# midonet_uri = http://localhost:8080/midonet-api +midonet_uri = <%= node["openstack"]["network"]["midonet"]["midonet_uri"] %> + +# MidoNet admin username +username = <%= node["openstack"]["network"]["midonet"]["username"] %> + +# MidoNet admin password +password = <%= node["openstack"]["network"]["midonet"]["password"] %> + +# ID of the project that MidoNet admin user belongs to +project_id = <%= node["openstack"]["network"]["midonet"]["project_id"] %> + +# Virtual provider router ID +provider_router_id = <%= node["openstack"]["network"]["midonet"]["provider_router_id"] %> + +# Virtual metadata router ID +metadata_router_id = <%= node["openstack"]["network"]["midonet"]["metadata_router_id"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nec/nec.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nec/nec.ini.erb new file mode 100644 index 000000000..5cebcac8a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nec/nec.ini.erb @@ -0,0 +1,56 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[OVS] +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +integration_bridge = <%= node["openstack"]["network"]["nec"]["integration_bridge"] %> + +[AGENT] +# Agent's polling interval in seconds +polling_interval = <%= node["openstack"]["network"]["nec"]["polling_interval"] %> + +# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = sudo + +[SECURITYGROUP] +# Firewall driver for realizing quantum security group function +firewall_driver = <%= node["openstack"]["network"]["nec"]["firewall_driver"] %> + +[OFC] +# Specify OpenFlow Controller Host, Port and Driver to connect. +host = <%= node["openstack"]["network"]["nec"]["ofc_host"] %> +port = <%= node["openstack"]["network"]["nec"]["ofc_port"] %> + +# Drivers are in quantum/plugins/nec/drivers/ . +driver = <%= node["openstack"]["network"]["nec"]["ofc_driver"] %> + +# PacketFilter is available when it's enabled in this configuration +# and supported by the driver. +enable_packet_filter = <%= node["openstack"]["network"]["nec"]["ofc_enable_packet_filter"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nicira/nvp.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nicira/nvp.ini.erb new file mode 100644 index 000000000..df58c0419 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/nicira/nvp.ini.erb @@ -0,0 +1,116 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +# ############################################################# +# WARNINGS: The following deprecations have been made in the +# Havana release. Support for the options below will be removed +# in Ixxx. +# +# Section: [DEFAULT], Option: 'metadata_dhcp_host_route' +# Remarks: Use 'enable_isolated_metadata' in dhcp_agent.ini. +# +# +# Section: [CLUSTER:name], Option: 'nvp_controller_connection' +# Remarks: The configuration will allow the specification of +# a single cluster, therefore [CLUSTER:name] is no +# longer used. Use 'nvp_*', options, 'req_timeout', +# 'retries', etc. as indicated in the DEFAULT section. +# Support for multiple clusters will be added through +# an API extension. +# ############################################################## + +[DEFAULT] +# User name for NVP controller +nvp_user = <%= node["openstack"]["network"]["nicira"]["nvp_user"] %> + +# Password for NVP controller +nvp_password = <%= node["openstack"]["network"]["nicira"]["nvp_password"] %> + +# Total time limit for a cluster request +# (including retries across different controllers) +req_timeout = <%= node["openstack"]["network"]["nicira"]["req_timeout"] %> + +# Time before aborting a request on an unresponsive controller +http_timeout = <%= node["openstack"]["network"]["nicira"]["http_timeout"] %> + +# Maximum number of times a particular request should be retried +retries = <%= node["openstack"]["network"]["nicira"]["retries"] %> + +# Maximum number of times a redirect response should be followed +redirects = <%= node["openstack"]["network"]["nicira"]["redirects"] %> + +# Comma-separated list of NVP controller endpoints (:). When port +# is omitted, 443 is assumed. This option MUST be specified, e.g.: +nvp_controllers = <%= node["openstack"]["network"]["nicira"]["nvp_controllers"] %> + +# UUID of the pre-existing default NVP Transport zone to be used for creating +# tunneled isolated "Quantum" networks. This option MUST be specified, e.g.: +default_tz_uuid = <%= node["openstack"]["network"]["nicira"]["default_tz_uuid"] %> + +# (Optional) UUID of the cluster in NVP. It can be retrieved from NVP management +# console "admin" section. +nvp_cluster_uuid = <%= node["openstack"]["network"]["nicira"]["nvp_cluster_uuid"] %> + +# (Optional) UUID for the default l3 gateway service to use with this cluster. +# To be specified if planning to use logical routers with external gateways. +default_l3_gw_service_uuid = <%= node["openstack"]["network"]["nicira"]["default_l3_gateway_service_uuid"] %> + +# (Optional) UUID for the default l2 gateway service to use with this cluster. +# To be specified for providing a predefined gateway tenant for connecting their networks. +default_l2_gw_service_uuid = <%= node["openstack"]["network"]["nicira"]["default_l2_gateway_service_uuid"] %> + +# Name of the default interface name to be used on network-gateway. This value +# will be used for any device associated with a network gateway for which an +# interface name was not specified +default_iface_name = <%= node["openstack"]["network"]["nicira"]["default_iface_name"] %> + + +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:quantum@127.0.0.1:3306/nvp_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> + +# Number of reconnection attempts to the DB; Set to -1 to try indefinitely +# sql_max_retries = 10 + +# Period between reconnection attempts to the DB +# reconnect_interval = 2 + +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. + +# sql_dbpool_enable = False + +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 + +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + + +[QUOTAS] +# number of network gateways allowed per tenant, -1 means unlimited +quota_network_gateway = <%= node["openstack"]["network"]["nicira"]["quota_network_gateway"] %> + + +[NVP] +# Maximum number of ports for each bridged logical switch +max_lp_per_bridged_ls = <%= node["openstack"]["network"]["nicira"]["max_lp_per_bridged_ls"] %> + +# Maximum number of ports for each overlay (stt, gre) logical switch +max_lp_per_overlay_ls = <%= node["openstack"]["network"]["nicira"]["max_lp_per_overlay_ls"] %> + +# Number of connects to each controller node. +concurrent_connections = <%= node["openstack"]["network"]["nicira"]["concurrent_connections"] %> + +# Acceptable values for 'metadata_mode' are: +# - 'access_network': this enables a dedicated connection to the metadata +# proxy for metadata server access via Quantum router. +# - 'dhcp_host_route': this enables host route injection via the dhcp agent. +# This option is only useful if running on a host that does not support +# namespaces otherwise access_network should be used. +metadata_mode = <%= node["openstack"]["network"]["nicira"]["metadata_mode"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/openvswitch/ovs_quantum_plugin.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/openvswitch/ovs_quantum_plugin.ini.erb new file mode 100644 index 000000000..16d64b4f1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/openvswitch/ovs_quantum_plugin.ini.erb @@ -0,0 +1,155 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum +# Replace 127.0.0.1 above with the IP address of the database used by the +# main quantum server. (Leave it as is if the database runs on this host.) +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[OVS] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST either change this +# to 'vlan' and configure network_vlan_ranges below or change this to +# 'gre' and configure tunnel_id_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +# +# Default: tenant_network_type = local +# Example: tenant_network_type = gre +tenant_network_type = <%= node["openstack"]["network"]["openvswitch"]["tenant_network_type"] %> + +# (ListOpt) Comma-separated list of +# [::] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only gre and local networks may be created. +# +# Default: network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 +<% if node["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] -%> +network_vlan_ranges = <%= node["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] %> +<% end -%> + +# (BoolOpt) Set to True in the server and the agents to enable support +# for GRE networks. Requires kernel support for OVS patch ports and +# GRE tunneling. +# +# Default: enable_tunneling = False +enable_tunneling = <%= node["openstack"]["network"]["openvswitch"]["enable_tunneling"] %> + +# (ListOpt) Comma-separated list of : tuples +# enumerating ranges of GRE tunnel IDs that are available for tenant +# network allocation if tenant_network_type is 'gre'. +# +# Default: tunnel_id_ranges = +# Example: tunnel_id_ranges = 1:1000 +<% if node["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] -%> +tunnel_id_ranges = <%= node["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] %> +<% end -%> + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch bay". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +# +# Default: integration_bridge = br-int +<% if node["openstack"]["network"]["openvswitch"]["integration_bridge"] -%> +integration_bridge = <%= node["openstack"]["network"]["openvswitch"]["integration_bridge"] %> +<% end -%> + +# Only used for the agent if tunnel_id_ranges (above) is not empty for +# the server. In most cases, the default value should be fine. +# +# Default: tunnel_bridge = br-tun +<% if node["openstack"]["network"]["openvswitch"]["tunnel_bridge"] -%> +tunnel_bridge = <%= node["openstack"]["network"]["openvswitch"]["tunnel_bridge"] %> +<% end -%> + +# Peer patch port in integration bridge for tunnel bridge +# Default: int_peer_patch_port = patch-tun +<% if node["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] -%> +int_peer_patch_port = <%= node["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] %> +<% end -%> + +# Peer patch port in tunnel bridge for integration bridge +# Default: tun_peer_patch_port = patch-int +<% if node["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] -%> +tun_peer_patch_port = <%= node["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] %> +<% end -%> + +# Uncomment this line for the agent if tunnel_id_ranges (above) is not +# empty for the server. Set local-ip to be the local IP address of +# this hypervisor. +# +# Default: local_ip = +local_ip = <%= @local_ip %> + +# (ListOpt) Comma-separated list of : tuples +# mapping physical network names to the agent's node-specific OVS +# bridge names to be used for flat and VLAN networks. The length of +# bridge names should be no more than 11. Each bridge must +# exist, and should have a physical network interface configured as a +# port. All physical networks listed in network_vlan_ranges on the +# server should have mappings to appropriate bridges on each agent. +# +# Default: bridge_mappings = +# Example: bridge_mappings = physnet1:br-eth1 +<% if node["openstack"]["network"]["openvswitch"]["bridge_mappings"] -%> +bridge_mappings = <%= node["openstack"]["network"]["openvswitch"]["bridge_mappings"] %> +<% end -%> + +[AGENT] +# Agent's polling interval in seconds +polling_interval = 2 + +[SECURITYGROUP] +# Firewall driver for realizing quantum security group function +# Default: firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +<% if node["openstack"]["network"]["openvswitch"]["fw_driver"] -%> +firewall_driver = <%= node["openstack"]["network"]["openvswitch"]["fw_driver"] %> +<% end -%> + +#----------------------------------------------------------------------------- +# Sample Configurations. +#----------------------------------------------------------------------------- +# +# 1. With VLANs on eth1. +# [DATABASE] +# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum +# [OVS] +# network_vlan_ranges = default:2000:3999 +# tunnel_id_ranges = +# integration_bridge = br-int +# bridge_mappings = default:br-eth1 +# [AGENT] +# Add the following setting, if you want to log to a file +# +# 2. With tunneling. +# [DATABASE] +# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum +# [OVS] +# network_vlan_ranges = +# tunnel_id_ranges = 1:1000 +# integration_bridge = br-int +# tunnel_bridge = br-tun +# local_ip = 10.0.0.3 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/plumgrid/plumgrid.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/plumgrid/plumgrid.ini.erb new file mode 100644 index 000000000..4d9945e7c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/plumgrid/plumgrid.ini.erb @@ -0,0 +1,38 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: +# sql_connection = mysql://:@:3306/plumgrid_quantum +# Replace above with the IP address of the database used by the +# main quantum server. +sql_connection = <%= @sql_connection %> +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# sql_max_retries = 10 +# Database reconnection interval in seconds - if the initial connection to the +# database fails +# reconnect_interval = 2 +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[PLUMgridNOS] +# This line should be pointing to the NOS server, +# for the PLUMgrid platform. In other deployments, +# this is known as controller +nos_server = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %> +nos_server_port = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %> +# Authentification parameters for the NOS server. +# These are the admin credentials to manage and control +# the NOS server. +username = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %> +password = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %> +servertimeout = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %> +# Name of the network topology to be deployed by NOS +topologyname = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/ryu/ryu.ini.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/ryu/ryu.ini.erb new file mode 100644 index 000000000..8915d7964 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/plugins/ryu/ryu.ini.erb @@ -0,0 +1,58 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DATABASE] +# This line MUST be changed to actually run the plugin. +# Example: sql_connection = mysql://root:nova@127.0.0.1:3306/ryu_quantum +sql_connection = <%= @sql_connection %> +# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size, +# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled. +# sql_dbpool_enable = False +# Minimum number of SQL connections to keep open in a pool +# sql_min_pool_size = 1 +# Maximum number of SQL connections to keep open in a pool +# sql_max_pool_size = 5 +# Timeout in seconds before idle sql connections are reaped +# sql_idle_timeout = 3600 + +[OVS] +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +integration_bridge = <%= node["openstack"]["network"]["ryu"]["integration_bridge"] %> + +# openflow_rest_api = : +openflow_rest_api = <%= node["openstack"]["network"]["ryu"]["openflow_rest_api"] %> + +# tunnel key range: 0 < tunnel_key_min < tunnel_key_max +# VLAN: 12bits, GRE, VXLAN: 24bits +tunnel_key_min = <%= node["openstack"]["network"]["ryu"]["tunnel_key_min"] %> +tunnel_key_max = <%= node["openstack"]["network"]["ryu"]["tunnel_key_max"] %> + +# tunnel_ip = +# tunnel_interface = interface for tunneling +# when tunnel_ip is NOT specified, ip address is read +# from this interface +tunnel_ip = <%= node["openstack"]["network"]["ryu"]["tunnel_ip"] %> +tunnel_interface = <%= node["openstack"]["network"]["ryu"]["tunnel_interface"] %> + +# ovsdb_port = port number on which ovsdb is listening +# ryu-agent uses this parameter to setup ovsdb. +# ovs-vsctl set-manager ptcp: +# See set-manager section of man ovs-vsctl for details. +# currently ptcp is only supported. +# ovsdb_ip = +# ovsdb_interface = interface for ovsdb +# when ovsdb_addr NOT specifiied, ip address is gotten +# from this interface +ovsdb_port = <%= node["openstack"]["network"]["ryu"]["ovsdb_port"] %> +ovsdb_ip = <%= node["openstack"]["network"]["ryu"]["ovsdb_ip"] %> +ovsdb_interface = <%= node["openstack"]["network"]["ryu"]["ovsdb_interface"] %> + +[SECURITYGROUP] +# Firewall driver for realizing quantum security group function +firewall_driver = <%= node["openstack"]["network"]["ryu"]["firewall_driver"] %> + +[AGENT] +# Agent's polling interval in seconds +polling_interval = <%= node["openstack"]["network"]["ryu"]["polling_interval"] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/policy.json.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/policy.json.erb new file mode 100644 index 000000000..42625665a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/policy.json.erb @@ -0,0 +1,75 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network_tenant_id)s", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "shared": "field:networks:shared=True", + "external": "field:networks:router:external=True", + "default": "rule:admin_or_owner", + + "extension:provider_network:view": "rule:admin_only", + "extension:provider_network:set": "rule:admin_only", + + "extension:router:view": "rule:regular_user", + + "extension:port_binding:view": "rule:admin_only", + "extension:port_binding:set": "rule:admin_only", + + "subnets:private:read": "rule:admin_or_owner", + "subnets:private:write": "rule:admin_or_owner", + "subnets:shared:read": "rule:regular_user", + "subnets:shared:write": "rule:admin_only", + + "create_subnet": "rule:admin_or_network_owner", + "get_subnet": "rule:admin_or_owner or rule:shared", + "update_subnet": "rule:admin_or_network_owner", + "delete_subnet": "rule:admin_or_network_owner", + + "create_network": "", + "get_network": "rule:admin_or_owner or rule:shared or rule:external", + "create_network:shared": "rule:admin_only", + "create_network:router:external": "rule:admin_only", + "create_network:provider:network_type": "rule:admin_only", + "create_network:provider:physical_network": "rule:admin_only", + "create_network:provider:segmentation_id": "rule:admin_only", + "update_network": "rule:admin_or_owner", + "update_network:provider:network_type": "rule:admin_only", + "update_network:provider:physical_network": "rule:admin_only", + "update_network:provider:segmentation_id": "rule:admin_only", + "delete_network": "rule:admin_or_owner", + + "create_port": "", + "create_port:mac_address": "rule:admin_or_network_owner", + "create_port:fixed_ips": "rule:admin_or_network_owner", + "create_port:port_security_enabled": "rule:admin_or_network_owner", + "get_port": "rule:admin_or_owner", + "update_port": "rule:admin_or_owner", + "update_port:fixed_ips": "rule:admin_or_network_owner", + "update_port:port_security_enabled": "rule:admin_or_network_owner", + "delete_port": "rule:admin_or_owner", + + "extension:service_type:view_extended": "rule:admin_only", + "create_service_type": "rule:admin_only", + "update_service_type": "rule:admin_only", + "delete_service_type": "rule:admin_only", + "get_service_type": "rule:regular_user", + + "create_qos_queue": "rule:admin_only", + "get_qos_queue": "rule:admin_only", + "get_qos_queues": "rule:admin_only", + + "update_agent": "rule:admin_only", + "delete_agent": "rule:admin_only", + "get_agent": "rule:admin_only", + "get_agents": "rule:admin_only", + + "create_dhcp-network": "rule:admin_only", + "delete_dhcp-network": "rule:admin_only", + "get_dhcp-networks": "rule:admin_only", + "create_l3-router": "rule:admin_only", + "delete_l3-router": "rule:admin_only", + "get_l3-routers": "rule:admin_only", + "get_dhcp-agents": "rule:admin_only", + "get_l3-agents": "rule:admin_only" +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum-server.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum-server.erb new file mode 100644 index 000000000..a23d8d638 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum-server.erb @@ -0,0 +1,6 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +# defaults for quantum-server + +# path to config file corresponding to the core_plugin specified in +# quantum.conf +QUANTUM_PLUGIN_CONFIG=<%= @plugin_config %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.conf.erb new file mode 100644 index 000000000..dd318ab65 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.conf.erb @@ -0,0 +1,325 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> +[DEFAULT] +# Default log level is INFO +# verbose and debug has the same result. +# One of them will set DEBUG log level output +debug = <%= node["openstack"]["network"]["debug"] %> +verbose = <%= node["openstack"]["network"]["verbose"] %> + +# Where to store Quantum state files. This directory must be writable by the +# user executing the agent. +# state_path = /var/lib/quantum + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +<% if node["openstack"]["network"]["syslog"]["use"] %> +log_config = /etc/openstack/logging.conf +<% end %> +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +# log_dir = + +# publish_errors = False + +# Address to bind the API server +bind_host = <%= @bind_address %> + +# Port the bind the API server to +bind_port = <%= @bind_port %> + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of quantum.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# Quantum plugin provider module +# core_plugin = +core_plugin = <%= @core_plugin %> + +# Advanced service modules +# service_plugins = +<% if node["openstack"]["network"]["quantum_loadbalancer"] %> +# LoadBalancer plugin +service_plugins = quantum.plugins.services.agent_loadbalancer.plugin.LoadBalancerPlugin +<% end %> + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +# auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +# dhcp_lease_duration = 120 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Quantum is +# being used in conjunction with nova security groups and/or metadata service. +# allow_overlapping_ips = False +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = quantum.openstack.common.rpc.impl_kombu +# Size of RPC thread pool +# rpc_thread_pool_size = 64, +# Size of RPC connection pool +# rpc_conn_pool_size = 30 +# Seconds to wait for a response from call or multicall +# rpc_response_timeout = 60 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# rpc_cast_timeout = 30 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = quantum.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +control_exchange = quantum + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled)' +# kombu_ssl_ca_certs = + +# allow_overlapping_ips = False +allow_overlapping_ips = <%= node["openstack"]["network"]["allow_overlapping_ips"] -%> + +##### RABBITMQ ##### +rabbit_userid=<%= node["openstack"]["network"]["rabbit"]["username"] %> +rabbit_password=<%= @rabbit_pass %> +rabbit_virtual_host=<%= node["openstack"]["network"]["rabbit"]["vhost"] %> +<% if node["openstack"]["network"]["rabbit"]["ha"] -%> +# Use HA queues in RabbitMQ (x-ha-policy: all).You need to +# wipe RabbitMQ database when changing this option. (boolean value) +rabbit_hosts=<%= @rabbit_hosts %> +rabbit_ha_queues=True +<% else -%> +rabbit_host=<%= node["openstack"]["network"]["rabbit"]["host"] %> +rabbit_port=<%= node["openstack"]["network"]["rabbit"]["port"] %> +<% end -%> +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 + +# QPID +# rpc_backend=quantum.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=quantum.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are create, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = quantum.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = quantum.openstack.common.notifier.log_notifier +# RPC driver. DHCP agents needs it. +notification_driver = quantum.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down. +agent_down_time = <%= node["openstack"]["network"]["api"]["agent"]["agent_down_time"] %> + +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = <%= node["openstack"]["network"]["dhcp"]["scheduler"] %> +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = <%= node["openstack"]["network"]["l3"]["scheduler"] %> + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# quantum server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to quantum server +# router_auto_schedule = True +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +#tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +#retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +#backlog = 4096 + +# Enable SSL on the API server +#use_ssl = False + +# Certificate file to use when starting API server securely +#ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +#ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +#ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + +[QUOTAS] +# resource name(s) that are supported in quota features +# quota_items = network,subnet,port + +# default number of resource allowed per tenant, minus for unlimited +# default_quota = -1 + +# number of networks allowed per tenant, and minus means unlimited +# quota_network = 10 + +# number of subnets allowed per tenant, and minus means unlimited +# quota_subnet = 10 + +# number of ports allowed per tenant, and minus means unlimited +# quota_port = 50 + +# number of security groups allowed per tenant, and minus means unlimited +# quota_security_group = 10 + +# number of security group rules allowed per tenant, and minus means unlimited +# quota_security_group_rule = 100 + +# default driver to use for quota checks +quota_driver = <%= node["openstack"]["network"]["quota"]["driver"] %> + +[DEFAULT_SERVICETYPE] +# Description of the default service type (optional) +# description = "default service type" +# Enter a service definition line for each advanced service provided +# by the default service type. +# Each service definition should be in the following format: +# :[:driver] + +[AGENT] +# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +# root_helper = sudo +<% if node["openstack"]["network"]["use_rootwrap"] %> +root_helper = "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" +<% end -%> + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server, should be less than +# agent_down_time +report_interval = <%= node["openstack"]["network"]["api"]["agent"]["agent_report_interval"] %> + +[keystone_authtoken] +auth_host = <%= @identity_endpoint.host %> +auth_port = <%= @identity_endpoint.port %> +auth_protocol = <%= @identity_endpoint.scheme %> +admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %> +admin_user = <%= node["openstack"]["network"]["service_user"] %> +admin_password = <%= @service_pass %> +signing_dir = <%= node["openstack"]["network"]["api"]["agent"]["signing_dir"] %> + +# =========== end of items for agent management extension ===== diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.sysconfig.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.sysconfig.erb new file mode 100644 index 000000000..f6408ce32 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/quantum.sysconfig.erb @@ -0,0 +1,5 @@ +## Type: string +# +# location of the plugin configuration file + +QUANTUM_PLUGIN_CONF="/etc/quantum/plugins/<%= @plugin_conf %>" \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/rootwrap.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/rootwrap.conf.erb new file mode 100644 index 000000000..234d28146 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-network/templates/default/rootwrap.conf.erb @@ -0,0 +1,6 @@ +<%= node["openstack"]["network"]["custom_template_banner"] %> + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/quantum/rootwrap.d,/usr/share/quantum/rootwrap diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile new file mode 100644 index 000000000..ece8d4f54 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile @@ -0,0 +1,4 @@ +metadata + +cookbook "statsd", + :git => "git://github.com/att-cloud/cookbook-statsd.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile.lock new file mode 100644 index 000000000..f244cd2b7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Berksfile.lock @@ -0,0 +1,42 @@ +{ + "sources": { + "openstack-object-storage": { + "path": "." + }, + "statsd": { + "locked_version": "0.1.3", + "git": "git://github.com/att-cloud/cookbook-statsd.git", + "ref": "f759cd013c0a836f2acb219b3e006ff0a1308878" + }, + "memcached": { + "locked_version": "1.4.0" + }, + "runit": { + "locked_version": "1.1.6" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "yum": { + "locked_version": "2.3.0" + }, + "sysctl": { + "locked_version": "0.3.3" + }, + "apt": { + "locked_version": "2.1.0" + }, + "git": { + "locked_version": "2.5.2" + }, + "dmg": { + "locked_version": "1.1.0" + }, + "windows": { + "locked_version": "1.10.0" + }, + "chef_handler": { + "locked_version": "1.1.4" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile new file mode 100644 index 000000000..d592402aa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.8" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "webmock", "~> 1.11.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile.lock new file mode 100644 index 000000000..f69004dbc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Gemfile.lock @@ -0,0 +1,211 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.14) + i18n (~> 0.6, >= 0.6.4) + multi_json (~> 1.0) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + berkshelf (2.0.8) + activesupport (~> 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.9.0) + builder (>= 2.1.2) + crack (0.4.1) + safe_yaml (~> 0.9.0) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.8) + multipart-post (~> 1.2.0) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.2.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.1.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.5) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.24) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.2.0) + multi_json (1.7.9) + multi_xml (0.5.5) + multipart-post (1.2.0) + net-http-persistent (2.9) + net-ssh (2.6.8) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.5.0) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.18.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.5) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.5) + rspec-expectations (2.14.2) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.14.3) + rubyntlm (0.1.1) + safe_yaml (0.9.5) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.8.0) + strainer (3.2.2) + berkshelf (~> 2.0) + systemu (2.5.2) + thor (0.18.1) + timers (1.1.0) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + uuidtools (2.1.4) + varia_model (0.2.0) + buff-extensions (~> 0.2) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + webmock (1.11.0) + addressable (>= 2.2.7) + crack (>= 0.3.2) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.8) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + webmock (~> 1.11.0) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/README.md new file mode 100644 index 000000000..1e5b69fdb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/README.md @@ -0,0 +1,269 @@ +Description +=========== + +Installs the OpenStack Object Storage service **Swift** as part of the OpenStack reference deployment Chef for OpenStack. The http://github.com/stackforge/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Swift is currently installed from packages. + +https://wiki.openstack.org/wiki/Swift + +Requirements +============ + +Clients +-------- + + * CentOS >= 6.3 + * Ubuntu >= 12.04 + +Chef +--------- + + * 11.4.4 + +Cookbooks +--------- + + * memcached + * sysctl + +Roles +===== + + * swift-account-server - storage node for account data + * swift-container-server - storage node for container data + * swift-object-server - storage node for object server + * swift-proxy-server - proxy for swift storge nodes + * swift-setup - server responsible for generating initial settings + * swift-management-server - responsible for ring generation + +The swift-management-server role performs the following functions: + + * proxy node that knows super admin password + * ring repository and ring building workstation + * generally always has the swift-setup role too + * there can only be _one_ swift-management-server + +There *must* be node with the the swift-managment-server role to act +as the ring repository. + +In small environments, it is likely that all storage machines will +have all-in-one roles, with a load balancer ahead of it + +In larger environments, where it is cost effective to split the proxy +and storage layer, storage nodes will carry +swift-{account,container,object}-server roles, and there will be +dedicated hosts with the swift-proxy-server role. + +In really really huge environments, it's possible that the storage +node will be split into swift-{container,accout}-server nodes and +swift-object-server nodes. + + +Attributes +========== + + * ```default[:swift][:authmode]``` - "swauth" or "keystone" (default "swauth"). Right now, only swauth is supported (defaults to swauth) + + * ```default[:swift][:swift_secret_databag_name]``` - this cookbook supports an optional secret databag where we will retrieve the following attributes overriding any default attributes below. (defaults to nil) + +``` + { + "id": "swift_dal2", + "swift_hash": "1a7c0568fa84" + "swift_authkey": "keY4all" + "dispersion_auth_user": "ops:dispersion", + "dispersion_auth_key": "dispersionpass" + } +``` + + * ```default[:swift][:swift_hash]``` - swift_hash_path_suffix in /etc/swift/swift.conf (defaults to 107c0568ea84) + + * ```default[:swift][:audit_hour]``` - Hour to run swift_auditor on storage nodes (defaults to 5) + + * ```default[:swift][:disk_enum_expr]``` - Eval-able expression that lists + candidate disk nodes for disk probing. The result shoule be a hash + with keys being the device name (without the leading "/dev/") and a + hash block of any extra info associated with the device. For + example: { "sdc" => { "model": "Hitachi 7K3000" }}. Largely, + though, if you are going to make a list of valid devices, you + probably know all the valid devices, and don't need to pass any + metadata about them, so { "sdc" => {}} is probably enough. Example + expression: Hash[('a'..'f').to_a.collect{|x| [ "sd{x}", {} ]}] + + * ```default[:swift][:ring][:part_power]``` - controls the size of the ring (defaults to 18) + + * ```default[:swift][:ring][:min_part_hours]``` - the minimum number of hours before swift is allowed to migrate a partition (defaults to 1) + + * ```default[:swift][:ring][:replicas]``` - how many replicas swift should retain (defaults to 3) + + * ```default[:swift][:disk_test_filter]``` - an array of expressions that must + all be true in order a block deviced to be considered for + formatting and inclusion in the cluster. Each rule gets evaluated + with "candidate" set to the device name (without the leading + "/dev/") and info set to the node hash value. Default rules: + + * "candidate =~ /sd[^a]/ or candidate =~ /hd[^a]/ or candidate =~ + /vd[^a]/" + + * "File.exists?('/dev/ + candidate)" + + * "not system('/sbin/sfdisk -V /dev/' + candidate + '>/dev/null 2>&2')" + + * "info['removable'] = 0" ]) + + * ```default[:swift][:expected_disks]``` - an array of device names that the + operator expecs to be identified by the previous two values. This + acts as a second-check on discovered disks. If this array doesn't + match the found disks, then chef processing will be stopped. + Example: ("b".."f").collect{|x| "sd#{x}"}. Default: none. + +There are other attributes that must be set depending on authmode. +For "swauth", the following attributes are used: + + * ```default[:swift][:authkey]``` - swauth super admin key if using swauth (defaults to test) + +In addition, because swift is typically deployed as a cluster +there are some attributes used to find interfaces and ip addresses +on storage nodes: + + * ```default[:swift][:git_builder_ip]``` - the IP address of the management server which other cluster members will use as their git pull target for ring updates (defaults to 127.0.0.1) + * ```default[:swift][:network][:proxy-bind-ip]``` - the IP address to bind to + on the proxy servers (defaults to 0.0.0.0 for all addresses) + * ```default[:swift][:network][:proxy-bind-port]``` - the port to bind to + on the proxy servers (defaults to 8080) + * ```default[:swift][:network][:account-bind-ip]``` - the IP address to bind to + on the account servers (defaults to 0.0.0.0 for all addresses) + * ```default[:swift][:network][:account-bind-port]``` - the port to bind to + on the account servers (defaults to 6002) + * ```default[:swift][:network][:container-bind-ip]``` - the IP address to bind to + on the container servers (defaults to 0.0.0.0 for all addresses) + * ```default[:swift][:network][:container-bind-port]``` - the port to bind to + on the container servers (defaults to 6002) + * ```default[:swift][:network][:object-bind-ip]``` - the IP address to bind to + on the object servers (defaults to 0.0.0.0 for all addresses) + * ```default[:swift][:network][:object-bind-port]``` - the port to bind to + on the container servers (defaults to 6002) + * ```default[:swift][:network][:object-cidr]``` - the CIDR network for your object + servers in order to build the ring (defaults to 10.0.0.0/24) + +Examples +======== + +Example environment +------------------- + +```json +{ + "default_attributes": { + "swift": { + "swift_hash": "107c0568ea84", + "authmode": "swauth", + "authkey": "test" + "auto_rebuild_rings": false + "git_builder_ip": "10.0.0.10" + "swauth": { + "url": "http://10.0.0.10:8080/v1/" + } + }, + }, + "name": "swift", + "chef_type": "environment", + "json_class": "Chef::Environment" +} +``` + +This sets up defaults for a swauth-based cluster with the storage +network on 10.0.0.0/24. + +Example all-in-one +-------------------------- + +Example all-in-one storage node config (note there should only ever be +one node with the swift-setup and swift-management roles) + +```json +{ + "id": "storage1", + "name": "storage1", + "json_class": "Chef::Node", + "run_list": [ + "role[swift-setup]", + "role[swift-management-server]", + "role[swift-account-server]", + "role[swift-object-server]", + "role[swift-container-server]", + "role[swift-proxy-server]" + ], + "chef_environment": "development", + "normal": { + "swift": { + "zone": "1" + } + } +} +``` + +Standalone Storage Server +------------------------- + +```json +{ + "name": "swift-object-server", + "json_class": "Chef::Role", + "run_list": [ + "recipe[swift::object-server]" + ], + "description": "A storage server role.", + "chef_type": "role" +} +``` + +Standalone Proxy Server +----------------------- + +```json + "run_list": [ + "role[swift-proxy-server]" + ] +``` + +Testing +======= + +This cookbook is using [ChefSpec](https://github.com/acrmp/chefspec) for testing. Run the following before commiting. It will run your tests, and check for lint errors. + + $ ./run_tests.bash + +There is also a Vagrant test environment that you can launch in order to integration +test this cookbook. See the tests/README.md file for more information on launching the environment. + +Testing +======= + + $ bundle install + $ bundle exec berks install + $ bundle exec strainer test + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Authors** | Alan Meadows () | +| | Oisin Feely () | +| | Ron Pedde () | +| | Will Kelly () | +| | | +| **Copyright** | Copyright (c) 2013, AT&T, Inc. | +| | Copyright (c) 2012, Rackspace US, Inc. | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Strainerfile new file mode 100644 index 000000000..f23cd14e9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/Strainerfile @@ -0,0 +1,4 @@ +# Strainerfile +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/attributes/default.rb new file mode 100644 index 000000000..a52f1521d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/attributes/default.rb @@ -0,0 +1,194 @@ +#-------------------- +# node/ring settings +#-------------------- + +default["swift"]["state"] = {} +default["swift"]["swift_hash"] = "107c0568ea84" +default["swift"]["audit_hour"] = "5" +default["swift"]["disk_enum_expr"] = "node[:block_device]" +default["swift"]["auto_rebuild_rings"] = false +default["swift"]["git_builder_ip"] = "127.0.0.1" + +# the release only has any effect on ubuntu, and must be +# a valid release on http://ubuntu-cloud.archive.canonical.com/ubuntu +default["swift"]["release"] = "folsom" + +# we support an optional secret databag where we will retrieve the +# following attributes overriding any default attributes here +# +# { +# "id": "swift_dal2", +# "swift_hash": "107c0568ea84" +# "swift_authkey": "keW4all" +# "dispersion_auth_user": "test:test", +# "dispersion_auth_key": "test" +# } +default["swift"]["swift_secret_databag_name"] = nil + +#-------------------- +# authentication +#-------------------- + +default["swift"]["authmode"] = "swauth" +default["swift"]["authkey"] = "test" +default["swift"]["swift_url"] = "http://127.0.0.1:8080/v1/" +default["swift"]["swauth_url"] = "http://127.0.0.1:8080/v1/" +default["swift"]["auth_url"] = "http://127.0.0.1:8080/auth/v1.0" + +#--------------------- +# dispersion settings +#--------------------- + +default["swift"]["dispersion"]["auth_user"] = "test:test" +default["swift"]["dispersion"]["auth_key"] = "test" + + +# settings for the swift ring - these default settings are +# a safe setting for testing but part_power should be set to +# 26 in production to allow a swift cluster with 50,000 spindles +default["swift"]["ring"]["part_power"] = 18 +default["swift"]["ring"]["min_part_hours"] = 1 +default["swift"]["ring"]["replicas"] = 3 + +#------------------ +# statistics +#------------------ +default["swift"]["enable_statistics"] = true + +#------------------ +# network settings +#------------------ + +# the cidr configuration items are unimportant for a single server +# configuration, but in a multi-server setup, the cidr should match +# the interface appropriate to that service as they are used to +# resolve the appropriate addresses to use for internode +# communication + +# proxy servers +default["swift"]["network"]["proxy-bind-ip"] = "0.0.0.0" +default["swift"]["network"]["proxy-bind-port"] = "8080" +default["swift"]["network"]["proxy-cidr"] = "10.0.0.0/24" + +# account servers +default["swift"]["network"]["account-bind-ip"] = "0.0.0.0" +default["swift"]["network"]["account-bind-port"] = "6002" + +# container servers +default["swift"]["network"]["container-bind-ip"] = "0.0.0.0" +default["swift"]["network"]["container-bind-port"] = "6001" + +# object servers +default["swift"]["network"]["object-bind-ip"] = "0.0.0.0" +default["swift"]["network"]["object-bind-port"] = "6000" +default["swift"]["network"]["object-cidr"] = "10.0.0.0/24" + +#------------------ +# sysctl +#------------------ + +# set sysctl properties for time waits +default['sysctl']['params']['net']['ipv4']['tcp_tw_recycle'] = 1 +default['sysctl']['params']['net']['ipv4']['tcp_tw_reuse'] = 1 +default['sysctl']['params']['net']['ipv4']['tcp_syncookies'] = 0 + +# N.B. conntrack_max may also need to be adjusted if +# server is running a stateful firewall + +#------------------ +# disk search +#------------------ + +# disk_test_filter is an array of predicates to test against disks to +# determine if a disk should be formatted and configured for swift. +# Each predicate is evaluated in turn, and a false from the predicate +# will result in the disk not being considered as a candidate for +# formatting. +default["swift"]["disk_test_filter"] = [ "candidate =~ /(sd|hd|xvd|vd)(?!a$)[a-z]+/", + "File.exist?('/dev/' + candidate)", + "not system('/sbin/parted /dev/' + candidate + ' -s print | grep linux-swap')", + "not info.has_key?('removable') or info['removable'] == 0.to_s" ] + +#------------------ +# packages +#------------------ + + +# Leveling between distros +case platform +when "redhat" + default["swift"]["platform"] = { + "disk_format" => "ext4", + "proxy_packages" => ["openstack-swift-proxy", "sudo", "cronie", "python-memcached"], + "object_packages" => ["openstack-swift-object", "sudo", "cronie"], + "container_packages" => ["openstack-swift-container", "sudo", "cronie"], + "account_packages" => ["openstack-swift-account", "sudo", "cronie"], + "swift_packages" => ["openstack-swift", "sudo", "cronie"], + "swauth_packages" => ["openstack-swauth", "sudo", "cronie"], + "rsync_packages" => ["rsync"], + "git_packages" => ["xinetd", "git", "git-daemon"], + "service_prefix" => "openstack-", + "service_suffix" => "", + "git_dir" => "/var/lib/git", + "git_service" => "git", + "service_provider" => Chef::Provider::Service::Redhat, + "override_options" => "" + } +# +# python-iso8601 is a missing dependency for swift. +# https://bugzilla.redhat.com/show_bug.cgi?id=875948 +when "centos" + default["swift"]["platform"] = { + "disk_format" => "xfs", + "proxy_packages" => ["openstack-swift-proxy", "sudo", "cronie", "python-iso8601", "python-memcached" ], + "object_packages" => ["openstack-swift-object", "sudo", "cronie", "python-iso8601" ], + "container_packages" => ["openstack-swift-container", "sudo", "cronie", "python-iso8601" ], + "account_packages" => ["openstack-swift-account", "sudo", "cronie", "python-iso8601" ], + "swift_packages" => ["openstack-swift", "sudo", "cronie", "python-iso8601" ], + "swauth_packages" => ["openstack-swauth", "sudo", "cronie", "python-iso8601" ], + "rsync_packages" => ["rsync"], + "git_packages" => ["xinetd", "git", "git-daemon"], + "service_prefix" => "openstack-", + "service_suffix" => "", + "git_dir" => "/var/lib/git", + "git_service" => "git", + "service_provider" => Chef::Provider::Service::Redhat, + "override_options" => "" + } +when "fedora" + default["swift"]["platform"] = { + "disk_format" => "xfs", + "proxy_packages" => ["openstack-swift-proxy", "python-memcached"], + "object_packages" => ["openstack-swift-object"], + "container_packages" => ["openstack-swift-container"], + "account_packages" => ["openstack-swift-account"], + "swift_packages" => ["openstack-swift"], + "swauth_packages" => ["openstack-swauth"], + "rsync_packages" => ["rsync"], + "git_packages" => ["git", "git-daemon"], + "service_prefix" => "openstack-", + "service_suffix" => ".service", + "git_dir" => "/var/lib/git", + "git_service" => "git", + "service_provider" => Chef::Provider::Service::Systemd, + "override_options" => "" + } +when "ubuntu" + default["swift"]["platform"] = { + "disk_format" => "xfs", + "proxy_packages" => ["swift-proxy", "python-memcache"], + "object_packages" => ["swift-object"], + "container_packages" => ["swift-container"], + "account_packages" => ["swift-account", "python-swiftclient"], + "swift_packages" => ["swift"], + "swauth_packages" => ["swauth"], + "rsync_packages" => ["rsync"], + "git_packages" => ["git-daemon-sysvinit"], + "service_prefix" => "", + "service_suffix" => "", + "git_dir" => "/var/cache/git", + "git_service" => "git-daemon", + "service_provider" => Chef::Provider::Service::Upstart, + "override_options" => "-o Dpkg::Options:='--force-confold' -o Dpkg::Option:='--force-confdef'" + } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/5EDB1B62EC4926EA b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/5EDB1B62EC4926EA new file mode 100644 index 000000000..99f7cacb1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/5EDB1B62EC4926EA @@ -0,0 +1,53 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQINBFAqSlgBEADPKwXUwqbgoDYgR20zFypxSZlSbrttOKVPEMb0HSUx9Wj8VvNC +r+mT4E9wAyq7NTIs5ad2cUhXoyenrjcfGqK6k9R6yRHDbvAxCSWTnJjw7mzsajDN +ocXC6THKVW8BSjrh0aOBLpht6d5QCO2vyWxw65FKM65GOsbX03ZngUPMuOuiOEHQ +Zo97VSH2pSB+L+B3d9B0nw3QnU8qZMne+nVWYLYRXhCIxSv1/h39SXzHRgJoRUFH +vL2aiiVrn88NjqfDW15HFhVJcGOFuACZnRA0/EqTq0qNo3GziQO4mxuZi3bTVL5s +GABiYW9uIlokPqcS7Fa0FRVIU9R+bBdHZompcYnKAeGag+uRvuTqC3MMRcLUS9Oi +/P9I8fPARXUPwzYN3fagCGB8ffYVqMunnFs0L6td08BgvWwer+Buu4fPGsQ5OzMc +lgZ0TJmXyOlIW49lc1UXnORp4sm7HS6okA7P6URbqyGbaplSsNUVTgVbi+vc8/jY +dfExt/3HxVqgrPlq9htqYgwhYvGIbBAxmeFQD8Ak/ShSiWb1FdQ+f7Lty+4mZLfN +8x4zPZ//7fD5d/PETPh9P0msF+lLFlP564+1j75wx+skFO4v1gGlBcDaeipkFzeo +zndAgpegydKSNTF4QK9iTYobTIwsYfGuS8rV21zE2saLM0CE3T90aHYB/wARAQAB +tD1DYW5vbmljYWwgQ2xvdWQgQXJjaGl2ZSBTaWduaW5nIEtleSA8ZnRwbWFzdGVy +QGNhbm9uaWNhbC5jb20+iQI3BBMBCAAhBQJQKkpYAhsDBQsJCAcDBRUKCQgLBRYC +AwEAAh4BAheAAAoJEF7bG2LsSSbqKxkQAIKtgImrk02YCDldg6tLt3b69ZK0kIVI +3Xso/zCBZbrYFmgGQEFHAa58mIgpv5GcgHHxWjpX3n4tu2RM9EneKvFjFBstTTgo +yuCgFr7iblvs/aMW4jFJAiIbmjjXWVc0CVB/JlLqzBJ/MlHdR9OWmojN9ZzoIA+i ++tWlypgUot8iIxkR6JENxit5v9dN8i6anmnWybQ6PXFMuNi6GzQ0JgZIVs37n0ks +2wh0N8hBjAKuUgqu4MPMwvNtz8FxEzyKwLNSMnjLAhzml/oje/Nj1GBB8roj5dmw +7PSul5pAqQ5KTaXzl6gJN5vMEZzO4tEoGtRpA0/GTSXIlcx/SGkUK5+lqdQIMdyS +n8bImU6V6rDSoOaI9YWHZtpv5WeUsNTdf68jZsFCRD+2+NEmIqBVm11yhmUoasC6 +dYw5l9P/PBdwmFm6NBUSEwxb+ROfpL1ICaZk9Jy++6akxhY//+cYEPLin02r43Z3 +o5Piqujrs1R2Hs7kX84gL5SlBzTM4Ed+ob7KVtQHTefpbO35bQllkPNqfBsC8AIC +8xvTP2S8FicYOPATEuiRWs7Kn31TWC2iwswRKEKVRmN0fdpu/UPdMikyoNu9szBZ +RxvkRAezh3WheJ6MW6Fmg9d+uTFJohZt5qHdpxYa4beuN4me8LF0TYzgfEbFT6b9 +D6IyTFoT0LequQINBFAqSlgBEADmL3TEq5ejBYrA+64zo8FYvCF4gziPa5rCIJGZ +/gZXQ7pm5zek/lOe9C80mhxNWeLmrWMkMOWKCeaDMFpMBOQhZZmRdakOnH/xxO5x ++fRdOOhy+5GTRJiwkuGOV6rB9eYJ3UN9caP2hfipCMpJjlg3j/GwktjhuqcBHXhA +HMhzxEOIDE5hmpDqZ051f8LGXld9aSL8RctoYFM8sgafPVmICTCq0Wh03dr5c2JA +gEXy3ushYm/8i2WFmyldo7vbtTfx3DpmJc/EMpGKV+GxcI3/ERqSkde0kWlmfPZb +o/5+hRqSryqfQtRKnFEQgAqAhPIwXwOkjCpPnDNfrkvzVEtl2/BWP/1/SOqzXjk9 +TIb1Q7MHANeFMrTCprzPLX6IdC4zLp+LpV91W2zygQJzPgWqH/Z/WFH4gXcBBqmI +8bFpMPONYc9/67AWUABo2VOCojgtQmjxuFn+uGNw9PvxJAF3yjl781PVLUw3n66d +wHRmYj4hqxNDLywhhnL/CC7KUDtBnUU/CKn/0Xgm9oz3thuxG6i3F3pQgpp7MeMn +tKhLFWRXo9Bie8z/c0NV4K5HcpbGa8QPqoDseB5WaO4yGIBOt+nizM4DLrI+v07y +Xe3Jm7zBSpYSrGarZGK68qamS3XPzMshPdoXXz33bkQrTPpivGYQVRZuzd/R6b+6 +IurV+QARAQABiQIfBBgBCAAJBQJQKkpYAhsMAAoJEF7bG2LsSSbq59EP/1U3815/ +yHV3cf/JeHgh6WS/Oy2kRHp/kJt3ev/l/qIxfMIpyM3u/D6siORPTUXHPm3AaZrb +w0EDWByA3jHQEzlLIbsDGZgrnl+mxFuHwC1yEuW3xrzgjtGZCJureZ/BD6xfRuRc +mvnetAZv/z98VN/oj3rvYhUi71NApqSvMExpNBGrdO6gQlI5azhOu8xGNy4OSke8 +J6pAsMUXIcEwjVEIvewJuqBW/3rj3Hh14tmWjQ7shNnYBuSJwbLeUW2e8bURnfXE +TxrCmXzDmQldD5GQWCcD5WDosk/HVHBmHlqrqy0VO2nE3c73dQlNcI4jVWeC4b4Q +SpYVsFz/6Iqy5ZQkCOpQ57MCf0B6P5nF92c5f3TYPMxHf0x3DrjDbUVZytxDiZZa +XsbZzsejbbc1bSNp4hb+IWhmWoFnq/hNHXzKPHBTapObnQju+9zUlQngV0BlPT62 +hOHOw3Pv7suOuzzfuOO7qpz0uAy8cFKe7kBtLSFVjBwaG5JX89mgttYW+lw9Rmsb +p9Iw4KKFHIBLOwk7s+u0LUhP3d8neBI6NfkOYKZZCm3CuvkiOeQP9/2okFjtj+29 +jEL+9KQwrGNFEVNe85Un5MJfYIjgyqX3nJcwypYxidntnhMhr2VD3HL2R/4CiswB +Oa4g9309p/+af/HU1smBrOfIeRoxb8jQoHu3 +=xg4S +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/cluster_stats.py b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/cluster_stats.py new file mode 100755 index 000000000..6f793622b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/cluster_stats.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python + +import os +import re +import errno +import subprocess + +USING_COLLECTD=0 + +try: + import collectd + USING_COLLECTD=1 +except: + pass + +# =============================================================================== +# [2012-06-19 21:37:04] Checking ring md5sum's on 3 hosts... +# 3/3 hosts matched, 0 error[s] while checking hosts. +# =============================================================================== +def get_md5sums(): + retval = 0 + output = subprocess.Popen(['swift-recon', '--objmd5'], stdout=subprocess.PIPE).communicate()[0] + for line in output.split("\n"): + result = re.search("([0-9]+) error", line) + if result: + retval = result.group(1) + return retval + + +# =============================================================================== +# [2012-06-19 21:36:27] Checking replication times on 3 hosts... +# [Replication Times] shortest: 0.00546943346659, longest: 0.00739345153173, avg: 0.00669538444943 +# =============================================================================== +def get_replication_times(): + retval = {} + output = subprocess.Popen(['swift-recon', '-r'], stdout=subprocess.PIPE).communicate()[0] + for line in output.split("\n"): + result = re.search("shortest: ([0-9\.]+), longest: ([0-9\.]+), avg: ([0-9\.]+)", line) + if result: + retval['shortest'] = float(result.group(1)) + retval['longest'] = float(result.group(2)) + retval['average'] = float(result.group(3)) + return retval + +def get_all(): + stats = {} + stats['md5sums'] = get_md5sums() + stats['replication_times'] = get_replication_times() + return stats + +def config_callback(conf): + pass + +def read_callback(): + stats = get_all() + + if not stats: + return + + # blarg, this should be fixed + for key in stats.keys(): + path = '%s' % key + value = stats[key] + + if type(value) != type({}): + # must be an int + val = collectd.Values(plugin=path) + val.type = 'gauge' + val.values = [int(value)] + val.dispatch() + else: + # must be a hash + for subvalue in value.keys(): + path = '%s.%s' % (key, subvalue) + val = collectd.Values(plugin=path) + val.type = 'gauge' + if type(value[subvalue]) == type("string"): + val.values = [int(value[subvalue])] + else: + val.values = value[subvalue] + val.dispatch() + +if not USING_COLLECTD: + stats = get_all() + print stats +else: + collectd.register_config(config_callback) + collectd.register_read(read_callback) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/git-daemon.default b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/git-daemon.default new file mode 100644 index 000000000..cb97a4161 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/git-daemon.default @@ -0,0 +1,16 @@ +# Defaults for git-daemon initscript +# sourced by /etc/init.d/git-daemon +# installed at /etc/default/git-daemon by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +GIT_DAEMON_ENABLE=true +GIT_DAEMON_USER=gitdaemon +GIT_DAEMON_DIRECTORY=/var/cache/git +GIT_DAEMON_BASE_PATH=/var/cache/git + + +# Additional options that are passed to the Daemon. +GIT_DAEMON_OPTIONS="" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.init b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.init new file mode 100644 index 000000000..6eb27b098 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.init @@ -0,0 +1,44 @@ +#! /bin/sh +# +# chkconfig: 2345 50 50 +# description: rsync service + +# source function library + . /etc/rc.d/init.d/functions + +PROG='/usr/bin/rsync' +BASE=${0##*/} + +# Adapt the --config parameter to point to your rsync daemon configuration +# The config file must contain following line: +# pid file = /var/run/.pid +# Where is the filename of the init script (= this file) +OPTIONS="--daemon --config=/etc/rsyncd.conf" + +case "$1" in + start) + echo -n $"Starting $BASE: " + daemon --check $BASE $PROG $OPTIONS + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$BASE + echo + ;; + stop) + echo -n $"Shutting down $BASE: " + killproc $BASE + RETVAL=$? + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$BASE + echo + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.service b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.service new file mode 100644 index 000000000..172ba5ef9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/rsync.service @@ -0,0 +1,11 @@ +[Unit] +Description=Rsync Server +After=local-fs.target + +[Service] +Type=forking +ExecStart=/usr/bin/rsync --daemon +PIDFile=/var/run/rsyncd.pid + +[Install] +WantedBy=multi-user.target diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/swift_stats.py b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/swift_stats.py new file mode 100755 index 000000000..dab33b91b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/files/default/swift_stats.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python + +import os +import errno + +from resource import getpagesize + +USING_COLLECTD=0 + +try: + import collectd + USING_COLLECTD=1 +except: + pass + +def get_unmounts(mountpath="/srv/node/"): + try: + candidates = [ x for x in os.listdir(mountpath) if os.path.isdir(mountpath + x) ] + except OSError as e: + if e.errno != errno.ENOENT: + raise + return 0 + + mounts = [] + with open('/proc/mounts', 'r') as procmounts: + for line in procmounts: + _, mounted_path, _, _, _, _ = line.rstrip().split() + if mounted_path.startswith(mountpath): + mounts.append(mounted_path.split('/')[-1]) + + return len(set(candidates) - set(mounts)) + +def get_sockstats(): + sockstat = {} + try: + with open('/proc/net/sockstat') as proc_sockstat: + for entry in proc_sockstat: + if entry.startswith("TCP: inuse"): + tcpstats = entry.split() + sockstat['tcp_in_use'] = int(tcpstats[2]) + sockstat['orphan'] = int(tcpstats[4]) + sockstat['time_wait'] = int(tcpstats[6]) + sockstat['tcp_mem_allocated_bytes'] = \ + int(tcpstats[10]) * getpagesize() + except OSError as e: + if e.errno != errno.ENOENT: + raise + try: + with open('/proc/net/sockstat6') as proc_sockstat6: + for entry in proc_sockstat6: + if entry.startswith("TCP6: inuse"): + sockstat['tcp6_in_use'] = int(entry.split()[2]) + except IOError as e: + if e.errno != errno.ENOENT: + raise + return sockstat + +def get_all(): + stats = {} + stats['socket'] = get_sockstats() + stats['unmounts'] = get_unmounts() + return stats + +def config_callback(conf): + pass + +def read_callback(): + stats = get_all() + + if not stats: + return + + # blarg, this should be fixed + for key in stats.keys(): + path = "%s" % key + value = stats[key] + + if type(value) != type({}): + # must be an int + val = collectd.Values(plugin=path) + val.type = 'gauge' + val.values = [int(value)] + val.dispatch() + else: + # must be a hash + for subvalue in value.keys(): + path = '%s.%s' % (key, subvalue) + val = collectd.Values(plugin=path) + val.type = 'gauge' + val.values = [int(value[subvalue])] + val.dispatch() + +if not USING_COLLECTD: + stats = get_all() + print stats +else: + collectd.register_config(config_callback) + collectd.register_read(read_callback) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/drive_utils.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/drive_utils.rb new file mode 100644 index 000000000..aef75d04f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/drive_utils.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: swift +# Library:: drive_utils +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ron Pedde +# + +module DriveUtils + def locate_disks(enum_expression, filter_expressions) + candidate_disks = eval(enum_expression) + candidate_expression = "candidate_disks.select{|candidate,info| (" + + filter_expressions.map{|x| "(#{x})"}.join(" and ") + ")}" + # TODO(mancdaz): fix this properly so the above works in the first place + candidate_expression.gsub!(/\[\'removable\'\] = 0/, "['removable'].to_i == 0") + drives = Hash[eval(candidate_expression)] + Chef::Log.info("Using candidate drives: #{drives.keys.join(", ")}") + drives.keys + end +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/ip_utils.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/ip_utils.rb new file mode 100644 index 000000000..35c971024 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/libraries/ip_utils.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: swift +# Library:: ip_utils +# +# Copyright 2013, ATT Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Alan Meadows +# + +require "ipaddr" + +module IPUtils + def locate_ip_in_cidr(network, node) + Chef::Log.debug("Searching for ip within #{network} on node #{node.name}") + net = IPAddr.new(network) + node["network"]["interfaces"].each do |interface| + if interface[1].has_key?("addresses") then + interface[1]["addresses"].each do |k,v| + if v["family"] == "inet6" or (v["family"] == "inet" and v["prefixlen"] != "32") then + addr=IPAddr.new(k) + if net.include?(addr) then + return k + end + end + end + end + end + + error = "Can't find address within network #{network} for node #{node.name}" + Chef::Log.error(error) + raise error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/metadata.rb new file mode 100644 index 000000000..730bad47c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/metadata.rb @@ -0,0 +1,20 @@ +name "openstack-object-storage" +maintainer "ATT, Inc." +license "Apache 2.0" +description "Installs and configures Openstack Swift" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.1.0" +recipe "openstack-object-storage::setup", "Does initial setup of a swift cluster" +recipe "openstack-object-storage::account-server", "Installs the swift account server" +recipe "openstack-object-storage::object-server", "Installs the swift object server" +recipe "openstack-object-storage::proxy-server", "Installs the swift proxy server" +recipe "openstack-object-storage::container-server", "Installs the swift container server" + +%w{ centos ubuntu }.each do |os| + supports os +end + +depends "memcached" +depends "sysctl" +depends "statsd" +depends "apt" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/disk.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/disk.rb new file mode 100644 index 000000000..d20193fa4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/disk.rb @@ -0,0 +1,264 @@ +# +# Copyright 2011, Dell +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: andi abes +# + +require 'chef/mixin/shell_out' +include Chef::Mixin::ShellOut + +def load_current_resource + dev_name = @new_resource.name + @current = Chef::Resource::OpenstackObjectStorageDisk.new(dev_name) + + parted_partition_parse dev_name + parts = @current.part() + + if not @current.blocks + # parted didn't return anything -- empty disk. + # get size from sfdisk + sfdisk_get_size(dev_name) + end + + Chef::Log.info("About to print partition table") + + s = < part_num, + :start => Regexp.last_match(2).to_i / 1024, + :end => Regexp.last_match(3).to_i / 1024, + :size => Regexp.last_match(4).to_i / 1024, + :type => Regexp.last_match(5), + :system => Regexp.last_match(6), + :flags => Regexp.last_match(7) } + part_tab << part_info + } + end + + @current.part(part_tab) + part_tab +end + +action :list do + Chef::Log.info("at some point there'll be a list") +end + +#### +# compare the requested partition table parameters to what exists +# if differences found - remove all current partitions, and create new ones. +# An existing partition is considered a match if: +# - it has the same serial # (1,2,3) +# - it has the same size +# +# We also want to start to partition at 1M to be correctly aligned +# even due to 4K sector size and controller stripe sizes. +# +# Plus, then parted doesn't bitch every time you run it. + +action :ensure_exists do + Chef::Log.info("Entering :ensure_exists") + + req = @new_resource.part + cur = @current.part + dev_name = @new_resource.name + update = false + + recreate, delete_existing = false + + disk_blocks = @current.blocks #1k blocks + + if (cur.nil?) + recreate = true; + else + idx = 0 + current_block=0 + + Chef::Log.info("Checking partition #{idx}") + + req.each { |params| + if (cur[idx].nil?) + recreate = true + Chef::Log.info("no current #{idx}") + next + end + + req_size = params[:size] # size in Mb - convert to blocks + if (req_size == :remaining) + req_size = disk_blocks - current_block + else + req_size = req_size * 1024 + end + + cur_size = cur[idx][:size] + + cur_min, cur_max = req_size*0.9, req_size*1.1 + if !(cur_size > cur_min and cur_size < cur_max) + recreate = true + end + + current_block += cur[idx][:size] + Chef::Log.info("partition #{idx} #{(recreate ? 'differs' : 'is same')}: #{cur_size}/#{req_size}") + idx+=1 + } + end + + if !recreate + Chef::Log.info("partition table matches - not recreating") + else + ### make sure to ensure that there are no mounted + ### filesystems on the device + re = /^(#{Regexp.escape(dev_name)}[0-9]+)/ + mounted = [] + shell_out!("mount").stdout.each_line { |line| + md = re.match(line) + next unless md + mounted << md[1] + } + mounted.each { |m| + Chef::Log.info("unmounting #{m}") + shell_out!("umount #{m}") + } + + # Nuke current partition table. + execute "create new partition table" do + command "parted -s -m #{dev_name} mktable gpt" + end + + # create new partitions + idx = 0 + req.each { | params | + start_block = 0 + + if idx == 0 + start_block = "1M" + end + + if (params[:size] == :remaining) + requested_size = "100%" + else + requested_size = "#{params[:size]}M" + end + + s = "parted -m -s #{dev_name} " + s << "mkpart #{idx} #{start_block} #{requested_size}" # #{params[:type]} + Chef::Log.info("creating new partition #{idx+1} with:" + s) + execute "creating partition #{idx}" do + command s + end + idx+=1 + + } + update = true + end + + # walk through the partitions and enforce disk format + idx=1 + req.each do |params| + device = "#{dev_name}#{idx}" + Chef::Log.info("Checking #{device}") + + if ::File.exist?(device) + # FIXME: check the format on the file system. This should be + # handled by a disk format provider. Maybe the xfs/btrfs/etc + # providers? + Chef::Log.info("Testing file system on #{device} for type #{params[:type]}") + + case params[:type] + when "xfs" + if not system("xfs_admin -l #{device}") + Mixlib::ShellOut.new("mkfs.xfs -f -i size=512 #{device}").run_command + update = true + end + when "ext4" + if not system("tune2fs -l #{device} | grep \"Filesystem volume name:\" | awk \'{print $4}\' | grep -v \"\"") + Mixlib::ShellOut.new("mkfs.ext4 #{device}").run_command + update = true + end + end + end + end + new_resource.updated_by_last_action(update) +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/mounts.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/mounts.rb new file mode 100644 index 000000000..bf2ed2218 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/mounts.rb @@ -0,0 +1,168 @@ +# +# Cookbook Name:: swift +# Provider:: mounts +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ron Pedde +# + +require "chef/util/file_edit" + +action :ensure_exists do + proposed_devices = @new_resource.devices + path = @new_resource.name + dev_info = {} + + Chef::Log.info("IN MOUNTS") + + new_resource.updated_by_last_action(false) + + # walk through the devices, gathering information + proposed_devices.each do |device| + next if !::File.exists?("/dev/#{device}") + + info = {} + info["device"] = device + info["ip"] = @new_resource.ip + info["format"] = @new_resource.format + info["uuid"] = `blkid /dev/#{device} -s UUID -o value`.strip + info["mountpoint"] = info["uuid"].split("-").join("") + info["mounted"] = system("mount | grep '#{path}/#{info["mountpoint"]}\'") + info["size"] = `sfdisk -s /dev/#{device}`.to_i / 1024 + + next if (info["uuid"] == '') + + dev_info[info["uuid"]] = info + end + + Chef::Log.info("Physical Inventory:") + dev_info.each do |_,v| + Chef::Log.info("Device: #{v['device']}, UUID: #{v['uuid']}, Mounted: #{v['mounted']}, Format: #{v['format']}") + end + + # make sure we have a "path" + Directory(path) do + group "swift" + owner "swift" + recursive true + end.run_action(:create) + + # find what should be mounted, and what IS mounted + mounts=node["filesystem"].inject({}) { |hsh, (k,v)| hsh.merge(v["mount"] => k) } + valid_mounts = dev_info.inject([]) {|ary, (_,v)| ary << "#{path}/#{v['mountpoint']}"} + mountpoints = Dir.new(path).reject {|x| x[/^\./] }.collect { |d| "#{path}/#{d}" } + inverted_mounts = dev_info.inject({}) {|hsh,(k,v)| hsh.merge({v["mountpoint"] => v.merge("uuid" => k)})} + fstabs=::File.readlines("/etc/fstab").inject({}) do |hash,line| + line = line.split("#")[0].split() + Chef::Log.info("#{line[0]} ... #{line[1]}") + hash.merge(line[1] => line[0]) + end.reject { |k,v| !k or !v or !k.length or !v.length } + + Chef::Log.info("Mounts: #{mounts}") + Chef::Log.info("Valid Mounts: #{valid_mounts}") + Chef::Log.info("Mountpoints: #{mountpoints}") + Chef::Log.info("Fstabs: #{fstabs}") + + # mounts in /srv/node that shouldn't be there + (mounts.keys.select{|x| x and x[/^#{path}/]} - valid_mounts).each do |dev| + Chef::Log.info("Unmounting #{dev}") + system("umount #{dev}") if system("mount | grep '#{dev}'") + new_resource.updated_by_last_action(true) + end + + # fstab entries that don't need to be there anymore + (fstabs.keys.select {|k| k.start_with? path} - valid_mounts).each do |dev| + fe = Chef::Util::FileEdit.new("/etc/fstab") + fe.search_file_delete_line(Regexp.new(dev.gsub("/","\/"))) + fe.write_file + new_resource.updated_by_last_action(true) + end + + # directories/mountpoints in /srv/node that are now useless + (mountpoints - valid_mounts).each do |mountpoint| + Chef::Log.info("rmdiring #{mountpoint}") + begin + Dir.rmdir(mountpoint) + rescue SystemCallError + Chef::Log.info("Directory #{mountpoint} appears non-empty") + end + new_resource.updated_by_last_action(true) + end + + # new, unmounted devices + (valid_mounts - mounts.keys).each do |mountpoint| + info = inverted_mounts[mountpoint.gsub("#{path}/","")] + + Chef::Log.info("mounting #{mountpoint} (#{info['device']})") + + mount_path = "#{path}/#{info['mountpoint']}" + + Directory(mount_path) do + group "swift" + owner "swift" + recursive true + end.run_action(:create) + + case info['format'] + when 'ext4' + mount_options = "noatime,nodiratime,nobarrier,user_xattr" + when 'xfs' + case node["platform"] + when "ubuntu","debian" + mount_options = "noatime,nodiratime,nobarrier,logbufs=8,nobootwait" + else + mount_options = "noatime,nodiratime,nobarrier,logbufs=8" + end + end + + mt = Mount(mount_path) do + device info['uuid'] + device_type :uuid + options mount_options + dump 0 + fstype info['format'] + action :nothing + end + + if not fstabs.has_key?(mount_path) + # then its a brand-new drive, freshly formatted + Chef::Log.info("Mounting new device #{info['mountpoint']}") + mt.run_action(:enable) + mt.run_action(:mount) + end + + new_resource.updated_by_last_action(true) + end + + dev_info.reject { |k,v| v["mounted"] }.keys.each do |uuid| + dev_info[uuid]["mounted"] = system("mount | grep '#{path}/#{dev_info[uuid]["mountpoint"]}\'") + end + + if @new_resource.publish_attributes and dev_info != {} + dev_info.each do |k,v| + node.set["swift"]["state"]["devs"][k] = { + :device => v["device"], + :size => v["size"], + :uuid => v["uuid"], + :mounted => v["mounted"], + :format => v["format"], + :mountpoint => v["mountpoint"], + :ip => v["ip"] + } + end + end +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/ring_script.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/ring_script.rb new file mode 100644 index 000000000..7218a3906 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/providers/ring_script.rb @@ -0,0 +1,262 @@ +# +# Cookbook Name:: swift +# Resource:: ring_script +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ron Pedde +# + +require "pp" + +def generate_script + # need to load and parse the existing rings. + ports = { "object" => "6000", "container" => "6001", "account" => "6002" } + must_rebalance = false + + ring_path = @new_resource.ring_path + ring_data = { :raw => {}, :parsed => {}, :in_use => {} } + disk_data = {} + dirty_cluster_reasons = [] + + [ "account", "container", "object" ].each do |which| + ring_data[:raw][which] = nil + + if ::File.exist?("#{ring_path}/#{which}.builder") + IO.popen("su swift -c 'swift-ring-builder #{ring_path}/#{which}.builder'") do |pipe| + ring_data[:raw][which] = pipe.readlines + # Chef::Log.debug("#{ which.capitalize } Ring data: #{ring_data[:raw][which]}") + ring_data[:parsed][which] = parse_ring_output(ring_data[:raw][which]) + + node.set["swift"]["state"]["ring"][which] = ring_data[:parsed][which] + end + else + Chef::Log.info("#{which.capitalize} ring builder files do not exist!") + end + + # collect all the ring data, and note what disks are in use. All I really + # need is a hash of device and id + + ring_data[:in_use][which] ||= {} + if ring_data[:parsed][which][:hosts] + ring_data[:parsed][which][:hosts].each do |ip, dev| + dev.each do |dev_id, devhash| + ring_data[:in_use][which].store(devhash[:device], devhash[:id]) + end + end + end + + Chef::Log.debug("#{which.capitalize} Ring - In use: #{PP.pp(ring_data[:in_use][which],dump='')}") + + # figure out what's present in the cluster + disk_data[which] = {} + disk_state,_,_ = Chef::Search::Query.new.search(:node,"chef_environment:#{node.chef_environment} AND roles:swift-#{which}-server") + + # for a running track of available disks + disk_data[:available] ||= {} + disk_data[:available][which] ||= {} + + disk_state.each do |swiftnode| + if swiftnode[:swift][:state] and swiftnode[:swift][:state][:devs] + swiftnode[:swift][:state][:devs].each do |k,v| + disk_data[which][v[:ip]] = disk_data[which][v[:ip]] || {} + disk_data[which][v[:ip]][k] = {} + v.keys.each { |x| disk_data[which][v[:ip]][k].store(x,v[x]) } + + if swiftnode[:swift].has_key?("#{which}-zone") + disk_data[which][v[:ip]][k]["zone"]=swiftnode[:swift]["#{which}-zone"] + elsif swiftnode[:swift].has_key?("zone") + disk_data[which][v[:ip]][k]["zone"]=swiftnode[:swift]["zone"] + else + raise "Node #{swiftnode[:hostname]} has no zone assigned" + end + + disk_data[:available][which][v[:mountpoint]] = v[:ip] + + if not v[:mounted] + dirty_cluster_reasons << "Disk #{v[:name]} (#{v[:uuid]}) is not mounted on host #{v[:ip]} (#{swiftnode[:hostname]})" + end + end + end + end + Chef::Log.debug("#{which.capitalize} Ring - Avail: #{PP.pp(disk_data[:available][which],dump='')}") + end + + # Have the raw data, now bump it together and drop the script + + s = "#!/bin/bash\n\n# This script is automatically generated.\n" + s << "# Running it will likely blow up your system if you don't review it carefully.\n" + s << "# You have been warned.\n\n" + if not node["swift"]["auto_rebuild_rings"] + s << "if [ \"$1\" != \"--force\" ]; then\n" + s << " echo \"Auto rebuild rings is disabled, so you must use --force to generate rings\"\n" + s << " exit 0\n" + s << "fi\n\n" + end + + # Chef::Log.debug("#{PP.pp(disk_data, dump='')}") + + new_disks = {} + missing_disks = {} + new_servers = [] + + [ "account", "container", "object" ].each do |which| + # remove available disks that are already in the ring + new_disks[which] = disk_data[:available][which].reject{ |k,v| ring_data[:in_use][which].has_key?(k) } + + # find all in-ring disks that are not in the cluster + missing_disks[which] = ring_data[:in_use][which].reject{ |k,v| disk_data[:available][which].has_key?(k) } + + Chef::Log.debug("#{which.capitalize} Ring - Missing: #{PP.pp(missing_disks[which],dump='')}") + Chef::Log.debug("#{which.capitalize} Ring - New: #{PP.pp(new_disks[which],dump='')}") + + s << "\n# -- #{which.capitalize} Servers --\n\n" + disk_data[which].keys.sort.each do |ip| + s << "# #{ip}\n" + disk_data[which][ip].keys.sort.each do |k| + v = disk_data[which][ip][k] + s << "# " + v.keys.sort.select{|x| ["ip", "device", "uuid"].include?(x)}.collect{|x| v[x] }.join(", ") + if new_disks[which].has_key?(v["mountpoint"]) + s << " (NEW!)" + new_servers << ip unless new_servers.include?(ip) + end + s << "\n" + end + end + + # for all those servers, check if they are already in the ring. If not, + # then we need to add them to the ring. For those that *were* in the + # ring, and are no longer in the ring, we need to delete those. + + s << "\n" + + # add the new disks + disk_data[which].keys.sort.each do |ip| + disk_data[which][ip].keys.sort.each do |uuid| + v = disk_data[which][ip][uuid] + if new_disks[which].has_key?(v['mountpoint']) + s << "swift-ring-builder #{ring_path}/#{which}.builder add z#{v['zone']}-#{v['ip']}:#{ports[which]}/#{v['mountpoint']} #{v['size']}\n" + must_rebalance = true + end + end + end + + # remove the disks -- sort to ensure consistent order + missing_disks[which].keys.sort.each do |mountpoint| + diskinfo=ring_data[:parsed][which][:hosts].select{|k,v| v.has_key?(mountpoint)}.collect{|_,v| v[mountpoint]}[0] + Chef::Log.debug("Missing diskinfo: #{PP.pp(diskinfo,dump='')}") + description = Hash[diskinfo.select{|k,v| [:zone, :ip, :device].include?(k)}].collect{|k,v| "#{k}: #{v}" }.join(", ") + s << "# #{description}\n" + s << "swift-ring-builder #{ring_path}/#{which}.builder remove d#{missing_disks[which][mountpoint]}\n" + must_rebalance = true + end + + s << "\n" + + if(must_rebalance) + s << "swift-ring-builder #{ring_path}/#{which}.builder rebalance\n\n\n" + else + s << "# #{which.capitalize} ring has no outstanding changes!\n\n" + end + + # we'll only rebalance if we meet the minimums for new adds + if node["swift"].has_key?("wait_for") + if node["swift"]["wait_for"] > new_servers.count + Chef::Log.debug("New servers, but not enough to force a rebalance") + must_rebalance = false + end + end + end + [ s, must_rebalance ] +end + +# Parse the raw output of swift-ring-builder +def parse_ring_output(ring_data) + output = { :state => {} } + + ring_data.each do |line| + if line =~ /build version ([0-9]+)/ + output[:state][:build_version] = $1 + elsif line =~ /^Devices:\s+id\s+region\s+zone\s+/ + next + elsif line =~ /^Devices:\s+id\s+zone\s+/ + next + elsif line =~ /^\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+\.\d+\.\d+\.\d+)\s+(\d+)\s+(\S+)\s+([0-9.]+)\s+(\d+)\s+([-0-9.]+)\s*$/ + output[:hosts] ||= {} + output[:hosts][$3] ||= {} + + output[:hosts][$3][$5] = {} + + output[:hosts][$3][$5][:id] = $1 + output[:hosts][$3][$5][:region] = $2 + output[:hosts][$3][$5][:zone] = $3 + output[:hosts][$3][$5][:ip] = $4 + output[:hosts][$3][$5][:port] = $5 + output[:hosts][$3][$5][:device] = $6 + output[:hosts][$3][$5][:weight] = $7 + output[:hosts][$3][$5][:partitions] = $8 + output[:hosts][$3][$5][:balance] = $9 + elsif line =~ /^\s+(\d+)\s+(\d+)\s+(\d+\.\d+\.\d+\.\d+)\s+(\d+)\s+(\S+)\s+([0-9.]+)\s+(\d+)\s+([-0-9.]+)\s*$/ + output[:hosts] ||= {} + output[:hosts][$3] ||= {} + + output[:hosts][$3][$5] = {} + + output[:hosts][$3][$5][:id] = $1 + output[:hosts][$3][$5][:zone] = $2 + output[:hosts][$3][$5][:ip] = $3 + output[:hosts][$3][$5][:port] = $4 + output[:hosts][$3][$5][:device] = $5 + output[:hosts][$3][$5][:weight] = $6 + output[:hosts][$3][$5][:partitions] = $7 + output[:hosts][$3][$5][:balance] = $8 + elsif line =~ /(\d+) partitions, (\d+\.\d+) replicas, (\d+) regions, (\d+) zones, (\d+) devices, (\d+\.\d+) balance$/ + output[:state][:partitions] = $1 + output[:state][:replicas] = $2 + output[:state][:regions] = $3 + output[:state][:zones] = $4 + output[:state][:devices] = $5 + output[:state][:balance] = $6 + elsif line =~ /(\d+) partitions, (\d+) replicas, (\d+) zones, (\d+) devices, (\d+\.\d+) balance$/ + output[:state][:partitions] = $1 + output[:state][:replicas] = $2 + output[:state][:zones] = $3 + output[:state][:devices] = $4 + output[:state][:balance] = $5 + elsif line =~ /^The minimum number of hours before a partition can be reassigned is (\d+)$/ + output[:state][:min_part_hours] = $1 + else + raise "Cannot parse ring builder output for #{line}" + end + end + + output +end + +action :ensure_exists do + Chef::Log.debug("Ensuring #{new_resource.name}") + new_resource.updated_by_last_action(false) + s,must_update = generate_script + + script_file = File new_resource.name do + owner new_resource.owner + group new_resource.group + mode new_resource.mode + content s + end + + script_file.run_action(:create) + new_resource.updated_by_last_action(must_update) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/account-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/account-server.rb new file mode 100644 index 000000000..ad7de4ec9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/account-server.rb @@ -0,0 +1,96 @@ +# +# Cookbook Name:: swift +# Recipe:: account-server +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-object-storage::common" +include_recipe "openstack-object-storage::storage-common" +include_recipe "openstack-object-storage::disks" + +platform_options = node["swift"]["platform"] + +platform_options["account_packages"].each.each do |pkg| + package pkg do + action :install + options platform_options["override_options"] # retain configs + end +end + +# epel/f-17 missing init scripts for the non-major services. +# https://bugzilla.redhat.com/show_bug.cgi?id=807170 +%w{auditor reaper replicator}.each do |svc| + template "/etc/systemd/system/openstack-swift-account-#{svc}.service" do + owner "root" + group "root" + mode "0644" + source "simple-systemd-config.erb" + variables({ :description => "OpenStack Object Storage (swift) - " + + "Account #{svc.capitalize}", + :user => "swift", + :exec => "/usr/bin/swift-account-#{svc} " + + "/etc/swift/account-server.conf" + }) + only_if { platform?(%w{fedora}) } + end +end + +# TODO(breu): track against upstream epel packages to determine if this +# is still necessary +# https://bugzilla.redhat.com/show_bug.cgi?id=807170 +%w{auditor reaper replicator}.each do |svc| + template "/etc/init.d/openstack-swift-account-#{svc}" do + owner "root" + group "root" + mode "0755" + source "simple-redhat-init-config.erb" + variables({ :description => "OpenStack Object Storage (swift) - " + + "Account #{svc.capitalize}", + :exec => "account-#{svc}" + }) + only_if { platform?(%w{redhat centos}) } + end +end + +%w{swift-account swift-account-auditor swift-account-reaper swift-account-replicator}.each do |svc| + service_name = platform_options["service_prefix"] + svc + platform_options["service_suffix"] + service svc do + service_name service_name + provider platform_options["service_provider"] + supports :status => true, :restart => true + action [:enable, :start] + only_if "[ -e /etc/swift/account-server.conf ] && [ -e /etc/swift/account.ring.gz ]" + end +end + +# retrieve bind information from node +bind_ip = node["swift"]["network"]["bind_ip"] +bind_port = node["swift"]["network"]["bind_port"] + +# create account server template +template "/etc/swift/account-server.conf" do + source "account-server.conf.erb" + owner "swift" + group "swift" + mode "0600" + variables("bind_ip" => node["swift"]["network"]["account-bind-ip"], + "bind_port" => node["swift"]["network"]["account-bind-port"]) + + notifies :restart, "service[swift-account]", :immediately + notifies :restart, "service[swift-account-auditor]", :immediately + notifies :restart, "service[swift-account-reaper]", :immediately + notifies :restart, "service[swift-account-replicator]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/common.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/common.rb new file mode 100644 index 000000000..74dcff0af --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/common.rb @@ -0,0 +1,110 @@ +# +# Cookbook Name:: swift +# Recipe:: swift-common +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class Chef::Recipe + include DriveUtils +end + +include_recipe 'sysctl::default' + +# optionally statsd daemon for stats collection +if node["swift"]["enable_statistics"] + include_recipe 'statsd::server' +end + +platform_options = node["swift"]["platform"] + +# update repository if requested with the ubuntu cloud +case node["platform"] +when "ubuntu" + + Chef::Log.info("Creating apt repository for http://ubuntu-cloud.archive.canonical.com/ubuntu") + Chef::Log.info("chefspec: #{node['lsb']['codename']}-updates/#{node['swift']['release']}") + apt_repository "ubuntu_cloud" do + uri "http://ubuntu-cloud.archive.canonical.com/ubuntu" + distribution "#{node['lsb']['codename']}-updates/#{node['swift']['release']}" + components ["main"] + key "5EDB1B62EC4926EA" + action :add + end +end + + +platform_options["swift_packages"].each do |pkg| + package pkg do + action :install + end +end + +directory "/etc/swift" do + action :create + owner "swift" + group "swift" + mode "0700" + only_if "/usr/bin/id swift" +end + +# determine hash +if node['swift']['swift_secret_databag_name'].nil? + swifthash = node['swift']['swift_hash'] +else + swift_secrets = Chef::EncryptedDataBagItem.load "secrets", node['swift']['swift_secret_databag_name'] + swifthash = swift_secrets['swift_hash'] +end + + +file "/etc/swift/swift.conf" do + action :create + owner "swift" + group "swift" + mode "0700" + content "[swift-hash]\nswift_hash_path_suffix=#{swifthash}\n" + only_if "/usr/bin/id swift" +end + +# need a swift user +user "swift" do + shell "/bin/bash" + action :modify + only_if "/usr/bin/id swift" +end + +package "git" do + action :install +end + +# drop a ring puller script +# TODO: make this smarter +git_builder_ip = node["swift"]["git_builder_ip"] +template "/etc/swift/pull-rings.sh" do + source "pull-rings.sh.erb" + owner "swift" + group "swift" + mode "0700" + variables({ + :builder_ip => git_builder_ip, + :service_prefix => platform_options["service_prefix"] + }) + only_if "/usr/bin/id swift" +end + +execute "/etc/swift/pull-rings.sh" do + cwd "/etc/swift" + only_if "[ -x /etc/swift/pull-rings.sh ]" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/container-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/container-server.rb new file mode 100644 index 000000000..e0c0aeea2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/container-server.rb @@ -0,0 +1,93 @@ +# +# Cookbook Name:: swift +# Recipe:: swift-container-server +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-object-storage::common" +include_recipe "openstack-object-storage::storage-common" +include_recipe "openstack-object-storage::disks" + + +platform_options = node["swift"]["platform"] + +platform_options["container_packages"].each do |pkg| + package pkg do + action :install + options platform_options["override_options"] + end +end + +# epel/f-17 missing init scripts for the non-major services. +# https://bugzilla.redhat.com/show_bug.cgi?id=807170 +%w{auditor updater replicator}.each do |svc| + template "/etc/systemd/system/openstack-swift-container-#{svc}.service" do + owner "root" + group "root" + mode "0644" + source "simple-systemd-config.erb" + variables({ :description => "OpenStack Object Storage (swift) - " + + "Container #{svc.capitalize}", + :user => "swift", + :exec => "/usr/bin/swift-container-#{svc} " + + "/etc/swift/container-server.conf" + }) + only_if { platform?(%w{fedora}) } + end +end + +# TODO(breu): track against upstream epel packages to determine if this +# is still necessary +# https://bugzilla.redhat.com/show_bug.cgi?id=807170 +%w{auditor updater replicator}.each do |svc| + template "/etc/init.d/openstack-swift-container-#{svc}" do + owner "root" + group "root" + mode "0755" + source "simple-redhat-init-config.erb" + variables({ :description => "OpenStack Object Storage (swift) - " + + "Container #{svc.capitalize}", + :exec => "container-#{svc}" + }) + only_if { platform?(%w{redhat centos}) } + end +end + +%w{swift-container swift-container-auditor swift-container-replicator swift-container-updater}.each do |svc| + service_name=platform_options["service_prefix"] + svc + platform_options["service_suffix"] + + service svc do + service_name service_name + provider platform_options["service_provider"] + supports :status => true, :restart => true + action [:enable, :start] + only_if "[ -e /etc/swift/container-server.conf ] && [ -e /etc/swift/container.ring.gz ]" + end +end + +template "/etc/swift/container-server.conf" do + source "container-server.conf.erb" + owner "swift" + group "swift" + mode "0600" + variables("bind_ip" => node["swift"]["network"]["container-bind-ip"], + "bind_port" => node["swift"]["network"]["container-bind-port"]) + + notifies :restart, "service[swift-container]", :immediately + notifies :restart, "service[swift-container-replicator]", :immediately + notifies :restart, "service[swift-container-updater]", :immediately + notifies :restart, "service[swift-container-auditor]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/disks.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/disks.rb new file mode 100644 index 000000000..89c573f10 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/disks.rb @@ -0,0 +1,66 @@ +# +# Cookbook Name:: swift +# Recipe:: disks +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ron Pedde +# Inspired by: Andi Abes @ Dell + +class Chef::Recipe + include IPUtils +end + + +platform_options = node["swift"]["platform"] + +package "xfsprogs" do + action :install + only_if { platform?