├── Makefile ├── README.md ├── cookbooks ├── bart │ ├── README.rdoc │ ├── files │ │ └── default │ │ │ ├── bart.rules │ │ │ └── bartlog │ ├── metadata.json │ ├── metadata.rb │ └── recipes │ │ └── default.rb ├── logging │ ├── README.rdoc │ ├── attributes │ │ └── default.rb │ ├── files │ │ └── default │ │ │ └── auditd.props │ ├── metadata.json │ ├── metadata.rb │ ├── recipes │ │ └── default.rb │ └── templates │ │ └── default │ │ ├── login.erb │ │ ├── sshd_config.erb │ │ ├── su.erb │ │ └── syslog.conf.erb ├── smartos │ ├── README.rdoc │ ├── attributes │ │ └── default.rb │ ├── files │ │ └── default │ │ │ └── nicstat │ ├── metadata.json │ ├── metadata.rb │ ├── recipes │ │ ├── default.rb │ │ ├── motd.rb │ │ ├── nicstat.rb │ │ ├── ntp.rb │ │ └── ssh.rb │ └── templates │ │ └── default │ │ ├── authorized_keys.erb │ │ ├── motd.erb │ │ ├── nsswitch.conf.erb │ │ ├── ntp.conf.erb │ │ └── resolv.conf.erb └── zabbix │ ├── README.rdoc │ ├── attributes │ └── default.rb │ ├── files │ └── default │ │ └── zabbix │ │ ├── bin │ │ ├── zabbix_get │ │ └── zabbix_sender │ │ ├── sbin │ │ ├── zabbix_agent │ │ └── zabbix_agentd │ │ └── share │ │ ├── man │ │ ├── man1 │ │ │ ├── zabbix_get.1 │ │ │ └── zabbix_sender.1 │ │ └── man8 │ │ │ ├── zabbix_agentd.8 │ │ │ ├── zabbix_proxy.8 │ │ │ └── zabbix_server.8 │ │ └── svc │ │ └── zabbix_agent.xml │ ├── metadata.rb │ ├── recipes │ ├── agent.rb │ └── default.rb │ └── templates │ └── default │ └── zabbix_agentd.conf.erb ├── knife_bootstrap ├── README.md ├── smartos-gz-fat.erb └── smartos-gz-pkgsrc.erb ├── nodes └── smartos.json ├── scripts └── bootstrap-smartos.sh └── smf ├── chef-solo-omnibus.xml └── chef-solo.xml /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for SmartOS Deployment 2 | # 3 | TAR= gtar 4 | DISTNAME= smartos_cookbooks.tar.gz 5 | SERVER_DEST= 1.2.3.4:/www/chef/ 6 | 7 | all: 8 | $(TAR) cfz /tmp/$(DISTNAME) cookbooks 9 | scp /tmp/$(DISTNAME) $(SERVER_DEST) 10 | rm /tmp/$(DISTNAME) 11 | scp nodes/* $(SERVER_DEST) 12 | scp scripts/* $(SERVER_DEST) 13 | scp keys/* $(SERVER_DEST) 14 | scp smf/chef-solo.xml $(SERVER_DEST) 15 | 16 | 17 | nodes: 18 | scp nodes/* $(SERVER_DEST) 19 | 20 | scripts: 21 | scp scripts/* $(SERVER_DEST) 22 | scp smf/chef-solo.xml $(SERVER_DEST) 23 | 24 | cookbooks: 25 | $(TAR) cfz /tmp/$(DISTNAME) cookbooks 26 | scp /tmp/$(DISTNAME) $(SERVER_DEST) 27 | rm /tmp/$(DISTNAME) 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | smartos_cookbooks 2 | ================= 3 | 4 | Chef Cookbooks and tools for use with SmartOS. 5 | 6 | This is intended for management of the Global Zone, not SmartMachines (Non-Global Zones). For cookbooks and tools to be used with SmartMachines/NGZ's, please see the [joyent/smartmachine_cookbooks](https://github.com/joyent/smartmachine_cookbooks) repository instead. 7 | 8 | For details about how to use this repository, please refer to http://wiki.smartos.org/display/DOC/Using+Chef 9 | 10 | 11 | REPOSITORY LAYOUT 12 | ----------------- 13 | 14 | * **cookbooks**: Indivial SmartOS cookbooks. The "smartos" cookbook itself is considered the primary cookbooks applied to all nodes and should be the first one included in the run_list. 15 | * **knife_bootstrap**: Bootstrap templates for Knife. 16 | * **nodes**: Chef node attribute files. 17 | * **smf**: SmartOS SMF XML manifests for Chef Solo & Chef Client 18 | * **scripts**: Chef Solo bootstrap scripts to simplify deployment. 19 | 20 | For Chef Solo users, a *Makefile* is included to transfer the contents of the repsitory to a web server for distribution. 21 | 22 | 23 | DISLAIMER 24 | --------- 25 | 26 | These tools and cookbooks are unofficial and not supported by Joyent or its partners. Please use at your own risk. 27 | 28 | 29 | TODO 30 | ---- 31 | 32 | * Make fat client bootstrap more verbose (add echos), make pkgsrc bootstrap less verbose. 33 | * Sanitize and include LDAP Client cookbook 34 | * LWRP for managing images (_imgadm_) 35 | * LWRP improvements for user management 36 | * LWRP improvements for SMF management 37 | -------------------------------------------------------------------------------- /cookbooks/bart/README.rdoc: -------------------------------------------------------------------------------- 1 | = DESCRIPTION: 2 | 3 | Installs and configures BARTlog, a tool for running BART daily and outputting notifications via syslog. 4 | 5 | BART is the Basic Auditing & Reporting Tool; is is the SmartOS equivilent of Tripwire. For more information please refer to: 6 | http://www.cuddletech.com/blog/pivot/entry.php?id=1046 7 | -------------------------------------------------------------------------------- /cookbooks/bart/files/default/bart.rules: -------------------------------------------------------------------------------- 1 | ## +Joyent SmartOS BART Rules 2 | ## benr@joyent.com 3 | # 4 | # Attributes: acl, all, contents, dest, devnode, dirmtime, 5 | # gid, lnmtime, mode, mtime, size, type, uid 6 | 7 | 8 | #GLOBAL 9 | CHECK all 10 | IGNORE dirmtime 11 | 12 | 13 | ## Local Checks: 14 | /etc 15 | 16 | /opt 17 | -------------------------------------------------------------------------------- /cookbooks/bart/files/default/bartlog: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # 3 | # bartlog: benr@cuddletech.com (6/24/09) 4 | # ------------------------------------------- 5 | # BART wrapper to be run from cron and output 6 | # changes to syslog. 7 | # 8 | # Modified 3/8/10: Report creation of initial manifest in-band (syslog), 9 | # this will warn us if someone has destroyed our manifest 10 | # to cover their tracks. 11 | # 12 | 13 | 14 | SYSLOG_PRIORITY=audit.err 15 | BART_RULES=/etc/bart.rules 16 | BART_MANIFESTS=/var/tmp 17 | 18 | 19 | 20 | 21 | # 22 | # Modify BASH Internal Field Seperator to newline: 23 | # 24 | IFS=`echo -en "\n\b"` 25 | 26 | 27 | # 28 | # Check for rules: 29 | # 30 | if [ -f $BART_RULES ] 31 | then 32 | echo "123" >/dev/null; 33 | else 34 | echo "$BART_RULES Not Found. Exiting." 35 | exit 36 | fi 37 | 38 | # 39 | # If an initial manifest exists, create a new one for diff, 40 | # otherwise, create the initial and exit. 41 | # 42 | if [ -f $BART_MANIFESTS/bart.manifest.0 ] 43 | then 44 | /usr/bin/bart create -r $BART_RULES > $BART_MANIFESTS/bart.manifest.1 45 | else 46 | /usr/bin/bart create -r $BART_RULES > $BART_MANIFESTS/bart.manifest.0 47 | #echo "Created manifest... exit time." 48 | /bin/logger -p $SYSLOG_PRIORITY "bartlog: Creating Initial Manifest" 49 | exit 50 | fi 51 | 52 | 53 | # 54 | # Compare "control" (.0) manifest against new "test" (.1) manifest and log the changes 55 | # 56 | 57 | for i in `/usr/bin/bart compare -r $BART_RULES -p $BART_MANIFESTS/bart.manifest.0 $BART_MANIFESTS/bart.manifest.1 ` 58 | do 59 | /bin/logger -p $SYSLOG_PRIORITY "BART Reports Change: $i" 60 | done 61 | 62 | 63 | # 64 | # Finally, rotate for the next run 65 | # 66 | /usr/bin/mv $BART_MANIFESTS/bart.manifest.1 $BART_MANIFESTS/bart.manifest.0 67 | -------------------------------------------------------------------------------- /cookbooks/bart/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "computenode", 3 | "description": "Installs/Configures Compute Node", 4 | "long_description": "= DESCRIPTION:\n\n= REQUIREMENTS:\n\n= ATTRIBUTES:\n\n= USAGE:\n\n", 5 | "maintainer": "Ben Rockwood", 6 | "maintainer_email": "benr@joyent.com", 7 | "license": "All rights reserved", 8 | "platforms": { 9 | }, 10 | "dependencies": { 11 | "joyent": ">= 0.0.0" 12 | }, 13 | "recommendations": { 14 | }, 15 | "suggestions": { 16 | }, 17 | "conflicting": { 18 | }, 19 | "providing": { 20 | }, 21 | "replacing": { 22 | }, 23 | "attributes": { 24 | }, 25 | "groupings": { 26 | }, 27 | "recipes": { 28 | }, 29 | "version": "0.0.1" 30 | } -------------------------------------------------------------------------------- /cookbooks/bart/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Ben Rockwood" 2 | maintainer_email "benr@joyent.com" 3 | license "All rights reserved" 4 | description "Configures BART for change notification" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) 6 | version "0.0.1" 7 | -------------------------------------------------------------------------------- /cookbooks/bart/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: BART 3 | # Recipe:: default 4 | # 5 | # Copyright 2011, Joyent, Inc. 6 | # 7 | # All rights reserved - Do Not Redistribute 8 | # 9 | 10 | cookbook_file "/opt/custom/bin/bartlog" do 11 | source "bartlog" 12 | owner "root" 13 | group "sys" 14 | mode "0755" 15 | end 16 | 17 | cookbook_file "/etc/bart.rules" do 18 | source "bart.rules" 19 | owner "root" 20 | group "sys" 21 | mode "0644" 22 | end 23 | 24 | 25 | cron "BARTlog" do 26 | command "/opt/custom/bin/bartlog" 27 | minute "0" 28 | hour "0" 29 | end 30 | -------------------------------------------------------------------------------- /cookbooks/logging/README.rdoc: -------------------------------------------------------------------------------- 1 | = DESCRIPTION: 2 | 3 | Joyent Logging configuration, including Syslog, SSH, /etc/default tunings, etc. 4 | 5 | = ATTRIBUTES: 6 | 7 | default[:syslog][:server]:: Remote Syslog server to send log messages to. 8 | -------------------------------------------------------------------------------- /cookbooks/logging/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default[:syslog][:server] = "localhost" 2 | -------------------------------------------------------------------------------- /cookbooks/logging/files/default/auditd.props: -------------------------------------------------------------------------------- 1 | ## Properties fed to svccfg to augment the auditd service 2 | setprop policy/cnt=true 3 | setprop policy/perzone=true 4 | setprop policy/zonename=true 5 | setprop policy/argv=true 6 | setprop audit_syslog/active=true 7 | setprop audit_syslog/p_flags="all" 8 | setprop preselection/flags="lo,ua,ss" 9 | setprop preselection/naflags="lo,ua,ss" 10 | -------------------------------------------------------------------------------- /cookbooks/logging/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "computenode", 3 | "description": "Installs/Configures Compute Node", 4 | "long_description": "= DESCRIPTION:\n\n= REQUIREMENTS:\n\n= ATTRIBUTES:\n\n= USAGE:\n\n", 5 | "maintainer": "Ben Rockwood", 6 | "maintainer_email": "benr@joyent.com", 7 | "license": "All rights reserved", 8 | "platforms": { 9 | }, 10 | "dependencies": { 11 | "joyent": ">= 0.0.0" 12 | }, 13 | "recommendations": { 14 | }, 15 | "suggestions": { 16 | }, 17 | "conflicting": { 18 | }, 19 | "providing": { 20 | }, 21 | "replacing": { 22 | }, 23 | "attributes": { 24 | }, 25 | "groupings": { 26 | }, 27 | "recipes": { 28 | }, 29 | "version": "0.0.1" 30 | } -------------------------------------------------------------------------------- /cookbooks/logging/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Ben Rockwood" 2 | maintainer_email "benr@joyent.com" 3 | license "All rights reserved" 4 | description "Installs/Configures Compute Node" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) 6 | version "0.0.1" 7 | depends "joyent" 8 | -------------------------------------------------------------------------------- /cookbooks/logging/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: logging 3 | # Recipe:: default 4 | # 5 | # Copyright 2011, Joyent, Inc. 6 | # 7 | # All rights reserved - Do Not Redistribute 8 | # 9 | 10 | ## Touch /var/log/authlog 11 | file "/var/log/authlog" do 12 | owner "root" 13 | group "root" 14 | mode "0644" 15 | action :touch 16 | end 17 | 18 | ## Touch /var/log/audit 19 | file "/var/log/audit" do 20 | owner "root" 21 | group "root" 22 | mode "0644" 23 | action :touch 24 | end 25 | 26 | 27 | 28 | ### TODO: This should point to a syslog server by attribute 29 | # Solaris Syslog Configuration 30 | template "/etc/syslog.conf" do 31 | source "syslog.conf.erb" 32 | owner "root" 33 | group "sys" 34 | mode "0644" 35 | variables( 36 | :logserver => node[:syslog][:server] 37 | ) 38 | notifies :restart, "service[system-log]" 39 | end 40 | 41 | service "system-log" do 42 | action :nothing 43 | end 44 | 45 | # SSHD Configuration 46 | template "/etc/ssh/sshd_config" do 47 | source "sshd_config.erb" 48 | owner "root" 49 | group "sys" 50 | mode "0644" 51 | notifies :restart, "service[ssh]" 52 | end 53 | 54 | # Notify hook to restart SSH if configurati is updated. 55 | service "ssh" do 56 | action :nothing 57 | end 58 | 59 | # SU Configuration 60 | template "/etc/default/su" do 61 | source "su.erb" 62 | owner "root" 63 | group "sys" 64 | mode "0644" 65 | end 66 | 67 | # LOGIN Configuration 68 | template "/etc/default/login" do 69 | source "login.erb" 70 | owner "root" 71 | group "sys" 72 | mode "0644" 73 | end 74 | 75 | 76 | ### TODO: A LWRP should be used to modify properities on a case-by-case 77 | ### basis, rather than dumping a file and loading it based on 78 | ### on a single property value. 79 | 80 | # SVCCFG Command File 81 | cookbook_file "/var/tmp/auditd.props" do 82 | source "auditd.props" 83 | owner "root" 84 | group "sys" 85 | mode "0644" 86 | end 87 | 88 | # Enable BSM SYSLOG Plugin 89 | execute "Enable Audit SYSLOG Plugin" do 90 | command "/usr/sbin/svccfg -s svc:/system/auditd:default -f /var/tmp/auditd.props" 91 | only_if "/usr/sbin/svccfg -s svc:/system/auditd:default listprop audit_syslog/active | grep false" 92 | notifies :run, "execute[refresh auditd]" 93 | end 94 | 95 | execute "refresh auditd" do 96 | command "/usr/sbin/svcadm refresh auditd" 97 | action :nothing 98 | end 99 | -------------------------------------------------------------------------------- /cookbooks/logging/templates/default/login.erb: -------------------------------------------------------------------------------- 1 | ## 2 | ## JPC Operations /etc/default/login 3 | ## 4 | ## This file is managed by Chef! 5 | ## 6 | 7 | 8 | # Set the TZ environment variable of the shell. 9 | # 10 | #TIMEZONE=EST5EDT 11 | 12 | # ULIMIT sets the file size limit for the login. Units are disk blocks. 13 | # The default of zero means no limit. 14 | # 15 | #ULIMIT=0 16 | 17 | # If CONSOLE is set, root can only login on that device. 18 | # If the specified device is /dev/console, then root can also log into 19 | # any of the currently enabled /dev/vt/# virtual terminal devices. 20 | # Comment this line out to allow remote login by root. 21 | # 22 | #CONSOLE=/dev/console 23 | 24 | # PASSREQ determines if login requires a password. 25 | # 26 | PASSREQ=YES 27 | 28 | # ALTSHELL determines if the SHELL environment variable should be set 29 | # 30 | ALTSHELL=YES 31 | 32 | # PATH sets the initial shell PATH variable 33 | # 34 | #PATH=/usr/bin: 35 | 36 | # SUPATH sets the initial shell PATH variable for root 37 | # 38 | #SUPATH=/usr/sbin:/usr/bin 39 | 40 | # TIMEOUT sets the number of seconds (between 0 and 900) to wait before 41 | # abandoning a login session. 42 | # 43 | #TIMEOUT=300 44 | 45 | # UMASK sets the initial shell file creation mode mask. See umask(1). 