(%w{ubuntu debian fedora centos}) } +end + +%w(parted util-linux).each do |pkg| + package pkg do + action :install + end +end + +disk_enum_expr = node["swift"]["disk_enum_expr"] +disk_test_filter = node["swift"]["disk_test_filter"] + +disks = locate_disks(disk_enum_expr, disk_test_filter) + +disks.each do |disk| + openstack_object_storage_disk "/dev/#{disk}" do + part [{:type => platform_options["disk_format"] , :size => :remaining}] + action :ensure_exists + end +end + +# FIXME: "#{x}1" is only really valid for {v,s,h}dx. Doesn't +# work for loop or probably for hp-style /dev/cciss/c0d0p1x0t0g0m1whatever +# +# additionally, there is an implicit assumption that bind ports +# for all object/container/account services are on the same net +disk_ip = locate_ip_in_cidr(node["swift"]["network"]["object-cidr"], node) + +openstack_object_storage_mounts "/srv/node" do + action :ensure_exists + publish_attributes "swift/state/devs" + devices disks.collect { |x| "#{x}1" } + ip disk_ip + format platform_options["disk_format"] +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/management-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/management-server.rb new file mode 100644 index 000000000..db29e1d95 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/management-server.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: swift +# Recipe:: management-server +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-object-storage::common" + +# FIXME: This should probably be a role (ring-builder?), so you don't end up +# with multiple repos! +include_recipe "openstack-object-storage::ring-repo" + +platform_options = node["swift"]["platform"] + +if node["swift"]["authmode"] == "swauth" + platform_options["swauth_packages"].each.each do |pkg| + package pkg do + action :install + options platform_options["override_options"] # retain configs + end + end +end + +# determine where to find dispersion login information +if node['swift']['swift_secret_databag_name'].nil? + auth_user = node["swift"]["dispersion"]["auth_user"] + auth_key = node["swift"]["dispersion"]["auth_key"] +else + swift_secrets = Chef::EncryptedDataBagItem.load "secrets", node['swift']['swift_secret_databag_name'] + auth_user = swift_secrets['dispersion_auth_user'] + auth_key = swift_secrets['dispersion_auth_key'] +end + +template "/etc/swift/dispersion.conf" do + source "dispersion.conf.erb" + owner "swift" + group "swift" + mode "0600" + variables("auth_url" => node["swift"]["auth_url"], + "auth_user" => auth_user, + "auth_key" => auth_key) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/memcached.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/memcached.rb new file mode 100644 index 000000000..9cc533aa4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/memcached.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: swift +# Recipe:: memcached +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "memcached" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb new file mode 100644 index 000000000..01bb15201 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb @@ -0,0 +1,101 @@ +# +# Cookbook Name:: swift +# Recipe:: swift-object-server +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-object-storage::common" +include_recipe "openstack-object-storage::storage-common" +include_recipe "openstack-object-storage::disks" + +platform_options = node["swift"]["platform"] + +platform_options["object_packages"].each do |pkg| + package pkg do + action :install + options platform_options["override_options"] # retain configs + end +end + +# epel/f-17 missing init scripts for the non-major services. +# https://bugzilla.redhat.com/show_bug.cgi?id=807170 +%w{auditor updater replicator}.each do |svc| + template "/etc/systemd/system/openstack-swift-object-#{svc}.service" do + owner "root" + group "root" + mode "0644" + source "simple-systemd-config.erb" + variables({ :description => "OpenStack Object Storage (swift) - " + + "Object #{svc.capitalize}", + :user => "swift", + :exec => "/usr/bin/swift-object-#{svc} " + + "/etc/swift/object-server.conf" + }) + only_if { platform?(%w{fedora})} + end +end + +# TODO(breu): track against upstream epel packages to determine if this +# is still necessary +# https://bugzilla.redhat.com/show_bug.cgi?id=807170 +%w{auditor updater replicator}.each do |svc| + template "/etc/init.d/openstack-swift-object-#{svc}" do + owner "root" + group "root" + mode "0755" + source "simple-redhat-init-config.erb" + variables({ :description => "OpenStack Object Storage (swift) - " + + "Object #{svc.capitalize}", + :exec => "object-#{svc}" + }) + only_if { platform?(%w{redhat centos}) } + end +end + +%w{swift-object swift-object-replicator swift-object-auditor swift-object-updater}.each do |svc| + service_name=platform_options["service_prefix"] + svc + platform_options["service_suffix"] + + service svc do + service_name service_name + provider platform_options["service_provider"] + # the default ubuntu provider uses invoke-rc.d, which apparently is + # status-illy broken in ubuntu + supports :status => false, :restart => true + action [:enable, :start] + only_if "[ -e /etc/swift/object-server.conf ] && [ -e /etc/swift/object.ring.gz ]" + end + +end + +template "/etc/swift/object-server.conf" do + source "object-server.conf.erb" + owner "swift" + group "swift" + mode "0600" + variables("bind_ip" => node["swift"]["network"]["object-bind-ip"], + "bind_port" => node["swift"]["network"]["object-bind-port"]) + + notifies :restart, "service[swift-object]", :immediately + notifies :restart, "service[swift-object-replicator]", :immediately + notifies :restart, "service[swift-object-updater]", :immediately + notifies :restart, "service[swift-object-auditor]", :immediately +end + +cron "swift-recon" do + minute "*/5" + command "swift-recon-cron /etc/swift/object-server.conf" + user "swift" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb new file mode 100644 index 000000000..5d0d144cf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb @@ -0,0 +1,116 @@ +# +# Cookbook Name:: swift +# Recipe:: proxy-server +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "openstack-object-storage::common" +include_recipe "openstack-object-storage::memcached" + +class Chef::Recipe + include IPUtils +end + +if node.run_list.expand(node.chef_environment).recipes.include?("openstack-object-storage::setup") + Chef::Log.info("I ran the openstack-object-storage::setup so I will use my own swift passwords") +else + setup = search(:node, "chef_environment:#{node.chef_environment} AND roles:swift-setup") + if setup.length == 0 + Chef::Application.fatal! "You must have run the openstack-object-storage::setup recipe (on this or another node) before running the swift::proxy recipe on this node" + elsif setup.length == 1 + Chef::Log.info "Found openstack-object-storage::setup node: #{setup[0].name}" + node.set["swift"]["service_pass"] = setup[0]["swift"]["service_pass"] + elsif setup.length >1 + Chef::Application.fatal! "You have multiple nodes in your environment that have run swift-setup, and that is not allowed" + end +end + +platform_options = node["swift"]["platform"] + +# install platform-specific packages +platform_options["proxy_packages"].each do |pkg| + package pkg do + action :install + options platform_options["override_options"] + end +end + +package "python-swauth" do + action :install + only_if { node["swift"]["authmode"] == "swauth" } +end + +package "python-swift-informant" do + action :install + only_if { node["swift"]["use_informant"] } +end + +package "python-keystone" do + action :install + only_if { node["swift"]["authmode"] == "keystone" } +end + +directory "/var/cache/swift" do + owner "swift" + group "swift" + mode 00700 +end + +swift_proxy_service = platform_options["service_prefix"] + "swift-proxy" + platform_options["service_suffix"] +service "swift-proxy" do + # openstack-swift-proxy.service on fedora-17, swift-proxy on ubuntu + service_name swift_proxy_service + provider platform_options["service_provider"] + supports :status => true, :restart => true + action [ :enable, :start ] + only_if "[ -e /etc/swift/proxy-server.conf ] && [ -e /etc/swift/object.ring.gz ]" +end + +# use localhost when using chef solo otherwise, include all memcache +# servers from all known proxies +if Chef::Config[:solo] + memcache_servers = [ "127.0.0.1:11211" ] +else + memcache_servers = [] + proxy_nodes = search(:node, "chef_environment:#{node.chef_environment} AND roles:swift-proxy-server") + proxy_nodes.each do |proxy| + proxy_ip = locate_ip_in_cidr(node["swift"]["network"]["proxy-cidr"], proxy) + next if not proxy_ip # skip nil ips so we dont break the config + server_str = "#{proxy_ip}:11211" + memcache_servers << server_str unless memcache_servers.include?(server_str) + end +end + +# determine authkey to use +if node['swift']['swift_secret_databag_name'].nil? + authkey = node['swift']['authkey'] +else + swift_secrets = Chef::EncryptedDataBagItem.load "secrets", node['swift']['swift_secret_databag_name'] + authkey = swift_secrets['swift_authkey'] +end + +# create proxy config file +template "/etc/swift/proxy-server.conf" do + source "proxy-server.conf.erb" + owner "swift" + group "swift" + mode "0600" + variables("authmode" => node["swift"]["authmode"], + "bind_host" => node["swift"]["network"]["proxy-bind-ip"], + "bind_port" => node["swift"]["network"]["proxy-bind-port"], + "authkey" => authkey, + "memcache_servers" => memcache_servers) + notifies :restart, "service[swift-proxy]", :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/ring-repo.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/ring-repo.rb new file mode 100644 index 000000000..413113281 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/ring-repo.rb @@ -0,0 +1,183 @@ +# +# Cookbook Name:: swift +# Recipe:: ring-repo +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This recipe creates a git ring repository on the management node +# for purposes of ring synchronization +# + +platform_options = node["swift"]["platform"] +ring_options = node["swift"]["ring"] + +platform_options["git_packages"].each do |pkg| + package pkg do + action :install + end +end + +service "xinetd" do + supports :status => false, :restart => true + action [ :enable, :start ] + only_if { platform?(%w{centos redhat fedora}) } +end + +execute "create empty git repo" do + cwd "/tmp" + umask 022 + command "mkdir $$; cd $$; git init; echo \"backups\" \> .gitignore; git add .gitignore; git commit -m 'initial commit' --author='chef '; git push file:///#{platform_options["git_dir"]}/rings master" + user "swift" + action :nothing +end + +directory "git-directory" do + path "#{platform_options["git_dir"]}/rings" + owner "swift" + group "swift" + mode "0755" + recursive true + action :create +end + +execute "initialize git repo" do + cwd "#{platform_options["git_dir"]}/rings" + umask 022 + user "swift" + command "git init --bare && touch git-daemon-export-ok" + creates "#{platform_options["git_dir"]}/rings/config" + action :run + notifies :run, "execute[create empty git repo]", :immediately +end + +# epel/f-17 missing systemd-ified inits +# https://bugzilla.redhat.com/show_bug.cgi?id=737183 +template "/etc/systemd/system/git.service" do + owner "root" + group "root" + mode "0644" + source "simple-systemd-config.erb" + variables({ :description => "Git daemon service", + :user => "nobody", + :exec => "/usr/libexec/git-core/git-daemon " + + "--base-path=/var/lib/git --export-all --user-path=public_git" + + "--syslog --verbose" + }) + only_if { platform?(%w{fedora}) } +end + +case node["platform"] +when "centos","redhat","fedora" + service "git-daemon" do + service_name platform_options["git_service"] + action [ :enable ] + end +when "ubuntu","debian" + service "git-daemon" do + service_name platform_options["git_service"] + action [ :enable, :start ] + end +end + +cookbook_file "/etc/default/git-daemon" do + owner "root" + group "root" + mode "644" + source "git-daemon.default" + action :create + notifies :restart, "service[git-daemon]", :immediately + not_if { platform?(%w{fedora centos redhat}) } +end + +directory "/etc/swift/ring-workspace" do + owner "swift" + group "swift" + mode "0755" + action :create +end + +execute "checkout-rings" do + cwd "/etc/swift/ring-workspace" + command "git clone file://#{platform_options["git_dir"]}/rings" + user "swift" + creates "/etc/swift/ring-workspace/rings" +end + +[ "account", "container", "object" ].each do |ring_type| + + part_power = ring_options["part_power"] + min_part_hours = ring_options["min_part_hours"] + replicas = ring_options["replicas"] + + Chef::Log.info("Building initial ring #{ring_type} using part_power=#{part_power}, " + + "min_part_hours=#{min_part_hours}, replicas=#{replicas}") + execute "add #{ring_type}.builder" do + cwd "/etc/swift/ring-workspace/rings" + command "git add #{ring_type}.builder && git commit -m 'initial ring builders' --author='chef '" + user "swift" + action :nothing + end + + execute "create #{ring_type} builder" do + cwd "/etc/swift/ring-workspace/rings" + command "swift-ring-builder #{ring_type}.builder create #{part_power} #{replicas} #{min_part_hours}" + user "swift" + creates "/etc/swift/ring-workspace/rings/#{ring_type}.builder" + notifies :run, "execute[add #{ring_type}.builder]", :immediate + end +end + +bash "rebuild-rings" do + action :nothing + cwd "/etc/swift/ring-workspace/rings" + user "swift" + code <<-EOF + set -x + + # Should this be done? + git reset --hard + git clean -df + + ../generate-rings.sh + for d in object account container; do swift-ring-builder ${d}.builder; done + + add=0 + if test -n "$(find . -maxdepth 1 -name '*gz' -print -quit)" + then + git add *builder *gz + add=1 + else + git add *builder + add=1 + fi + if [ $add -ne 0 ] + then + git commit -m "Autobuild of rings on $(date +%Y%m%d) by Chef" --author="chef " + git push + fi + + EOF +end + +openstack_object_storage_ring_script "/etc/swift/ring-workspace/generate-rings.sh" do + owner "swift" + group "swift" + mode "0700" + ring_path "/etc/swift/ring-workspace/rings" + action :ensure_exists + notifies :run, "bash[rebuild-rings]", :immediate +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/rsync.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/rsync.rb new file mode 100644 index 000000000..4f0fbf4bd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/rsync.rb @@ -0,0 +1,85 @@ +# +# Cookbook Name:: swift +# Recipe:: rsync +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +platform_options = node["swift"]["platform"] + +platform_options["rsync_packages"].each do |pkg| + package pkg do + action :install + options platform_options["override_options"] + end +end + +# epel/f-17 broken: https://bugzilla.redhat.com/show_bug.cgi?id=737710 +cookbook_file "/etc/systemd/system/rsync.service" do + owner "root" + group "root" + mode "0644" + source "rsync.service" + action :create + only_if { platform?(%w{fedora}) } +end + +# rhel based systems install rsync and run it with rsync. We don't want to do that +cookbook_file "/etc/init.d/rsyncd" do + owner "root" + group "root" + mode "0755" + source "rsync.init" + action :create + only_if { platform?(%w{centos redhat scientific}) } +end + +# FIXME: chicken and egg +case node["platform"] +when "centos","redhat","fedora" + # enable rsyncd + rsync_servicename = "rsyncd" + service "rsyncd" do + supports :status => false, :restart => true, :start => true, :stop => true + action [ :enable, :start ] + only_if "[ -f /etc/rsyncd.conf ]" + end + # disable rsync (the one via xinetd) + service "rsync" do + supports :status => false, :restart => false, :start => false, :stop => false + action [ :disable ] + end +when "ubuntu","debian" + rsync_servicename = "rsync" + service "rsync" do + supports :status => false, :restart => true + action [ :enable, :start ] + only_if "[ -f /etc/rsyncd.conf ]" + end +end + +template "/etc/rsyncd.conf" do + source "rsyncd.conf.erb" + mode "0644" + notifies :restart, "service[#{rsync_servicename}]", :immediately +end + +execute "enable rsync" do + command "sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/' /etc/default/rsync" + only_if "grep -q 'RSYNC_ENABLE=false' /etc/default/rsync" + notifies :restart, "service[rsync]", :immediately + action :run + not_if { platform?(%w{fedora centos redhat scientific}) } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/setup.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/setup.rb new file mode 100644 index 000000000..75589148a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/setup.rb @@ -0,0 +1,58 @@ +# +# Cookbook Name:: swift +# Recipe:: setup +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "openstack-object-storage::common" + +# make sure we die if there are multiple swift-setups +if Chef::Config[:solo] + Chef::Application.fatal! "This recipe uses search. Chef Solo does not support search." +else + setup_role_count = search(:node, "chef_environment:#{node.chef_environment} AND roles:swift-setup").length + if setup_role_count > 1 + Chef::Application.fatal! "You can only have one node with the swift-setup role" + end +end + +unless node["swift"]["service_pass"] + Chef::Log.info("Running swift setup - setting swift passwords") +end + +platform_options = node["swift"]["platform"] + +# install platform-specific packages +platform_options["proxy_packages"].each do |pkg| + package pkg do + action :upgrade + options platform_options["override_options"] + end +end + +package "python-swauth" do + action :upgrade + only_if { node["swift"]["authmode"] == "swauth" } +end + +package "python-swift-informant" do + action :upgrade + only_if { node["swift"]["use_informant"] } +end + +package "python-keystone" do + action :upgrade + only_if { node["swift"]["authmode"] == "keystone" } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/storage-common.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/storage-common.rb new file mode 100644 index 000000000..4fb834fcf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/storage-common.rb @@ -0,0 +1,41 @@ +# +# Cookbook Name:: swift +# Recipe:: storage-common +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-object-storage::rsync" + +template "/etc/swift/drive-audit.conf" do + source "drive-audit.conf.erb" + owner "swift" + group "swift" + mode "0600" +end + +cron "drive-audit" do + hour node["swift"]["audit_hour"] + minute "10" + command "swift-drive-audit /etc/swift/drive-audit.conf" +end + +directory "/var/cache/swift" do + group "swift" + owner "swift" + recursive true + action :create + mode 00700 +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/disk.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/disk.rb new file mode 100644 index 000000000..ad9023f29 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/disk.rb @@ -0,0 +1,44 @@ +# +# Copyright 2011, Dell +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: andi abes +# + +=begin + Ensure that a disk's partition table matches expectations. + Sample use: + + openstack_object_storage_disk "/dev/sdb" do + part( + {[:type => "xfs", :size =>swift_disk::ONE_GIG*4 ], + [:type => "xfs", :size =>swift_disk::remaining}) + action :ensure_exists + end + +=end + +actions :ensure_exists + +def initialize(*args) + super + @action = :ensure_exists +end + +attribute :name, :kind_of => String +attribute :size, :kind_of => Integer +attribute :blocks, :kind_of => Integer +attribute :device, :kind_of => String +attribute :part, :kind_of => Array +attribute :status, :kind_of => Symbol diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/mounts.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/mounts.rb new file mode 100644 index 000000000..d8c744328 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/mounts.rb @@ -0,0 +1,71 @@ +# +# Cookbook Name:: swift +# Resource:: mounts +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ron Pedde +# + +=begin + Ensure that swift mounts are strongly enforced. This + will ensure specified drives are mounted, and unspecified + drives are not mounted. In addition, if there is a stale + mountpoint (from disk failure, maybe?), then that mountpoint + will try to be unmounted + + Sample use: + + openstack_object_storage_mounts "/srv/node" do + devices [ "sdb1", "sdc1" ] + action :ensure_exists + ip "10.1.1.1" + end + + It will force mounts based on fs uuid (mangled to remove + dashes) and return a structure that describes the disks + mounted. + + As this is expected to be consumed for the purposes of + swift, the ip address should be the address that gets + embedded into the ring (i.e. the listen port of the storage server) + + Example return structure: + + { "2a9452c5-d929-43d9-9631-4340ace45279": { + "device": "sdb1", + "ip": "10.1.1.1", + "mounted": "true", + "mountpoint": "2a9452c5d92943d996314340ace45279", + "size": 1022 (in 1k increments) + "uuid": "2a9452c5-d929-43d9-9631-4340ace45279" + }, + ... + } + +=end + +actions :ensure_exists + +def initialize(*args) + super + @action = :ensure_exists +end + +attribute :name, :kind_of => String +attribute :devices, :kind_of => Array +attribute :ip, :kind_of => String, :default => "127.0.0.1" +attribute :publish_attributes, :kind_of => String, :default => nil +attribute :format, :kind_of => String, :default => "xfs" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/ring_script.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/ring_script.rb new file mode 100644 index 000000000..9a6ad3060 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/resources/ring_script.rb @@ -0,0 +1,44 @@ +# +# Copyright 2012, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ron Pedde +# + +=begin + Build a proposed ring-building script + Sample use: + + openstack_object_storage_ring_script "/tmp/build-rings.sh" do + owner "root" + group "swift" + mode "0700" + ring_path "/etc/swift/ring-workspace" + action :ensure_exists + end + +=end + +actions :ensure_exists + +def initialize(*args) + super + @action = :ensure_exists +end + +attribute :name, :kind_of => String +attribute :owner, :kind_of => String, :default => "root" +attribute :group, :kind_of => String, :default => "root" +attribute :mode, :kind_of => String, :default => "0600" +attribute :ring_path, :kind_of => String, :default => "/etc/swift" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/run_tests.bash b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/run_tests.bash new file mode 100755 index 000000000..e00ccf836 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/run_tests.bash @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# A script to run tests locally before committing. + +set -e + +COOKBOOK=$(awk '/^name/ {print $NF}' metadata.rb |tr -d \"\') +if [ -z $COOKBOOK ]; then + echo "Cookbook name not defined in metadata.rb" +    exit 1 +fi + +BUNDLE_PATH=${BUNDLE_PATH:-.bundle} +BERKSHELF_PATH=${BERKSHELF_PATH:-.cookbooks} + +echo "Using bundle path: $BUNDLE_PATH" +echo "Using berkshelf path: $BERKSHELF_PATH" + +bundle install --path=${BUNDLE_PATH} +bundle exec berks install --path=${BERKSHELF_PATH} +bundle exec rspec ${BERKSHELF_PATH}/${COOKBOOK} +bundle exec foodcritic -f any -t ~FC003 -t ~FC023 ${BERKSHELF_PATH}/${COOKBOOK} + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/account_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/account_spec.rb new file mode 100644 index 000000000..6a796a55d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/account_spec.rb @@ -0,0 +1,67 @@ +require 'spec_helper' + +describe 'openstack-object-storage::account-server' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['lsb']['code'] = 'precise' + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['network']['account-bind-ip'] = '10.0.0.1' + @node.set['swift']['network']['account-bind-port'] = '8080' + @node.set['swift']['disk_enum_expr'] = "[{ 'sda' => {}}]" + @node.set['swift']['disk_test_filter'] = [ "candidate =~ /sd[^a]/ or candidate =~ /hd[^a]/ or candidate =~ /vd[^a]/ or candidate =~ /xvd[^a]/", + "File.exist?('/dev/' + candidate)", + "not system('/sbin/parted /dev/' + candidate + ' -s print | grep linux-swap')", + "not info.has_key?('removable') or info['removable'] == 0.to_s"] + + # mock out an interface on the storage node + @node.set["network"] = MOCK_NODE_NETWORK_DATA['network'] + + @chef_run.converge "openstack-object-storage::account-server" + end + + it "installs swift account packages" do + expect(@chef_run).to install_package "swift-account" + end + + it "installs swiftclient package" do + expect(@chef_run).to install_package "python-swiftclient" + end + + it "starts swift account services on boot" do + %w{swift-account swift-account-auditor swift-account-reaper swift-account-replicator}.each do |svc| + expect(@chef_run).to set_service_to_start_on_boot svc + end + end + + describe "/etc/swift/account-server.conf" do + + before do + @file = @chef_run.template "/etc/swift/account-server.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/common_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/common_spec.rb new file mode 100644 index 000000000..27bb0210a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/common_spec.rb @@ -0,0 +1,92 @@ +require 'spec_helper' + +describe 'openstack-object-storage::common' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['platform_family'] = "debian" + @node.set['lsb']['codename'] = "precise" + @node.set['swift']['release'] = "folsom" + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['git_builder_ip'] = '10.0.0.10' + + # TODO: this does not work + # ::Chef::Log.should_receive(:info).with("chefspec: precise-updates/folsom") + + @chef_run.converge "openstack-object-storage::common" + end + + + it 'should set syctl paramaters' do + # N.B. we could examine chef log + pending "TODO: right now theres no way to do lwrp and test for this" + end + + it 'installs git package for ring management' do + expect(@chef_run).to install_package "git" + end + + describe "/etc/swift" do + + before do + @file = @chef_run.directory "/etc/swift" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "700" + end + + end + + describe "/etc/swift/swift.conf" do + + before do + @file = @chef_run.file "/etc/swift/swift.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "700" + end + + end + + describe "/etc/swift/pull-rings.sh" do + + before do + @file = @chef_run.template "/etc/swift/pull-rings.sh" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "700" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/container_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/container_spec.rb new file mode 100644 index 000000000..f56932dce --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/container_spec.rb @@ -0,0 +1,63 @@ +require 'spec_helper' + +describe 'openstack-object-storage::container-server' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['lsb']['code'] = 'precise' + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['network']['container-bind-ip'] = '10.0.0.1' + @node.set['swift']['network']['container-bind-port'] = '8080' + @node.set['swift']['disk_enum_expr'] = "[{ 'sda' => {}}]" + @node.set['swift']['disk_test_filter'] = [ "candidate =~ /sd[^a]/ or candidate =~ /hd[^a]/ or candidate =~ /vd[^a]/ or candidate =~ /xvd[^a]/", + "File.exist?('/dev/' + candidate)", + "not system('/sbin/parted /dev/' + candidate + ' -s print | grep linux-swap')", + "not info.has_key?('removable') or info['removable'] == 0.to_s"] + + # mock out an interface on the storage node + @node.set["network"] = MOCK_NODE_NETWORK_DATA['network'] + + @chef_run.converge "openstack-object-storage::container-server" + end + + it "installs swift container packages" do + expect(@chef_run).to install_package "swift-container" + end + + it "starts swift container services on boot" do + %w{swift-container swift-container-auditor swift-container-replicator swift-container-updater}.each do |svc| + expect(@chef_run).to set_service_to_start_on_boot svc + end + end + + describe "/etc/swift/container-server.conf" do + + before do + @file = @chef_run.template "/etc/swift/container-server.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/disks_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/disks_spec.rb new file mode 100644 index 000000000..03e7ccce9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/disks_spec.rb @@ -0,0 +1,43 @@ +require 'spec_helper' + +describe 'openstack-object-storage::disks' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['platform_family'] = "debian" + @node.set['lsb']['codename'] = "precise" + @node.set['swift']['release'] = "folsom" + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['git_builder_ip'] = '10.0.0.10' + @node.set['swift']['disk_enum_expr'] = "[{ 'sda' => {}}]" + @node.set['swift']['disk_test_filter'] = [ "candidate =~ /sd[^a]/ or candidate =~ /hd[^a]/ or candidate =~ /vd[^a]/ or candidate =~ /xvd[^a]/", + "File.exist?('/dev/' + candidate)", + "not system('/sbin/parted /dev/' + candidate + ' -s print | grep linux-swap')", + "not info.has_key?('removable') or info['removable'] == 0.to_s"] + + # mock out an interface on the storage node + @node.set["network"] = MOCK_NODE_NETWORK_DATA['network'] + + @chef_run.converge "openstack-object-storage::disks" + end + + it 'installs xfs progs package' do + expect(@chef_run).to install_package "xfsprogs" + end + + it 'installs parted package' do + expect(@chef_run).to install_package "parted" + end + + end + + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/management_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/management_spec.rb new file mode 100644 index 000000000..c7724b66a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/management_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +describe 'openstack-object-storage::management-server' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['lsb']['code'] = 'precise' + @node.set['swift']['authmode'] = 'swauth' + + @chef_run.converge "openstack-object-storage::management-server" + end + + it "installs swift swauth package" do + expect(@chef_run).to install_package "swauth" + end + + describe "/etc/swift/dispersion.conf" do + + before do + @file = @chef_run.template "/etc/swift/dispersion.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/object_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/object_spec.rb new file mode 100644 index 000000000..b7c75a355 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/object_spec.rb @@ -0,0 +1,71 @@ +require 'spec_helper' + +describe 'openstack-object-storage::object-server' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['lsb']['code'] = 'precise' + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['network']['object-bind-ip'] = '10.0.0.1' + @node.set['swift']['network']['object-bind-port'] = '8080' + @node.set['swift']['disk_enum_expr'] = "[{ 'sda' => {}}]" + @node.set['swift']['disk_test_filter'] = [ "candidate =~ /sd[^a]/ or candidate =~ /hd[^a]/ or candidate =~ /vd[^a]/ or candidate =~ /xvd[^a]/", + "File.exist?('/dev/' + candidate)", + "not system('/sbin/parted /dev/' + candidate + ' -s print | grep linux-swap')", + "not info.has_key?('removable') or info['removable'] == 0.to_s"] + + # mock out an interface on the storage node + @node.set["network"] = MOCK_NODE_NETWORK_DATA['network'] + + @chef_run.converge "openstack-object-storage::object-server" + end + + it "installs swift packages" do + expect(@chef_run).to install_package "swift-object" + end + + it "starts swift object services on boot" do + %w{swift-object swift-object-replicator swift-object-auditor swift-object-updater}.each do |svc| + expect(@chef_run).to set_service_to_start_on_boot svc + end + end + + describe "/var/spool/crontab/root" do + + it "template contents" do + pending "TODO: check for recon script" + end + + end + + describe "/etc/swift/object-server.conf" do + + before do + @file = @chef_run.template "/etc/swift/object-server.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/proxy_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/proxy_spec.rb new file mode 100644 index 000000000..18d6f1f55 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/proxy_spec.rb @@ -0,0 +1,60 @@ +require 'spec_helper' + +describe 'openstack-object-storage::proxy-server' do + + #-------------- + # UBUNTU + #-------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['lsb']['code'] = 'precise' + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['network']['proxy-bind-ip'] = '10.0.0.1' + @node.set['swift']['network']['proxy-bind-port'] = '8080' + @chef_run.converge "openstack-object-storage::proxy-server" + end + + it "installs memcache python packages" do + expect(@chef_run).to install_package "python-memcache" + end + + it "installs swift packages" do + expect(@chef_run).to install_package "swift-proxy" + end + + it "installs swauth package if swauth is selected" do + expect(@chef_run).to install_package "python-swauth" + end + + it "starts swift-proxy on boot" do + expect(@chef_run).to set_service_to_start_on_boot "swift-proxy" + end + + describe "/etc/swift/proxy-server.conf" do + + before do + @file = @chef_run.template "/etc/swift/proxy-server.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/ring-repo_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/ring-repo_spec.rb new file mode 100644 index 000000000..7f75501a9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/ring-repo_spec.rb @@ -0,0 +1,43 @@ +require 'spec_helper' + +describe 'openstack-object-storage::ring-repo' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['platform_family'] = "debian" + @node.set['lsb']['codename'] = "precise" + @node.set['swift']['release'] = "folsom" + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['git_builder_ip'] = '10.0.0.10' + @chef_run.converge "openstack-object-storage::ring-repo" + end + + it 'installs git package for ring management' do + expect(@chef_run).to install_package "git-daemon-sysvinit" + end + + it "starts xinetd services on boot" do + %w{xinetd}.each do |svc| + expect(@chef_run).to set_service_to_start_on_boot svc + end + end + + describe "/etc/swift/ring-workspace/generate-rings.sh" do + + it "gets installed" do + pending "TODO: determine some way to ensure this LWRP script gets created" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/rsync_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/rsync_spec.rb new file mode 100644 index 000000000..bc894ce83 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/rsync_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe 'openstack-object-storage::rsync' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['platform_family'] = "debian" + @node.set['lsb']['codename'] = "precise" + @node.set['swift']['release'] = "folsom" + @node.set['swift']['authmode'] = 'swauth' + @node.set['swift']['git_builder_ip'] = '10.0.0.10' + @chef_run.converge "openstack-object-storage::rsync" + end + + it 'installs git package for ring management' do + expect(@chef_run).to install_package "rsync" + end + + it "starts rsync service on boot" do + %w{rsync}.each do |svc| + expect(@chef_run).to set_service_to_start_on_boot svc + end + end + + describe "/etc/rsyncd.conf" do + + before do + @file = @chef_run.template "/etc/rsyncd.conf" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "644" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/spec_helper.rb new file mode 100644 index 000000000..a70cbccdd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/spec_helper.rb @@ -0,0 +1,49 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::REDHAT_OPTS = { + :platform => "redhat", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +MOCK_NODE_NETWORK_DATA = + { + "ipaddress" => '10.0.0.2', + "fqdn" => 'localhost.localdomain', + "hostname" => 'localhost', + "network" => { + "default_interface" => "eth0", + "interfaces" => { + "eth0" => { + "addresses" => { + "fe80::a00:27ff:feca:ab08" => {"scope" => "Link", "prefixlen" => "64", "family" => "inet6"}, + "10.0.0.2" => {"netmask" => "255.255.255.0", "broadcast" => "10.0.0.255", "family" => "inet"}, + "08:00:27:CA:AB:08" => {"family" => "lladdr"} + }, + }, + "lo" => { + "addresses" => { + "::1" => {"scope" => "Node", "prefixlen" => "128", "family" => "inet6"}, + "127.0.0.1" => {"netmask" => "255.0.0.0", "family" => "inet"} + }, + }, + }, + } + } + +def swift_stubs + # create mock cluster + n = Chef::Node.new() + n.name('manager') + n.default_attrs = { + "swift" => { + "service_pass" => "foobar" + } + } + Chef::Recipe.any_instance.stub(:search).with(:node, 'chef_environment:_default AND roles:swift-setup').and_return([n]) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/storage-common_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/storage-common_spec.rb new file mode 100644 index 000000000..50a3ef818 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/spec/storage-common_spec.rb @@ -0,0 +1,58 @@ +require 'spec_helper' + +describe 'openstack-object-storage::storage-common' do + + #------------------- + # UBUNTU + #------------------- + + describe "ubuntu" do + + before do + swift_stubs + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @node = @chef_run.node + @node.set['lsb']['code'] = 'precise' + @node.set['swift']['authmode'] = 'swauth' + @chef_run.converge "openstack-object-storage::storage-common" + end + + describe "/var/cache/swift" do + + before do + @file = @chef_run.directory "/var/cache/swift" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "700" + end + + end + + describe "/etc/swift/drive-audit.conf" do + + before do + @file = @chef_run.template "/etc/swift/drive-audit.conf" + end + + it "has proper owner" do + expect(@file).to be_owned_by "swift", "swift" + end + + it "has proper modes" do + expect(sprintf("%o", @file.mode)).to eq "600" + end + + it "template contents" do + pending "TODO: implement" + end + + end + + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/account-server.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/account-server.conf.erb new file mode 100644 index 000000000..6ba2498c5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/account-server.conf.erb @@ -0,0 +1,78 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +# bind_port = 6002 +# backlog = 4096 +# workers = 1 +# user = swift +# swift_dir = /etc/swift +# devices = /srv/node +# mount_check = true +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +##### +bind_ip = <%= @bind_ip %> +bind_port = <%= @bind_port %> +workers = 10 +<% if node[:swift][:enable_statistics] -%> +log_statsd_host = localhost +log_statsd_port = 8125 +log_statsd_default_sample_rate = 1 +log_statsd_metric_prefix = openstack.swift.<%= node[:hostname] %> +<% end %> + +[pipeline:main] +pipeline = account-server + +[app:account-server] +use = egg:swift#account +# You can override the default log routing for this app here: +# set log_name = account-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_requests = True + +[account-replicator] +# You can override the default log routing for this app here (don't use set!): +# log_name = account-replicator +# log_facility = LOG_LOCAL0 +# log_level = INFO +# vm_test_mode = no +# log_facility = LOG_LOCAL0 +# log_level = INFO +# per_diff = 1000 +# max_diffs = 100 +# concurrency = 8 +# interval = 30 +# How long without an error before a node's error count is reset. This will +# also be how long before a node is reenabled after suppression is triggered. +# error_suppression_interval = 60 +# How many errors can accumulate before a node is temporarily ignored. +# error_suppression_limit = 10 +# node_timeout = 10 +# conn_timeout = 0.5 +# The replicator also performs reclamation +# reclaim_age = 86400 + +[account-auditor] +# You can override the default log routing for this app here (don't use set!): +# log_name = account-auditor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# Will audit, at most, 1 account per device per interval +# interval = 1800 +# log_facility = LOG_LOCAL0 +# log_level = INFO + +[account-reaper] +# You can override the default log routing for this app here (don't use set!): +# log_name = account-reaper +# log_facility = LOG_LOCAL0 +# log_level = INFO +# concurrency = 25 +# interval = 3600 +# node_timeout = 10 +# conn_timeout = 0.5 +# log_facility = LOG_LOCAL0 +# log_level = INFO diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/container-server.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/container-server.conf.erb new file mode 100644 index 000000000..144214f55 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/container-server.conf.erb @@ -0,0 +1,88 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +# bind_port = 6001 +# backlog = 4096 +# workers = 1 +# user = swift +# swift_dir = /etc/swift +# devices = /srv/node +# mount_check = true +# This is a comma separated list of hosts allowed in the X-Container-Sync-To +# field for containers. +# allowed_sync_hosts = 127.0.0.1 +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +#### +bind_ip = <%= @bind_ip %> +bind_port = <%= @bind_port %> +workers = 10 +<% if node[:swift][:enable_statistics] -%> +log_statsd_host = localhost +log_statsd_port = 8125 +log_statsd_default_sample_rate = 1 +log_statsd_metric_prefix = openstack.swift.<%= node[:hostname] %> +<% end %> + +[pipeline:main] +pipeline = container-server + +[app:container-server] +use = egg:swift#container +# You can override the default log routing for this app here: +# set log_name = container-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_requests = True +# node_timeout = 3 +# conn_timeout = 0.5 + +[container-replicator] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-replicator +# log_facility = LOG_LOCAL0 +# log_level = INFO +# vm_test_mode = no +# per_diff = 1000 +# max_diffs = 100 +# concurrency = 8 +# interval = 30 +# node_timeout = 10 +# conn_timeout = 0.5 +# The replicator also performs reclamation +# reclaim_age = 604800 + +[container-updater] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-updater +# log_facility = LOG_LOCAL0 +# log_level = INFO +# interval = 300 +# concurrency = 4 +# node_timeout = 3 +# conn_timeout = 0.5 +# slowdown will sleep that amount between containers +# slowdown = 0.01 +# Seconds to suppress updating an account that has generated an error +# account_suppression_time = 60 + +[container-auditor] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-auditor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# Will audit, at most, 1 container per device per interval +# interval = 1800 + +[container-sync] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-sync +# log_facility = LOG_LOCAL0 +# log_level = INFO +# If you need to use an HTTP Proxy, set it here; defaults to no proxy. +# sync_proxy = http://127.0.0.1:8888 +# Will sync, at most, each container once per interval +# interval = 300 +# Maximum amount of time to spend syncing each container per pass +# container_time = 60 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/dispersion.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/dispersion.conf.erb new file mode 100644 index 000000000..3a1cd87f2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/dispersion.conf.erb @@ -0,0 +1,13 @@ +[dispersion] +auth_url = <%= @auth_url %> +auth_user = <%= @auth_user %> +auth_key = <%= @auth_key %> +auth_version = 1.0 +endpoint_type = publicURL +swift_dir = /etc/swift +dispersion_coverage = 5 +retries = 5 +concurrency = 25 +container_report = yes +object_report = yes +dump_json = no diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/drive-audit.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/drive-audit.conf.erb new file mode 100644 index 000000000..ddde01143 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/drive-audit.conf.erb @@ -0,0 +1,5 @@ +[drive-audit] +log_facility = LOG_LOCAL0 +log_level = INFO +device_dir = /srv/node +minutes = 60 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/object-server.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/object-server.conf.erb new file mode 100644 index 000000000..ea55dd894 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/object-server.conf.erb @@ -0,0 +1,104 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +# bind_port = 6000 +# backlog = 4096 +# workers = 1 +# user = swift +# swift_dir = /etc/swift +# devices = /srv/node +# mount_check = true +# expiring_objects_container_divisor = 86400 +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +##### +bind_ip = <%= @bind_ip %> +bind_port = <%= @bind_port %> +workers = 10 +<% if node[:swift][:enable_statistics] -%> +log_statsd_host = localhost +log_statsd_port = 8125 +log_statsd_default_sample_rate = 1 +log_statsd_metric_prefix = openstack.swift.<%= node[:hostname] %> +<% end %> + +[pipeline:main] +pipeline = recon object-server + +[app:object-server] +use = egg:swift#object +# You can override the default log routing for this app here: +# set log_name = object-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_requests = True +# node_timeout = 3 +# conn_timeout = 0.5 +# network_chunk_size = 65536 +# disk_chunk_size = 65536 +# max_upload_time = 86400 +# slow = 1 +# on PUTs, sync data every n MB +# mb_per_sync = 512 +# Comma separated list of headers that can be set in metadata on an object. +# This list is in addition to X-Object-Meta-* headers and cannot include +# Content-Type, etag, Content-Length, or deleted +# allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift + +[object-replicator] +# You can override the default log routing for this app here (don't use set!): +# log_name = object-replicator +# log_facility = LOG_LOCAL0 +# log_level = INFO +# vm_test_mode = no +# daemonize = on +# run_pause = 30 +# concurrency = 1 +# stats_interval = 300 +# max duration of a partition rsync +# rsync_timeout = 900 +# passed to rsync for io op timeout +# rsync_io_timeout = 30 +# max duration of an http request +# http_timeout = 60 +# attempts to kill all workers if nothing replicates for lockup_timeout seconds +# lockup_timeout = 1800 +# The replicator also performs reclamation +# reclaim_age = 604800 +# enable logging of replication stats for recon +# recon_enable = no +# recon_cache_path = /var/cache/swift +##### +recon_enable = yes +recon_cache_path = /var/cache/swift +concurrency = 2 + + +[object-updater] +# You can override the default log routing for this app here (don't use set!): +# log_name = object-updater +# log_facility = LOG_LOCAL0 +# log_level = INFO +# interval = 300 +# concurrency = 1 +# node_timeout = 10 +# conn_timeout = 0.5 +# slowdown will sleep that amount between objects +# slowdown = 0.01 +concurrency = 2 + +[object-auditor] +# You can override the default log routing for this app here (don't use set!): +# log_name = object-auditor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# files_per_second = 20 +# bytes_per_second = 10000000 +# log_time = 3600 +# zero_byte_files_per_second = 50 + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb new file mode 100644 index 000000000..9576af4aa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb @@ -0,0 +1,262 @@ +<% + +case @authmode +when "keystone" + pipeline="authtoken keystoneauth" +when "swauth" + pipeline="swauth" +end + +account_management=false +if node[:roles].include?("swift-management-server") and node[:swift][:authmode] == "swauth" then + account_management="true" +end +-%> +# This file is managed by chef. Do not edit it. +# +# Cluster info: +# Auth mode: <%= node[:swift][:authmode] %> +# Management server: <%= node[:roles].include?("swift-management-server") %> +# Account management enabled: <%= account_management %> +# Auth pipeline: <%= pipeline %> + +[DEFAULT] +# bind_ip = 0.0.0.0 +# bind_port = 8080 +# backlog = 4096 +# swift_dir = /etc/swift +# workers = 1 +# user = swift +# cert_file = /etc/swift/proxy.crt +# key_file = /etc/swift/proxy.key +# expiring_objects_container_divisor = 86400 +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +###### +workers = <%= [ node[:cpu][:total] - 1, 1 ].max %> +bind_ip = <%= @bind_host %> +bind_port = <%= @bind_port %> +<% if node[:swift][:enable_statistics] -%> +log_statsd_host = localhost +log_statsd_port = 8125 +log_statsd_default_sample_rate = 1 +log_statsd_metric_prefix = openstack.swift.<%= node[:hostname] %> +<% end %> + + +[pipeline:main] +pipeline = catch_errors healthcheck cache ratelimit <%= pipeline %> proxy-logging proxy-server + +[app:proxy-server] +use = egg:swift#proxy +# You can override the default log routing for this app here: +# set log_name = proxy-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set access_log_name = proxy-server +# set access_log_facility = LOG_LOCAL0 +# set access_log_level = INFO +# set log_headers = False +# recheck_account_existence = 60 +# recheck_container_existence = 60 +# object_chunk_size = 8192 +# client_chunk_size = 8192 +# node_timeout = 10 +# client_timeout = 60 +# conn_timeout = 0.5 +# How long without an error before a node's error count is reset. This will +# also be how long before a node is reenabled after suppression is triggered. +# error_suppression_interval = 60 +# How many errors can accumulate before a node is temporarily ignored. +# error_suppression_limit = 10 +# If set to 'true' any authorized user may create and delete accounts; if +# 'false' no one, even authorized, can. +# allow_account_management = false +# Set object_post_as_copy = false to turn on fast posts where only the metadata +# changes are stored anew and the original data file is kept in place. This +# makes for quicker posts; but since the container metadata isn't updated in +# this mode, features like container sync won't be able to sync posts. +# object_post_as_copy = true +# If set to 'true' authorized accounts that do not yet exist within the Swift +# cluster will be automatically created. +# account_autocreate = false +###### +# +# N.B. ideally allow_account_management would only be set on the +# management server, but swauth will delete using the cluster url +# and not the local url +# allow_account_managemnet = <%= account_management %> +allow_account_management = true + +<% if @authmode == "keystone" -%> +account_autocreate = true +<% end %> + +<% if @authmode == "swauth" -%> +[filter:swauth] +use = egg:swauth#swauth +# set log_name = swauth +# super_admin_key = +###### +<% if account_management -%> +super_admin_key = <%= @authkey %> +default_swift_cluster = local#<%= node[:swift][:swift_url] %>#<%= node[:swift][:swauth_url] %> +<% else %> +default_swift_cluster = local#<%= node[:swift][:swift_url] %> +<% end %> +<% end %> + +[filter:healthcheck] +use = egg:swift#healthcheck +# You can override the default log routing for this filter here: +# set log_name = healthcheck +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False + +[filter:cache] +use = egg:swift#memcache +# You can override the default log routing for this filter here: +# set log_name = cache +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False +# Default for memcache_servers is to try to read the property from +# memcache.conf (see memcache.conf-sample) or lacking that file, it will +# default to the value below. You can specify multiple servers separated with +# commas, as in: 10.1.2.3:11211,10.1.2.4:11211 +# memcache_servers = 127.0.0.1:11211 +##### +memcache_servers = <%= @memcache_servers.join(",") %> + +[filter:ratelimit] +use = egg:swift#ratelimit +# You can override the default log routing for this filter here: +# set log_name = ratelimit +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False +# clock_accuracy should represent how accurate the proxy servers' system clocks +# are with each other. 1000 means that all the proxies' clock are accurate to +# each other within 1 millisecond. No ratelimit should be higher than the +# clock accuracy. +# clock_accuracy = 1000 +# max_sleep_time_seconds = 60 +# log_sleep_time_seconds of 0 means disabled +# log_sleep_time_seconds = 0 +# allows for slow rates (e.g. running up to 5 sec's behind) to catch up. +# rate_buffer_seconds = 5 +# account_ratelimit of 0 means disabled +# account_ratelimit = 0 + +# these are comma separated lists of account names +# account_whitelist = a,b +# account_blacklist = c,d + +# with container_limit_x = r +# for containers of size x limit requests per second to r. The container +# rate will be linearly interpolated from the values given. With the values +# below, a container of size 5 will get a rate of 75. +# container_ratelimit_0 = 100 +# container_ratelimit_10 = 50 +# container_ratelimit_50 = 20 + +[filter:domain_remap] +use = egg:swift#domain_remap +# You can override the default log routing for this filter here: +# set log_name = domain_remap +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False +# storage_domain = example.com +# path_root = v1 +# reseller_prefixes = AUTH + +[filter:catch_errors] +use = egg:swift#catch_errors +# You can override the default log routing for this filter here: +# set log_name = catch_errors +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False + +[filter:cname_lookup] +# Note: this middleware requires python-dnspython +use = egg:swift#cname_lookup +# You can override the default log routing for this filter here: +# set log_name = cname_lookup +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False +# storage_domain = example.com +# lookup_depth = 1 + +# Note: Put staticweb just after your auth filter(s) in the pipeline +[filter:staticweb] +use = egg:swift#staticweb +# Seconds to cache container x-container-meta-web-* header values. +# cache_timeout = 300 +# You can override the default log routing for this filter here: +# set log_name = staticweb +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set access_log_name = staticweb +# set access_log_facility = LOG_LOCAL0 +# set access_log_level = INFO +# set log_headers = False + +# Note: Put tempurl just before your auth filter(s) in the pipeline +[filter:tempurl] +use = egg:swift#tempurl +# +# The headers to remove from incoming requests. Simply a whitespace delimited +# list of header names and names can optionally end with '*' to indicate a +# prefix match. incoming_allow_headers is a list of exceptions to these +# removals. +# incoming_remove_headers = x-timestamp +# +# The headers allowed as exceptions to incoming_remove_headers. Simply a +# whitespace delimited list of header names and names can optionally end with +# '*' to indicate a prefix match. +# incoming_allow_headers = +# +# The headers to remove from outgoing responses. Simply a whitespace delimited +# list of header names and names can optionally end with '*' to indicate a +# prefix match. outgoing_allow_headers is a list of exceptions to these +# removals. +# outgoing_remove_headers = x-object-meta-* +# +# The headers allowed as exceptions to outgoing_remove_headers. Simply a +# whitespace delimited list of header names and names can optionally end with +# '*' to indicate a prefix match. +# outgoing_allow_headers = x-object-meta-public-* + +# Note: Put formpost just before your auth filter(s) in the pipeline +[filter:formpost] +use = egg:swift#formpost + +[filter:keystoneauth] +operator_roles = Member,admin +use = egg:swift#keystoneauth + +[filter:proxy-logging] +use = egg:swift#proxy_logging +# access_log_name = proxy +# access_log_facility = LOG_LOCAL0 +# access_log_level = INFO +# access_log_address = /dev/log +# If set, access_log_udp_host will override access_log_address +# access_log_udp_host = +# access_log_udp_port = 514 +# You can use log_statsd_* from [DEFAULT] or override them here: +# access_log_statsd_host = localhost +# access_log_statsd_port = 8125 +# access_log_statsd_default_sample_rate = 1 +# access_log_statsd_metric_prefix = +# access_log_headers = False +# What HTTP methods are allowed for StatsD logging (comma-sep); request methods +# not in this list will have "BAD_METHOD" for the portion of the metric. +# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/pull-rings.sh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/pull-rings.sh.erb new file mode 100644 index 000000000..5e4f57c14 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/pull-rings.sh.erb @@ -0,0 +1,29 @@ +#!/bin/bash + +# this has to be run as root to restart the services... + +if [ ! -d /etc/swift/rings ] || [ ! -e /etc/swift/rings/.git/config ]; then + rm -rf /etc/swift/rings + git clone git://<%= @builder_ip %>/rings /etc/swift/rings +fi + +cd /etc/swift/rings +git reset --hard +git clean -df +git pull + +[ -e /etc/swift/rings ] && chown -R swift: /etc/swift/rings + +for d in object account container; do + if [ -e /etc/swift/rings/${d}.ring.gz ]; then + if [ ! -e ../${d}.ring.gz ] || [ "$(md5sum ${d}.ring.gz | cut -f1 -d' ')" != "$(md5sum ../${d}.ring.gz | cut -f1 -d' ')" ]; then + cp ${d}.ring.gz ../${d}.ring.new + chown swift: ../${d}.ring.new + mv ../${d}.ring.new ../${d}.ring.gz + + if [ -e /etc/swift/${d}-server.conf ]; then + service <%= @service_prefix %>swift-${d}-replicator restart + fi + fi + fi +done diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb new file mode 100644 index 000000000..5bd8526a1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb @@ -0,0 +1,24 @@ +uid = swift +gid = swift + +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +address = 0.0.0.0 + +[account] +max connections = 10 +path = /srv/node/ +read only = false +lock file = /var/lock/account.lock + +[container] +max connections = 10 +path = /srv/node/ +read only = false +lock file = /var/lock/container.lock + +[object] +max connections = 10 +path = /srv/node/ +read only = false +lock file = /var/lock/object.lock diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-redhat-init-config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-redhat-init-config.erb new file mode 100644 index 000000000..28c002f65 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-redhat-init-config.erb @@ -0,0 +1,77 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: <%= @exec %> +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Stop: 0 1 6 +# Description: <%= @description %> +### END INIT INFO + +# chkconfig: - 98 02 + + +. /etc/rc.d/init.d/functions + +name="<%= @exec =%>" + +[ -e "/etc/sysconfig/openstack-swift-$name" ] && . "/etc/sysconfig/openstack-swift-$name" + +lockfile="/var/lock/subsys/openstack-swift-$name" + +start() { + swift-init "$name" start + retval=$? + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + swift-init "$name" stop + retval=$? + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +rh_status() { + swift-init "$name" status + retval=$? + return $retval +} + +rh_status_q() { + rh_status &> /dev/null +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" + exit 2 +esac +exit $? diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-systemd-config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-systemd-config.erb new file mode 100644 index 000000000..3958250e3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/simple-systemd-config.erb @@ -0,0 +1,11 @@ +[Unit] +Description=<%= @description %> +After=syslog.target network.target + +[Service] +Type=simple +User=<%= @user %> +ExecStart=<%= @exec %> + +[Install] +WantedBy=multi-user.target diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile new file mode 100644 index 000000000..4714eca3d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile @@ -0,0 +1,18 @@ +metadata + +cookbook "openstack-block-storage", + git: "git://github.com/stackforge/cookbook-openstack-block-storage.git" +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" +cookbook "openstack-compute", + git: "git://github.com/stackforge/cookbook-openstack-compute.git" +cookbook "openstack-dashboard", + git: "git://github.com/stackforge/cookbook-openstack-dashboard.git" +cookbook "openstack-identity", + git: "git://github.com/stackforge/cookbook-openstack-identity.git" +cookbook "openstack-image", + git: "git://github.com/stackforge/cookbook-openstack-image.git" +cookbook "openstack-network", + git: "git://github.com/stackforge/cookbook-openstack-network.git" +cookbook "openstack-metering", + git: "git://github.com/stackforge/cookbook-openstack-metering.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile.lock new file mode 100644 index 000000000..e46d337e4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Berksfile.lock @@ -0,0 +1,94 @@ +{ + "sha": "188e234e0dfbc9fcab11cc824dc7ca0e00ff0587", + "sources": { + "openstack-ops-database": { + "path": "." + }, + "openstack-block-storage": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-block-storage.git", + "ref": "2f7915360a7d69d58d5dfe6a51401d5ff7ade5e1" + }, + "openstack-common": { + "locked_version": "0.3.0", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "ae80d36e8f8d5705e01bb6c14238eccb5450a229" + }, + "openstack-compute": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-compute.git", + "ref": "8cb588c74e423e8112f61195a028942585ea3b87" + }, + "openstack-dashboard": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-dashboard.git", + "ref": "51d540a734b63ad517e70d2ae604ed0b63d63bc0" + }, + "openstack-identity": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-identity.git", + "ref": "1b161e2d537a6d7a2417a50f0bee3f3ed6e94f01" + }, + "openstack-image": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-image.git", + "ref": "9dec548bec14524fbc6db6ceb33fa32d7db71ccc" + }, + "openstack-network": { + "locked_version": "7.0.0", + "git": "git://github.com/stackforge/cookbook-openstack-network.git", + "ref": "617e4597df1efffbc00c38225023b68a904b1ab4" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "postgresql": { + "locked_version": "3.0.2" + }, + "apt": { + "locked_version": "2.0.0" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + }, + "openssh": { + "locked_version": "1.2.0" + }, + "iptables": { + "locked_version": "0.12.0" + }, + "rabbitmq": { + "locked_version": "2.1.2" + }, + "erlang": { + "locked_version": "1.3.0" + }, + "yum": { + "locked_version": "2.3.0" + }, + "selinux": { + "locked_version": "0.5.6" + }, + "apache2": { + "locked_version": "1.6.6" + }, + "sysctl": { + "locked_version": "0.3.3" + }, + "python": { + "locked_version": "1.3.4" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/CHANGELOG.md new file mode 100644 index 000000000..fa14dddb3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/CHANGELOG.md @@ -0,0 +1,4 @@ +## 7.0.0 + +* Initial release intended for Grizzly-based OpenStack releases, + for use with Stackforge upstream repositories. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile new file mode 100644 index 000000000..f8ab887fc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 1.2.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile.lock new file mode 100644 index 000000000..0b64df8bc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Gemfile.lock @@ -0,0 +1,223 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (4.0.0) + i18n (~> 0.6, >= 0.6.4) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + addressable (2.3.4) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + atomic (1.1.9) + berkshelf (2.0.5) + activesupport (>= 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.2.0) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.8.4) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.4) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.7) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rak (1.4) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.3) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.13.0) + rspec-core (~> 2.13.0) + rspec-expectations (~> 2.13.0) + rspec-mocks (~> 2.13.0) + rspec-core (2.13.1) + rspec-expectations (2.13.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.13.1) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.5.0) + strainer (3.0.3) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + thread_safe (0.1.0) + atomic + timers (1.1.0) + tins (0.8.2) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.37) + uuidtools (2.1.4) + varia_model (0.1.0) + buff-extensions (~> 0.1) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.2.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/README.md new file mode 100644 index 000000000..2b6905862 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/README.md @@ -0,0 +1,121 @@ +# Description # + +This cookbook provides a reference example of database configuration for the OpenStack **Grizzly** reference deployment provided by Chef for OpenStack. It currently supports MySQL and will soon support PostgreSQL. + +# Requirements # + +Chef 11 with Ruby 1.9.x required. + +# Platforms # + +* Ubuntu-12.04 +* openSUSE 12.3, SLES 11 SP2 + +# Cookbooks # + +The following cookbooks are dependencies: + +* database +* mysql +* openstack-common +* postgresql + +# Usage # + +The usage of this cookbook is optional, you may choose to set up your own databases without using this cookbook. If you choose to do so, you will need to do the following: + +* create the schema specified by the `openstack-db` recipe. +* create and upload encrypted data bags into your chef environment, as + specified by `#db_password` in the `openstack-db` recipe. + +# Resources/Providers # + +None + +# Templates # + +None + +# Recipes # + +## client ## + +- database client configuration, selected by attributes + +## server ## + +- database server configuration, selected by attributes + +## mysql-client ## + +- calls mysql::ruby and mysql::client and installs 'mysql_python_packages' + +## mysql-server ## + +- configures the mysql server for OpenStack + +## postgresql-client ## + +- calls postgresql::ruby and postgresql::client and installs 'postgresql_python_packages' + +## postgresql-server ## + +- configures the PostgreSQL server for OpenStack + +## openstack-db ## + +- creates necessary tables, users, and grants for OpenStack + +# Attributes # + +* `openstack["db"]["bind_interface"]` - bind to interfaces IPv4 address +* `openstack["db"]["platform"]["mysql_python_packages"]` - platform-specific mysql python packages to install + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Justin Shepherd () | +| **Author** | Jason Cannavale () | +| **Author** | Ron Pedde () | +| **Author** | Joseph Breu () | +| **Author** | William Kelly () | +| **Author** | Darren Birkett () | +| **Author** | Evan Callicoat () | +| **Author** | Matt Thompson () | +| **Author** | Matt Ray () | +| **Author** | Sean Gallagher () | +| **Author** | John Dewey () | +| **Author** | Ionut Artarisi () | +| | | +| **Copyright** | Copyright (c) 2012-2013, Rackspace US, Inc. | +| **Copyright** | Copyright (c) 2012-2013, Opscode, Inc. | +| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. | +| **Copyright** | Copyright (c) 2013, SUSE Linux GmbH | + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/attributes/default.rb new file mode 100644 index 000000000..8a1cd5a6f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/attributes/default.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: default +# +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default["openstack"]["db"]["bind_interface"] = "lo" + +# Platform defaults +case platform +when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won"t fix this + default["openstack"]["db"]["platform"]["mysql_python_packages"] = [ "MySQL-python" ] + default["openstack"]["db"]["platform"]["postgresql_python_packages"] = [ "python-psycopg2" ] +when "suse" + default["openstack"]["db"]["platform"]["mysql_python_packages"] = [ "python-mysql" ] + default["openstack"]["db"]["platform"]["postgresql_python_packages"] = [ "python-psycopg2" ] +when "ubuntu" + default["openstack"]["db"]["platform"]["mysql_python_packages"] = [ "python-mysqldb" ] + default["openstack"]["db"]["platform"]["postgresql_python_packages"] = [ "python-psycopg2" ] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/metadata.rb new file mode 100644 index 000000000..036af28ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/metadata.rb @@ -0,0 +1,30 @@ +name "openstack-ops-database" +maintainer "Opscode, Inc." +maintainer_email "matt@opscode.com" +license "Apache 2.0" +description "Provides the shared database configuration for Chef for OpenStack." +version "7.0.0" + +recipe "client", "Installs client packages for the database used by the deployment." +recipe "server", "Installs and configures server packages for the database used by the deployment." +recipe "mysql-client", "Installs MySQL client packages." +recipe "mysql-server", "Installs and configures MySQL server packages." +recipe "postgresql-client", "Installs PostgreSQL client packages." +recipe "postgresql-server", "Installs and configures PostgreSQL server packages." +recipe "openstack-db", "Creates necessary tables, users, and grants for OpenStack." + +%w{ fedora ubuntu redhat centos suse }.each do |os| + supports os +end + +depends "database", ">= 1.4" +depends "mysql", ">= 3.0.0" +depends "openstack-block-storage" +depends "openstack-common", "~> 0.4.0" +depends "openstack-compute" +depends "openstack-dashboard" +depends "openstack-identity" +depends "openstack-image" +depends "openstack-metering" +depends "openstack-network" +depends "postgresql", ">= 3.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/client.rb new file mode 100644 index 000000000..7719590f5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/client.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: client +# +# Copyright 2013, Opscode, Inc. +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-ops-database::#{node["openstack"]["db"]["service_type"]}-client" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-client.rb new file mode 100644 index 000000000..009566d5c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-client.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: mysql-client +# +# Copyright 2013, Opscode, Inc. +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "mysql::ruby" +include_recipe "mysql::client" + +node["openstack"]["db"]["platform"]["mysql_python_packages"].each do |pkg| + package pkg +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-server.rb new file mode 100644 index 000000000..e2f5d7b13 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/mysql-server.rb @@ -0,0 +1,69 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: mysql-server +# +# Copyright 2013, Opscode, Inc. +# Copyright 2012-2013, Rackspace US, Inc. +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +listen_address = address_for node["openstack"]["db"]["bind_interface"] + +node.override["mysql"]["bind_address"] = listen_address +node.override["mysql"]["tunable"]["innodb_thread_concurrency"] = "0" +node.override["mysql"]["tunable"]["innodb_commit_concurrency"] = "0" +node.override["mysql"]["tunable"]["innodb_read_io_threads"] = "4" +node.override["mysql"]["tunable"]["innodb_flush_log_at_trx_commit"] = "2" + +include_recipe "openstack-ops-database::mysql-client" +include_recipe "mysql::server" + +mysql_connection_info = { + :host => "localhost", + :username => "root", + :password => node["mysql"]["server_root_password"] +} + +mysql_database "FLUSH PRIVILEGES" do + connection mysql_connection_info + sql "FLUSH PRIVILEGES" + action :query +end + +# Unfortunately, this is needed to get around a MySQL bug +# that repeatedly shows its face when running this in Vagabond +# containers: +# +# http://bugs.mysql.com/bug.php?id=69644 +mysql_database "drop empty localhost user" do + sql "DELETE FROM mysql.user WHERE User = '' OR Password = ''" + connection mysql_connection_info + action :query +end + +mysql_database "test" do + connection mysql_connection_info + action :drop +end + +mysql_database "FLUSH PRIVILEGES" do + connection mysql_connection_info + sql "FLUSH PRIVILEGES" + action :query +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/openstack-db.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/openstack-db.rb new file mode 100644 index 000000000..2d587fdb9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/openstack-db.rb @@ -0,0 +1,64 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: openstack-db +# +# Copyright 2012-2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +db_create_with_user( + "compute", + node["openstack"]["compute"]["db"]["username"], + db_password("nova") +) + +db_create_with_user( + "dashboard", + node["openstack"]["dashboard"]["db"]["username"], + db_password("horizon") +) + +db_create_with_user( + "identity", + node["openstack"]["identity"]["db"]["username"], + db_password("keystone") +) + +db_create_with_user( + "image", + node["openstack"]["image"]["db"]["username"], + db_password("glance") +) + +db_create_with_user( + "metering", + node["openstack"]["metering"]["db"]["username"], + db_password("ceilometer") +) + +db_create_with_user( + "network", + node["openstack"]["network"]["db"]["username"], + db_password("quantum") +) + +db_create_with_user( + "volume", + node["openstack"]["block-storage"]["db"]["username"], + db_password("cinder") +) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-client.rb new file mode 100644 index 000000000..5d259b4fb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-client.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: postgresql-client +# +# Copyright 2013, Opscode, Inc. +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::ruby" +include_recipe "postgresql::client" + +node["openstack"]["db"]["platform"]["postgresql_python_packages"].each do |pkg| + package pkg +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-server.rb new file mode 100644 index 000000000..56bf4e9b1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/postgresql-server.rb @@ -0,0 +1,32 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: postgresql-server +# +# Copyright 2013, Opscode, Inc. +# Copyright 2012-2013, Rackspace US, Inc. +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +listen_address = address_for node["openstack"]["db"]["bind_interface"] + +node.override["postgresql"]["config"]["listen_addresses"] = listen_address + +include_recipe "openstack-ops-database::postgresql-client" +include_recipe "postgresql::server" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/server.rb new file mode 100644 index 000000000..5044b1a89 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/recipes/server.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: openstack-ops-database +# Recipe:: server +# +# Copyright 2013, Opscode, Inc. +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-ops-database::#{node["openstack"]["db"]["service_type"]}-server" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/client_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/client_spec.rb new file mode 100644 index 000000000..3c83469d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/client_spec.rb @@ -0,0 +1,24 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::client" do + before { ops_database_stubs } + describe "ubuntu" do + + it "uses mysql database client recipe by default" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-ops-database::client" + + expect(chef_run).to include_recipe "openstack-ops-database::mysql-client" + end + + it "uses postgresql database client recipe when configured" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + node = chef_run.node + node.set["openstack"]["db"]["service_type"] = "postgresql" + + chef_run.converge "openstack-ops-database::client" + + expect(chef_run).to include_recipe "openstack-ops-database::postgresql-client" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client-opensuse_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client-opensuse_spec.rb new file mode 100644 index 000000000..eb2b2a6a4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client-opensuse_spec.rb @@ -0,0 +1,15 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::postgresql-client" do + before { ops_database_stubs } + describe "opensuse" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::OPENSUSE_OPTS + @chef_run.converge "openstack-ops-database::mysql-client" + end + + it "installs mysql packages" do + expect(@chef_run).to install_package "python-mysql" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client_spec.rb new file mode 100644 index 000000000..067f883f2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-client_spec.rb @@ -0,0 +1,20 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::mysql-client" do + before { ops_database_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-ops-database::mysql-client" + end + + it "includes mysql recipes" do + expect(@chef_run).to include_recipe "mysql::ruby" + expect(@chef_run).to include_recipe "mysql::client" + end + + it "installs mysql packages" do + expect(@chef_run).to install_package "python-mysqldb" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-server_spec.rb new file mode 100644 index 000000000..14901b5ba --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/mysql-server_spec.rb @@ -0,0 +1,78 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::mysql-server" do + before { ops_database_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["mysql"] = { + "server_debian_password" => "server-debian-password", + "server_root_password" => "server-root-password", + "server_repl_password" => "server-repl-password" + } + end + @chef_run.converge "openstack-ops-database::mysql-server" + end + + it "overrides default mysql attributes" do + expect(@chef_run.node["mysql"]["bind_address"]).to eql "127.0.0.1" + expect(@chef_run.node['mysql']['tunable']['innodb_thread_concurrency']).to eql "0" + expect(@chef_run.node['mysql']['tunable']['innodb_commit_concurrency']).to eql "0" + expect(@chef_run.node['mysql']['tunable']['innodb_read_io_threads']).to eql "4" + expect(@chef_run.node['mysql']['tunable']['innodb_flush_log_at_trx_commit']).to eql "2" + end + + it "includes mysql recipes" do + expect(@chef_run).to include_recipe "openstack-ops-database::mysql-client" + expect(@chef_run).to include_recipe "mysql::server" + end + + describe "lwrps" do + before do + @connection = { + :host => "localhost", + :username => "root", + :password => "server-root-password" + } + end + + it "removes insecure default localhost mysql users" do + resource = @chef_run.find_resource( + "mysql_database", + "drop empty localhost user" + ).to_hash + + expect(resource).to include( + :sql => "DELETE FROM mysql.user WHERE User = '' OR Password = ''", + :connection => @connection, + :action => [:query] + ) + end + + it "drops the test database" do + resource = @chef_run.find_resource( + "mysql_database", + "test" + ).to_hash + + expect(resource).to include( + :connection => @connection, + :action => [:drop] + ) + end + + it "flushes privileges" do + resource = @chef_run.find_resource( + "mysql_database", + "FLUSH PRIVILEGES" + ).to_hash + + expect(resource).to include( + :connection => @connection, + :sql => "FLUSH PRIVILEGES", + :action => [:query] + ) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/openstack-db_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/openstack-db_spec.rb new file mode 100644 index 000000000..948a6f27a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/openstack-db_spec.rb @@ -0,0 +1,59 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::openstack-db" do + before do + ::Chef::Recipe.any_instance.stub(:db_create_with_user) + ::Chef::Recipe.any_instance.stub(:db_password). + and_return("test-pass") + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + end + + it "creates nova database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "dashboard", "dash", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end + + it "creates dashboard database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "dashboard", "dash", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end + + it "creates identity database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "identity", "keystone", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end + + it "creates image database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "image", "glance", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end + + it "creates metering database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "metering", "ceilometer", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end + + it "creates network database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "network", "quantum", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end + + it "creates volume database and user" do + ::Chef::Recipe.any_instance.should_receive(:db_create_with_user). + with "volume", "cinder", "test-pass" + + @chef_run.converge "openstack-ops-database::openstack-db" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/postgresql-server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/postgresql-server_spec.rb new file mode 100644 index 000000000..e4a5ee16d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/postgresql-server_spec.rb @@ -0,0 +1,21 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::postgresql-server" do + before { ops_database_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + # The postgresql cookbook will raise an "uninitialized constant + # Chef::Application" error without this attribute when running + # the tests + @chef_run.node.set["postgresql"]["password"]["postgres"] = String.new + @chef_run.converge "openstack-ops-database::postgresql-server" + end + + it "includes postgresql recipes" do + expect(@chef_run).to include_recipe( + "openstack-ops-database::postgresql-client") + expect(@chef_run).to include_recipe "postgresql::server" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/server_spec.rb new file mode 100644 index 000000000..752848115 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/server_spec.rb @@ -0,0 +1,34 @@ +require_relative "spec_helper" + +describe "openstack-ops-database::server" do + before { ops_database_stubs } + describe "ubuntu" do + + it "uses mysql database server recipe by default" do + chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["mysql"] = { + "server_debian_password" => "server-debian-password", + "server_root_password" => "server-root-password", + "server_repl_password" => "server-repl-password" + } + end + chef_run.converge "openstack-ops-database::server" + + expect(chef_run).to include_recipe "openstack-ops-database::mysql-server" + end + + it "uses postgresql database server recipe when configured" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS do |n| + n.set["openstack"]["db"]["service_type"] = "postgresql" + # The postgresql cookbook will raise an "uninitialized constant + # Chef::Application" error without this attribute when running + # the tests + n.set["postgresql"]["password"]["postgres"] = String.new + end + + chef_run.converge "openstack-ops-database::server" + + expect(chef_run).to include_recipe "openstack-ops-database::postgresql-server" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/spec_helper.rb new file mode 100644 index 000000000..a4e2f980c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-database/spec/spec_helper.rb @@ -0,0 +1,24 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::OPENSUSE_OPTS = { + :platform => "opensuse", + :version => "12.3", + :log_level => ::LOG_LEVEL +} +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def ops_database_stubs + ::Chef::Recipe.any_instance.stub(:address_for). + with("lo"). + and_return "127.0.0.1" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/.tailor new file mode 100644 index 000000000..99f0dcf16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/.tailor @@ -0,0 +1,25 @@ +Tailor.config do |config| + config.formatters "text" + config.file_set '**/*.rb' do |style| + style.max_line_length 80, level: :off + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :error + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 1, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile new file mode 100644 index 000000000..84e5b6dfb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile @@ -0,0 +1,4 @@ +metadata + +cookbook "openstack-common", + git: "git://github.com/stackforge/cookbook-openstack-common.git" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile.lock new file mode 100644 index 000000000..517fc208e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Berksfile.lock @@ -0,0 +1,46 @@ +{ + "sha": "45e1bf81e0dd550088ee5794e167786e616570ea", + "sources": { + "openstack-ops-messaging": { + "path": "." + }, + "openstack-common": { + "locked_version": "0.3.0", + "git": "git://github.com/stackforge/cookbook-openstack-common.git", + "ref": "25b183f2362fa501cfee4db331491b3d984a5c05" + }, + "rabbitmq": { + "locked_version": "2.1.2" + }, + "erlang": { + "locked_version": "1.3.0" + }, + "apt": { + "locked_version": "2.0.0" + }, + "yum": { + "locked_version": "2.3.0" + }, + "build-essential": { + "locked_version": "1.4.0" + }, + "database": { + "locked_version": "1.4.0" + }, + "mysql": { + "locked_version": "3.0.2" + }, + "openssl": { + "locked_version": "1.0.2" + }, + "postgresql": { + "locked_version": "3.0.2" + }, + "aws": { + "locked_version": "0.101.2" + }, + "xfs": { + "locked_version": "1.1.0" + } + } +} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/CHANGELOG.md new file mode 100644 index 000000000..fa14dddb3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/CHANGELOG.md @@ -0,0 +1,4 @@ +## 7.0.0 + +* Initial release intended for Grizzly-based OpenStack releases, + for use with Stackforge upstream repositories. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile new file mode 100644 index 000000000..04ef97e41 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +gem "chef", "~> 11.4.4" +gem "json", "<= 1.7.7" # chef 11 dependency +gem "berkshelf", "~> 2.0.3" +gem "chefspec", "~> 1.3.0" +gem "foodcritic" +gem "strainer" +gem "tailor" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile.lock new file mode 100644 index 000000000..2d00f7d7f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Gemfile.lock @@ -0,0 +1,223 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (4.0.0) + i18n (~> 0.6, >= 0.6.4) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + addressable (2.3.5) + akami (1.2.0) + gyoku (>= 0.4.0) + nokogiri (>= 1.4.0) + atomic (1.1.10) + berkshelf (2.0.5) + activesupport (>= 3.2.0) + addressable (~> 2.3.4) + buff-shell_out (~> 0.1) + celluloid (>= 0.14.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + minitar (~> 0.5.4) + rbzip2 (~> 0.2.0) + retryable (~> 1.3.3) + ridley (~> 1.2.1) + solve (>= 0.5.0) + thor (~> 0.18.0) + buff-extensions (0.5.0) + buff-ruby_engine (0.1.0) + buff-shell_out (0.1.0) + buff-ruby_engine (~> 0.1.0) + builder (3.2.2) + celluloid (0.14.1) + timers (>= 1.0.0) + celluloid-io (0.14.1) + celluloid (>= 0.14.1) + nio4r (>= 0.4.5) + chef (11.4.4) + erubis + highline (>= 1.6.9) + json (>= 1.4.4, <= 1.7.7) + mixlib-authentication (>= 1.3.0) + mixlib-cli (~> 1.3.0) + mixlib-config (>= 1.1.2) + mixlib-log (>= 1.3.0) + mixlib-shellout + net-ssh (~> 2.6) + net-ssh-multi (~> 1.1.0) + ohai (>= 0.6.0) + rest-client (>= 1.0.4, < 1.7.0) + yajl-ruby (~> 1.1) + chefspec (1.3.1) + chef (>= 10.0) + erubis + fauxhai (>= 0.1.1, < 2.0) + minitest-chef-handler (>= 0.6.0) + rspec (~> 2.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + ci_reporter (1.8.4) + builder (>= 2.1.2) + diff-lcs (1.2.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fauxhai (1.1.1) + httparty + net-ssh + ohai + ffi (1.9.0) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + gssapi (1.0.3) + ffi (>= 1.0.1) + gyoku (1.0.0) + builder (>= 2.1.2) + hashie (2.0.5) + highline (1.6.19) + httparty (0.11.0) + multi_json (~> 1.0) + multi_xml (>= 0.5.2) + httpclient (2.2.0.2) + httpi (0.9.7) + rack + i18n (0.6.4) + ipaddress (0.8.0) + json (1.7.7) + little-plugger (1.1.3) + log_switch (0.4.0) + logging (1.6.2) + little-plugger (>= 1.1.3) + mime-types (1.23) + minitar (0.5.4) + minitest (4.7.5) + minitest-chef-handler (1.0.1) + chef + ci_reporter + minitest (~> 4.7.3) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-cli (1.3.0) + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.7) + multi_xml (0.5.4) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-ssh (2.6.7) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) + net-ssh-multi (1.1) + net-ssh (>= 2.1.4) + net-ssh-gateway (>= 0.99.0) + nio4r (0.4.6) + nokogiri (1.5.10) + nori (1.1.5) + ohai (6.16.0) + ipaddress + mixlib-cli + mixlib-config + mixlib-log + mixlib-shellout + systemu + yajl-ruby + polyglot (0.3.3) + rack (1.5.2) + rak (1.4) + rbzip2 (0.2.0) + rest-client (1.6.7) + mime-types (>= 1.16) + retryable (1.3.3) + ridley (1.2.3) + addressable + buff-extensions (~> 0.3) + buff-shell_out (~> 0.1) + celluloid (~> 0.14.0) + celluloid-io (~> 0.14.0) + erubis + faraday (>= 0.8.4) + hashie (>= 2.0.2) + json (>= 1.7.7) + mixlib-authentication (>= 1.3.0) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.4) + varia_model (~> 0.1) + winrm (~> 1.1.0) + rspec (2.13.0) + rspec-core (~> 2.13.0) + rspec-expectations (~> 2.13.0) + rspec-mocks (~> 2.13.0) + rspec-core (2.13.1) + rspec-expectations (2.13.