46 | # 47 | #UMASK=022 48 | 49 | # SYSLOG determines whether the syslog(3) LOG_AUTH facility should be used 50 | # to log all root logins at level LOG_NOTICE and multiple failed login 51 | # attempts at LOG_CRIT. 52 | # 53 | SYSLOG=YES 54 | 55 | # SLEEPTIME controls the number of seconds that the command should 56 | # wait before printing the "login incorrect" message when a 57 | # bad password is provided. The range is limited from 58 | # 0 to 5 seconds. 59 | # 60 | #SLEEPTIME=4 61 | 62 | # DISABLETIME If present, and greater than zero, the number of seconds 63 | # login will wait after RETRIES failed attempts or the PAM framework returns 64 | # PAM_ABORT. Default is 20. Minimum is 0. No maximum is imposed. 65 | # 66 | #DISABLETIME=20 67 | 68 | # RETRIES determines the number of failed logins that will be 69 | # allowed before login exits. Default is 5 and maximum is 15. 70 | # If account locking is configured (user_attr(4)/policy.conf(4)) 71 | # for a local user's account (passwd(4)/shadow(4)), that account 72 | # will be locked if failed logins equals or exceeds RETRIES. 73 | # 74 | #RETRIES=5 75 | # 76 | # The SYSLOG_FAILED_LOGINS variable is used to determine how many failed 77 | # login attempts will be allowed by the system before a failed login 78 | # message is logged, using the syslog(3) LOG_NOTICE facility. For example, 79 | # if the variable is set to 0, login will log -all- failed login attempts. 80 | # 81 | SYSLOG_FAILED_LOGINS=0 82 | -------------------------------------------------------------------------------- /cookbooks/logging/templates/default/sshd_config.erb: -------------------------------------------------------------------------------- 1 | ## 2 | ## SmartOS SSHD_CONFIG 3 | ## 4 | ## This file is managed by Chef! 5 | ## 6 | 7 | 8 | # Only v2 (recommended) 9 | Protocol 2 10 | 11 | # Listen port (the IANA registered port number for ssh is 22) 12 | Port 22 13 | 14 | # Don't use reverse DNS for connecting clients 15 | LookupClientHostnames no 16 | VerifyReverseMapping no 17 | 18 | 19 | # IPv4 only 20 | #ListenAddress 0.0.0.0 21 | # IPv4 & IPv6 22 | ListenAddress :: 23 | 24 | GatewayPorts no 25 | 26 | # X11 tunneling options 27 | X11Forwarding yes 28 | X11DisplayOffset 10 29 | X11UseLocalhost yes 30 | 31 | # The maximum number of concurrent unauthenticated connections to sshd. 32 | # start:rate:full see sshd(1) for more information. 33 | # The default is 10 unauthenticated clients. 34 | #MaxStartups 10:30:60 35 | 36 | # Banner to be printed before authentication starts. 37 | #Banner /etc/issue 38 | 39 | # Should sshd print the /etc/motd file and check for mail. 40 | # On Solaris it is assumed that the login shell will do these (eg /etc/profile). 41 | PrintMotd no 42 | 43 | # KeepAlive specifies whether keep alive messages are sent to the client. 44 | # See sshd(1) for detailed description of what this means. 45 | # Note that the client may also be sending keep alive messages to the server. 46 | KeepAlive yes 47 | 48 | # Syslog facility and level 49 | SyslogFacility auth 50 | LogLevel info 51 | 52 | # 53 | # Authentication configuration 54 | # 55 | 56 | # Host private key files 57 | # Must be on a local disk and readable only by the root user (root:sys 600). 58 | HostKey /var/ssh/ssh_host_rsa_key 59 | HostKey /var/ssh/ssh_host_dsa_key 60 | 61 | # Length of the server key 62 | # Default 768, Minimum 512 63 | ServerKeyBits 768 64 | 65 | # sshd regenerates the key every KeyRegenerationInterval seconds. 66 | # The key is never stored anywhere except the memory of sshd. 67 | # The default is 1 hour (3600 seconds). 68 | KeyRegenerationInterval 3600 69 | 70 | # Ensure secure permissions on users .ssh directory. 71 | StrictModes yes 72 | 73 | # Length of time in seconds before a client that hasn't completed 74 | # authentication is disconnected. 75 | # Default is 600 seconds. 0 means no time limit. 76 | LoginGraceTime 600 77 | 78 | # Maximum number of retries for authentication 79 | # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2 80 | MaxAuthTries 5 81 | MaxAuthTriesLog 0 82 | 83 | # Are logins to accounts with empty passwords allowed. 84 | # If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK 85 | # to pam_authenticate(3PAM). 86 | PermitEmptyPasswords no 87 | 88 | # To disable tunneled clear text passwords, change PasswordAuthentication to no. 89 | PasswordAuthentication yes 90 | 91 | # Are root logins permitted using sshd. 92 | # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user 93 | # maybe denied access by a PAM module regardless of this setting. 94 | # Valid options are yes, without-password, no. 95 | PermitRootLogin yes 96 | 97 | # sftp subsystem 98 | Subsystem sftp internal-sftp 99 | 100 | # SSH protocol v1 specific options 101 | # 102 | # The following options only apply to the v1 protocol and provide 103 | # some form of backwards compatibility with the very weak security 104 | # of /usr/bin/rsh. Their use is not recommended and the functionality 105 | # will be removed when support for v1 protocol is removed. 