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-mocks (2.13.1) + rubyntlm (0.1.1) + savon (0.9.5) + akami (~> 1.0) + builder (>= 2.1.2) + gyoku (>= 0.4.0) + httpi (~> 0.9) + nokogiri (>= 1.4.0) + nori (~> 1.0) + wasabi (~> 1.0) + solve (0.6.0) + strainer (3.0.3) + berkshelf (~> 2.0) + systemu (2.5.2) + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.2.2) + tins (~> 0.8) + text-table (1.2.3) + thor (0.18.1) + thread_safe (0.1.0) + atomic + timers (1.1.0) + tins (0.8.2) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.37) + uuidtools (2.1.4) + varia_model (0.1.0) + buff-extensions (~> 0.1) + hashie (>= 2.0.2) + wasabi (1.0.0) + nokogiri (>= 1.4.0) + winrm (1.1.2) + gssapi (~> 1.0.0) + httpclient (~> 2.2.0.2) + logging (~> 1.6.1) + nokogiri (~> 1.5.0) + rubyntlm (~> 0.1.1) + savon (= 0.9.5) + uuidtools (~> 2.1.2) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf (~> 2.0.3) + chef (~> 11.4.4) + chefspec (~> 1.3.0) + foodcritic + json (<= 1.7.7) + strainer + tailor diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/README.md new file mode 100644 index 000000000..347470f73 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/README.md @@ -0,0 +1,84 @@ +# Description # + +This cookbook provides shared message queue configuration for the OpenStack **Grizzly** reference deployment provided by Chef for OpenStack. The http://github.com/mattray/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. It currently supports RabbitMQ and will soon other queues. + +# Requirements # + +Chef 11 with Ruby 1.9.x required. + +# Platforms # + +* Ubuntu-12.04 + +# Cookbooks # + +The following cookbooks are dependencies: + +* openstack-common +* rabbitmq + +# Usage # + +The usage of this cookbook is optional, you may choose to set up your own messaging service without using this cookbook. If you choose to do so, you will need to provide all of the attributes listed under the [Attributes](#attributes). + +# Resources/Providers # + +None + +# Templates # + +None + +# Recipes # + +## server ## + +- message queue server configuration, selected by attributes + +## rabbitmq-server ## + +- configures the RabbitMQ server for OpenStack + +# Attributes # + +* `openstack["mq"]["bind_interface"]` - bind to interfaces IPv4 address +* `openstack["mq"]["cluster"]` - whether or not to cluster rabbit, defaults to 'false' + +Testing +===== + +This cookbook uses [bundler](http://gembundler.com/), [berkshelf](http://berkshelf.com/), and [strainer](https://github.com/customink/strainer) to isolate dependencies and run tests. + +Tests are defined in Strainerfile. + +To run tests: + + $ bundle install # install gem dependencies + $ bundle exec berks install # install cookbook dependencies + $ bundle exec strainer test # run tests + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | John Dewey () | +| **Author** | Matt Ray () | +| **Author** | Craig Tracey () | +| | | +| **Copyright** | Copyright (c) 2013, Opscode, Inc. | +| **Copyright** | Copyright (c) 2013, Craig Tracey | +| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. | + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Strainerfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Strainerfile new file mode 100644 index 000000000..7e292b43d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/Strainerfile @@ -0,0 +1,5 @@ +# Strainerfile +tailor: bundle exec tailor +knife test: bundle exec knife cookbook test $COOKBOOK +foodcritic: bundle exec foodcritic -f any -t ~FC003 -t ~FC023 $SANDBOX/$COOKBOOK +chefspec: bundle exec rspec $SANDBOX/$COOKBOOK/spec diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/attributes/default.rb new file mode 100644 index 000000000..95782cce3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/attributes/default.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: openstack-ops-messaging +# Recipe:: default +# +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default["openstack"]["mq"]["bind_interface"] = "lo" +default["openstack"]["mq"]["cluster"] = false diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/metadata.rb new file mode 100644 index 000000000..093386f67 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/metadata.rb @@ -0,0 +1,16 @@ +name "openstack-ops-messaging" +maintainer "Opscode, Inc." +maintainer_email "matt@opscode.com" +license "Apache 2.0" +description "Provides the shared messaging configuration for Chef for OpenStack." +version "7.0.0" + +recipe "server", "Installs and configures server packages for messaging queue used by the deployment." +recipe "rabbitmq-server", "Installs and configures RabbitMQ and is called via the server recipe" + +%w{ fedora ubuntu redhat centos }.each do |os| + supports os +end + +depends "openstack-common", "~> 0.4.0" +depends "rabbitmq", ">= 2.1.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/rabbitmq-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/rabbitmq-server.rb new file mode 100644 index 000000000..9d2e72569 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/rabbitmq-server.rb @@ -0,0 +1,88 @@ +# +# Cookbook Name:: openstack-ops-messaging +# Recipe:: rabbitmq-server +# +# Copyright 2013, Opscode, Inc. +# Copyright 2013, AT&T Services, Inc. +# Copyright 2013, Craig Tracey +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +rabbit_server_role = node["openstack"]["mq"]["server_role"] +user = node["openstack"]["mq"]["user"] +pass = user_password user +vhost = node["openstack"]["mq"]["vhost"] +bind_interface = node["openstack"]["mq"]["bind_interface"] +listen_address = address_for node["openstack"]["mq"]["bind_interface"] + +# Used by OpenStack#rabbit_servers/#rabbit_server +node.set["openstack"]["mq"]["listen"] = listen_address + +node.override["rabbitmq"]["port"] = node["openstack"]["mq"]["port"] +node.override["rabbitmq"]["address"] = listen_address +node.override["rabbitmq"]["default_user"] = user +node.override["rabbitmq"]["default_pass"] = pass +node.override["rabbitmq"]["use_distro_version"] = true + +# Clustering +if node["openstack"]["mq"]["cluster"] + node.override["rabbitmq"]["cluster"] = node["openstack"]["mq"]["cluster"] + node.override["rabbitmq"]["erlang_cookie"] = service_password "rabbit_cookie" + qs = "roles:#{rabbit_server_role} AND chef_environment:#{node.chef_environment}" + node.override["rabbitmq"]["cluster_disk_nodes"] = search(:node, qs).map do |n| + "#{user}@#{n['hostname']}" + end.sort +end + +include_recipe "rabbitmq" +include_recipe "rabbitmq::mgmt_console" + +rabbitmq_user "remove rabbit guest user" do + user "guest" + action :delete + + not_if { user == "guest" } +end + +rabbitmq_user "add openstack rabbit user" do + user user + password pass + + action :add +end + +rabbitmq_vhost "add openstack rabbit vhost" do + vhost vhost + + action :add +end + +rabbitmq_user "set openstack user permissions" do + user user + vhost vhost + permissions '.* .* .*' + action :set_permissions +end + +# Necessary for graphing. +rabbitmq_user "set rabbit administrator tag" do + user user + tag "administrator" + + action :set_tags +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/server.rb new file mode 100644 index 000000000..35ccd73b6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/recipes/server.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: openstack-ops-messaging +# Recipe:: server +# +# Copyright 2013, Opscode, Inc. +# Copyright 2013, Craig Tracey +# Copyright 2013, AT&T Services, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "openstack-ops-messaging::#{node["openstack"]["mq"]["service_type"]}-server" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/rabbitmq-server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/rabbitmq-server_spec.rb new file mode 100644 index 000000000..817387de4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/rabbitmq-server_spec.rb @@ -0,0 +1,130 @@ +require_relative "spec_helper" + +describe "openstack-ops-messaging::rabbitmq-server" do + before { ops_messaging_stubs } + describe "ubuntu" do + before do + @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + @chef_run.converge "openstack-ops-messaging::rabbitmq-server" + end + + it "overrides default rabbit attributes" do + expect(@chef_run.node["openstack"]["mq"]["port"]).to eql "5672" + expect(@chef_run.node["openstack"]["mq"]["listen"]).to eql "127.0.0.1" + expect(@chef_run.node["rabbitmq"]["address"]).to eql "127.0.0.1" + expect(@chef_run.node["rabbitmq"]["default_user"]).to eql "guest" + expect(@chef_run.node['rabbitmq']['default_pass']).to eql "rabbit-pass" + end + + describe "cluster" do + before do + @chef_run = ::ChefSpec::ChefRunner.new(::UBUNTU_OPTS) do |n| + n.set["openstack"]["mq"] = { + "cluster" => true + } + end + @chef_run.converge "openstack-ops-messaging::rabbitmq-server" + end + + it "overrides cluster" do + expect(@chef_run.node['rabbitmq']['cluster']).to be_true + end + + it "overrides erlang_cookie" do + expect(@chef_run.node['rabbitmq']['erlang_cookie']).to eql( + "erlang-cookie" + ) + end + + it "overrides and sorts cluster_disk_nodes" do + expect(@chef_run.node['rabbitmq']['cluster_disk_nodes']).to eql( + ["guest@host1", "guest@host2"] + ) + end + end + + it "includes rabbit recipes" do + expect(@chef_run).to include_recipe "rabbitmq" + expect(@chef_run).to include_recipe "rabbitmq::mgmt_console" + end + + describe "lwrps" do + it "deletes guest user" do + resource = @chef_run.find_resource( + "rabbitmq_user", + "remove rabbit guest user" + ).to_hash + + expect(resource).to include( + :user => "guest", + :action => [:delete] + ) + end + + it "doesn't delete guest user" do + opts = ::UBUNTU_OPTS.merge(:evaluate_guards => true) + chef_run = ::ChefSpec::ChefRunner.new opts + chef_run.converge "openstack-ops-messaging::rabbitmq-server" + + resource = chef_run.find_resource( + "rabbitmq_user", + "remove rabbit guest user" + ) + + expect(resource).to be_nil + end + + it "adds user" do + resource = @chef_run.find_resource( + "rabbitmq_user", + "add openstack rabbit user" + ).to_hash + + expect(resource).to include( + :user => "guest", + :password => "rabbit-pass", + :action => [:add] + ) + end + + it "adds vhost" do + resource = @chef_run.find_resource( + "rabbitmq_vhost", + "add openstack rabbit vhost" + ).to_hash + + expect(resource).to include( + :vhost => "/", + :action => [:add] + ) + end + + it "sets user permissions" do + resource = @chef_run.find_resource( + "rabbitmq_user", + "set openstack user permissions" + ).to_hash + + expect(resource).to include( + :user => "guest", + :vhost => "/", + :permissions => '.* .* .*', + :action => [:set_permissions] + ) + end + + it "sets administrator tag" do + resource = @chef_run.find_resource( + "rabbitmq_user", + "set rabbit administrator tag" + ).to_hash + + expect(resource).to include( + :user => "guest", + :tag => "administrator", + :action => [:set_tags] + ) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/server_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/server_spec.rb new file mode 100644 index 000000000..139a7f425 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/server_spec.rb @@ -0,0 +1,14 @@ +require_relative 'spec_helper' + +describe "openstack-ops-messaging::server" do + before { ops_messaging_stubs } + describe "ubuntu" do + + it "uses proper messaging server recipe" do + chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS + chef_run.converge "openstack-ops-messaging::server" + + expect(chef_run).to include_recipe "openstack-ops-messaging::rabbitmq-server" + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/spec_helper.rb new file mode 100644 index 000000000..5a94c19be --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-ops-messaging/spec/spec_helper.rb @@ -0,0 +1,30 @@ +require "chefspec" + +::LOG_LEVEL = :fatal +::REDHAT_OPTS = { + :platform => "redhat", + :version => "6.3", + :log_level => ::LOG_LEVEL +} +::UBUNTU_OPTS = { + :platform => "ubuntu", + :version => "12.04", + :log_level => ::LOG_LEVEL +} + +def ops_messaging_stubs + ::Chef::Recipe.any_instance.stub(:address_for). + with("lo"). + and_return "127.0.0.1" + ::Chef::Recipe.any_instance.stub(:search). + with(:node, "roles:os-ops-messaging AND chef_environment:_default"). + and_return [ + { 'hostname' => 'host2' }, + { 'hostname' => 'host1' } + ] + ::Chef::Recipe.any_instance.stub(:user_password). + and_return "rabbit-pass" + ::Chef::Recipe.any_instance.stub(:service_password). + with("rabbit_cookie"). + and_return "erlang-cookie" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/.kitchen.yml new file mode 100644 index 000000000..28e08d6bf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/.kitchen.yml @@ -0,0 +1,78 @@ +--- +driver_plugin: vagrant + +platforms: +- name: ubuntu-12.04 + driver_config: + box: opscode-ubuntu-12.04 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box + require_chef_omnibus: true + run_list: + - recipe[apt] +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_provisionerless.box + require_chef_omnibus: true + run_list: + - recipe[apt] +- name: centos-6.4 + driver_config: + box: opscode-centos-6.4 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box + require_chef_omnibus: true +- name: centos-5.9 + driver_config: + box: opscode-centos-5.9 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box + require_chef_omnibus: true + +suites: +- name: default + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + attributes: {} +- name: contrib + run_list: + - recipe[postgresql::contrib] + attributes: + postgresql: + password: + postgres: "iloverandompasswordsbutthiswilldo" +- name: apt-pgdg + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + excludes: ["centos-5.9", "centos-6.4"] + attributes: + postgresql: + enable_pgdg_apt: true + version: "9.2" + client: + packages: ["postgresql-client-9.2", "libpq-dev"] +- name: yum-pgdg + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + excludes: ["ubuntu-10.04", "ubuntu-12.04", "debian-6.0.7"] + attributes: + postgresql: + enable_pgdg_yum: true + version: "9.2" + client: + packages: ["postgresql92"] +- name: ruby + run_list: + - recipe[postgresql::ruby] + - recipe[minitest-handler] + attributes: {} +- name: server + run_list: + - recipe[postgresql::ruby] + - recipe[minitest-handler] + - recipe[postgresql::server] + attributes: + postgresql: + password: + postgres: "iloverandompasswordsbutthiswilldo" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/Berksfile new file mode 100644 index 000000000..52dc4f469 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/Berksfile @@ -0,0 +1,7 @@ +site :opscode + +metadata + +group :integration do + cookbook 'minitest-handler' +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CHANGELOG.md new file mode 100644 index 000000000..ca9286a72 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CHANGELOG.md @@ -0,0 +1,102 @@ +## v3.0.0: + +This is a backwards-incompatible release because the Pitti PPA is +deprecated and the recipe removed, replaced with the PGDG apt +repository. + +### Bug + +- [COOK-2571]: Create helper library for pg extension detection +- [COOK-2797]: Contrib extension contianing '-' fails to load. + +### Improvement + +- [COOK-2387]: Pitti Postgresql PPA is deprecated + +### Task + +- [COOK-3022]: update baseboxes in .kitchen.yml + +## v2.4.0: + +* [COOK-2163] - Dangerous "assign-postgres-password" in "recipes/server.rb" -- Can lock out dbadmin access +* [COOK-2390] - Recipes to auto-generate many postgresql.conf settings, following "initdb" and "pgtune" +* [COOK-2435] - Foodcritic fixes for postgresql cookbook +* [COOK-2476] - Installation into database of any contrib module extensions listed in a node attribute + +## v2.2.2: + +* [COOK-2232] -Provide PGDG yum repo to install postgresql 9.x on + redhat-derived distributions + +## v2.2.0: + +* [COOK-2230] - Careful about Debian minor version numbers +* [COOK-2231] - Fix support for postgresql 9.x in server_redhat recipe +* [COOK-2238] - Postgresql recipe error in password check +* [COOK-2176] - PostgreSQL cookbook in Solo mode can cause + "NoMethodError: undefined method `[]' for nil:NilClass" +* [COOK-2233] - Provide postgresql::contrib recipe to install useful + server administration tools + +## v2.1.0: + +* [COOK-1872] - Allow latest PostgreSQL deb packages to be installed +* [COOK-1961] - Postgresql config file changes with every Chef run +* [COOK-2041] - Postgres cookbook no longer installs on OpenSuSE 11.4 + +## v2.0.2: + +* [COOK-1406] - pg gem compile is unable to find libpq under Chef full + stack (omnibus) installation + +## v2.0.0: + +This version is backwards incompatible with previous versions of the +cookbook due to use of `platform_family`, and the refactored +configuration files using node attributes. See README.md for details +on how to modify configuration of PostgreSQL. + +* [COOK-1508] - fix mixlib shellout error on SUSE +* [COOK-1744] - Add service enable & start +* [COOK-1779] - Don't run apt-get update and others in ruby recipe if pg is installed +* [COOK-1871] - Attribute driven configuration files for PostgreSQL +* [COOK-1900] - don't assume ssl on all postgresql 8.4+ installs +* [COOK-1901] - fail a chef-solo run when the postgres password + attribute is not set + +## v1.0.0: + +**Important note for this release** + +This version no longer installs Ruby bindings in the client recipe by +default. Use the ruby recipe if you'd like the RubyGem. If you'd like +packages for your distribution, use them in your application's +specific cookbook/recipe, or modify the client packages attribute. + +This resolves the following tickets. + +* COOK-1011 +* COOK-1534 + +The following issues are also resolved with this release. + +* [COOK-1011] - Don't install postgresql packages during compile + phase and remove pg gem installation +* [COOK-1224] - fix undefined variable on Debian +* [COOK-1462] - Add attribute for specifying listen address + +## v0.99.4: + +* [COOK-421] - config template is malformed +* [COOK-956] - add make package on ubuntu/debian + +## v0.99.2: + +* [COOK-916] - use < (with float) for version comparison. + +## v0.99.0: + +* Better support for Red Hat-family platforms +* Integration with database cookbook +* Make sure the postgres role is updated with a (secure) password diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/README.md new file mode 100644 index 000000000..68d5e58d2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/README.md @@ -0,0 +1,438 @@ +Description +=========== + +Installs and configures PostgreSQL as a client or a server. + +Requirements +============ + +## Platforms + +* Debian, Ubuntu +* Red Hat/CentOS/Scientific (6.0+ required) - "EL6-family" +* Fedora +* SUSE + +Tested on: + +* Ubuntu 10.04, 11.10, 12.04 +* Red Hat 6.1, Scientific 6.1, CentOS 6.3 + +## Cookbooks + +Requires Opscode's `openssl` cookbook for secure password generation. + +Requires a C compiler and development headers in order to build the +`pg` RubyGem to provide Ruby bindings in the `ruby` recipe. + +Opscode's `build-essential` cookbook provides this functionality on +Debian, Ubuntu, and EL6-family. + +While not required, Opscode's `database` cookbook contains resources +and providers that can interact with a PostgreSQL database. This +cookbook is a dependency of database. + +Attributes +========== + +The following attributes are set based on the platform, see the +`attributes/default.rb` file for default values. + +* `node['postgresql']['version']` - version of postgresql to manage +* `node['postgresql']['dir']` - home directory of where postgresql + data and configuration lives. + +* `node['postgresql']['client']['packages']` - An array of package names + that should be installed on "client" systems. +* `node['postgresql']['server']['packages']` - An array of package names + that should be installed on "server" systems. +* `node['postgresql']['contrib']['packages']` - An array of package names + that could be installed on "server" systems for useful sysadmin tools. + +* `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo + by the PostgreSQL Global Development Group, which contains newer versions + of PostgreSQL. + +* `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo + by the PostgreSQL Global Development Group, which contains newer versions + of PostgreSQL. + +The following attributes are generated in +`recipe[postgresql::server]`. + +* `node['postgresql']['password']['postgres']` - randomly generated + password by the `openssl` cookbook's library. + (TODO: This is broken, as it disables the password.) + +Configuration +------------- + +The `postgresql.conf` and `pg_hba.conf` files are dynamically +generated from attributes. Each key in `node['postgresql']['config']` +is a postgresql configuration directive, and will be rendered in the +config file. For example, the attribute: + + node['postgresql']['config']['listen_address'] = 'localhost' + +Will result in the following line in the `postgresql.conf` file: + + listen_address = 'localhost' + +The attributes file contains default values for Debian and RHEL +platform families (per the `node['platform_family']`). These defaults +have disparity between the platforms because they were originally +extracted from the postgresql.conf files in the previous version of +this cookbook, which differed in their default config. The resulting +configuration files will be the same as before, but the content will +be dynamically rendered from the attributes. The helpful commentary +will no longer be present. You should consult the PostgreSQL +documentation for specific configuration details. + +See __Recipes__ `config_initdb` and `config_pgtune` below to +auto-generate many postgresql.conf settings. + +For values that are "on" or "off", they should be specified as literal +`true` or `false`. String values will be used with single quotes. Any +configuration option set to the literal `nil` will be skipped +entirely. All other values (e.g., numeric literals) will be used as +is. So for example: + + node.default['postgresql']['config']['logging_collector'] = true + node.default['postgresql']['config']['datestyle'] = 'iso, mdy' + node.default['postgresql']['config']['ident_file'] = nil + node.default['postgresql']['config']['port] = 5432 + +Will result in the following config lines: + + logging_collector = 'on' + datestyle = 'iso,mdy' + port = 5432 + +(no line printed for `ident_file` as it is `nil`) + +The `pg_hba.conf` file is dynamically generated from the +`node['postgresql']['pg_hba']` attribute. This attribute must be an +array of hashes, each hash containing the authorization data. As it is +an array, you can append to it in your own recipes. The hash keys in +the array must be symbols. Each hash will be written as a line in +`pg_hba.conf`. For example, this entry from +`node['postgresql']['pg_hba']`: + + {:comment => '# Optional comment', + :type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'} + +Will result in the following line in `pg_hba.conf`: + + # Optional comment + local all postgres md5 + +Use `nil` if the CIDR-ADDRESS should be empty (as above). +Don't provide a comment if none is desired in the `pg_hba.conf` file. + +Note that the following authorization rule is supplied automatically by +the cookbook template. The cookbook needs this to execute SQL in the +PostgreSQL server without supplying the clear-text password (which isn't +known by the cookbook). Therefore, your `node['postgresql']['pg_hba']` +attributes don't need to specify this authorization rule: + + # "local" is for Unix domain socket connections only + local all all ident + +(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1 +and above, which has the same effect.) + +Recipes +======= + +default +------- + +Includes the client recipe. + +client +------ + +Installs the packages defined in the +`node['postgresql']['client']['packages']` attribute. + +ruby +---- + +**NOTE** This recipe may not currently work when installing Chef with + the + ["Omnibus" full stack installer](http://opscode.com/chef/install) on + some platforms due to an incompatibility with OpenSSL. See + [COOK-1406](http://tickets.opscode.com/browse/COOK-1406). You can + build from source into the Chef omnibus installation to work around + this issue. + +Install the `pg` gem under Chef's Ruby environment so it can be used +in other recipes. The build-essential packages and postgresql client +packages will be installed during the compile phase, so that the +native extensions of `pg` can be compiled. + +server +------ + +Includes the `server_debian` or `server_redhat` recipe to get the +appropriate server packages installed and service managed. Also +manages the configuration for the server: + +* generates a strong default password (via `openssl`) for `postgres` + (TODO: This is broken, as it disables the password.) +* sets the password for postgres +* manages the `postgresql.conf` file. +* manages the `pg_hba.conf` file. + +server\_debian +-------------- + +Installs the postgresql server packages and sets up the service. You +should include the `postgresql::server` recipe, which will include +this on Debian platforms. + +server\_redhat +-------------- + +Manages the postgres user and group (with UID/GID 26, per RHEL package +conventions), installs the postgresql server packages, initializes the +database, and manages the postgresql service. You should include the +`postgresql::server` recipe, which will include this on RHEL/Fedora +platforms. + +config\_initdb +-------------- + +Takes locale and timezone settings from the system configuration. +This recipe creates `node.default['postgresql']['config']` attributes +that conform to the system's locale and timezone. In addition, this +recipe creates the same error reporting and logging settings that +`initdb` provided: a rotation of 7 days of log files named +postgresql-Mon.log, etc. + +The default attributes created by this recipe are easy to override with +normal attributes because of Chef attribute precedence. For example, +suppose a DBA wanted to keep log files indefinitely, rolling over daily +or when growing to 10MB. The Chef installation could include the +`postgresql::config_initdb` recipe for the locale and timezone settings, +but customize the logging settings with these node JSON attributes: + + "postgresql": { + "config": { + "log_rotation_age": "1d", + "log_rotation_size": "10MB", + "log_filename": "postgresql-%Y-%m-%d_%H%M%S.log" + } + } + +Credits: This `postgresql::config_initdb` recipe is based on algorithms +in the [source code](http://doxygen.postgresql.org/initdb_8c_source.html) +for the PostgreSQL `initdb` utility. + +config\_pgtune +-------------- + +Performance tuning. +Takes the wimpy default postgresql.conf and expands the database server +to be as powerful as the hardware it's being deployed on. This recipe +creates a baseline configuration of `node.default['postgresql']['config']` +attributes in the right general range for a dedicated Postgresql system. +Most installations won't need additional performance tuning. + +The only decision you need to make is to choose a `db_type` from the +following database workloads. (See the recipe code comments for more +detailed descriptions.) + + * "dw" -- Data Warehouse + * "oltp" -- Online Transaction Processing + * "web" -- Web Application + * "mixed" -- Mixed DW and OLTP characteristics + * "desktop" -- Not a dedicated database + +This recipe uses a performance model with three input parameters. +These node attributes are completely optional, but it is obviously +important to choose the `db_type` correctly: + + * `node['postgresql']['config_pgtune']['db_type']` -- + Specifies database type from the list of five choices above. + If not specified, the default is "mixed". + + * `node['postgresql']['config_pgtune']['max_connections']` -- + Specifies maximum number of connections expected. + If not specified, it depends on database type: + "web":200, "oltp":300, "dw":20, "mixed":80, "desktop":5 + + * `node['postgresql']['config_pgtune']['total_memory']` -- + Specifies total system memory in kB. (E.g., "49416564kB".) + If not specified, it will be taken from Ohai automatic attributes. + This could be used to tune a system that isn't a dedicated database. + +The default attributes created by this recipe are easy to override with +normal attributes because of Chef attribute precedence. For example, if +you are running application benchmarks to try different buffer cache +sizes, you would experiment with this node JSON attribute: + + "postgresql": { + "config": { + "shared_buffers": "3GB" + } + } + +Note that the recipe uses `max_connections` in its computations. If +you want to override that setting, you should specify +`node['postgresql']['config_pgtune']['max_connections']` instead of +`node['postgresql']['config']['max_connections']`. + +Credits: This `postgresql::config_pgtune` recipe is based on the +[pgtune python script](https://github.com/gregs1104/pgtune) +developed by +[Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html) +and +[other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com). + +contrib +------- + +Installs the packages defined in the +`node['postgresql']['contrib']['packages']` attribute. The contrib +directory of the PostgreSQL distribution includes porting tools, +analysis utilities, and plug-in features that database engineers often +require. Some (like `pgbench`) are executable. Others (like +`pg_buffercache`) would need to be installed into the database. + +Also installs any contrib module extensions defined in the +`node['postgresql']['contrib']['extensions']` attribute. These will be +available in any subsequently created databases in the cluster, because +they will be installed into the `template1` database using the +`CREATE EXTENSION` command. For example, it is often necessary/helpful +for problem troubleshooting and maintenance planning to install the +views and functions in these [standard instrumentation extensions] +(http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com): + + node['postgresql']['contrib']['extensions'] = [ + "pageinspect", + "pg_buffercache", + "pg_freespacemap", + "pgrowlocks", + "pg_stat_statements", + "pgstattuple" + ] + +Note that the `pg_stat_statements` view only works if `postgresql.conf` +loads its shared library, which can be done with this node attribute: + + node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements' + +apt\_pgdg\_postgresql +---------------------- + +Enables the PostgreSQL Global Development Group yum repository +maintained by Devrim Gündüz for updated PostgreSQL packages. +(The PGDG is the groups that develops PostgreSQL.) +Automatically included if the `node['postgresql']['enable_pgdg_apt']` +attribute is true. Also set the +`node['postgresql']['client']['packages']` and +`node['postgresql']['server]['packages']` to the list of packages to +use from this repository, and set the `node['postgresql']['version']` +attribute to the version to use (e.g., "9.2"). + +yum\_pgdg\_postgresql +--------------------- + +Enables the PostgreSQL Global Development Group yum repository +maintained by Devrim Gündüz for updated PostgreSQL packages. +(The PGDG is the groups that develops PostgreSQL.) +Automatically included if the `node['postgresql']['enable_pgdg_yum']` +attribute is true. Also use `override_attributes` to set a number of +values that will need to have embedded version numbers. For example: + + node['postgresql']['enable_pgdg_yum'] = true + node['postgresql']['version'] = "9.2" + node['postgresql']['dir'] = "/var/lib/pgsql/9.2/data" + node['postgresql']['client']['packages'] = ["postgresql92"] + node['postgresql']['server']['packages'] = ["postgresql92-server"] + node['postgresql']['server']['service_name'] = "postgresql-9.2" + node['postgresql']['contrib']['packages'] = ["postgresql92-contrib"] + +You may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes +to pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php). + +Resources/Providers +=================== + +See the [database](http://community.opscode.com/cookbooks/database) +for resources and providers that can be used for managing PostgreSQL +users and databases. + +Usage +===== + +On systems that need to connect to a PostgreSQL database, add to a run +list `recipe[postgresql]` or `recipe[postgresql::client]`. + +On systems that should be PostgreSQL servers, use +`recipe[postgresql::server]` on a run list. This recipe does set a +password for the `postgres` user. +If you're using `chef server`, if the attribute +`node['postgresql']['password']['postgres']` is not found, +the recipe generates a random password and performs a node.save. +(TODO: This is broken, as it disables the password.) +If you're using `chef-solo`, you'll need +to set the attribute `node['postgresql']['password']['postgres']` in +your node's `json_attribs` file or in a role. + +On Debian family systems, SSL will be enabled, as the packages on +Debian/Ubuntu also generate the SSL certificates. If you use another +platform and wish to use SSL in postgresql, then generate your SSL +certificates and distribute them in your own cookbook, and set the +`node['postgresql']['config']['ssl']` attribute to true in your +role/cookboook/node. + +Chef Solo Note +============== + +The following node attribute is stored on the Chef Server when using +`chef-client`. Because `chef-solo` does not connect to a server or +save the node object at all, to have the password persist across +`chef-solo` runs, you must specify them in the `json_attribs` file +used. For Example: + + { + "postgresql": { + "password": { + "postgres": "iloverandompasswordsbutthiswilldo" + } + }, + "run_list": ["recipe[postgresql::server]"] + } + +That should actually be the "encrypted password" instead of cleartext, +so you should generate it as an md5 hash using the PostgreSQL algorithm. + +* You could copy the md5-hashed password from an existing postgres +database if you have `postgres` access and want to use the same password:
+`select * from pg_shadow where usename='postgres';` +* You can run this from any postgres database session to use a new password:
+`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');` +* You can run this from a linux commandline:
+`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'` + +License and Author +================== + +- Author:: Joshua Timberman () +- Author:: Lamont Granquist () +- Author:: Chris Roberts () +- Author:: David Crane () + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/TESTING.md new file mode 100644 index 000000000..e29ff7c04 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install vagrant-berkshelf + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/attributes/default.rb new file mode 100644 index 000000000..2d0ecfeab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/attributes/default.rb @@ -0,0 +1,419 @@ +# +# Cookbook Name:: postgresql +# Attributes:: postgresql +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform'] +when "debian" + + case + when node['platform_version'].to_f < 6.0 # All 5.X + default['postgresql']['version'] = "8.3" + when node['platform_version'].to_f < 7.0 # All 6.X + default['postgresql']['version'] = "8.4" + else + default['postgresql']['version'] = "9.1" + end + + default['postgresql']['dir'] = "/etc/postgresql/#{node['postgresql']['version']}/main" + case + when node['platform_version'].to_f < 6.0 # All 5.X + default['postgresql']['server']['service_name'] = "postgresql-#{node['postgresql']['version']}" + else + default['postgresql']['server']['service_name'] = "postgresql" + end + + default['postgresql']['client']['packages'] = %w{postgresql-client libpq-dev} + default['postgresql']['server']['packages'] = %w{postgresql} + default['postgresql']['contrib']['packages'] = %w{postgresql-contrib} + +when "ubuntu" + + case + when node['platform_version'].to_f <= 9.04 + default['postgresql']['version'] = "8.3" + when node['platform_version'].to_f <= 11.04 + default['postgresql']['version'] = "8.4" + else + default['postgresql']['version'] = "9.1" + end + + default['postgresql']['dir'] = "/etc/postgresql/#{node['postgresql']['version']}/main" + case + when node['platform_version'].to_f <= 10.04 + default['postgresql']['server']['service_name'] = "postgresql-#{node['postgresql']['version']}" + else + default['postgresql']['server']['service_name'] = "postgresql" + end + + default['postgresql']['client']['packages'] = %w{postgresql-client libpq-dev} + default['postgresql']['server']['packages'] = %w{postgresql} + default['postgresql']['contrib']['packages'] = %w{postgresql-contrib} + +when "fedora" + + if node['platform_version'].to_f <= 12 + default['postgresql']['version'] = "8.3" + else + default['postgresql']['version'] = "8.4" + end + + default['postgresql']['dir'] = "/var/lib/pgsql/data" + default['postgresql']['client']['packages'] = %w{postgresql-devel} + default['postgresql']['server']['packages'] = %w{postgresql-server} + default['postgresql']['contrib']['packages'] = %w{postgresql-contrib} + default['postgresql']['server']['service_name'] = "postgresql" + +when "amazon" + + default['postgresql']['version'] = "8.4" + default['postgresql']['dir'] = "/var/lib/pgsql/data" + default['postgresql']['client']['packages'] = %w{postgresql-devel} + default['postgresql']['server']['packages'] = %w{postgresql-server} + default['postgresql']['contrib']['packages'] = %w{postgresql-contrib} + default['postgresql']['server']['service_name'] = "postgresql" + +when "redhat", "centos", "scientific", "oracle" + + default['postgresql']['version'] = "8.4" + default['postgresql']['dir'] = "/var/lib/pgsql/data" + + if node['platform_version'].to_f >= 6.0 + default['postgresql']['client']['packages'] = %w{postgresql-devel} + default['postgresql']['server']['packages'] = %w{postgresql-server} + default['postgresql']['contrib']['packages'] = %w{postgresql-contrib} + else + default['postgresql']['client']['packages'] = ["postgresql#{node['postgresql']['version'].split('.').join}-devel"] + default['postgresql']['server']['packages'] = ["postgresql#{node['postgresql']['version'].split('.').join}-server"] + default['postgresql']['contrib']['packages'] = ["postgresql#{node['postgresql']['version'].split('.').join}-contrib"] + end + default['postgresql']['server']['service_name'] = "postgresql" + +when "suse" + + if node['platform_version'].to_f <= 11.1 + default['postgresql']['version'] = "8.3" + else + default['postgresql']['version'] = "9.0" + end + + default['postgresql']['dir'] = "/var/lib/pgsql/data" + default['postgresql']['client']['packages'] = %w{postgresql-devel} + default['postgresql']['server']['packages'] = %w{postgresql-server} + default['postgresql']['contrib']['packages'] = %w{postgresql-contrib} + default['postgresql']['server']['service_name'] = "postgresql" + +else + default['postgresql']['version'] = "8.4" + default['postgresql']['dir'] = "/etc/postgresql/#{node['postgresql']['version']}/main" + default['postgresql']['client']['packages'] = ["postgresql"] + default['postgresql']['server']['packages'] = ["postgresql"] + default['postgresql']['contrib']['packages'] = ["postgresql"] + default['postgresql']['server']['service_name'] = "postgresql" +end + +# These defaults have disparity between which postgresql configuration +# settings are used because they were extracted from the original +# configuration files that are now removed in favor of dynamic +# generation. +# +# While the configuration ends up being the same as the default +# in previous versions of the cookbook, the content of the rendered +# template will change, and this will result in service notification +# if you upgrade the cookbook on existing systems. +# +# The ssl config attribute is generated in the recipe to avoid awkward +# merge/precedence order during the Chef run. +case node['platform_family'] +when 'debian' + default['postgresql']['config']['data_directory'] = "/var/lib/postgresql/#{node['postgresql']['version']}/main" + default['postgresql']['config']['hba_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_hba.conf" + default['postgresql']['config']['ident_file'] = "/etc/postgresql/#{node['postgresql']['version']}/main/pg_ident.conf" + default['postgresql']['config']['external_pid_file'] = "/var/run/postgresql/#{node['postgresql']['version']}-main.pid" + default['postgresql']['config']['listen_addresses'] = 'localhost' + default['postgresql']['config']['port'] = 5432 + default['postgresql']['config']['max_connections'] = 100 + default['postgresql']['config']['unix_socket_directory'] = '/var/run/postgresql' + default['postgresql']['config']['shared_buffers'] = '24MB' + default['postgresql']['config']['max_fsm_pages'] = 153600 if node['postgresql']['version'].to_f < 8.4 + default['postgresql']['config']['log_line_prefix'] = '%t ' + default['postgresql']['config']['datestyle'] = 'iso, mdy' + default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english' + default['postgresql']['config']['ssl'] = true +when 'rhel', 'fedora', 'suse' + default['postgresql']['config']['listen_addresses'] = 'localhost' + default['postgresql']['config']['max_connections'] = 100 + default['postgresql']['config']['shared_buffers'] = '32MB' + default['postgresql']['config']['logging_collector'] = true + default['postgresql']['config']['log_directory'] = 'pg_log' + default['postgresql']['config']['log_filename'] = 'postgresql-%a.log' + default['postgresql']['config']['log_truncate_on_rotation'] = true + default['postgresql']['config']['log_rotation_age'] = '1d' + default['postgresql']['config']['log_rotation_size'] = 0 + default['postgresql']['config']['datestyle'] = 'iso, mdy' + default['postgresql']['config']['lc_messages'] = 'en_US.UTF-8' + default['postgresql']['config']['lc_monetary'] = 'en_US.UTF-8' + default['postgresql']['config']['lc_numeric'] = 'en_US.UTF-8' + default['postgresql']['config']['lc_time'] = 'en_US.UTF-8' + default['postgresql']['config']['default_text_search_config'] = 'pg_catalog.english' +end + +default['postgresql']['pg_hba'] = [ + {:type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'ident'}, + {:type => 'local', :db => 'all', :user => 'all', :addr => nil, :method => 'ident'}, + {:type => 'host', :db => 'all', :user => 'all', :addr => '127.0.0.1/32', :method => 'md5'}, + {:type => 'host', :db => 'all', :user => 'all', :addr => '::1/128', :method => 'md5'} +] + +default['postgresql']['password'] = Hash.new + +default['postgresql']['enable_pgdg_apt'] = false + +case node['platform_family'] +when 'debian' + default['postgresql']['pgdg']['release_apt_codename'] = node['lsb']['codename'] +end + +default['postgresql']['enable_pgdg_yum'] = false + +# The PostgreSQL RPM Building Project built repository RPMs for easy +# access to the PGDG yum repositories. Links to RPMs for installation +# on the supported version/platform combinations are listed at +# http://yum.postgresql.org/repopackages.php, and the links for +# PostgreSQL 8.4, 9.0, 9.1 and 9.2 (from 2013-01-15) are captured below. +# +# The correct RPM for installing /etc/yum.repos.d is based on: +# * the attribute configuring the desired Postgres Software: +# node['postgresql']['version'] e.g., "9.1" +# * the chef ohai description of the target Operating System: +# node['platform'] e.g., "centos" +# node['platform_version'] e.g., "5.7", truncated as "5" +# node['kernel']['machine'] e.g., "i386" or "x86_64" +default['postgresql']['pgdg']['repo_rpm_url'] = { + "9.2" => { + "centos" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.2/redhat/rhel-6-i386/pgdg-centos92-9.2-6.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-6.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.2/redhat/rhel-5-i386/pgdg-centos92-9.2-6.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/redhat/rhel-5-x86_64/pgdg-centos92-9.2-6.noarch.rpm" + } + }, + "redhat" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.2/redhat/rhel-6-i386/pgdg-redhat92-9.2-7.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-redhat92-9.2-7.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.2/redhat/rhel-5-i386/pgdg-redhat92-9.2-7.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/redhat/rhel-5-x86_64/pgdg-redhat92-9.2-7.noarch.rpm" + } + }, + "scientific" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.2/redhat/rhel-6-i386/pgdg-sl92-9.2-8.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-sl92-9.2-8.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.2/redhat/rhel-5-i386/pgdg-sl92-9.2-8.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/redhat/rhel-5-x86_64/pgdg-sl92-9.2-8.noarch.rpm" + } + }, + "fedora" => { + "17" => { + "x86_64" => "http://yum.postgresql.org/9.2/fedora/fedora-17-x86_64/pgdg-fedora92-9.2-5.noarch.rpm" + }, + "16" => { + "i386" => "http://yum.postgresql.org/9.2/fedora/fedora-16-i386/pgdg-fedora92-9.2-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/fedora/fedora-16-x86_64/pgdg-fedora92-9.2-5.noarch.rpm" + }, + "15" => { + "i386" => "http://yum.postgresql.org/9.2/fedora/fedora-15-i386/pgdg-fedora92-9.2-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.2/fedora/fedora-15-x86_64/pgdg-fedora92-9.2-5.noarch.rpm" + } + } + }, + "9.1" => { + "centos" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-6-i386/pgdg-centos91-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-5-x86_64/pgdg-centos91-9.1-4.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-5-i386/pgdg-centos91-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-5-x86_64/pgdg-centos91-9.1-4.noarch.rpm" + }, + "4" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-4-i386/pgdg-centos91-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-4-x86_64/pgdg-centos91-9.1-4.noarch.rpm" + } + }, + "redhat" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-6-i386/pgdg-redhat91-9.1-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-6-x86_64/pgdg-redhat91-9.1-5.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-5-i386/pgdg-redhat91-9.1-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-5-x86_64/pgdg-redhat91-9.1-5.noarch.rpm" + }, + "4" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-4-i386/pgdg-redhat-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-4-x86_64/pgdg-redhat-9.1-4.noarch.rpm" + } + }, + "scientific" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-6-i386/pgdg-sl91-9.1-6.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-6-x86_64/pgdg-sl91-9.1-6.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.1/redhat/rhel-5-i386/pgdg-sl91-9.1-6.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/redhat/rhel-5-x86_64/pgdg-sl91-9.1-6.noarch.rpm" + } + }, + "fedora" => { + "16" => { + "i386" => "http://yum.postgresql.org/9.1/fedora/fedora-16-i386/pgdg-fedora91-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/fedora/fedora-16-x86_64/pgdg-fedora91-9.1-4.noarch.rpm" + }, + "15" => { + "i386" => "http://yum.postgresql.org/9.1/fedora/fedora-15-i386/pgdg-fedora91-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/fedora/fedora-15-x86_64/pgdg-fedora91-9.1-4.noarch.rpm" + }, + "14" => { + "i386" => "http://yum.postgresql.org/9.1/fedora/fedora-14-i386/pgdg-fedora91-9.1-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.1/fedora/fedora-14-x86_64/pgdg-fedora-9.1-2.noarch.rpm" + } + } + }, + "9.0" => { + "centos" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-6-i386/pgdg-centos90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-6-x86_64/pgdg-centos90-9.0-5.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-5-i386/pgdg-centos90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-5-x86_64/pgdg-centos90-9.0-5.noarch.rpm" + }, + "4" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-4-i386/pgdg-centos90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-4-x86_64/pgdg-centos90-9.0-5.noarch.rpm" + } + }, + "redhat" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-6-i386/pgdg-redhat90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-6-x86_64/pgdg-redhat90-9.0-5.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-5-i386/pgdg-redhat90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-5-x86_64/pgdg-redhat90-9.0-5.noarch.rpm" + }, + "4" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-4-i386/pgdg-redhat90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-4-x86_64/pgdg-redhat90-9.0-5.noarch.rpm" + } + }, + "scientific" => { + "6" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-6-i386/pgdg-sl90-9.0-6.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-6-x86_64/pgdg-sl90-9.0-6.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/9.0/redhat/rhel-5-i386/pgdg-sl90-9.0-6.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/redhat/rhel-5-x86_64/pgdg-sl90-9.0-6.noarch.rpm" + } + }, + "fedora" => { + "15" => { + "i386" => "http://yum.postgresql.org/9.0/fedora/fedora-15-i386/pgdg-fedora90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/fedora/fedora-15-x86_64/pgdg-fedora90-9.0-5.noarch.rpm" + }, + "14" => { + "i386" => "http://yum.postgresql.org/9.0/fedora/fedora-14-i386/pgdg-fedora90-9.0-5.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/9.0/fedora/fedora-14-x86_64/pgdg-fedora90-9.0-5.noarch.rpm" + } + } + }, + "8.4" => { + "centos" => { + "6" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-6-i386/pgdg-centos-8.4-3.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-6-x86_64/pgdg-centos-8.4-3.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-5-i386/pgdg-centos-8.4-3.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-5-x86_64/pgdg-centos-8.4-3.noarch.rpm" + }, + "4" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-4-i386/pgdg-centos-8.4-3.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-4-x86_64/pgdg-centos-8.4-3.noarch.rpm" + } + }, + "redhat" => { + "6" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-6-i386/pgdg-redhat-8.4-3.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-6-x86_64/pgdg-redhat-8.4-3.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-5-i386/pgdg-redhat-8.4-3.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-5-x86_64/pgdg-redhat-8.4-3.noarch.rpm" + }, + "4" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-4-i386/pgdg-redhat-8.4-3.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-4-x86_64/pgdg-redhat-8.4-3.noarch.rpm" + } + }, + "scientific" => { + "6" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-6-i386/pgdg-sl84-8.4-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-6-x86_64/pgdg-sl84-8.4-4.noarch.rpm" + }, + "5" => { + "i386" => "http://yum.postgresql.org/8.4/redhat/rhel-5-i386/pgdg-sl-8.4-4.noarch.rpm", + "x86_64" => "http://yum.postgresql.org/8.4/redhat/rhel-5-x86_64/pgdg-sl-8.4-4.noarch.rpm" + } + }, + "fedora" => { + "14" => { + "i386" => "http://yum.postgresql.org/8.4/fedora/fedora-14-i386/", + "x86_64" => "http://yum.postgresql.org/8.4/fedora/fedora-14-x86_64/" + }, + "13" => { + "i386" => "http://yum.postgresql.org/8.4/fedora/fedora-13-i386/", + "x86_64" => "http://yum.postgresql.org/8.4/fedora/fedora-13-x86_64/" + }, + "12" => { + "i386" => "http://yum.postgresql.org/8.4/fedora/fedora-12-i386/", + "x86_64" => "http://yum.postgresql.org/8.4/fedora/fedora-12-x86_64/" + }, + "8" => { + "i386" => "http://yum.postgresql.org/8.4/fedora/fedora-8-i386/", + "x86_64" => "http://yum.postgresql.org/8.4/fedora/fedora-8-x86_64/" + }, + "7" => { + "i386" => "http://yum.postgresql.org/8.4/fedora/fedora-7-i386/", + "x86_64" => "http://yum.postgresql.org/8.4/fedora/fedora-7-x86_64/" + } + } + }, +}; + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/apt_pgdg_postgresql_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/apt_pgdg_postgresql_test.rb new file mode 100644 index 000000000..eb3084af2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/apt_pgdg_postgresql_test.rb @@ -0,0 +1,39 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'postgresql::apt_pgdg_postgresql' do + include Helpers::Postgresql + + it 'removes the Pitti PPA sources.list' do + skip unless %w{debian}.include?(node['platform_family']) + file("/etc/apt/sources.list.d/pitti-postgresql-ppa").wont_exist + end + it 'creates the PGDG apt sources.list' do + skip unless %w{debian}.include?(node['platform_family']) + file("/etc/apt/sources.list.d/apt.postgresql.org.list").must_exist + end + + it 'installs postgresql-client-9.2' do + package("postgresql-client-9.2").must_be_installed + end + + it 'makes psql version 9.2 available' do + psql = shell_out("psql --version") + assert psql.stdout.include?("psql (PostgreSQL) 9.2") + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..8acbabfea --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/default_test.rb @@ -0,0 +1,27 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'postgresql::default' do + include Helpers::Postgresql + + it 'installs the postgresql client packages' do + node['postgresql']['client']['packages'].each do |pkg| + package(pkg).must_be_installed + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/ruby_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/ruby_test.rb new file mode 100644 index 000000000..3b3649f0d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/ruby_test.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: postgresql_test +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'postgresql::ruby' do + include Helpers::Postgresql + + it 'installs the pg gem in Chefs ruby environment' do + assert Gem::Specification.all_names.grep("pg-.*") + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/server_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/server_test.rb new file mode 100644 index 000000000..bd9fdbc60 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/server_test.rb @@ -0,0 +1,43 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe 'postgresql::server' do + include Helpers::Postgresql + + it 'installs the postgresql server packages' do + node['postgresql']['server']['packages'].each do |pkg| + package(pkg).must_be_installed + end + end + + it 'runs the postgresql service' do + service("postgresql").must_be_running + end + + it 'can connect to postgresql' do + require 'pg' + conn = PG::Connection.new( + :host => 'localhost', + :port => '5432', + :password => node['postgresql']['password']['postgres'], + :user => "postgres" + ) + assert_match(/localhost/, conn.host) + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..fd8fcea4f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: postgresql_test +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Helpers + module Postgresql + require 'chef/mixin/shell_out' + include Chef::Mixin::ShellOut + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/libraries/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/libraries/default.rb new file mode 100644 index 000000000..44bc6a51b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/libraries/default.rb @@ -0,0 +1,352 @@ +# +# Cookbook Name:: postgresql +# Library:: default +# Author:: David Crane () +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Chef::Mixin::ShellOut + +module Opscode + module PostgresqlHelpers + +####### +# Function to truncate value to 4 significant bits, render human readable. +# Used in recipes/config_initdb.rb to set this attribute: +# +# The memory settings (shared_buffers, effective_cache_size, work_mem, +# maintenance_work_mem and wal_buffers) will be rounded down to keep +# the 4 most significant bits, so that SHOW will be likely to use a +# larger divisor. The output is actually a human readable string that +# ends with "GB", "MB" or "kB" if over 1023, exactly what Postgresql +# will expect in a postgresql.conf setting. The output may be up to +# 6.25% less than the original value because of the rounding. +def binaryround(value) + + # Keep a multiplier which grows through powers of 1 + multiplier = 1 + + # Truncate value to 4 most significant bits + while value >= 16 + value = (value / 2).floor + multiplier = multiplier * 2 + end + + # Factor any remaining powers of 2 into the multiplier + while value == 2*((value / 2).floor) + value = (value / 2).floor + multiplier = multiplier * 2 + end + + # Factor enough powers of 2 back into the value to + # leave the multiplier as a power of 1024 that can + # be represented as units of "GB", "MB" or "kB". + if multiplier >= 1024*1024*1024 + while multiplier > 1024*1024*1024 + value = 2*value + multiplier = (multiplier/2).floor + end + multiplier = 1 + units = "GB" + + elsif multiplier >= 1024*1024 + while multiplier > 1024*1024 + value = 2*value + multiplier = (multiplier/2).floor + end + multiplier = 1 + units = "MB" + + elsif multiplier >= 1024 + while multiplier > 1024 + value = 2*value + multiplier = (multiplier/2).floor + end + multiplier = 1 + units = "kB" + + else + units = "" + end + + # Now we can return a nice human readable string. + return "#{multiplier * value}#{units}" +end + +####### +# Locale Configuration + +# Function to test the date order. +# Used in recipes/config_initdb.rb to set this attribute: +# node.default['postgresql']['config']['datestyle'] +def locale_date_order + # Test locale conversion of mon=11, day=22, year=33 + testtime = DateTime.new(2033,11,22,0,0,0,"-00:00") + #=> # + + # %x - Preferred representation for the date alone, no time + res = testtime.strftime("%x") + + if res.nil? + return 'mdy' + end + + posM = res.index("11") + posD = res.index("22") + posY = res.index("33") + + if (posM.nil? || posD.nil? || posY.nil?) + return 'mdy' + elseif (posY < posM && posM < posD) + return 'ymd' + elseif (posD < posM) + return 'dmy' + else + return 'mdy' + end +end + +####### +# Timezone Configuration +require 'find' + +# Function to determine where the system stored shared timezone data. +# Used in recipes/config_initdb.rb to detemine where it should have +# select_default_timezone(tzdir) search. +def pg_TZDIR() + # System time zone conversions are controlled by a timezone data file + # identified through environment variables (TZ and TZDIR) and/or file + # and directory naming conventions specific to the Linux distribution. + # Each of these timezone names will have been loaded into the PostgreSQL + # pg_timezone_names view by the package maintainer. + # + # Instead of using the timezone name configured as the system default, + # the PostgreSQL server uses ones named in postgresql.conf settings + # (timezone and log_timezone). The initdb utility does initialize those + # settings to the timezone name that corresponds to the system default. + # + # The system's timezone name is actually a filename relative to the + # shared zoneinfo directory. That is usually /usr/share/zoneinfo, but + # it was /usr/lib/zoneinfo in older distributions and can be anywhere + # if specified by the environment variable TZDIR. The tzset(3) manpage + # seems to indicate the following precedence: + tzdir = nil + if ::File.directory?("/usr/lib/zoneinfo") + tzdir = "/usr/lib/zoneinfo" + else + share_path = [ ENV['TZDIR'], "/usr/share/zoneinfo" ].compact.first + if ::File.directory?(share_path) + tzdir = share_path + end + end + return tzdir +end + +####### +# Function to support select_default_timezone(tzdir), which is +# used in recipes/config_initdb.rb. +def validate_zone(tzname) + # PostgreSQL does not support leap seconds, so this function tests + # the usual Linux tzname convention to avoid a misconfiguration. + # Assume that the tzdata package maintainer has kept all timezone + # data files with support for leap seconds is kept under the + # so-named "right/" subdir of the shared zoneinfo directory. + # + # The original PostgreSQL initdb is not Unix-specific, so it did a + # very complicated, thorough test in its pg_tz_acceptable() function + # that I could not begin to understand how to do in ruby :). + # + # Testing the tzname is good enough, since a misconfiguration + # will result in an immediate fatal error when the PostgreSQL + # service is started, with pgstartup.log messages such as: + # LOG: time zone "right/US/Eastern" appears to use leap seconds + # DETAIL: PostgreSQL does not support leap seconds. + + if tzname.index("right/") == 0 + return false + else + return true + end +end + +# Function to support select_default_timezone(tzdir), which is +# used in recipes/config_initdb.rb. +def scan_available_timezones(tzdir) + # There should be an /etc/localtime zoneinfo file that is a link to + # (or a copy of) a timezone data file under tzdir, which should have + # been installed under the "share" directory by the tzdata package. + # + # The initdb utility determines which shared timezone file is being + # used as the system's default /etc/localtime. The timezone name is + # the timezone file path relative to the tzdir. + + bestzonename = nil + + if (tzdir.nil?) + Chef::Log.error("The zoneinfo directory not found (looked for /usr/share/zoneinfo and /usr/lib/zoneinfo)") + elsif !::File.exists?("/etc/localtime") + Chef::Log.error("The system zoneinfo file not found (looked for /etc/localtime)") + elsif ::File.directory?("/etc/localtime") + Chef::Log.error("The system zoneinfo file not found (/etc/localtime is a directory instead)") + elsif ::File.symlink?("/etc/localtime") + # PostgreSQL initdb doesn't use the symlink target, but this + # certainly will make sense to any system administrator. A full + # scan of the tzdir to find the shortest filename could result + # "US/Eastern" instead of "America/New_York" as bestzonename, + # in spite of what the sysadmin had specified in the symlink. + # (There are many duplicates under tzdir, with the same timezone + # content appearing as an average of 2-3 different file names.) + path = ::File.readlink("/etc/localtime") + bestzonename = path.gsub("#{tzdir}/","") + else # /etc/localtime is a file, so scan for it under tzdir + localtime_content = File.read("/etc/localtime") + + Find.find(tzdir) do |path| + # Only consider files (skip directories or symlinks) + if !::File.directory?(path) && !::File.symlink?(path) + # Ignore any file named "posixrules" or "localtime" + if ::File.basename(path) != "posixrules" && ::File.basename(path) != "localtime" + # Do consider if content exactly matches /etc/localtime. + if localtime_content == File.read(path) + tzname = path.gsub("#{tzdir}/","") + if validate_zone(tzname) + if (bestzonename.nil? || + tzname.length < bestzonename.length || + (tzname.length == bestzonename.length && + (tzname <=> bestzonename) < 0) + ) + bestzonename = tzname + end + end + end + end + end + end + end + + return bestzonename +end + +# Function to support select_default_timezone(tzdir), which is +# used in recipes/config_initdb.rb. +def identify_system_timezone(tzdir) + resultbuf = scan_available_timezones(tzdir) + + if !resultbuf.nil? + # Ignore Olson's rather silly "Factory" zone; use GMT instead + if (resultbuf <=> "Factory") == 0 + resultbuf = nil + end + + else + # Did not find the timezone. Fallback to use a GMT zone. Note that the + # Olson timezone database names the GMT-offset zones in POSIX style: plus + # is west of Greenwich. + testtime = DateTime.now + std_ofs = testtime.strftime("%:z").split(":")[0].to_i + + resultbuf = [ + "Etc/GMT", + (-std_ofs > 0) ? "+" : "", + (-std_ofs).to_s + ].join('') + end + + return resultbuf +end + +####### +# Function to determine the name of the system's default timezone. +# Used in recipes/config_initdb.rb to set these attributes: +# node.default['postgresql']['config']['log_timezone'] +# node.default['postgresql']['config']['timezone'] +def select_default_timezone(tzdir) + + system_timezone = nil + + # Check TZ environment variable + tzname = ENV['TZ'] + if !tzname.nil? && !tzname.empty? && validate_zone(tzname) + system_timezone = tzname + + else + # Nope, so try to identify system timezone from /etc/localtime + tzname = identify_system_timezone(tzdir) + if validate_zone(tzname) + system_timezone = tzname + end + end + + return system_timezone +end + +####### +# Function to determine the name of the system's default timezone. +def get_result_orig(query) + # query could be a String or an Array of String + if (query.is_a?(String)) + stdin = query + else + stdin = query.join("\n") + end + @get_result ||= begin + cmd = shell_out("cat", :input => stdin) + cmd.stdout + end +end + +####### +# Function to execute an SQL statement in the template1 database. +# Input: Query could be a single String or an Array of String. +# Output: A String with |-separated columns and \n-separated rows. +# Note an empty output could mean psql couldn't connect. +# This is easiest for 1-field (1-row, 1-col) results, otherwise +# it will be complex to parse the results. +def execute_sql(query) + # query could be a String or an Array of String + statement = query.is_a?(String) ? query : query.join("\n") + @execute_sql ||= begin + cmd = shell_out("psql -q --tuples-only --no-align -d template1 -f -", + :user => "postgres", + :input => statement + ) + # If psql fails, generally the postgresql service is down. + # Instead of aborting chef with a fatal error, let's just + # pass these non-zero exitstatus back as empty cmd.stdout. + if (cmd.exitstatus() == 0 and !cmd.stderr.empty?) + # An SQL failure is still a zero exitstatus, but then the + # stderr explains the error, so let's rais that as fatal. + Chef::Log.fatal("psql failed executing this SQL statement:\n#{statement}") + Chef::Log.fatal(cmd.stderr) + raise "SQL ERROR" + end + cmd.stdout.chomp + end +end + +####### +# Function to determine if a standard contrib extension is already installed. +# Input: Extension name +# Output: true or false +# Best use as a not_if gate on bash "install-#{pg_ext}-extension" resource. +def extension_installed?(pg_ext) + @extension_installed ||= begin + installed=execute_sql("select 'installed' from pg_extension where extname = '#{pg_ext}';") + installed =~ /^installed$/ + end +end + +# End the Opscode::PostgresqlHelpers module + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.json new file mode 100644 index 000000000..71c04f088 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.json @@ -0,0 +1,47 @@ +{ + "name": "postgresql", + "description": "Installs and configures postgresql for clients or servers", + "long_description": "Description\n===========\n\nInstalls and configures PostgreSQL as a client or a server.\n\nRequirements\n============\n\n## Platforms\n\n* Debian, Ubuntu\n* Red Hat/CentOS/Scientific (6.0+ required) - \"EL6-family\"\n* Fedora\n* SUSE\n\nTested on:\n\n* Ubuntu 10.04, 11.10, 12.04\n* Red Hat 6.1, Scientific 6.1, CentOS 6.3\n\n## Cookbooks\n\nRequires Opscode's `openssl` cookbook for secure password generation.\n\nRequires a C compiler and development headers in order to build the\n`pg` RubyGem to provide Ruby bindings in the `ruby` recipe.\n\nOpscode's `build-essential` cookbook provides this functionality on\nDebian, Ubuntu, and EL6-family.\n\nWhile not required, Opscode's `database` cookbook contains resources\nand providers that can interact with a PostgreSQL database. This\ncookbook is a dependency of database.\n\nAttributes\n==========\n\nThe following attributes are set based on the platform, see the\n`attributes/default.rb` file for default values.\n\n* `node['postgresql']['version']` - version of postgresql to manage\n* `node['postgresql']['dir']` - home directory of where postgresql\n data and configuration lives.\n\n* `node['postgresql']['client']['packages']` - An array of package names\n that should be installed on \"client\" systems.\n* `node['postgresql']['server']['packages']` - An array of package names\n that should be installed on \"server\" systems.\n* `node['postgresql']['contrib']['packages']` - An array of package names\n that could be installed on \"server\" systems for useful sysadmin tools.\n\n* `node['postgresql']['enable_pgdg_apt']` - Whether to enable the apt repo\n by the PostgreSQL Global Development Group, which contains newer versions\n of PostgreSQL.\n\n* `node['postgresql']['enable_pgdg_yum']` - Whether to enable the yum repo\n by the PostgreSQL Global Development Group, which contains newer versions\n of PostgreSQL.\n\nThe following attributes are generated in\n`recipe[postgresql::server]`.\n\n* `node['postgresql']['password']['postgres']` - randomly generated\n password by the `openssl` cookbook's library.\n (TODO: This is broken, as it disables the password.)\n\nConfiguration\n-------------\n\nThe `postgresql.conf` and `pg_hba.conf` files are dynamically\ngenerated from attributes. Each key in `node['postgresql']['config']`\nis a postgresql configuration directive, and will be rendered in the\nconfig file. For example, the attribute:\n\n node['postgresql']['config']['listen_address'] = 'localhost'\n\nWill result in the following line in the `postgresql.conf` file:\n\n listen_address = 'localhost'\n\nThe attributes file contains default values for Debian and RHEL\nplatform families (per the `node['platform_family']`). These defaults\nhave disparity between the platforms because they were originally\nextracted from the postgresql.conf files in the previous version of\nthis cookbook, which differed in their default config. The resulting\nconfiguration files will be the same as before, but the content will\nbe dynamically rendered from the attributes. The helpful commentary\nwill no longer be present. You should consult the PostgreSQL\ndocumentation for specific configuration details.\n\nSee __Recipes__ `config_initdb` and `config_pgtune` below to\nauto-generate many postgresql.conf settings.\n\nFor values that are \"on\" or \"off\", they should be specified as literal\n`true` or `false`. String values will be used with single quotes. Any\nconfiguration option set to the literal `nil` will be skipped\nentirely. All other values (e.g., numeric literals) will be used as\nis. So for example:\n\n node.default['postgresql']['config']['logging_collector'] = true\n node.default['postgresql']['config']['datestyle'] = 'iso, mdy'\n node.default['postgresql']['config']['ident_file'] = nil\n node.default['postgresql']['config']['port] = 5432\n\nWill result in the following config lines:\n\n logging_collector = 'on'\n datestyle = 'iso,mdy'\n port = 5432\n\n(no line printed for `ident_file` as it is `nil`)\n\nThe `pg_hba.conf` file is dynamically generated from the\n`node['postgresql']['pg_hba']` attribute. This attribute must be an\narray of hashes, each hash containing the authorization data. As it is\nan array, you can append to it in your own recipes. The hash keys in\nthe array must be symbols. Each hash will be written as a line in\n`pg_hba.conf`. For example, this entry from\n`node['postgresql']['pg_hba']`:\n\n {:comment => '# Optional comment',\n :type => 'local', :db => 'all', :user => 'postgres', :addr => nil, :method => 'md5'}\n\nWill result in the following line in `pg_hba.conf`:\n\n # Optional comment\n local all postgres md5\n\nUse `nil` if the CIDR-ADDRESS should be empty (as above).\nDon't provide a comment if none is desired in the `pg_hba.conf` file.\n\nNote that the following authorization rule is supplied automatically by\nthe cookbook template. The cookbook needs this to execute SQL in the\nPostgreSQL server without supplying the clear-text password (which isn't\nknown by the cookbook). Therefore, your `node['postgresql']['pg_hba']`\nattributes don't need to specify this authorization rule:\n\n # \"local\" is for Unix domain socket connections only\n local all all ident\n\n(By the way, the template uses `peer` instead of `ident` for PostgreSQL-9.1\nand above, which has the same effect.)\n\nRecipes\n=======\n\ndefault\n-------\n\nIncludes the client recipe.\n\nclient\n------\n\nInstalls the packages defined in the\n`node['postgresql']['client']['packages']` attribute.\n\nruby\n----\n\n**NOTE** This recipe may not currently work when installing Chef with\n the\n [\"Omnibus\" full stack installer](http://opscode.com/chef/install) on\n some platforms due to an incompatibility with OpenSSL. See\n [COOK-1406](http://tickets.opscode.com/browse/COOK-1406). You can\n build from source into the Chef omnibus installation to work around\n this issue.\n\nInstall the `pg` gem under Chef's Ruby environment so it can be used\nin other recipes. The build-essential packages and postgresql client\npackages will be installed during the compile phase, so that the\nnative extensions of `pg` can be compiled.\n\nserver\n------\n\nIncludes the `server_debian` or `server_redhat` recipe to get the\nappropriate server packages installed and service managed. Also\nmanages the configuration for the server:\n\n* generates a strong default password (via `openssl`) for `postgres`\n (TODO: This is broken, as it disables the password.)\n* sets the password for postgres\n* manages the `postgresql.conf` file.\n* manages the `pg_hba.conf` file.\n\nserver\\_debian\n--------------\n\nInstalls the postgresql server packages and sets up the service. You\nshould include the `postgresql::server` recipe, which will include\nthis on Debian platforms.\n\nserver\\_redhat\n--------------\n\nManages the postgres user and group (with UID/GID 26, per RHEL package\nconventions), installs the postgresql server packages, initializes the\ndatabase, and manages the postgresql service. You should include the\n`postgresql::server` recipe, which will include this on RHEL/Fedora\nplatforms.\n\nconfig\\_initdb\n--------------\n\nTakes locale and timezone settings from the system configuration.\nThis recipe creates `node.default['postgresql']['config']` attributes\nthat conform to the system's locale and timezone. In addition, this\nrecipe creates the same error reporting and logging settings that\n`initdb` provided: a rotation of 7 days of log files named\npostgresql-Mon.log, etc.\n\nThe default attributes created by this recipe are easy to override with\nnormal attributes because of Chef attribute precedence. For example,\nsuppose a DBA wanted to keep log files indefinitely, rolling over daily\nor when growing to 10MB. The Chef installation could include the\n`postgresql::config_initdb` recipe for the locale and timezone settings,\nbut customize the logging settings with these node JSON attributes:\n\n \"postgresql\": {\n \"config\": {\n \"log_rotation_age\": \"1d\",\n \"log_rotation_size\": \"10MB\",\n \"log_filename\": \"postgresql-%Y-%m-%d_%H%M%S.log\"\n }\n }\n\nCredits: This `postgresql::config_initdb` recipe is based on algorithms\nin the [source code](http://doxygen.postgresql.org/initdb_8c_source.html)\nfor the PostgreSQL `initdb` utility.\n\nconfig\\_pgtune\n--------------\n\nPerformance tuning.\nTakes the wimpy default postgresql.conf and expands the database server\nto be as powerful as the hardware it's being deployed on. This recipe\ncreates a baseline configuration of `node.default['postgresql']['config']`\nattributes in the right general range for a dedicated Postgresql system.\nMost installations won't need additional performance tuning.\n\nThe only decision you need to make is to choose a `db_type` from the\nfollowing database workloads. (See the recipe code comments for more\ndetailed descriptions.)\n\n * \"dw\" -- Data Warehouse\n * \"oltp\" -- Online Transaction Processing\n * \"web\" -- Web Application\n * \"mixed\" -- Mixed DW and OLTP characteristics\n * \"desktop\" -- Not a dedicated database\n\nThis recipe uses a performance model with three input parameters.\nThese node attributes are completely optional, but it is obviously\nimportant to choose the `db_type` correctly:\n\n * `node['postgresql']['config_pgtune']['db_type']` --\n Specifies database type from the list of five choices above.\n If not specified, the default is \"mixed\".\n\n * `node['postgresql']['config_pgtune']['max_connections']` --\n Specifies maximum number of connections expected.\n If not specified, it depends on database type:\n \"web\":200, \"oltp\":300, \"dw\":20, \"mixed\":80, \"desktop\":5\n\n * `node['postgresql']['config_pgtune']['total_memory']` --\n Specifies total system memory in kB. (E.g., \"49416564kB\".)\n If not specified, it will be taken from Ohai automatic attributes.\n This could be used to tune a system that isn't a dedicated database.\n\nThe default attributes created by this recipe are easy to override with\nnormal attributes because of Chef attribute precedence. For example, if\nyou are running application benchmarks to try different buffer cache\nsizes, you would experiment with this node JSON attribute:\n\n \"postgresql\": {\n \"config\": {\n \"shared_buffers\": \"3GB\"\n }\n }\n\nNote that the recipe uses `max_connections` in its computations. If\nyou want to override that setting, you should specify\n`node['postgresql']['config_pgtune']['max_connections']` instead of\n`node['postgresql']['config']['max_connections']`.\n\nCredits: This `postgresql::config_pgtune` recipe is based on the\n[pgtune python script](https://github.com/gregs1104/pgtune)\ndeveloped by\n[Greg Smith](http://notemagnet.blogspot.com/2008/11/automating-initial-postgresqlconf.html)\nand\n[other pgsql-hackers](http://www.postgresql.org/message-id/491C6CDC.8090506@agliodbs.com).\n\ncontrib\n-------\n\nInstalls the packages defined in the\n`node['postgresql']['contrib']['packages']` attribute. The contrib\ndirectory of the PostgreSQL distribution includes porting tools,\nanalysis utilities, and plug-in features that database engineers often\nrequire. Some (like `pgbench`) are executable. Others (like\n`pg_buffercache`) would need to be installed into the database.\n\nAlso installs any contrib module extensions defined in the \n`node['postgresql']['contrib']['extensions']` attribute. These will be\navailable in any subsequently created databases in the cluster, because\nthey will be installed into the `template1` database using the\n`CREATE EXTENSION` command. For example, it is often necessary/helpful\nfor problem troubleshooting and maintenance planning to install the\nviews and functions in these [standard instrumentation extensions]\n(http://www.postgresql.org/message-id/flat/4DC32600.6080900@pgexperts.com#4DD3D6C6.5060006@2ndquadrant.com):\n\n node['postgresql']['contrib']['extensions'] = [\n \"pageinspect\",\n \"pg_buffercache\",\n \"pg_freespacemap\",\n \"pgrowlocks\",\n \"pg_stat_statements\",\n \"pgstattuple\"\n ]\n\nNote that the `pg_stat_statements` view only works if `postgresql.conf`\nloads its shared library, which can be done with this node attribute:\n\n node['postgresql']['config']['shared_preload_libraries'] = 'pg_stat_statements'\n\napt\\_pgdg\\_postgresql\n----------------------\n\nEnables the PostgreSQL Global Development Group yum repository\nmaintained by Devrim Gündüz for updated PostgreSQL packages.\n(The PGDG is the groups that develops PostgreSQL.)\nAutomatically included if the `node['postgresql']['enable_pgdg_apt']`\nattribute is true. Also set the\n`node['postgresql']['client']['packages']` and\n`node['postgresql']['server]['packages']` to the list of packages to\nuse from this repository, and set the `node['postgresql']['version']`\nattribute to the version to use (e.g., \"9.2\").\n\nyum\\_pgdg\\_postgresql\n---------------------\n\nEnables the PostgreSQL Global Development Group yum repository\nmaintained by Devrim Gündüz for updated PostgreSQL packages.\n(The PGDG is the groups that develops PostgreSQL.)\nAutomatically included if the `node['postgresql']['enable_pgdg_yum']`\nattribute is true. Also use `override_attributes` to set a number of\nvalues that will need to have embedded version numbers. For example:\n\n node['postgresql']['enable_pgdg_yum'] = true\n node['postgresql']['version'] = \"9.2\"\n node['postgresql']['dir'] = \"/var/lib/pgsql/9.2/data\"\n node['postgresql']['client']['packages'] = [\"postgresql92\"]\n node['postgresql']['server']['packages'] = [\"postgresql92-server\"]\n node['postgresql']['server']['service_name'] = \"postgresql-9.2\"\n node['postgresql']['contrib']['packages'] = [\"postgresql92-contrib\"]\n\nYou may set `node['postgresql']['pgdg']['repo_rpm_url']` attributes\nto pick up recent [PGDG repo packages](http://yum.postgresql.org/repopackages.php).\n\nResources/Providers\n===================\n\nSee the [database](http://community.opscode.com/cookbooks/database)\nfor resources and providers that can be used for managing PostgreSQL\nusers and databases.\n\nUsage\n=====\n\nOn systems that need to connect to a PostgreSQL database, add to a run\nlist `recipe[postgresql]` or `recipe[postgresql::client]`.\n\nOn systems that should be PostgreSQL servers, use\n`recipe[postgresql::server]` on a run list. This recipe does set a\npassword for the `postgres` user.\nIf you're using `chef server`, if the attribute\n`node['postgresql']['password']['postgres']` is not found,\nthe recipe generates a random password and performs a node.save.\n(TODO: This is broken, as it disables the password.)\nIf you're using `chef-solo`, you'll need\nto set the attribute `node['postgresql']['password']['postgres']` in\nyour node's `json_attribs` file or in a role.\n\nOn Debian family systems, SSL will be enabled, as the packages on\nDebian/Ubuntu also generate the SSL certificates. If you use another\nplatform and wish to use SSL in postgresql, then generate your SSL\ncertificates and distribute them in your own cookbook, and set the\n`node['postgresql']['config']['ssl']` attribute to true in your\nrole/cookboook/node.\n\nChef Solo Note\n==============\n\nThe following node attribute is stored on the Chef Server when using\n`chef-client`. Because `chef-solo` does not connect to a server or\nsave the node object at all, to have the password persist across\n`chef-solo` runs, you must specify them in the `json_attribs` file\nused. For Example:\n\n {\n \"postgresql\": {\n \"password\": {\n \"postgres\": \"iloverandompasswordsbutthiswilldo\"\n }\n },\n \"run_list\": [\"recipe[postgresql::server]\"]\n }\n\nThat should actually be the \"encrypted password\" instead of cleartext,\nso you should generate it as an md5 hash using the PostgreSQL algorithm.\n\n* You could copy the md5-hashed password from an existing postgres\ndatabase if you have `postgres` access and want to use the same password:
\n`select * from pg_shadow where usename='postgres';`\n* You can run this from any postgres database session to use a new password:
\n`select 'md5'||md5('iloverandompasswordsbutthiswilldo'||'postgres');`\n* You can run this from a linux commandline:
\n`echo -n 'iloverandompasswordsbutthiswilldo''postgres' | openssl md5 | sed -e 's/.* /md5/'`\n\nLicense and Author\n==================\n\n- Author:: Joshua Timberman ()\n- Author:: Lamont Granquist ()\n- Author:: Chris Roberts ()\n- Author:: David Crane ()\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0", + "fedora": ">= 0.0.0", + "suse": ">= 0.0.0", + "amazon": ">= 0.0.0", + "redhat": ">= 6.0", + "centos": ">= 6.0", + "scientific": ">= 6.0", + "oracle": ">= 6.0" + }, + "dependencies": { + "apt": ">= 0.0.0", + "build-essential": ">= 0.0.0", + "openssl": ">= 0.0.0" + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "postgresql": "Includes postgresql::client", + "postgresql::ruby": "Installs pg gem for Ruby bindings", + "postgresql::client": "Installs postgresql client package(s)", + "postgresql::server": "Installs postgresql server packages, templates", + "postgresql::server_redhat": "Installs postgresql server packages, redhat family style", + "postgresql::server_debian": "Installs postgresql server packages, debian family style" + }, + "version": "3.0.0" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.rb new file mode 100644 index 000000000..49c61b707 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/metadata.rb @@ -0,0 +1,25 @@ +name "postgresql" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures postgresql for clients or servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "3.0.0" +recipe "postgresql", "Includes postgresql::client" +recipe "postgresql::ruby", "Installs pg gem for Ruby bindings" +recipe "postgresql::client", "Installs postgresql client package(s)" +recipe "postgresql::server", "Installs postgresql server packages, templates" +recipe "postgresql::server_redhat", "Installs postgresql server packages, redhat family style" +recipe "postgresql::server_debian", "Installs postgresql server packages, debian family style" + +%w{ubuntu debian fedora suse amazon}.each do |os| + supports os +end + +%w{redhat centos scientific oracle}.each do |el| + supports el, ">= 6.0" +end + +depends "apt" +depends "build-essential" +depends "openssl" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb new file mode 100644 index 000000000..cf91cefbd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/apt_pgdg_postgresql.rb @@ -0,0 +1,18 @@ +if not %w(etch lenny lucid precise sid squeeze wheezy).include? node['postgresql']['pgdg']['release_apt_codename'] + raise "Not supported release by PGDG apt repository" +end + +include_recipe 'apt' + +file "remove deprecated Pitti PPA apt repository" do + action :delete + path "/etc/apt/sources.list.d/pitti-postgresql-ppa" +end + +apt_repository 'apt.postgresql.org' do + uri 'http://apt.postgresql.org/pub/repos/apt' + distribution "#{node['postgresql']['pgdg']['release_apt_codename']}-pgdg" + components %w(main) + key 'http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc' + action :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/client.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/client.rb new file mode 100644 index 000000000..e659083fb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/client.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: postgresql +# Recipe:: client +# +# Author:: Joshua Timberman () +# Author:: Lamont Granquist () +# Copyright 2009-2011 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if(node['postgresql']['enable_pgdg_apt']) + include_recipe 'postgresql::apt_pgdg_postgresql' +end + +if(node['postgresql']['enable_pgdg_yum']) + include_recipe 'postgresql::yum_pgdg_postgresql' +end + +node['postgresql']['client']['packages'].each do |pg_pack| + + package pg_pack + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_initdb.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_initdb.rb new file mode 100644 index 000000000..97ce587eb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_initdb.rb @@ -0,0 +1,148 @@ +# +# Cookbook Name:: postgresql +# Recipe:: config_initdb +# Author:: David Crane () +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +####### +# Load the locale_date_order() and select_default_timezone(tzdir) +# methods from libraries/default.rb +::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers) + +####### +# This recipe is derived from the setup_config() source code in the +# PostgreSQL initdb utility. It determines postgresql.conf settings that +# conform to the system's locale and timezone configuration, and also +# sets the error reporting and logging settings. +# +# See http://doxygen.postgresql.org/initdb_8c_source.html for the +# original initdb source code. +# +# By examining the system configuration, this recipe will set the +# following node.default['postgresql']['config'] attributes: +# +# - Locale and Formatting - +# * datestyle +# * lc_messages +# * lc_monetary +# * lc_numeric +# * lc_time +# * default_text_search_config +# +# - Timezone Conversion - +# * log_timezone +# * timezone +# +# In addition, this recipe will recommend the same error reporting and +# logging settings that initdb provided. These settings do differ from +# the PostgreSQL default settings, which would log to stderr only. The +# initdb settings rotate 7 days of log files named postgresql-Mon.log, +# etc. through these node.default['postgresql']['config'] attributes: +# +# - Where to Log - +# * log_destination = 'stderr' +# * log_directory = 'pg_log' +# * log_filename = 'postgresql-%a.log' +# (Default was: postgresql-%Y-%m-%d_%H%M%S.log) +# * logging_collector = true # on +# (Turned on to capture stderr logging and redirect into log files) +# (Default was: false # off) +# * log_rotation_age = 1d +# * log_rotation_size = 0 +# (Default was: 10MB) +# * log_truncate_on_rotation = true # on +# (Default was: false # off) + +####### +# Locale Configuration + +# See libraries/default.rb for the locale_date_order() method. +node.default['postgresql']['config']['datestyle'] = "iso, #{locale_date_order()}" + +# According to the locale(1) manpage, the locale settings are determined +# by environment variables according to the following precedence: +# LC_ALL > (LC_MESSAGES, LC_MONETARY, LC_NUMERIC, LC_TIME) > LANG. + +node.default['postgresql']['config']['lc_messages'] = + [ ENV['LC_ALL'], ENV['LC_MESSAGES'], ENV['LANG'] ].compact.first + +node.default['postgresql']['config']['lc_monetary'] = + [ ENV['LC_ALL'], ENV['LC_MONETARY'], ENV['LANG'] ].compact.first + +node.default['postgresql']['config']['lc_numeric'] = + [ ENV['LC_ALL'], ENV['LC_NUMERIC'], ENV['LANG'] ].compact.first + +node.default['postgresql']['config']['lc_time'] = + [ ENV['LC_ALL'], ENV['LC_TIME'], ENV['LANG'] ].compact.first + +node.default['postgresql']['config']['default_text_search_config'] = + case ENV['LANG'] + when /da_.*/ + 'pg_catalog.danish' + when /nl_.*/ + 'pg_catalog.dutch' + when /en_.*/ + 'pg_catalog.english' + when /fi_.*/ + 'pg_catalog.finnish' + when /fr_.*/ + 'pg_catalog.french' + when /de_.*/ + 'pg_catalog.german' + when /hu_.*/ + 'pg_catalog.hungarian' + when /it_.*/ + 'pg_catalog.italian' + when /no_.*/ + 'pg_catalog.norwegian' + when /pt_.*/ + 'pg_catalog.portuguese' + when /ro_.*/ + 'pg_catalog.romanian' + when /ru_.*/ + 'pg_catalog.russian' + when /es_.*/ + 'pg_catalog.spanish' + when /sv_.*/ + 'pg_catalog.swedish' + when /tr_.*/ + 'pg_catalog.turkish' + else + nil + end + +####### +# Timezone Configuration + +# Determine the name of the system's default timezone and specify node +# defaults for the postgresql.cof settings. If the timezone cannot be +# identified, do as initdb would do: leave it unspecified so PostgreSQL +# uses it's internal default of GMT. +tzdirpath = pg_TZDIR() # See libraries/default.rb +default_timezone = select_default_timezone(tzdirpath) # See libraries/default.rb +if !default_timezone.nil? + node.default['postgresql']['config']['log_timezone'] = default_timezone + node.default['postgresql']['config']['timezone'] = default_timezone +end + +####### +# - Where to Log - +node.default['postgresql']['config']['log_destination'] = 'stderr' +node.default['postgresql']['config']['log_directory'] = 'pg_log' +node.default['postgresql']['config']['log_filename'] = 'postgresql-%a.log' +node.default['postgresql']['config']['logging_collector'] = true # on +node.default['postgresql']['config']['log_rotation_age'] = '1d' +node.default['postgresql']['config']['log_rotation_size'] = 0 +node.default['postgresql']['config']['log_truncate_on_rotation'] = true # on diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_pgtune.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_pgtune.rb new file mode 100644 index 000000000..fdf6d871b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/config_pgtune.rb @@ -0,0 +1,280 @@ +# +# Cookbook Name:: postgresql +# Recipe:: config_pgtune +# Author:: David Crane () +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +####### +# Load the binaryround(value) method from libraries/default.rb +::Chef::Recipe.send(:include, Opscode::PostgresqlHelpers) + +####### +# This recipe is based on Greg Smith's pgtune script (the Feb 1, 2012 +# version at https://github.com/gregs1104/pgtune). Introduction: pgtune +# takes the wimpy default postgresql.conf and expands the database +# server to be as powerful as the hardware it's being deployed on. +# +# The default postgresql.conf aims at a system with approximately 128MB +# of RAM. This recipe recommends a baseline configuration in the right +# general range for a dedicated Postgresql system. +# +# This recipe takes three optional parameters that may be passed in as +# node['postgresql']['config_pgtune'] attributes: +# * db_type -- Specifies database type as one of: dw, oltp, +# web, mixed, desktop. If not specified, the default is mixed. +# * max_connections -- Specifies number of maximum connections +# expected. If not specified, it depends on database type. +# * total_memory -- Specifies total system memory. If not specified, +# it will be detected from the Ohai automatic attributes. +# +# Using those inputs, this recipe will compute and set the following +# node.default['postgresql']['config'] attributes: +# * max_connections +# * shared_buffers +# * effective_cache_size +# * work_mem +# * maintenance_work_mem +# * checkpoint_segments +# * checkpoint_completion_target +# * wal_buffers +# * default_statistics_target +# +# This recipe deviates from the original pgtune script for 2 settings: +# shared_buffers is capped for large memory systems (which Greg +# mentioned in a TODO.rst) and wal_buffers will auto-tune starting with +# 9.1 (which is a feature that Greg built into Postgresql). + +####### +# These are the workload characteristics of the five database types +# that can be specified as node['postgresql']['config_pgtune']['db_type']: +# +# dw -- Data Warehouse +# * Typically I/O- or RAM-bound +# * Large bulk loads of data +# * Large complex reporting queries +# * Also called "Decision Support" or "Business Intelligence" +# +# oltp -- Online Transaction Processing +# * Typically CPU- or I/O-bound +# * DB slightly larger than RAM to 1TB +# * 20-40% small data write queries +# * Some long transactions and complex read queries +# +# web -- Web Application +# * Typically CPU-bound +# * DB much smaller than RAM +# * 90% or more simple queries +# +# mixed -- Mixed DW and OLTP characteristics +# * A wide mixture of queries +# +# desktop -- Not a dedicated database +# * A general workstation, perhaps for a developer + +# Parse out db_type option, or use default. +db_type = 'mixed' + +if (node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('db_type')) + db_type = node['postgresql']['config_pgtune']['db_type'] + if (!(["dw","oltp","web","mixed","desktop"].include?(db_type))) + Chef::Application.fatal!([ + "Bad value (#{db_type})", + "for node['postgresql']['config_pgtune']['db_type'] attribute.", + "Valid values are one of dw, oltp, web, mixed, desktop." + ].join(' ')) + end +end + +# Parse out max_connections option, or use a value based on db_type. +con = +{ "web" => 200, + "oltp" => 300, + "dw" => 20, + "mixed" => 80, + "desktop" => 5 +}.fetch(db_type) + +if (node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('max_connections')) + max_connections = node['postgresql']['config_pgtune']['max_connections'] + if (max_connections.match(/\A[1-9]\d*\Z/) == nil) + Chef::Application.fatal!([ + "Bad value (#{max_connections})", + "for node['postgresql']['config_pgtune']['max_connections'] attribute.", + "Valid values are non-zero integers only." + ].join(' ')) + end + con = max_connections.to_i +end + +# Parse out total_memory option, or use value detected by Ohai. +total_memory = node['memory']['total'] + +# Override max_connections with a node attribute if DevOps desires. +# For example, on a system *not* dedicated to Postgresql. +if (node['postgresql'].attribute?('config_pgtune') && node['postgresql']['config_pgtune'].attribute?('total_memory')) + total_memory = node['postgresql']['config_pgtune']['total_memory'] + if (total_memory.match(/\A[1-9]\d*kB\Z/) == nil) + Chef::Application.fatal!([ + "Bad value (#{total_memory})", + "for node['postgresql']['config_pgtune']['total_memory'] attribute.", + "Valid values are non-zero integers followed by kB (e.g., 49416564kB)." + ].join(' ')) + end +end + +# Ohai reports node[:memory][:total] in kB, as in "921756kB" +mem = total_memory.split("kB")[0].to_i / 1024 # in MB + +####### +# RAM-related settings computed as in Greg Smith's pgtune script. +# Remember that con and mem were either chosen above based on the +# db_type or the actual total memory, or were passed in attributes. + +# (1) max_connections +# Sets the maximum number of concurrent connections. +node.default['postgresql']['config']['max_connections'] = con + +# The calculations for the next four settings would not be optimal +# for low memory systems. In that case, the calculation is skipped, +# leaving the built-in Postgresql settings, which are actually +# intended for those low memory systems. +if (mem >= 256) + + # (2) shared_buffers + # Sets the number of shared memory buffers used by the server. + shared_buffers = + { "web" => mem/4, + "oltp" => mem/4, + "dw" => mem/4, + "mixed" => mem/4, + "desktop" => mem/16 + }.fetch(db_type) + + # Robert Haas has advised to cap the size of shared_buffers based on + # the memory architecture: 2GB on 32-bit and 8GB on 64-bit machines. + # http://rhaas.blogspot.com/2012/03/tuning-sharedbuffers-and-walbuffers.html + case node['kernel']['machine'] + when "i386" # 32-bit machines + if shared_buffers > 2*1024 + shared_buffers = 2*1024 + end + when "x86_64" # 64-bit machines + if shared_buffers > 8*1024 + shared_buffers = 8*1024 + end + end + + node.default['postgresql']['config']['shared_buffers'] = binaryround(shared_buffers*1024*1024) + + # (3) effective_cache_size + # Sets the planner's assumption about the size of the disk cache. + # That is, the portion of the kernel's disk cache that will be + # used for PostgreSQL data files. + effective_cache_size = + { "web" => mem * 3 / 4, + "oltp" => mem * 3 / 4, + "dw" => mem * 3 / 4, + "mixed" => mem * 3 / 4, + "desktop" => mem / 4 + }.fetch(db_type) + + node.default['postgresql']['config']['effective_cache_size'] = binaryround(effective_cache_size*1024*1024) + + # (4) work_mem + # Sets the maximum memory to be used for query workspaces. + work_mem = + { "web" => mem / con, + "oltp" => mem / con, + "dw" => mem / con / 2, + "mixed" => mem / con / 2, + "desktop" => mem / con / 6 + }.fetch(db_type) + + node.default['postgresql']['config']['work_mem'] = binaryround(work_mem*1024*1024) + + # (5) maintenance_work_mem + # Sets the maximum memory to be used for maintenance operations. + # This includes operations such as VACUUM and CREATE INDEX. + maintenance_work_mem = + { "web" => mem / 16, + "oltp" => mem / 16, + "dw" => mem / 8, + "mixed" => mem / 16, + "desktop" => mem / 16 + }.fetch(db_type) + + # Cap maintenence RAM at 1GB on servers with lots of memory + if (maintenance_work_mem > 1*1024) + maintenance_work_mem = 1*1024 + end + + node.default['postgresql']['config']['maintenance_work_mem'] = binaryround(maintenance_work_mem*1024*1024) + +end + +####### +# Checkpoint-related parameters that affect transaction rate and +# maximum tolerable recovery playback time. + +# (6) checkpoint_segments +# Sets the maximum distance in log segments between automatic WAL checkpoints. +checkpoint_segments = +{ "web" => 8, + "oltp" => 16, + "dw" => 64, + "mixed" => 16, + "desktop" => 3 +}.fetch(db_type) + +node.default['postgresql']['config']['checkpoint_segments'] = checkpoint_segments + +# (7) checkpoint_completion_target +# Time spent flushing dirty buffers during checkpoint, as fraction +# of checkpoint interval. +checkpoint_completion_target = +{ "web" => "0.7", + "oltp" => "0.9", + "dw" => "0.9", + "mixed" => "0.9", + "desktop" => "0.5" +}.fetch(db_type) + +node.default['postgresql']['config']['checkpoint_completion_target'] = checkpoint_completion_target + +# (8) wal_buffers +# Sets the number of disk-page buffers in shared memory for WAL. +# Starting with 9.1, wal_buffers will auto-tune if set to the -1 default. +# For 8.X and 9.0, it needed to be specified, which pgtune did as follows. +if node['postgresql']['version'].to_f < 9.1 + wal_buffers = 512 * checkpoint_segments + # The pgtune seems to use 1kB units for wal_buffers + node.default['postgresql']['config']['wal_buffers'] = binaryround(wal_buffers*1024) +else + node.default['postgresql']['config']['wal_buffers'] = "-1" +end + +# (9) default_statistics_target +# Sets the default statistics target. This applies to table columns +# that have not had a column-specific target set via +# ALTER TABLE SET STATISTICS. +default_statistics_target = +{ "web" => 100, + "oltp" => 100, + "dw" => 500, + "mixed" => 100, + "desktop" => 100 +}.fetch(db_type) + +node.default['postgresql']['config']['default_statistics_target'] = default_statistics_target diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/contrib.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/contrib.rb new file mode 100644 index 000000000..5c43bea05 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/contrib.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: postgresql +# Recipe:: contrib +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::server" + +# Install the PostgreSQL contrib package(s) from the distribution, +# as specified by the node attributes. +node['postgresql']['contrib']['packages'].each do |pg_pack| + + package pg_pack + +end + +# Install PostgreSQL contrib extentions into the template1 database, +# as specified by the node attributes. +if (node['postgresql']['contrib'].attribute?('extensions')) + node['postgresql']['contrib']['extensions'].each do |pg_ext| + bash "install-#{pg_ext}-extension" do + user 'postgres' + code <<-EOH + echo 'CREATE EXTENSION IF NOT EXISTS "#{pg_ext}";' | psql -d template1 + EOH + action :run + ::Chef::Resource.send(:include, Opscode::PostgresqlHelpers) + not_if {extension_installed?(pg_ext)} + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/default.rb new file mode 100644 index 000000000..785b168a1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: postgresql +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::client" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/ruby.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/ruby.rb new file mode 100644 index 000000000..93de5b038 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/ruby.rb @@ -0,0 +1,101 @@ +# +# Cookbook Name:: postgresql +# Recipe:: ruby +# +# Author:: Joshua Timberman () +# Copyright 2012 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +begin + require 'pg' +rescue LoadError + execute "apt-get update" do + ignore_failure true + action :nothing + end.run_action(:run) if node['platform_family'] == "debian" + + node.set['build_essential']['compiletime'] = true + include_recipe "build-essential" + include_recipe "postgresql::client" + + node['postgresql']['client']['packages'].each do |pg_pack| + + resources("package[#{pg_pack}]").run_action(:install) + + end + + begin + chef_gem "pg" + rescue Gem::Installer::ExtensionBuildError => e + # Are we an omnibus install? + raise if RbConfig.ruby.scan(%r{(chef|opscode)}).empty? + # Still here, must be omnibus. Lets make this thing install! + Chef::Log.warn 'Failed to properly build pg gem. Forcing properly linking and retrying (omnibus fix)' + gem_dir = e.message.scan(%r{will remain installed in ([^ ]+)}).flatten.first + raise unless gem_dir + gem_name = File.basename(gem_dir) + ext_dir = File.join(gem_dir, 'ext') + gem_exec = File.join(File.dirname(RbConfig.ruby), 'gem') + new_content = <<-EOS +require 'rbconfig' +%w( +configure_args +LIBRUBYARG_SHARED +LIBRUBYARG_STATIC +LIBRUBYARG +LDFLAGS +).each do |key| + RbConfig::CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '') + RbConfig::MAKEFILE_CONFIG[key].gsub!(/-Wl[^ ]+( ?\\/[^ ]+)?/, '') +end +RbConfig::CONFIG['RPATHFLAG'] = '' +RbConfig::MAKEFILE_CONFIG['RPATHFLAG'] = '' +EOS + new_content << File.read(extconf_path = File.join(ext_dir, 'extconf.rb')) + File.open(extconf_path, 'w') do |file| + file.write(new_content) + end + + lib_builder = execute 'generate pg gem Makefile' do + command "#{RbConfig.ruby} extconf.rb" + cwd ext_dir + action :nothing + end + lib_builder.run_action(:run) + + lib_maker = execute 'make pg gem lib' do + command 'make' + cwd ext_dir + action :nothing + end + lib_maker.run_action(:run) + + lib_installer = execute 'install pg gem lib' do + command 'make install' + cwd ext_dir + action :nothing + end + lib_installer.run_action(:run) + + spec_installer = execute 'install pg spec' do + command "#{gem_exec} spec ./cache/#{gem_name}.gem --ruby > ./specifications/#{gem_name}.gemspec" + cwd File.join(gem_dir, '..', '..') + action :nothing + end + spec_installer.run_action(:run) + + Chef::Log.warn 'Installation of pg gem successful!' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server.rb new file mode 100644 index 000000000..461e3a273 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server.rb @@ -0,0 +1,90 @@ +# +# Cookbook Name:: postgresql +# Recipe:: server +# +# Author:: Joshua Timberman () +# Author:: Lamont Granquist () +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) + +include_recipe "postgresql::client" + +# randomly generate postgres password, unless using solo - see README +if Chef::Config[:solo] + missing_attrs = %w{ + postgres + }.select do |attr| + node['postgresql']['password'][attr].nil? + end.map { |attr| "node['postgresql']['password']['#{attr}']" } + + if !missing_attrs.empty? + Chef::Application.fatal!([ + "You must set #{missing_attrs.join(', ')} in chef-solo mode.", + "For more information, see https://github.com/opscode-cookbooks/postgresql#chef-solo-note" + ].join(' ')) + end +else + # TODO: The "secure_password" is randomly generated plain text, so it + # should be converted to a PostgreSQL specific "encrypted password" if + # it should actually install a password (as opposed to disable password + # login for user 'postgres'). However, a random password wouldn't be + # useful if it weren't saved as clear text in Chef Server for later + # retrieval. + node.set_unless['postgresql']['password']['postgres'] = secure_password + node.save +end + +# Include the right "family" recipe for installing the server +# since they do things slightly differently. +case node['platform_family'] +when "rhel", "fedora", "suse" + include_recipe "postgresql::server_redhat" +when "debian" + include_recipe "postgresql::server_debian" +end + +template "#{node['postgresql']['dir']}/postgresql.conf" do + source "postgresql.conf.erb" + owner "postgres" + group "postgres" + mode 0600 + notifies :restart, 'service[postgresql]', :immediately +end + +template "#{node['postgresql']['dir']}/pg_hba.conf" do + source "pg_hba.conf.erb" + owner "postgres" + group "postgres" + mode 00600 + notifies :reload, 'service[postgresql]', :immediately +end + +# NOTE: Consider two facts before modifying "assign-postgres-password": +# (1) Passing the "ALTER ROLE ..." through the psql command only works +# if passwordless authorization was configured for local connections. +# For example, if pg_hba.conf has a "local all postgres ident" rule. +# (2) It is probably fruitless to optimize this with a not_if to avoid +# setting the same password. This chef recipe doesn't have access to +# the plain text password, and testing the encrypted (md5 digest) +# version is not straight-forward. +bash "assign-postgres-password" do + user 'postgres' + code <<-EOH +echo "ALTER ROLE postgres ENCRYPTED PASSWORD '#{node['postgresql']['password']['postgres']}';" | psql + EOH + action :run +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_debian.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_debian.rb new file mode 100644 index 000000000..7345f4ee7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_debian.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: postgresql +# Recipe:: server +# +# Author:: Joshua Timberman () +# Author:: Lamont Granquist ()# +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::client" + +node['postgresql']['server']['packages'].each do |pg_pack| + + package pg_pack + +end + +service "postgresql" do + service_name node['postgresql']['server']['service_name'] + supports :restart => true, :status => true, :reload => true + action [:enable, :start] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_redhat.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_redhat.rb new file mode 100644 index 000000000..6d83193ab --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/server_redhat.rb @@ -0,0 +1,59 @@ +# +# Cookbook Name:: postgresql +# Recipe:: server +# +# Author:: Joshua Timberman () +# Author:: Lamont Granquist () +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql::client" + +# Create a group and user like the package will. +# Otherwise the templates fail. + +group "postgres" do + gid 26 +end + +user "postgres" do + shell "/bin/bash" + comment "PostgreSQL Server" + home "/var/lib/pgsql" + gid "postgres" + system true + uid 26 + supports :manage_home => false +end + +node['postgresql']['server']['packages'].each do |pg_pack| + + package pg_pack + +end + +unless platform_family?("suse") + + execute "/sbin/service #{node['postgresql']['server']['service_name']} initdb" do + not_if { ::FileTest.exist?(File.join(node['postgresql']['dir'], "PG_VERSION")) } + end + +end + +service "postgresql" do + service_name node['postgresql']['server']['service_name'] + supports :restart => true, :status => true, :reload => true + action [:enable, :start] +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb new file mode 100644 index 000000000..fbffaa8dc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/recipes/yum_pgdg_postgresql.rb @@ -0,0 +1,60 @@ +# +# Cookbook Name:: postgresql +# Recipe::yum_pgdg_postgresql +# +# Copyright 2013, DonorsChoose.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +###################################### +# The PostgreSQL RPM Building Project built repository RPMs for easy +# access to the PGDG yum repositories. Links to RPMs for installation +# are in an attribute so that new versions/platforms can be more +# easily added. (See attributes/default.rb) + +repo_rpm_url = node['postgresql']['pgdg']['repo_rpm_url']. + fetch(node['postgresql']['version']). # e.g., fetch for "9.1" + fetch(node['platform']). # e.g., fetch for "centos" + fetch(node['platform_version'].to_f.to_i.to_s). # e.g., fetch for "5" (truncated "5.7") + fetch(node['kernel']['machine']) # e.g., fetch for "i386" or "x86_64" + +# Extract the filename portion from the URL for the PGDG repository RPM. +# E.g., repo_rpm_filename = "pgdg-centos92-9.2-6.noarch.rpm" +repo_rpm_filename = File.basename(repo_rpm_url) + +# Extract the package name from the URL for the PGDG repository RPM. +# E.g., repo_rpm_package = "pgdg-centos92" +repo_rpm_package = repo_rpm_filename.split(/-/,3)[0..1].join('-') + +###################################### +# Install the "PostgreSQL RPM Building Project - Yum Repository" through +# the repo_rpm_url determined above. The /etc/yum.repos.d/pgdg-*.repo +# will provide postgresql9X packages, but you may need to exclude +# postgresql packages from the repository of the distro in order to use +# PGDG repository properly. Conflicts will arise if postgresql9X does +# appear in your distro's repo and you want a more recent patch level. + +# Download the PGDG repository RPM as a local file +remote_file "#{Chef::Config[:file_cache_path]}/#{repo_rpm_filename}" do + source repo_rpm_url + mode "0644" +end + +# Install the PGDG repository RPM from the local file +# E.g., /etc/yum.repos.d/pgdg-91-centos.repo +package repo_rpm_package do + provider Chef::Provider::Package::Rpm + source "#{Chef::Config[:file_cache_path]}/#{repo_rpm_filename}" + action :install +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/pg_hba.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/pg_hba.conf.erb new file mode 100644 index 000000000..8db8ee8b9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/pg_hba.conf.erb @@ -0,0 +1,35 @@ +# This file was automatically generated and dropped off by Chef! + +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. + +<% if node['postgresql']['version'].to_f < 9.1 -%> +# TYPE DATABASE USER CIDR-ADDRESS METHOD +<% elsif node['postgresql']['version'].to_f >= 9.1 -%> +# TYPE DATABASE USER ADDRESS METHOD +<% end -%> + +# "local" is for Unix domain socket connections only +<% if node['postgresql']['version'].to_f < 9.1 -%> +local all all ident +<% elsif node['postgresql']['version'].to_f >= 9.1 -%> +local all all peer +<% end -%> + +########### +# Other authentication configurations taken from chef node defaults: +########### +<% node['postgresql']['pg_hba'].each do |auth| -%> + +<% if auth[:comment] %> +<%= auth[:comment] %> +<% end %> +<% if auth[:addr] %> +<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:addr].ljust(23) %> <%= auth[:method] %> +<% else %> +<%= auth[:type].ljust(7) %> <%= auth[:db].ljust(15) %> <%= auth[:user].ljust(15) %> <%= auth[:method] %> +<% end %> +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/postgresql.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/postgresql.conf.erb new file mode 100644 index 000000000..d2facc2a3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/postgresql/templates/default/postgresql.conf.erb @@ -0,0 +1,20 @@ +# PostgreSQL configuration file +# This file was automatically generated and dropped off by chef! +# Please refer to the PostgreSQL documentation for details on +# configuration settings. + +<% node['postgresql']['config'].sort.each do |key, value| %> +<% next if value.nil? -%> +<%= key %> = <%= + case value + when String + "'#{value}'" + when TrueClass + 'on' + when FalseClass + 'off' + else + value + end +%> +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/pull.sh b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/pull.sh new file mode 100755 index 000000000..87134f11c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/pull.sh @@ -0,0 +1,11 @@ +#!/bin/sh +#wq +cd cookbooks +for name in `ls` +do + echo -e "\n------------cd $name-----------" + cd $name + git branch + git pull + cd .. +done diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/.kitchen.yml new file mode 100644 index 000000000..9a4463669 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/.kitchen.yml @@ -0,0 +1,41 @@ +--- +driver_plugin: vagrant +platforms: +- name: ubuntu-12.10 + driver_config: + box: opscode-ubuntu-12.10 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-12.10_provisionerless.box + require_chef_omnibus: true + run_list: ["recipe[apt]"] +- name: ubuntu-12.04 + driver_config: + box: opscode-ubuntu-12.04 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box + require_chef_omnibus: true + run_list: ["recipe[apt]"] +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_provisionerless.box + require_chef_omnibus: true + run_list: ["recipe[apt]"] +- name: centos-5.9 + driver_config: + box: opscode-centos-5.9 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box + require_chef_omnibus: 11.4.0 +- name: centos-6.4 + driver_config: + box: opscode-centos-6.4 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box + require_chef_omnibus: 11.4.0 +suites: +- name: default + run_list: + - recipe[python] + attributes: {} + +- name: source + run_list: + - recipe[python] + attributes: {python: {install_method: "source"}} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/Berksfile new file mode 100644 index 000000000..34a3b2d83 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/Berksfile @@ -0,0 +1,8 @@ +site :opscode + +metadata + +group :integration do + cookbook "apt" + cookbook "yum" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CHANGELOG.md new file mode 100644 index 000000000..fab89096d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CHANGELOG.md @@ -0,0 +1,56 @@ +## v1.3.0: + +### Bug + +- [COOK-2376]: Python pip default action +- [COOK-2468]: python cookbook - Chef 11 compat fixes +- [COOK-2882]: Python source recipe fails on Ubuntu 12.10 because of unavailable libdb4.8-dev package +- [COOK-3009]: fix build time dependencies and gcc flags for python source on newer ubuntus + +### New Feature + +- [COOK-2449]: Make the distribute download location an attribute +- [COOK-3008]: Update python::source to install 2.7.5 + +### Sub-task + +- [COOK-2866]: python::source checks existence of a directory that already exists + +## v1.2.2: + +* [COOK-2297] - more gracefully handle pip packages from VCS and + source archives + +## v1.2.0: + +* [COOK-1866] - /usr/bin is not a pip binary location in source + installs on RHEL +* [COOK-1925] - add smartos support + +## v1.1.0: + +* [COOK-1715] - Add user and group to python_pip +* [COOK-1727] - Python cookbook cannot install `pip` on CentOS + versions < 6 + +## v1.0.8: + +* [COOK-1016] - python package needs separate names for centos/rhel 5.x vs 6.x +* [COOK-1048] - installation of pip does not honor selected python version +* [COOK-1282] - catch Chef::Exceptions::ShellCommandFailed for chef 0.10.8 compatibility +* [COOK-1311] - virtualenv should have options attribute +* [COOK-1320] - pip provider doesn't catch correct exception +* [COOK-1415] - use plain 'python' binary instead of versioned one for + default interpreter + +## v1.0.6: + +* [COOK-1036] - correctly grep for python-module version +* [COOK-1046] - run pip inside the virtualenv + +## v1.0.4: + +* [COOK-960] - add timeout to python_pip +* [COOK-651] - 'install_path' not correctly resolved when using python::source +* [COOK-650] - Add ability to specify version when installing distribute. +* [COOK-553] - FreeBSD support in the python cookbook diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/README.md new file mode 100644 index 000000000..caad30fbd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/README.md @@ -0,0 +1,173 @@ +Description +=========== + +Installs and configures Python. Also includes LWRPs for managing python packages with `pip` and `virtualenv` isolated Python environments. + +Requirements +============ + +Platform +-------- + +* Debian, Ubuntu +* CentOS, Red Hat, Fedora + +Cookbooks +--------- + +* build-essential +* yum + +NOTE: The `yum` cookbook is a dependency of the cookbook, and will be used to install [EPEL](http://fedoraproject.org/wiki/EPEL) on RedHet/CentOS 5.x systems to provide the Python 2.6 packages. + +Attributes +========== + +See `attributes/default.rb` for default values. + +* `node["python"]["install_method"]` - method to install python with, default `package`. + +The file also contains the following attributes: + +* platform specific locations and settings. +* source installation settings + +Resource/Provider +================= + +This cookbook includes LWRPs for managing: + +* pip packages +* virtualenv isolated Python environments + +`python_pip` +------------ + +Install packages using the new hotness in Python package management...[`pip`](http://pypi.python.org/pypi/pip). Yo dawg...easy_install is so 2009, you better ask your local Pythonista if you don't know! The usage semantics are like that of any normal package provider. + +# Actions + +- :install: Install a pip package - if version is provided, install that specific version (default) +- :upgrade: Upgrade a pip package - if version is provided, upgrade to that specific version +- :remove: Remove a pip package +- :user: User to run pip as, for using with virtualenv +- :group: Group to run pip as, for using with virtualenv +- :purge: Purge a pip package (this usually entails removing configuration files as well as the package itself). With pip packages this behaves the same as `:remove` + +# Attribute Parameters + +- package_name: name attribute. The name of the pip package to install +- version: the version of the package to install/upgrade. If no version is given latest is assumed. +- virtualenv: virtualenv environment to install pip package into +- options: Add additional options to the underlying pip package command +- timeout: timeout in seconds for the command to execute. Useful for pip packages that may take a long time to install. Default 900 seconds. + +# Example + + # install latest gunicorn into system path + python_pip "gunicorn" + + # target a virtualenv + python_pip "gunicorn" do + virtualenv "/home/ubunut/my_ve" + end + + # install Django 1.1.4 + python_pip "django" do + version "1.1.4" + end + + # use this provider with the core package resource + package "django" do + provider Chef::Provider::PythonPip + end + +`python_virtualenv` +------------------- + +[`virtualenv`](http://pypi.python.org/pypi/virtualenv) is a great tool that creates isolated python environments. Think of it as RVM without all those hipsters and tight jeans. + +# Actions + +- :create: creates a new virtualenv +- :delete: deletes an existing virtualenv + +# Attribute Parameters + +- path: name attribute. The path where the virtualenv will be created +- interpreter: The Python interpreter to use. default is `python2.6` +- owner: The owner for the virtualenv +- group: The group owner of the file (string or id) +- options : Command line options (string) + +# Example + + # create a 2.6 virtualenv owned by ubuntu user + python_virtualenv "/home/ubuntu/my_cool_ve" do + owner "ubuntu" + group "ubuntu" + action :create + end + + # create a Python 2.4 virtualenv + python_virtualenv "/home/ubuntu/my_old_ve" do + interpreter "python2.4" + owner "ubuntu" + group "ubuntu" + action :create + end + + # create a Python 2.6 virtualenv with access to the global packages owned by ubuntu user + python_virtualenv "/home/ubuntu/my_old_ve" do + owner "ubuntu" + group "ubuntu" + options "--system-site-packages" + action :create + end + +Usage +===== + +default +------- + +Include default recipe in a run list, to get `python`, `pip` and `virtualenv`. Installs python by package or source depending on the platform. + +package +------- + +Installs Python from packages. + +source +------ + +Installs Python from source. + +pip +--- + +Installs `pip` from source. + +virtualenv +---------- + +Installs virtualenv using the `python_pip` resource. + +License and Author +================== + +Author:: Seth Chisamore () + +Copyright:: 2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/TESTING.md new file mode 100644 index 000000000..e29ff7c04 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/TESTING.md @@ -0,0 +1,25 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install vagrant-berkshelf + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/attributes/default.rb new file mode 100644 index 000000000..3e7807296 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/attributes/default.rb @@ -0,0 +1,42 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: python +# Attribute:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['python']['install_method'] = 'package' + +if python['install_method'] == 'package' + case platform + when "smartos" + default['python']['prefix_dir'] = '/opt/local' + else + default['python']['prefix_dir'] = '/usr' + end +else + default['python']['prefix_dir'] = '/usr/local' +end + +default['python']['binary'] = "#{python['prefix_dir']}/bin/python" + +default['python']['url'] = 'http://www.python.org/ftp/python' +default['python']['version'] = '2.7.5' +default['python']['checksum'] = '3b477554864e616a041ee4d7cef9849751770bc7c39adaf78a94ea145c488059' +default['python']['configure_options'] = %W{--prefix=#{python['prefix_dir']}} + +default['python']['distribute_script_url'] = 'http://python-distribute.org/distribute_setup.py' +default['python']['distribute_option']['download_base'] = 'https://pypi.python.org/packages/source/d/distribute/' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.json new file mode 100644 index 000000000..409ace80b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.json @@ -0,0 +1,43 @@ +{ + "name": "python", + "description": "Installs Python, pip and virtualenv. Includes LWRPs for managing Python packages with `pip` and `virtualenv` isolated Python environments.", + "long_description": "", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "centos": ">= 0.0.0", + "redhat": ">= 0.0.0", + "fedora": ">= 0.0.0", + "freebsd": ">= 0.0.0", + "smartos": ">= 0.0.0" + }, + "dependencies": { + "build-essential": ">= 0.0.0", + "yum": ">= 0.0.0" + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "python": "Installs python, pip, and virtualenv", + "python::package": "Installs python using packages.", + "python::source": "Installs python from source.", + "python::pip": "Installs pip from source.", + "python::virtualenv": "Installs virtualenv using the python_pip resource." + }, + "version": "1.3.0" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.rb new file mode 100644 index 000000000..ecf9e5df1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/metadata.rb @@ -0,0 +1,19 @@ +name "python" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs Python, pip and virtualenv. Includes LWRPs for managing Python packages with `pip` and `virtualenv` isolated Python environments." +version "1.3.0" + +depends "build-essential" +depends "yum" + +recipe "python", "Installs python, pip, and virtualenv" +recipe "python::package", "Installs python using packages." +recipe "python::source", "Installs python from source." +recipe "python::pip", "Installs pip from source." +recipe "python::virtualenv", "Installs virtualenv using the python_pip resource." + +%w{ debian ubuntu centos redhat fedora freebsd smartos }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/pip.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/pip.rb new file mode 100644 index 000000000..862f8d4cc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/pip.rb @@ -0,0 +1,168 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Provider:: pip +# +# Copyright:: 2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/shell_out' +require 'chef/mixin/language' +include Chef::Mixin::ShellOut + +def whyrun_supported? + true +end + +# the logic in all action methods mirror that of +# the Chef::Provider::Package which will make +# refactoring into core chef easy + +action :install do + # If we specified a version, and it's not the current version, move to the specified version + if new_resource.version != nil && new_resource.version != current_resource.version + install_version = new_resource.version + # If it's not installed at all, install it + elsif current_resource.version == nil + install_version = candidate_version + end + + if install_version + description = "install package #{new_resource} version #{install_version}" + converge_by(description) do + Chef::Log.info("Installing #{new_resource} version #{install_version}") + status = install_package(install_version) + if status + new_resource.updated_by_last_action(true) + end + end + end +end + +action :upgrade do + if current_resource.version != candidate_version + orig_version = current_resource.version || "uninstalled" + description = "upgrade #{current_resource} version from #{current_resource.version} to #{candidate_version}" + converge_by(description) do + Chef::Log.info("Upgrading #{new_resource} version from #{orig_version} to #{candidate_version}") + status = upgrade_package(candidate_version) + if status + new_resource.updated_by_last_action(true) + end + end + end +end + +action :remove do + if removing_package? + description = "remove package #{new_resource}" + converge_by(description) do + Chef::Log.info("Removing #{new_resource}") + remove_package(new_resource.version) + new_resource.updated_by_last_action(true) + end + end +end + +def removing_package? + if current_resource.version.nil? + false # nothing to remove + elsif new_resource.version.nil? + true # remove any version of a package + elsif new_resource.version == current_resource.version + true # remove the version we have + else + false # we don't have the version we want to remove + end +end + +# these methods are the required overrides of +# a provider that extends from Chef::Provider::Package +# so refactoring into core Chef should be easy + +def load_current_resource + @current_resource = Chef::Resource::PythonPip.new(new_resource.name) + @current_resource.package_name(new_resource.package_name) + @current_resource.version(nil) + + unless current_installed_version.nil? + @current_resource.version(current_installed_version) + end + + @current_resource +end + +def current_installed_version + @current_installed_version ||= begin + delimeter = /==/ + + version_check_cmd = "#{which_pip(new_resource)} freeze | grep -i '^#{new_resource.package_name}=='" + # incase you upgrade pip with pip! + if new_resource.package_name.eql?('pip') + delimeter = /\s/ + version_check_cmd = "pip --version" + end + result = shell_out(version_check_cmd) + (result.exitstatus == 0) ? result.stdout.split(delimeter)[1].strip : nil + end +end + +def candidate_version + @candidate_version ||= begin + # `pip search` doesn't return versions yet + # `pip list` may be coming soon: + # https://bitbucket.org/ianb/pip/issue/197/option-to-show-what-version-would-be + new_resource.version||'latest' + end +end + +def install_package(version) + # if a version isn't specified (latest), is a source archive (ex. http://my.package.repo/SomePackage-1.0.4.zip), + # or from a VCS (ex. git+https://git.repo/some_pkg.git) then do not append a version as this will break the source link + if version == 'latest' || new_resource.name.downcase.start_with?('http:', 'https:') || ['git', 'hg', 'svn'].include?(new_resource.name.downcase.split('+')[0]) + version = '' + else + version = "==#{version}" + end + pip_cmd('install', version) +end + +def upgrade_package(version) + new_resource.options "#{new_resource.options} --upgrade" + install_package(version) +end + +def remove_package(version) + new_resource.options "#{new_resource.options} --yes" + pip_cmd('uninstall') +end + +def pip_cmd(subcommand, version='') + options = { :timeout => new_resource.timeout, :user => new_resource.user, :group => new_resource.group } + options[:environment] = { 'HOME' => ::File.expand_path("~#{new_resource.user}") } if new_resource.user + shell_out!("#{which_pip(new_resource)} #{subcommand} #{new_resource.options} #{new_resource.name}#{version}", options) +end + +# TODO remove when provider is moved into Chef core +# this allows PythonPip to work with Chef::Resource::Package +def which_pip(nr) + if (nr.respond_to?("virtualenv") && nr.virtualenv) + ::File.join(nr.virtualenv,'/bin/pip') + elsif node['python']['install_method'].eql?("source") + ::File.join(node['python']['prefix_dir'], "/bin/pip") + else + 'pip' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/virtualenv.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/virtualenv.rb new file mode 100644 index 000000000..dfd9f4e3a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/providers/virtualenv.rb @@ -0,0 +1,74 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Provider:: virtualenv +# +# Copyright:: 2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/shell_out' +require 'chef/mixin/language' +include Chef::Mixin::ShellOut + +def whyrun_supported? + true +end + +action :create do + unless exists? + Chef::Log.info("Creating virtualenv #{new_resource} at #{new_resource.path}") + execute "#{virtualenv_cmd} --python=#{new_resource.interpreter} #{new_resource.options} #{new_resource.path}" do + user new_resource.owner if new_resource.owner + group new_resource.group if new_resource.group + end + new_resource.updated_by_last_action(true) + end +end + +action :delete do + if exists? + description = "delete virtualenv #{new_resource} at #{new_resource.path}" + converge_by(description) do + Chef::Log.info("Deleting virtualenv #{new_resource} at #{new_resource.path}") + FileUtils.rm_rf(new_resource.path) + end + end +end + +def load_current_resource + @current_resource = Chef::Resource::PythonVirtualenv.new(new_resource.name) + @current_resource.path(new_resource.path) + + if exists? + cstats = ::File.stat(current_resource.path) + @current_resource.owner(cstats.uid) + @current_resource.group(cstats.gid) + end + @current_resource +end + +def virtualenv_cmd() + if node['python']['install_method'].eql?("source") + ::File.join(node['python']['prefix_dir'], "/bin/virtualenv") + else + "virtualenv" + end +end + +private +def exists? + ::File.exist?(current_resource.path) && ::File.directory?(current_resource.path) \ + && ::File.exists?("#{current_resource.path}/bin/activate") +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/default.rb new file mode 100644 index 000000000..47e2a2086 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/default.rb @@ -0,0 +1,23 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Recipe:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "python::#{node['python']['install_method']}" +include_recipe "python::pip" +include_recipe "python::virtualenv" \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/package.rb new file mode 100644 index 000000000..3ccb688f5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/package.rb @@ -0,0 +1,43 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Recipe:: package +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +major_version = node['platform_version'].split('.').first.to_i + +# COOK-1016 Handle RHEL/CentOS namings of python packages, by installing EPEL +# repo & package +if platform_family?('rhel') && major_version < 6 + include_recipe 'yum::epel' + python_pkgs = ["python26", "python26-devel"] + node.set['python']['binary'] = "/usr/bin/python26" +else + python_pkgs = value_for_platform_family( + "debian" => ["python","python-dev"], + "rhel" => ["python","python-devel"], + "freebsd" => ["python"], + "smartos" => ["python27"], + "default" => ["python","python-dev"] + ) +end + +python_pkgs.each do |pkg| + package pkg do + action :install + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/pip.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/pip.rb new file mode 100644 index 000000000..ca2151ec3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/pip.rb @@ -0,0 +1,46 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Recipe:: pip +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform_family?("rhel") and node['python']['install_method'] == 'package' + pip_binary = "/usr/bin/pip" +elsif platform_family?("smartos") + pip_binary = "/opt/local/bin/pip" +else + pip_binary = "/usr/local/bin/pip" +end + +# Ubuntu's python-setuptools, python-pip and python-virtualenv packages +# are broken...this feels like Rubygems! +# http://stackoverflow.com/questions/4324558/whats-the-proper-way-to-install-pip-virtualenv-and-distribute-for-python +# https://bitbucket.org/ianb/pip/issue/104/pip-uninstall-on-ubuntu-linux +remote_file "#{Chef::Config[:file_cache_path]}/distribute_setup.py" do + source node['python']['distribute_script_url'] + mode "0644" + not_if { ::File.exists?(pip_binary) } +end + +execute "install-pip" do + cwd Chef::Config[:file_cache_path] + command <<-EOF + #{node['python']['binary']} distribute_setup.py --download-base=#{node['python']['distribute_option']['download_base']} + #{::File.dirname(pip_binary)}/easy_install pip + EOF + not_if { ::File.exists?(pip_binary) } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/source.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/source.rb new file mode 100644 index 000000000..9c979c965 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/source.rb @@ -0,0 +1,56 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Recipe:: source +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +configure_options = node['python']['configure_options'].join(" ") + +packages = value_for_platform_family( + "rhel" => ["openssl-devel","bzip2-devel","zlib-devel","expat-devel","db4-devel","sqlite-devel","ncurses-devel","readline-devel"], + "default" => ["libssl-dev","libbz2-dev","zlib1g-dev","libexpat1-dev","libdb-dev","libsqlite3-dev","libncursesw5-dev","libncurses5-dev","libreadline-dev","libsasl2-dev", "libgdbm-dev"] + ) +# +packages.each do |dev_pkg| + package dev_pkg +end + +version = node['python']['version'] +install_path = "#{node['python']['prefix_dir']}/bin/python#{version.split(/(^\d+\.\d+)/)[1]}" + +remote_file "#{Chef::Config[:file_cache_path]}/Python-#{version}.tar.bz2" do + source "#{node['python']['url']}/#{version}/Python-#{version}.tar.bz2" + checksum node['python']['checksum'] + mode "0644" + not_if { ::File.exists?(install_path) } +end + +bash "build-and-install-python" do + cwd Chef::Config[:file_cache_path] + code <<-EOF + tar -jxvf Python-#{version}.tar.bz2 + (cd Python-#{version} && ./configure #{configure_options}) + (cd Python-#{version} && make && make install) + EOF + environment({ + "LDFLAGS" => "-L#{node['python']['prefix_dir']} -L/usr/lib", + "CPPFLAGS" => "-I#{node['python']['prefix_dir']} -I/usr/lib", + "CXXFLAGS" => "-I#{node['python']['prefix_dir']} -I/usr/lib", + "CFLAGS" => "-I#{node['python']['prefix_dir']} -I/usr/lib" + }) if platform?("ubuntu") && node['platform_version'].to_f >= 12.04 + not_if { ::File.exists?(install_path) } +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/virtualenv.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/virtualenv.rb new file mode 100644 index 000000000..4c28f80b1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/recipes/virtualenv.rb @@ -0,0 +1,25 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Recipe:: virtualenv +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "python::pip" + +python_pip "virtualenv" do + action :install +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/pip.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/pip.rb new file mode 100644 index 000000000..cccb224bd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/pip.rb @@ -0,0 +1,36 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Resource:: pip +# +# Copyright:: 2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :install, :upgrade, :remove, :purge +default_action :install if defined?(default_action) # Chef > 10.8 + +# Default action for Chef <= 10.8 +def initialize(*args) + super + @action = :install +end + +attribute :package_name, :kind_of => String, :name_attribute => true +attribute :version, :default => nil +attribute :timeout, :default => 900 +attribute :virtualenv, :kind_of => String +attribute :user, :regex => Chef::Config[:user_valid_regex] +attribute :group, :regex => Chef::Config[:group_valid_regex] +attribute :options, :kind_of => String, :default => '' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/virtualenv.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/virtualenv.rb new file mode 100644 index 000000000..dcb282c0b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/python/resources/virtualenv.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore +# Cookbook Name:: python +# Resource:: virtualenv +# +# Copyright:: 2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create, :delete +default_action :create if defined?(default_action) # Chef > 10.8 + +# Default action for Chef <= 10.8 +def initialize(*args) + super + @action = :create +end + +attribute :path, :kind_of => String, :name_attribute => true +attribute :interpreter, :default => 'python' +attribute :owner, :regex => Chef::Config[:user_valid_regex] +attribute :group, :regex => Chef::Config[:group_valid_regex] +attribute :options, :kind_of => String diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/.kitchen.yml new file mode 100644 index 000000000..464b6c881 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/.kitchen.yml @@ -0,0 +1,192 @@ +--- +driver_plugin: vagrant +driver_config: + require_chef_omnibus: true + +platforms: +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_provisionerless.box + run_list: + - recipe[apt] + +- name: ubuntu-12.04 + driver_config: + box: opscode-ubuntu-12.04 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box + run_list: + - recipe[apt] + +- name: ubuntu-13.04 + driver_config: + box: opscode-ubuntu-13.04 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-13.04_provisionerless.box + run_list: + - recipe[apt] + +- name: centos-5.9 + driver_config: + box: opscode-centos-5.9 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box + run_list: + - recipe[yum::epel] + +- name: centos-6.4 + driver_config: + box: opscode-centos-6.4 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box + run_list: + - recipe[yum::epel] + +- name: fedora-18 + driver_config: + box: opscode-fedora-18 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode-fedora-18_provisionerless.box + run_list: {} + +# add once the bento image is fixed +# - name: debian-7.1 +# driver_config: +# box: opscode-debian-7.1 +# box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_debian-7.1.0_provisionerless.box +# run_list: +# - recipe[apt] + +# image not downloading +# - name: smartos-13.1 +# driver_config: +# box: smartos-base1310 +# box_url: http://dlc-int.openindiana.org/aszeszo/vagrant/smartos-base1310-64-virtualbox-20130806.box +# run_list: +# - recipe[rabbitmq] + +# http://tickets.opscode.com/browse/COOK-2467 +# - name: omnios-r151002 +# driver_config: +# box: omnios-r151002 +# box_url: http://omnios.omniti.com/media/omnios-latest.box +# run_list: +# - recipe[rabbitmq] + +suites: +- name: default + excludes: + - omnios-r151002 + - smartos-13.1 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::default] + attributes: {} + +- name: default-esl + excludes: + - centos-5.9 + - fedora-18 + - omnios-r151002 + - smartos-13.1 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::default] + attributes: + erlang: + install_method: 'esl' + +- name: upstart + excludes: + - centos-5.9 + - centos-6.4 + - fedora-18 + - ubuntu-13.04 + - omnios-r151002 + - smartos-13.1 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::default] + attributes: + rabbitmq: + job_control: 'upstart' + +- name: distro-version + excludes: + - centos-5.9 + - fedora-18 + - ubuntu-10.04 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::default] + attributes: + rabbitmq: + use_distro_version: true + +- name: mgmt_console + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::mgmt_console] + attributes: {} + +- name: cook-2151-3489 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::cook-2151-3489] + attributes: + rabbitmq: + disk_free_limit_relative: 1.0 + vm_memory_high_watermark: 0.5 + max_file_descriptors: 2048 + open_file_limit: 102400 + +- name: cook-2705 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::default] + attributes: + rabbitmq: + tcp_listen_keepalive: true + +# stress test for lwrps +- name: lwrps-default + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::lwrps] + attributes: + rabbitmq: + enabled_plugins: ["rabbitmq_stomp", "rabbitmq_shovel", "rabbitmq_stomp"] + disabled_plugins: ["nonexistant_plugin", "rabbitmq_shovel"] + enabled_users: [ + {name: "kitchen1", password: "test", tag: "tag1", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]}, + {name: "kitchen2", password: "test", tag: "tag2", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}, {vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]}, + {name: "kitchen3", password: "test", tag: "tag3", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]}, + {name: "kitchen1", password: "test", tag: "tag4", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]} + ] + disabled_users: ["nonexistant_user", "kitchen2"] + disabled_policies: ["nonexistant_policy"] + virtualhosts: ["kitchen", "kitchen"] + disabled_virtualhosts: ["nonexistant_vhost"] + +# stress test for lwrps with distro packages +- name: lwrps-distro + excludes: + - centos-5.9 + - centos-6.4 + - fedora-18 + - ubuntu-10.04 + - ubuntu-12.04 + run_list: + - recipe[minitest-handler] + - recipe[rabbitmq_test::lwrps] + attributes: + rabbitmq: + use_distro_version: true + enabled_plugins: ["rabbitmq_stomp", "rabbitmq_shovel", "rabbitmq_stomp"] + disabled_plugins: ["nonexistant_plugin", "rabbitmq_shovel"] + enabled_users: [ + {name: "kitchen1", password: "test", tag: "tag1", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]}, + {name: "kitchen2", password: "test", tag: "tag2", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}, {vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]}, + {name: "kitchen3", password: "test", tag: "tag3", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]}, + {name: "kitchen1", password: "test", tag: "tag4", rights: [{vhost: "kitchen", conf: ".*", write: ".*", read: ".*"}]} + ] + disabled_users: ["nonexistant_user", "kitchen2"] + disabled_policies: ["nonexistant_policy"] + virtualhosts: ["kitchen", "kitchen"] + disabled_virtualhosts: ["nonexistant_vhost"] diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/Berksfile new file mode 100644 index 000000000..f3ef5a630 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/Berksfile @@ -0,0 +1,10 @@ +site :opscode + +metadata + +group :integration do + cookbook "minitest-handler" + cookbook "apt" + cookbook "yum" + cookbook "rabbitmq_test", :path => "./test/cookbooks/rabbitmq_test" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CHANGELOG.md new file mode 100644 index 000000000..6a4d1fc3a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CHANGELOG.md @@ -0,0 +1,124 @@ +rabbitmq Cookbook CHANGELOG +=========================== +This file is used to list changes made in each version of the rabbitmq cookbook. + + +v2.3.2 +------ +### Bug +- **[COOK-3678](https://tickets.opscode.com/browse/COOK-3678)** - Fix an issue where a RabbitMQ policy resource with vhost arguments emits unexpected restart notification +- **[COOK-3606](https://tickets.opscode.com/browse/COOK-3606)** - Fix erlang cookie comparison +- **[COOK-3512](https://tickets.opscode.com/browse/COOK-3512)** - Define rabbitmq service on SUSE + +### New Feature +- **[COOK-3538](https://tickets.opscode.com/browse/COOK-3538)** - Configure web management console to use SSL + + +v2.3.0 +------ +### Improvement +- **[COOK-3369](https://tickets.opscode.com/browse/COOK-3369)** - Add SUSE support +- **[COOK-3320](https://tickets.opscode.com/browse/COOK-3320)** - Configure bind and cluster over a specified addr +- **[COOK-3138](https://tickets.opscode.com/browse/COOK-3138)** - Do not log RabbitMQ password +- **[COOK-2803](https://tickets.opscode.com/browse/COOK-2803)** - Bind erlang networking to localhost (attribute-driven) + +v2.2.0 +------ +### Improvement +- Greatly expanded Test Kitchen coverage and platform support +- added support for disabling policies and virtualhosts through attributes +- added support for using with the erlang::esl recipe +- [COOK-2705]: Add ability to change tcp_listen_options in config +- [COOK-2397]: Added upstart support to rabbitmq cookbook +- [COOK-2830]: Use a notify for server restart, instead of defining a new service +- [COOK-3384]: Added ability to change user password +- [COOK-3489]: Add attribute to set open file limit + +### Bug +- [COOK-3011]: Incorrect apt source test causes Chef run to fail on Ubuntu +- [COOK-3438]: RabbitMQ fixes for Fedora 19 + +v2.1.2 +------ +### Improvement +- [COOK-3099]: policy resource should support optional vhost argument + +### Bug + +- [COOK-3078]: rabbitmq password is not quoted or escaped on add_user +- [COOK-3079]: rabbitmq permissions check doesn't match, resulting in non-idempotency + +v2.1.0 +------ +### Bug +- [COOK-2828]: Rabbitmq Clustering doesn't work properly +- [COOK-2975]: rabbitmq has foodcritic failures + +### New Feature +- [COOK-2575]: LWRP for setting policies + +v2.0.0 +------ +- Major v2.0 changes are documented in the README. +- [COOK-2391] - Added support for verify verify_peer and fail_if_no_peer_cert true +- [COOK-2153] - Fix of user LWRP +- [COOK-2180] - Plugin management via node attributes +- [COOK-2201] - Use the proper syntax when using rabbitmq 3.0 instead of 2.x +- [COOK-2210] - User management via node attributes +- [COOK-2211] - Virtualhost management via node attributes +- [COOK-2235] - RabbitMQ bin path isn't necessarily part of PATH for the plugin provider +- [COOK-2392] - correctly configure a rabbitmq cluster +- [COOK-2366] - Default recipe doesn't create mnesia dir +- [COOK-2416] - Add support for clearing tags. + +v1.8.0 +------ +- [COOK-2151] - Add config options for `disk_free_limit` and `vm_memory_high_watermark` via attributes + +v1.7.0 +------ +- [COOK-1850] - oracle linux support +- [COOK-1873] - add `set_user_tag` action to `rabbitmq_user` LWRP +- [COOK-1878] - :immediately action causes clustering to fail +- [COOK-1888] - smartos support + +v1.6.4 +------ +- [COOK-1684] - Unify behavior of debian and rhel clones in the rabbitmq cookbook +- [COOK-1724] - enable using the distro release of rabbitmq instead of the RabbitMQ.org version + +v1.6.2 +------ +- [COOK-1552] - removed rogue single quote from rabbitmq ssl configuration + +v1.6.0 +------ +- [COOK-1496] - explicitly include the apt recipe +- [COOK-1501] - Allow user to enable yum-based installation of rabbitmq via an attribute +- [COOK-1503] - Recipe to enable rabbitmq web management console + +v1.5.0 +------ +This version requires apt cookbook v1.4.4 (reflected in metadata). + +- [COOK-1216] - add amazon linux to RHELish platforms +- [COOK-1217] - specify version, for RHELish platforms +- [COOK-1219] - immediately restart service on config update +- [COOK-1317] - fix installation of old version from ubuntu APT repo +- [COOK-1331] - LWRP for enabling/disabling rabbitmq plugins +- [COOK-1386] - increment rabbitmq version to 2.8.4 +- [COOK-1432] - resolve foodcritic warnings +- [COOK-1438] - add fedora to RHELish platforms + +v1.4.1 +------ +- [COOK-1386] - Bumped version to 2.8.4 +- rabbitmq::default now includes erlang::default + +v1.4.0 +------ +- [COOK-911] - Auto clustering support + +v1.3.2 +------ +- [COOK-585] - manage rabbitmq-server service diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/README.md new file mode 100644 index 000000000..15a61ce22 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/README.md @@ -0,0 +1,176 @@ +rabbitmq Cookbook +================= +This is a cookbook for managing RabbitMQ with Chef. It is intended for 2.6.1 or later releases. + +**Version 2.0 Changes** + +The 2.0 release of the cookbook defaults to using the latest version available from RabbitMQ.com via direct download of the package. This was done to simplify the installation options to either distro package or direct download. The attributes `use_apt` and `use_yum` have been removed as have the `apt` and `yum` cookbook dependencies. The user LWRP action `:set_user_tags` was changed to `:set_tags` for consistency with other actions. + + +Requirements +------------ +This cookbook depends on the `erlang` cookbook. + +Please refer to the [TESTING file](TESTING.md) to see the currently (and passing) tested platforms. The release was tested with (rabbitmq.com/distro version): +- CentOS 5.9: 3.1.5 (distro release unsupported) +- CentOS 6.4: 3.1.5/2.6.1 (no lwrps support) +- Fedora 18: 3.1.5 (distro release unsupported) +- Ubuntu 10.04: 3.1.5 (distro release unsupported) +- Ubuntu 12.04: 3.1.5/2.7.1 (no lwrps support) +- Ubuntu 13.04: 3.1.5/3.0.2 + + +Recipes +------- +### default +Installs `rabbitmq-server` from RabbitMQ.com via direct download of the installation package or using the distribution version. Depending on your distribution, the provided version may be quite old so they are disabled by default. If you want to use the distro version, set the attribute `['rabbitmq']['use_distro_version']` to `true`. You may override the download URL attribute `['rabbitmq']['package']` if you wish to use a local mirror. + +The cluster recipe is now combined with the default and will now auto-cluster. Set the `['rabbitmq']['cluster']` attribute to `true`, `['rabbitmq']['cluster_disk_nodes']` array of `node@host` strings that describe which you want to be disk nodes and then set an alphanumeric string for the `erlang_cookie`. + +To enable SSL turn `ssl` to `true` and set the paths to your cacert, cert and key files. + +### mgmt_console +Installs the `rabbitmq_management` and `rabbitmq_management_visualiser` plugins. +To use https connection to management console, turn `['rabbitmq']['web_console_ssl']` to true. The SSL port for web management console can be configured by setting attribute `['rabbitmq']['web_console_ssl_port']`, whose default value is 15671. + +### plugin_management +Enables any plugins listed in the `node['rabbitmq']['enabled_plugins']` and disables any listed in `node['rabbitmq'][disabled_plugins']` attributes. + +### policy_management +Enables any policies listed in the `node['rabbitmq'][policies]` and disables any listed in `node['rabbitmq'][disabled_policies]` attributes. + +### user_management +Enables any users listed in the `node['rabbitmq']['enabled_users]` and disables any listed in `node['rabbitmq'][disabled_users]` attributes. + +### virtualhost_management +Enables any vhosts listed in the `node['rabbitmq'][virtualhosts]` and disables any listed in `node['rabbitmq'][disabled_virtualhosts]` attributes. + + +Resources/Providers +------------------- +There are 4 LWRPs for interacting with RabbitMQ. + +### plugin +Enables or disables a rabbitmq plugin. Plugins are not supported for releases prior to 2.7.0. + +- `:enable` enables a `plugin` +- `:disable` disables a `plugin` + +#### Examples +```ruby +rabbitmq_plugin "rabbitmq_stomp" do + action :enable +end +``` + +```ruby +rabbitmq_plugin "rabbitmq_shovel" do + action :disable +end +``` + +### policy +sets or clears a rabbitmq policy. + +- `:set` sets a `policy` +- `:clear` clears a `policy` +- `:list` lists `policy`s + +#### Examples +```ruby +rabbitmq_policy "ha-all" do + pattern "^(?!amq\\.).*" + params {"ha-mode"=>"all"} + priority 1 + action :set +end +``` + +```ruby +rabbitmq_policy "ha-all" do + action :clear +end +``` + +### user +Adds and deletes users, fairly simplistic permissions management. + +- `:add` adds a `user` with a `password` +- `:delete` deletes a `user` +- `:set_permissions` sets the `permissions` for a `user`, `vhost` is optional +- `:clear_permissions` clears the permissions for a `user` +- `:set_tags` set the tags on a user +- `:clear_tags` clear any tags on a user +- `:change_password` set the `password` for a `user` + +#### Examples +```ruby +rabbitmq_user "guest" do + action :delete +end +``` + +```ruby +rabbitmq_user "nova" do + password "sekret" + action :add +end +``` + +```ruby +rabbitmq_user "nova" do + vhost "/nova" + permissions ".* .* .*" + action :set_permissions +end +``` + +```ruby +rabbitmq_user "joe" do + tag "admin,lead" + action :set_tags +end +``` + +### vhost +Adds and deletes vhosts. + +- `:add` adds a `vhost` +- `:delete` deletes a `vhost` + +#### Examples +``` ruby +rabbitmq_vhost "/nova" do + action :add +end +``` + + +Limitations +----------- +For an already running cluster, these actions still require manual intervention: +- changing the :erlang_cookie +- turning :cluster from true to false + + +License & Authors +----------------- +- Author:: Benjamin Black +- Author:: Daniel DeLeo +- Author:: Matt Ray () + +```text +Copyright (c) 2009-2013, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/TESTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/TESTING.md new file mode 100644 index 000000000..8380623a5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/TESTING.md @@ -0,0 +1,39 @@ +This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements. + +1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site. +2. You must have Vagrant 1.1 installed. +3. You must have a "sane" Ruby 1.9.3 environment. + +Once the above requirements are met, install the additional requirements: + +Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment. + + vagrant plugin install vagrant-berkshelf + gem install berkshelf + +Install Test Kitchen 1.0 (unreleased yet, use the alpha / prerelease version). + + gem install test-kitchen --pre + +Install the Vagrant driver for Test Kitchen. + + gem install kitchen-vagrant + +Once the above are installed, you should be able to run Test Kitchen: + + kitchen list + kitchen test + +This cookbook has the following Test-Kitchen coverage: + +| Test Coverage | Ubuntu 10.04 | Ubuntu 12.04 | Ubuntu 13.04 | Centos 5.9 | Centos 6.4 | Fedora 18 | Debian 7.1 | SmartOS 13.1 | OmniOS r151002 | +| -------------- |:-------------:|:------------:|:------------:|:----------:|:----------:|:---------:|:----------:|:------------:|:--------------:| +| default | **Y** | **Y** | **Y** | **Y** | **Y** | **Y** | **N** | **N** | **N** | +| default-esl | **Y** | **Y** | **Y** | **N** | **Y** | **N** | **N** | **N** | **N** | +| upstart | **Y** | **Y** | **Y** | **N** | **N** | **N** | **N** | **N** | **N** | +| distro-version | **N** | **Y** | **Y** | **N** | **Y** | **N** | **N** | **N** | **N** | +| mgmt_console | **Y** | **Y** | **Y** | **Y** | **Y** | **Y** | **N** | **N** | **N** | +| cook-2151-3489 | **Y** | **Y** | **Y** | **Y** | **Y** | **Y** | **N** | **N** | **N** | +| cook-2705 | **Y** | **Y** | **Y** | **Y** | **Y** | **Y** | **N** | **N** | **N** | +| lwrps-default | **Y** | **Y** | **Y** | **Y** | **Y** | **Y** | **N** | **N** | **N** | +| lwrps-distro | **N** | **N** | **Y** | **N** | **N** | **N** | **N** | **N** | **N** | diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/attributes/default.rb new file mode 100644 index 000000000..01c097c7a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/attributes/default.rb @@ -0,0 +1,102 @@ +# Latest RabbitMQ.com version to install +default['rabbitmq']['version'] = '3.1.5' +# The distro versions may be more stable and have back-ported patches +default['rabbitmq']['use_distro_version'] = false + +# being nil, the rabbitmq defaults will be used +default['rabbitmq']['nodename'] = nil +default['rabbitmq']['address'] = nil +default['rabbitmq']['port'] = nil +default['rabbitmq']['config'] = nil +default['rabbitmq']['logdir'] = nil +default['rabbitmq']['mnesiadir'] = "/var/lib/rabbitmq/mnesia" +default['rabbitmq']['service_name'] = 'rabbitmq-server' + +# config file location +# http://www.rabbitmq.com/configure.html#define-environment-variables +# "The .config extension is automatically appended by the Erlang runtime." +default['rabbitmq']['config_root'] = "/etc/rabbitmq" +default['rabbitmq']['config'] = "/etc/rabbitmq/rabbitmq" +default['rabbitmq']['erlang_cookie_path'] = '/var/lib/rabbitmq/.erlang.cookie' + +# rabbitmq.config defaults +default['rabbitmq']['default_user'] = 'guest' +default['rabbitmq']['default_pass'] = 'guest' + +# bind erlang networking to localhost +default['rabbitmq']['local_erl_networking'] = false + +# bind rabbit and erlang networking to an address +default['rabbitmq']['erl_networking_bind_address'] = nil + +#clustering +default['rabbitmq']['cluster'] = false +default['rabbitmq']['cluster_disk_nodes'] = [] +default['rabbitmq']['erlang_cookie'] = 'AnyAlphaNumericStringWillDo' + +# resource usage +default['rabbitmq']['disk_free_limit_relative'] = nil +default['rabbitmq']['vm_memory_high_watermark'] = nil +default['rabbitmq']['max_file_descriptors'] = 1024 +default['rabbitmq']['open_file_limit'] = nil + +# job control +default['rabbitmq']['job_control'] = 'initd' + +#ssl +default['rabbitmq']['ssl'] = false +default['rabbitmq']['ssl_port'] = 5671 +default['rabbitmq']['ssl_cacert'] = '/path/to/cacert.pem' +default['rabbitmq']['ssl_cert'] = '/path/to/cert.pem' +default['rabbitmq']['ssl_key'] = '/path/to/key.pem' +default['rabbitmq']['ssl_verify'] = 'verify_none' +default['rabbitmq']['ssl_fail_if_no_peer_cert'] = false +default['rabbitmq']['web_console_ssl'] = false +default['rabbitmq']['web_console_ssl_port'] = 15671 + +#tcp listen options +default['rabbitmq']['tcp_listen_packet'] = 'raw' +default['rabbitmq']['tcp_listen_reuseaddr'] = true +default['rabbitmq']['tcp_listen_backlog'] = 128 +default['rabbitmq']['tcp_listen_nodelay'] = true +default['rabbitmq']['tcp_listen_exit_on_close'] = false +default['rabbitmq']['tcp_listen_keepalive'] = false + +#virtualhosts +default['rabbitmq']['virtualhosts'] = [] +default['rabbitmq']['disabled_virtualhosts'] = [] + +#users +default['rabbitmq']['enabled_users'] = + [{ :name => "guest", :password => "guest", :rights => + [{:vhost => nil , :conf => ".*", :write => ".*", :read => ".*"}] + }] +default['rabbitmq']['disabled_users'] =[] + +#plugins +default['rabbitmq']['enabled_plugins'] = [] +default['rabbitmq']['disabled_plugins'] = [] + +#platform specific settings +case node['platform_family'] +when 'debian' + default['rabbitmq']['package'] = "https://www.rabbitmq.com/releases/rabbitmq-server/v#{node['rabbitmq']['version']}/rabbitmq-server_#{node['rabbitmq']['version']}-1_all.deb" +when 'rhel','fedora' + default['rabbitmq']['package'] = "https://www.rabbitmq.com/releases/rabbitmq-server/v#{node['rabbitmq']['version']}/rabbitmq-server-#{node['rabbitmq']['version']}-1.noarch.rpm" +when 'smartos' + default['rabbitmq']['service_name'] = 'rabbitmq' + default['rabbitmq']['config_root'] = '/opt/local/etc/rabbitmq' + default['rabbitmq']['config'] = '/opt/local/etc/rabbitmq/rabbitmq' + default['rabbitmq']['erlang_cookie_path'] = '/var/db/rabbitmq/.erlang.cookie' +end + +# Example HA policies +default['rabbitmq']['policies']['ha-all']['pattern'] = "^(?!amq\\.).*" +default['rabbitmq']['policies']['ha-all']['params'] = { "ha-mode" => "all" } +default['rabbitmq']['policies']['ha-all']['priority'] = 0 + +default['rabbitmq']['policies']['ha-two']['pattern'] = "^two\." +default['rabbitmq']['policies']['ha-two']['params'] = { "ha-mode" => "exactly", "ha-params" => 2 } +default['rabbitmq']['policies']['ha-two']['priority'] = 1 + +default['rabbitmq']['disabled_policies'] = [] diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/metadata.rb new file mode 100644 index 000000000..e6a35f96c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/metadata.rb @@ -0,0 +1,104 @@ +name "rabbitmq" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures RabbitMQ server" +version "2.3.3" +recipe "rabbitmq", "Install and configure RabbitMQ" +recipe "rabbitmq::cluster", "Set up RabbitMQ clustering." +recipe "rabbitmq::plugin_management", "Manage plugins with node attributes" +recipe "rabbitmq::virtualhost_management", "Manage virtualhost with node attributes" +recipe "rabbitmq::user_management", "Manage users with node attributes" +depends "erlang", ">= 0.9" + +%w{ubuntu debian linuxmint redhat centos scientific amazon fedora oracle smartos suse}.each do |os| + supports os +end + +attribute "rabbitmq", + :display_name => "RabbitMQ", + :description => "Hash of RabbitMQ attributes", + :type => "hash" + +attribute "rabbitmq/nodename", + :display_name => "RabbitMQ Erlang node name", + :description => "The Erlang node name for this server.", + :default => "node['hostname']" + +attribute "rabbitmq/address", + :display_name => "RabbitMQ server IP address", + :description => "IP address to bind." + +attribute "rabbitmq/port", + :display_name => "RabbitMQ server port", + :description => "TCP port to bind." + +attribute "rabbitmq/config", + :display_name => "RabbitMQ config file to load", + :description => "Path to the rabbitmq.config file, if any." + +attribute "rabbitmq/logdir", + :display_name => "RabbitMQ log directory", + :description => "Path to the directory for log files." + +attribute "rabbitmq/mnesiadir", + :display_name => "RabbitMQ Mnesia database directory", + :description => "Path to the directory for Mnesia database files." + +attribute "rabbitmq/cluster", + :display_name => "RabbitMQ clustering", + :description => "Whether to activate clustering.", + :default => "no" + +attribute "rabbitmq/cluster_config", + :display_name => "RabbitMQ clustering configuration file", + :description => "Path to the clustering configuration file, if cluster is yes.", + :default => "/etc/rabbitmq/rabbitmq_cluster.config" + +attribute "rabbitmq/cluster_disk_nodes", + :display_name => "RabbitMQ cluster disk nodes", + :description => "Array of member Erlang nodenames for the disk-based storage nodes in the cluster.", + :default => [], + :type => "array" + +attribute "rabbitmq/erlang_cookie", + :display_name => "RabbitMQ Erlang cookie", + :description => "Access cookie for clustering nodes. There is no default." + +attribute "rabbitmq/virtualhosts", + :display_name => "Virtualhosts on rabbitmq instance", + :description => "List all virtualhosts that will exist", + :default => [], + :type => "array" + +attribute "rabbitmq/enabled_users", + :display_name => "Users and their rights on rabbitmq instance", + :description => "Users and description of their rights", + :default => [{ :name => "guest", :password => "guest", :rights => [{:vhost => nil , :conf => ".*", :write => ".*", :read => ".*"}]}], + :type => "array" + +attribute "rabbitmq/disabled_users", + :display_name => "Disabled users", + :description => "List all users that will be deactivated", + :default => [], + :type => "array" + +attribute "rabbitmq/enabled_plugins", + :display_name => "Enabled plugins", + :description => "List all plugins that will be activated", + :default => [], + :type => "array" + +attribute "rabbitmq/disabled_plugins", + :display_name => "Disabled plugins", + :description => "List all plugins that will be deactivated", + :default => [], + :type => "array" + +attribute "rabbitmq/local_erl_networking", + :display_name => "Local Erlang networking", + :description => "Bind erlang networking to localhost" + +attribute "rabbitmq/erl_networking_bind_address", + :display_name => "Erl Networking Bind Address", + :description => "Bind Rabbit and erlang networking to an address" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/plugin.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/plugin.rb new file mode 100644 index 000000000..fbb89903a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/plugin.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: rabbitmq +# Provider:: plugin +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def plugins_bin_path(return_array=false) + path = ENV.fetch('PATH') + ':/usr/lib/rabbitmq/bin' + return_array ? path.split(':') : path +end + +def plugin_enabled?(name) + cmdStr = "rabbitmq-plugins list -e '#{name}\\b'" + cmd = Mixlib::ShellOut.new(cmdStr) + cmd.environment['HOME'] = ENV.fetch('HOME', '/root') + cmd.environment['PATH'] = plugins_bin_path + cmd.run_command + Chef::Log.debug "rabbitmq_plugin_enabled?: #{cmdStr}" + Chef::Log.debug "rabbitmq_plugin_enabled?: #{cmd.stdout}" + cmd.error! + cmd.stdout =~ /\b#{name}\b/ +end + +action :enable do + unless plugin_enabled?(new_resource.plugin) + execute "rabbitmq-plugins enable #{new_resource.plugin}" do + Chef::Log.info "Enabling RabbitMQ plugin '#{new_resource.plugin}'." + path plugins_bin_path(true) + new_resource.updated_by_last_action(true) + end + end +end + +action :disable do + if plugin_enabled?(new_resource.plugin) + execute "rabbitmq-plugins disable #{new_resource.plugin}" do + Chef::Log.info "Disabling RabbitMQ plugin '#{new_resource.plugin}'." + path plugins_bin_path(true) + new_resource.updated_by_last_action(true) + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/policy.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/policy.rb new file mode 100644 index 000000000..4da9642b7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/policy.rb @@ -0,0 +1,92 @@ +# +# Cookbook Name:: rabbitmq +# Provider:: policy +# +# Author: Robert Choi +# Copyright 2013 by Robert Choi +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'shellwords' + +def policy_exists?(vhost, name) + cmd = "rabbitmqctl list_policies" + cmd << " -p #{Shellwords.escape vhost}" unless vhost.nil? + cmd << " |grep '#{name}\\b'" + + cmd = Mixlib::ShellOut.new(cmd) + cmd.environment['HOME'] = ENV.fetch('HOME', '/root') + cmd.run_command + begin + cmd.error! + true + rescue + false + end +end + +action :set do + unless policy_exists?(new_resource.vhost, new_resource.policy) + cmd = "rabbitmqctl set_policy" + cmd << " -p #{new_resource.vhost}" unless new_resource.vhost.nil? + cmd << " #{new_resource.policy}" + cmd << " \"#{new_resource.pattern}\"" + cmd << " '{" + + first_param = true + new_resource.params.each do |key, value| + unless first_param + cmd << "," + end + if value.kind_of? String + cmd << "\"#{key}\":\"#{value}\"" + else + cmd << "\"#{key}\":#{value}" + end + first_param = false + end + + cmd << "}'" + + if new_resource.priority + cmd << " #{new_resource.priority}" + end + + execute "set_policy #{new_resource.policy}" do + command cmd + end + + new_resource.updated_by_last_action(true) + Chef::Log.info "Done setting RabbitMQ policy '#{new_resource.policy}'." + end +end + +action :clear do + if policy_exists?(new_resource.vhost, new_resource.policy) + execute "clear_policy #{new_resource.policy}" do + command "rabbitmqctl clear_policy #{new_resource.policy}" + end + + new_resource.updated_by_last_action(true) + Chef::Log.info "Done clearing RabbitMQ policy '#{new_resource.policy}'." + end +end + +action :list do + execute "list_policies" do + command "rabbitmqctl list_policies" + end + + new_resource.updated_by_last_action(true) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/user.rb new file mode 100644 index 000000000..6e050a2e1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/user.rb @@ -0,0 +1,173 @@ +# +# Cookbook Name:: rabbitmq +# Provider:: user +# +# Copyright 2011-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def user_exists?(name) + cmdStr = "rabbitmqctl -q list_users |grep '^#{name}\\b'" + cmd = Mixlib::ShellOut.new(cmdStr) + cmd.environment['HOME'] = ENV.fetch('HOME', '/root') + cmd.run_command + Chef::Log.debug "rabbitmq_user_exists?: #{cmdStr}" + Chef::Log.debug "rabbitmq_user_exists?: #{cmd.stdout}" + begin + cmd.error! + true + rescue + false + end +end + +def user_has_tag?(name, tag) + tag = '"\[\]"' if tag.nil? + cmdStr = "rabbitmqctl -q list_users | grep \"^#{name}\\b\" | grep #{tag}" + cmd = Mixlib::ShellOut.new(cmdStr) + cmd.environment['HOME'] = ENV.fetch('HOME', '/root') + cmd.run_command + Chef::Log.debug "rabbitmq_user_has_tag?: #{cmdStr}" + Chef::Log.debug "rabbitmq_user_has_tag?: #{cmd.stdout}" + begin + cmd.error! + true + rescue Exception => e + false + end +end + +# does the user have the rights listed on the vhost? +# empty perm_list means we're checking for any permissions +def user_has_permissions?(name, vhost, perm_list = nil) + vhost = '/' if vhost.nil? + cmdStr = "rabbitmqctl -q list_user_permissions #{name} | grep \"^#{vhost}\\b\"" + cmd = Mixlib::ShellOut.new(cmdStr) + cmd.environment['HOME'] = ENV.fetch('HOME', '/root') + cmd.run_command + Chef::Log.debug "rabbitmq_user_has_permissions?: #{cmdStr}" + Chef::Log.debug "rabbitmq_user_has_permissions?: #{cmd.stdout}" + Chef::Log.debug "rabbitmq_user_has_permissions?: #{cmd.exitstatus}" + if perm_list.nil? && cmd.stdout.empty? #looking for empty and found nothing + Chef::Log.debug "rabbitmq_user_has_permissions?: no permissions found" + return false + end + if perm_list == cmd.stdout.split.drop(1) #existing match search + Chef::Log.debug "rabbitmq_user_has_permissions?: matching permissions already found" + return true + end + Chef::Log.debug "rabbitmq_user_has_permissions?: permissions found but do not match" + return false +end + +action :add do + unless user_exists?(new_resource.user) + if new_resource.password.nil? || new_resource.password.empty? + Chef::Application.fatal!("rabbitmq_user with action :add requires a non-nil/empty password.") + end + # To escape single quotes in a shell, you have to close the surrounding single quotes, add + # in an escaped single quote, and then re-open the original single quotes. + # Since this string is interpolated once by ruby, and then a second time by the shell, we need + # to escape the escape character ('\') twice. This is why the following is such a mess + # of leaning toothpicks: + new_password = new_resource.password.gsub("'", "'\\\\''") + cmdStr = "rabbitmqctl add_user #{new_resource.user} '#{new_password}'" + execute "rabbitmqctl add_user #{new_resource.user}" do + command cmdStr + Chef::Log.info "Adding RabbitMQ user '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end + end +end + +action :delete do + if user_exists?(new_resource.user) + cmdStr = "rabbitmqctl delete_user #{new_resource.user}" + execute cmdStr do + Chef::Log.debug "rabbitmq_user_delete: #{cmdStr}" + Chef::Log.info "Deleting RabbitMQ user '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end + end +end + +action :set_permissions do + if !user_exists?(new_resource.user) + Chef::Application.fatal!("rabbitmq_user action :set_permissions fails with non-existant '#{new_resource.user}' user.") + end + perm_list = new_resource.permissions.split + unless user_has_permissions?(new_resource.user, new_resource.vhost, perm_list) + vhostOpt = "-p #{new_resource.vhost}" unless new_resource.vhost.nil? + cmdStr = "rabbitmqctl set_permissions #{vhostOpt} #{new_resource.user} \"#{perm_list.join("\" \"")}\"" + execute cmdStr do + Chef::Log.debug "rabbitmq_user_set_permissions: #{cmdStr}" + Chef::Log.info "Setting RabbitMQ user permissions for '#{new_resource.user}' on vhost #{new_resource.vhost}." + new_resource.updated_by_last_action(true) + end + end +end + +action :clear_permissions do + if !user_exists?(new_resource.user) + Chef::Application.fatal!("rabbitmq_user action :clear_permissions fails with non-existant '#{new_resource.user}' user.") + end + if user_has_permissions?(new_resource.user, new_resource.vhost) + vhostOpt = "-p #{new_resource.vhost}" unless new_resource.vhost.nil? + cmdStr = "rabbitmqctl clear_permissions #{vhostOpt} #{new_resource.user}" + execute cmdStr do + Chef::Log.debug "rabbitmq_user_clear_permissions: #{cmdStr}" + Chef::Log.info "Clearing RabbitMQ user permissions for '#{new_resource.user}' from vhost #{new_resource.vhost}." + new_resource.updated_by_last_action(true) + end + end +end + +action :set_tags do + if !user_exists?(new_resource.user) + Chef::Application.fatal!("rabbitmq_user action :set_tags fails with non-existant '#{new_resource.user}' user.") + end + unless user_has_tag?(new_resource.user, new_resource.tag) + cmdStr = "rabbitmqctl set_user_tags #{new_resource.user} #{new_resource.tag}" + execute cmdStr do + Chef::Log.debug "rabbitmq_user_set_tags: #{cmdStr}" + Chef::Log.info "Setting RabbitMQ user '#{new_resource.user}' tags '#{new_resource.tag}'" + new_resource.updated_by_last_action(true) + end + end +end + +action :clear_tags do + if !user_exists?(new_resource.user) + Chef::Application.fatal!("rabbitmq_user action :clear_tags fails with non-existant '#{new_resource.user}' user.") + end + unless user_has_tag?(new_resource.user, '"\[\]"') + cmdStr = "rabbitmqctl set_user_tags #{new_resource.user}" + execute cmdStr do + Chef::Log.debug "rabbitmq_user_clear_tags: #{cmdStr}" + Chef::Log.info "Clearing RabbitMQ user '#{new_resource.user}' tags." + new_resource.updated_by_last_action(true) + end + end +end + +action :change_password do + if user_exists?(new_resource.user) + cmdStr = "rabbitmqctl change_password #{new_resource.user} #{new_resource.password}" + execute cmdStr do + Chef::Log.debug "rabbitmq_user_change_password: #{cmdStr}" + Chef::Log.info "Editing RabbitMQ user '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/vhost.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/vhost.rb new file mode 100644 index 000000000..3b819d8bd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/providers/vhost.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: rabbitmq +# Provider:: vhost +# +# Copyright 2011-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def vhost_exists?(name) + cmdStr = "rabbitmqctl -q list_vhosts | grep ^#{name}$" + cmd = Mixlib::ShellOut.new(cmdStr) + cmd.environment['HOME'] = ENV.fetch('HOME', '/root') + cmd.run_command + Chef::Log.debug "rabbitmq_vhost_exists?: #{cmdStr}" + Chef::Log.debug "rabbitmq_vhost_exists?: #{cmd.stdout}" + begin + cmd.error! + true + rescue + false + end +end + +action :add do + unless vhost_exists?(new_resource.vhost) + cmdStr = "rabbitmqctl add_vhost #{new_resource.vhost}" + execute cmdStr do + Chef::Log.debug "rabbitmq_vhost_add: #{cmdStr}" + Chef::Log.info "Adding RabbitMQ vhost '#{new_resource.vhost}'." + new_resource.updated_by_last_action(true) + end + end +end + +action :delete do + if vhost_exists?