106 | 107 | # Should sshd use .rhosts and .shosts for password less authentication. 108 | IgnoreRhosts yes 109 | RhostsAuthentication no 110 | 111 | # Rhosts RSA Authentication 112 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts. 113 | # If the user on the client side is not root then this won't work on 114 | # Solaris since /usr/bin/ssh is not installed setuid. 115 | RhostsRSAAuthentication no 116 | 117 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication. 118 | #IgnoreUserKnownHosts yes 119 | 120 | # Is pure RSA authentication allowed. 121 | # Default is yes 122 | RSAAuthentication yes 123 | 124 | # Disable GSS since we don't need it and it slows down login 125 | GSSAPIAuthentication no 126 | GSSAPIKeyExchange no 127 | -------------------------------------------------------------------------------- /cookbooks/logging/templates/default/su.erb: -------------------------------------------------------------------------------- 1 | ## 2 | ## JPC Operations /etc/default/su 3 | ## 4 | ## This file is managed by Chef! 5 | ## 6 | 7 | # SULOG determines the location of the file used to log all su attempts 8 | # 9 | SULOG=/var/adm/sulog 10 | 11 | # CONSOLE determines whether attempts to su to root should be logged 12 | # to the named device 13 | # 14 | #CONSOLE=/dev/console 15 | 16 | # PATH sets the initial shell PATH variable 17 | # 18 | #PATH=/usr/bin: 19 | 20 | # SUPATH sets the initial shell PATH variable for root 21 | # 22 | #SUPATH=/usr/sbin:/usr/bin 23 | 24 | # SYSLOG determines whether the syslog(3) LOG_AUTH facility should be used 25 | # to log all su attempts. LOG_NOTICE messages are generated for su's to 26 | # root, LOG_INFO messages are generated for su's to other users, and LOG_CRIT 27 | # messages are generated for failed su attempts. 28 | # 29 | SYSLOG=YES 30 | -------------------------------------------------------------------------------- /cookbooks/logging/templates/default/syslog.conf.erb: -------------------------------------------------------------------------------- 1 | ## 2 | ## SmartOS /etc/syslog.conf 3 | ## 4 | ## This file is managed by Chef! 5 | ## 6 | 7 | *.err;kern.notice;auth.notice /dev/sysmsg 8 | *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages 9 | 10 | ## Don't disturb the administrator on the terminal: 11 | #*.alert;kern.err;daemon.err operator 12 | *.alert root 13 | 14 | *.emerg * 15 | 16 | # if a non-loghost machine chooses to have authentication messages 17 | # sent to the loghost machine, un-comment out the following line: 18 | auth.info ifdef(`LOGHOST', /var/log/authlog, @loghost) 19 | 20 | mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) 21 | 22 | audit.notice @<%= @logserver %> 23 | 24 | # 25 | # non-loghost machines will use the following lines to cause "user" 26 | # log messages to be logged locally. 27 | # 28 | ifdef(`LOGHOST', , 29 | user.err /dev/sysmsg 30 | user.err /var/adm/messages 31 | user.alert `root, operator' 32 | user.emerg * 33 | ) 34 | 35 | ## Send everything to syslog server: 36 | *.debug @<%= @logserver %> 37 | -------------------------------------------------------------------------------- /cookbooks/smartos/README.rdoc: -------------------------------------------------------------------------------- 1 | = DESCRIPTION: 2 | 3 | The basic SmartOS cookbook responsible for applying changes which should be applied to _all_ nodes. This should always be the first cookbook/recipe in your run_list. 4 | 5 | = RECIPES: 6 | 7 | default:: 8 | 9 | motd:: Uses an ERB template to create /etc/motd 10 | 11 | nicstat:: Install Tim Cook's _nicstat_ tool to /opt/custom/bin. 12 | 13 | ntp:: Configures NTP 14 | 15 | ssh:: Manage the Root SSH User Configuration 16 | 17 | = ATTRIBUTES: 18 | 19 | default[:ntp][:servers]:: An array of NTP servers. _Defaults to NTP pool servers._ 20 | 21 | default[:dns][:search]:: DNS resolver default search domain. _Defaults to smartos.org._ 22 | 23 | default[:dns][:nameservers]:: An array of DNS servers used by the DNS resolver. _Defaults to OpenDNS servers._ 24 | 25 | default[:ssh][:pubkey]:: If a URL to an SSH public key is present, it is added to the root users account (/root/.ssh/). _There is no default, if parameter is missing no action is taken._ 26 | 27 | default[:ssh][:privkey]:: If a URL to an SSH private key is present, it is added to the root users account (/root/.ssh/). _There is no default, if parameter is missing no action is taken._ 28 | 29 | default[:ssh][:authorized_keys]:: If an array of public keys are present, they are added to the root users /root/.ssh/authorized_keys file. _There is no default, if parameter is missing no action is taken._ 30 | -------------------------------------------------------------------------------- /cookbooks/smartos/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # SmartOS Base Recipes Attributes 2 | 3 | #default[:hostname] = "" 4 | 5 | ## NTP (Default to NTP Pool Servers) 6 | default[:ntp][:servers] = ["0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org"] 7 | 8 | ## SSH Pub/Priv Keys for root 9 | #default[:ssh][:pubkey] = "http://path/to/id_dsa.pub" 10 | #default[:ssh][:privkey] = "http://path/to/id_dsa" 11 | #default[:ssh][:authorized_keys] = ["..",".."] 