(new_resource.vhost) + cmdStr = "rabbitmqctl delete_vhost #{new_resource.vhost}" + execute cmdStr do + Chef::Log.debug "rabbitmq_vhost_delete: #{cmdStr}" + Chef::Log.info "Deleting RabbitMQ vhost '#{new_resource.vhost}'." + new_resource.updated_by_last_action(true) + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/default.rb new file mode 100644 index 000000000..18e4730d2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/default.rb @@ -0,0 +1,186 @@ +# +# Cookbook Name:: rabbitmq +# Recipe:: default +# +# Copyright 2009, Benjamin Black +# Copyright 2009-2013, Opscode, Inc. +# Copyright 2012, Kevin Nuckolls +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'erlang' + +## Install the package +case node['platform_family'] +when 'debian' + # installs the required setsid command -- should be there by default but just in case + package 'util-linux' + + if node['rabbitmq']['use_distro_version'] + package 'rabbitmq-server' + else + remote_file "#{Chef::Config[:file_cache_path]}/rabbitmq-server_#{node['rabbitmq']['version']}-1_all.deb" do + source node['rabbitmq']['package'] + action :create_if_missing + end + dpkg_package "#{Chef::Config[:file_cache_path]}/rabbitmq-server_#{node['rabbitmq']['version']}-1_all.deb" + end + + # Configure job control + if node['rabbitmq']['job_control'] == 'upstart' + # We start with stock init.d, remove it if we're not using init.d, otherwise leave it alone + service node['rabbitmq']['service_name'] do + action [:stop] + only_if { File.exists?('/etc/init.d/rabbitmq-server') } + end + + execute 'remove rabbitmq init.d command' do + command 'update-rc.d -f rabbitmq-server remove' + end + + file '/etc/init.d/rabbitmq-server' do + action :delete + end + + template "/etc/init/#{node['rabbitmq']['service_name']}.conf" do + source 'rabbitmq.upstart.conf.erb' + owner 'root' + group 'root' + mode 0644 + variables(:max_file_descriptors => node['rabbitmq']['max_file_descriptors']) + end + + service node['rabbitmq']['service_name'] do + provider Chef::Provider::Service::Upstart + action [ :enable, :start ] + #restart_command "stop #{node['rabbitmq']['service_name']} && start #{node['rabbitmq']['service_name']}" + end + end + + ## You'll see setsid used in all the init statements in this cookbook. This + ## is because there is a problem with the stock init script in the RabbitMQ + ## debian package (at least in 2.8.2) that makes it not daemonize properly + ## when called from chef. The setsid command forces the subprocess into a state + ## where it can daemonize properly. -Kevin (thanks to Daniel DeLeo for the help) + if node['rabbitmq']['job_control'] == 'initd' + service node['rabbitmq']['service_name'] do + start_command 'setsid /etc/init.d/rabbitmq-server start' + stop_command 'setsid /etc/init.d/rabbitmq-server stop' + restart_command 'setsid /etc/init.d/rabbitmq-server restart' + status_command 'setsid /etc/init.d/rabbitmq-server status' + supports :status => true, :restart => true + action [ :enable, :start ] + end + end + +when 'rhel', 'fedora' + #This is needed since Erlang Solutions' packages provide "esl-erlang"; this package just requires "esl-erlang" and provides "erlang". + if node['erlang']['install_method'] == 'esl' + remote_file "#{Chef::Config[:file_cache_path]}/esl-erlang-compat.rpm" do + source "https://github.com/jasonmcintosh/esl-erlang-compat/blob/master/rpmbuild/RPMS/noarch/esl-erlang-compat-R14B-1.el6.noarch.rpm?raw=true" + end + rpm_package "#{Chef::Config[:file_cache_path]}/esl-erlang-compat.rpm" + end + + if node['rabbitmq']['use_distro_version'] then + package 'rabbitmq-server' + else + remote_file "#{Chef::Config[:file_cache_path]}/rabbitmq-server-#{node['rabbitmq']['version']}-1.noarch.rpm" do + source node['rabbitmq']['package'] + action :create_if_missing + end + rpm_package "#{Chef::Config[:file_cache_path]}/rabbitmq-server-#{node['rabbitmq']['version']}-1.noarch.rpm" + end + + service node['rabbitmq']['service_name'] do + action [:enable, :start] + end + +when 'suse' + # rabbitmq-server-plugins needs to be first so they both get installed + # from the right repository. Otherwise, zypper will stop and ask for a + # vendor change. + package 'rabbitmq-server-plugins' + package 'rabbitmq-server' + + service node['rabbitmq']['service_name'] do + action [:enable, :start] + end +when 'smartos' + package 'rabbitmq' + + service 'epmd' do + action :start + end + + service node['rabbitmq']['service_name'] do + action [:enable, :start] + end +end + +if node['rabbitmq']['logdir'] + directory node['rabbitmq']['logdir'] do + owner 'rabbitmq' + group 'rabbitmq' + mode '775' + recursive true + end +end + +directory node['rabbitmq']['mnesiadir'] do + owner 'rabbitmq' + group 'rabbitmq' + mode '775' + recursive true +end + +template "#{node['rabbitmq']['config_root']}/rabbitmq-env.conf" do + source 'rabbitmq-env.conf.erb' + owner 'root' + group 'root' + mode 00644 + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" +end + +template "#{node['rabbitmq']['config_root']}/rabbitmq.config" do + source 'rabbitmq.config.erb' + owner 'root' + group 'root' + mode 00644 + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" +end + +if File.exists?(node['rabbitmq']['erlang_cookie_path']) + existing_erlang_key = File.read(node['rabbitmq']['erlang_cookie_path']).strip +else + existing_erlang_key = '' +end + +if node['rabbitmq']['cluster'] && (node['rabbitmq']['erlang_cookie'] != existing_erlang_key) + template node['rabbitmq']['erlang_cookie_path'] do + source 'doterlang.cookie.erb' + owner 'rabbitmq' + group 'rabbitmq' + mode 00400 + notifies :stop, "service[#{node['rabbitmq']['service_name']}]", :immediately + notifies :start, "service[#{node['rabbitmq']['service_name']}]", :immediately + notifies :run, "execute[reset-node]", :immediately + end + + # Need to reset for clustering # + execute "reset-node" do + command "rabbitmqctl stop_app && rabbitmqctl reset && rabbitmqctl start_app" + action :nothing + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/mgmt_console.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/mgmt_console.rb new file mode 100644 index 000000000..6c62ce31f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/mgmt_console.rb @@ -0,0 +1,31 @@ +# +# Cookbook Name:: rabbitmq +# Recipe:: mgmt_console +# +# Copyright 2012, Tacit Knowledge, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "rabbitmq::default" + +plugins = %w( rabbitmq_management rabbitmq_management_visualiser ) + +service_name = node['rabbitmq']['service_name'] + +plugins.each do |plugin| + rabbitmq_plugin plugin do + action :enable + notifies :restart, "service[#{service_name}]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/plugin_management.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/plugin_management.rb new file mode 100644 index 000000000..2ea3711ec --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/plugin_management.rb @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# +# Cookbook Name:: rabbitmq +# Recipe:: plugin_management +# +# Copyright 2013, Grégoire Seux +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "rabbitmq::default" + +node['rabbitmq']['enabled_plugins'].each do |plugin| + rabbitmq_plugin plugin do + action :enable + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" + end +end + +node['rabbitmq']['disabled_plugins'].each do |plugin| + rabbitmq_plugin plugin do + action :disable + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/policy_management.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/policy_management.rb new file mode 100644 index 000000000..668ebb9ae --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/policy_management.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: rabbitmq +# Recipe:: policy_management +# +# Author: Robert Choi +# Copyright 2013 by Robert Choi +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "rabbitmq::default" + +node['rabbitmq']['policies'].each do |name, policy| + rabbitmq_policy name do + pattern policy['pattern'] + params policy['params'] + priority policy['priority'] + vhost policy['vhost'] + action :set + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" + end +end + +node['rabbitmq']['disabled_policies'].each do |policy| + rabbitmq_policy policy do + action :clear + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/user_management.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/user_management.rb new file mode 100644 index 000000000..9e71b0a44 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/user_management.rb @@ -0,0 +1,47 @@ +# -*- coding: utf-8 -*- +# +# Cookbook Name:: rabbitmq +# Recipe:: user_management +# +# Copyright 2013, Grégoire Seux +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "rabbitmq::default" +include_recipe "rabbitmq::virtualhost_management" + +node['rabbitmq']['enabled_users'].each do |user| + rabbitmq_user user['name'] do + password user['password'] + action :add + end + rabbitmq_user user['name'] do + tag user['tag'] + action :set_tags + end + user['rights'].each do |r| + rabbitmq_user user['name'] do + vhost r['vhost'] + permissions "#{r['conf']} #{r['write']} #{r['read']}" + action :set_permissions + end + end +end + +node['rabbitmq']['disabled_users'].each do |user| + rabbitmq_user user do + action :delete + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/virtualhost_management.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/virtualhost_management.rb new file mode 100644 index 000000000..dc901543b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/recipes/virtualhost_management.rb @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# +# Cookbook Name:: rabbitmq +# Recipe:: virtualhost_management +# +# Copyright 2013, Grégoire Seux +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "rabbitmq::default" + +node['rabbitmq']['virtualhosts'].each do |virtualhost| + rabbitmq_vhost virtualhost do + action :add + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" + end +end + +node['rabbitmq']['disabled_virtualhosts'].each do |virtualhost| + rabbitmq_vhost virtualhost do + action :delete + notifies :restart, "service[#{node['rabbitmq']['service_name']}]" + end +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/plugin.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/plugin.rb new file mode 100644 index 000000000..4980c7a7e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/plugin.rb @@ -0,0 +1,23 @@ +# +# Cookbook Name:: rabbitmq +# Resource:: plugin +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :enable, :disable +default_action :enable + +attribute :plugin, :kind_of => String, :name_attribute => true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/policy.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/policy.rb new file mode 100644 index 000000000..5f63a97ce --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/policy.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: rabbitmq +# Resource:: policy +# +# Author: Robert Choi +# Copyright 2013 by Robert Choi +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :set, :clear, :list +default_action :set + +attribute :policy, :kind_of => String, :name_attribute => true +attribute :pattern, :kind_of => String +attribute :params, :kind_of => Hash +attribute :priority, :kind_of => Integer +attribute :vhost, :kind_of => String diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/user.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/user.rb new file mode 100644 index 000000000..c96f6871a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/user.rb @@ -0,0 +1,31 @@ +# +# Cookbook Name:: rabbitmq +# Resource:: user +# +# Copyright 2011-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :delete, :set_permissions, :clear_permissions, :set_tags, :clear_tags, :change_password + +attribute :user, :kind_of => String, :name_attribute => true +attribute :password, :kind_of => String +attribute :vhost, :kind_of => String +attribute :permissions, :kind_of => String +attribute :tag, :kind_of => String + +def initialize(*args) + super + @action = :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/vhost.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/vhost.rb new file mode 100644 index 000000000..312b04c1f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/resources/vhost.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: rabbitmq +# Resource:: vhost +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :delete + +attribute :vhost, :kind_of => String, :name_attribute => true + +def initialize(*args) + super + @action = :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb new file mode 100644 index 000000000..a142e47a3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb @@ -0,0 +1 @@ +<%= node['rabbitmq']['erlang_cookie'] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb new file mode 100644 index 000000000..a92eba040 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb @@ -0,0 +1,22 @@ +### +# Generated by Chef +### + +<% if node['rabbitmq']['local_erl_networking'] -%> +NODENAME=rabbit@localhost +NODE_IP_ADDRESS=127.0.0.1 +export ERL_EPMD_ADDRESS=127.0.0.1 +<% elsif node['rabbitmq']['erl_networking_bind_address'] -%> +NODENAME=<%= node['rabbitmq']['nodename'] %> +NODE_IP_ADDRESS=<%= node['rabbitmq']['erl_networking_bind_address'] %> +export ERL_EPMD_ADDRESS=<%= node['rabbitmq']['erl_networking_bind_address'] %> +<% else -%> +<% if node['rabbitmq']['address'] -%>NODE_IP_ADDRESS=<%= node['rabbitmq']['address'] %><% end %> +<% if node['rabbitmq']['nodename'] -%>NODENAME=<%= node['rabbitmq']['nodename'] %><% end %> +<% end -%> +<% if node['rabbitmq']['port'] -%>NODE_PORT=<%= node['rabbitmq']['port'] %><% end %> +<% if node['rabbitmq']['config'] -%>CONFIG_FILE=<%= node['rabbitmq']['config'] %><% end %> +<% if node['rabbitmq']['logdir'] -%>LOG_BASE=<%= node['rabbitmq']['logdir'] %><% end %> +<% if node['rabbitmq']['mnesiadir'] -%>MNESIA_BASE=<%= node['rabbitmq']['mnesiadir'] %><% end %> + +<% if node['rabbitmq']['open_file_limit'] -%>ulimit -n <%= node['rabbitmq']['open_file_limit'] %><% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb new file mode 100644 index 000000000..3eeb401a5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb @@ -0,0 +1,45 @@ +%%% +%% Generated by Chef +%%% + +[ +<% if node['rabbitmq']['local_erl_networking'] %> + {kernel, [{inet_dist_use_interface,{127,0,0,1}}]}, +<% elsif node['rabbitmq']['erl_networking_bind_address'] -%> + {kernel, [{inet_dist_use_interface,{<%= node['rabbitmq']['erl_networking_bind_address'].gsub(/\./, ',') %>}}]}, +<% end %> +<% if node['rabbitmq']['web_console_ssl'] -%> + {rabbitmq_management, [ + {listener, [{port, <%= node['rabbitmq']['web_console_ssl_port'] %>}, + {ssl, true} + ]} + ]}, +<% end %> + {rabbit, [ +<% if node['rabbitmq']['cluster'] && node['rabbitmq']['cluster_disk_nodes'] -%> + {cluster_nodes, [<%= node['rabbitmq']['cluster_disk_nodes'].map{|n| "\'#{n}\'"}.join(',') %>]}, +<% end %> +<% if node['rabbitmq']['ssl'] -%> + {ssl_listeners, [<%= node['rabbitmq']['ssl_port'] %>]}, + {ssl_options, [{cacertfile,"<%= node['rabbitmq']['ssl_cacert'] %>"}, + {certfile,"<%= node['rabbitmq']['ssl_cert'] %>"}, + {keyfile,"<%= node['rabbitmq']['ssl_key'] %>"}, + {verify,<%= node['rabbitmq']['ssl_verify'] %>}, + {fail_if_no_peer_cert,<%= node['rabbitmq']['ssl_fail_if_no_peer_cert'] %>}]}, +<% end %> + {tcp_listen_options, [binary, {packet,<%= node['rabbitmq']['tcp_listen_packet'] %>}, + {reuseaddr,<%= node['rabbitmq']['tcp_listen_reuseaddr'] %>}, + {backlog,<%= node['rabbitmq']['tcp_listen_backlog'] %>}, + {nodelay,<%= node['rabbitmq']['tcp_listen_nodelay'] %>}, + {exit_on_close,<%= node['rabbitmq']['tcp_listen_exit_on_close'] %>}, + {keepalive,<%= node['rabbitmq']['tcp_listen_keepalive'] %>}]}, +<% if node['rabbitmq']['disk_free_limit_relative'] -%> + {disk_free_limit, {mem_relative, <%= node['rabbitmq']['disk_free_limit_relative'] %>}}, +<% end %> +<% if node['rabbitmq']['vm_memory_high_watermark'] -%> + {vm_memory_high_watermark, <%= node['rabbitmq']['vm_memory_high_watermark'] %>}, +<% end %> + {default_user, <<"<%= node['rabbitmq']['default_user'] %>">>}, + {default_pass, <<"<%= node['rabbitmq']['default_pass'] %>">>} + ]} +]. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.upstart.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.upstart.conf.erb new file mode 100644 index 000000000..b74ed7201 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/templates/default/rabbitmq.upstart.conf.erb @@ -0,0 +1,11 @@ +description "Start rabbitmq on startup" +start on started networking +limit nofile <%= @max_file_descriptors %> <%= @max_file_descriptors %> + +respawn +respawn limit 5 60 + +env HOME="" +exec /usr/sbin/rabbitmq-server > /var/log/rabbitmq/startup_log \ + 2> /var/log/rabbitmq/startup_err +post-start exec /usr/sbin/rabbitmqctl wait >/dev/null 2>&1 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/README.md new file mode 100644 index 000000000..d348825b5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/README.md @@ -0,0 +1 @@ +This cookbook is used with test-kitchen to test the parent, rabbitmq cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cluster_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cluster_test.rb new file mode 100644 index 000000000..0ffb83911 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cluster_test.rb @@ -0,0 +1,29 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +describe "rabbitmq_test::cluster" do + + it 'writes the erlang cookie file' do + file("/var/lib/rabbitmq/.erlang.cookie").must_exist + end + + it 'writes cluster configuration to the config file' do + file("/etc/rabbitmq/rabbitmq.conf").must_match( + /^ {cluster_nodes, [.*]},$/ + ) + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1684_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1684_test.rb new file mode 100644 index 000000000..9fecb2c26 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1684_test.rb @@ -0,0 +1,41 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +describe "rabbitmq_test::cook-1684" do + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + it 'installs rabbitmq from deb file when apt isnt used' do + unless node['platform_family'] == 'debian' + skip "Only applicable on Debian family" + end + + file("#{Chef::Config[:file_cache_path]}/rabbitmq-server_#{node['rabbitmq']['version']}-1_all.deb").must_exist && + package("rabbitmq-server").must_be_installed + end + + it 'installs rabbitmq from yum when used' do + unless node['platform_family'] == 'rhel' || node['platform_family'] == 'fedora' + skip "Only applicable on RHEL/Fedora family" + end + + rpm_path = "#{Chef::Config[:file_cache_path]}/rabbitmq-server-#{node['rabbitmq']['version']}-1.noarch.rpm" + + file(rpm_path).wont_exist && package("rabbitmq-server").must_be_installed + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1724_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1724_test.rb new file mode 100644 index 000000000..de1087b40 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-1724_test.rb @@ -0,0 +1,31 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +describe "rabbitmq_test::cook-1724" do + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + it 'doesnt use the rabbitmq apt repository' do + unless node['platform_family'] == 'debian' + skip "Only applicable on Debian family" + end + + file("/etc/apt/sources.list.d/rabbitmq-source.list").wont_exist && + package("rabbitmq-server").must_be_installed + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-2151-3489_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-2151-3489_test.rb new file mode 100644 index 000000000..1b64b14ff --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/cook-2151-3489_test.rb @@ -0,0 +1,37 @@ +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "rabbitmq_test::cook-2151" do + include Helpers::RabbitMQ + + it 'includes the disk_free_limit configuration setting' do + file("#{node['rabbitmq']['config_root']}/rabbitmq.config"). + must_match /\{disk_free_limit, \{mem_relative, #{node['rabbitmq']['disk_free_limit_relative']}/ + end + + it 'includes the vm_memory_high_watermark configuration setting' do + file("#{node['rabbitmq']['config_root']}/rabbitmq.config"). + must_match /\{vm_memory_high_watermark, #{node['rabbitmq']['vm_memory_high_watermark']}/ + end + + it 'includes the open_file_limit configuration setting' do + file("#{node['rabbitmq']['config_root']}/rabbitmq-env.conf"). + must_match /(ulimit -n #{node['rabbitmq']['open_file_limit']})/ + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..36948646f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/default_test.rb @@ -0,0 +1,61 @@ +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + + +describe "rabbitmq_test::default" do + include Helpers::RabbitMQ + + #packages + it 'installs the rabbitmq-server package' do + if node['rabbitmq']['use_distro_version'] + package('rabbitmq-server').must_be_installed + else + package('rabbitmq-server').must_be_installed.with(:version, '3.1.5-1') + end + end + + #directories + it 'creates the mnesia directory' do + directory(node['rabbitmq']['mnesiadir']).must_have(:mode, '775').with(:owner, 'rabbitmq').and(:group, 'rabbitmq') + end + + #file + it 'has the correct config files' do + file("#{node['rabbitmq']['config_root']}/rabbitmq-env.conf").must_exist.with(:owner, 'root').and(:group, 'root') + file("#{node['rabbitmq']['config_root']}/rabbitmq.config").must_exist.with(:owner, 'root').and(:group, 'root') + end + + # service + it 'enables & starts the rabbitmq-server service' do + service(node['rabbitmq']['service_name']).must_be_enabled unless node['rabbitmq']['job_control'] == 'upstart' + service(node['rabbitmq']['service_name']).must_be_running unless node['rabbitmq']['use_distro_version'] + end + + # accepts connections + it 'accepts AMQP connections' do + unless node['rabbitmq']['use_distro_version'] + require 'bunny' + b = Bunny.new( :host => "localhost", + :port => 5672, + :user => node['rabbitmq']['default_user'], + :pass => node['rabbitmq']['default_pass'] ) + b.start + b.stop + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/lwrps_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/lwrps_test.rb new file mode 100644 index 000000000..86a0d9155 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/lwrps_test.rb @@ -0,0 +1,61 @@ +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "rabbitmq_test::lwrps" do + include Helpers::RabbitMQ + + #plugins + it 'enabled the rabbitmq_stomp plugin' do + assert(plugin_enabled?("rabbitmq_stomp")) + end + + it 'disabled the nonexistant_plugin and rabbitmq_shovel plugin' do + assert(!plugin_enabled?("rabbitmq_shovel")) + assert(!plugin_enabled?("nonexistant_plugin")) + end + + #users + it 'enabled the kitchen1 and kitchen3 users' do + assert(user_enabled?("kitchen1")) + assert(user_enabled?("kitchen3")) + end + + it 'disabled the nonexistant_user and kitchen2 users' do + assert(!user_enabled?("kitchen2")) + assert(!user_enabled?("nonexistant_user")) + end + + #policies + it 'enabled the example policies from the default attributes' do + assert(policy_enabled?("ha-all")) + assert(policy_enabled?("ha-two")) + end + + it 'disabled the nonexistant_policy' do + assert(!policy_enabled?("nonexistant_policy")) + end + + #vhosts + it 'enabled the kitchen vhost' do + assert(vhost_enabled?("kitchen")) + end + + it 'disabled the nonexistant_vhost' do + assert(!vhost_enabled?("nonexistant_vhost")) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/mgmt_console_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/mgmt_console_test.rb new file mode 100644 index 000000000..68514e6d6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/mgmt_console_test.rb @@ -0,0 +1,30 @@ +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "rabbitmq_test::mgmt_console" do + include Helpers::RabbitMQ + + it 'enables the rabbitmq_management plugin' do + assert(plugin_enabled?("rabbitmq_management")) + end + + it 'enables the rabbitmq_management_visualiser plugin' do + assert(plugin_enabled?("rabbitmq_management_visualiser")) + end + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/ssl_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/ssl_test.rb new file mode 100644 index 000000000..74a22ca83 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/ssl_test.rb @@ -0,0 +1,18 @@ +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +describe "rabbitmq_test::ssl" do +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..6806c436c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,45 @@ +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Helpers + module RabbitMQ + require 'mixlib/shellout' + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + def plugin_enabled?(plugin) + plugins = Mixlib::ShellOut.new("rabbitmq-plugins list -e '#{plugin}'").run_command + plugins.stdout =~ /(\[[Ee]\]\s#{plugin})/ + end + + def policy_enabled?(policy) + policies = Mixlib::ShellOut.new("rabbitmqctl -q list_policies").run_command + policies.stdout =~ /\t#{policy}\t/ + end + + def user_enabled?(user) + users = Mixlib::ShellOut.new("rabbitmqctl -q list_users").run_command + users.stdout =~ /(#{user}\s)/ + end + + def vhost_enabled?(vhost) + vhosts = Mixlib::ShellOut.new("rabbitmqctl -q list_vhosts").run_command + vhosts.stdout =~ /(\n#{vhost}\n)/ + end + + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/metadata.rb new file mode 100644 index 000000000..7c9ba5f2f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/metadata.rb @@ -0,0 +1,7 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "This cookbook is used with test-kitchen to test the parent, rabbitmq cookbook." +version "1.0.0" + +depends "rabbitmq" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cluster.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cluster.rb new file mode 100644 index 000000000..1644b8535 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cluster.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: rabbitmq_test +# Recipe:: cluster +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +node.set['rabbitmq']['cluster'] = true +include_recipe "rabbitmq::default" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cook-2151-3489.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cook-2151-3489.rb new file mode 100644 index 000000000..72df69112 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/cook-2151-3489.rb @@ -0,0 +1,14 @@ +# +# Cookbook Name:: rabbitmq_test +# Recipe:: cook-2151-3489 +# +# This recipe exists to ensure that minitest tests are run. + +include_recipe "rabbitmq::default" + +# hack to give rabbit time to spin up before the tests, it seems +# to be responding that it has started before it really has +execute "sleep 10" do + action :nothing + subscribes :run, "service[#{node['rabbitmq']['service_name']}]", :delayed +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/default.rb new file mode 100644 index 000000000..ac8b3c76f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/default.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: rabbitmq_test +# Recipe:: default +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_gem "bunny" + +include_recipe "rabbitmq::default" + +# hack to give rabbit time to spin up before the tests, it seems +# to be responding that it has started before it really has +execute "sleep 10" do + action :nothing + subscribes :run, "service[#{node['rabbitmq']['service_name']}]", :delayed +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/lwrps.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/lwrps.rb new file mode 100644 index 000000000..753b15cea --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/lwrps.rb @@ -0,0 +1,38 @@ +# +# Cookbook Name:: rabbitmq_test +# Recipe:: lwrps +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_gem "bunny" + +include_recipe "rabbitmq::default" + +# force the rabbitmq restart now, then start testing +execute "sleep 10" do + notifies :restart, "service[#{node['rabbitmq']['service_name']}]", :immediately +end + +include_recipe "rabbitmq::plugin_management" +include_recipe "rabbitmq::virtualhost_management" +include_recipe "rabbitmq::policy_management" +include_recipe "rabbitmq::user_management" + +# can't verify it actually goes through without logging in, but at least exercise the code +rabbitmq_user 'kitchen3' do + password 'foobar' + action :change_password +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/mgmt_console.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/mgmt_console.rb new file mode 100644 index 000000000..ac8dd7c85 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/mgmt_console.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: rabbitmq_test +# Recipe:: mgmt_console +# +# Copyright 2012-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +chef_gem "bunny" + +include_recipe "rabbitmq::mgmt_console" + +# hack to give rabbit time to spin up before the tests, it seems +# to be responding that it has started before it really has +execute "sleep 10" do + action :nothing + subscribes :run, "service[#{node['rabbitmq']['service_name']}]", :delayed +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/ssl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/ssl.rb new file mode 100644 index 000000000..468d7ad04 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/rabbitmq/test/cookbooks/rabbitmq_test/recipes/ssl.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: rabbitmq_test +# Recipe:: ssl +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/.kitchen.yml new file mode 100644 index 000000000..a1f51deb6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/.kitchen.yml @@ -0,0 +1,33 @@ +--- +driver_plugin: vagrant +platforms: +- name: ubuntu-12.10 + driver_config: + box: canonical-ubuntu-12.10 + box_url: http://cloud-images.ubuntu.com/vagrant/quantal/current/quantal-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.0 +- name: ubuntu-12.04 + driver_config: + box: opscode-ubuntu-12.04 + box_url: http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: 11.4.0 +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +- name: centos-5.8 + driver_config: + box: opscode-centos-5.8 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.8_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +- name: centos-6.3 + driver_config: + box: opscode-centos-6.3 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.3_chef-11.2.0.box + require_chef_omnibus: 11.4.0 +suites: +- name: default + run_list: + - recipe[runit] + attributes: {} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Berksfile new file mode 100644 index 000000000..f016912ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Berksfile @@ -0,0 +1,10 @@ +site :opscode + +metadata + +group :integration do + cookbook "apt" + cookbook "yum" + # Future, when/if minitest support for this cookbook is added + cookbook "minitest-handler" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CHANGELOG.md new file mode 100644 index 000000000..72ccc1f91 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CHANGELOG.md @@ -0,0 +1,81 @@ +## v1.1.0: + +* [COOK-2353] - Runit does not update run template if the service is + already enabled +* [COOK-2497] - add :nothing to allowed actions + +## v1.0.6: + +* [COOK-2404] - allow sending sigquit +* [COOK-2431] - gentoo - it should create the runit-start template + before calling it + +## v1.0.4: + +* [COOK-2351] - add `run_template_name` to allow alternate run script + template + +## v1.0.2: + +* [COOK-2299] - runit_service resource does not properly start a + non-running service + +## v1.0.0: + +* [COOK-2254] - (formerly CHEF-154) Convert `runit_service` definition + to a service resource named `runit_service`. + +This version has some backwards incompatible changes (hence the major +version bump). It is recommended that users pin the cookbook to the +previous version where it is a dependency until this version has been +tested in a non-production environment (use version 0.16.2): + + depends "runit", "<= 0.16.2" + +If you use Chef environments, pin the version in the appropriate +environment(s). + +**Changes of note** + +1. The "runit" recipe must be included before the runit_service resource +can be used. +2. The `runit_service` definition created a separate `service` +resource for notification purposes. This is still available, but the +only actions that can be notified are `:start`, `:stop`, and `:restart`. +3. The `:enable` action blocks waiting for supervise/ok after the +service symlink is created. +4. User-controlled services should be created per the runit +documentation; see README.md for an example. +5. Some parameters in the definition have changed names in the +resource. See below. + +The following parameters in the definition are renamed in the resource +to clarify their intent. + +* directory -> sv_dir +* active_directory -> service_dir +* template_name -> use service_name (name attribute) +* nolog -> set "log" to false +* start_command -> unused (was previously in the "service" resource) +* stop_command -> unused (was previously in the "service" resource) +* restart_command -> unused (was previously in the "service" resource) + +## v0.16.2: + +* [COOK-1576] - Do not symlink /etc/init.d/servicename to /usr/bin/sv + on debian +* [COOK-1960] - default_logger still looks for sv-service-log-run + template +* [COOK-2035] - runit README change + +## v0.16.0: + +* [COOK-794] default logger and `no_log` for `runit_service` + definition +* [COOK-1165] - restart functionality does not work right on Gentoo + due to the wrong directory in the attributes +* [COOK-1440] - Delegate service control to normal user + +## v0.15.0: + +* [COOK-1008] - Added parameters for names of different templates in runit diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Gemfile new file mode 100644 index 000000000..150a5bf93 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Gemfile @@ -0,0 +1,14 @@ +source 'https://rubygems.org' + +gem 'rake' +gem 'rspec' +gem 'foodcritic' +gem 'berkshelf' +gem 'thor-foodcritic' +gem 'vagrant', '~> 1.0.6' + +group :integration do + gem 'test-kitchen', :git => "git://github.com/opscode/test-kitchen.git", :branch => '1.0' + gem 'kitchen-vagrant', :git => "git://github.com/opscode/kitchen-vagrant.git" + gem 'kitchen-ec2', :git => "git://github.com/opscode/kitchen-ec2.git" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/README.md new file mode 100644 index 000000000..2de387053 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/README.md @@ -0,0 +1,448 @@ +Description +=========== + +Installs runit and provides the `runit_service` service resource for +managing processes (services) under runit. + +This cookbook does not use runit to replace system init, nor are there +plans to do so. + +For more information about runit: + +* http://smarden.org/runit/ + +About Runit +=========== + +In brief, Runit is a process supervision suite. It is simple to set +up, and doesn't require complex shell scripts to be written to start +processes running as system services. + +To manage a process in runit, create a "service" directory that +contains a "`run`" script. In this cookbook we refer to that directory +as the `sv_dir` (see __Attributes__ and __Resource/Provider__). That +service directory is symbolically linked into runit's own service +directory where its `runsvdir` program looks for processes to manage. +See the [runit documentation](http://smarden.org/runit/) for detailed +information on runit. + +Supervised processes are analogous to services under other systems +such as sysvinit or upstart. + +Requirements +============ + +## Platform: + +* Debian/Ubuntu +* Gentoo +* RHEL + +Attributes +========== + +See `attributes/default.rb` for defaults generated per platform. + +* `node['runit']['sv_bin']` - Full path to the `sv` binary. +* `node['runit']['chpst_bin']` - Full path to the `chpst` binary. +* `node['runit']['service_dir']` - Full path to the default "services" + directory where enabled services are linked. +* `node['runit']['sv_dir']` - Full path to the directory where + service lives, which gets linked to `service_dir`. +* `node['runit']['start']` - Command to start the runsvdir service +* `node['runit']['stop]` - Command to stop the runsvdir service +* `node['runit']['reload']` - Command to reload the runsvdir service + +Recipes +======= + +default +------- + +The default recipe installs runit and starts `runsvdir` to supervise +the services in runit's service directory (e.g., `/etc/service`). + +On RHEL family systems, it will build the runit RPM using [Ian Meyer's +runit RPM SPEC](https://github.com/imeyer/runit-rpm). + +On Debian family systems, the runit packages are maintained by the +runit author, Gerrit Pape, and the recipe will use that for +installation. + +On Gentoo, the runit ebuild package is installed. + +Resource/Provider +================= + +This cookbook has a resource, `runit_service`, for managing services +under runit. This service subclasses the Chef `service` resource. + +**This resource replaces the runit_service definition. See the +CHANGELOG.md file in this cookbook for breaking change information +and any actions you may need to take to update cookbooks using +runit_service.** + +## Actions: + +- **enable** - enables the service, creating the required run scripts + and symlinks. This is the default action. +- **start** - starts the service with `sv start` +- **stop** - stops the service with `sv stop` +- **disable** - stops the service with `sv down` and removes the service symlink +- **restart** - restarts the service with `sv restart` +- **reload** - reloads the service with `sv force-reload` +- **once** - starts the service with `sv once`. +- **hup** - sends the `HUP` signal to the service with `sv hup` +- **cont** - sends the `CONT` signal to the service +- **term** - sends the `TERM` signal to the service +- **kill** - sends the `KILL` signal to the service +- **up** - starts the service with `sv up` +- **down** - downs the service with `sv down` +- **usr1** - sends the `USR1` signal to the service with `sv 1` +- **usr2** - sends the `USR2` signal to the service with `sv 2` + +Service management actions are taken with runit's "`sv`" program. + +Read the `sv(8)` [man page](http://smarden.org/runit/sv.8.html) for +more information on the `sv` program. + +## Parameter Attributes + +The first three parameters, `sv_dir`, `service_dir`, and `sv_bin` will +attempt to use the corresponding node attributes, and fall back to +hardcoded default values that match the settings used on Debian +platform systems. + +Many of these parameters are only used in the `:enable` action. + +- **sv_dir** - The base "service directory" for the services managed by + the resource. By default, this will attempt to use the + `node['runit']['sv_dir']` attribute, and falls back to `/etc/sv`. +- **service_dir** - The directory where services are symlinked to be + supervised by `runsvdir`. By default, this will attempt to use the + `node['runit']['service_dir']` attribute, and falls back to + `/etc/service`. +- **sv_bin** - The path to the `sv` program binary. This will attempt + to use the `node['runit']['sv_bin']` attribute, and falls back to + `/usr/bin/sv`. +- **service_name** - *Name attribute*. The name of the service. This + will be used in the directory of the managed service in the + `sv_dir` and `service_dir`. +- **sv_templates** - If true, the `:enable` action will create the + service directory with the appropriate templates. Default is + `true`. Set this to `false` if the service has a package that + provides its own service directory. See __Usage__ examples. +- **options** - Options passed as variables to templates, for + compatibility with legacy runit service definition. Default is an + empty hash. +- **env** - A hash of environment variables with their values as content + used in the service's `env` directory. Default is an empty hash. +- **log** - Whether to start the service's logger with svlogd, requires + a template `sv-service_name-log-run.erb` to configure the log's run + script. Default is true. +- **default_logger** - Whether a default `log/run` script should be set + up. If true, the default content of the run script will use + `svlogd` to write logs to `/var/log/service_name`. Default is false. +- **cookbook** - A cookbook where templates are located instead of + where the resource is used. Applies for all the templates in the + `enable` action. +- **finish** - whether the service has a finish script, requires a + template `sv-service_name-finish.erb` +- **control** - An array of signals to customize control of the service, + see [runsv man page](http://smarden.org/runit/runsv.8.html) on how + to use this. This requires that each template be created with the + name `sv-service_name-signal.erb`. +- **owner** - user that should own the templates created to enable the + service +- **group** - group that should own the templates created to enable the + service +- **run_template_name** - alternate filename of the run run script to + use replacing `service_name`. +- **log_template_name** - alternate filename of the log run script to + use replacing `service_name`. +- **finish_script_template_name** - alternate filename of the finish + script to use, replacing `service_name`. +- **control_template_names** - a hash of control signals (see *control* + above) and their alternate template name(s) replacing + `service_name`. +- **status_command** - The command used to check the status of the + service to see if it is enabled/running (if it's running, it's + enabled). This hardcodes the location of the sv program to + `/usr/bin/sv` due to the aforementioned cookbook load order. +- **restart_on_update** - Whether the service should be restarted when + the run script is updated. Defaults to `true`. Set to `false` if + the service shouldn't be restarted when the run script is updated. + +Unlike previous versions of the cookbook using the `runit_service` +definition, the `runit_service` resource can be notified. See +__Usage__ examples below. + +Usage +===== + +To get runit installed on supported platforms, use `recipe[runit]`. +Once it is installed, use the `runit_service` resource to set up +services to be managed by runit. + +In order to use the `runit_service` resource in your cookbook(s), each +service managed will also need to have `sv-service_name-run.erb` and +`sv-service_name-log-run.erb` templates created. If the `log` +parameter is false, the log run script isn't created. If the `log` +parameter is true, and `default_logger` is also true, the log run +script will be created with the default content: + + #!/bin/sh + exec svlogd -tt /var/log/service_name + +Examples +-------- + +These are example use cases of the `runit_service` resource described +above. There are others in the `runit_test` cookbook that is included +in the [git repository](https://github.com/opscode-cookbooks/runit). + +**Default Example** + +This example uses all the defaults in the `:enable` action to set up +the service. + +We'll set up `chef-client` to run as a service under runit, such as is +done in the `chef-client` cookbook. This example will be more simple +than in that cookbook. First, create the required run template, +`chef-client/templates/default/sv-chef-client-run.erb`. + + #!/bin/sh + exec 2>&1 + exec /usr/bin/env chef-client -i 1800 -s 30 + +Then create the required log/run template, +`chef-client/templates/default/sv-chef-client-log-run.erb`. + + #!/bin/sh + exec svlogd -tt ./main + +__Note__ This will cause output of the running process to go to +`/etc/sv/chef-client/log/main/current`. Some people may not like this, +see the following example. This is preserved for compatibility reasons. + +Finally, set up the service in the recipe with: + + runit_service "chef-client" + +**Default Logger Example** + +To use a default logger with svlogd which will log to +`/var/log/chef-client/current`, instead, use the `default_logger` option. + + runit_service "chef-client" do + default_logger true + end + +**No Log Service** + +If there isn't an appendant log service, set `log` to false, and the +log/run script won't be created. + + runit_service "no-svlog" do + log false + end + +**Finish Script** + +To create a service that has a finish script in its service directory, +set the `finish` parameter to `true`, and create a +`sv-finisher-finish.erb` template. + + runit_service "finisher" do + finish true + end + +This will create `/etc/sv/finisher/finish`. + +**Alternate service directory** + +If the service directory for the managed service isn't the `sv_dir` +(`/etc/sv`), then specify it: + + runit_service "custom_service" do + sv_dir "/etc/custom_service/runit" + end + +**No Service Directory** + +If the service to manage has a package that provides its service +directory, such as `git-daemon` on Debian systems, set `sv_templates` +to false. + + package "git-daemon-run" + + runit_service "git-daemon" do + sv_templates false + end + +This will create the service symlink in `/etc/service`, but it will +not manage any templates in the service directory. + +**User Controlled Services** + +To set up services controlled by a non-privileged user, we follow the +recommended configuration in the +[runit documentation](http://smarden.org/runit/faq.html#user) (Is it +possible to allow a user other than root to control a service?). + +Suppose the user's name is floyd, and floyd wants to run floyds-app. +Assuming that the floyd user and group are already managed with Chef, +create a `runsvdir-floyd` runit_service. + + runit_service "runsvdir-floyd" + +Create the `sv-runsvdir-floyd-log-run.erb` template, or add `log +false`. Also create the `sv-runsvdir-floyd-run.erb` with the following +content: + + #!/bin/sh + exec 2>&1 + exec chpst -ufloyd runsvdir /home/floyd/service + +Next, create the `runit_service` resource for floyd's app: + + runit_service "floyds-app" do + sv_dir "/home/floyd/sv" + service_dir "/home/floyd/service" + owner "floyd" + group "floyd" + end + +And now floyd can manage the service with sv: + + $ id + uid=1000(floyd) gid=1001(floyd) groups=1001(floyd) + $ sv stop /home/floyd/service/floyds-app/ + ok: down: /home/floyd/service/floyds-app/: 0s, normally up + $ sv start /home/floyd/service/floyds-app/ + ok: run: /home/floyd/service/floyds-app/: (pid 5287) 0s + $ sv status /home/floyd/service/floyds-app/ + run: /home/floyd/service/floyds-app/: (pid 5287) 13s; run: log: (pid 4691) 726s + +**Options** + +Next, let's set up memcached under runit with some additional options +using the `options` parameter. First, the +`memcached/templates/default/sv-memcached-run.erb` template: + + #!/bin/sh + exec 2>&1 + exec chpst -u <%= @options[:user] %> /usr/bin/memcached -v -m <%= @options[:memory] %> -p <%= @options[:port] %> + +Note that the script uses `chpst` (which comes with runit) to set the +user option, then starts memcached on the specified memory and port +(see below). + +The log/run template, +`memcached/templates/default/sv-memcached-log-run.erb`: + + #!/bin/sh + exec svlogd -tt ./main + +Finally, the `runit_service` in our recipe: + + runit_service "memcached" do + options({ + :memory => node[:memcached][:memory], + :port => node[:memcached][:port], + :user => node[:memcached][:user]}.merge(params) + ) + end + +This is where the user, port and memory options used in the run +template are used. + +**Notifying Runit Services** + +In previous versions of this cookbook where the definition was used, +it created a `service` resource that could be notified. With the +`runit_service` resource, recipes need to use the full resource name. +For example: + + runit_service "my-service" + + template "/etc/my-service.conf" do + notifies :restart, "runit_service[my-service]" + end + +Because the resource implements actions for various commands that `sv` +can send to the service, any of those actions could be used for +notification. For example, `chef-client` supports triggering a Chef +run with a USR1 signal. + + template "/tmp/chef-notifier" do + notifies :usr1, "runit_service[chef-client]" + end + +For older implementations of services that used `runit_service` as a +definition, but may support alternate service styles, use a +conditional, such as based on an attribute: + + service_to_notify = case node['nginx']['init_style'] + when "runit" + "runit_service[nginx]" + else + "service[nginx]" + end + + template "/etc/nginx/nginx.conf" do + notifies :restart, service_to_notify + end + +**More Examples** + +For more examples, see the `runit_test` cookbook's `service` recipe in +the [git repository](https://github.com/opscode-cookbooks/runit). + +Testing +======= + +This cookbook has tests in the GitHub repository. To run the tests: + + git clone git://github.com/opscode-cookbooks/runit.git + cd runit + bundle install + +There are two kinds of tests, unit tests and integration tests. + +## Unit Tests + +The resource/provider code is unit tested with rspec. To run these +tests, use rake: + + bundle exec rake spec + +## Integration Tests + +Integration tests are setup to run under minitest-chef. They are +automatically run under test kitchen. + + bundle exec kitchen test + +This tests the default recipe ("default" configuration), and various +uses of the `runit_service` resource ("service" configuration). + +License and Author +================== + +Author:: Adam Jacob +Author:: Joshua Timberman + +Copyright:: 2008-2013, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Rakefile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Rakefile new file mode 100644 index 000000000..4df2694b5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Rakefile @@ -0,0 +1,17 @@ +require 'rubygems' +require 'bundler' +Bundler.setup + +require 'rake' +require 'foodcritic' +require 'rspec/core/rake_task' + +task :default => [:spec] + +RSpec::Core::RakeTask.new(:spec) do |t| + t.pattern = "./test/spec{,/*/**}/*_spec.rb" +end + +FoodCritic::Rake::LintTask.new do |t| + t.options = {:fail_tags => ['correctness']} +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Vagrantfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Vagrantfile new file mode 100644 index 000000000..907693b5a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/Vagrantfile @@ -0,0 +1,6 @@ +require 'kitchen/vagrant' +require 'berkshelf/vagrant' + +Vagrant::Config.run do |config| + Kitchen::Vagrant.define_vms(config) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/attributes/default.rb new file mode 100644 index 000000000..a3274ce80 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/attributes/default.rb @@ -0,0 +1,77 @@ +# +# Cookbook Name:: runit +# Attribute File:: sv_bin +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node["platform_family"] +when "debian" + + default["runit"]["sv_bin"] = "/usr/bin/sv" + default["runit"]["chpst_bin"] = "/usr/bin/chpst" + default["runit"]["service_dir"] = "/etc/service" + default["runit"]["sv_dir"] = "/etc/sv" + default["runit"]["executable"] = "/sbin/runit" + + if node["platform"] == "debian" + + default["runit"]["start"] = "runsvdir-start" + default["runit"]["stop"] = "" + default["runit"]["reload"] = "" + + elsif node["platform"] == "ubuntu" + + default["runit"]["start"] = "start runsvdir" + default["runit"]["stop"] = "stop runsvdir" + default["runit"]["reload"] = "reload runsvdir" + + end + +when "rhel" + + default["runit"]["sv_bin"] = "/sbin/sv" + default["runit"]["chpst_bin"] = "/sbin/chpst" + default["runit"]["service_dir"] = "/etc/service" + default["runit"]["sv_dir"] = "/etc/sv" + default["runit"]["executable"] = "/sbin/runit" + + if node["platform_version"].to_i < 6 + + default["runit"]["start"] = "/etc/init.d/runit-start start" + default["runit"]["stop"] = "/etc/init.d/runit-start stop" + default["runit"]["reload"] = "/etc/init.d/runit-start reload" + + else + + default["runit"]["start"] = "/etc/init.d/runit-start start" + default["runit"]["stop"] = "/etc/init.d/runit-start stop" + default["runit"]["reload"] = "/etc/init.d/runit-start reload" + + end + +when "gentoo" + + default["runit"]["sv_bin"] = "/usr/bin/sv" + default["runit"]["chpst_bin"] = "/usr/bin/chpst" + default["runit"]["service_dir"] = "/etc/service" + default["runit"]["sv_dir"] = "/var/service" + default["runit"]["executable"] = "/sbin/runit" + default["runit"]["start"] = "/etc/init.d/runit-start start" + default["runit"]["stop"] = "/etc/init.d/runit-start stop" + default["runit"]["reload"] = "/etc/init.d/runit-start reload" + +end + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit-2.1.1.tar.gz b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit-2.1.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..e1d61b8ea4cf3dcb4dd61c4ab9ab35ab2eddfe99 GIT binary patch literal 4014 zcmV;f4^i+RiwFS76Z2321MNHgSKBzY{q^auxDBub5<9l@MMLR8Tc*uy`8b5m&K`!x zI<}Jd;n=QaLs^FRx4(NO+i@VYoo=@??`(8>f+gKAU0q$>E2(iBc!_4|rfxQ#{F{n_ zrQ2=OU$fgb%763n#I%fVt7DoSf-}u#yZHp#|1N>bB^8Ms13ZcB)c+LR=lcJjmbf(k zC;NM^5BBw`9bdZPb@0u2&;)lnt;goyw9F38f6MH&Osk3QX3J={o`CVqB=|)651;=P z_}j!zAerzV80&-YU2-^+MsZ%9BuUh3Gz1!i%L6@(#|_!j*wA4Q{4mj>54JDD4DE!w zNUOlRzP{FD*`zz+bcQ1t_QCbsU_DW&*R~)Lz_*=C2uE=3x!k`&5Rt^*Fip4%C&vc@ zMq&I#(wz;QFiGGY(hfuc>dUI0iX0H8w#&f|h`6ME#be=x0a&_G2OL))r3%yW1m#_K zVTiC0**;>pkk}~q#1n*Dhct5SgoB5g3_-3Y2^6IXwIRhfUNT9Ck_ksHH(|gD6zi7_ z$H!V@N(4t~faBL08-#V_Z3mZvz|?REnY1KTA!R54&IajVe@^pZgkwzwmx|daaKqRe zdjXC?MBHf*CB{}(;AQIht{03MGj(|7OX(0g=21v3|F}t~;03r;d>`UystpOAzFdBl zgrP6~A;I*9?9jzT)kW%t1O=K0|J%S1*-dN*jm^fUjx7@K_~huv{^?WpN3Vweyi)f6 zrEd+t#g*&DT4W~^&GES%q>+vlXY#vwe8&G<&1QGr|I@dz^#9+ZxZY?4S{j4xPQ9RP z0u7!x4NJA_0l$9O$23g?`K6Ov0k90?nPwWA(E_vGYqfd?I?}v=X0#21)oL|`1FBdU z?P-RoSq7NRUd!w?jR!cpyP%o%4%FypcbCD+)5Z{`6%)p^+(kwUB$<&=@-*H=}-r&Nz%Uy=QI2n1OAaaz=JE$K$2gjU-*?3D-N_{ zXb2u(c@BqlKOFZ!UzR^hS!cDmi6T>8PS&5atSL8Y|sX7 zKp&H+1AfC}c<$N3bV{GQ5DqImRhvOF8v4aFK9=TeiylMxpPA*O-BTxb`r} zwx z3CHMG%)mQqw?AAE+l!oDk3R0OnG(`F#@@tX8kNWoZbZVTjh9G;y~CX#C{cSkc#Wfn zBTV{Y%xd9+;sDw`hMY!Q1QKk`PRMT0S;{jj2RTo95uq)+U?=q!Tz0w zA3yJ(4Ejfhca&l=Ceyo&az2}+h>u%n>}eV(8>W((r^4wN*tb{i|}xnsw1c!jf606qqnO$PsvdND!EynpOC z4DE~io!-6ftc=MHHD&pC?4gA&#>%^q>mbDdIld{n_Tc?t{})W^QB;BJ4eduRwLF*+ zX+&QnJ|lAzPV7m|Ff}|}%QiT1D1;XIc7mQ`3hx8&;}=of2Ajnk@f?H-)X9dp5myqI zPBudH32~W}(4n7@W`#UWIeg!E=LPA>zTuVGu2#v_Ieea((sS*-fT#6joBF7dd${!Y}X+(%DQ=)+Cm1nE7 znLG@Q;&2?>bik(QG+~0{_PHV?SwO%MSK$2Pz?qn&2_5iC^-OF(0aSm?hv*-4#`e-= z62|C$wY)I0mp9~u5;(Ra4$mX}-7T$dbnt5tPAFRwJV_(aK7bZvDdj`|!lG16ToAFt zxHAc%ve@B*b|m0#?c&05VD;qq;Ns}`^y0^Ndv696c!7!^Y0j4upieFGB3@DEuLz)* zi^9l7;pJ*qf6VN!g@aO_P)zcDi}K6}{VjH7$6<_Y*Tad0)#~#y7^S0P1Gd2pS>|&u zGMqcmUV}CTquXvn2HIHl5Jd8eaUyWH$v1*K>|!pO(2Nx#G&Z+BPx~QFVnrnJ?^a{= z)>~O2T6c>6JQ=qjQ>IbQc-UgTMwZ||Hk`smOM6FEN-r&m#Z#mckLFOxwnC9GZves?{i9RdpJ`T95jON?_TXh69CLj1mq;G&}n&>!1WM2nNo+K>fLUNJ(E0A#CS8fy? zo?=c;A>h}!Tb6*TC#Ql<+!v}R*Vp<n&ep$Pw)NV)n7lnqrjY9n~emgcNZnnGzV3i`MRz6k@|sUHU|PkyGCmET(` zbJ(cGX?VpK&+8}-r*l&R_pxzkH(`qVlMMK;?LgXctZ1rrS1R|gzee(0-xOC18EM-| z5?8f4c_a0sZLqRKb0+9b*gY5LEojla1VT&`NxnJZo=Nj*!iYq@HyK_w`#`(A> zFC>+Di~GC6roOd_!wwzXU7W_Ibmpp_?{2T&?j63_AI$1U$A9l1zA5VJBDtuZBKTit z(5FYQkB}Z^IOV+rw*ib>#<=3fY!iNrJ@^SDH_M;|(}JHu4hNp^Q-=9JA-|dK%3nR; z$qSXoX&r|CH*~#`hw+`vY0*y9MHM<$%*v8bXl1ayp;zqz)(;6tLK#F?p}(lUKXj1A|1)7SsE_|ULYecx#M9Ay83`P zp6;Iuf3DE%HWq6H|;q#a(`j9HSH(|$=X?iAg3kheRP1ti?m`g5Zoh=xoQ4}KkENX^S zkV5jk6=fKtfttpql3~H&0Ma|46o?`#oB$k|N*mN|G7K?ka&rdD^Sp0e9=rd0kaYhG zJU(;(XLJnf-usVEv)x^u|9y|r4_yASN4Xg89=gMJ{`DfS1#^Pg&7drnVQgteM>E@C zS-p0%XLU+feKo_%t_O460>?Bp^uA`Z*WT)xUA@(LW|-}*Rugf|?0T?i)w@uWzjQ%} zTS*L?lo?YZu$?#94*BA8Rctd&Rj$ylXD1aqm3&ufRJK`dQGaRYBAATeX4dqe;Ul)- zuIr5hPT^#dN8iZ)kDdSW`p@5Pd}|)^{a^dh_kU)y-MY8_t!~#^uK({*N;m1(6OKXl z)Z1CDVsIu;lvfQ5fn;v+lu`y|_86I9ph!o5I-Q4C;CwsFjWEH;BJW5Zb{0>D)}?9T zCax*Obs65sCrt5;I=-)9MlX|G6F)HiE^%G0UQaw{0{Q!)jTy^Nb1hyfeH}lFA?b0` z@8Orfhx+OfA^}Yvq9rlsit{()$X39?DNZl|oV~_k`J;x$eeR4o5s9~Yo14a6>5j1c zplfiv|7y@!0KTb$2hv*^{OJA3t9?W$Sm&w+?bRYc(8iBR!B`Fr+Hm+#s2S)ocwA5( zi~km0hkPZE&%}Qnvu)h-|6R*6m;V2Ilss0OodL;+?Z4!+EYpy2SEtuDdd+q@Rx_KW zSZ#(oht};Ore!@qldrit6t2l%`JT%Q96xnAR4_!+CzWyw2B^M$BO95vlHGg0AMCx^ zhYFl&$LD~oE3CG#>r8tq`{B$F$LB;hgUaql(e?J-9y(V(bPc<0v`vFQ!}Q~s)3IA^ z*R{8X#jgMbWwnTs2Ww?vx9G2MBz zK32^-RAgTdDs{*s-?~x<_Wc@EHn!m|qcXB_|EQ`Mb&9CjmxW~IAlfF)Pdg8%CC;@S z2hEQQkczJ+q019YDHtJis+HoR3gwa?C{0gN^MbLImWUCVX|oQ-29EU(r&{t97o-F^ z+L^XY8b|H%{#FV5FE;(t8l*BO(>%DnX}IH=m)=cAIs}lxhJv zX`Y-MD0B`xn|3_Ds@1mXs04TU>QkTw`0Y2`?q%PGn#Srz0kSFEVP^-{wRK{t$)jNT z76N;#s=H=x6nzc_0_(@?z07LN?Q*+@?X?;qp)mnqc;TbfC@O#XOZK&KW}KH;*2*k% z2=lz?ddLxmxFKI|m%HC$_snpuMIaQ$Oj=lp+JIJ2jrqDNvHg6)w?g8Pa`7 zIZNnZE*#p-s`N#Y)-x+oeCPX>+0+XI%3!29KbYoRxf$QvT#%wJhZU0t$dI#<5|E6# zF0c!2^yvlZh^ct-PaW!ck7|I?)HplJ+rycThHU(_txEBtGm!!x1>kQe1SfA z3xmHO9vu(*1FXF)T~(a@iawXs@XyX~Z# zZw~j~p=SD{dF^O1?lRsL7xTR2*{*a+ijo1|bjn>12j<`4V7>yY&T4dvh#El+&_fN1 ze$}x!DpF+{awSTF*q_Lxz*YYj2Ngp@IbJY=x#!;Ztj98Y&BaD1Q656K&4sqsthb;> zKV%!<{sA_8=?m=T!`?q}x%Ubit$aCOf9A4$h`lV!vMkH8EX%Si%d#xXvMkH8EX%Si U%d#xX@<){a1A%3+r2tR>0HUky7XSbN literal 0 HcmV?d00001 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit.seed b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit.seed new file mode 100644 index 000000000..64929201e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runit.seed @@ -0,0 +1 @@ +runit runit/signalinit boolean true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runsvdir b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/default/runsvdir new file mode 100644 index 000000000..e69de29bb diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-6.10/runsvdir b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-6.10/runsvdir new file mode 100644 index 000000000..4040e34f1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-6.10/runsvdir @@ -0,0 +1,6 @@ +start on runlevel-2 +start on runlevel-3 +start on runlevel-4 +start on runlevel-5 +stop on shutdown +respawn /usr/sbin/runsvdir-start diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.04/runsvdir b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.04/runsvdir new file mode 100644 index 000000000..ee173c9c0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.04/runsvdir @@ -0,0 +1,7 @@ +start on runlevel 2 +start on runlevel 3 +start on runlevel 4 +start on runlevel 5 +stop on shutdown +respawn +exec /usr/sbin/runsvdir-start diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.10/runsvdir b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.10/runsvdir new file mode 100644 index 000000000..ee173c9c0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-7.10/runsvdir @@ -0,0 +1,7 @@ +start on runlevel 2 +start on runlevel 3 +start on runlevel 4 +start on runlevel 5 +stop on shutdown +respawn +exec /usr/sbin/runsvdir-start diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-8.04/runsvdir b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-8.04/runsvdir new file mode 100644 index 000000000..ee173c9c0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/files/ubuntu-8.04/runsvdir @@ -0,0 +1,7 @@ +start on runlevel 2 +start on runlevel 3 +start on runlevel 4 +start on runlevel 5 +stop on shutdown +respawn +exec /usr/sbin/runsvdir-start diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/default.rb new file mode 100644 index 000000000..e69de29bb diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/provider_runit_service.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/provider_runit_service.rb new file mode 100644 index 000000000..6dadfc7f7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/provider_runit_service.rb @@ -0,0 +1,434 @@ +# +# Cookbook Name:: runit +# Provider:: service +# +# Copyright 2011, Joshua Timberman +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider/service' +require 'chef/provider/link' +require 'chef/resource/link' +require 'chef/provider/directory' +require 'chef/resource/directory' +require 'chef/provider/template' +require 'chef/resource/template' +require 'chef/provider/file' +require 'chef/resource/file' +require 'chef/mixin/shell_out' +require 'chef/mixin/language' + +class Chef + class Provider + class Service + class Runit < Chef::Provider::Service + include Chef::Mixin::ShellOut + + def initialize(*args) + super + @sv_dir = nil + @run_script = nil + @log_dir = nil + @log_main_dir = nil + @default_log_dir = nil + @log_run_script = nil + @env_dir = nil + @env_files = nil + @finish_script = nil + @control_dir = nil + @control_signal_files = nil + @lsb_init = nil + @service_link = nil + @new_resource.supports[:status] = true + end + + def load_current_resource + @current_resource = Chef::Resource::RunitService.new(new_resource.name) + @current_resource.service_name(new_resource.service_name) + + Chef::Log.debug("Checking status of service #{new_resource.service_name}") + + # verify Runit was installed properly + unless ::File.exist?(new_resource.sv_bin) && ::File.executable?(new_resource.sv_bin) + no_runit_message = "Could not locate main runit sv_bin at \"#{new_resource.sv_bin}\". " + no_runit_message << "Did you remember to install runit before declaring a \"runit_service\" resource? " + no_runit_message << "\n\nTry adding the following to the top of your recipe:\n\ninclude_recipe \"runit\"" + raise no_runit_message + end + + @current_resource.running(running?) + @current_resource.enabled(enabled?) + @current_resource + end + + # + # Chef::Provider::Service overrides + # + + def action_enable + converge_by("configure service #{@new_resource}") do + configure_service # Do this every run, even if service is already enabled and running + Chef::Log.info("#{@new_resource} configured") + end + if @current_resource.enabled + Chef::Log.debug("#{@new_resource} already enabled - nothing to do") + else + converge_by("enable service #{@new_resource}") do + enable_service + Chef::Log.info("#{@new_resource} enabled") + end + end + load_new_resource_state + @new_resource.enabled(true) + restart_service if @new_resource.restart_on_update and run_script.updated_by_last_action? + end + + def configure_service + if new_resource.sv_templates + Chef::Log.debug("Creating sv_dir for #{new_resource.service_name}") + sv_dir.run_action(:create) + Chef::Log.debug("Creating run_script for #{new_resource.service_name}") + run_script.run_action(:create) + + if new_resource.log + Chef::Log.debug("Setting up svlog for #{new_resource.service_name}") + log_dir.run_action(:create) + log_main_dir.run_action(:create) + default_log_dir.run_action(:create) if new_resource.default_logger + log_run_script.run_action(:create) + else + Chef::Log.debug("log not specified for #{new_resource.service_name}, continuing") + end + + unless new_resource.env.empty? + Chef::Log.debug("Setting up environment files for #{new_resource.service_name}") + env_dir.run_action(:create) + env_files.each {|file| file.run_action(:create)} + else + Chef::Log.debug("Environment not specified for #{new_resource.service_name}, continuing") + + end + + if new_resource.finish + Chef::Log.debug("Creating finish script for #{new_resource.service_name}") + finish_script.run_action(:create) + else + Chef::Log.debug("Finish script not specified for #{new_resource.service_name}, continuing") + end + + unless new_resource.control.empty? + Chef::Log.debug("Creating control signal scripts for #{new_resource.service_name}") + control_dir.run_action(:create) + control_signal_files.each {|file| file.run_action(:create)} + else + Chef::Log.debug("Control signals not specified for #{new_resource.service_name}, continuing") + end + end + + Chef::Log.debug("Creating lsb_init compatible interface #{new_resource.service_name}") + lsb_init.run_action(:create) + end + + def enable_service + unless node['platform'] == 'gentoo' + Chef::Log.debug("Creating symlink in service_dir for #{new_resource.service_name}") + service_link.run_action(:create) + end + + Chef::Log.debug("waiting until named pipe #{service_dir_name}/supervise/ok exists.") + until ::FileTest.pipe?("#{service_dir_name}/supervise/ok") do + sleep 1 + Chef::Log.debug(".") + end + end + + def disable_service + shell_out("#{new_resource.sv_bin} down #{service_dir_name}") + Chef::Log.debug("#{new_resource} down") + FileUtils.rm(service_dir_name) + Chef::Log.debug("#{new_resource} service symlink removed") + end + + def start_service + shell_out!("#{new_resource.sv_bin} start #{service_dir_name}") + end + + def stop_service + shell_out!("#{new_resource.sv_bin} stop #{service_dir_name}") + end + + def restart_service + shell_out!("#{new_resource.sv_bin} restart #{service_dir_name}") + end + + def reload_service + shell_out!("#{new_resource.sv_bin} force-reload #{service_dir_name}") + end + + # + # Addtional Runit-only actions + # + + # only take action if the service is running + [:down, :hup, :int, :term, :kill, :quit].each do |signal| + define_method "action_#{signal}".to_sym do + if @current_resource.running + runit_send_signal(signal) + else + Chef::Log.debug("#{new_resource} not running - nothing to do") + end + end + end + + # only take action if service is *not* running + [:up, :once, :cont].each do |signal| + define_method "action_#{signal}".to_sym do + if @current_resource.running + Chef::Log.debug("#{new_resource} already running - nothing to do") + else + runit_send_signal(signal) + end + end + end + + def action_usr1 + runit_send_signal(1, :usr1) + end + + def action_usr2 + runit_send_signal(2, :usr2) + end + + private + + def runit_send_signal(signal, friendly_name=nil) + friendly_name ||= signal + converge_by("send #{friendly_name} to #{new_resource}") do + shell_out!("#{new_resource.sv_bin} #{signal} #{service_dir_name}") + Chef::Log.info("#{new_resource} sent #{friendly_name}") + new_resource.updated_by_last_action(true) + end + end + + def running? + cmd = shell_out("#{new_resource.sv_bin} status #{new_resource.service_name}") + (cmd.stdout =~ /^run:/ && cmd.exitstatus == 0) + end + + def enabled? + ::File.exists?(::File.join(service_dir_name, "run")) + end + + def sv_dir_name + ::File.join(new_resource.sv_dir, new_resource.service_name) + end + + def service_dir_name + ::File.join(new_resource.service_dir, new_resource.service_name) + end + + def template_cookbook + new_resource.cookbook.nil? ? new_resource.cookbook_name.to_s : new_resource.cookbook + end + + def default_logger_content + return <<-EOF +#!/bin/sh +exec svlogd -tt /var/log/#{new_resource.service_name} +EOF + end + + # + # Helper Resources + # + def sv_dir + return @sv_dir unless @sv_dir.nil? + @sv_dir = Chef::Resource::Directory.new(sv_dir_name, run_context) + @sv_dir.recursive(true) + @sv_dir.owner(new_resource.owner) + @sv_dir.group(new_resource.group) + @sv_dir.mode(00755) + @sv_dir + end + + def run_script + return @run_script unless @run_script.nil? + @run_script = Chef::Resource::Template.new(::File.join(sv_dir_name, 'run'), run_context) + @run_script.owner(new_resource.owner) + @run_script.group(new_resource.group) + @run_script.source("sv-#{new_resource.run_template_name}-run.erb") + @run_script.cookbook(template_cookbook) + @run_script.mode(00755) + if new_resource.options.respond_to?(:has_key?) + @run_script.variables(:options => new_resource.options) + end + @run_script + end + + def log_dir + return @log_dir unless @log_dir.nil? + @log_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'log'), run_context) + @log_dir.recursive(true) + @log_dir.owner(new_resource.owner) + @log_dir.group(new_resource.group) + @log_dir.mode(00755) + @log_dir + end + + def log_main_dir + return @log_main_dir unless @log_main_dir.nil? + @log_main_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'log', 'main'), run_context) + @log_main_dir.recursive(true) + @log_main_dir.owner(new_resource.owner) + @log_main_dir.group(new_resource.group) + @log_main_dir.mode(00755) + @log_main_dir + end + + def default_log_dir + return @default_log_dir unless @default_log_dir.nil? + @default_log_dir = Chef::Resource::Directory.new(::File.join("/var/log/#{new_resource.service_name}"), run_context) + @default_log_dir.recursive(true) + @default_log_dir.owner(new_resource.owner) + @default_log_dir.group(new_resource.group) + @default_log_dir.mode(00755) + @default_log_dir + end + + def log_run_script + return @log_run_script unless @log_run_script.nil? + if new_resource.default_logger + @log_run_script = Chef::Resource::File.new(::File.join( sv_dir_name, + 'log', + 'run' ), + run_context) + @log_run_script.content(default_logger_content) + @log_run_script.owner(new_resource.owner) + @log_run_script.group(new_resource.group) + @log_run_script.mode(00755) + else + @log_run_script = Chef::Resource::Template.new(::File.join( sv_dir_name, + 'log', + 'run' ), + run_context) + @log_run_script.owner(new_resource.owner) + @log_run_script.group(new_resource.group) + @log_run_script.mode(00755) + @log_run_script.source("sv-#{new_resource.log_template_name}-log-run.erb") + @log_run_script.cookbook(template_cookbook) + if new_resource.options.respond_to?(:has_key?) + @log_run_script.variables(:options => new_resource.options) + end + end + @log_run_script + end + + def env_dir + return @env_dir unless @env_dir.nil? + @env_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'env'), run_context) + @env_dir.owner(new_resource.owner) + @env_dir.group(new_resource.group) + @env_dir.mode(00755) + @env_dir + end + + def env_files + return @env_files unless @env_files.nil? + @env_files = new_resource.env.map do |var, value| + env_file = Chef::Resource::File.new(::File.join(sv_dir_name, 'env', var), run_context) + env_file.owner(new_resource.owner) + env_file.group(new_resource.group) + env_file.content(value) + env_file + end + @env_files + end + + def finish_script + return @finish_script unless @finish_script.nil? + @finish_script = Chef::Resource::Template.new(::File.join(sv_dir_name, 'finish'), run_context) + @finish_script.owner(new_resource.owner) + @finish_script.group(new_resource.group) + @finish_script.mode(00755) + @finish_script.source("sv-#{new_resource.finish_script_template_name}-finish.erb") + @finish_script.cookbook(template_cookbook) + if new_resource.options.respond_to?(:has_key?) + @finish_script.variables(:options => new_resource.options) + end + @finish_script + end + + def control_dir + return @control_dir unless @control_dir.nil? + @control_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'control'), run_context) + @control_dir.owner(new_resource.owner) + @control_dir.group(new_resource.group) + @control_dir.mode(00755) + @control_dir + end + + def control_signal_files + return @control_signal_files unless @control_signal_files.nil? + @control_signal_files = new_resource.control.map do |signal| + control_signal_file = Chef::Resource::Template.new(::File.join( sv_dir_name, + 'control', + signal), + run_context) + control_signal_file.owner(new_resource.owner) + control_signal_file.group(new_resource.group) + control_signal_file.mode(00755) + control_signal_file.source("sv-#{new_resource.control_template_names[signal]}-#{signal}.erb") + control_signal_file.cookbook(template_cookbook) + if new_resource.options.respond_to?(:has_key?) + control_signal_file.variables(:options => new_resource.options) + end + control_signal_file + end + @control_signal_files + end + + def lsb_init + return @lsb_init unless @lsb_init.nil? + if node['platform'] == 'debian' + @lsb_init = Chef::Resource::Template.new(::File.join( '/etc', + 'init.d', + new_resource.service_name), + run_context) + @lsb_init.owner('root') + @lsb_init.group('root') + @lsb_init.mode(00755) + @lsb_init.cookbook('runit') + @lsb_init.source('init.d.erb') + @lsb_init.variables(:options => new_resource.options) + else + @lsb_init = Chef::Resource::Link.new(::File.join( '/etc', + 'init.d', + new_resource.service_name), + run_context) + @lsb_init.to(new_resource.sv_bin) + end + @lsb_init + end + + def service_link + return @service_link unless @service_link.nil? + @service_link = Chef::Resource::Link.new(::File.join(service_dir_name), run_context) + @service_link.to(sv_dir_name) + @service_link + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/resource_runit_service.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/resource_runit_service.rb new file mode 100644 index 000000000..021a2dc33 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/libraries/resource_runit_service.rb @@ -0,0 +1,185 @@ +# +# Cookbook Name:: runit +# Provider:: service +# +# Copyright 2011, Joshua Timberman +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/resource' +require 'chef/resource/service' + +class Chef + class Resource + class RunitService < Chef::Resource::Service + + def initialize(name, run_context=nil) + super + runit_node = runit_attributes_from_node(run_context) + @resource_name = :runit_service + @provider = Chef::Provider::Service::Runit + @supports = { :restart => true, :reload => true, :status => true } + @action = :enable + @allowed_actions = [:nothing, :start, :stop, :enable, :disable, :restart, :reload, :status, :once, :hup, :cont, :term, :kill, :up, :down, :usr1, :usr2] + + # sv_bin, sv_dir and service_dir may have been set in the node attributes + @sv_bin = runit_node[:sv_bin] || '/usr/bin/sv' + @sv_dir = runit_node[:sv_dir] || '/etc/sv' + @service_dir = runit_node[:service_dir] || '/etc/service' + + @control = [] + @options = {} + @env = {} + @log = true + @cookbook = nil + @finish = false + @owner = nil + @group = nil + @enabled = false + @running = false + @default_logger = false + @restart_on_update = true + @run_template_name = @service_name + @log_template_name = @service_name + @finish_script_template_name = @service_name + @control_template_names = {} + @status_command = "#{@sv_bin} status #{@service_dir}" + @sv_templates = true + + # + # Backward Compat Hack + # + # This ensures a 'service' resource exists for all 'runit_service' resources. + # This should allow all recipes using the previous 'runit_service' definition to + # continue operating. + # + unless run_context.nil? + service_dir_name = ::File.join(@service_dir, @name) + @service_mirror = Chef::Resource::Service.new(name, run_context) + @service_mirror.provider(Chef::Provider::Service::Simple) + @service_mirror.supports(@supports) + @service_mirror.start_command("#{@sv_bin} start #{service_dir_name}") + @service_mirror.stop_command("#{@sv_bin} stop #{service_dir_name}") + @service_mirror.restart_command("#{@sv_bin} restart #{service_dir_name}") + @service_mirror.status_command("#{@sv_bin} status #{service_dir_name}") + @service_mirror.action(:nothing) + run_context.resource_collection.insert(@service_mirror) + end + end + + def sv_bin(arg=nil) + set_or_return(:sv_bin, arg, :kind_of => [String]) + end + + def sv_dir(arg=nil) + set_or_return(:sv_dir, arg, :kind_of => [String, FalseClass]) + end + + def service_dir(arg=nil) + set_or_return(:service_dir, arg, :kind_of => [String]) + end + + def control(arg=nil) + set_or_return(:control, arg, :kind_of => [Array]) + end + + def options(arg=nil) + if @env.empty? + opts = @options + else + opts = @options.merge!(:env_dir => ::File.join(@sv_dir, @service_name, 'env')) + end + set_or_return( + :options, + arg, + :kind_of => [Hash], + :default => opts + ) + end + + def env(arg=nil) + set_or_return(:env, arg, :kind_of => [Hash]) + end + + def log(arg=nil) + set_or_return(:log, arg, :kind_of => [TrueClass, FalseClass]) + end + + def cookbook(arg=nil) + set_or_return(:cookbook, arg, :kind_of => [String]) + end + + def finish(arg=nil) + set_or_return(:finish, arg, :kind_of => [TrueClass, FalseClass]) + end + + def owner(arg=nil) + set_or_return(:owner, arg, :regex => [Chef::Config[:user_valid_regex]]) + end + + def group(arg=nil) + set_or_return(:group, arg, :regex => [Chef::Config[:group_valid_regex]]) + end + + def default_logger(arg=nil) + set_or_return(:default_logger, arg, :kind_of => [TrueClass, FalseClass]) + end + + def restart_on_update(arg=nil) + set_or_return(:restart_on_update, arg, :kind_of => [TrueClass, FalseClass]) + end + + def run_template_name(arg=nil) + set_or_return(:run_template_name, arg, :kind_of => [String]) + end + alias :template_name :run_template_name + + def log_template_name(arg=nil) + set_or_return(:log_template_name, arg, :kind_of => [String]) + end + + def finish_script_template_name(arg=nil) + set_or_return(:finish_script_template_name, arg, :kind_of => [String]) + end + + def control_template_names(arg=nil) + set_or_return( + :control_template_names, + arg, + :kind_of => [Hash], + :default => set_control_template_names + ) + end + + def set_control_template_names + @control.each do |signal| + @control_template_names[signal] ||= @service_name + end + @control_template_names + end + + def sv_templates(arg=nil) + set_or_return(:sv_templates, arg, :kind_of => [TrueClass, FalseClass]) + end + + def runit_attributes_from_node(run_context) + runit_attr = if run_context && run_context.node + run_context.node[:runit] + end + runit_attr || {} + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/metadata.rb new file mode 100644 index 000000000..0bcba5c76 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/metadata.rb @@ -0,0 +1,16 @@ +name "runit" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs runit and provides runit_service definition" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.1.0" + +recipe "runit", "Installs and configures runit" + +%w{ ubuntu debian gentoo centos redhat amazon scientific oracle enterpriseenterprise }.each do |os| + supports os +end + +depends "build-essential" +depends "yum" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/recipes/default.rb new file mode 100644 index 000000000..d15c7d9b3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/recipes/default.rb @@ -0,0 +1,117 @@ +# +# Cookbook Name:: runit +# Recipe:: default +# +# Copyright 2008-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +service "runit" do + action :nothing +end + +execute "start-runsvdir" do + command value_for_platform( + "debian" => { "default" => "runsvdir-start" }, + "ubuntu" => { "default" => "start runsvdir" }, + "gentoo" => { "default" => "/etc/init.d/runit-start start" } + ) + action :nothing +end + +execute "runit-hup-init" do + command "telinit q" + only_if "grep ^SV /etc/inittab" + action :nothing +end + +case node["platform_family"] +when "rhel" + + include_recipe "build-essential" + # `rpmdevtools` is in EPEL repo in EL <= 5 + include_recipe "yum::epel" if node["platform_version"].to_i <= 5 + + packages = %w{rpm-build rpmdevtools tar gzip} + packages.each do |p| + package p + end + + if node["platform_version"].to_i >= 6 + package "glibc-static" + else + package "buildsys-macros" + end + + cookbook_file "#{Chef::Config[:file_cache_path]}/runit-2.1.1.tar.gz" do + source "runit-2.1.1.tar.gz" + not_if "rpm -qa | grep -q '^runit'" + notifies :run, "bash[rhel_build_install]", :immediately + end + + bash "rhel_build_install" do + user "root" + cwd Chef::Config[:file_cache_path] + code <<-EOH + tar xzf runit-2.1.1.tar.gz + cd runit-2.1.1 + ./build.sh + EOH + notifies :install, "rpm_package[runit-211]", :immediately + action :nothing + end + + rpm_package "runit-211" do + source "/root/rpmbuild/RPMS/runit-2.1.1.rpm" + action :nothing + end + +when "debian","gentoo" + + if platform?("gentoo") + template "/etc/init.d/runit-start" do + source "runit-start.sh.erb" + mode 0755 + end + end + + package "runit" do + action :install + if platform?("ubuntu", "debian") + response_file "runit.seed" + end + notifies value_for_platform( + "debian" => { "4.0" => :run, "default" => :nothing }, + "ubuntu" => { + "default" => :nothing, + "9.04" => :run, + "8.10" => :run, + "8.04" => :run }, + "gentoo" => { "default" => :run } + ), "execute[start-runsvdir]", :immediately + notifies value_for_platform( + "debian" => { "squeeze/sid" => :run, "default" => :nothing }, + "default" => :nothing + ), "execute[runit-hup-init]", :immediately + end + + if node["platform"] =~ /ubuntu/i && node["platform_version"].to_f <= 8.04 + cookbook_file "/etc/event.d/runsvdir" do + source "runsvdir" + mode 0644 + notifies :run, "execute[start-runsvdir]", :immediately + only_if do ::File.directory?("/etc/event.d") end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/debian/init.d.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/debian/init.d.erb new file mode 100644 index 000000000..62c82bb0e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/debian/init.d.erb @@ -0,0 +1,66 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: <%= @params[:name] %> +# Required-Start: +# Required-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: initscript for runit-managed <%= @params[:name] %> service +### END INIT INFO + +# Author: Opscode, Inc. + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="runit-managed <%= @params[:name] %>" +NAME=<%= @params[:name] %> +RUNIT=/usr/bin/sv +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if runit is not installed +[ -x $RUNIT ] || exit 0 + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + $RUNIT <%= @params[:start_command] %> $NAME + [ "$VERBOSE" != no ] && log_end_msg $? + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + $RUNIT <%= @params[:stop_command] %> $NAME + [ "$VERBOSE" != no ] && log_end_msg $? + ;; + status) + $RUNIT <%= @params[:status_command] %> $NAME && exit 0 || exit $? + ;; + reload) + [ "$VERBOSE" != no ] && log_daemon_msg "Reloading $DESC" "$NAME" + $RUNIT reload $NAME + [ "$VERBOSE" != no ] && log_end_msg $? + ;; + force-reload) + [ "$VERBOSE" != no ] && log_daemon_msg "Force reloading $DESC" "$NAME" + $RUNIT force-reload $NAME + [ "$VERBOSE" != no ] && log_end_msg $? + ;; + restart) + [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME" + $RUNIT <%= @params[:restart_command] %> $NAME + [ "$VERBOSE" != no ] && log_end_msg $? + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|reload|force-reload|restart}" >&2 + exit 3 + ;; +esac + +: + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/gentoo/runit-start.sh.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/gentoo/runit-start.sh.erb new file mode 100644 index 000000000..a6c11b3d0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/templates/gentoo/runit-start.sh.erb @@ -0,0 +1,32 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +depend() { + after net +} + +start() { + ebegin "Starting runsvdir" + start-stop-daemon --start --exec /usr/bin/runsvdir \ + --background --make-pidfile \ + --pidfile /var/run/runsvdir.pid -- <%= node.runit.sv_dir %> + eend $? +} + +stop() { + local ret1 ret2 + ebegin "Stopping runsvdir" + start-stop-daemon --stop --oknodo --pidfile /var/run/runsvdir.pid + ret1=$? + eend ${ret1} + + ebegin "Stopping services and logging" + sv shutdown -w 10 <%= node.runit.sv_dir %>/* + ret2=$? + eend ${ret2} + + return $((ret1+ret2)) +} + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/Kitchenfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/Kitchenfile new file mode 100644 index 000000000..4ad316bf3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/Kitchenfile @@ -0,0 +1,4 @@ +cookbook "runit" do + configuration "default" + configuration "service" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/README.md new file mode 100644 index 000000000..9dd93b5d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/README.md @@ -0,0 +1 @@ +This cookbook is used with test-kitchen to test the parent, runit cookbok diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/metadata.rb new file mode 100644 index 000000000..08bb2daec --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/metadata.rb @@ -0,0 +1,6 @@ +name "runit-other_test" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "This cookbook is used with test-kitchen to test the parent, runit cookbok" +version "1.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-log-run.erb new file mode 100644 index 000000000..22cc1a6fd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-run.erb new file mode 100644 index 000000000..4d93a1507 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit-other_test/templates/default/sv-other-cookbook-templates-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>1 +exec tail -f /var/log/* diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/README.md new file mode 100644 index 000000000..9dd93b5d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/README.md @@ -0,0 +1 @@ +This cookbook is used with test-kitchen to test the parent, runit cookbok diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..30f079b22 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/default_test.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: runit_test +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "runit_test::default" do + include Helpers::RunitTest + + describe "packages" do + it 'has been installed' do + package("runit").must_be_installed + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/service_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/service_test.rb new file mode 100644 index 000000000..002190c7c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/service_test.rb @@ -0,0 +1,120 @@ +# +# Cookbook:: runit_test +# Minitest:: service +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "runit_test::service" do + include Helpers::RunitTest + + it 'creates a service with the defaults' do + service('plain-defaults').must_be_running + file('/etc/service/plain-defaults/run').must_exist + file('/etc/service/plain-defaults/log/run').must_exist + link('/etc/init.d/plain-defaults').must_exist.with( + :link_type, :symbolic).and(:to, node['runit']['sv_bin']) + unless node['platform'] == 'gentoo' + link('/etc/service/plain-defaults').must_exist.with( + :link_type, :symbolic).and(:to, '/etc/sv/plain-defaults') + end + end + + it 'creates a service that doesnt use the svlog' do + service('no-svlog').must_be_running + directory('/etc/sv/no-svlog/log').wont_exist + end + + it 'creates a service that uses the default svlog' do + regexp = %r{#!/bin/sh\nexec svlogd -tt /var/log/default-svlog} + service('default-svlog').must_be_running + file('/etc/service/default-svlog/log/run').must_match(regexp) + end + + it 'creates a service that has a finish script' do + service('finisher').must_be_running + file('/etc/service/finisher/finish').must_exist + end + + it 'creates a service that uses env files' do + regexp = %r{\$PATH:/opt/chef/embedded/bin} + service('env-files').must_be_running + file('/etc/service/env-files/env/PATH').must_match(regexp) + end + + it 'creates a service that sets options for the templates' do + service('template-options').must_be_running + file('/etc/service/template-options/run').must_match("# Options are delicious") + end + + it 'creates a service that uses control signal files' do + service('control-signals').must_be_running + file('/etc/service/control-signals/control/u').must_match(/control signal up/) + end + + it 'creates a runsvdir service for a normal user' do + regexp = %r{exec chpst -ufloyd runsvdir /home/floyd/service} + service('runsvdir-floyd').must_be_running + file('/etc/service/runsvdir-floyd/run').must_match(regexp) + end + + it 'creates a service running by a normal user in its runsvdir' do + floyds_app = shell_out( + "#{node['runit']['sv_bin']} status /home/floyd/service/floyds-app", + :user => "floyd", + :cwd => "/home/floyd" + ) + assert floyds_app.stdout.include?('run:') + file('/home/floyd/service/floyds-app/run').must_exist.with(:owner, 'floyd') + file('/home/floyd/service/floyds-app/log/run').must_exist.with(:owner, 'floyd') + link('/etc/init.d/floyds-app').must_exist.with( + :link_type, :symbolic).and(:to, node['runit']['sv_bin']) + unless node['platform'] == 'gentoo' + link('/home/floyd/service/floyds-app').must_exist.with( + :link_type, :symbolic).and(:to, '/home/floyd/sv/floyds-app') + end + end + + it 'creates a service with differently named template files' do + service('yerba').must_be_running + end + + it 'creates a service with differently named run script template' do + service('yerba-alt').must_be_running + end + + it 'creates a service that should exist but be disabled' do + file('/etc/sv/exist-disabled/run').must_exist + unless node['platform'] == 'gentoo' + link('/etc/service/exist-disabled').wont_exist + end + end + + it 'can use templates from another cookbook' do + service('other-cookbook-templates').must_be_running + end + + it 'creates a service that has its own run scripts' do + if node['platform_family'] == 'rhel' + skip "RHEL platforms don't have a generally available package w/ runit scripts" + end + git_daemon = shell_out("#{node['runit']['sv_bin']} status /etc/service/git-daemon") + assert git_daemon.stdout.include?('run:') + link('/etc/service/git-daemon').must_exist.with( + :link_type, :symbolic).and(:to, '/etc/sv/git-daemon') + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..148315e4b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: runit_test +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/shell_out' + +module Helpers + module RunitTest + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + include Chef::Mixin::ShellOut + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/metadata.rb new file mode 100644 index 000000000..07bc0b3dc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/metadata.rb @@ -0,0 +1,6 @@ +name "runit_test" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "This cookbook is used with test-kitchen to test the parent, runit cookbok" +version "1.0.0" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/default.rb new file mode 100644 index 000000000..2e01c1525 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: runit_test +# Recipe:: default +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "runit::default" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/service.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/service.rb new file mode 100644 index 000000000..1fd5d732a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/recipes/service.rb @@ -0,0 +1,145 @@ +# +# Cookbook Name:: runit_test +# Recipe:: service +# +# Copyright 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "runit::default" + +package "netcat" do + package_name "nc" if platform_family?('rhel', 'fedora') +end + +# Create a normal user to run services later +group "floyd" + +user "floyd" do + comment "Floyd the App Runner" + gid "floyd" + shell "/bin/bash" + home "/home/floyd" + manage_home true + supports :manage_home => true +end + +["sv", "service"].each do |dir| + + directory "/home/floyd/#{dir}" do + owner "floyd" + group "floyd" + recursive true + end + +end + +# Create a service with all the fixin's +runit_service "plain-defaults" + +# Create a service that doesn't use the svlog +runit_service "no-svlog" do + log false +end + +# Create a service that uses the default svlog +runit_service "default-svlog" do + default_logger true +end + +# Create a service that has a finish script +runit_service "finisher" do + finish true +end + +# Create a service that uses env files +runit_service "env-files" do + env({"PATH" => "$PATH:/opt/chef/embedded/bin"}) +end + +# Create a service that sets options for the templates +runit_service "template-options" do + options({:raspberry => "delicious"}) +end + +# Create a service that uses control signal files +runit_service "control-signals" do + control ["u"] +end + +# Create a runsvdir service for a normal user +runit_service "runsvdir-floyd" + +# # Create a service running by a normal user in its runsvdir +runit_service "floyds-app" do + sv_dir "/home/floyd/sv" + service_dir "/home/floyd/service" + owner "floyd" + group "floyd" +end + +# Create a service with differently named template files +runit_service "yerba" do + log_template_name "yerba-matte" + finish_script_template_name "yerba-matte" +end + +runit_service "yerba-alt" do + run_template_name "calabash" + default_logger true +end + +# Note: this won't update the run script for the above due to +# http://tickets.opscode.com/browse/COOK-2353 +runit_service "the other name for yerba-alt" do + service_name "yerba-alt" + default_logger true +end + + +# Create a service that should exist but be disabled +runit_service "exist-disabled" + +log "Created the exist-disabled service, now disable it" + +runit_service "exist-disabled" do + action :disable +end + +runit_service "other-cookbook-templates" do + cookbook "runit-other_test" +end + +unless platform_family?("rhel") + # Create a service that has a package with its own service directory + package "git-daemon-run" + + runit_service "git-daemon" do + sv_templates false + end +end + +# Despite waiting for runit to create supervise/ok, sometimes services +# are supervised, but not actually fully started +ruby_block "sleep 5s to allow services to be fully started" do + block do + sleep 5 + end +end + +# Notify the plain defaults service as a normal service resource +file "/tmp/notifier" do + content Time.now.to_s + notifies :restart, 'service[plain-defaults]', :immediately +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-calabash-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-calabash-run.erb new file mode 100644 index 000000000..09d47e936 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-calabash-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6712 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-run.erb new file mode 100644 index 000000000..cfc0908e9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6700 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-u.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-u.erb new file mode 100644 index 000000000..7cacd1e6c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-control-signals-u.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec echo "control signal up" >> /tmp/control-signals-up.out \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-default-svlog-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-default-svlog-run.erb new file mode 100644 index 000000000..edd2dbc50 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-default-svlog-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6701 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-run.erb new file mode 100644 index 000000000..3e005ae98 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-downed-service-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6702 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-run.erb new file mode 100644 index 000000000..110fa44f9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-env-files-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6703 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-run.erb new file mode 100644 index 000000000..67a5669d4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-exist-disabled-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6704 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-finish.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-finish.erb new file mode 100644 index 000000000..8f6b1d61b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-finish.erb @@ -0,0 +1,9 @@ +#!/bin/sh +code=$1 +status=$2 + +if [ $status -ne 0 ];then + echo "Finisher failed with ${code} on <%= node['fqdn'] %>" >> /tmp/finisher +else + echo "Finisher succeeded on <%= node['fqdn'] %>" +fi diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-run.erb new file mode 100644 index 000000000..1eb941774 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-finisher-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6705 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-run.erb new file mode 100644 index 000000000..068bb5d51 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-floyds-app-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6706 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-no-svlog-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-no-svlog-run.erb new file mode 100644 index 000000000..b642ce563 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-no-svlog-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6707 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-run.erb new file mode 100644 index 000000000..3b00c227f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-plain-defaults-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6708 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-run.erb new file mode 100644 index 000000000..1a25d1df3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-runsvdir-floyd-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec chpst -ufloyd runsvdir /home/floyd/service diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-run.erb new file mode 100644 index 000000000..141f8b15e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-template-options-run.erb @@ -0,0 +1,4 @@ +#!/bin/sh +# Options are <%= @options[:raspberry] %> +exec 2>&1 +exec nc -l 6710 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-finish.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-finish.erb new file mode 100644 index 000000000..4c4c0e138 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-finish.erb @@ -0,0 +1,9 @@ +#!/bin/sh +code=$1 +status=$2 + +if [ $status -ne 0 ];then + echo "Yerba failed with ${code} on <%= node['fqdn'] %>" >> /tmp/yerba +else + echo "Yerba succeeded on <%= node['fqdn'] %>" +fi diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-log-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-log-run.erb new file mode 100644 index 000000000..a79a518f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-matte-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-run.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-run.erb new file mode 100644 index 000000000..875726cf8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/kitchen/cookbooks/runit_test/templates/default/sv-yerba-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec nc -l 6711 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/provider_runit_service_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/provider_runit_service_spec.rb new file mode 100644 index 000000000..eee4bbcf2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/provider_runit_service_spec.rb @@ -0,0 +1,416 @@ +# +# Author:: Joshua Timberman +# Author:: Seth Chisamore +# +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..')) +require 'spec_helper' + +describe Chef::Provider::Service::Runit do + + subject(:provider) { Chef::Provider::Service::Runit.new(new_resource, run_context) } + + let(:sv_bin) { "/usr/bin/sv" } + let(:service_name) { "getty.service" } + let(:service_dir) { "/etc/service" } + let(:service_dir_name) { "#{service_dir}/#{service_name}" } + let(:service_status_command) { "#{sv_bin} status #{service_name}" } + let(:run_script) { File.join(service_dir, service_name, "run") } + let(:node) do + node = Chef::Node.new + node.automatic['platform'] = 'ubuntu' + node.automatic['platform_version'] = '12.04' + node.set['runit']['sv_bin'] = sv_bin + node + end + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + + let(:new_resource) { Chef::Resource::RunitService.new('getty.service') } + let(:current_resource) { Chef::Resource::RunitService.new('getty.service') } + + before do + provider.stub(:load_current_resource).and_return(current_resource) + provider.new_resource = new_resource + provider.current_resource = current_resource + end + + describe "#load_current_resource" do + + before do + provider.unstub(:load_current_resource) + end + + describe "runit is not installed" do + it "raises an exception" do + lambda { provider.load_current_resource }.should raise_error + end + end + + context "runit is installed" do + + let(:status_output) { "run: #{service_name}: (pid 29018) 3s; run: log: (pid 24470) 46882s" } + + before do + File.stub(:exist?).with(sv_bin).and_return(true) + File.stub(:executable?).with(sv_bin).and_return(true) + provider.stub(:shell_out) + .with(service_status_command) + .and_return(mock("ouput", :stdout => status_output, :exitstatus => 0)) + provider.load_current_resource + end + + describe "parsing sv status output" do + + context "returns a pid" do + let(:status_output) { "run: #{service_name}: (pid 29018) 3s; run: log: (pid 24470) 46882s" } + + it "sets resource running state to true" do + provider.current_resource.running.should be_true + end + end + + context "returns an empty pid" do + let(:status_output) { "down: #{service_name}: 2s, normally up; run: log: (pid 24470) 46250s" } + + it "sets resource running state to false" do + provider.current_resource.running.should be_false + end + end + end + + describe "checking for service run script" do + context "service run script is present in service_dir" do + before do + File.stub(:exists?).with(run_script).and_return(true) + provider.load_current_resource + end + + it "sets resource enabled state to true" do + provider.current_resource.enabled.should be_true + end + end + + context "service run script is missing" do + before do + File.stub(:exists?).with(run_script).and_return(false) + provider.load_current_resource + end + + it "sets resource enabled state to false" do + provider.current_resource.enabled.should be_false + end + end + end + end + end + + describe "actions" do + describe "start" do + + before do + provider.current_resource.running(false) + end + + %w{start up once cont}.each do |action| + it "sends the #{action} command to the sv binary" do + provider.should_receive(:shell_out!).with("#{sv_bin} #{action} #{service_dir_name}") + provider.run_action(action.to_sym) + end + end + end + + describe 'action_usr1' do + it 'sends the usr1 signal to the sv binary' do + provider.should_receive(:shell_out!).with("#{sv_bin} 1 #{service_dir_name}") + provider.run_action(:usr1) + end + end + + describe 'action_usr2' do + it 'sends the usr2 signal to the sv binary' do + provider.should_receive(:shell_out!).with("#{sv_bin} 2 #{service_dir_name}") + provider.run_action(:usr2) + end + end + + describe 'actions that manage a running service' do + before do + provider.current_resource.running(true) + end + + %w{stop down restart hup int term kill quit}.each do |action| + it "sends the '#{action}' command to the sv binary" do + provider.should_receive(:shell_out!).with("#{sv_bin} #{action} #{service_dir_name}") + provider.run_action(action.to_sym) + end + end + + describe 'action_reload' do + it "sends the 'force-reload' command to the sv binary" do + provider.should_receive(:shell_out!).with("#{sv_bin} force-reload #{service_dir_name}") + provider.run_action(:reload) + end + end + end + + describe 'action_disable' do + before do + provider.current_resource.enabled(true) + end + + it 'disables the service by running the down command and removing the symlink' do + provider.should_receive(:shell_out).with("#{sv_bin} down #{service_dir_name}") + FileUtils.should_receive(:rm).with(service_dir_name) + provider.run_action(:disable) + end + end + + describe "action_enable" do + let(:sv_dir_name) { ::File.join(new_resource.sv_dir, new_resource.service_name) } + + before(:each) do + provider.current_resource.enabled(false) + FileTest.stub(:pipe?).with("#{service_dir_name}/supervise/ok").and_return(true) + end + + it 'creates the sv_dir directory' do + provider.send(:sv_dir).path.should eq(sv_dir_name) + provider.send(:sv_dir).recursive.should be_true + provider.send(:sv_dir).owner.should eq(new_resource.owner) + provider.send(:sv_dir).group.should eq(new_resource.group) + provider.send(:sv_dir).mode.should eq(00755) + end + + it 'creates the run script template' do + provider.send(:run_script).path.should eq(::File.join(sv_dir_name, 'run')) + provider.send(:run_script).owner.should eq(new_resource.owner) + provider.send(:run_script).group.should eq(new_resource.group) + provider.send(:run_script).mode.should eq(00755) + provider.send(:run_script).source.should eq("sv-#{new_resource.service_name}-run.erb") + provider.send(:run_script).cookbook.should be_empty + end + + it 'sets up the supervised log directory and run script' do + provider.send(:log_dir).path.should eq(::File.join(sv_dir_name, 'log')) + provider.send(:log_dir).recursive.should be_true + provider.send(:log_dir).owner.should eq(new_resource.owner) + provider.send(:log_dir).group.should eq(new_resource.group) + provider.send(:log_dir).mode.should eq(00755) + provider.send(:log_main_dir).path.should eq(::File.join(sv_dir_name, 'log', 'main')) + provider.send(:log_main_dir).recursive.should be_true + provider.send(:log_main_dir).owner.should eq(new_resource.owner) + provider.send(:log_main_dir).group.should eq(new_resource.group) + provider.send(:log_main_dir).mode.should eq(00755) + provider.send(:log_run_script).path.should eq(::File.join(sv_dir_name, 'log', 'run')) + provider.send(:log_run_script).owner.should eq(new_resource.owner) + provider.send(:log_run_script).group.should eq(new_resource.group) + provider.send(:log_run_script).mode.should eq(00755) + provider.send(:log_run_script).source.should eq("sv-#{new_resource.log_template_name}-log-run.erb") + provider.send(:log_run_script).cookbook.should be_empty + end + + it 'creates log/run with default content if default_logger parameter is true' do + script_content = "exec svlogd -tt /var/log/#{new_resource.service_name}" + new_resource.default_logger(true) + provider.send(:log_run_script).path.should eq(::File.join(sv_dir_name, 'log', 'run')) + provider.send(:log_run_script).owner.should eq(new_resource.owner) + provider.send(:log_run_script).group.should eq(new_resource.group) + provider.send(:log_run_script).mode.should eq(00755) + provider.send(:log_run_script).content.should include(script_content) + provider.send(:default_log_dir).path.should eq(::File.join('/var', 'log', new_resource.service_name)) + provider.send(:default_log_dir).recursive.should be_true + provider.send(:default_log_dir).owner.should eq(new_resource.owner) + provider.send(:default_log_dir).group.should eq(new_resource.group) + provider.send(:default_log_dir).mode.should eq(00755) + end + + it 'creates env directory and files' do + provider.send(:env_dir).path.should eq(::File.join(sv_dir_name, 'env')) + provider.send(:env_dir).owner.should eq(new_resource.owner) + provider.send(:env_dir).group.should eq(new_resource.group) + provider.send(:env_dir).mode.should eq(00755) + new_resource.env({'PATH' => '$PATH:/usr/local/bin'}) + provider.send(:env_files)[0].path.should eq(::File.join(sv_dir_name, 'env', 'PATH')) + provider.send(:env_files)[0].owner.should eq(new_resource.owner) + provider.send(:env_files)[0].group.should eq(new_resource.group) + provider.send(:env_files)[0].content.should eq('$PATH:/usr/local/bin') + end + + it 'creates a finish script as a template if finish_script parameter is true' do + provider.send(:finish_script).path.should eq(::File.join(sv_dir_name, 'finish')) + provider.send(:finish_script).owner.should eq(new_resource.owner) + provider.send(:finish_script).group.should eq(new_resource.group) + provider.send(:finish_script).mode.should eq(00755) + provider.send(:finish_script).source.should eq("sv-#{new_resource.finish_script_template_name}-finish.erb") + provider.send(:finish_script).cookbook.should be_empty + end + + it 'creates control directory and signal files' do + provider.send(:control_dir).path.should eq(::File.join(sv_dir_name, 'control')) + provider.send(:control_dir).owner.should eq(new_resource.owner) + provider.send(:control_dir).group.should eq(new_resource.group) + provider.send(:control_dir).mode.should eq(00755) + new_resource.control(['s']) + provider.send(:control_signal_files)[0].path.should eq(::File.join(sv_dir_name, 'control', 's')) + provider.send(:control_signal_files)[0].owner.should eq(new_resource.owner) + provider.send(:control_signal_files)[0].group.should eq(new_resource.group) + provider.send(:control_signal_files)[0].mode.should eq(00755) + provider.send(:control_signal_files)[0].source.should eq("sv-#{new_resource.control_template_names['s']}-s.erb") + provider.send(:control_signal_files)[0].cookbook.should be_empty + end + + it 'creates a symlink for LSB script compliance unless the platform is debian' do + node.automatic['platform'] = 'not_debian' + provider.send(:lsb_init).path.should eq(::File.join('/etc', 'init.d', new_resource.service_name)) + provider.send(:lsb_init).to.should eq(sv_bin) + end + + it 'creates an init script as a template for LSB compliance if the platform is debian' do + node.automatic['platform'] = 'debian' + provider.send(:lsb_init).path.should eq(::File.join('/etc', 'init.d', new_resource.service_name)) + provider.send(:lsb_init).owner.should eq('root') + provider.send(:lsb_init).group.should eq('root') + provider.send(:lsb_init).mode.should eq(00755) + provider.send(:lsb_init).cookbook.should eq('runit') + provider.send(:lsb_init).source.should eq('init.d.erb') + provider.send(:lsb_init).variables.should have_key(:options) + provider.send(:lsb_init).variables[:options].should eq(new_resource.options) + end + + it 'does not create anything in the sv_dir if it is nil or false' do + current_resource.stub(:enabled).and_return(false) + new_resource.stub(:sv_templates).and_return(false) + provider.should_not_receive(:sv_dir) + provider.send(:run_script).should_not_receive(:run_action).with(:create) + provider.should_not_receive(:log) + provider.should_not_receive(:log_main_dir) + provider.should_not_receive(:log_run_script) + provider.send(:lsb_init).should_receive(:run_action).with(:create) + provider.send(:service_link).should_receive(:run_action).with(:create) + provider.run_action(:enable) + end + + it 'creates a symlink from the sv dir to the service' do + provider.send(:service_link).path.should eq(service_dir_name) + provider.send(:service_link).to.should eq(sv_dir_name) + end + + it 'enables the service with memoized resource creation methods' do + current_resource.stub(:enabled).and_return(false) + provider.send(:sv_dir).should_receive(:run_action).with(:create) + provider.send(:run_script).should_receive(:run_action).with(:create) + provider.send(:log_dir).should_receive(:run_action).with(:create) + provider.send(:log_main_dir).should_receive(:run_action).with(:create) + provider.send(:log_run_script).should_receive(:run_action).with(:create) + provider.send(:lsb_init).should_receive(:run_action).with(:create) + provider.send(:service_link).should_receive(:run_action).with(:create) + provider.run_action(:enable) + end + + describe "run_script template changes" do + before do + provider.stub(:configure_service) + provider.stub(:enable_service) + end + + context "run_script is updated" do + before { provider.send(:run_script).stub(:updated_by_last_action?).and_return(true) } + + context "restart_on_update attributre is true" do + before { new_resource.restart_on_update(true) } + + it "restarts the service" do + provider.should_receive(:restart_service) + provider.run_action(:enable) + end + end + + context "restart_on_update attribute is false" do + before { new_resource.restart_on_update(false) } + + it "does not restart the service" do + provider.should_not_receive(:restart_service) + provider.run_action(:enable) + end + end + end + + context "run script is unchanged" do + before { provider.send(:run_script).stub(:updated_by_last_action?).and_return(false) } + + context "restart_on_update attributre is true" do + before { new_resource.restart_on_update(true) } + + it "does not restart the service" do + provider.should_not_receive(:restart_service) + provider.run_action(:enable) + end + end + + context "restart_on_update attribute is false" do + before { new_resource.restart_on_update(false) } + + it "does not restart the service" do + provider.should_not_receive(:restart_service) + provider.run_action(:enable) + end + end + end + end + + context 'new resource conditionals' do + before(:each) do + current_resource.stub(:enabled).and_return(false) + provider.send(:sv_dir).stub(:run_action).with(:create) + provider.send(:run_script).stub(:run_action).with(:create) + provider.send(:lsb_init).stub(:run_action).with(:create) + provider.send(:service_link).stub(:run_action).with(:create) + provider.send(:log_dir).stub(:run_action).with(:create) + provider.send(:log_main_dir).stub(:run_action).with(:create) + provider.send(:log_run_script).stub(:run_action).with(:create) + end + + it 'doesnt create the log dir or run script if log is false' do + new_resource.stub(:log).and_return(false) + provider.should_not_receive(:log) + provider.run_action(:enable) + end + + it 'creates the env dir and config files if env is set' do + new_resource.stub(:env).and_return({'PATH' => '/bin'}) + provider.send(:env_dir).should_receive(:run_action).with(:create) + provider.send(:env_files).should_receive(:each).once + provider.run_action(:enable) + end + + it 'creates the control dir and signal files if control is set' do + new_resource.stub(:control).and_return(['s', 'u']) + provider.send(:control_dir).should_receive(:run_action).with(:create) + provider.send(:control_signal_files).should_receive(:each).once + provider.run_action(:enable) + end + + it 'does not create the service_link on gentoo' do + node.automatic['platform'] = 'gentoo' + provider.should_not_receive(:service_link) + provider.run_action(:enable) + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/resource_runit_service_spec.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/resource_runit_service_spec.rb new file mode 100644 index 000000000..2615a983b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/libraries/resource_runit_service_spec.rb @@ -0,0 +1,231 @@ +# +# Author:: Joshua Timberman +# Author:: Seth Chisamore +# +# Copyright:: Copyright (c) 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..')) +require 'spec_helper' + +describe Chef::Resource::RunitService do + + subject(:resource) { Chef::Resource::RunitService.new(service_name, run_context) } + + let(:service_name) { 'getty.service' } + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + + its(:class) { should be Chef::Resource::RunitService } + its(:resource_name) { should eq(:runit_service)} + its(:provider) { should eq(Chef::Provider::Service::Runit) } + its(:service_name) { should eq('getty.service') } + its(:sv_dir) { should eq('/etc/sv') } + its(:sv_bin) { should eq("/usr/bin/sv") } + + describe "setting supported default values from node attributes" do + let(:sv_bin) { "/fake/bin/sv_bin" } + let(:sv_dir) { "/fake/sv_dir/path" } + let(:service_dir) { "/fake/service_dir" } + let(:node) do + node = Chef::Node.new + node.set['runit']['sv_bin'] = sv_bin + node.set['runit']['sv_dir'] = sv_dir + node.set['runit']['service_dir'] = service_dir + node + end + + its(:sv_bin) { should eq sv_bin } + its(:sv_dir) { should eq sv_dir } + its(:service_dir) { should eq service_dir } + end + + describe "backward compatiblility hack" do + + let(:simple_service_name) { "service[#{service_name}]" } + + it "creates a simple service with the same name" do + resource_collection = resource.run_context.resource_collection + simple_service = resource_collection.find(simple_service_name) + simple_service.to_s.should eq(simple_service_name) + simple_service.class.should be Chef::Resource::Service + simple_service.provider.should be Chef::Provider::Service::Simple + end + + end + + it 'has an sv_dir parameter that can be set' do + resource.sv_dir('/var/lib/sv') + resource.sv_dir.should eq('/var/lib/sv') + end + + it 'allows sv_dir parameter to be set false (so users can use an existing sv dir)' do + resource.sv_dir(false) + resource.sv_dir.should be_false + end + + it 'has a service_dir parameter set to /etc/service by default' do + resource.service_dir.should eq('/etc/service') + end + + it 'has a service_dir parameter that can be set' do + resource.service_dir('/var/service') + resource.service_dir.should eq('/var/service') + end + + it 'has a control parameter that can be set as an array of service control characters' do + resource.control(['s', 'u']) + resource.control.should eq(['s', 'u']) + end + + it 'has an options parameter that can be set as a hash of arbitrary options' do + resource.options({:binary => '/usr/bin/noodles'}) + resource.options.should have_key(:binary) + resource.options[:binary].should eq('/usr/bin/noodles') + end + + it 'has an env parameter that can be set as a hash of environment variables' do + resource.env({'PATH' => '$PATH:/usr/local/bin'}) + resource.env.should have_key('PATH') + resource.env['PATH'].should include('/usr/local/bin') + end + + it 'adds :env_dir to options if env is set' do + resource.env({'PATH' => '/bin'}) + resource.options.should have_key(:env_dir) + resource.options[:env_dir].should eq(::File.join(resource.sv_dir, resource.service_name, 'env')) + end + + it 'has a log parameter to control whether a log service is setup' do + resource.log.should be_true + end + + it 'has a log parameter that can be set to false' do + resource.log(false) + resource.log.should be_false + end + + it 'raises an exception if the log parameter is set to nil' do + resource.log(nil) + resource.log.should raise_exception + end + + it 'has a cookbook parameter that can be set' do + resource.cookbook('noodles') + resource.cookbook.should eq('noodles') + end + + it 'has a finish parameter that is false by default' do + resource.finish.should be_false + end + + it 'hash a finish parameter that controls whether a finish script is created' do + resource.finish(true) + resource.finish.should be_true + end + + it 'has an owner parameter that can be set' do + resource.owner('monkey') + resource.owner.should eq('monkey') + end + + it 'has a group parameter that can be set' do + resource.group('primates') + resource.group.should eq('primates') + end + + it 'has an enabled parameter to determine if the current resource is enabled' do + resource.enabled.should be_false + end + + it 'has a running parameter to determine if the current resource is running' do + resource.running.should be_false + end + + it 'has a default_logger parameter that is false by default' do + resource.default_logger.should be_false + end + + it 'has a default_logger parameter that controls whether a default log template should be created' do + resource.default_logger(true) + resource.default_logger.should be_true + end + + it 'has a restart_on_update parameter that is true by default' do + resource.restart_on_update.should be_true + end + + it 'has a restart_on_update parameter that controls whether a the service is restarted when the run script is updated' do + resource.restart_on_update(false) + resource.restart_on_update.should be_false + end + + it 'sets the run_template_name to the service_name by default' do + resource.run_template_name.should eq(resource.service_name) + end + + it 'sets the log_template_name to the service_name by default' do + resource.log_template_name.should eq(resource.service_name) + end + + it 'has a run_template_name parameter to allow a custom template name for the run run script' do + resource.run_template_name('foo_bar') + resource.run_template_name.should eq('foo_bar') + end + + it 'has a template_name parameter to allow a custom template name for the run run script for backwards compatiblility' do + resource.template_name('foo_baz') + resource.run_template_name.should eq('foo_baz') + end + + it 'has a log_template_name parameter to allow a custom template name for the log run script' do + resource.log_template_name('write_noodles') + resource.log_template_name.should eq('write_noodles') + end + + it 'sets the control_template_names for each control character to the service_name by default' do + resource.control(['s', 'u']) + resource.control_template_names.should have_key('s') + resource.control_template_names.should have_key('u') + resource.control_template_names['s'].should eq(resource.service_name) + resource.control_template_names['u'].should eq(resource.service_name) + end + + it 'has a control_template_names parameter to allow custom template names for the control scripts' do + resource.control_template_names({ + 's' => 'banana_start', + 'u' => 'noodle_up' + }) + resource.control_template_names.should have_key('s') + resource.control_template_names.should have_key('u') + resource.control_template_names['s'].should eq('banana_start') + resource.control_template_names['u'].should eq('noodle_up') + end + + it 'sets the finish_script_template_name to the service_name by default' do + resource.finish_script_template_name.should eq(resource.service_name) + end + + it 'has a finish_script_template_name parameter to allow a custom template name for the finish script' do + resource.finish_script_template_name('eat_bananas') + resource.finish_script_template_name.should eq('eat_bananas') + end + + it 'has a sv_templates parameter to control whether the sv_dir templates are created' do + resource.sv_templates(false) + resource.sv_templates.should be_false + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/spec_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/spec_helper.rb new file mode 100644 index 000000000..a4f52b1b0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/runit/test/spec/spec_helper.rb @@ -0,0 +1,26 @@ + +require 'chef/platform' +require 'chef/run_context' +require 'chef/resource' +require 'chef/resource/service' +require 'chef/provider/service/simple' + +$:.unshift(File.join(File.dirname(__FILE__), "..", "..", "libraries")) +require 'provider_runit_service' +require 'resource_runit_service' + +RSpec.configure do |config| + # Use color in STDOUT + config.color_enabled = true + + # Use color not only in STDOUT but also in pagers and files + config.tty = true + + # Use the specified formatter + config.formatter = :documentation # :progress, :html, :textmate + + # :focus support to allow zooming in a single test/block + config.filter_run :focus => true + config.run_all_when_everything_filtered = true + config.treat_symbols_as_metadata_keys_with_true_values = true +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CHANGELOG.md new file mode 100644 index 000000000..292d83de2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CHANGELOG.md @@ -0,0 +1,17 @@ +## v0.5.6: + +* [COOK-2124] - enforcing recipe fails if selinux is disabled + +## v0.5.4: + +* [COOK-1277] - disabled recipe fails on systems w/o selinux installed + +## v0.5.2: + +* [COOK-789] - fix dangling commas causing syntax error on some rubies + +## v0.5.0: + +* [COOK-678] - add the selinux cookbook to the repository +* Use main selinux config file (/etc/selinux/config) +* Use getenforce instead of selinuxenabled for enforcing and permissive diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/README.md new file mode 100644 index 000000000..2e05b7cdb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/README.md @@ -0,0 +1,51 @@ +Description +=========== + +Provides recipes for manipulating selinux policy enforcement + +Requirements +============ + +RHEL family distribution or other Linux system that uses SELinux. + +## Platform: + +Tested on RHEL 5.6, 6.0 and 6.1. + +Usage +===== + +SELinux is enforcing by default on RHEL family distributions, however the use of SELinux has complicated considerations when using configuration management. Often, users are recommended to set SELinux to permissive mode, or disabled completely. To ensure that SELinux is permissive or disabled, choose the appropriate recipe (`selinux::permissive`, `selinux::disabled`) and apply it to the node early in the run list. For example in a `base` role used by all RHEL systems: + + name "base" + description "Base role applied to all nodes." + run_list( + "recipe[selinux::permissive]", + ) + +Roadmap +======= + +Use a node attribute to determine which recipe to load automatically from selinux::default. + +Add LWRP/Libraries for manipulating security contexts for files and services managed by Chef. + +License and Author +================== + +Author:: Sean OMeara () +Author:: Joshua Timberman () + +Copyright:: 2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.json new file mode 100644 index 000000000..7631d7047 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.json @@ -0,0 +1,29 @@ +{ + "name": "selinux", + "description": "Installs/Configures selinux", + "long_description": "Description\n===========\n\nProvides recipes for manipulating selinux policy enforcement\n\nRequirements\n============\n\nRHEL family distribution or other Linux system that uses SELinux.\n\n## Platform:\n\nTested on RHEL 5.6, 6.0 and 6.1.\n\nUsage\n=====\n\nSELinux is enforcing by default on RHEL family distributions, however the use of SELinux has complicated considerations when using configuration management. Often, users are recommended to set SELinux to permissive mode, or disabled completely. To ensure that SELinux is permissive or disabled, choose the appropriate recipe (`selinux::permissive`, `selinux::disabled`) and apply it to the node early in the run list. For example in a `base` role used by all RHEL systems:\n\n name \"base\"\n description \"Base role applied to all nodes.\"\n run_list(\n \"recipe[selinux::permissive]\",\n )\n\nRoadmap\n=======\n\nUse a node attribute to determine which recipe to load automatically from selinux::default.\n\nAdd LWRP/Libraries for manipulating security contexts for files and services managed by Chef.\n\nLicense and Author\n==================\n\nAuthor:: Sean OMeara ()\nAuthor:: Joshua Timberman ()\n\nCopyright:: 2011, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "someara@opscode.com", + "license": "Apache", + "platforms": { + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + }, + "version": "0.5.6" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.rb new file mode 100644 index 000000000..9d26a2d50 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/metadata.rb @@ -0,0 +1,7 @@ +name "selinux" +maintainer "Opscode, Inc." +maintainer_email "someara@opscode.com" +license "Apache" +description "Installs/Configures selinux" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.5.6" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/default.rb new file mode 100644 index 000000000..ecf791267 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: selinux +# Recipe:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/disabled.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/disabled.rb new file mode 100644 index 000000000..a47c7b1e2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/disabled.rb @@ -0,0 +1,35 @@ +# +# Author:: Sean OMeara () +# Cookbook Name:: selinux +# Recipe:: disabled +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +execute "disable selinux enforcement" do + only_if "which selinuxenabled && selinuxenabled" + command "setenforce 0" + action :run + notifies :create, "template[/etc/selinux/config]" +end + +template "/etc/selinux/config" do + source "sysconfig/selinux.erb" + variables( + :selinux => "disabled", + :selinuxtype => "targeted" + ) + action :nothing +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/enforcing.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/enforcing.rb new file mode 100644 index 000000000..aa83d80ac --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/enforcing.rb @@ -0,0 +1,33 @@ +# +# Author:: Sean OMeara () +# Cookbook Name:: selinux +# Recipe:: enforcing +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +execute "enable selinux enforcement" do + not_if "getenforce | egrep -qx 'Enforcing|Disabled'" + command "setenforce 1" + action :run +end + +template "/etc/selinux/config" do + source "sysconfig/selinux.erb" + variables( + :selinux => "enforcing", + :selinuxtype => "targeted" + ) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/permissive.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/permissive.rb new file mode 100644 index 000000000..aa5095633 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/recipes/permissive.rb @@ -0,0 +1,35 @@ +# +# Author:: Sean OMeara () +# Cookbook Name:: selinux +# Recipe:: permissive +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +execute "enable selinux as permissive" do + not_if "getenforce | egrep -qx 'Permissive|Disabled'" + command "setenforce 0" + ignore_failure true + action :run +end + +template "/etc/selinux/config" do + source "sysconfig/selinux.erb" + not_if "getenforce | grep -qx 'Disabled'" + variables( + :selinux => "permissive", + :selinuxtype => "targeted" + ) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/templates/default/sysconfig/selinux.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/templates/default/sysconfig/selinux.erb new file mode 100644 index 000000000..2b393f0aa --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/selinux/templates/default/sysconfig/selinux.erb @@ -0,0 +1,11 @@ +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - SELinux is fully disabled. +SELINUX=<%= @selinux %> +# SELINUXTYPE= type of policy in use. Possible values are: +# targeted - Only targeted network daemons are protected. +# strict - Full SELinux protection. +SELINUXTYPE=<%= @selinuxtype %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/README.md new file mode 100644 index 000000000..c093808e5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/README.md @@ -0,0 +1,69 @@ +# DESCRIPTION + +Chef cookbook to install [Etsy's +StatsD](https://github.com/etsy/statsd) daemon. Supports the new +pluggable backend modules. + +# REQUIREMENTS + +Depends on the cookbooks: + + * git + * nodejs + +# ATTRIBUTES + +## Basic attributes + + * `repo`: Location of statsd repo (defaults to Etsy's). + * `log_file`: Where to log output (defaults to: + `/var/log/statsd.log`). + * `flush_interval_msecs`: Flush interval in msecs (default 10000). + * `port`: Port to listen for UDP stats (default 8125). + +## Graphite settings + + * `graphite_enabled`: Enable the built-in Graphite backend (default true). + * `graphite_port`: Port to talk to Graphite on (default 2003). + * `graphite_host`: Host name of Graphite server (default localhost). + +## Adding backends + +Set the attribute `backends` to a hash of statsd NPM module +backends. The hash key is the name of the NPM module, while the hash +value is the version of the NPM module to install (or null for latest +version). + +For example, to use version 0.0.1 of [statsd-librato-backend][]: + + attrs[:statsd][:backends] = { 'statsd-librato-backend' => '0.0.1' } + +To use the latest version of statsd-librato-backend: + + attrs[:statsd][:backends] = { 'statsd-librato-backend' => nil } + +The cookbook will install each backend module under the statsd +directory and add it to the list of backends loaded in the +configuration file. + +### Extra backend configuration + +Set the attribute `extra_config` to any additional configuration +options that should be included in the StatsD configuration file. + +For example, to set your email and token for the +[statsd-librato-backend][] backend module, use the following: + +```js + attrs[:statsd][:extra_config] => { + 'librato' => { + 'email' => 'myemail@example.com', + 'token' => '1234567890ABCDEF' + } + } +``` + +# USAGE + + +[statsd-librato-backend]: https://github.com/librato/statsd-librato-backend diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/attributes/default.rb new file mode 100644 index 000000000..e3cfab434 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/attributes/default.rb @@ -0,0 +1,32 @@ +default[:statsd][:repo] = "git://github.com/etsy/statsd.git" +default[:statsd][:revision] = "master" + +default[:statsd][:log_file] = "/var/log/statsd.log" + +default[:statsd][:flush_interval_msecs] = 10000 +default[:statsd][:port] = 8125 + +# Is the graphite backend enabled? +default[:statsd][:graphite_enabled] = true +default[:statsd][:graphite_port] = 2003 +default[:statsd][:graphite_host] = "localhost" + +# +# Add all NPM module backends here. Each backend should be a +# hash of the backend's name to the NPM module's version. If we +# should just use the latest, set the hash to null. +# +# For example, to use version 0.0.1 of statsd-librato-backend: +# +# attrs[:statsd][:backends] = { 'statsd-librato-backend' => '0.0.1' } +# +# To use the latest version of statsd-librato-backend: +# +# attrs[:statsd][:backends] = { 'statsd-librato-backend' => nil } +# +default[:statsd][:backends] = {} + +# +# Add any additional backend configuration here. +# +default[:statsd][:extra_config] = {} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/files/default/upstart.conf b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/files/default/upstart.conf new file mode 100644 index 000000000..b9b05b2d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/files/default/upstart.conf @@ -0,0 +1,16 @@ +description "statsd" +author "Librato" + +start on runlevel [2345] +stop on runlevel [!2345] + +env SL_NAME=statsd + +respawn + +script + # We found $HOME is needed. Without it, we ran into problems + export HOME="/root" + + exec sudo -u statsd /usr/share/statsd/scripts/start +end script diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/metadata.rb new file mode 100644 index 000000000..d67b7cffc --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/metadata.rb @@ -0,0 +1,12 @@ +maintainer "Mike Heffner" +maintainer_email "mike@librato.com" +license "Apache 2.0" +description "Installs/Configures statsd" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.1.1" + +depends "build-essential" +depends "git" +depends "nodejs", ">= 0.5.2" + +supports "ubuntu" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/recipes/default.rb new file mode 100644 index 000000000..41c6b26f6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/recipes/default.rb @@ -0,0 +1,110 @@ +# +# Cookbook Name:: statsd +# Recipe:: default +# +# Copyright 2011, Librato, Inc. +# + +include_recipe "nodejs" +include_recipe "git" + +git "/usr/share/statsd" do + repository node[:statsd][:repo] + revision node[:statsd][:revision] + action :sync +end + +execute "install dependencies" do + command "npm install -d" + cwd "/usr/share/statsd" +end + +backends = [] + +if node[:statsd][:graphite_enabled] + backends << "./backends/graphite" +end + +node[:statsd][:backends].each do |k, v| + if v + name = "#{k}@#{v}" + else + name= k + end + + execute "install npm module #{name}" do + command "npm install #{name}" + cwd "/usr/share/statsd" + end + + backends << k +end + +directory "/etc/statsd" do + action :create +end + +user "statsd" do + comment "statsd" + system true + shell "/bin/false" +end + +service "statsd" do + provider Chef::Provider::Service::Upstart + + restart_command "stop statsd; start statsd" + start_command "start statsd" + stop_command "stop statsd" + + supports :restart => true, :start => true, :stop => true +end + +template "/etc/statsd/config.js" do + source "config.js.erb" + mode 0644 + + config_hash = { + :flushInterval => node[:statsd][:flush_interval_msecs], + :port => node[:statsd][:port], + :backends => backends + }.merge(node[:statsd][:extra_config]) + + if node[:statsd][:graphite_enabled] + config_hash[:graphitePort] = node[:statsd][:graphite_port] + config_hash[:graphiteHost] = node[:statsd][:graphite_host] + end + + variables(:config_hash => config_hash) + + notifies :restart, resources(:service => "statsd") +end + +directory "/usr/share/statsd/scripts" do + action :create +end + +template "/usr/share/statsd/scripts/start" do + source "upstart.start.erb" + mode 0755 + + notifies :restart, resources(:service => "statsd") +end + +cookbook_file "/etc/init/statsd.conf" do + source "upstart.conf" + mode 0644 + + notifies :restart, resources(:service => "statsd") +end + +bash "create_log_file" do + code < diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/templates/default/upstart.start.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/templates/default/upstart.start.erb new file mode 100644 index 000000000..5a2b2bfde --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/statsd/templates/default/upstart.start.erb @@ -0,0 +1,6 @@ +#!/bin/bash +# Called by Upstart, /etc/init/statsd.conf + +export PATH=$PATH:/usr/local/bin + +node /usr/share/statsd/stats.js /etc/statsd/config.js 2>&1 >> <%= node[:statsd][:log_file] %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.kitchen.yml new file mode 100644 index 000000000..2630843f7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.kitchen.yml @@ -0,0 +1,46 @@ +--- +driver_plugin: vagrant + +platforms: +- name: ubuntu-12.04 + driver_config: + box: canonical-ubuntu-12.04 + box_url: http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box + require_chef_omnibus: true +- name: ubuntu-10.04 + driver_config: + box: opscode-ubuntu-10.04 + box_url: http://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-11.4.4.box +- name: centos-6.4 + driver_config: + box: opscode-centos-6.4 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_chef-11.4.4.box +- name: centos-5.9 + driver_config: + box: opscode-centos-5.9 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.9_chef-11.4.4.box + +suites: +- name: default + run_list: + - recipe[sysctl_test] + attributes: + sysctl: + params: + vm: + swappiness: 19 + net: + ipv4: + tcp_fin_timeout: 29 +- name: override_conf + run_list: + - recipe[sysctl_test] + attributes: + sysctl: + allow_sysctl_conf: true + params: + vm: + swappiness: 19 + net: + ipv4: + tcp_fin_timeout: 29 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.tailor b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.tailor new file mode 100644 index 000000000..faa2b00fd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.tailor @@ -0,0 +1,107 @@ +#------------------------------------------------------------------------------ +# Horizontal Whitespace +#------------------------------------------------------------------------------ +# allow_hard_tabs True to let hard tabs be considered a single space. +# Default: false +# +# allow_trailing_line_spaces +# True to skip detecting extra spaces at the ends of +# lines. +# Default: false +# +# indentation_spaces The number of spaces to consider a proper indent. +# Default: 2 +# +# max_line_length The maximum number of characters in a line before +# tailor complains. +# Default: 80 +# spaces_after_comma Number of spaces to expect after a comma. +# Default: 1 +# +# spaces_before_comma Number of spaces to expect before a comma. +# Default: 0 +# +# spaces_after_lbrace The number of spaces to expect after an lbrace ('{'). +# Default: 1 +# +# spaces_before_lbrace The number of spaces to expect before an lbrace ('{'). +# Default: 1 +# +# spaces_before_rbrace The number of spaces to expect before an rbrace ('}'). +# Default: 1 +# +# spaces_in_empty_braces The number of spaces to expect between braces when +# there's nothing in the braces (i.e. {}). +# Default: 0 +# +# spaces_after_lbracket The number of spaces to expect after an +# lbracket ('['). +# Default: 0 +# +# spaces_before_rbracket The number of spaces to expect before an +# rbracket (']'). +# Default: 0 +# +# spaces_after_lparen The number of spaces to expect after an +# lparen ('('). +# Default: 0 +# +# spaces_before_rparen The number of spaces to expect before an +# rbracket (')'). +# Default: 0 +# +#------------------------------------------------------------------------------ +# Naming +#------------------------------------------------------------------------------ +# allow_camel_case_methods +# Setting to true skips detection of camel-case method +# names (i.e. def myMethod). +# Default: false +# +# allow_screaming_snake_case_classes +# Setting to true skips detection of screaming +# snake-case class names (i.e. My_Class). +# Default: false +# +#------------------------------------------------------------------------------ +# Vertical Whitespace +#------------------------------------------------------------------------------ +# max_code_lines_in_class The number of lines of code in a class to allow before +# tailor will warn you. +# Default: 300 +# +# max_code_lines_in_method +# The number of lines of code in a method to allow +# before tailor will warn you. +# Default: 30 +# +# trailing_newlines The number of newlines that should be at the end of +# the file. +# Default: 1 +# +Tailor.config do |config| + config.formatters "text" + #config.recursive_file_set '*.rb', :cookbooks do |style| + config.file_set '**/**/*.rb', :cookbooks do |style| + style.allow_camel_case_methods false, level: :error + style.allow_hard_tabs false, level: :error + style.allow_screaming_snake_case_classes false, level: :error + style.allow_trailing_line_spaces false, level: :error + style.allow_invalid_ruby false, level: :warn + style.indentation_spaces 2, level: :error + style.max_code_lines_in_class 300, level: :error + style.max_code_lines_in_method 30, level: :warn + style.max_line_length 120, level: :warn + style.spaces_after_comma 1, level: :error + style.spaces_after_lbrace 0, level: :error + style.spaces_after_lbracket 0, level: :error + style.spaces_after_lparen 0, level: :error + style.spaces_before_comma 0, level: :error + style.spaces_before_lbrace 1, level: :error + style.spaces_before_rbrace 1, level: :error + style.spaces_before_rbracket 0, level: :error + style.spaces_before_rparen 0, level: :error + style.spaces_in_empty_braces 0, level: :error + style.trailing_newlines 1, level: :error + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.travis.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.travis.yml new file mode 100644 index 000000000..b6bc37d10 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/.travis.yml @@ -0,0 +1,6 @@ +language: ruby +rvm: + - 1.9.3 +bundler_args: --without integration development +script: bundle exec thor foodcritic:lint -f correctness +after_script: bundle exec thor tailor:lint diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile new file mode 100644 index 000000000..85738015e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile @@ -0,0 +1,20 @@ +site :opscode +#chef_api :config + +metadata + +group :test do + cookbook "apt" + cookbook "yum" + cookbook "minitest-handler" + + cookbook "sysctl_test", :path => "./test/kitchen/cookbooks/sysctl_test" + # https://github.com/opscode/test-kitchen/issues/28 +# require 'pathname' +# cb_dir = ::File.join('.', 'test', 'kitchen', 'cookbooks') +# if ::File.exist?(cb_dir) +# Pathname.new(cb_dir).children.select(&:directory?).each do |c| +# cookbook c.basename.to_s, :path => ::File.join(cb_dir, c.basename.to_s).to_s +# end +# end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile.lock new file mode 100644 index 000000000..1f66142a7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Berksfile.lock @@ -0,0 +1,7 @@ +cookbook 'test_sysctl', :path => '/srv/sysctl-cookbook/test/kitchen/cookbooks/test_sysctl' +cookbook 'sysctl', :path => '/srv/sysctl-cookbook' +cookbook 'apt', :locked_version => '1.9.0' +cookbook 'yum', :locked_version => '2.1.0' +cookbook 'minitest-handler', :locked_version => '0.1.7' +cookbook 'sysctl_test', :path => '/srv/sysctl-cookbook/test/kitchen/cookbooks/sysctl_test' +cookbook 'chef_handler', :locked_version => '1.1.4' \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CHANGELOG.md new file mode 100644 index 000000000..559d6a866 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CHANGELOG.md @@ -0,0 +1,27 @@ +## v0.3.2 + +* [GH-5] Fixed ImmutableAttributeModification (Mark Pimentel) +* Added LWRP integration tests for test kitchen +* LWRP now sets attributes on the node via node.default, not node.set allowing easier overrides by other cookbooks + +## v0.3.1 + +* Added attribute integration tests for test kitchen +* Added alpha RHEL/CentOS support +* Added Travis CI Builds +* Cleaned up foodcritic and tailor complaints + +## v0.3.0 + +There is a lot of talk about making one sysctl cookbook. Let's make it happen. + +* BREAKING CHANGE: use sysctl.params instead of sysctl.attributes to match LWRP and sysctl standard naming +* [GH-1] Remove 69-chef-static.conf +* New Maintainer: Sander van Zoest, OneHealth +* Update Development environment with Berkshelf, Vagrant, Test-Kitchen + +## v0.2.0: + +* [FB-3] - Notify procps start immediately +* [FB-4] - Dynamic configuration file. Add LWRP. +* [FB-5] - Allow Bignums as values diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CONTRIBUTING.md new file mode 100644 index 000000000..8e4ba7366 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/CONTRIBUTING.md @@ -0,0 +1,105 @@ +# Contributing to OneHealth Cookbooks + +We are glad you want to contribute to OneHealth Cookbooks! The first +step is the desire to improve the project. + +## Quick-contribute + +* Create an issue on the github [issue tracker](https://github.com/onehealth-cookbooks/sysctl/issues) +* Link to your patch as a rebased git branch or pull request from the ticket + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +### Branches and Commits + +You should submit your patch as a git branch named after the change. + +It is a best practice to have your commit message have a _summary +line_, followed by an empty line and then a brief description of +the commit. This also helps other contributors understand the +purpose of changes to the code. + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the issue tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the .kitchen.yml file, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. If a contribution adds +new platforms or platform versions, indicate such in the body of the commit message(s). + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, the maintainer +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +OneHealth will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile new file mode 100644 index 000000000..36fe2e554 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile @@ -0,0 +1,9 @@ +source "https://rubygems.org" + +#gem 'rb-fsevent', :group => :development +gem 'rb-inotify', :group => :development +gem 'berkshelf' +gem 'thor-foodcritic' +gem 'tailor' +gem 'test-kitchen', :git => 'git://github.com/opscode/test-kitchen.git', :branch => '1.0', :group => :integration +gem 'kitchen-vagrant', :group => :integration diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile.lock b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile.lock new file mode 100644 index 000000000..f50791cc6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Gemfile.lock @@ -0,0 +1,134 @@ +GIT + remote: git://github.com/opscode/test-kitchen.git + revision: afef0da3f08228346a8397b1f534f3d8f054434c + branch: 1.0 + specs: + test-kitchen (1.0.0.dev) + celluloid + mixlib-shellout + net-scp + net-ssh + pry + safe_yaml + thor + +GEM + remote: https://rubygems.org/ + specs: + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + addressable (2.3.4) + berkshelf (1.4.0) + activesupport (>= 3.2.0) + addressable + celluloid (>= 0.13.0) + chozo (>= 0.6.1) + faraday (>= 0.8.5) + hashie (>= 2.0.2) + json (>= 1.5.0) + minitar + mixlib-config (~> 1.1) + mixlib-shellout (~> 1.1) + multi_json (~> 1.5) + retryable + ridley (~> 0.9.0) + solve (>= 0.4.2) + thor (~> 0.18.0) + yajl-ruby + celluloid (0.13.0) + timers (>= 1.0.0) + chozo (0.6.1) + activesupport (>= 3.2.0) + hashie (>= 2.0.2) + multi_json (>= 1.3.0) + coderay (1.0.9) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + ffi (1.8.1) + foodcritic (2.1.0) + erubis + gherkin (~> 2.11.7) + nokogiri (~> 1.5.4) + rak (~> 1.4) + treetop (~> 1.4.10) + yajl-ruby (~> 1.1.0) + gherkin (2.11.8) + multi_json (~> 1.3) + hashie (2.0.3) + i18n (0.6.1) + json (1.7.7) + kitchen-vagrant (0.9.0) + test-kitchen (~> 1.0.0.alpha.2) + log_switch (0.4.0) + method_source (0.8.1) + minitar (0.5.4) + mixlib-authentication (1.3.0) + mixlib-log + mixlib-config (1.1.2) + mixlib-log (1.6.0) + mixlib-shellout (1.1.0) + multi_json (1.7.2) + multipart-post (1.2.0) + net-http-persistent (2.8) + net-scp (1.1.0) + net-ssh (>= 2.6.5) + net-ssh (2.6.7) + nokogiri (1.5.9) + polyglot (0.3.3) + pry (0.9.12.1) + coderay (~> 1.0.5) + method_source (~> 0.8) + slop (~> 3.4) + rak (1.4) + rb-inotify (0.9.0) + ffi (>= 0.5.0) + retryable (1.3.2) + ridley (0.9.0) + activesupport (>= 3.2.0) + addressable + celluloid (~> 0.13.0) + chozo (>= 0.6.0) + erubis + faraday (>= 0.8.4) + json (>= 1.5.0) + mixlib-authentication (>= 1.3.0) + mixlib-config (>= 1.1.0) + mixlib-log (>= 1.3.0) + mixlib-shellout (>= 1.1.0) + multi_json (>= 1.0.4) + net-http-persistent (>= 2.8) + net-ssh + retryable + solve (>= 0.4.1) + safe_yaml (0.9.1) + slop (3.4.4) + solve (0.4.2) + json + tailor (1.2.1) + log_switch (>= 0.3.0) + term-ansicolor (>= 1.0.5) + text-table (>= 1.2.2) + term-ansicolor (1.1.5) + text-table (1.2.3) + thor (0.18.1) + thor-foodcritic (0.2.0) + foodcritic + thor + timers (1.1.0) + treetop (1.4.12) + polyglot + polyglot (>= 0.3.1) + yajl-ruby (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + berkshelf + kitchen-vagrant + rb-inotify + tailor + test-kitchen! + thor-foodcritic diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/README.md new file mode 100644 index 000000000..e3f6c5154 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/README.md @@ -0,0 +1,81 @@ +# sysctl [![Build Status](https://travis-ci.org/onehealth-cookbooks/sysctl.png?branch=master)](https://travis-ci.org/onehealth-cookbooks/sysctl) + +Description +=========== + +Set [sysctl](http://en.wikipedia.org/wiki/Sysctl) system control parameters via Opscode Chef + + +Platforms +========= + +* Debian/Ubuntu +* RHEL/CentOS (work in progress) + +Usage +======= + +There are two main ways to interact with the cookbook. This is via chef [attributes](http://docs.opscode.com/essentials_cookbook_attribute_files.html) or via the provided [LWRP](http://docs.opscode.com/lwrp.html). + +## Attributes + +* node['sysctl']['params'] - A namespace for setting sysctl parameters +* node['sysctl']['conf_dir'] - Specifies the sysctl.d directory to be used. Defaults on Debian to /etc/sysctl.d, otherwise nil +* node['sysctl']['allow_sysctl_conf'] - Defaults to false. This will write params to /etc/sysctl.conf directly when set to true. + +## LWRP + +### sysctl_param + +Actions + +- apply (default) +- remove + +Attributes + +- key +- value + +## Examples + + # set vm.swapiness to 20 via attributes + + node.default['sysctl']['params']['vm']['swappiness'] = 20 + + # set vm.swapiness to 20 via sysctl_param LWRP + sysctl_param 'vm.swappiness' do + value 20 + end + + # remove sysctl parameter and set net.ipv4.tcp_fin_timeout back to default + sysctl_param 'net.ipv4.tcp_fin_timeout' do + value 30 + action :remove + end + +# Development + +This cookbook can be tested using vagrant, but it depends on the following vagrant plugins + +``` +vagrant plugin install vagrant-omnibus +vagrant plugin install vagrant-berkshelf +``` + +Tested with +* Vagrant (version 1.2.1) +* vagrant-berkshelf (1.2.0) +* vagrant-omnibus (1.0.2) + +# Links + +There are a lot of different documents that talk about system control parameters, the hope here is to point to some of the most useful ones to provide more guidance as to what the possible kernel parameters are and what they mean. + +* [Linux Kernel Sysctl](https://www.kernel.org/doc/Documentation/sysctl/) +* [Linux Kernel IP Sysctl](http://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt) +* [THE /proc FILESYSTEM (Jun 2009)](http://www.kernel.org/doc/Documentation/filesystems/proc.txt) +* [RHEL 5 VM/Page Cache Tuning Presentation (2009) pdf](http://people.redhat.com/dshaks/Larry_Shak_Perf_Summit1_2009_final.pdf) +* [Arch Linux SysCtl Tutorial (Feb 2013)](http://gotux.net/arch-linux/sysctl-config/) +* [Old RedHat System Tuning Overview (2001!)](http://people.redhat.com/alikins/system_tuning.html) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Thorfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Thorfile new file mode 100644 index 000000000..fedff7c13 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Thorfile @@ -0,0 +1,24 @@ +# encoding: utf-8 + +require 'bundler' +require 'bundler/setup' +require 'thor/foodcritic' +require 'berkshelf/thor' + +begin + require 'kitchen/thor_tasks' + Kitchen::ThorTasks.new +rescue LoadError + puts ">>>>> Kitchen gem not loaded, omitting tasks" unless ENV['CI'] +end + +class Tailor < Thor + require 'tailor/cli' + + desc "lint", "check style" + def lint + ::Tailor::Logger.log = false + tailor = ::Tailor::CLI.new [] + tailor.execute! + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Vagrantfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Vagrantfile new file mode 100644 index 000000000..ff2955cbb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/Vagrantfile @@ -0,0 +1,82 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + # All Vagrant configuration is done here. The most common configuration + # options are documented and commented below. For a complete reference, + # please see the online documentation at vagrantup.com. + + config.vm.hostname = "sysctl-berkshelf" + + # Every Vagrant virtual environment requires a box to build off of. + config.vm.box = "Berkshelf-CentOS-6.3-x86_64-minimal" + + # The url from where the 'config.vm.box' box will be fetched if it + # doesn't already exist on the user's system. + config.vm.box_url = "https://dl.dropbox.com/u/31081437/Berkshelf-CentOS-6.3-x86_64-minimal.box" + + # Assign this VM to a host-only network IP, allowing you to access it + # via the IP. Host-only networks can talk to the host machine as well as + # any other machines on the same network, but cannot be accessed (through this + # network interface) by any external networks. + config.vm.network :private_network, ip: "33.33.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + + # config.vm.network :public_network + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider :virtualbox do |vb| + # # Don't boot with headless mode + # vb.gui = true + # + # # Use VBoxManage to customize the VM. For example to change memory: + # vb.customize ["modifyvm", :id, "--memory", "1024"] + # end + # + # View the documentation for the provider you're using for more + # information on available options. + + config.ssh.max_tries = 40 + config.ssh.timeout = 120 + + # use berkshelf to pull in the cookbooks + config.berkshelf.enabled = true + + # The path to the Berksfile to use with Vagrant Berkshelf + # config.berkshelf.berksfile_path = "./Berksfile" + + # An array of symbols representing groups of cookbook described in the Vagrantfile + # to exclusively install and copy to Vagrant's shelf. + # config.berkshelf.only = [] + + # An array of symbols representing groups of cookbook described in the Vagrantfile + # to skip installing and copying to Vagrant's shelf. + # config.berkshelf.except = [] + + config.omnibus.chef_version = :latest + + config.vm.provision :chef_solo do |chef| + chef.json = { + } + + chef.run_list = [ + "recipe[sysctl::default]" + ] + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/attributes/default.rb new file mode 100644 index 000000000..fc4ed0c62 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/attributes/default.rb @@ -0,0 +1,8 @@ +case platform_family +when 'debian', 'rhel' + default['sysctl']['conf_dir'] = '/etc/sysctl.d' +else + default['sysctl']['conf_dir'] = nil +end +default['sysctl']['params'] = {} +default['sysctl']['allow_sysctl_conf'] = false diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/chefignore b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/chefignore new file mode 100644 index 000000000..a6de14221 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/chefignore @@ -0,0 +1,96 @@ +# Put files/directories that should be ignored in this file when uploading +# or sharing to the community site. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +Guardfile +Procfile + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Cookbooks # +############# +CONTRIBUTING +CHANGELOG* + +# Strainer # +############ +Colanderfile +Strainerfile +.colander +.strainer + +# Vagrant # +########### +.vagrant +Vagrantfile + +# Travis # +########## +.travis.yml diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/libraries/sysctl.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/libraries/sysctl.rb new file mode 100644 index 000000000..0823d7331 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/libraries/sysctl.rb @@ -0,0 +1,17 @@ +module Sysctl + class << self + def compile_attr(prefix, v) + case v + when Array + return "#{prefix}=#{v.join(" ")}" + when String, Fixnum, Bignum, Float, Symbol + "#{prefix}=#{v}" + when Hash, Chef::Node::Attribute + prefix += "." unless prefix.empty? + return v.map {|key, value| compile_attr("#{prefix}#{key}", value) }.flatten + else + raise Chef::Exceptions::UnsupportedAction, "Sysctl cookbook can't handle values of type: #{v.class}" + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.json new file mode 100644 index 000000000..80a6aa647 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.json @@ -0,0 +1,33 @@ +{ + "name": "sysctl", + "description": "Configures sysctl parameters", + "long_description": "# sysctl [![Build Status](https://travis-ci.org/onehealth-cookbooks/sysctl.png?branch=master)](https://travis-ci.org/onehealth-cookbooks/sysctl)\n\nDescription\n===========\n\nSet [sysctl](http://en.wikipedia.org/wiki/Sysctl) system control parameters via Opscode Chef\n\n\nPlatforms\n=========\n\n* Debian/Ubuntu\n* RHEL/CentOS (work in progress)\n\nUsage\n=======\n\nThere are two main ways to interact with the cookbook. This is via chef [attributes](http://docs.opscode.com/essentials_cookbook_attribute_files.html) or via the provided [LWRP](http://docs.opscode.com/lwrp.html).\n\n## Attributes\n\n* node['sysctl']['params'] - A namespace for setting sysctl parameters\n* node['sysctl']['conf_dir'] - Specifies the sysctl.d directory to be used. Defaults on Debian to /etc/sysctl.d, otherwise nil\n* node['sysctl']['allow_sysctl_conf'] - Defaults to false. This will write params to /etc/sysctl.conf directly when set to true.\n\n## LWRP\n\n### sysctl_param\n\nActions\n\n- apply (default)\n- remove\n\nAttributes\n\n- key\n- value\n\n## Examples\n\n # set vm.swapiness to 20 via attributes\n\n node.default['sysctl']['params']['vm']['swappiness'] = 20\n\n # set vm.swapiness to 20 via sysctl_param LWRP\n sysctl_param 'vm.swappiness' do\n value 20\n end\n\n # remove sysctl parameter and set net.ipv4.tcp_fin_timeout back to default\n sysctl_param 'net.ipv4.tcp_fin_timeout' do\n value 30\n action :remove\n end\n\n# Development\n\nThis cookbook can be tested using vagrant, but it depends on the following vagrant plugins\n\n```\nvagrant plugin install vagrant-omnibus\nvagrant plugin install vagrant-berkshelf\n```\n\nTested with \n* Vagrant (version 1.2.1)\n* vagrant-berkshelf (1.2.0)\n* vagrant-omnibus (1.0.2)\n\n# Links\n\nThere are a lot of different documents that talk about system control parameters, the hope here is to point to some of the most useful ones to provide more guidance as to what the possible kernel parameters are and what they mean.\n\n* [Linux Kernel Sysctl](https://www.kernel.org/doc/Documentation/sysctl/)\n* [Linux Kernel IP Sysctl](http://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt)\n* [THE /proc FILESYSTEM (Jun 2009)](http://www.kernel.org/doc/Documentation/filesystems/proc.txt)\n* [RHEL 5 VM/Page Cache Tuning Presentation (2009) pdf](http://people.redhat.com/dshaks/Larry_Shak_Perf_Summit1_2009_final.pdf)\n* [Arch Linux SysCtl Tutorial (Feb 2013)](http://gotux.net/arch-linux/sysctl-config/)\n* [Old RedHat System Tuning Overview (2001!)](http://people.redhat.com/alikins/system_tuning.html)\n\n", + "maintainer": "OneHealth Solutions, Inc.", + "maintainer_email": "cookbooks@onehealth.com", + "license": "Apache v2.0", + "platforms": { + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0", + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + }, + "version": "0.3.2" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.rb new file mode 100644 index 000000000..750364429 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/metadata.rb @@ -0,0 +1,10 @@ +name "sysctl" +maintainer "OneHealth Solutions, Inc." +maintainer_email "cookbooks@onehealth.com" +license "Apache v2.0" +description "Configures sysctl parameters" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.3.2" +%w(ubuntu debian redhat centos).each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/providers/param.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/providers/param.rb new file mode 100644 index 000000000..be18f0f14 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/providers/param.rb @@ -0,0 +1,47 @@ +def load_current_resource + new_resource.key new_resource.name unless new_resource.key +end + +action :apply do + key_path = new_resource.key.split('.') + sys_attrs = Mash.new(node.default['sysctl']['params'].to_hash) + location = key_path.slice(0, key_path.size - 1).inject(sys_attrs) do |m, o| + m[o] ||= {} + m[o] + end + unless(location[key_path.last] == new_resource.value) + location[key_path.last] = new_resource.value + execute "sysctl[#{new_resource.key}]" do + command "sysctl -w #{new_resource.key}=#{new_resource.value}" + not_if do + %x{sysctl -n #{new_resource.key}}.strip == new_resource.value.to_s + end + end + node.default['sysctl']['params'] = sys_attrs + new_resource.updated_by_last_action(true) + end +end + +action :remove do + key_path = new_resource.key.split('.') + sys_attrs = Mash.new(node.default['sysctl']['params'].to_hash) + location = key_path.slice(0, key_path.size - 1).inject(sys_attrs) do |m, o| + m.nil? ? nil : m[o] + end + if(location && location[key_path.last]) + location.delete(key_path.last) + if(location.empty?) + key_path.size.times do |i| + int_key = key_path.size - i - 1 + l = key_path.slice(0, int_key).inject(node['sysctl']['params']) do |m, o| + m.nil? ? nil : m[o] + end + if(l && l[key_path[int_key]] && l[key_path[int_key]].empty?) + l.delete(key_path[int_key]) + end + end + end + node.default['sysctl']['params'] = sys_attrs + new_resource.updated_by_last_action(true) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/recipes/default.rb new file mode 100644 index 000000000..a6419dac8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/recipes/default.rb @@ -0,0 +1,47 @@ +# +# Cookbook Name:: sysctl +# Recipe:: default +# +# Copyright 2011, Fewbytes Technologies LTD +# Copyright 2012, Chris Roberts +# Copyright 2013, OneHealth Solutions, Inc. +# + +template "/etc/rc.d/init.d/procps" do + source "procps.init-rhel.erb" + mode '0755' + only_if {platform_family?("rhel") } +end + +service "procps" + +sysctl_path = if(node['sysctl']['conf_dir']) + directory node['sysctl']['conf_dir'] do + owner "root" + group "root" + mode 0755 + action :create + end + File.join(node['sysctl']['conf_dir'], '99-chef-attributes.conf') +else + node['sysctl']['allow_sysctl_conf'] ? '/etc/sysctl.conf' : nil +end + +if(sysctl_path) + template sysctl_path do + action :nothing + source 'sysctl.conf.erb' + mode '0644' + notifies :start, "service[procps]", :immediately + only_if do + node['sysctl']['params'] && !node['sysctl']['params'].empty? + end + end + + ruby_block 'sysctl config notifier' do + block do + true + end + notifies :create, "template[#{sysctl_path}]", :delayed + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/resources/param.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/resources/param.rb new file mode 100644 index 000000000..b3d67cf23 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/resources/param.rb @@ -0,0 +1,5 @@ +actions :apply, :remove +default_action :apply + +attribute :key, :kind_of => String +attribute :value, :required => true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/procps.init-rhel.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/procps.init-rhel.erb new file mode 100644 index 000000000..b0d83f352 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/procps.init-rhel.erb @@ -0,0 +1,30 @@ +#!/bin/bash +# +# /etc/rc.d/init.d/procps +# +# description: procps compatible apply_sysctl +# +# this was installed by the sysctl cookbook +# http://community.opscode.com/cookbooks/sysctl + + +# Source function library. +. /etc/rc.d/init.d/functions + +case "$1" in + start) + apply_sysctl + ;; + stop) + ;; + restart) + apply_sysctl + ;; + reload) + apply_sysctl + ;; + *) + echo "Usage: procps [start|stop|reload]" + exit 1 + ;; +esac diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/sysctl.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/sysctl.conf.erb new file mode 100644 index 000000000..f4f6391c6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/sysctl/templates/default/sysctl.conf.erb @@ -0,0 +1,4 @@ +# Dynamically generated file dropped off by Chef! + +<%= Sysctl.compile_attr('', node[:sysctl][:params]).join("\n") %> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CHANGELOG.md new file mode 100644 index 000000000..1aa615158 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CHANGELOG.md @@ -0,0 +1,217 @@ +windows Cookbook CHANGELOG +======================= +This file is used to list changes made in each version of the windows cookbook. + + +v1.11.0 +------- +### Improvement +- **[COOK-3724](https://tickets.opscode.com/browse/COOK-3724)** - Rrecommend built-in resources over cookbook resources +- **[COOK-3515](https://tickets.opscode.com/browse/COOK-3515)** - Remove unprofessional comment from library +- **[COOK-3455](https://tickets.opscode.com/browse/COOK-3455)** - Add Windows Server 2012R2 to windows cookbook version helper + +### Bug +- **[COOK-3542](https://tickets.opscode.com/browse/COOK-3542)** - Fix an issue where `windows_zipfile` fails with LoadError +- **[COOK-3447](https://tickets.opscode.com/browse/COOK-3447)** - Allow Overriding Of The Default Reboot Timeout In windows_reboot_handler +- **[COOK-3382](https://tickets.opscode.com/browse/COOK-3382)** - Allow windows_task to create `on_logon` tasks +- **[COOK-2098](https://tickets.opscode.com/browse/COOK-2098)** - Fix and issue where the `windows_reboot` handler is ignoring the reboot time + +### New Feature +- **[COOK-3458](https://tickets.opscode.com/browse/COOK-3458)** - Add support for `start_date` and `start_time` in `windows_task` + + +v1.10.0 +------- +### Improvement + +- [COOK-3126]: `windows_task` should support the on start frequency +- [COOK-3127]: Support the force option on task create and delete + +v1.9.0 +------ +### Bug + +- [COOK-2899]: windows_feature fails when a feature install requires a + reboot +- [COOK-2914]: Foodcritic failures in Cookbooks +- [COOK-2983]: windows cookbook has foodcritic failures + +### Improvement + +- [COOK-2686]: Add Windows Server 2012 to version.rb so other + depending chef scripts can detect Windows Server 2012 + +v1.8.10 +------- +When using Windows qualified filepaths (C:/foo), the #absolute? method +for URI returns true, because "C" is the scheme. + +This change checks that the URI is http or https scheme, so it can be +passed off to remote_file appropriately. + +* [COOK-2729] - allow only http, https URI schemes + +v1.8.8 +------ +* [COOK-2729] - helper should use URI rather than regex and bare string + +v1.8.6 +------ +* [COOK-968] - `windows_package` provider should gracefully handle paths with spaces +* [COOK-222] - `windows_task` resource does not declare :change action +* [COOK-241] - Windows cookbook should check for redefined constants +* [COOK-248] - Windows package install type is case sensitive + +v1.8.4 +------ +* [COOK-2336] - MSI That requires reboot returns with RC 3010 and + causes chef run failure +* [COOK-2368] - `version` attribute of the `windows_package` provider + should be documented + +v1.8.2 +------ +**Important**: Use powershell in nodes expanded run lists to ensure + powershell is downloaded, as powershell has a dependency on this + cookbook; v1.8.0 created a circular dependency. + +* [COOK-2301] - windows 1.8.0 has circular dependency on powershell + +v1.8.0 +------ +* [COOK-2126] - Add checksum attribute to `windows_zipfile` +* [COOK-2142] - Add printer and `printer_port` LWRPs +* [COOK-2149] - Chef::Log.debug Windows Package command line +* [COOK-2155] -`windows_package` does not send checksum to + `cached_file` in `installer_type` + +v1.7.0 +------ +* [COOK-1745] - allow for newer versions of rubyzip + +v1.6.0 +------ +* [COOK-2048] - undefined method for Falseclass on task :change when + action is :nothing (and task doesn't exist) +* [COOK-2049] - Add `windows_pagefile` resource + +v1.5.0 +------ +* [COOK-1251] - Fix LWRP "NotImplementedError" +* [COOK-1921] - Task LWRP will return true for resource exists when no + other scheduled tasks exist +* [COOK-1932] - Include :change functionality to windows task lwrp + +v1.4.0: +------ +* [COOK-1571] - `windows_package` resource (with msi provider) does not +accept spaces in filename +* [COOK-1581] - Windows cookbook needs a scheduled tasks LWRP +* [COOK-1584] - `windows_registry` should support all registry types + +v1.3.4 +------ +* [COOK-1173] - `windows_registry` throws Win32::Registry::Error for + action :remove on a nonexistent key +* [COOK-1182] - windows package sets start window title instead of + quoting a path +* [COOK-1476] - zipfile lwrp should support :zip action +* [COOK-1485] - package resource fails to perform install correctly + when "source" contains quote +* [COOK-1519] - add action :remove for path lwrp + +v1.3.2 +------ +* [COOK-1033] - remove the `libraries/ruby_19_patches.rb` file which + causes havoc on non-Windows systems. +* [COOK-811] - add a timeout parameter attribute for `windows_package` + +v1.3.0 +------ +* [COOK-1323] - Update for changes in Chef 0.10.10. + - Setting file mode doesn't make sense on Windows (package provider + - and `reboot_handler` recipe) + - Prefix ::Win32 to avoid namespace collision with Chef::Win32 + - (`registry_helper` library) + - Use chef_gem instead of gem_package so gems get installed correctly + under the Ruby environment Chef runs in (reboot_handler recipe, + zipfile provider) + +v1.2.12 +------- +* [COOK-1037] - specify version for rubyzip gem +* [COOK-1007] - `windows_feature` does not work to remove features with + dism +* [COOK-667] - shortcut resource + provider for Windows platforms + +v1.2.10 +------- +* [COOK-939] - add `type` parameter to `windows_registry` to allow binary registry keys. +* [COOK-940] - refactor logic so multiple values get created. + +v1.2.8 +------ +* FIX: Older Windows (Windows Server 2003) sometimes return 127 on successful forked commands +* FIX: `windows_package`, ensure we pass the WOW* registry redirection flags into reg.open + +v1.2.6 +------ +* patch to fix [CHEF-2684], Open4 is named Open3 in Ruby 1.9 +* Ruby 1.9's Open3 returns 0 and 42 for successful commands +* retry keyword can only be used in a rescue block in Ruby 1.9 + +v1.2.4 +------ +* `windows_package` - catch Win32::Registry::Error that pops up when searching certain keys + +v1.2.2 +------ +* combined numerous helper libarires for easier sharing across libaries/LWRPs +* renamed Chef::Provider::WindowsFeature::Base file to the more descriptive `feature_base.rb` +* refactored `windows_path` LWRP + * :add action should MODIFY the the underlying ENV variable (vs CREATE) + * deleted greedy :remove action until it could be made more idempotent +* added a `windows_batch` resource/provider for running batch scripts remotely + +v1.2.0 +------ +* [COOK-745] gracefully handle required server restarts on Windows platform + * WindowsRebootHandler for requested and pending reboots + * `windows_reboot` LWRP for requesting (receiving notifies) reboots + * `reboot_handler` recipe for enabling WindowsRebootHandler as a report handler +* [COOK-714] Correct initialize misspelling +* RegistryHelper - new `get_values` method which returns all values for a particular key. + +v1.0.8 +------ +* [COOK-719] resource/provider for managing windows features +* [COOK-717] remove `windows_env_vars` resource as env resource exists in core chef +* new `Windows::Version` helper class +* refactored `Windows::Helper` mixin + +v1.0.6 +------ +* added `force_modify` action to `windows_registry` resource +* add `win_friendly_path` helper +* re-purpose default recipe to install useful supporting windows related gems + +v1.0.4 +------ +* [COOK-700] new resources and improvements to the `windows_registry` provider (thanks Paul Morton!) + * Open the registry in the bitednes of the OS + * Provide convenience methods to check if keys and values exit + * Provide convenience method for reading registry values + * NEW - `windows_auto_run` resource/provider + * NEW - `windows_env_vars` resource/provider + * NEW - `windows_path` resource/provider +* re-write of the `windows_package` logic for determining current installed packages +* new checksum attribute for `windows_package` resource...useful for remote packages + +v1.0.2 +------ +* [COOK-647] account for Wow6432Node registry redirecter +* [COOK-656] begin/rescue on win32/registry + +v1.0.0 +------ +* [COOK-612] initial release diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/README.md new file mode 100644 index 000000000..2169c9d4b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/README.md @@ -0,0 +1,626 @@ +Windows Cookbook +================ +Provides a set of Windows-specific primitives (Chef resources) meant to aid in the creation of cookbooks/recipes targeting the Windows platform. + + +Requirements +------------- +Version 1.3.0+ of this cookbook requires Chef 0.10.10+. + + +### Platforms +* Windows XP +* Windows Vista +* Windows Server 2003 R2 +* Windows 7 +* Windows Server 2008 (R1, R2) + +The `windows_task` LWRP requires Windows Server 2008 due to its API usage. + +### Cookbooks +The following cookbooks provided by Opscode are required as noted: + +* chef_handler (`windows::reboot_handler` leverages the chef_handler LWRP) +* powershell - The Printer and Printer Port LWRP require Powershell. + +**NOTE** We cannot specifically depend on Opscode's powershell, + because powershell depends on this cookbook. Ensure that + `recipe[powershell]` exists in the node's expanded run list so it + gets downloaded where the printer LWRPs are used. + + +Attributes +---------- +* `node['windows']['allow_pending_reboots']` - used to configure the `WindowsRebootHandler` (via the `windows::reboot_handler` recipe) to act on pending reboots. default is true (ie act on pending reboots). The value of this attribute only has an effect if the `windows::reboot_handler` is in a node's run list. + + +Resource/Provider +----------------- +### windows_auto_run +#### Actions +- :create: Create an item to be run at login +- :remove: Remove an item that was previously setup to run at login + +#### Attribute Parameters +- :name: Name attribute. The name of the value to be stored in the registry +- :program: The program to be run at login +- :args: The arguments for the program + +#### Examples +Run BGInfo at login + +```ruby +windows_auto_run 'BGINFO' do + program 'C:/Sysinternals/bginfo.exe' + args '\'C:/Sysinternals/Config.bgi\' /NOLICPROMPT /TIMER:0' + not_if { Registry.value_exists?