12 | 13 | ## DNS (Default to OpenDNS) 14 | default[:dns][:search] = "smartos.org" 15 | default[:dns][:nameservers] = ["208.67.220.220", "208.67.222.222"] 16 | 17 | -------------------------------------------------------------------------------- /cookbooks/smartos/files/default/nicstat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TritonDataCenter/smartos_cookbooks/d9e326747f27c804e3a7dd251fc24a342f7d680b/cookbooks/smartos/files/default/nicstat -------------------------------------------------------------------------------- /cookbooks/smartos/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "smartos", 3 | "description": "Configuration of SmartOS GZ", 4 | "long_description": "= DESCRIPTION:\n\n= REQUIREMENTS:\n\n= ATTRIBUTES:\n\n= USAGE:\n\n", 5 | "maintainer": "Ben Rockwood", 6 | "maintainer_email": "benr@joyent.com", 7 | "license": "All rights reserved", 8 | "platforms": { 9 | }, 10 | "dependencies": { 11 | "joyent": ">= 0.0.0" 12 | }, 13 | "recommendations": { 14 | }, 15 | "suggestions": { 16 | }, 17 | "conflicting": { 18 | }, 19 | "providing": { 20 | }, 21 | "replacing": { 22 | }, 23 | "attributes": { 24 | }, 25 | "groupings": { 26 | }, 27 | "recipes": { 28 | }, 29 | "version": "0.0.1" 30 | } 31 | -------------------------------------------------------------------------------- /cookbooks/smartos/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Ben Rockwood" 2 | maintainer_email "benr@joyent.com" 3 | license "All rights reserved" 4 | description "Configures SmartOS Global Zone" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) 6 | version "0.0.1" 7 | -------------------------------------------------------------------------------- /cookbooks/smartos/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: SmartOS 3 | # Recipe:: default 4 | # 5 | # Copyright 2012, Joyent, Inc. 6 | # 7 | # All rights reserved - Do Not Redistribute 8 | # 9 | 10 | ## Explicitly allow restart of name service cache after 11 | ## updating resolv.conf 12 | ## 13 | service "name-service-cache" do 14 | supports :enable => true, :start => true, :stop => true, :restart => true 15 | action [ :enable, :start ] 16 | end 17 | 18 | 19 | ## Enable DNS 20 | ## 21 | template "/etc/nsswitch.conf" do 22 | source "nsswitch.conf.erb" 23 | owner "root" 24 | group "sys" 25 | mode '0644' 26 | not_if "cat /etc/nsswitch.conf | grep ^hosts: | grep \" dns\"" 27 | notifies :restart, resources(:service => "name-service-cache"), :immediate 28 | end 29 | 30 | ## DNS Resolver 31 | ## 32 | template "/etc/resolv.conf" do 33 | source "resolv.conf.erb" 34 | owner "root" 35 | group "sys" 36 | mode "0644" 37 | notifies :restart, resources(:service => "name-service-cache"), :immediate 38 | end 39 | 40 | ## Set the Hostname 41 | ## 42 | nodename = Chef::Config[:node_name] 43 | execute "Set hostname to #{nodename}" do 44 | command "/usr/bin/hostname #{nodename} && /usr/bin/hostname > /etc/nodename" 45 | not_if "grep #{nodename} /etc/nodename" 46 | end 47 | 48 | 49 | ## Enable atime on /var, so that WTMPX and logs work properly 50 | ## 51 | execute "Enable atime for /var" do 52 | command "/usr/sbin/zfs set atime=on zones/var" 53 | only_if "/usr/sbin/zfs get -Hp atime zones/var | grep off" 54 | end 55 | 56 | ## Setup SSH for the Root User 57 | ## 58 | if node.attribute?("ssh") 59 | include_recipe "smartos::ssh" 60 | end 61 | 62 | ## Install 'nicstat' 63 | ## 64 | include_recipe "smartos::nicstat" 65 | 66 | ## Configure NTP 67 | ## 68 | include_recipe "smartos::ntp" 69 | 70 | ## Write the motd 71 | ## 72 | include_recipe "smartos::motd" 73 | -------------------------------------------------------------------------------- /cookbooks/smartos/recipes/motd.rb: -------------------------------------------------------------------------------- 1 | ## 2 | ## Joyent Customer MOTD 3 | ## 4 | 5 | template "/etc/motd" do 6 | source "motd.erb" 7 | owner "root" 8 | group "sys" 9 | mode "0644" 10 | end 11 | -------------------------------------------------------------------------------- /cookbooks/smartos/recipes/nicstat.rb: -------------------------------------------------------------------------------- 1 | ## 2 | ## Install Tim Cook's nicstat per Brendan's Request 3 | ## SRC: http://sourceforge.net/projects/nicstat/files/latest/download 4 | ## 5 | 6 | directory "/opt/custom/bin" do 7 | owner "root" 8 | group "root" 9 | mode '0755' 10 | end 11 | 12 | 13 | cookbook_file "/opt/custom/bin/nicstat" do 14 | source "nicstat" 15 | owner "root" 16 | group "root" 17 | mode "0755" 18 | end 19 | -------------------------------------------------------------------------------- /cookbooks/smartos/recipes/ntp.rb: -------------------------------------------------------------------------------- 1 | template "/etc/inet/ntp.conf" do 2 | source "ntp.conf.erb" 3 | end 4 | 5 | service "ntp" do 6 | action :restart 7 | provider Chef::Provider::Service::Solaris 8 | end 9 | 10 | -------------------------------------------------------------------------------- /cookbooks/smartos/recipes/ssh.rb: -------------------------------------------------------------------------------- 1 | ## 2 | ## Manage the Root SSH User Configuration 3 | ## 4 | 5 | 6 | ## Create ~/.ssh 7 | ## 8 | directory "/root/.ssh" do 9 | owner "root" 10 | group "root" 11 | mode '0700' 12 | end 13 | 14 | ## Remove authorized_keys, if it exists. 15 | ## 16 | #file "/root/.ssh/authorized_keys" do 17 | # action :delete 18 | #end 19 | 20 | ## Insert the Public/Private Keys 21 | ## 22 | if node.ssh.attribute?("pubkey") 23 | remote_file "/root/.ssh/id_dsa.pub" do 24 | source "#{node[:ssh][:pubkey]}" 25 | owner "root" 26 | group "root" 27 | mode '0644' 28 | action :create_if_missing 29 | end 30 | end 31 | 32 | if node.ssh.attribute?("privkey") 33 | remote_file "/root/.ssh/id_dsa" do 34 | source "#{node[:ssh][:privkey]}" 35 | owner "root" 36 | group "root" 37 | mode '0600' 38 | action :create_if_missing 39 | end 40 | end 41 | 42 | ## Authorized Keys 43 | ## 44 | if node.ssh.attribute?("authorized_keys") 45 | template "/root/.ssh/authorized_keys" do 46 | source "authorized_keys.erb" 47 | end 48 | end 49 | -------------------------------------------------------------------------------- /cookbooks/smartos/templates/default/authorized_keys.erb: -------------------------------------------------------------------------------- 1 | <% node[:ssh][:authorized_keys].each do |key| -%> 2 | <%= key %> 3 | <% end -%> 4 | 5 | -------------------------------------------------------------------------------- /cookbooks/smartos/templates/default/motd.erb: -------------------------------------------------------------------------------- 1 | _ 2 | ___ _ __ ___ __ _ _ __| |_ ___ ___ 3 | / __| '_ ` _ \ / _` | '__| __/ _ \/ __| <%= node[:hostname] %> 4 | \__ \ | | | | | (_| | | | || (_) \__ \ <%= node[:platform_build] %> 5 | |___/_| |_| |_|\__,_|_| \__\___/|___/ <%= node[:dmi][:system][:product] %> (<%= node[:dmi][:system][:serial_number] %>) 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/smartos/templates/default/nsswitch.conf.erb: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/nsswitch.conf: 3 | # 4 | 5 | passwd: files 6 | group: files 7 | hosts: files mdns dns 8 | ipnodes: files mdns 9 | networks: files 10 | protocols: files 11 | rpc: files 12 | ethers: files 13 | netmasks: files 14 | bootparams: files 15 | publickey: files 16 | netgroup: files 17 | automount: files 18 | aliases: files 19 | services: files 20 | printers: user files 21 | 22 | auth_attr: files 23 | prof_attr: files 24 | project: files 25 | 26 | tnrhtp: files 27 | tnrhdb: files 28 | -------------------------------------------------------------------------------- /cookbooks/smartos/templates/default/ntp.conf.erb: -------------------------------------------------------------------------------- 1 | driftfile /var/ntp/ntp.drift 2 | logfile /var/log/ntp.log 3 | 4 | <% node[:ntp][:servers].each do |srv| -%> 5 | server <%= srv %> 6 | <% end -%> 7 | -------------------------------------------------------------------------------- /cookbooks/smartos/templates/default/resolv.conf.erb: -------------------------------------------------------------------------------- 1 | search <%= node[:dns][:search] %> 2 | <% node[:dns][:nameservers].each do |nameserver| -%> 3 | nameserver <%= nameserver %> 4 | <% end -%> 5 | -------------------------------------------------------------------------------- /cookbooks/zabbix/README.rdoc: -------------------------------------------------------------------------------- 1 | = DESCRIPTION: 2 | 3 | Zabbix agent installation. A staticly compiled Zabbix agent is included in this cookbook. 4 | 5 | = ATTRIBUTES: 6 | 7 | 8 | default[:zabbix][:server]:: IP Address or FQDN of Zabbix Proxy or Server. 9 | 10 | default[:zabbix][:external_nic]:: Public NIC to monitor 11 | 12 | = USAGE: 13 | 14 | Include zabbix::agent in your run_list 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/zabbix/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Zabbix Attribute Defaults 3 | # 4 | 5 | ## Headnodes typically have the hostname "headnode", 6 | ## use this attribute to override it with something more descriptive 7 | ## Please do not change it here, change it in your node attribute file. 8 | #default[:zabbix][:hostname] = "override-hostname" 9 | 10 | ## The Zabbix Server/Proxy for agents to talk to, 11 | ## Please override it in your node attribute file, this value is just 12 | ## a fallback value in case you forget. 