(AUTO_RUN_KEY, 'BGINFO') } + action :create +end +``` + +### windows_batch +(Chef 11.6.0 includes a built-in [batch](http://docs.opscode.com/resource_batch.html) resource, so use that in preference to `windows_batch` if possible.) + +Execute a batch script using the cmd.exe interpreter (much like the script resources for bash, csh, powershell, perl, python and ruby). A temporary file is created and executed like other script resources, rather than run inline. By their nature, Script resources are not idempotent, as they are completely up to the user's imagination. Use the `not_if` or `only_if` meta parameters to guard the resource for idempotence. + +#### Actions +- :run: run the batch file + +#### Attribute Parameters +- command: name attribute. Name of the command to execute. +- code: quoted string of code to execute. +- creates: a file this command creates - if the file exists, the command will not be run. +- cwd: current working directory to run the command from. +- flags: command line flags to pass to the interpreter when invoking. +- user: A user name or user ID that we should change to before running this command. +- group: A group name or group ID that we should change to before running this command. + +#### Examples +```ruby +windows_batch 'unzip_and_move_ruby' do + code <<-EOH + 7z.exe x #{Chef::Config[:file_cache_path]}/ruby-1.8.7-p352-i386-mingw32.7z -oC:\\source -r -y + xcopy C:\\source\\ruby-1.8.7-p352-i386-mingw32 C:\\ruby /e /y + EOH +end +``` + +```ruby +windows_batch 'echo some env vars' do + code <<-EOH + echo %TEMP% + echo %SYSTEMDRIVE% + echo %PATH% + echo %WINDIR% + EOH +end +``` + +### windows_feature +Windows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'. + +This resource allows you to manage these 'features' in an unattended, idempotent way. + +There are two providers for the `windows_features` which map into Microsoft's two major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719(v=vs.85).aspx) and [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834(WS.10).aspx) (The CLI for Server Manager). As Servermanagercmd is deprecated, Chef will set the default provider to `Chef::Provider::WindowsFeature::DISM` if DISM is present on the system being configured. The default provider will fall back to `Chef::Provider::WindowsFeature::ServerManagerCmd`. + +For more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt: + +```text +dism /online /Get-Features +servermanagercmd -query +``` + +#### Actions +- :install: install a Windows role/feature +- :remove: remove a Windows role/feature + +#### Attribute Parameters +- feature_name: name of the feature/role to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS). + +#### Providers +- **Chef::Provider::WindowsFeature::DISM**: Uses Deployment Image Servicing and Management (DISM) to manage roles/features. +- **Chef::Provider::WindowsFeature::ServerManagerCmd**: Uses Server Manager to manage roles/features. + +#### Examples +Enable the node as a DHCP Server + +```ruby +windows_feature 'DHCPServer' do + action :install +end +``` + +Enable TFTP + +```ruby +windows_feature 'TFTP' do + action :install +end +``` + +Disable Telnet client/server + +```ruby +%w[TelnetServer TelnetClient].each do |feature| + windows_feature feature do + action :remove + end +end +``` + +### windows_package +Manage Windows application packages in an unattended, idempotent way. + +The following application installers are currently supported: + +* MSI packages +* InstallShield +* Wise InstallMaster +* Inno Setup +* Nullsoft Scriptable Install System + +If the proper installer type is not passed into the resource's installer_type attribute, the provider will do it's best to identify the type by introspecting the installation package. If the installation type cannot be properly identified the `:custom` value can be passed into the installer_type attribute along with the proper flags for silent/quiet installation (using the `options` attribute..see example below). + +__PLEASE NOTE__ - For proper idempotence the resource's `package_name` should be the same as the 'DisplayName' registry value in the uninstallation data that is created during package installation. The easiest way to definitively find the proper 'DisplayName' value is to install the package on a machine and search for the uninstall information under the following registry keys: + +* `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall` +* `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall` +* `HKEY_LOCAL_MACHINE\Software\Wow6464Node\Microsoft\Windows\CurrentVersion\Uninstall` + +For maximum flexibility the `source` attribute supports both remote and local installation packages. + +#### Actions +- :install: install a package +- :remove: remove a package. The remove action is completely hit or miss as many application uninstallers do not support a full silent/quiet mode. + +#### Attribute Parameters +- package_name: name attribute. The 'DisplayName' of the application installation package. +- source: The source of the windows installer. This can either be a URI or a local path. +- installer_type: They type of windows installation package. valid values are: :msi, :inno, :nsis, :wise, :installshield, :custom. If this value is not provided, the provider will do it's best to identify the installer type through introspection of the file. +- checksum: useful if source is remote, the SHA-256 checksum of the file--if the local file matches the checksum, Chef will not download it +- options: Additional options to pass the underlying installation command +- timeout: set a timeout for the package download (default 600 seconds) +- version: The version number of this package, as indicated by the 'DisplayVersion' value in one of the 'Uninstall' registry keys. If the given version number does equal the 'DisplayVersion' in the registry, the package will be installed. +- success_codes: set an array of possible successful installation + return codes. Previously this was hardcoded, but certain MSIs may + have a different return code, e.g. 3010 for reboot required. Must be + an array, and defaults to `[0, 42, 127]`. + +#### Examples + +Install PuTTY (InnoSetup installer) +```ruby +windows_package 'PuTTY version 0.60' do + source 'http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.60-installer.exe' + installer_type :inno + action :install +end +``` + +Install 7-Zip (MSI installer) +```ruby +windows_package '7-Zip 9.20 (x64 edition)' do + source 'http://downloads.sourceforge.net/sevenzip/7z920-x64.msi' + action :install +end +``` + +Install Notepad++ (Y U No Emacs?) using a local installer +```ruby +windows_package 'Notepad++' do + source 'c:/installation_files/npp.5.9.2.Installer.exe' + action :install +end +``` + +Install VLC for that Xvid (NSIS installer) +```ruby +windows_package 'VLC media player 1.1.10' do + source 'http://superb-sea2.dl.sourceforge.net/project/vlc/1.1.10/win32/vlc-1.1.10-win32.exe' + action :install +end +``` + +Install Firefox as custom installer and manually set the silent install flags +```ruby +windows_package 'Mozilla Firefox 5.0 (x86 en-US)' do + source 'http://archive.mozilla.org/pub/mozilla.org/mozilla.org/firefox/releases/5.0/win32/en-US/Firefox%20Setup%205.0.exe' + options '-ms' + installer_type :custom + action :install +end +``` + +Google Chrome FTW (MSI installer) +```ruby +windows_package 'Google Chrome' do + source 'https://dl-ssl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B806F36C0-CB54-4A84-A3F3-0CF8A86575E0%7D%26lang%3Den%26browser%3D3%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi' + action :install +end +``` + +Remove Google Chrome +```ruby +windows_package 'Google Chrome' do + action :remove +end +``` + +Remove 7-Zip +```ruby +windows_package '7-Zip 9.20 (x64 edition)' do + action :remove +end +``` + +### windows_printer_port +**Note** Include `recipe[powershell]` on the node's expanded run list + to ensure the powershell cookbook is downloaded to avoid circular + dependency. + +Create and delete TCP/IPv4 printer ports. + +#### Actions +- :create: Create a TCIP/IPv4 printer port. This is the default action. +- :delete: Delete a TCIP/IPv4 printer port + +#### Attribute Parameters +- :ipv4_address: Name attribute. Required. IPv4 address, e.g. '10.0.24.34' +- :port_name: Port name. Optional. Defaults to 'IP_' + :ipv4_address +- :port_number: Port number. Optional. Defaults to 9100. +- :port_description: Port description. Optional. +- :snmp_enabled: Boolean. Optional. Defaults to false. +- :port_protocol: Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1. + +#### Examples + +Create a TCP/IP printer port named 'IP_10.4.64.37' with all defaults +```ruby +windows_printer_port '10.4.64.37' do +end +``` + +Delete a printer port +```ruby +windows_printer_port '10.4.64.37' do + action :delete +end +``` + +Delete a port with a custom port_name +```ruby +windows_printer_port '10.4.64.38' do + port_name 'My awesome port' + action :delete +end +``` + +Create a port with more options +```ruby +windows_printer_port '10.4.64.39' do + port_name 'My awesome port' + snmp_enabled true + port_protocol 2 +end +``` + +### windows_printer +**Note** Include `recipe[powershell]` on the node's expanded run list + to ensure the powershell cookbook is downloaded to avoid circular + dependency. + +Create Windows printer. Note that this doesn't currently install a printer +driver. You must already have the driver installed on the system. + +The Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer. + +#### Actions +- :create: Create a new printer +- :delete: Delete a new printer + +#### Attribute Parameters +- :device_id: Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room' +- :comment: Optional string describing the printer queue. +- :default: Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting. +- :driver_name: String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node. +- :location: Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207' +- :shared: Boolean. Defaults to false. +- :share_name: Printer share name. +- :ipv4_address: Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP addresss to set it. Required. + + +#### Examples + +Create a printer +```ruby +windows_printer 'HP LaserJet 5th Floor' do + driver_name 'HP LaserJet 4100 Series PCL6' + ipv4_address '10.4.64.38' +end +``` + +Delete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port. +```ruby +windows_printer 'HP LaserJet 5th Floor' do + action :delete +end +``` + +### windows_reboot +Sets required data in the node's run_state to notify `WindowsRebootHandler` a reboot is requested. If Chef run completes successfully a reboot will occur if the `WindowsRebootHandler` is properly registered as a report handler. As an action of `:request` will cause a node to reboot every Chef run, this resource is usually notified by other resources...ie restart node after a package is installed (see example below). + +#### Actions +- :request: requests a reboot at completion of successful Cher run. requires `WindowsRebootHandler` to be registered as a report handler. +- :cancel: remove reboot request from node.run_state. this will cancel *ALL* previously requested reboots as this is a binary state. + +#### Attribute Parameters +- :timeout: Name attribute. timeout delay in seconds to wait before proceeding with the requested reboot. default is 60 seconds +- :reason: comment on the reason for the reboot. default is 'Opscode Chef initiated reboot' + +#### Examples +If the package installs, schedule a reboot at end of chef run +```ruby +windows_reboot 60 do + reason 'cause chef said so' + action :nothing +end + +windows_package 'some_package' do + action :install + notifies :request, 'windows_reboot[60]' +end +``` + +Cancel the previously requested reboot +```ruby +windows_reboot 60 do + action :cancel +end +``` + +### windows_registry +(Chef 11.6.0 includes a built-in [registry_key](http://docs.opscode.com/resource_registry_key.html) resource, so use that in preference to `windows_registry` if possible.) + +Creates and modifies Windows registry keys. + +*Change in v1.3.0: The Win32 classes use `::Win32` to avoid namespace conflict with `Chef::Win32` (introduced in Chef 0.10.10).* + +#### Actions +- :create: create a new registry key with the provided values. +- :modify: modify an existing registry key with the provided values. +- :force_modify: modify an existing registry key with the provided values. ensures the value is actually set by checking multiple times. useful for fighting race conditions where two processes are trying to set the same registry key. This will be updated in the near future to use 'RegNotifyChangeKeyValue' which is exposed by the WinAPI and allows a process to register for notification on a registry key change. +- :remove: removes a value from an existing registry key + +#### Attribute Parameters +- key_name: name attribute. The registry key to create/modify. +- values: hash of the values to set under the registry key. The individual hash items will become respective 'Value name' => 'Value data' items in the registry key. +- type: Type of key to create, defaults to REG_SZ. Must be a symbol, see the overview below for valid values. + +#### Registry key types +- :binary: REG_BINARY +- :string: REG_SZ +- :multi_string: REG_MULTI_SZ +- :expand_string: REG_EXPAND_SZ +- :dword: REG_DWORD +- :dword_big_endian: REG_DWORD_BIG_ENDIAN +- :qword: REG_QWORD + +#### Examples + +Make the local windows proxy match the one set for Chef +```ruby +proxy = URI.parse(Chef::Config[:http_proxy]) +windows_registry 'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings' do + values 'ProxyEnable' => 1, 'ProxyServer' => "#{proxy.host}:#{proxy.port}", 'ProxyOverride' => '' +end +``` + +Enable Remote Desktop and poke the firewall hole +```ruby +windows_registry 'HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server' do + values 'FdenyTSConnections' => 0 +end +``` + +Delete an item from the registry +```ruby +windows_registry 'HKCU\Software\Test' do + #Key is the name of the value that you want to delete the value is always empty + values 'ValueToDelete' => '' + action :remove +end +``` + +Add a REG_MULTI_SZ value to the registry +```ruby +windows_registry 'HKCU\Software\Test' do + values 'MultiString' => ['line 1', 'line 2', 'line 3'] + type :multi_string +end +``` + +#### Library Methods + +```ruby +Registry.value_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','BGINFO') +Registry.key_exists?('HKLM\SOFTWARE\Microsoft') +BgInfo = Registry.get_value('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','BGINFO') +``` + +### windows_path +#### Actions +- :add: Add an item to the system path +- :remove: Remove an item from the system path + +#### Attribute Parameters +- :path: Name attribute. The name of the value to add to the system path + +#### Examples + +Add Sysinternals to the system path +```ruby +windows_path 'C:\Sysinternals' do + action :add +end +``` + +Remove 7-Zip from the system path +```ruby +windows_path 'C:\7-Zip' do + action :remove +end +``` + +### windows_task +Creates, deletes or runs a Windows scheduled task. Requires Windows +Server 2008 due to API usage. + +#### Actions +- :create: creates a task +- :delete: deletes a task +- :run: runs a task +- :change: changes the un/pw or command of a task + +#### Attribute Parameters +- name: name attribute, The task name. +- command: The command the task will run. +- cwd: The directory the task will be run from. +- user: The user to run the task as. (requires password) +- password: The user's password. (requires user) +- run_level: Run with limited or highest privileges. +- frequency: Frequency with which to run the task. (hourly, daily, ect.) +- frequency_modifier: Multiple for frequency. (15 minutes, 2 days) +- start_day: Specifies the first date on which the task runs. Optional string (MM/DD/YYYY) +- start_time: Specifies the start time to run the task. Optional string (HH:mm) + +#### Examples + +Run Chef every 15 minutes +```ruby +windows_task 'Chef client' do + user 'Administrator' + password '$ecR3t' + cwd 'C:\chef\bin' + command 'chef-client -L C:\tmp\' + run_level :highest + frequency :minute + frequency_modifier 15 +end +``` + +Update Chef Client task with new password and log location +```ruby +windows_task 'Chef client' do + user 'Administrator' + password 'N3wPassW0Rd' + cwd 'C:\chef\bin' + command 'chef-client -L C:\chef\logs\' + action :change +end +``` + +Delete a taks named 'old task' +```ruby +windows_task 'old task' do + action :delete +end +``` + +### windows_zipfile +Most version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken on the zip file every Chef run. + +#### Actions +- :unzip: unzip a compressed file + +#### Attribute Parameters +- path: name attribute. The path where files will be unzipped to. +- source: The source of the zip file. This can either be a URI or a local path. +- overwrite: force an overwrite of the files if the already exists. +- checksum: useful if source is remote, the SHA-256 checksum of the file--if the local file matches the checksum, Chef will not download it + +#### Examples + +Unzip a remote zip file locally +```ruby +windows_zipfile 'c:/bin' do + source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip' + action :unzip + not_if {::File.exists?('c:/bin/PsExec.exe')} +end +``` + +Unzip a local zipfile +```ruby +windows_zipfile 'c:/the_codez' do + source 'c:/foo/baz/the_codez.zip' + action :unzip +end +``` + + +Exception/Report Handlers +------------------------- +### WindowsRebootHandler +Required reboots are a necessary evil of configuring and managing Windows nodes. This report handler (ie fires at the end of successful Chef runs) acts on requested (Chef initiated) or pending (as determined by the OS per configuration action we performed) reboots. The `allow_pending_reboots` initialization argument should be set to false if you do not want the handler to automatically reboot a node if it has been determined a reboot is pending. Reboots can still be requested explicitly via the `windows_reboot` LWRP. + +### Initialization Arguments +- `allow_pending_reboots`: indicator on whether the handler should act on a the Window's 'pending reboot' state. default is true +- `timeout`: timeout delay in seconds to wait before proceeding with the reboot. default is 60 seconds +- `reason`: comment on the reason for the reboot. default is 'Opscode Chef initiated reboot' + + +Usage +----- + +Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook. + +```ruby +depends 'windows' +``` + +### default +Convenience recipe that installs supporting gems for many of the resources/providers that ship with this cookbook. + +*Change in v1.3.0: Uses chef_gem instead of gem_package to ensure gem installation in Chef 0.10.10.* + +### reboot_handler +Leverages the `chef_handler` LWRP to register the `WindowsRebootHandler` report handler that ships as part of this cookbook. By default this handler is set to automatically act on pending reboots. If you would like to change this behavior override `node['windows']['allow_pending_reboots']` and set the value to false. For example: + +```ruby +name 'base' +description 'base role' +override_attributes( + 'windows' => { + 'allow_pending_reboots' => false + } +) +``` + +This will still allow a reboot to be explicitly requested via the `windows_reboot` LWRP. + + +License & Authors +----------------- +- Author:: Seth Chisamore () +- Author:: Doug MacEachern () +- Author:: Paul Morton () +- Author:: Doug Ireton () + +```text +Copyright 2011-2013, Opscode, Inc. +Copyright 2010, VMware, Inc. +Copyright 2011, Business Intelligence Associates, Inc +Copyright 2012, Nordstrom, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/TODO.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/TODO.md new file mode 100644 index 000000000..c953577f9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/TODO.md @@ -0,0 +1,6 @@ +TODO +---- +* package preseeding/`response_file` support +* package installation location via a `target_dir` attribute. +* [COOK-666] `windows_package` should support CoApp packages +* WindowsRebootHandler/`windows_reboot` LWRP should support kicking off subsequent chef run on reboot. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/attributes/default.rb new file mode 100644 index 000000000..c4e5919cb --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/attributes/default.rb @@ -0,0 +1,23 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Attribute:: default +# +# Copyright 2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['windows']['allow_pending_reboots'] = true +default['windows']['rubyzipversion'] = nil +default['windows']['reboot_timeout'] = 60 \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/files/default/handlers/windows_reboot_handler.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/files/default/handlers/windows_reboot_handler.rb new file mode 100644 index 000000000..8875ae4f8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/files/default/handlers/windows_reboot_handler.rb @@ -0,0 +1,76 @@ +# +# Author:: Seth Chisamore () +# Copyright:: Copyright (c) 2011 Opscode, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class WindowsRebootHandler < Chef::Handler + include Chef::Mixin::ShellOut + + def initialize(allow_pending_reboots = true, timeout = 60, reason = "Opscode Chef initiated reboot") + @allow_pending_reboots = allow_pending_reboots + @timeout = timeout + @reason = reason + end + + def report + log_message, reboot = begin + if reboot_requested? + ["chef_handler[#{self.class}] requested reboot will occur in #{timeout} seconds", true] + elsif reboot_pending? + if @allow_pending_reboots + ["chef_handler[#{self.class}] reboot pending - automatic reboot will occur in #{timeout} seconds", true] + else + ["chef_handler[#{self.class}] reboot pending but handler not configured to act on pending reboots - please reboot node manually", false] + end + else + ["chef_handler[#{self.class}] no reboot requested or pending", false] + end + end + + Chef::Log.warn(log_message) + shell_out!("shutdown /r /t #{timeout} /c \"#{reason}\"") if reboot + end + + private + # reboot cause CHEF says so: + # reboot explicitly requested in our cookbook code + def reboot_requested? + node.run_state[:reboot_requested] == true + end + + # reboot cause WIN says so: + # reboot pending because of some configuration action we performed + def reboot_pending? + # Any files listed here means reboot needed + (Registry.key_exists?('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations') && + Registry.get_value('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager','PendingFileRenameOperations').any?) || + # 1 for any value means reboot pending + # "9306cdfc-c4a1-4a22-9996-848cb67eddc3"=1 + (Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') && + Registry.get_values('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired').select{|v| v[2] == 1 }.any?) || + # 1 or 2 for 'Flags' value means reboot pending + (Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Updates\UpdateExeVolatile') && + [1,2].include?(Registry::get_value('HKLM\SOFTWARE\Microsoft\Updates\UpdateExeVolatile','Flags'))) + end + + def timeout + node.run_state[:reboot_timeout] || node['windows']['reboot_timeout'] || @timeout + end + + def reason + node.run_state[:reboot_reason] || @reason + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/feature_base.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/feature_base.rb new file mode 100644 index 000000000..66cbc42de --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/feature_base.rb @@ -0,0 +1,41 @@ +class Chef + class Provider + class WindowsFeature + module Base + + def action_install + unless installed? + install_feature(@new_resource.feature_name) + @new_resource.updated_by_last_action(true) + Chef::Log.info("#{@new_resource} installed feature") + else + Chef::Log.debug("#{@new_resource} is already installed - nothing to do") + end + end + + def action_remove + if installed? + remove_feature(@new_resource.feature_name) + @new_resource.updated_by_last_action(true) + Chef::Log.info("#{@new_resource} removed") + else + Chef::Log.debug("#{@new_resource} feature does not exist - nothing to do") + end + end + + def install_feature(name) + raise Chef::Exceptions::UnsupportedAction, "#{self.to_s} does not support :install" + end + + def remove_feature(name) + raise Chef::Exceptions::UnsupportedAction, "#{self.to_s} does not support :remove" + end + + def installed? + raise Chef::Exceptions::Override, "You must override installed? in #{self.to_s}" + end + end + end + end +end + \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/helper.rb new file mode 100644 index 000000000..821d3df01 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/helper.rb @@ -0,0 +1,88 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Library:: helper +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +require 'uri' + +module Windows + module Helper + + AUTO_RUN_KEY = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.freeze unless defined?(AUTO_RUN_KEY) + ENV_KEY = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment'.freeze unless defined?(ENV_KEY) + + # returns windows friendly version of the provided path, + # ensures backslashes are used everywhere + def win_friendly_path(path) + path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR) if path + end + + # account for Window's wacky File System Redirector + # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx + # especially important for 32-bit processes (like Ruby) on a + # 64-bit instance of Windows. + def locate_sysnative_cmd(cmd) + if ::File.exists?("#{ENV['WINDIR']}\\sysnative\\#{cmd}") + "#{ENV['WINDIR']}\\sysnative\\#{cmd}" + elsif ::File.exists?("#{ENV['WINDIR']}\\system32\\#{cmd}") + "#{ENV['WINDIR']}\\system32\\#{cmd}" + else + cmd + end + end + + # Create a feature provider dependent value object. + # mainly created becasue Windows Feature names are + # different based on whether dism.exe or servicemanagercmd.exe + # is used for installation + def value_for_feature_provider(provider_hash) + p = Chef::Platform.find_provider_for_node(node, :windows_feature) + key = p.to_s.downcase.split('::').last + provider_hash[key] || provider_hash[key.to_sym] + end + + # singleton instance of the Windows Version checker + def win_version + @win_version ||= Windows::Version.new + end + + # if a file is local it returns a windows friendly path version + # if a file is remote it caches it locally + def cached_file(source, checksum=nil, windows_path=true) + @installer_file_path ||= begin + + if source =~ ::URI::ABS_URI && %w[http https].include?(URI.parse(source).scheme) + uri = ::URI.parse(::URI.unescape(source)) + cache_file_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(uri.path)}" + Chef::Log.debug("Caching a copy of file #{source} at #{cache_file_path}") + r = Chef::Resource::RemoteFile.new(cache_file_path, run_context) + r.source(source) + r.backup(false) + r.checksum(checksum) if checksum + r.run_action(:create) + else + cache_file_path = source + end + + windows_path ? win_friendly_path(cache_file_path) : cache_file_path + end + end + + end +end + +Chef::Recipe.send(:include, Windows::Helper) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/registry_helper.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/registry_helper.rb new file mode 100644 index 000000000..8daf04184 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/registry_helper.rb @@ -0,0 +1,357 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Author:: Paul Morton () +# Cookbook Name:: windows +# Provider:: registry +# +# Copyright:: 2010, VMware, Inc. +# Copyright:: 2011, Opscode, Inc. +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'win32/registry' + require 'ruby-wmi' +end + +module Windows + module RegistryHelper + + @@native_registry_constant = ENV['PROCESSOR_ARCHITEW6432'] == 'AMD64' ? 0x0100 : 0x0200 + + def get_hive_name(path) + Chef::Log.debug("Resolving registry shortcuts to full names") + + reg_path = path.split("\\") + hive_name = reg_path.shift + + hkey = { + "HKLM" => "HKEY_LOCAL_MACHINE", + "HKCU" => "HKEY_CURRENT_USER", + "HKU" => "HKEY_USERS" + }[hive_name] || hive_name + + Chef::Log.debug("Hive resolved to #{hkey}") + return hkey + end + + def get_hive(path) + + Chef::Log.debug("Getting hive for #{path}") + reg_path = path.split("\\") + hive_name = reg_path.shift + + hkey = get_hive_name(path) + + hive = { + "HKEY_LOCAL_MACHINE" => ::Win32::Registry::HKEY_LOCAL_MACHINE, + "HKEY_USERS" => ::Win32::Registry::HKEY_USERS, + "HKEY_CURRENT_USER" => ::Win32::Registry::HKEY_CURRENT_USER + }[hkey] + + unless hive + Chef::Application.fatal!("Unsupported registry hive '#{hive_name}'") + end + + + Chef::Log.debug("Registry hive resolved to #{hkey}") + return hive + end + + def unload_hive(path) + hive = get_hive(path) + if hive == ::Win32::Registry::HKEY_USERS + reg_path = path.split("\\") + priv = Chef::WindowsPrivileged.new + begin + priv.reg_unload_key(reg_path[1]) + rescue + end + end + end + + def set_value(mode,path,values,type=nil) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key_name = reg_path.join("\\") + + Chef::Log.debug("Creating #{path}") + + if !key_exists?(path,true) + create_key(path) + end + + hive.send(mode, key_name, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg| + changed_something = false + values.each do |k,val| + key = k.to_s #wtf. avoid "can't modify frozen string" in win32/registry.rb + cur_val = nil + begin + cur_val = reg[key] + rescue + #subkey does not exist (ok) + end + if cur_val != val + Chef::Log.debug("setting #{key}=#{val}") + + if type.nil? + type = :string + end + + reg_type = { + :binary => ::Win32::Registry::REG_BINARY, + :string => ::Win32::Registry::REG_SZ, + :multi_string => ::Win32::Registry::REG_MULTI_SZ, + :expand_string => ::Win32::Registry::REG_EXPAND_SZ, + :dword => ::Win32::Registry::REG_DWORD, + :dword_big_endian => ::Win32::Registry::REG_DWORD_BIG_ENDIAN, + :qword => ::Win32::Registry::REG_QWORD + }[type] + + reg.write(key, reg_type, val) + + ensure_hive_unloaded(hive_loaded) + + changed_something = true + end + end + return changed_something + end + return false + end + + def get_value(path,value) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join("\\") + + hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do | reg | + begin + return reg[value] + rescue + return nil + ensure + ensure_hive_unloaded(hive_loaded) + end + end + end + + def get_values(path) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join("\\") + hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do | reg | + values = [] + begin + reg.each_value do |name, type, data| + values << [name, type, data] + end + rescue + ensure + ensure_hive_unloaded(hive_loaded) + end + values + end + end + + def delete_value(path,values) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join("\\") + Chef::Log.debug("Deleting values in #{path}") + hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do | reg | + values.each_key { |key| + name = key.to_s + # Ensure delete operation is idempotent. + if value_exists?(path, key) + Chef::Log.debug("Deleting value #{name} in #{path}") + reg.delete_value(name) + else + Chef::Log.debug("Value #{name} in #{path} does not exist, skipping.") + end + } + end + + end + + def create_key(path) + hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path) + key = reg_path.join("\\") + Chef::Log.debug("Creating registry key #{path}") + hive.create(key) + end + + def value_exists?(path,value) + if key_exists?(path,true) + + hive, reg_path, hive_name, root_key , hive_loaded = get_reg_path_info(path) + key = reg_path.join("\\") + + Chef::Log.debug("Attempting to open #{key}"); + Chef::Log.debug("Native Constant #{@@native_registry_constant}") + Chef::Log.debug("Hive #{hive}") + + hive.open(key, ::Win32::Registry::KEY_READ | @@native_registry_constant) do | reg | + begin + rtn_value = reg[value] + return true + rescue + return false + ensure + ensure_hive_unloaded(hive_loaded) + end + end + + end + return false + end + + # TODO: Does not load user registry... + def key_exists?(path, load_hive = false) + if load_hive + hive, reg_path, hive_name, root_key , hive_loaded = get_reg_path_info(path) + key = reg_path.join("\\") + else + hive = get_hive(path) + reg_path = path.split("\\") + hive_name = reg_path.shift + root_key = reg_path[0] + key = reg_path.join("\\") + hive_loaded = false + end + + begin + hive.open(key, ::Win32::Registry::Constants::KEY_READ | @@native_registry_constant ) + return true + rescue + return false + ensure + ensure_hive_unloaded(hive_loaded) + end + end + + def get_user_hive_location(sid) + reg_key = "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\#{sid}" + Chef::Log.debug("Looking for profile at #{reg_key}") + if key_exists?(reg_key) + return get_value(reg_key,'ProfileImagePath') + else + return nil + end + + end + + def resolve_user_to_sid(username) + begin + sid = WMI::Win32_UserAccount.find(:first, :conditions => {:name => username}).sid + Chef::Log.debug("Resolved user SID to #{sid}") + return sid + rescue + return nil + end + end + + def hive_loaded?(path) + hive = get_hive(path) + reg_path = path.split("\\") + hive_name = reg_path.shift + user_hive = path[0] + + if is_user_hive?(hive) + return key_exists?("#{hive_name}\\#{user_hive}") + else + return true + end + end + + def is_user_hive?(hive) + if hive == ::Win32::Registry::HKEY_USERS + return true + else + return true + end + end + + def get_reg_path_info(path) + hive = get_hive(path) + reg_path = path.split("\\") + hive_name = reg_path.shift + root_key = reg_path[0] + hive_loaded = false + + if is_user_hive?(hive) && !key_exists?("#{hive_name}\\#{root_key}") + reg_path, hive_loaded = load_user_hive(hive,reg_path,root_key) + root_key = reg_path[0] + Chef::Log.debug("Resolved user (#{path}) to (#{reg_path.join('/')})") + end + + return hive, reg_path, hive_name, root_key, hive_loaded + end + + def load_user_hive(hive,reg_path,user_hive) + Chef::Log.debug("Reg Path #{reg_path}") + # See if the hive is loaded. Logged in users will have a key that is named their SID + # if the user has specified the a path by SID and the user is logged in, this function + # should not be executed. + if is_user_hive?(hive) && !key_exists?("HKU\\#{user_hive}") + Chef::Log.debug("The user is not logged in and has not been specified by SID") + sid = resolve_user_to_sid(user_hive) + Chef::Log.debug("User SID resolved to (#{sid})") + # Now that the user has been resolved to a SID, check and see if the hive exists. + # If this exists by SID, the user is logged in and we should use that key. + # TODO: Replace the username with the sid and send it back because the username + # does not exist as the key location. + load_reg = false + if key_exists?("HKU\\#{sid}") + reg_path[0] = sid #use the active profile (user is logged on) + Chef::Log.debug("HKEY_USERS Mapped: #{user_hive} -> #{sid}") + else + Chef::Log.debug("User is not logged in") + load_reg = true + end + + # The user is not logged in, so we should load the registry from disk + if load_reg + profile_path = get_user_hive_location(sid) + if profile_path != nil + ntuser_dat = "#{profile_path}\\NTUSER.DAT" + if ::File.exists?(ntuser_dat) + priv = Chef::WindowsPrivileged.new + if priv.reg_load_key(sid,ntuser_dat) + Chef::Log.debug("RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})") + reg_path[0] = sid + else + Chef::Log.debug("Failed RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})") + end + end + end + end + end + + return reg_path, load_reg + + end + + private + def ensure_hive_unloaded(hive_loaded=false) + if(hive_loaded) + Chef::Log.debug("Hive was loaded, we really should unload it") + unload_hive(path) + end + end + end +end + +module Registry + module_function + extend Windows::RegistryHelper +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/version.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/version.rb new file mode 100644 index 000000000..5c5a2cc47 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/version.rb @@ -0,0 +1,206 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Library:: version +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'ruby-wmi' + require 'Win32API' +end + +module Windows + class Version + + # http://msdn.microsoft.com/en-us/library/ms724833(v=vs.85).aspx + + # Suite Masks + # Microsoft BackOffice components are installed. + VER_SUITE_BACKOFFICE = 0x00000004.freeze unless defined?(VER_SUITE_BACKOFFICE) + # Windows Server 2003, Web Edition is installed. + VER_SUITE_BLADE = 0x00000400.freeze unless defined?(VER_SUITE_BLADE) + # Windows Server 2003, Compute Cluster Edition is installed. + VER_SUITE_COMPUTE_SERVER = 0x00004000.freeze unless defined?(VER_SUITE_COMPUTE_SERVER) + # Windows Server 2008 Datacenter, Windows Server 2003, Datacenter Edition, or Windows 2000 Datacenter Server is installed. + VER_SUITE_DATACENTER = 0x00000080.freeze unless defined?(VER_SUITE_DATACENTER) + # Windows Server 2008 Enterprise, Windows Server 2003, Enterprise Edition, or Windows 2000 Advanced Server is installed. Refer to the Remarks section for more information about this bit flag. + VER_SUITE_ENTERPRISE = 0x00000002.freeze unless defined?(VER_SUITE_ENTERPRISE) + # Windows XP Embedded is installed. + VER_SUITE_EMBEDDEDNT = 0x00000040.freeze unless defined?(VER_SUITE_EMBEDDEDNT) + # Windows Vista Home Premium, Windows Vista Home Basic, or Windows XP Home Edition is installed. + VER_SUITE_PERSONAL = 0x00000200.freeze unless defined?(VER_SUITE_PERSONAL) + # Remote Desktop is supported, but only one interactive session is supported. This value is set unless the system is running in application server mode. + VER_SUITE_SINGLEUSERTS = 0x00000100.freeze unless defined?(VER_SUITE_SINGLEUSERTS) + # Microsoft Small Business Server was once installed on the system, but may have been upgraded to another version of Windows. Refer to the Remarks section for more information about this bit flag. + VER_SUITE_SMALLBUSINESS = 0x00000001.freeze unless defined?(VER_SUITE_SMALLBUSINESS) + # Microsoft Small Business Server is installed with the restrictive client license in force. Refer to the Remarks section for more information about this bit flag. + VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020.freeze unless defined?(VER_SUITE_SMALLBUSINESS_RESTRICTED) + # Windows Storage Server 2003 R2 or Windows Storage Server 2003is installed. + VER_SUITE_STORAGE_SERVER = 0x00002000.freeze unless defined?(VER_SUITE_STORAGE_SERVER) + # Terminal Services is installed. This value is always set. + # If VER_SUITE_TERMINAL is set but VER_SUITE_SINGLEUSERTS is not set, the system is running in application server mode. + VER_SUITE_TERMINAL = 0x00000010.freeze unless defined?(VER_SUITE_TERMINAL) + # Windows Home Server is installed. + VER_SUITE_WH_SERVER = 0x00008000.freeze unless defined?(VER_SUITE_WH_SERVER) + + # Product Type + # The system is a domain controller and the operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server. + VER_NT_DOMAIN_CONTROLLER = 0x0000002.freeze unless defined?(VER_NT_DOMAIN_CONTROLLER) + # The operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server. + # Note that a server that is also a domain controller is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER. + VER_NT_SERVER = 0x0000003.freeze unless defined?(VER_NT_SERVER) + # The operating system is Windows 7, Windows Vista, Windows XP Professional, Windows XP Home Edition, or Windows 2000 Professional. + VER_NT_WORKSTATION = 0x0000001.freeze unless defined?(VER_NT_WORKSTATION) + + # GetSystemMetrics + # The build number if the system is Windows Server 2003 R2; otherwise, 0. + SM_SERVERR2 = 89.freeze unless defined?(SM_SERVERR2) + + # http://msdn.microsoft.com/en-us/library/ms724358(v=vs.85).aspx + SKU = { + 0x00000006 => {:ms_const => 'PRODUCT_BUSINESS', :name => 'Business'}, + 0x00000010 => {:ms_const => 'PRODUCT_BUSINESS_N', :name => 'Business N'}, + 0x00000012 => {:ms_const => 'PRODUCT_CLUSTER_SERVER', :name => 'HPC Edition'}, + 0x00000008 => {:ms_const => 'PRODUCT_DATACENTER_SERVER', :name => 'Server Datacenter (full installation)'}, + 0x0000000C => {:ms_const => 'PRODUCT_DATACENTER_SERVER_CORE', :name => 'Server Datacenter (core installation)'}, + 0x00000027 => {:ms_const => 'PRODUCT_DATACENTER_SERVER_CORE_V', :name => 'Server Datacenter without Hyper-V (core installation)'}, + 0x00000025 => {:ms_const => 'PRODUCT_DATACENTER_SERVER_V', :name => 'Server Datacenter without Hyper-V (full installation)'}, + 0x00000004 => {:ms_const => 'PRODUCT_ENTERPRISE', :name => 'Enterprise'}, + 0x00000046 => {:ms_const => 'PRODUCT_ENTERPRISE_E', :name => 'Not supported'}, + 0x0000001B => {:ms_const => 'PRODUCT_ENTERPRISE_N', :name => 'Enterprise N'}, + 0x0000000A => {:ms_const => 'PRODUCT_ENTERPRISE_SERVER', :name => 'Server Enterprise (full installation)'}, + 0x0000000E => {:ms_const => 'PRODUCT_ENTERPRISE_SERVER_CORE', :name => 'Server Enterprise (core installation)'}, + 0x00000029 => {:ms_const => 'PRODUCT_ENTERPRISE_SERVER_CORE_V', :name => 'Server Enterprise without Hyper-V (core installation)'}, + 0x0000000F => {:ms_const => 'PRODUCT_ENTERPRISE_SERVER_IA64', :name => 'Server Enterprise for Itanium-based Systems'}, + 0x00000026 => {:ms_const => 'PRODUCT_ENTERPRISE_SERVER_V', :name => 'Server Enterprise without Hyper-V (full installation)'}, + 0x00000002 => {:ms_const => 'PRODUCT_HOME_BASIC', :name => 'Home Basic'}, + 0x00000043 => {:ms_const => 'PRODUCT_HOME_BASIC_E', :name => 'Not supported'}, + 0x00000005 => {:ms_const => 'PRODUCT_HOME_BASIC_N', :name => 'Home Basic N'}, + 0x00000003 => {:ms_const => 'PRODUCT_HOME_PREMIUM', :name => 'Home Premium'}, + 0x00000044 => {:ms_const => 'PRODUCT_HOME_PREMIUM_E', :name => 'Not supported'}, + 0x0000001A => {:ms_const => 'PRODUCT_HOME_PREMIUM_N', :name => 'Home Premium N'}, + 0x0000002A => {:ms_const => 'PRODUCT_HYPERV', :name => 'Microsoft Hyper-V Server'}, + 0x0000001E => {:ms_const => 'PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT', :name => 'Windows Essential Business Server Management Server'}, + 0x00000020 => {:ms_const => 'PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING', :name => 'Windows Essential Business Server Messaging Server'}, + 0x0000001F => {:ms_const => 'PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY', :name => 'Windows Essential Business Server Security Server'}, + 0x00000030 => {:ms_const => 'PRODUCT_PROFESSIONAL', :name => 'Professional'}, + 0x00000045 => {:ms_const => 'PRODUCT_PROFESSIONAL_E', :name => 'Not supported'}, + 0x00000031 => {:ms_const => 'PRODUCT_PROFESSIONAL_N', :name => 'Professional N'}, + 0x00000018 => {:ms_const => 'PRODUCT_SERVER_FOR_SMALLBUSINESS', :name => 'Windows Server 2008 for Windows Essential Server Solutions'}, + 0x00000023 => {:ms_const => 'PRODUCT_SERVER_FOR_SMALLBUSINESS_V', :name => 'Windows Server 2008 without Hyper-V for Windows Essential Server Solutions'}, + 0x00000021 => {:ms_const => 'PRODUCT_SERVER_FOUNDATION', :name => 'Server Foundation'}, + 0x00000022 => {:ms_const => 'PRODUCT_HOME_PREMIUM_SERVER', :name => 'Windows Home Server 2011'}, + 0x00000032 => {:ms_const => 'PRODUCT_SB_SOLUTION_SERVER', :name => 'Windows Small Business Server 2011 Essentials'}, + 0x00000013 => {:ms_const => 'PRODUCT_HOME_SERVER', :name => 'Windows Storage Server 2008 R2 Essentials'}, + 0x00000009 => {:ms_const => 'PRODUCT_SMALLBUSINESS_SERVER', :name => 'Windows Small Business Server'}, + 0x00000038 => {:ms_const => 'PRODUCT_SOLUTION_EMBEDDEDSERVER', :name => 'Windows MultiPoint Server'}, + 0x00000007 => {:ms_const => 'PRODUCT_STANDARD_SERVER', :name => 'Server Standard (full installation)'}, + 0x0000000D => {:ms_const => 'PRODUCT_STANDARD_SERVER_CORE', :name => 'Server Standard (core installation)'}, + 0x00000028 => {:ms_const => 'PRODUCT_STANDARD_SERVER_CORE_V', :name => 'Server Standard without Hyper-V (core installation)'}, + 0x00000024 => {:ms_const => 'PRODUCT_STANDARD_SERVER_V', :name => 'Server Standard without Hyper-V (full installation)'}, + 0x0000000B => {:ms_const => 'PRODUCT_STARTER', :name => 'Starter'}, + 0x00000042 => {:ms_const => 'PRODUCT_STARTER_E', :name => 'Not supported'}, + 0x0000002F => {:ms_const => 'PRODUCT_STARTER_N', :name => 'Starter N'}, + 0x00000017 => {:ms_const => 'PRODUCT_STORAGE_ENTERPRISE_SERVER', :name => 'Storage Server Enterprise'}, + 0x00000014 => {:ms_const => 'PRODUCT_STORAGE_EXPRESS_SERVER', :name => 'Storage Server Express'}, + 0x00000015 => {:ms_const => 'PRODUCT_STORAGE_STANDARD_SERVER', :name => 'Storage Server Standard'}, + 0x00000016 => {:ms_const => 'PRODUCT_STORAGE_WORKGROUP_SERVER', :name => 'Storage Server Workgroup'}, + 0x00000000 => {:ms_const => 'PRODUCT_UNDEFINED', :name => 'An unknown product'}, + 0x00000001 => {:ms_const => 'PRODUCT_ULTIMATE', :name => 'Ultimate'}, + 0x00000047 => {:ms_const => 'PRODUCT_ULTIMATE_E', :name => 'Not supported'}, + 0x0000001C => {:ms_const => 'PRODUCT_ULTIMATE_N', :name => 'Ultimate N'}, + 0x00000011 => {:ms_const => 'PRODUCT_WEB_SERVER', :name => 'Web Server (full installation)'}, + 0x0000001D => {:ms_const => 'PRODUCT_WEB_SERVER_CORE', :name => 'Web Server (core installation)'} + }.freeze unless defined?(SKU) + + attr_reader :major_version, :minor_version, :build_number, :service_pack_major_version, :service_pack_minor_version + attr_reader :version, :product_type, :product_suite, :sku + + def initialize + unless RUBY_PLATFORM =~ /mswin|mingw32|windows/ + raise NotImplementedError, 'only valid on Windows platform' + end + @version, @product_type, @product_suite, @sku, @service_pack_major_version, @service_pack_minor_version = get_os_info + @major_version, @minor_version, @build_number = version.split('.').map{|v| v.to_i } + end + + WIN_VERSIONS = { + "Windows Server 2012 R2" => {:major => 6, :minor => 3, :callable => lambda{ @product_type != VER_NT_WORKSTATION }}, + "Windows 8" => {:major => 6, :minor => 2, :callable => lambda{ @product_type == VER_NT_WORKSTATION }}, + "Windows Server 2012" => {:major => 6, :minor => 2, :callable => lambda{ @product_type != VER_NT_WORKSTATION }}, + "Windows 7" => {:major => 6, :minor => 1, :callable => lambda{ @product_type == VER_NT_WORKSTATION }}, + "Windows Server 2008 R2" => {:major => 6, :minor => 1, :callable => lambda{ @product_type != VER_NT_WORKSTATION }}, + "Windows Server 2008" => {:major => 6, :minor => 0, :callable => lambda{ @product_type != VER_NT_WORKSTATION }}, + "Windows Vista" => {:major => 6, :minor => 0, :callable => lambda{ @product_type == VER_NT_WORKSTATION }}, + "Windows Server 2003 R2" => {:major => 5, :minor => 2, :callable => lambda{ Win32API.new('user32', 'GetSystemMetrics', 'I', 'I').call(SM_SERVERR2) != 0 }}, + "Windows Home Server" => {:major => 5, :minor => 2, :callable => lambda{ (@product_suite & VER_SUITE_WH_SERVER) == VER_SUITE_WH_SERVER }}, + "Windows Server 2003" => {:major => 5, :minor => 2, :callable => lambda{ Win32API.new('user32', 'GetSystemMetrics', 'I', 'I').call(SM_SERVERR2) == 0 }}, + "Windows XP" => {:major => 5, :minor => 1}, + "Windows 2000" => {:major => 5, :minor => 0} + }.freeze unless defined?(WIN_VERSIONS) + + marketing_names = Array.new + + # General Windows checks + WIN_VERSIONS.each do |k,v| + method_name = "#{k.gsub(/\s/, '_').downcase}?" + define_method(method_name) do + (@major_version == v[:major]) && + (@minor_version == v[:minor]) && + (v[:callable] ? v[:callable].call : true) + end + marketing_names << [k, method_name] + end + + define_method(:marketing_name) do + marketing_names.each do |mn| + break mn[0] if self.send(mn[1]) + end + end + + # Server Type checks + %w{ core full datacenter }.each do |m| + define_method("server_#{m}?") do + if @sku + !(SKU[@sku][:name] =~ /#{m}/i).nil? + else + false + end + end + end + + private + # Win32API call to GetSystemMetrics(SM_SERVERR2) + # returns: The build number if the system is Windows Server 2003 R2; otherwise, 0. + def sm_serverr2 + @sm_serverr2 ||= Win32API.new('user32', 'GetSystemMetrics', 'I', 'I').call(SM_SERVERR2) + end + + # query WMI Win32_OperatingSystem for required OS info + def get_os_info + cols = %w{ Version ProductType OSProductSuite OperatingSystemSKU ServicePackMajorVersion ServicePackMinorVersion } + os_info = WMI::Win32_OperatingSystem.find(:first) + cols.map do |c| + begin + os_info.send(c) + rescue # OperatingSystemSKU doesn't exist in all versions of Windows + nil + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/windows_privileged.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/windows_privileged.rb new file mode 100644 index 000000000..f8688358e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/libraries/windows_privileged.rb @@ -0,0 +1,94 @@ +# +# Author:: Doug MacEachern +# Author:: Paul Morton () +# Cookbook Name:: windows +# Library:: windows_privileged +# +# Copyright:: 2010, VMware, Inc. +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'windows/error' + require 'windows/registry' + require 'windows/process' + require 'windows/security' +end + +#helpers for Windows API calls that require privilege adjustments +class Chef + class WindowsPrivileged + if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + include Windows::Error + include Windows::Registry + include Windows::Process + include Windows::Security + end + #File -> Load Hive... in regedit.exe + def reg_load_key(name, file) + run(SE_BACKUP_NAME, SE_RESTORE_NAME) do + rc = RegLoadKey(HKEY_USERS, name.to_s, file) + if rc == ERROR_SUCCESS + return true + elsif rc == ERROR_SHARING_VIOLATION + return false + else + raise get_last_error(rc) + end + end + end + + #File -> Unload Hive... in regedit.exe + def reg_unload_key(name) + run(SE_BACKUP_NAME, SE_RESTORE_NAME) do + rc = RegUnLoadKey(HKEY_USERS, name.to_s) + if rc != ERROR_SUCCESS + raise get_last_error(rc) + end + end + end + + def run(*privileges) + token = [0].pack('L') + + unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, token) + raise get_last_error + end + token = token.unpack('L')[0] + + privileges.each do |name| + unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED) + raise get_last_error + end + end + + begin + yield + ensure #disable privs + privileges.each do |name| + adjust_privilege(token, name, 0) + end + end + end + + def adjust_privilege(token, priv, attr=0) + luid = [0,0].pack('Ll') + if LookupPrivilegeValue(nil, priv, luid) + new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL') + AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0) + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/metadata.rb new file mode 100644 index 000000000..67491b5b2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/metadata.rb @@ -0,0 +1,9 @@ +name "windows" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Provides a set of useful Windows-specific primitives." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.11.1" +supports "windows" +depends "chef_handler" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/auto_run.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/auto_run.rb new file mode 100644 index 000000000..36d84d6d5 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/auto_run.rb @@ -0,0 +1,32 @@ +# +# Author:: Paul Morotn () +# Cookbook Name:: windows +# Provider:: auto_run +# +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :create do + windows_registry 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do + values new_resource.name => "\"#{new_resource.program}\" #{new_resource.args}" + end +end + +action :remove do + windows_registry 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do + values new_resource.name => '' + action :remove + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/batch.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/batch.rb new file mode 100644 index 000000000..9aa347cfe --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/batch.rb @@ -0,0 +1,62 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windws +# Provider:: batch +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'tempfile' +require 'chef/resource/execute' + +action :run do + begin + script_file.puts(@new_resource.code) + script_file.close + set_owner_and_group + + # cwd hax...shell_out on windows needs to support proper 'cwd' + # follow CHEF-2357 for more + cwd = @new_resource.cwd ? "cd \"#{@new_resource.cwd}\" & " : "" + + r = Chef::Resource::Execute.new(@new_resource.name, run_context) + r.user(@new_resource.user) + r.group(@new_resource.group) + r.command("#{cwd}call \"#{script_file.path}\" #{@new_resource.flags}") + r.creates(@new_resource.creates) + r.returns(@new_resource.returns) + r.run_action(:run) + + @new_resource.updated_by_last_action(r.updated_by_last_action?) + ensure + unlink_script_file + end +end + +private +def set_owner_and_group + # FileUtils itself implements a no-op if +user+ or +group+ are nil + # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file') + # as an unprivileged user. + FileUtils.chown(@new_resource.user, @new_resource.group, script_file.path) +end + +def script_file + @script_file ||= Tempfile.open(['chef-script', '.bat']) +end + +def unlink_script_file + @script_file && @script_file.close! +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_dism.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_dism.rb new file mode 100644 index 000000000..5db9d6377 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_dism.rb @@ -0,0 +1,49 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Provider:: feature_dism +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Chef::Provider::WindowsFeature::Base +include Chef::Mixin::ShellOut +include Windows::Helper + +def install_feature(name) + # return code 3010 is valid, it indicates a reboot is required + shell_out!("#{dism} /online /enable-feature /featurename:#{@new_resource.feature_name} /norestart", {:returns => [0,42,127,3010]}) +end + +def remove_feature(name) + # return code 3010 is valid, it indicates a reboot is required + shell_out!("#{dism} /online /disable-feature /featurename:#{@new_resource.feature_name} /norestart", {:returns => [0,42,127,3010]}) +end + +def installed? + @installed ||= begin + cmd = shell_out("#{dism} /online /Get-Features", {:returns => [0,42,127]}) + cmd.stderr.empty? && (cmd.stdout =~ /^Feature Name : #{@new_resource.feature_name}.?$\n^State : Enabled.?$/i) + end +end + +private +# account for File System Redirector +# http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx +def dism + @dism ||= begin + locate_sysnative_cmd("dism.exe") + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_servermanagercmd.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_servermanagercmd.rb new file mode 100644 index 000000000..b43749b3d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/feature_servermanagercmd.rb @@ -0,0 +1,47 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Provider:: feature_servermanagercmd +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Chef::Provider::WindowsFeature::Base +include Chef::Mixin::ShellOut +include Windows::Helper + +def install_feature(name) + shell_out!("#{servermanagercmd} -install #{@new_resource.feature_name}", {:returns => [0,42,127]}) +end + +def remove_feature(name) + shell_out!("#{servermanagercmd} -remove #{@new_resource.feature_name}", {:returns => [0,42,127]}) +end + +def installed? + @installed ||= begin + cmd = shell_out("#{servermanagercmd} -query", {:returns => [0,42,127]}) + cmd.stderr.empty? && (cmd.stdout =~ /^\s*?\[X\]\s.+?\s\[#{@new_resource.feature_name}\]$/i) + end +end + +private +# account for File System Redirector +# http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx +def servermanagercmd + @servermanagercmd ||= begin + locate_sysnative_cmd("servermanagercmd.exe") + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/package.rb new file mode 100644 index 000000000..01bc8606b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/package.rb @@ -0,0 +1,252 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Provider:: package +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'win32/registry' +end + +require 'chef/mixin/shell_out' +require 'chef/mixin/language' + +include Chef::Mixin::ShellOut +include Windows::Helper + +# the logic in all action methods mirror that of +# the Chef::Provider::Package which will make +# refactoring into core chef easy + +action :install do + # If we specified a version, and it's not the current version, move to the specified version + if @new_resource.version != nil && @new_resource.version != @current_resource.version + install_version = @new_resource.version + # If it's not installed at all, install it + elsif @current_resource.version == nil + install_version = candidate_version + end + + if install_version + Chef::Log.info("Installing #{@new_resource} version #{install_version}") + status = install_package(@new_resource.package_name, install_version) + if status + @new_resource.updated_by_last_action(true) + end + end +end + +action :upgrade do + if @current_resource.version != candidate_version + orig_version = @current_resource.version || "uninstalled" + Chef::Log.info("Upgrading #{@new_resource} version from #{orig_version} to #{candidate_version}") + status = upgrade_package(@new_resource.package_name, candidate_version) + if status + @new_resource.updated_by_last_action(true) + end + end +end + +action :remove do + if removing_package? + Chef::Log.info("Removing #{@new_resource}") + remove_package(@current_resource.package_name, @new_resource.version) + @new_resource.updated_by_last_action(true) + else + end +end + +def removing_package? + if @current_resource.version.nil? + false # nothing to remove + elsif @new_resource.version.nil? + true # remove any version of a package + elsif @new_resource.version == @current_resource.version + true # remove the version we have + else + false # we don't have the version we want to remove + end +end + +def expand_options(options) + options ? " #{options}" : "" +end + +# these methods are the required overrides of +# a provider that extends from Chef::Provider::Package +# so refactoring into core Chef should be easy + +def load_current_resource + @current_resource = Chef::Resource::WindowsPackage.new(@new_resource.name) + @current_resource.package_name(@new_resource.package_name) + @current_resource.version(nil) + + unless current_installed_version.nil? + @current_resource.version(current_installed_version) + end + + @current_resource +end + +def current_installed_version + @current_installed_version ||= begin + if installed_packages.include?(@new_resource.package_name) + installed_packages[@new_resource.package_name][:version] + end + end +end + +def candidate_version + @candidate_version ||= begin + @new_resource.version || 'latest' + end +end + +def install_package(name,version) + Chef::Log.debug("Processing #{@new_resource} as a #{installer_type} installer.") + install_args = [cached_file(@new_resource.source, @new_resource.checksum), expand_options(unattended_installation_flags), expand_options(@new_resource.options)] + Chef::Log.info("Starting installation...this could take awhile.") + Chef::Log.debug "Install command: #{ sprintf(install_command_template, *install_args) }" + shell_out!(sprintf(install_command_template, *install_args), {:timeout => @new_resource.timeout, :returns => @new_resource.success_codes}) +end + +def remove_package(name, version) + uninstall_string = installed_packages[@new_resource.package_name][:uninstall_string] + Chef::Log.info("Registry provided uninstall string for #{@new_resource} is '#{uninstall_string}'") + uninstall_command = begin + if uninstall_string =~ /msiexec/i + "#{uninstall_string} /qn" + else + uninstall_string.gsub!('"','') + "start \"\" /wait /d\"#{::File.dirname(uninstall_string)}\" #{::File.basename(uninstall_string)}#{expand_options(@new_resource.options)} /S" + end + end + Chef::Log.info("Removing #{@new_resource} with uninstall command '#{uninstall_command}'") + shell_out!(uninstall_command, {:returns => @new_resource.success_codes}) +end + +private + +def install_command_template + case installer_type + when :msi + "msiexec%2$s \"%1$s\"%3$s" + else + "start \"\" /wait \"%1$s\"%2$s%3$s" + end +end + +def uninstall_command_template + case installer_type + when :msi + "msiexec %2$s %1$s" + else + "start \"\" /wait /d%1$s %2$s %3$s" + end +end + +# http://unattended.sourceforge.net/installers.php +def unattended_installation_flags + case installer_type + when :msi + # this is no-ui + "/qn /i" + when :installshield + "/s /sms" + when :nsis + "/S /NCRC" + when :inno + #"/sp- /silent /norestart" + "/verysilent /norestart" + when :wise + "/s" + else + end +end + +def installed_packages + @installed_packages || begin + installed_packages = {} + # Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE)) #rescue nil + # 64-bit registry view + # Computer\HKEY_LOCAL_MACHINE\Software\Wow6464Node\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0100))) #rescue nil + # 32-bit registry view + # Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0200))) #rescue nil + # Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall + installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_CURRENT_USER)) #rescue nil + installed_packages + end +end + +def extract_installed_packages_from_key(hkey = ::Win32::Registry::HKEY_LOCAL_MACHINE, desired = ::Win32::Registry::Constants::KEY_READ) + uninstall_subkey = 'Software\Microsoft\Windows\CurrentVersion\Uninstall' + packages = {} + begin + ::Win32::Registry.open(hkey, uninstall_subkey, desired) do |reg| + reg.each_key do |key, wtime| + begin + k = reg.open(key, desired) + display_name = k["DisplayName"] rescue nil + version = k["DisplayVersion"] rescue "NO VERSION" + uninstall_string = k["UninstallString"] rescue nil + if display_name + packages[display_name] = {:name => display_name, + :version => version, + :uninstall_string => uninstall_string} + end + rescue ::Win32::Registry::Error + end + end + end + rescue ::Win32::Registry::Error + end + packages +end + +def installer_type + @installer_type || begin + if @new_resource.installer_type + @new_resource.installer_type + else + basename = ::File.basename(cached_file(@new_resource.source, @new_resource.checksum)) + if basename.split(".").last.downcase == "msi" # Microsoft MSI + :msi + else + # search the binary file for installer type + contents = ::Kernel.open(::File.expand_path(cached_file(@new_resource.source)), "rb") {|io| io.read } # TODO limit data read in + case contents + when /inno/i # Inno Setup + :inno + when /wise/i # Wise InstallMaster + :wise + when /nsis/i # Nullsoft Scriptable Install System + :nsis + else + # if file is named 'setup.exe' assume installshield + if basename == "setup.exe" + :installshield + else + raise Chef::Exceptions::AttributeNotFound, "installer_type could not be determined, please set manually" + end + end + end + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/pagefile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/pagefile.rb new file mode 100644 index 000000000..e80247e84 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/pagefile.rb @@ -0,0 +1,153 @@ +# +# Author:: Kevin Moser () +# Cookbook Name:: windows +# Provider:: pagefile +# +# Copyright:: 2012, Nordstrom, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Chef::Mixin::ShellOut +include Windows::Helper + +action :set do + pagefile = @new_resource.name + initial_size = @new_resource.initial_size + maximum_size = @new_resource.maximum_size + system_managed = @new_resource.system_managed + automatic_managed = @new_resource.automatic_managed + updated = false + + if automatic_managed + unless automatic_managed? + set_automatic_managed + updated = true + end + else + if automatic_managed? + unset_automatic_managed + updated = true + end + + # Check that the resource is not just trying to unset automatic managed, if it is do nothing more + if (initial_size && maximum_size) || system_managed + unless exists?(pagefile) + create(pagefile) + end + + if system_managed + unless max_and_min_set?(pagefile, 0, 0) + set_system_managed(pagefile) + updated = true + end + else + unless max_and_min_set?(pagefile, initial_size, maximum_size) + set_custom_size(pagefile, initial_size, maximum_size) + updated = true + end + end + end + end + + @new_resource.updated_by_last_action(updated) +end + +action :delete do + pagefile = @new_resource.name + updated = false + + if exists?(pagefile) + delete(pagefile) + updated = true + end + + @new_resource.updated_by_last_action(updated) +end + + +private +def exists?(pagefile) + @exists ||= begin + cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", {:returns => [0]}) + cmd.stderr.empty? && (cmd.stdout =~ /SettingID=#{get_setting_id(pagefile)}/i) + end +end + +def max_and_min_set?(pagefile, min, max) + @max_and_min_set ||= begin + cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", {:returns => [0]}) + cmd.stderr.empty? && (cmd.stdout =~ /InitialSize=#{min}/i) && (cmd.stdout =~ /MaximumSize=#{max}/i) + end +end + +def create(pagefile) + Chef::Log.debug("Creating pagefile #{pagefile}") + cmd = shell_out("#{wmic} pagefileset create name=\"#{win_friendly_path(pagefile)}\"") + check_for_errors(cmd.stderr) +end + +def delete(pagefile) + Chef::Log.debug("Removing pagefile #{pagefile}") + cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete") + check_for_errors(cmd.stderr) +end + +def automatic_managed? + @automatic_managed ||= begin + cmd = shell_out("#{wmic} computersystem where name=\"%computername%\" get AutomaticManagedPagefile /format:list") + cmd.stderr.empty? && (cmd.stdout =~ /AutomaticManagedPagefile=TRUE/i) + end +end + +def set_automatic_managed + Chef::Log.debug("Setting pagefile to Automatic Managed") + cmd = shell_out("#{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True") + check_for_errors(cmd.stderr) +end + +def unset_automatic_managed + Chef::Log.debug("Setting pagefile to User Managed") + cmd = shell_out("#{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False") + check_for_errors(cmd.stderr) +end + +def set_custom_size(pagefile, min, max) + Chef::Log.debug("Setting #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") + cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}", {:returns => [0]}) + check_for_errors(cmd.stderr) +end + +def set_system_managed(pagefile) + Chef::Log.debug("Setting #{pagefile} to System Managed") + cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0", {:returns => [0]}) + check_for_errors(cmd.stderr) +end + +def get_setting_id(pagefile) + pagefile = win_friendly_path(pagefile) + pagefile = pagefile.split("\\") + "#{pagefile[1]} @ #{pagefile[0]}" +end + +def check_for_errors(stderr) + unless stderr.empty? + Chef::Log.fatal(stderr) + end +end + +def wmic + @wmic ||= begin + locate_sysnative_cmd("wmic.exe") + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/path.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/path.rb new file mode 100644 index 000000000..6ec9191c3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/path.rb @@ -0,0 +1,35 @@ +# +# Author:: Paul Morotn () +# Cookbook Name:: windows +# Provider:: path +# +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :add do + env "PATH" do + action :modify + delim ::File::PATH_SEPARATOR + value new_resource.path + end +end + +action :remove do + env "PATH" do + action :delete + delim ::File::PATH_SEPARATOR + value new_resource.path + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer.rb new file mode 100644 index 000000000..d53e2870f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer.rb @@ -0,0 +1,100 @@ +# +# Author:: Doug Ireton () +# Cookbook Name:: windows +# Provider:: printer +# +# Copyright:: 2012, Nordstrom, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + if @current_resource.exists + Chef::Log.info "#{ @new_resource } already exists - nothing to do." + else + converge_by("Create #{ @new_resource }") do + create_printer + end + end +end + +action :delete do + if @current_resource.exists + converge_by("Delete #{ @new_resource }") do + delete_printer + end + else + Chef::Log.info "#{ @current_resource } doesn't exist - can't delete." + end +end + +def load_current_resource + @current_resource = Chef::Resource::WindowsPrinter.new(@new_resource.name) + @current_resource.name(@new_resource.name) + + if printer_exists?(@current_resource.name) + # TODO: Set @current_resource printer properties from registry + @current_resource.exists = true + end +end + + +private + +PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY) + +def printer_exists?(name) + printer_reg_key = PRINTERS_REG_KEY + name + Chef::Log.debug "Checking to see if this reg key exists: '#{ printer_reg_key }'" + Registry.key_exists?(printer_reg_key) +end + +def create_printer + + # Create the printer port first + windows_printer_port new_resource.ipv4_address do + end + + port_name = "IP_#{ new_resource.ipv4_address }" + + powershell "Creating printer: #{ new_resource.name }" do + code <<-EOH + + Set-WmiInstance -class Win32_Printer ` + -EnableAllPrivileges ` + -Argument @{ DeviceID = "#{ new_resource.device_id }"; + Comment = "#{ new_resource.comment }"; + Default = "$#{ new_resource.default }"; + DriverName = "#{ new_resource.driver_name }"; + Location = "#{ new_resource.location }"; + PortName = "#{ port_name }"; + Shared = "$#{ new_resource.shared }"; + ShareName = "#{ new_resource.share_name }"; + } + EOH + end +end + +def delete_printer + powershell "Deleting printer: #{ new_resource.name }" do + code <<-EOH + $printer = Get-WMIObject -class Win32_Printer -EnableAllPrivileges -Filter "name = '#{ new_resource.name }'" + $printer.Delete() + EOH + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer_port.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer_port.rb new file mode 100644 index 000000000..ab8824746 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/printer_port.rb @@ -0,0 +1,102 @@ +# +# Author:: Doug Ireton () +# Cookbook Name:: windows +# Provider:: printer_port +# +# Copyright:: 2012, Nordstrom, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + if @current_resource.exists + Chef::Log.info "#{ @new_resource } already exists - nothing to do." + else + converge_by("Create #{ @new_resource }") do + create_printer_port + end + end +end + +action :delete do + if @current_resource.exists + converge_by("Delete #{ @new_resource }") do + delete_printer_port + end + else + Chef::Log.info "#{ @current_resource } doesn't exist - can't delete." + end +end + +def load_current_resource + @current_resource = Chef::Resource::WindowsPrinterPort.new(@new_resource.name) + @current_resource.name(@new_resource.name) + @current_resource.ipv4_address(@new_resource.ipv4_address) + @current_resource.port_name(@new_resource.port_name || "IP_#{ @new_resource.ipv4_address }") + + if port_exists?(@current_resource.port_name) + # TODO: Set @current_resource port properties from registry + @current_resource.exists = true + end +end + + +private + +PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY) + +def port_exists?(name) + port_reg_key = PORTS_REG_KEY + name + + Chef::Log.debug "Checking to see if this reg key exists: '#{ port_reg_key }'" + Registry.key_exists?(port_reg_key) +end + + +def create_printer_port + + port_name = new_resource.port_name || "IP_#{ new_resource.ipv4_address }" + + # create the printer port using PowerShell + powershell "Creating printer port #{ new_resource.port_name }" do + code <<-EOH + + Set-WmiInstance -class Win32_TCPIPPrinterPort ` + -EnableAllPrivileges ` + -Argument @{ HostAddress = "#{ new_resource.ipv4_address }"; + Name = "#{ port_name }"; + Description = "#{ new_resource.port_description }"; + PortNumber = "#{ new_resource.port_number }"; + Protocol = "#{ new_resource.port_protocol }"; + SNMPEnabled = "$#{ new_resource.snmp_enabled }"; + } + EOH + end +end + +def delete_printer_port + + port_name = new_resource.port_name || "IP_#{ new_resource.ipv4_address }" + + powershell "Deleting printer port: #{ new_resource.port_name }" do + code <<-EOH + $port = Get-WMIObject -class Win32_TCPIPPrinterPort -EnableAllPrivileges -Filter "name = '#{ port_name }'" + $port.Delete() + EOH + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/reboot.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/reboot.rb new file mode 100644 index 000000000..4fc5032d3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/reboot.rb @@ -0,0 +1,31 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Provider:: reboot +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :request do + node.run_state[:reboot_requested] = true + node.run_state[:reboot_timeout] = @new_resource.timeout + node.run_state[:reboot_reason] = @new_resource.reason +end + +action :cancel do + node.run_state.delete(:reboot_requested) + node.run_state.delete(:reboot_timeout) + node.run_state.delete(:reboot_reason) +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/registry.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/registry.rb new file mode 100644 index 000000000..afd03ff93 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/registry.rb @@ -0,0 +1,72 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Author:: Paul Morton () +# Cookbook Name:: windows +# Provider:: registry +# +# Copyright:: 2010, VMware, Inc. +# Copyright:: 2011, Opscode, Inc. +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Windows::RegistryHelper + +action :create do + registry_update(:create) +end + +action :modify do + registry_update(:open) +end + +action :force_modify do + require 'timeout' + Timeout.timeout(120) do + @new_resource.values.each do |value_name, value_data| + i = 1 + until i > 5 do + desired_value_data = value_data + current_value_data = get_value(@new_resource.key_name.dup, value_name.dup) + if current_value_data.to_s == desired_value_data.to_s + Chef::Log.debug("#{@new_resource} value [#{value_name}] desired [#{desired_value_data}] data already set. Check #{i}/5.") + i+=1 + else + Chef::Log.debug("#{@new_resource} value [#{value_name}] current [#{current_value_data}] data not equal to desired [#{desired_value_data}] data. Setting value and restarting check loop.") + begin + registry_update(:open) + rescue Exception + registry_update(:create) + end + i=0 # start count loop over + end + end + end + break + end +end + +action :remove do + delete_value(@new_resource.key_name,@new_resource.values) +end + +private +def registry_update(mode) + + Chef::Log.debug("Registry Mode (#{mode})") + updated = set_value(mode,@new_resource.key_name,@new_resource.values,@new_resource.type) + @new_resource.updated_by_last_action(updated) + +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/shortcut.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/shortcut.rb new file mode 100644 index 000000000..9fd9a88a1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/shortcut.rb @@ -0,0 +1,56 @@ +# +# Author:: Doug MacEachern +# Cookbook Name:: windows +# Provider:: shortcut +# +# Copyright:: 2010, VMware, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def load_current_resource + require 'win32ole' + + @link = WIN32OLE.new("WScript.Shell").CreateShortcut(@new_resource.name) + + @current_resource = Chef::Resource::WindowsShortcut.new(@new_resource.name) + @current_resource.name(@new_resource.name) + @current_resource.target(@link.TargetPath) + @current_resource.arguments(@link.Arguments) + @current_resource.description(@link.Description) + @current_resource.cwd(@link.WorkingDirectory) +end + +# Check to see if the shorcut needs any changes +# +# === Returns +# :: If a change is required +# :: If the shorcuts are identical +def compare_shortcut + [:target, :arguments, :description, :cwd].any? do |attr| + !@new_resource.send(attr).nil? && @current_resource.send(attr) != @new_resource.send(attr) + end +end + +def action_create + if compare_shortcut + @link.TargetPath = @new_resource.target if @new_resource.target != nil + @link.Arguments = @new_resource.arguments if @new_resource.arguments != nil + @link.Description = @new_resource.description if @new_resource.description != nil + @link.WorkingDirectory = @new_resource.cwd if @new_resource.cwd != nil + #ignoring: WindowStyle, Hotkey, IconLocation + @link.Save + Chef::Log.info("Added #{@new_resource} shortcut") + new_resource.updated_by_last_action(true) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/task.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/task.rb new file mode 100644 index 000000000..dcae506c2 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/task.rb @@ -0,0 +1,130 @@ +# +# Author:: Paul Mooring () +# Cookbook Name:: windows +# Provider:: task +# +# Copyright:: 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/shell_out' +include Chef::Mixin::ShellOut + +action :create do + if @current_resource.exists + Chef::Log.info "#{@new_resource} task already exists - nothing to do" + else + use_force = @new_resource.force ? '/F' : '' + cmd = "schtasks /Create #{use_force} /TN \"#{@new_resource.name}\" " + schedule = @new_resource.frequency == :on_logon ? "ONLOGON" : @new_resource.frequency + cmd += "/SC #{schedule} " + cmd += "/MO #{@new_resource.frequency_modifier} " if [:minute, :hourly, :daily, :weekly, :monthly].include?(@new_resource.frequency) + cmd += "/SD \"#{@new_resource.start_day}\" " unless @new_resource.start_day.nil? + cmd += "/ST \"#{@new_resource.start_time}\" " unless @new_resource.start_time.nil? + cmd += "/TR \"#{@new_resource.command}\" " + if @new_resource.user && @new_resource.password + cmd += "/RU \"#{@new_resource.user}\" /RP \"#{@new_resource.password}\" " + elsif (@new_resource.user and !@new_resource.password) || (@new_resource.password and !@new_resource.user) + Chef::Log.fatal "#{@new_resource.name}: Can't specify user or password without both!" + end + cmd += "/RL HIGHEST " if @new_resource.run_level == :highest + shell_out!(cmd, {:returns => [0]}) + @new_resource.updated_by_last_action true + Chef::Log.info "#{@new_resource} task created" + end +end + +action :run do + if @current_resource.exists + if @current_resource.status == :running + Chef::Log.info "#{@new_resource} task is currently running, skipping run" + else + cmd = "schtasks /Run /TN \"#{@current_resource.name}\"" + shell_out!(cmd, {:returns => [0]}) + @new_resource.updated_by_last_action true + Chef::Log.info "#{@new_resource} task ran" + end + else + Chef::Log.debug "#{@new_resource} task doesn't exists - nothing to do" + end +end + +action :change do + if @current_resource.exists + cmd = "schtasks /Change /TN \"#{@current_resource.name}\" " + cmd += "/TR \"#{@new_resource.command}\" " if @new_resource.command + if @new_resource.user && @new_resource.password + cmd += "/RU \"#{@new_resource.user}\" /RP \"#{@new_resource.password}\" " + elsif (@new_resource.user and !@new_resource.password) || (@new_resource.password and !@new_resource.user) + Chef::Log.fatal "#{@new_resource.name}: Can't specify user or password without both!" + end + shell_out!(cmd, {:returns => [0]}) + @new_resource.updated_by_last_action true + Chef::Log.info "Change #{@new_resource} task ran" + else + Chef::Log.debug "#{@new_resource} task doesn't exists - nothing to do" + end +end + +action :delete do + if @current_resource.exists + use_force = @new_resource.force ? '/F' : '' + cmd = "schtasks /Delete #{use_force} /TN \"#{@current_resource.name}\"" + shell_out!(cmd, {:returns => [0]}) + @new_resource.updated_by_last_action true + Chef::Log.info "#{@new_resource} task deleted" + else + Chef::Log.debug "#{@new_resource} task doesn't exists - nothing to do" + end +end + +def load_current_resource + @current_resource = Chef::Resource::WindowsTask.new(@new_resource.name) + @current_resource.name(@new_resource.name) + + task_hash = load_task_hash(@current_resource.name) + if task_hash[:TaskName] == '\\' + @new_resource.name + @current_resource.exists = true + if task_hash[:Status] == "Running" + @current_resource.status = :running + end + @current_resource.cwd(task_hash[:Folder]) + @current_resource.command(task_hash[:TaskToRun]) + @current_resource.user(task_hash[:RunAsUser]) + end if task_hash.respond_to? :[] +end + +private + +def load_task_hash(task_name) + Chef::Log.debug "looking for existing tasks" + output = `schtasks /Query /FO LIST /V /TN \"#{task_name}\" 2> NUL` + if output.empty? + task = false + else + task = Hash.new + + output.split("\n").map! do |line| + line.split(":", 2).map! do |field| + field.strip + end + end.each do |field| + if field.kind_of? Array and field[0].respond_to? :to_sym + task[field[0].gsub(/\s+/,"").to_sym] = field[1] + end + end + end + + task +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/zipfile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/zipfile.rb new file mode 100644 index 000000000..2760d810e --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/providers/zipfile.rb @@ -0,0 +1,91 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Provider:: unzip +# +# Copyright:: 2010, VMware, Inc. +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Windows::Helper + +require 'find' + +action :unzip do + ensure_rubyzip_gem_installed + Chef::Log.debug("unzip #{@new_resource.source} => #{@new_resource.path} (overwrite=#{@new_resource.overwrite})") + + Zip::File.open(cached_file(@new_resource.source, @new_resource.checksum)) do |zip| + zip.each do |entry| + path = ::File.join(@new_resource.path, entry.name) + FileUtils.mkdir_p(::File.dirname(path)) + if @new_resource.overwrite && ::File.exists?(path) && !::File.directory?(path) + FileUtils.rm(path) + end + zip.extract(entry, path) + end + end + @new_resource.updated_by_last_action(true) +end + +action :zip do + ensure_rubyzip_gem_installed + # sanitize paths for windows. + @new_resource.source.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR) + @new_resource.path.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR) + Chef::Log.debug("zip #{@new_resource.source} => #{@new_resource.path} (overwrite=#{@new_resource.overwrite})") + + if @new_resource.overwrite == false && ::File.exists?(@new_resource.path) + Chef::Log.info("file #{@new_resource.path} already exists and overwrite is set to false, exiting") + else + # delete the archive if it already exists, because we are recreating it. + if ::File.exists?(@new_resource.path) + ::File.unlink(@new_resource.path) + end + # only supporting compression of a single directory (recursively). + if ::File.directory?(@new_resource.source) + z = Zip::File.new(@new_resource.path, true) + unless @new_resource.source =~ /::File::ALT_SEPARATOR$/ + @new_resource.source << ::File::ALT_SEPARATOR + end + Find.find(@new_resource.source) do |f| + f.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR) + # don't add root directory to the zipfile. + next if f == @new_resource.source + # strip the root directory from the filename before adding it to the zipfile. + zip_fname = f.sub(@new_resource.source, '') + Chef::Log.debug("adding #{zip_fname} to archive, sourcefile is: #{f}") + z.add(zip_fname, f) + end + z.close + else + Chef::Log.info("Single directory must be specified for compression, and #{@new_resource.source} does not meet that criteria.") + end + end +end + +private +def ensure_rubyzip_gem_installed + begin + require 'zip' + rescue LoadError + Chef::Log.info("Missing gem 'rubyzip'...installing now.") + chef_gem "rubyzip" do + version node['windows']['rubyzipversion'] + end + require 'zip' + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/default.rb new file mode 100644 index 000000000..f0dbffb6a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/default.rb @@ -0,0 +1,34 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Recipe:: default +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# gems with precompiled binaries +%w{ win32-api win32-service }.each do |win_gem| + chef_gem win_gem do + options '--platform=mswin32' + action :install + end +end + +# the rest +%w{ windows-api windows-pr win32-dir win32-event win32-mutex }.each do |win_gem| + chef_gem win_gem do + action :install + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/reboot_handler.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/reboot_handler.rb new file mode 100644 index 000000000..2e55b91fd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/recipes/reboot_handler.rb @@ -0,0 +1,32 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Recipe:: restart_handler +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +remote_directory node['chef_handler']['handler_path'] do + source 'handlers' + recursive true + action :create +end + +chef_handler 'WindowsRebootHandler' do + source "#{node['chef_handler']['handler_path']}/windows_reboot_handler.rb" + arguments node['windows']['allow_pending_reboots'] + supports :report => true, :exception => false + action :enable +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/auto_run.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/auto_run.rb new file mode 100644 index 000000000..7beecc56b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/auto_run.rb @@ -0,0 +1,30 @@ +# +# Author:: Paul Morotn () +# Cookbook Name:: windows +# Resource:: auto_run +# +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def initialize(name,run_context=nil) + super + @action = :create +end + +actions :create, :remove + +attribute :program, :kind_of => String +attribute :name, :kind_of => String, :name_attribute => true +attribute :args, :kind_of => String, :default => '' diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/batch.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/batch.rb new file mode 100644 index 000000000..7d4e9175c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/batch.rb @@ -0,0 +1,36 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Resource:: batch +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :run + +attribute :command, :kind_of => String, :name_attribute => true +attribute :cwd, :kind_of => String, :default => nil +attribute :code, :kind_of => String, :default => nil +attribute :user, :kind_of => [ String, Integer ], :default => nil +attribute :group, :kind_of => [ String, Integer ], :default => nil +attribute :creates, :kind_of => [ String ], :default => nil +attribute :flags, :kind_of => [ String ], :default => nil +attribute :returns, :kind_of => [Integer, Array], :default => 0 + +def initialize(name, run_context=nil) + super + @action = :run + @command = name +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/feature.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/feature.rb new file mode 100644 index 000000000..b67c0fb5d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/feature.rb @@ -0,0 +1,40 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Resource:: feature +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include Windows::Helper + +actions :install, :remove + +attribute :feature_name, :kind_of => String, :name_attribute => true + +def initialize(name, run_context=nil) + super + @action = :install + @provider = lookup_provider_constant(locate_default_provider) +end + +private +def locate_default_provider + if ::File.exists?(locate_sysnative_cmd('dism.exe')) + :windows_feature_dism + elsif ::File.exists?(locate_sysnative_cmd('servermanagercmd.exe')) + :windows_feature_servermanagercmd + end +end \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/package.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/package.rb new file mode 100644 index 000000000..a9e822e85 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/package.rb @@ -0,0 +1,46 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Resource:: package +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :install, :remove + +default_action :install + +attribute :package_name, :kind_of => String, :name_attribute => true +attribute :source, :kind_of => String, :required => true +attribute :version, :kind_of => String +attribute :options, :kind_of => String +attribute :installer_type, :kind_of => Symbol, :default => nil, :equal_to => [:msi, :inno, :nsis, :wise, :installshield, :custom] +attribute :checksum, :kind_of => String +attribute :timeout, :kind_of => Integer, :default => 600 +attribute :success_codes, :kind_of => Array, :default => [0, 42, 127] + +# TODO + +# add preseeding support +#attribute :response_file + +# allow target dirtory of installation to be set +#attribute :target_dir + +# Covers 0.10.8 and earlier +def initialize(*args) + super + @action = :install +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/pagefile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/pagefile.rb new file mode 100644 index 000000000..3d95f13f3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/pagefile.rb @@ -0,0 +1,29 @@ +# +# Author:: Kevin Moser () +# Cookbook Name:: windows +# Resource:: pagefile +# +# Copyright:: 2012, Nordstrom, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :set, :delete + +attribute :name, :kind_of => String, :name_attribute => true +attribute :system_managed, :kind_of => [TrueClass, FalseClass] +attribute :automatic_managed, :kind_of => [TrueClass, FalseClass], :default => false +attribute :initial_size, :kind_of => Integer +attribute :maximum_size, :kind_of => Integer + +default_action :set \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/path.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/path.rb new file mode 100644 index 000000000..f39aa8eb1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/path.rb @@ -0,0 +1,28 @@ +# +# Author:: Paul Morotn () +# Cookbook Name:: windows +# Resource:: path +# +# Copyright:: 2011, Business Intelligence Associates, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def initialize(name,run_context=nil) + super + @action = :add +end + +actions :add, :remove + +attribute :path, :kind_of => String, :name_attribute => true diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer.rb new file mode 100644 index 000000000..5effa3370 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer.rb @@ -0,0 +1,41 @@ +# +# Author:: Doug Ireton () +# Cookbook Name:: windows +# Resource:: printer +# +# Copyright:: 2012, Nordstrom, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# See here for more info: +# http://msdn.microsoft.com/en-us/library/windows/desktop/aa394492(v=vs.85).aspx + +require 'resolv' + +actions :create, :delete + +default_action :create + +attribute :device_id, :kind_of => String, :name_attribute => true, + :required => true +attribute :comment, :kind_of => String + +attribute :default, :kind_of => [ TrueClass, FalseClass ], :default => false +attribute :driver_name, :kind_of => String, :required => true +attribute :location, :kind_of => String +attribute :shared, :kind_of => [ TrueClass, FalseClass ], :default => false +attribute :share_name, :kind_of => String + +attribute :ipv4_address, :kind_of => String, :regex => Resolv::IPv4::Regex + +attr_accessor :exists diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer_port.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer_port.rb new file mode 100644 index 000000000..b79a6fcf1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/printer_port.rb @@ -0,0 +1,40 @@ +# +# Author:: Doug Ireton () +# Cookbook Name:: windows +# Resource:: printer_port +# +# Copyright:: 2012, Nordstrom, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# See here for more info: +# http://msdn.microsoft.com/en-us/library/windows/desktop/aa394492(v=vs.85).aspx + +require 'resolv' + +actions :create, :delete + +default_action :create + +attribute :ipv4_address, :name_attribute => true, :kind_of => String, + :required => true, :regex => Resolv::IPv4::Regex + +attribute :port_name , :kind_of => String +attribute :port_number , :kind_of => Fixnum, :default => 9100 +attribute :port_description, :kind_of => String +attribute :snmp_enabled , :kind_of => [ TrueClass, FalseClass ], + :default => false + +attribute :port_protocol, :kind_of => Fixnum, :default => 1, :equal_to => [1, 2] + +attr_accessor :exists diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/reboot.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/reboot.rb new file mode 100644 index 000000000..f19a3d2dd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/reboot.rb @@ -0,0 +1,29 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Resource:: reboot +# +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :request, :cancel + +attribute :timeout, :kind_of => Integer, :name_attribute => true +attribute :reason, :kind_of => String, :default => '' + +def initialize(name,run_context=nil) + super + @action = :request +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/registry.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/registry.rb new file mode 100644 index 000000000..92b63d2c9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/registry.rb @@ -0,0 +1,34 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Resource:: registry +# +# Copyright:: 2010, VMware, Inc. +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create, :modify, :force_modify, :remove + +attribute :key_name, :kind_of => String, :name_attribute => true +attribute :values, :kind_of => Hash +attribute :type, :kind_of => Symbol, :default => nil, :equal_to => [:binary, :string, :multi_string, :expand_string, :dword, :dword_big_endian, :qword] + +def initialize(name, run_context=nil) + super + @action = :modify + @key_name = name + Chef::Log.warn("Please use the registry_key resource in Chef Client 11. The windows_registry LWRP is still supported for Chef Client 10, but is deprecated in future versions.") +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/shortcut.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/shortcut.rb new file mode 100644 index 000000000..eb6268b42 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/shortcut.rb @@ -0,0 +1,35 @@ +# +# Author:: Doug MacEachern +# Cookbook Name:: windows +# Resource:: shortcut +# +# Copyright:: 2010, VMware, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create + +default_action :create + +attribute :name, :kind_of => String +attribute :target, :kind_of => String +attribute :arguments, :kind_of => String +attribute :description, :kind_of => String +attribute :cwd, :kind_of => String + +# Covers 0.10.8 and earlier +def initialize(*args) + super + @action = :create +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/task.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/task.rb new file mode 100644 index 000000000..867b8916b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/task.rb @@ -0,0 +1,50 @@ +# +# Author:: Paul Mooring () +# Cookbook Name:: windows +# Resource:: task +# +# Copyright:: 2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Passwords can't be loaded for existing tasks, making :modify both confusing +# and not very useful +actions :create, :delete, :run, :change + +attribute :name, :kind_of => String, :name_attribute => true +attribute :command, :kind_of => String +attribute :cwd, :kind_of => String +attribute :user, :kind_of => String, :default => nil +attribute :password, :kind_of => String, :default => nil +attribute :run_level, :equal_to => [:highest, :limited], :default => :limited +attribute :force, :kind_of => [ TrueClass, FalseClass ], :default => false +attribute :frequency_modifier, :kind_of => Integer, :default => 1 +attribute :frequency, :equal_to => [:minute, + :hourly, + :daily, + :weekly, + :monthly, + :once, + :on_logon, + :onstart, + :on_idle], :default => :hourly +attribute :start_day, :kind_of => String, :default => nil +attribute :start_time, :kind_of => String, :default => nil + +attr_accessor :exists, :status + +def initialize(name, run_context=nil) + super + @action = :create +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/zipfile.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/zipfile.rb new file mode 100644 index 000000000..02658164c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/windows/resources/zipfile.rb @@ -0,0 +1,33 @@ +# +# Author:: Doug MacEachern () +# Author:: Seth Chisamore () +# Cookbook Name:: windows +# Resource:: unzip +# +# Copyright:: 2010, VMware, Inc. +# Copyright:: 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :unzip, :zip + +attribute :path, :kind_of => String, :name_attribute => true +attribute :source, :kind_of => String +attribute :overwrite, :kind_of => [ TrueClass, FalseClass ], :default => false +attribute :checksum, :kind_of => String + +def initialize(name, run_context=nil) + super + @action = :unzip +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CHANGELOG.md new file mode 100644 index 000000000..f433e24dd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CHANGELOG.md @@ -0,0 +1,3 @@ +## v1.1.0: + +* [COOK-2076] - Add Amazon Linux support diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CONTRIBUTING b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CONTRIBUTING new file mode 100644 index 000000000..89ac873b4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.opscode.com + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.opscode.com/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Opscode will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/README.md new file mode 100644 index 000000000..3358ad866 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/README.md @@ -0,0 +1,30 @@ +Description +==== + +Installs packages for working with XFS filesystems. + +Requirements +==== + +Tested on Ubuntu 10.04, CentOS 5.5, Amazon Linux and Scientific Linux 6.0. + +Should work on any Debian or Red Hat family Linux distributions that +have the xfs packages in a default repository. + +License and Author +==== + +Author:: Joshua Timberman () +Copyright:: 2009-2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.json new file mode 100644 index 000000000..ffc38fa9d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.json @@ -0,0 +1,37 @@ +{ + "name": "xfs", + "description": "Installs packages for working with XFS", + "long_description": "Description\n====\n\nInstalls packages for working with XFS filesystems.\n\nRequirements\n====\n\nTested on Ubuntu 10.04, CentOS 5.5, Amazon Linux and Scientific Linux 6.0.\n\nShould work on any Debian or Red Hat family Linux distributions that\nhave the xfs packages in a default repository.\n\nLicense and Author\n====\n\nAuthor:: Joshua Timberman ()\nCopyright:: 2009-2011, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "amazon": ">= 0.0.0", + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "scientific": ">= 0.0.0", + "fedora": ">= 0.0.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "xfs": "Installs packages for working with XFS" + }, + "version": "1.1.0" +} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.rb new file mode 100644 index 000000000..8d838bba3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/metadata.rb @@ -0,0 +1,13 @@ +name "xfs" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs packages for working with XFS" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.1.0" + +recipe "xfs", "Installs packages for working with XFS" + +%w{ amazon debian ubuntu redhat centos scientific fedora }.each do |os| + supports os +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/recipes/default.rb new file mode 100644 index 000000000..d738282e8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/xfs/recipes/default.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: xfs +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "xfsprogs" + +case node["platform_family"] +when "debian" + package "xfsdump" + package "xfslibs-dev" +when "rhel", "fedora" + package"xfsprogs-devel" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/.kitchen.yml b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/.kitchen.yml new file mode 100644 index 000000000..12ae8ce2c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/.kitchen.yml @@ -0,0 +1,22 @@ +--- +driver_plugin: vagrant +platforms: +- name: centos-6.4 + driver_config: + box: opscode-centos-6.4 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box + require_chef_omnibus: true + run_list: +- name: centos-5.9 + driver_config: + box: opscode-centos-5.9 + box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box + require_chef_omnibus: true + run_list: + +suites: +- name: test + run_list: + - recipe[minitest-handler] + - recipe[yum::test] + attributes: {} diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/Berksfile b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/Berksfile new file mode 100644 index 000000000..6a8a4a9c0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/Berksfile @@ -0,0 +1,7 @@ +site :opscode + +metadata + +group :integration do + cookbook "minitest-handler" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CHANGELOG.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CHANGELOG.md new file mode 100644 index 000000000..134319313 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CHANGELOG.md @@ -0,0 +1,110 @@ +## v2.3.0: + +### New Feature + +- [COOK-2924]: Yum should allow type setting in repo file + +## v2.2.4: + +### Bug + +- [COOK-2360]: last commit to `yum_repository` changes previous behaviour +- [COOK-3015]: Yum cookbook test minitest to fail + +## v2.2.2: + +### Improvement + +- [COOK-2741]: yum::elrepo +- [COOK-2946]: update tests, test kitchen support in yum cookbook + +### Bug + +- [COOK-2639]: Yum cookbook - epel - always assumes url is a mirror list +- [COOK-2663]: Yum should allow metadata_expire setting in repo file +- [COOK-2751]: Update yum.ius_release version to 1.0-11 + +## v2.2.0: + +* [COOK-2189] - yum::ius failed on install (caused from rpm dependency) +* [COOK-2196] - Make includepkgs and exclude configurable for each repos +* [COOK-2244] - Allow configuring caching using attributes +* [COOK-2399] - yum cookbook LWRPs fail FoodCritic +* [COOK-2519] - Add priority option to Yum repo files +* [COOK-2593] - allow integer or string for yum priority +* [COOK-2643] - don't use conditional attribute for `yum_key` `remote_file` + +## v2.1.0: + +* [COOK-2045] - add remi repository recipe +* [COOK-2121] - add `:create` action to `yum_repository` + +## v2.0.6: + +* [COOK-2037] - minor style fixes +* [COOK-2038] - updated README + +## v2.0.4: + +* [COOK-1908] - unable to install repoforge on CentOS 6 32 bit + +## v2.0.2: + +* [COOK-1758] - Add default action for repository resource + +## v2.0.0: + +This version changes the behavior of the EPEL recipe (most commonly +used in other Opscode cookbooks) on Amazon, and removes an attribute, +`node['yum']['epel_release']`. See the README for details. + +* [COOK-1772] - Simplify management of EPEL with LWRP + +## v1.0.0: + +`mirrorlist` in the `yum_repository` LWRP must be set to the mirror +list URI to use rather than setting it to true. See README.md. + +* [COOK-1088] - use dl.fedoraproject.org for EPEL to prevent redirects +* [COOK-1653] - fix mirrorlist +* [COOK-1710] - support http proxy +* [COOK-1722] - update IUS version + +## v0.8.2: + +* [COOK-1521] - add :update action to `yum_repository` + +## v0.8.0: + +* [COOK-1204] - Make 'add' default action for yum_repository +* [COOK-1351] - option to not make the yum cache (via attribute) +* [COOK-1353] - x86_64 centos path fixes +* [COOK-1414] - recipe for repoforge + + +## v0.6.2: + +* Updated README to remove git diff artifacts. + +## v0.6.0: + +* Default action for the yum_repository LWRP is now add. +* [COOK-1227] - clear Chefs internal cache after adding new yum repo +* [COOK-1262] - yum::epel should enable existing repo on Amazon Linux +* [COOK-1272], [COOK-1302] - update RPM file for CentOS / RHEL 6 +* [COOK-1330] - update cookbook documentation on excludes for yum +* [COOK-1346] - retry remote_file for EPEL in case we get an FTP mirror + + +## v0.5.2: + +* [COOK-825] - epel and ius `remote_file` should notify the `rpm_package` to install + +## v0.5.0: + +* [COOK-675] - add recipe for handling EPEL repository +* [COOK-722] - add recipe for handling IUS repository + +## v.0.1.2: + +* Remove yum update in default recipe, that doesn't update caches, it updates packages installed. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CONTRIBUTING.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CONTRIBUTING.md new file mode 100644 index 000000000..3a9989787 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/CONTRIBUTING.md @@ -0,0 +1,257 @@ +# Contributing to Opscode Cookbooks + +We are glad you want to contribute to Opscode Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.opscode.com) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.opscode.com) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Opscode +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.opscode.com) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/opscode-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Opscode's open source cookbook projects are available on +[Github](http://www.github.com/opscode-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run tests under +[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It +uses minitest-chef to run integration tests after the node has been +converged to verify that the state of the node. + +Test kitchen should run completely without exception using the default +[baseboxes provided by Opscode](https://github.com/opscode/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the Kitchenfile, it may take some time for +these tests to complete. + +If your changes are only for a specific recipe, run only its +configuration with Test Kitchen. If you are adding a new recipe, or +other functionality such as a LWRP or definition, please add +appropriate tests and ensure they run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Opscode regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Opscode Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Opscode's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Opscode Blog](http://www.opscode.com/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.opscode.com/sympa/info/chef) and + [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.opscode.com) +* [Chef wiki](http://wiki.opscode.com/display/chef) +* Opscode Chef [product page](http://www.opscode.com/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Opscode +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Opscode will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/LICENSE b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/LICENSE new file mode 100644 index 000000000..11069edd7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/README.md b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/README.md new file mode 100644 index 000000000..74ccd5202 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/README.md @@ -0,0 +1,272 @@ +# Description + +Configures various YUM components on Red Hat-like systems. Includes +LWRP for managing repositories and their GPG keys. + +Based on the work done by Eric Wolfe and Charles Duffy on the +[yumrepo](https://github.com/atomic-penguin/cookbook-yumrepo) cookbook. + +# Requirements + +Red Hat Enterprise Linux 5, and 6 distributions within this platform +family. + +# Attributes + +* `yum['exclude']` + - An array containing a list of packages to exclude from updates or + installs. Wildcards and shell globs are supported. + - Defaults to an empty exclude list. + +* `yum['installonlypkgs']` + - An array containing a list of packages which should only be + installed, never updated. + - Defaults to an empty install-only list. + +* `yum['ius_release']` + - Set the IUS release to install. + - Defaults to the current release of the IUS repo. + +* `yum['repoforge_release']` + - Set the RepoForge release to install. + - Defaults to the current release of the repoforge repo. + +EPEL attributes used in the `yum::epel` recipe, see +`attributes/epel.rb` for default values: + +* `yum['epel']['key']` + - Name of the GPG key used for the repo. + +* `yum['epel']['baseurl']` + - Base URL to an EPEL mirror. + +* `yum['epel']['url']` + - URL to the EPEL mirrorlist. + +* `yum['epel']['key_url']` + - URL to the GPG key for the repo. + +* `yum['epel']['includepkgs']` + - list of packages you want to use for the repo. + +* `yum['epel']['exclude']` + - list of packages you do NOT want to use for the repo. + +The `node['yum']['epel_release']` attribute is removed, see the __epel__ +recipe information below. + +remi attributes used in the `yum::remi` recipe, see +`attributes/remi.rb` for default values: + +* `yum['remi']['key']` + - Name of the GPG key used for the repo. + +* `yum['remi']['url']` + - URL to the remi mirrorlist. + +* `yum['remi']['key_url']` + - URL to the GPG key for the repo. + +* `yum['remi']['includepkgs']` + - list of packages you want to use for the repo. + +* `yum['remi']['exclude']` + - list of packages you do NOT want to use for the repo. + +Proxy settings used in yum.conf on RHEL family 5 and 6: + +* `yum['proxy']` + - Set the URL for an HTTP proxy + - None of the proxy settings are used if this is an empty string + (default) + +* `yum['proxy_username']` + - Set the username for the proxy + - not used if `yum['proxy']` above is an empty string + +* `yum['proxy_password']` + - Set the password for the proxy + - not used if `yum['proxy']` above is an empty string + +# Recipes + +## default + +The default recipe does nothing. + +## yum + +Manages the configuration of the `/etc/yum.conf` via attributes. See +the aforementioned Array attributes `yum['exclude']` and +`yum['installonlypkgs']`. + +## epel + +Uses the `yum_key` and `yum_repository` resources from this cookbook +are used to manage the main EPEL repository. If you need other EPEL +repositories (source, debug-info), use the `yum_repository` LWRP in +your own cookbook where those packages are required. The recipe will +use the `yum['epel']` attributes (see above) to configure the key, url +and download the GPG key for the repo. The defaults are detected by +platform and version and should just work without modification in most +use cases. + +On all platforms except Amazon, the action is to add the repository. +On Amazon, the action is add and update. + +Amazon Linux has the EPEL repositories already added in the AMI. In +previous versions of this cookbook, they were enabled with +`yum-config-manager`, however in the current version, we manage the +repository using the LWRP. The main difference is that the source and +debuginfo repositories are not available, but if they're needed, add +them using the `yum_repository` LWRP in your own cookbook(s). + +## ius + +Installs the [IUS Community repositories](http://iuscommunity.org/Repos) +via RPM. Uses the `node['yum']['ius_release']` attribute to select the +right version of the package to install. + +The IUS repository requires EPEL, and includes `yum::epel` as a +dependency. + +## repoforge + +Installs the [RepoForge repositories](http://repoforge.org/) +via RPM. Uses the `node['yum']['repoforge_release']` attribute to select the +right version of the package to install. + +The RepoForge repository requires EPEL, and includes `yum::epel` as a +dependency. + +## remi + +Install the [Les RPM de Remi - Repository](http://rpms.famillecollet.com/) +with the `yum_key` and `yum_repository` resources from this cookbook +are used to manage the remi repository. Use the `yum['remi']` +attributes (see above) to configure the key, url and download the GPG +key for the repo. The defaults are detected by platform and should +just work without modification in most use cases. + +# Resources/Providers + +## yum_key + +This LWRP handles importing GPG keys for YUM repositories. Keys can be +imported by the `url` parameter or placed in `/etc/pki/rpm-gpg/` by a +recipe and then installed with the LWRP without passing the URL. + +### Actions + +- :add: installs the GPG key into `/etc/pki/rpm-gpg/` +- :remove: removes the GPG key from `/etc/pki/rpm-gpg/` + +#### Attribute Parameters + +- key: name attribute. The name of the GPG key to install. +- url: if the key needs to be downloaded, the URL providing the download. + +#### Example + +``` ruby +# add the Zenoss GPG key +yum_key "RPM-GPG-KEY-zenoss" do + url "http://dev.zenoss.com/yum/RPM-GPG-KEY-zenoss" + action :add +end + +# remove Zenoss GPG key +yum_key "RPM-GPG-KEY-zenoss" do + action :remove +end +``` + +### yum_repository + +This LWRP provides an easy way to manage additional YUM repositories. +GPG keys can be managed with the `yum_key` LWRP. The LWRP automatically +updates the package management cache upon the first run, when a new +repo is added. + +#### Actions + +- :create: creates a repository file and builds the repository listing +- :add: runs create action if repository file is missing (default) +- :remove: removes the repository file +- :update: updates the repository + +#### Attribute Parameters + +- repo_name: name attribute. The name of the channel to discover +- description. The description of the repository +- url: The URL providing the packages, used for baseurl in the config +- mirrorlist: Set this as a string containing the URI to the + mirrorlist, start with "http://", "ftp://", "file://"; use "file://" + if the mirrorlist is a text file on the system. +- key: Optional, the name of the GPG key file installed by the `key` + LWRP. +- enabled: Default is `1`, set to `0` if the repository is disabled. +- type: Optional, alternate type of repository +- failovermethod: Optional, failovermethod +- bootstrapurl: Optional, bootstrapurl +- make_cache: Optional, Default is `true`, if `false` then `yum -q + makecache` will not be ran +- metadata_expire: Optional, Default is nil (or not applied) +- type: Optional, Default is nil (or not applied) + +*Note*: When using both url (to set baseurl) and mirrorlist, it is probably a +good idea to also install the fastestmirror plugin, and use +failovermethod "priority". + +### Example + +``` ruby +# add the Zenoss repository +yum_repository "zenoss" do + repo_name "zenoss" + description "Zenoss Stable repo" + url "http://dev.zenoss.com/yum/stable/" + key "RPM-GPG-KEY-zenoss" + action :add +end + +# remove Zenoss repo +yum_repository "zenoss" do + action :remove +end +``` + +# Usage + +Put `recipe[yum::yum]` in the run list to ensure yum is configured +correctly for your environment within your Chef run. + +Use the `yum::epel` recipe to enable EPEL, or the `yum::ius` recipe to +enable IUS, or the `yum::repoforge` recipe to enable RepoForge, or the +`yum::remi` recipe to enable remi per __Recipes__ section above. + +You can manage GPG keys either with cookbook_file in a recipe if you +want to package it with a cookbook or use the `url` parameter of the +`key` LWRP. + +# License and Author + +- Author:: Eric G. Wolfe +- Author:: Matt Ray () +- Author:: Joshua Timberman () + +- Copyright:: 2010 Tippr Inc. +- Copyright:: 2011 Eric G. Wolfe +- Copyright:: 2011-2012 Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/default.rb new file mode 100644 index 000000000..085ac998d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/default.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: yum +# Attributes:: default +# +# Copyright 2011, Eric G. Wolfe +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Example: override.yum.exclude = "kernel* compat-glibc*" +default['yum']['exclude'] = Array.new +default['yum']['installonlypkgs'] = Array.new +default['yum']['ius_release'] = '1.0-11' +default['yum']['repoforge_release'] = '0.5.2-2' +default['yum']['proxy'] = '' +default['yum']['proxy_username'] = '' +default['yum']['proxy_password'] = '' +default['yum']['cachedir'] = '/var/cache/yum' +default['yum']['keepcache'] = 0 diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/elrepo.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/elrepo.rb new file mode 100644 index 000000000..5c9740272 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/elrepo.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: yum +# Attributes:: elrepo +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['yum']['elrepo']['url'] = "http://elrepo.org/mirrors-elrepo.el#{node['platform_version'].to_i}" +default['yum']['elrepo']['key'] = "RPM-GPG-KEY-elrepo.org" +default['yum']['elrepo']['key_url'] = "http://elrepo.org/#{node['yum']['elrepo']['key']}" +default['yum']['elrepo']['includepkgs'] = nil +default['yum']['elrepo']['exclude'] = nil diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/epel.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/epel.rb new file mode 100644 index 000000000..9c4e8fe07 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/epel.rb @@ -0,0 +1,39 @@ +# +# Cookbook Name:: yum +# Attributes:: epel +# +# Copyright 2011, Eric G. Wolfe +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform'] +when "amazon" + default['yum']['epel']['url'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch" + default['yum']['epel']['baseurl'] = "" + default['yum']['epel']['key'] = "RPM-GPG-KEY-EPEL-6" +else + default['yum']['epel']['url'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel']['baseurl'] = "" + + if node['platform_version'].to_i >= 6 + default['yum']['epel']['key'] = "RPM-GPG-KEY-EPEL-6" + else + default['yum']['epel']['key'] = "RPM-GPG-KEY-EPEL" + end +end + +default['yum']['epel']['key_url'] = "http://download.fedoraproject.org/pub/epel/#{node['yum']['epel']['key']}" +default['yum']['epel']['includepkgs'] = nil +default['yum']['epel']['exclude'] = nil diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/remi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/remi.rb new file mode 100644 index 000000000..b80ee2c1a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/attributes/remi.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: yum +# Attributes:: remi +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform'] +when "fedora" + default['yum']['remi']['url'] = "http://rpms.famillecollet.com/fedora/#{node['platform_version'].to_i}/remi/mirror" +else + default['yum']['remi']['url'] = "http://rpms.famillecollet.com/enterprise/#{node['platform_version'].to_i}/remi/mirror" +end + +default['yum']['remi']['key'] = "RPM-GPG-KEY-remi" +default['yum']['remi']['key_url'] = "http://rpms.famillecollet.com/#{node['yum']['remi']['key']}" +default['yum']['remi']['includepkgs'] = nil +default['yum']['remi']['exclude'] = nil diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/default_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/default_test.rb new file mode 100644 index 000000000..76f1a1479 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/default_test.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: yum +# Recipe:: default +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "yum::default" do + include Helpers::YumTest + + it "Default recipe does nothing, so default_test does nothing" do + skip "Default recipe does nothing so default test does nothing" + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/support/helpers.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/support/helpers.rb new file mode 100644 index 000000000..cbc099e97 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/support/helpers.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: yum_test +# Recipe:: default +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Helpers + module YumTest + require 'chef/mixin/shell_out' + include Chef::Mixin::ShellOut + include MiniTest::Chef::Assertions + include MiniTest::Chef::Context + include MiniTest::Chef::Resources + + # This isn't the most efficient thing in the world, but it works + # reliably as yum will only return the repos that are actually + # enabled. It would probably be more efficient, since we're at the + # end of the successful run, to cache the output to a file and + # inspect its contents. + def repo_enabled(repo) + shell_out("yum repolist enabled --verbose | grep Repo-id").stdout.include?(repo) + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/test_test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/test_test.rb new file mode 100644 index 000000000..3db9fe226 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/files/default/tests/minitest/test_test.rb @@ -0,0 +1,66 @@ +# +# Cookbook Name:: yum +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require File.expand_path('../support/helpers', __FILE__) + +describe "yum::test" do + # helpers includes the repo_enabled method used to test that repos + # are in fact enabled. + include Helpers::YumTest + + describe "elrepo" do + it "enables the elrepo repository" do + assert(repo_enabled("elrepo")) + end + end + + describe "epel" do + it "enables the epel repository" do + assert(repo_enabled("epel")) + end + end + + describe "ius" do + it "enables the ius repository" do + assert(repo_enabled("ius")) + end + end + + describe "remi" do + it "enables the remi repository" do + assert(repo_enabled("remi")) + end + end + + describe "repoforge" do + it "enables the repoforge repository" do + assert(repo_enabled("rpmforge")) + end + end + + describe "cook-2121" do + + it 'doesnt update the zenos-add.repo file if it exists' do + assert File.zero?('/etc/yum.repos.d/zenoss-add.repo') + end + + it 'updates the zenoss-create file' do + file('/etc/yum.repos.d/zenoss-create.repo').must_match %r[baseurl=http://dev.zenoss.com/yum/stable/] + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.json b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.json new file mode 100644 index 000000000..bdff4f844 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.json @@ -0,0 +1 @@ +{"name":"yum","description":"A fabulous new cookbook","long_description":"# Description\n\nConfigures various YUM components on Red Hat-like systems. Includes\nLWRP for managing repositories and their GPG keys.\n\nBased on the work done by Eric Wolfe and Charles Duffy on the\n[yumrepo](https://github.com/atomic-penguin/cookbook-yumrepo) cookbook.\n\n# Requirements\n\nRed Hat Enterprise Linux 5, and 6 distributions within this platform\nfamily.\n\n# Attributes\n\n* `yum['exclude']`\n - An array containing a list of packages to exclude from updates or\n installs. Wildcards and shell globs are supported.\n - Defaults to an empty exclude list.\n\n* `yum['installonlypkgs']`\n - An array containing a list of packages which should only be\n installed, never updated.\n - Defaults to an empty install-only list.\n\n* `yum['ius_release']`\n - Set the IUS release to install.\n - Defaults to the current release of the IUS repo.\n\n* `yum['repoforge_release']`\n - Set the RepoForge release to install.\n - Defaults to the current release of the repoforge repo.\n\nEPEL attributes used in the `yum::epel` recipe, see\n`attributes/epel.rb` for default values:\n\n* `yum['epel']['key']`\n - Name of the GPG key used for the repo.\n\n* `yum['epel']['baseurl']`\n - Base URL to an EPEL mirror.\n\n* `yum['epel']['url']`\n - URL to the EPEL mirrorlist.\n\n* `yum['epel']['key_url']`\n - URL to the GPG key for the repo.\n\n* `yum['epel']['includepkgs']`\n - list of packages you want to use for the repo.\n\n* `yum['epel']['exclude']`\n - list of packages you do NOT want to use for the repo.\n\nThe `node['yum']['epel_release']` attribute is removed, see the __epel__\nrecipe information below.\n\nremi attributes used in the `yum::remi` recipe, see\n`attributes/remi.rb` for default values:\n\n* `yum['remi']['key']`\n - Name of the GPG key used for the repo.\n\n* `yum['remi']['url']`\n - URL to the remi mirrorlist.\n\n* `yum['remi']['key_url']`\n - URL to the GPG key for the repo.\n\n* `yum['remi']['includepkgs']`\n - list of packages you want to use for the repo.\n\n* `yum['remi']['exclude']`\n - list of packages you do NOT want to use for the repo.\n\nProxy settings used in yum.conf on RHEL family 5 and 6:\n\n* `yum['proxy']`\n - Set the URL for an HTTP proxy\n - None of the proxy settings are used if this is an empty string\n (default)\n\n* `yum['proxy_username']`\n - Set the username for the proxy\n - not used if `yum['proxy']` above is an empty string\n\n* `yum['proxy_password']`\n - Set the password for the proxy\n - not used if `yum['proxy']` above is an empty string\n\n# Recipes\n\n## default\n\nThe default recipe does nothing.\n\n## yum\n\nManages the configuration of the `/etc/yum.conf` via attributes. See\nthe aforementioned Array attributes `yum['exclude']` and\n`yum['installonlypkgs']`.\n\n## epel\n\nUses the `yum_key` and `yum_repository` resources from this cookbook\nare used to manage the main EPEL repository. If you need other EPEL\nrepositories (source, debug-info), use the `yum_repository` LWRP in\nyour own cookbook where those packages are required. The recipe will\nuse the `yum['epel']` attributes (see above) to configure the key, url\nand download the GPG key for the repo. The defaults are detected by\nplatform and version and should just work without modification in most\nuse cases.\n\nOn all platforms except Amazon, the action is to add the repository.\nOn Amazon, the action is add and update.\n\nAmazon Linux has the EPEL repositories already added in the AMI. In\nprevious versions of this cookbook, they were enabled with\n`yum-config-manager`, however in the current version, we manage the\nrepository using the LWRP. The main difference is that the source and\ndebuginfo repositories are not available, but if they're needed, add\nthem using the `yum_repository` LWRP in your own cookbook(s).\n\n## ius\n\nInstalls the [IUS Community repositories](http://iuscommunity.org/Repos)\nvia RPM. Uses the `node['yum']['ius_release']` attribute to select the\nright version of the package to install.\n\nThe IUS repository requires EPEL, and includes `yum::epel` as a\ndependency.\n\n## repoforge\n\nInstalls the [RepoForge repositories](http://repoforge.org/)\nvia RPM. Uses the `node['yum']['repoforge_release']` attribute to select the\nright version of the package to install.\n\nThe RepoForge repository requires EPEL, and includes `yum::epel` as a\ndependency.\n\n## remi\n\nInstall the [Les RPM de Remi - Repository](http://rpms.famillecollet.com/)\nwith the `yum_key` and `yum_repository` resources from this cookbook\nare used to manage the remi repository. Use the `yum['remi']`\nattributes (see above) to configure the key, url and download the GPG\nkey for the repo. The defaults are detected by platform and should\njust work without modification in most use cases.\n\n# Resources/Providers\n\n## yum_key\n\nThis LWRP handles importing GPG keys for YUM repositories. Keys can be\nimported by the `url` parameter or placed in `/etc/pki/rpm-gpg/` by a\nrecipe and then installed with the LWRP without passing the URL.\n\n### Actions\n\n- :add: installs the GPG key into `/etc/pki/rpm-gpg/`\n- :remove: removes the GPG key from `/etc/pki/rpm-gpg/`\n\n#### Attribute Parameters\n\n- key: name attribute. The name of the GPG key to install.\n- url: if the key needs to be downloaded, the URL providing the download.\n\n#### Example\n\n``` ruby\n# add the Zenoss GPG key\nyum_key \"RPM-GPG-KEY-zenoss\" do\n url \"http://dev.zenoss.com/yum/RPM-GPG-KEY-zenoss\"\n action :add\nend\n\n# remove Zenoss GPG key\nyum_key \"RPM-GPG-KEY-zenoss\" do\n action :remove\nend\n```\n\n### yum_repository\n\nThis LWRP provides an easy way to manage additional YUM repositories.\nGPG keys can be managed with the `yum_key` LWRP. The LWRP automatically\nupdates the package management cache upon the first run, when a new\nrepo is added.\n\n#### Actions\n\n- :create: creates a repository file and builds the repository listing\n- :add: runs create action if repository file is missing (default)\n- :remove: removes the repository file\n- :update: updates the repository\n\n#### Attribute Parameters\n\n- repo_name: name attribute. The name of the channel to discover\n- description. The description of the repository\n- url: The URL providing the packages, used for baseurl in the config\n- mirrorlist: Set this as a string containing the URI to the\n mirrorlist, start with \"http://\", \"ftp://\", \"file://\"; use \"file://\"\n if the mirrorlist is a text file on the system.\n- key: Optional, the name of the GPG key file installed by the `key`\n LWRP.\n- enabled: Default is `1`, set to `0` if the repository is disabled.\n- type: Optional, alternate type of repository\n- failovermethod: Optional, failovermethod\n- bootstrapurl: Optional, bootstrapurl\n- make_cache: Optional, Default is `true`, if `false` then `yum -q\n makecache` will not be ran\n- metadata_expire: Optional, Default is nil (or not applied)\n- type: Optional, Default is nil (or not applied)\n\n*Note*: When using both url (to set baseurl) and mirrorlist, it is probably a\ngood idea to also install the fastestmirror plugin, and use\nfailovermethod \"priority\".\n\n### Example\n\n``` ruby\n# add the Zenoss repository\nyum_repository \"zenoss\" do\n repo_name \"zenoss\"\n description \"Zenoss Stable repo\"\n url \"http://dev.zenoss.com/yum/stable/\"\n key \"RPM-GPG-KEY-zenoss\"\n action :add\nend\n\n# remove Zenoss repo\nyum_repository \"zenoss\" do\n action :remove\nend\n```\n\n# Usage\n\nPut `recipe[yum::yum]` in the run list to ensure yum is configured\ncorrectly for your environment within your Chef run.\n\nUse the `yum::epel` recipe to enable EPEL, or the `yum::ius` recipe to\nenable IUS, or the `yum::repoforge` recipe to enable RepoForge, or the\n`yum::remi` recipe to enable remi per __Recipes__ section above.\n\nYou can manage GPG keys either with cookbook_file in a recipe if you\nwant to package it with a cookbook or use the `url` parameter of the\n`key` LWRP.\n\n# License and Author\n\n- Author:: Eric G. Wolfe\n- Author:: Matt Ray ()\n- Author:: Joshua Timberman ()\n\n- Copyright:: 2010 Tippr Inc.\n- Copyright:: 2011 Eric G. Wolfe\n- Copyright:: 2011-2012 Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","maintainer":"Opscode, Inc.","maintainer_email":"cookbooks@opscode.com","license":"Apache 2.0","platforms":{"redhat":">= 5.0","centos":">= 5.0","scientific":">= 5.0","amazon":">= 5.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{"yum/exclude":{"display_name":"yum.conf exclude","description":"List of packages to exclude from updates or installs. This should be an array. Shell globs using wildcards (eg. * and ?) are allowed.","required":"optional","choice":[],"calculated":false,"type":"string","recipes":[]},"yum/installonlypkgs":{"display_name":"yum.conf installonlypkgs","description":"List of packages that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-smp, kernel-bigmem, kernel-enterprise, kernel-debug, kernel-unsupported.","required":"optional","choice":[],"calculated":false,"type":"string","recipes":[]},"yum/proxy":{"display_name":"yum.conf proxy","description":"Set the http URL for proxy to use in yum.conf","required":"optional","choice":[],"calculated":false,"type":"string","recipes":[]},"yum/proxy_username":{"display_name":"yum.conf proxy_username","description":"Set the proxy_username to use for yum.conf","required":"optional","choice":[],"calculated":false,"type":"string","recipes":[]},"yum/proxy_password":{"display_name":"yum.conf proxy_password","description":"Set the proxy_password to use for yum.conf","required":"optional","choice":[],"calculated":false,"type":"string","recipes":[]}},"groupings":{},"recipes":{"yum":"Empty recipe.","yum::yum":"Manages yum configuration"},"version":"2.3.0"} \ No newline at end of file diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.rb new file mode 100644 index 000000000..086da3de0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/metadata.rb @@ -0,0 +1,37 @@ +name "yum" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "2.3.0" +recipe "yum", "Empty recipe." +recipe "yum::yum", "Manages yum configuration" + +%w{ redhat centos scientific amazon }.each do |os| + supports os, ">= 5.0" +end + +attribute "yum/exclude", + :display_name => "yum.conf exclude", + :description => "List of packages to exclude from updates or installs. This should be an array. Shell globs using wildcards (eg. * and ?) are allowed.", + :required => "optional" + +attribute "yum/installonlypkgs", + :display_name => "yum.conf installonlypkgs", + :description => "List of packages that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-smp, kernel-bigmem, kernel-enterprise, kernel-debug, kernel-unsupported.", + :required => "optional" + +attribute "yum/proxy", + :display_name => "yum.conf proxy", + :description => "Set the http URL for proxy to use in yum.conf", + :required => "optional" + +attribute "yum/proxy_username", + :display_name => "yum.conf proxy_username", + :description => "Set the proxy_username to use for yum.conf", + :required => "optional" + +attribute "yum/proxy_password", + :display_name => "yum.conf proxy_password", + :description => "Set the proxy_password to use for yum.conf", + :required => "optional" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/key.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/key.rb new file mode 100644 index 000000000..c9b41d891 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/key.rb @@ -0,0 +1,79 @@ +# +# Cookbook Name:: yum +# Provider:: key +# +# Copyright 2010, Tippr Inc. +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def whyrun_supported? + true +end + +action :add do + unless ::File.exists?("/etc/pki/rpm-gpg/#{new_resource.key}") + Chef::Log.info "Adding #{new_resource.key} GPG key to /etc/pki/rpm-gpg/" + + if node['platform_version'].to_i <= 5 + package "gnupg" + elsif node['platform_version'].to_i >= 6 + package "gnupg2" + end + + execute "import-rpm-gpg-key-#{new_resource.key}" do + command "rpm --import /etc/pki/rpm-gpg/#{new_resource.key}" + action :nothing + not_if <<-EOH + function packagenames_for_keyfile() { + local filename="$1" + gpg \ + --with-fingerprint \ + --with-colons \ + --fixed-list-mode \ + "$filename" \ + | gawk -F: '/^pub/ { print tolower(sprintf("gpg-pubkey-%s-%x\\n", substr($5, length($5)-8+1), $6)) }' + } + + for pkgname in $(packagenames_for_keyfile "/etc/pki/rpm-gpg/#{new_resource.key}"); do + if [[ $pkgname ]] && ! rpm -q $pkgname ; then + exit 1; + fi; + done + + exit 0 + EOH + end + + #download the file if necessary + unless new_resource.url.nil? + remote_file "/etc/pki/rpm-gpg/#{new_resource.key}" do + source new_resource.url + mode "0644" + notifies :run, "execute[import-rpm-gpg-key-#{new_resource.key}]", :immediately + end + end + + end +end + +action :remove do + if ::File.exists?("/etc/pki/rpm-gpg/#{new_resource.key}") + Chef::Log.info "Removing #{new_resource.key} key from /etc/pki/rpm-gpg/" + file "/etc/pki/rpm-gpg/#{new_resource.key}" do + action :delete + end + new_resource.updated_by_last_action(true) + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/repository.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/repository.rb new file mode 100644 index 000000000..87ee598d4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/providers/repository.rb @@ -0,0 +1,125 @@ +# +# Cookbook Name:: yum +# Provider:: repository +# +# Copyright 2010, Tippr Inc. +# Copyright 2011, Opscode, Inc.. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# note that deletion does not remove GPG keys, either from the repo or +# /etc/pki/rpm-gpg; this is a design decision. + +def whyrun_supported? + true +end + +action :add do + unless ::File.exists?("/etc/yum.repos.d/#{new_resource.repo_name}.repo") + Chef::Log.info "Adding #{new_resource.repo_name} repository to /etc/yum.repos.d/#{new_resource.repo_name}.repo" + repo_config + end +end + +action :create do + Chef::Log.info "Adding and updating #{new_resource.repo_name} repository in /etc/yum.repos.d/#{new_resource.repo_name}.repo" + repo_config +end + +action :remove do + if ::File.exists?("/etc/yum.repos.d/#{new_resource.repo_name}.repo") + Chef::Log.info "Removing #{new_resource.repo_name} repository from /etc/yum.repos.d/" + file "/etc/yum.repos.d/#{new_resource.repo_name}.repo" do + action :delete + end + new_resource.updated_by_last_action(true) + end +end + +action :update do + repos ||= {} + # If the repo is already enabled/disabled as per the resource, we don't want to converge the template resource. + if ::File.exists?("/etc/yum.repos.d/#{new_resource.repo_name}.repo") + ::File.open("/etc/yum.repos.d/#{new_resource.repo_name}.repo") do |file| + repo_name ||= nil + file.each_line do |line| + case line + when /^\[(\S+)\]/ + repo_name = $1 + repos[repo_name] ||= {} + when /^(\S+?)=(.*)$/ + param, value = $1, $2 + repos[repo_name][param] = value + else + end + end + end + else + Chef::Log.error "Repo /etc/yum.repos.d/#{new_resource.repo_name}.repo does not exist, you must create it first" + end + if repos[new_resource.repo_name]['enabled'].to_i != new_resource.enabled + Chef::Log.info "Updating #{new_resource.repo_name} repository in /etc/yum.repos.d/#{new_resource.repo_name}.repo (setting enabled=#{new_resource.enabled})" + repo_config + else + Chef::Log.debug "Repository /etc/yum.repos.d/#{new_resource.repo_name}.repo is already set to enabled=#{new_resource.enabled}, skipping" + end +end + +private + +def repo_config + #import the gpg key. If it needs to be downloaded or imported from a cookbook + #that can be done in the calling recipe + if new_resource.key then + yum_key new_resource.key + end + #get the metadata + execute "yum-makecache" do + command "yum -q makecache" + action :nothing + end + #reload internal Chef yum cache + ruby_block "reload-internal-yum-cache" do + block do + Chef::Provider::Package::Yum::YumCache.instance.reload + end + action :nothing + end + #write out the file + template "/etc/yum.repos.d/#{new_resource.repo_name}.repo" do + cookbook "yum" + source "repo.erb" + mode "0644" + variables({ + :repo_name => new_resource.repo_name, + :description => new_resource.description, + :url => new_resource.url, + :mirrorlist => new_resource.mirrorlist, + :key => new_resource.key, + :enabled => new_resource.enabled, + :type => new_resource.type, + :failovermethod => new_resource.failovermethod, + :bootstrapurl => new_resource.bootstrapurl, + :includepkgs => new_resource.includepkgs, + :exclude => new_resource.exclude, + :priority => new_resource.priority, + :metadata_expire => new_resource.metadata_expire, + :type => new_resource.type + }) + if new_resource.make_cache + notifies :run, "execute[yum-makecache]", :immediately + notifies :create, "ruby_block[reload-internal-yum-cache]", :immediately + end + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/default.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/default.rb new file mode 100644 index 000000000..9bc90f256 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: yum +# Recipe:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/elrepo.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/elrepo.rb new file mode 100644 index 000000000..a54981d03 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/elrepo.rb @@ -0,0 +1,31 @@ +# +# Cookbook Name:: yum +# Recipe:: elrepo +# +# Copyright:: Copyright (c) 2013 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +yum_key node['yum']['elrepo']['key'] do + url node['yum']['elrepo']['key_url'] + action :add +end + +yum_repository "elrepo" do + description "ELRepo.org Community Enterprise Linux Extras Repository" + key node['yum']['elrepo']['key'] + mirrorlist node['yum']['elrepo']['url'] + includepkgs node['yum']['elrepo']['includepkgs'] + exclude node['yum']['elrepo']['exclude'] + action :create +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/epel.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/epel.rb new file mode 100644 index 000000000..be1e2aae4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/epel.rb @@ -0,0 +1,35 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: yum +# Recipe:: epel +# +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# Copyright 2010, Eric G. Wolfe +# Copyright 2010, Tippr Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +yum_key node['yum']['epel']['key'] do + url node['yum']['epel']['key_url'] + action :add +end + +yum_repository "epel" do + description "Extra Packages for Enterprise Linux" + key node['yum']['epel']['key'] + url node['yum']['epel']['baseurl'] + mirrorlist node['yum']['epel']['url'] + includepkgs node['yum']['epel']['includepkgs'] + exclude node['yum']['epel']['exclude'] + action platform?('amazon') ? [:add, :update] : :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/ius.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/ius.rb new file mode 100644 index 000000000..2d252904d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/ius.rb @@ -0,0 +1,42 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: yum +# Recipe:: ius +# +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "yum::epel" + +package "epel-release" + +major = node['platform_version'].to_i +ius = node['yum']['ius_release'] + +remote_file "#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm" do + source "http://dl.iuscommunity.org/pub/ius/stable/Redhat/#{major}/i386/ius-release-#{ius}.ius.el#{major}.noarch.rpm" + not_if "rpm -qa | grep -q '^ius-release-#{ius}'" + notifies :install, "rpm_package[ius-release]", :immediately +end + +rpm_package "ius-release" do + source "#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm" + only_if { ::File.exists?("#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm") } + action :nothing +end + +file "ius-release-cleanup" do + path "#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm" + action :delete +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/remi.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/remi.rb new file mode 100644 index 000000000..5ce5ff674 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/remi.rb @@ -0,0 +1,35 @@ +# +# Author:: Takeshi KOMIYA () +# Cookbook Name:: yum +# Recipe:: remi +# +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "yum::epel" + +yum_key node['yum']['remi']['key'] do + url node['yum']['remi']['key_url'] + action :add +end + +yum_repository "remi" do + description "Les RPM de remi pour Enterprise Linux #{node['platform_version']} - $basearch" + key node['yum']['remi']['key'] + mirrorlist node['yum']['remi']['url'] + failovermethod "priority" + includepkgs node['yum']['remi']['includepkgs'] + exclude node['yum']['remi']['exclude'] + action :create +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/repoforge.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/repoforge.rb new file mode 100644 index 000000000..14c1607e0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/repoforge.rb @@ -0,0 +1,41 @@ +# +# Author:: Eric Edgar () +# Cookbook Name:: yum +# Recipe:: repoforge +# +# Copyright:: Copyright (c) 2012-2013 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "yum::epel" + +major = platform?("amazon") ? 6 : node['platform_version'].to_i +arch = (node['kernel']['machine'] == "i686" && major == 5) ? "i386" : node['kernel']['machine'] +repoforge = node['yum']['repoforge_release'] + +remote_file "#{Chef::Config[:file_cache_path]}/rpmforge-release-#{repoforge}.el#{major}.rf.#{arch}.rpm" do + source "http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-#{repoforge}.el#{major}.rf.#{arch}.rpm" + not_if "rpm -qa | grep -q '^rpmforge-release-#{repoforge}'" + notifies :install, "rpm_package[rpmforge-release]", :immediately +end + +rpm_package "rpmforge-release" do + source "#{Chef::Config[:file_cache_path]}/rpmforge-release-#{repoforge}.el#{major}.rf.#{arch}.rpm" + only_if { ::File.exists?("#{Chef::Config[:file_cache_path]}/rpmforge-release-#{repoforge}.el#{major}.rf.#{arch}.rpm") } + action :install +end + +file "repoforge-release-cleanup" do + path "#{Chef::Config[:file_cache_path]}/rpmforge-release-#{repoforge}.el#{major}.rf.#{arch}.rpm" + action :delete +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/test.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/test.rb new file mode 100644 index 000000000..7720c3a5f --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/test.rb @@ -0,0 +1,39 @@ +# +# Cookbook:: yum +# Recipe:: test +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2013, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "yum::epel" +include_recipe "yum::elrepo" +include_recipe "yum::ius" +include_recipe "yum::repoforge" +include_recipe "yum::yum" +include_recipe "yum::remi" + +%w{add create}.each do |act| + file "/etc/yum.repos.d/zenoss-#{act}.repo" do + action :create + end + + yum_repository "zenoss-#{act}" do + description "Zenoss Stable repo" + url "http://dev.zenoss.com/yum/stable/" + key "RPM-GPG-KEY-zenoss" + action act.to_sym + end +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/yum.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/yum.rb new file mode 100644 index 000000000..3e43fd7c1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/recipes/yum.rb @@ -0,0 +1,23 @@ +# +# Cookbook Name:: yum +# Recipe:: yum +# +# Copyright 2011, Eric G. Wolfe +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +template "/etc/yum.conf" do + source "yum-rhel#{node['platform_version'].to_i}.conf.erb" +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/key.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/key.rb new file mode 100644 index 000000000..96f9e7248 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/key.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: yum +# Resource:: key +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove +default_action :add + +attribute :key, :kind_of => String, :name_attribute => true +attribute :url, :kind_of => String, :default => nil + +def initialize(*args) + super + @action = :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/repository.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/repository.rb new file mode 100644 index 000000000..1e274caea --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/resources/repository.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: yum +# Resource:: repository +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove, :update, :create + +#name of the repo, used for .repo filename +attribute :repo_name, :kind_of => String, :name_attribute => true +attribute :description, :kind_of => String #long description +attribute :url, :kind_of => String, :default => "" +attribute :mirrorlist, :default => false +attribute :key, :kind_of => String, :default => nil +attribute :enabled, :default => 1 +attribute :type, :kind_of => String, :default => nil +attribute :failovermethod, :kind_of => String, :default => nil +attribute :bootstrapurl, :kind_of => String, :default => nil +attribute :make_cache, :kind_of => [TrueClass, FalseClass], :default => true +attribute :includepkgs, :kind_of => String, :default => nil +attribute :exclude, :kind_of => String, :default => nil +attribute :priority, :kind_of => [Integer, String], :default => nil +attribute :metadata_expire, :kind_of => [Integer, String], :default => nil +attribute :type, :kind_of => String, :default => nil + +def initialize(*args) + super + @action = :add +end diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/repo.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/repo.erb new file mode 100644 index 000000000..02628a582 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/repo.erb @@ -0,0 +1,41 @@ +# Generated by Chef for <%= node['fqdn'] %> +# Local modifications will be overwritten. +[<%= @repo_name %>] +name=<%= @description %> +<% if @type %> +type=<%= @type %> +<% end %> +<% unless @url.empty? -%> +baseurl=<%= @url %> +<% end -%> +<% if @mirrorlist %> +mirrorlist=<%= @mirrorlist %> +<% end %> +<% if @key %> +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/<%= @key %> +<% else %> +gpgcheck=0 +<% end %> +enabled=<%= @enabled %> +<% if @failovermethod %> +failovermethod=<%= @failovermethod %> +<% end %> +<% if @bootstrapurl %> +bootstrapurl=<%= @bootstrapurl %> +<% end %> +<% if @includepkgs %> +includepkgs=<%= @includepkgs %> +<% end %> +<% if @exclude %> +exclude=<%= @exclude %> +<% end %> +<% if @priority %> +priority=<%= @priority %> +<% end %> +<% if @metadata_expire %> +metadata_expire=<%= @metadata_expire%> +<% end %> +<% if @type %> +type=<%= @type%> +<% end %> diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel5.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel5.conf.erb new file mode 100644 index 000000000..6ed58dc70 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel5.conf.erb @@ -0,0 +1,33 @@ +# Generated by Chef for <%= node['fqdn'] %> +# Local modifications will be overwritten. +[main] +cachedir=<%= node['yum']['cachedir'] %> +keepcache=<%= node['yum']['keepcache'] %> +debuglevel=2 +logfile=/var/log/yum.log +distroverpkg=redhat-release +tolerant=1 +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +<%- unless node['yum']['exclude'].empty? %> +exclude=<%= node['yum']['exclude'].join(" ") %> +<%- end %> +<%- unless node['yum']['installonlypkgs'].empty? %> +installonlypkgs=<%= node['yum']['installonlypkgs'].join(" ") %> +<%- end %> +<%- unless node['yum']['proxy'].empty? %> +proxy=<%= node['yum']['proxy'] %> +proxy_username=<%= node['yum']['proxy_username'] %> +proxy_password=<%= node['yum']['proxy_password'] %> +<%- end %> + +# Note: yum-RHN-plugin doesn't honor this. +metadata_expire=1h + +# Default. +# installonly_limit = 3 + +# PUT YOUR REPOS HERE OR IN separate files named file.repo +# in /etc/yum.repos.d diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel6.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel6.conf.erb new file mode 100644 index 000000000..44d7979bd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/yum/templates/default/yum-rhel6.conf.erb @@ -0,0 +1,36 @@ +# Generated by Chef for <%= node['fqdn'] %> +# Local modifications will be overwritten. +[main] +cachedir=<%= node['yum']['cachedir'] %>/$basearch/$releasever +keepcache=<%= node['yum']['keepcache'] %> +debuglevel=2 +logfile=/var/log/yum.log +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +installonly_limit=3 +<%- unless node['yum']['exclude'].empty? %> +exclude=<%= node['yum']['exclude'].join(" ") %> +<%- end %> +<%- unless node['yum']['installonlypkgs'].empty? %> +installonlypkgs=<%= node['yum']['installonlypkgs'].join(" ") %> +<%- end %> +<%- unless node['yum']['proxy'].empty? %> +proxy=<%= node['yum']['proxy'] %> +proxy_username=<%= node['yum']['proxy_username'] %> +proxy_password=<%= node['yum']['proxy_password'] %> +<%- end %> + +# This is the default, if you make this bigger yum won't see if the metadata +# is newer on the remote and so you'll "gain" the bandwidth of not having to +# download the new metadata and "pay" for it by yum not having correct +# information. +# It is esp. important, to have correct metadata, for distributions like +# Fedora which don't keep old packages around. If you don't like this checking +# interupting your command line usage, it's much better to have something +# manually check the metadata once an hour (yum-updatesd will do this). +# metadata_expire=90m + +# PUT YOUR REPOS HERE OR IN separate files named file.repo +# in /etc/yum.repos.d diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_allinone.rb.tmpl b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_allinone.rb.tmpl new file mode 100644 index 000000000..ff1aa4779 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_allinone.rb.tmpl @@ -0,0 +1,158 @@ +# +# IBM(c) 2013 EPL license http://www.eclipse.org/legal/epl-v10.html +# + +name "$CLOUD" +description "Grizzly allinone environment file." + +override_attributes( + "mysql" => { + "server_root_password" => "cluster", + "server_debian_password" => "cluster", + "server_repl_password" => "cluster", + "allow_remote_root" => true, + "root_network_acl" => "%" + }, + "openstack" => { + "developer_mode" => true, + "db"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#", + "compute"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "identity"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "image"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "network"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "volume"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "dashboard"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "metering"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + } + }, + + "mq"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "identity"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#", + "db"=>{ + "username"=>"keystone", + "password"=> "keystone" + } + }, + + "endpoints"=>{ + "identity-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "identity-admin"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-ec2-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-ec2-admin"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-xvpvnc"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-novnc"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "network-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "image-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "image-registry"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "volume-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "metering-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + } + }, + + "image" => { + "api"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "registry"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "image_upload" => false, + "upload_images" => ["cirros"], + "upload_image" => { + "cirros" => "https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img" + }, + "identity_service_chef_role" => "allinone-compute" + }, + "block-storage" => { + "keystone_service_chef_role" => "allinone-compute" + }, + "dashboard" => { + "keystone_service_chef_role" => "allinone-compute", + "use_ssl" => "false" + }, + "network" => { + "metadata"=>{ + "nova_metadata_ip"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "rabbit"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "api"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + + "rabbit_server_chef_role" => "allinone-compute", + "l3"=>{ + "external_network_bridge_interface"=>"#TABLE:clouds:name=$CLOUD:pubinterface#" + }, + "openvswitch"=> { + "tenant_network_type"=>"vlan", + "network_vlan_ranges"=>"physnet1", + "bridge_mappings"=>"physnet1:#TABLE:clouds:name=$CLOUD:datainterface#" + } + }, + "compute" => { + "identity_service_chef_role" => "allinone-compute", + "rabbit"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "xvpvnc_proxy"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:pubinterface#" + }, + "novnc_proxy"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:pubinterface#" + }, + "network" => { + "service_type" => "quantum" + }, + "config" => { + "ram_allocation_ratio" => 5.0 + }, + "libvirt" => { + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#", + "virt_type" => "#TABLE:clouds:name=$CLOUD:virttype#" + } + } + } + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_per-tenant_routers_with_private_networks.rb.tmpl b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_per-tenant_routers_with_private_networks.rb.tmpl new file mode 100644 index 000000000..6fe05cf34 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/environments/grizzly_per-tenant_routers_with_private_networks.rb.tmpl @@ -0,0 +1,156 @@ +# +# IBM(c) 2013 EPL license http://www.eclipse.org/legal/epl-v10.html +# http://docs.openstack.org/grizzly/openstack-network/admin/content/app_demo_routers_with_private_networks.html +# +# + +name "$CLOUD" +description "Grizzly environment file based on Per-tenant Routers with Private Networks" + +override_attributes( + "mysql" => { + "server_root_password" => "cluster", + "server_debian_password" => "cluster", + "server_repl_password" => "cluster", + "allow_remote_root" => true, + "root_network_acl" => "%" + }, + "openstack" => { + "developer_mode" => true, + "db"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#", + "compute"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "identity"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "image"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "network"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "volume"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "dashboard"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "metering"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + } + }, + "mq"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "identity"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#", + "db"=>{ + "username"=>"keystone", + "password"=> "keystone" + } + }, + + "endpoints"=>{ + "identity-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "identity-admin"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-ec2-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-ec2-admin"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-xvpvnc"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "compute-novnc"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "network-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "image-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "image-registry"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "volume-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + }, + "metering-api"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#", + } + }, + + + "image" => { + "api"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "registry"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "image_upload" => false, + "upload_images" => ["cirros"], + "upload_image" => { + "cirros" => "https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img" + }, + }, + "dashboard" => { + "use_ssl" => "false" + }, + "network" => { + "metadata"=>{ + "nova_metadata_ip"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "rabbit"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "api"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#" + }, + "l3"=>{ + "external_network_bridge_interface"=>"#TABLE:clouds:name=$CLOUD:pubinterface#" + }, + "allow_overlapping_ips" => "True", + "use_namespaces" => "True", + "openvswitch"=> { + "tenant_network_type"=>"gre", + "tunnel_id_ranges"=>"1:1000", + "enable_tunneling"=>"True", + "local_ip_interface"=>"#TABLE:clouds:name=$CLOUD:datainterface#" + } + }, + "compute" => { + "identity_service_chef_role" => "os-compute-single-controller", + "rabbit"=>{ + "host"=>"#TABLE:clouds:name=$CLOUD:hostip#" + }, + "xvpvnc_proxy"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:pubinterface#" + }, + "novnc_proxy"=>{ + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:pubinterface#" + }, + "network" => { + "service_type" => "quantum", + }, + "config" => { + "ram_allocation_ratio" => 5.0 + }, + "libvirt" => { + "bind_interface"=>"#TABLE:clouds:name=$CLOUD:mgtinterface#", + "virt_type" => "#TABLE:clouds:name=$CLOUD:virttype#" + } + } + } + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/allinone-compute.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/allinone-compute.rb new file mode 100644 index 000000000..daa008a92 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/allinone-compute.rb @@ -0,0 +1,6 @@ +name "allinone-compute" +description "This will deploy all of the services for Openstack Compute to function on a single box." +run_list( + "role[os-compute-single-controller]", + "role[os-compute-worker]" +) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-base.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-base.rb new file mode 100644 index 000000000..c2783be7a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-base.rb @@ -0,0 +1,6 @@ +name "os-base" +description "OpenStack Base role" +run_list( + "recipe[openstack-common]", + "recipe[openstack-common::logging]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-api.rb new file mode 100644 index 000000000..9b0ee1bf7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-api.rb @@ -0,0 +1,6 @@ +name "os-block-storage-api" +description "OpenStack Block Storage API service" +run_list( + "role[os-base]", + "recipe[openstack-block-storage::api]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-endpoint-registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-endpoint-registration.rb new file mode 100644 index 000000000..33ccaae3b --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-endpoint-registration.rb @@ -0,0 +1,6 @@ +name "os-block-storage-endpoint-registration" +description "Register Endpoint" +run_list( + "role[os-base]", + "recipe[openstack-block-storage::identity_registration]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-scheduler.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-scheduler.rb new file mode 100644 index 000000000..b7de6b171 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-scheduler.rb @@ -0,0 +1,6 @@ +name "os-block-storage-scheduler" +description "OpenStack Block Storage Scheduler service" +run_list( + "role[os-base]", + "recipe[openstack-block-storage::scheduler]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-worker.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-worker.rb new file mode 100644 index 000000000..1c627f175 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage-worker.rb @@ -0,0 +1,6 @@ +name "os-block-storage-worker" +description "OpenStack Block Storage worker" +run_list( + "role[os-base]", + "recipe[openstack-block-storage::worker]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage.rb new file mode 100644 index 000000000..5adbfcddf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-block-storage.rb @@ -0,0 +1,6 @@ +name "os-block-storage" +description "Configures OpenStack block storage, configured by attributes." +run_list( + "role[os-base]", + "recipe[openstack-block-storage]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-ec2.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-ec2.rb new file mode 100644 index 000000000..10731a7ca --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-ec2.rb @@ -0,0 +1,6 @@ +name "os-compute-api-ec2" +description "EC2 API for Compute" +run_list( + "role[os-base]", + "recipe[openstack-compute::api-ec2]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-metadata.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-metadata.rb new file mode 100644 index 000000000..59180c569 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-metadata.rb @@ -0,0 +1,6 @@ +name "os-compute-api-metadata" +description "OpenStack compute metadata API service" +run_list( + "role[os-base]", + "recipe[openstack-compute::api-metadata]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-os-compute.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-os-compute.rb new file mode 100644 index 000000000..9a3e021b1 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api-os-compute.rb @@ -0,0 +1,6 @@ +name "os-compute-api-os-compute" +description "OpenStack API for Compute" +run_list( + "role[os-base]", + "recipe[openstack-compute::api-os-compute]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api.rb new file mode 100644 index 000000000..8db4e9e0c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-api.rb @@ -0,0 +1,7 @@ +name "os-compute-api" +description "Roll-up role for all the Compute APIs" +run_list( + "role[os-compute-api-ec2]", + "role[os-compute-api-os-compute]", + "role[os-compute-api-metadata]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-cert.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-cert.rb new file mode 100644 index 000000000..ad9922c70 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-cert.rb @@ -0,0 +1,6 @@ +name "os-compute-cert" +description "OpenStack Compute Cert service" +run_list( + "role[os-base]", + "recipe[openstack-compute::nova-cert]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-endpoint-registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-endpoint-registration.rb new file mode 100644 index 000000000..015ec4805 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-endpoint-registration.rb @@ -0,0 +1,6 @@ +name "os-compute-endpoint-registration" +description "Register Endpoint" +run_list( + "role[os-base]", + "recipe[openstack-compute::identity_registration]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-scheduler.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-scheduler.rb new file mode 100644 index 000000000..2c75f399c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-scheduler.rb @@ -0,0 +1,6 @@ +name "os-compute-scheduler" +description "Nova scheduler" +run_list( + "role[os-base]", + "recipe[openstack-compute::scheduler]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-setup.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-setup.rb new file mode 100644 index 000000000..a9ace7df7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-setup.rb @@ -0,0 +1,7 @@ +name "os-compute-setup" +description "Nova base setup" +run_list( + "role[os-base]", + "recipe[openstack-compute::nova-setup]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-single-controller.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-single-controller.rb new file mode 100644 index 000000000..1e2cfada6 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-single-controller.rb @@ -0,0 +1,22 @@ +name "os-compute-single-controller" +description "Roll-up role for all of the OpenStack Compute services on a single, non-HA controller." +run_list( + "role[os-base]", + "role[os-ops-database]", + "role[os-ops-messaging]", + "role[os-identity]", + "role[os-network-server]", + "role[os-compute-scheduler]", + "role[os-compute-api]", + "role[os-compute-cert]", + "role[os-compute-vncproxy]", + "role[os-compute-setup]", + "recipe[openstack-compute::conductor]", + "role[os-block-storage]", + "role[os-dashboard]", + "role[os-image]", + "role[os-block-storage-endpoint-registration]", + "role[os-compute-endpoint-registration]", + "role[os-image-endpoint-registration]", + "role[os-network-endpoint-registration]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-vncproxy.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-vncproxy.rb new file mode 100644 index 000000000..fd3eb0832 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-vncproxy.rb @@ -0,0 +1,7 @@ +name "os-compute-vncproxy" +description "Nova VNC Proxy" +run_list( + "role[os-base]", + "recipe[openstack-compute::vncproxy]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-worker.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-worker.rb new file mode 100644 index 000000000..e960bebcf --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-compute-worker.rb @@ -0,0 +1,7 @@ +name "os-compute-worker" +description "The compute node, most likely with a hypervisor." +run_list( + "role[os-base]", + "recipe[openstack-compute::compute]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-computer.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-computer.rb new file mode 100644 index 000000000..5321be9b7 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-computer.rb @@ -0,0 +1,8 @@ +name "os-computer" +description "for use case: Single Flat Network, Provider Router with Private Networks, and Per-tenant Routers with Private Networks. There are 3 different nodes including controller node, network node and compute node. This role is for the compute node. It includes L2 agent, nova compute." +run_list( + "role[os-base]", + "role[os-compute-worker]", + "role[os-network-openvswitch]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-dashboard.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-dashboard.rb new file mode 100644 index 000000000..ef7902935 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-dashboard.rb @@ -0,0 +1,6 @@ +name "os-dashboard" +description "Horizon server" +run_list( + "role[os-base]", + "recipe[openstack-dashboard::server]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api-admin.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api-admin.rb new file mode 100644 index 000000000..86e46cf3d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api-admin.rb @@ -0,0 +1,7 @@ +name "os-identity-api-admin" +description "Keystone admin API service" +run_list( + "role[os-base]", + "recipe[openstack-identity::server]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api.rb new file mode 100644 index 000000000..96d7db9b8 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity-api.rb @@ -0,0 +1,6 @@ +name "os-identity-api" +description "Keystone API service" +run_list( + "role[os-base]", + "recipe[openstack-identity::server]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity.rb new file mode 100644 index 000000000..07ea27b2d --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-identity.rb @@ -0,0 +1,7 @@ +name "os-identity" +description "Roll-up role for Identity" +run_list( + "role[os-base]", + "recipe[openstack-identity::server]", + "recipe[openstack-identity::registration]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-api.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-api.rb new file mode 100644 index 000000000..a6c4ab3b3 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-api.rb @@ -0,0 +1,7 @@ +name "os-image-api" +description "Glance API service" +run_list( + "role[os-base]", + "recipe[openstack-image::api]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-endpoint-registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-endpoint-registration.rb new file mode 100644 index 000000000..bed617316 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-endpoint-registration.rb @@ -0,0 +1,6 @@ +name "os-image-endpoint-registration" +description "Register Endpoint" +run_list( + "role[os-base]", + "recipe[openstack-image::identity_registration]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-registry.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-registry.rb new file mode 100644 index 000000000..42c3677bd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image-registry.rb @@ -0,0 +1,7 @@ +name "os-image-registry" +description "Glance Registry service" +run_list( + "role[os-base]", + "recipe[openstack-image::registry]" + ) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image.rb new file mode 100644 index 000000000..0abf634dd --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-image.rb @@ -0,0 +1,6 @@ +name "os-image" +description "Roll-up role for Glance." +run_list( + "role[os-image-registry]", + "role[os-image-api]", + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-infra-caching.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-infra-caching.rb new file mode 100644 index 000000000..478227a94 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-infra-caching.rb @@ -0,0 +1,6 @@ +name "os-infra-caching" +description "Memcached role for Openstack" +run_list( + "role[os-base]", + "recipe[memcached::default]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-l3-networker.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-l3-networker.rb new file mode 100644 index 000000000..3dfeebe3c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-l3-networker.rb @@ -0,0 +1,8 @@ +name "os-l2-l3-networker" +description "for use case: Provider Router with Private Networks, and Per-tenant Routers with Private Networks. In the 2 use cases, there are 3 different nodes including controller node(role[os-single-controller]), network node(role[os-L2-L3-networker]) and compute node(role[os-computer]). This role is for the network node. It includes the openvswitch, dhcp-agent and L3-agent" +run_list( + "role[os-base]", + "role[os-network-openvswitch]", + "role[os-network-dhcp-agent]", + "role[os-network-l3-agent]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-networker.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-networker.rb new file mode 100644 index 000000000..c112b9670 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-l2-networker.rb @@ -0,0 +1,7 @@ +name "os-l2-networker" +description "for use case: Single Flat Network. In this use case, there are 3 different nodes including controller node(role[os-single-controller]), network node(role[os-L2-networker]) and compute node(role[os-computer]). This role is for the network node. It includes the openvswitch, dhcp-agent. " +run_list( + "role[os-base]", + "role[os-network-openvswitch]", + "role[os-network-dhcp-agent]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-dhcp-agent.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-dhcp-agent.rb new file mode 100644 index 000000000..41e96b64a --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-dhcp-agent.rb @@ -0,0 +1,7 @@ +name "os-network-dhcp-agent" +description "os-network-dhcp-agent" +run_list( + "role[os-base]", + "recipe[openstack-network::dhcp_agent]" +) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-endpoint-registration.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-endpoint-registration.rb new file mode 100644 index 000000000..36a649c36 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-endpoint-registration.rb @@ -0,0 +1,6 @@ +name "os-network-endpoint-registration" +description "Register Endpoint" +run_list( + "role[os-base]", + "recipe[openstack-network::identity_registration]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-l3-agent.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-l3-agent.rb new file mode 100644 index 000000000..f27b14c65 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-l3-agent.rb @@ -0,0 +1,7 @@ +name "os-network-l3-agent" +description "os-network-l3-agent" +run_list( + "role[os-base]", + "recipe[openstack-network::l3_agent]" +) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-openvswitch.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-openvswitch.rb new file mode 100644 index 000000000..cca760940 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-openvswitch.rb @@ -0,0 +1,7 @@ +name "os-network-openvswitch" +description "os-network-openvswitch" +run_list( + "role[os-base]", + "recipe[openstack-network::openvswitch]" +) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-server.rb new file mode 100644 index 000000000..2efa58d16 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network-server.rb @@ -0,0 +1,7 @@ +name "os-network-server" +description "os-network-server" +run_list( + "role[os-base]", + "recipe[openstack-network::server]" +) + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network.rb new file mode 100644 index 000000000..5b742fd8c --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-network.rb @@ -0,0 +1,9 @@ +name "os-network" +description "Configures OpenStack networking, managed by attribute for either nova-network or quantum" +run_list( + "role[os-base]", + "role[os-network-server]", + "role[os-network-openvswitch]", + "role[os-network-dhcp-agent]", + "role[os-network-l3-agent]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-account.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-account.rb new file mode 100644 index 000000000..7e59eede0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-account.rb @@ -0,0 +1,6 @@ +name "os-object-storage-account" +description "OpenStack object storage account service" +run_list( + "role[os-base]", + "recipe[openstack-object-storage::account]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-container.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-container.rb new file mode 100644 index 000000000..5ee8098a0 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-container.rb @@ -0,0 +1,6 @@ +name "os-object-storage-container" +description "OpenStack object storage container service" +run_list( + "role[os-base]", + "recipe[openstack-object-storage::container]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-management.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-management.rb new file mode 100644 index 000000000..90399c329 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-management.rb @@ -0,0 +1,6 @@ +name "os-object-storage-management" +description "OpenStack object storage management service" +run_list( + "role[os-base]", + "recipe[openstack-object-storage::management]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-object.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-object.rb new file mode 100644 index 000000000..1d15727f4 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-object.rb @@ -0,0 +1,6 @@ +name "os-object-storage-object" +description "OpenStack object storage object service" +run_list( + "role[os-base]", + "recipe[openstack-object-storage::object]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-proxy.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-proxy.rb new file mode 100644 index 000000000..da660a7fe --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage-proxy.rb @@ -0,0 +1,6 @@ +name "os-object-storage-proxy" +description "OpenStack object storage proxy service" +run_list( + "role[os-base]", + "recipe[openstack-object-storage::proxy]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage.rb new file mode 100644 index 000000000..2a06fc2c9 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-object-storage.rb @@ -0,0 +1,6 @@ +name "os-object-storage" +description "OpenStack object storage roll-up role" +run_list( + "role[os-base]", + "recipe[openstack-object-storage]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-database.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-database.rb new file mode 100644 index 000000000..51d22f627 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-database.rb @@ -0,0 +1,7 @@ +name "os-ops-database" +description "Currently MySQL Server (non-ha)" +run_list( + "role[os-base]", + "recipe[openstack-ops-database::server]", + "recipe[openstack-ops-database::openstack-db]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-messaging.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-messaging.rb new file mode 100644 index 000000000..935a94f88 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-ops-messaging.rb @@ -0,0 +1,6 @@ +name "os-ops-messaging" +description "Currently RabbitMQ Server (non-ha)" +run_list( + "role[os-base]", + "recipe[openstack-ops-messaging::server]" + ) diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-single-controller.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-single-controller.rb new file mode 100644 index 000000000..8620e9252 --- /dev/null +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/roles/os-single-controller.rb @@ -0,0 +1,22 @@ +name "os-single-controller" +description "for use case: Single Flat Network, Provider Router with Private Networks, and Per-tenant Routers with Private Networks. There are 3 different nodes including controller node, network node and compute node. This role is for the non-HA controller. It includes quantum server, nova servers, keystone and so on." +run_list( + "role[os-base]", + "role[os-ops-database]", + "role[os-ops-messaging]", + "role[os-identity]", + "role[os-network-server]", + "role[os-compute-scheduler]", + "role[os-compute-api]", + "role[os-compute-cert]", + "role[os-compute-vncproxy]", + "role[os-compute-setup]", + "recipe[openstack-compute::conductor]", + "role[os-block-storage]", + "role[os-dashboard]", + "role[os-image]", + "role[os-block-storage-endpoint-registration]", + "role[os-compute-endpoint-registration]", + "role[os-image-endpoint-registration]", + "role[os-network-endpoint-registration]" + )