13 | default[:zabbix][:server] = "192.168.100.10" 14 | 15 | ## Default external NIC which is monitored by Zabbix 16 | default[:zabbix][:external_nic] = "ixgbe0" 17 | 18 | 19 | -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/bin/zabbix_get: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TritonDataCenter/smartos_cookbooks/d9e326747f27c804e3a7dd251fc24a342f7d680b/cookbooks/zabbix/files/default/zabbix/bin/zabbix_get -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/bin/zabbix_sender: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TritonDataCenter/smartos_cookbooks/d9e326747f27c804e3a7dd251fc24a342f7d680b/cookbooks/zabbix/files/default/zabbix/bin/zabbix_sender -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/sbin/zabbix_agent: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TritonDataCenter/smartos_cookbooks/d9e326747f27c804e3a7dd251fc24a342f7d680b/cookbooks/zabbix/files/default/zabbix/sbin/zabbix_agent -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/sbin/zabbix_agentd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TritonDataCenter/smartos_cookbooks/d9e326747f27c804e3a7dd251fc24a342f7d680b/cookbooks/zabbix/files/default/zabbix/sbin/zabbix_agentd -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/share/man/man1/zabbix_get.1: -------------------------------------------------------------------------------- 1 | .TH ZABBIX_GET 8 "4 August 2009" 2 | .SH NAME 3 | zabbix_get \- Zabbix Get utility. 4 | .SH SYNOPSIS 5 | .B zabbix_get [-hV] [-s 6 | .I host name or IP 7 | .B ] [-p 8 | .I port number 9 | .B ] [-I 10 | .I IP address 11 | .B ] [-k 12 | .I key 13 | .B ] 14 | .SH DESCRIPTION 15 | .B zabbix_get 16 | is a command line utility for getting data from a remote Zabbix Agent. 17 | 18 | .B Example: 19 | .I zabbix_get -s127.0.0.1 -p10050 -k"system.cpu.load[all,avg1]" 20 | .SS Options 21 | .IP "-s, --host host name or IP" 22 | Specify host name or IP address of a host. 23 | .IP "-p, --port port number" 24 | Specify port number of agent running on the host. Default is 10050. 25 | .IP "-I, --source-address IP address" 26 | Specify source IP address. 27 | .IP "-k, --key key of metric" 28 | Specify metric name (key) we want to retrieve. 29 | .IP "-h, --help" 30 | Display this help and exit. 31 | .IP "-V, --version" 32 | Output version information and exit. 33 | .SH "SEE ALSO" 34 | .BR zabbix_agentd (8), 35 | .BR zabbix_proxy (8), 36 | .BR zabbix_sender (8), 37 | .BR zabbix_server (8) 38 | .SH AUTHOR 39 | Alexei Vladishev 40 | -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/share/man/man1/zabbix_sender.1: -------------------------------------------------------------------------------- 1 | .TH ZABBIX_SENDER 8 "22 March 2010" 2 | .if n .ad l 3 | .SH NAME 4 | zabbix_sender \- Zabbix Sender utility. 5 | .SH SYNOPSIS 6 | .B zabbix_sender [-hpzvIV] {-kso | [-T] -i 7 | .I \fB} [-c\fR 8 | .I \fB]\fR 9 | .SH DESCRIPTION 10 | .B zabbix_sender 11 | is a command line utility for sending data to a remote Zabbix Server. 12 | 13 | .SS Options 14 | .IP "-c, --config \fI\fR" 15 | Specify agent configuration file for reading server details. 16 | .IP "-z, --zabbix-server \fI\fR" 17 | Hostname or IP address of Zabbix Server. 18 | .IP "-p, --port \fI\fR" 19 | Specify port number of server trapper running on the server. Default is 10051. 20 | .IP "-s, --host \fI\fR" 21 | Specify host name as registered in Zabbix front-end. Host IP address and DNS name will not work. 22 | .IP "-I, --source-address \fI\fR" 23 | Specify source IP address. 24 | .IP "-k, --key \fI\fR" 25 | Specify metric name (key) we want to send. 26 | .IP "-o, --value \fI\fR" 27 | Specify value of the key. 28 | .IP "-i, --input-file \fI\fR" 29 | Load values from input file. Specify \fB-\fR for standard input. Each line of file contains space delimited: \fB \fR. 30 | .IP "-T --with-timestamps" 31 | Each line of file contains space delimited: \fB \fR. This can be used with \fB--input-file\fR option. 32 | .IP "-r --real-time" 33 | Send metrics one by one as soon as they are received. This can be used when reading from standard input. 34 | .IP "-v, --verbose" 35 | Verbose mode, -vv for more details. 36 | .IP "-h, --help" 37 | Display this help and exit. 38 | .IP "-V, --version" 39 | Output version information and exit. 40 | .SH "EXAMPLES" 41 | .B zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -s """Monitored Host""" -k """mysql.queries""" -o """342.45""" 42 | 43 | Send \fB342.45\fR as the value for \fBmysql.queries\fR key in \fBMonitored Host\fR host using Zabbix server defined in agent daemon configuration file. 44 | 45 | .B zabbix_sender -z 192.168.1.113 -i data_values.txt 46 | 47 | Send values from file \fBdata_values.txt\fR to server with IP \fB192.168.1.113\fR. Host names and keys are defined in the file. 48 | 49 | .SH "SEE ALSO" 50 | .BR zabbix_agentd (8), 51 | .BR zabbix_get (8), 52 | .BR zabbix_proxy (8), 53 | .BR zabbix_server (8) 54 | .SH AUTHOR 55 | Alexei Vladishev 56 | -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/share/man/man8/zabbix_agentd.8: -------------------------------------------------------------------------------- 1 | .TH ZABBIX_AGENTD 8 "4 August 2009" 2 | .SH NAME 3 | zabbix_agentd \- Zabbix agent daemon. 4 | .SH SYNOPSIS 5 | .B zabbix_agentd [-hpV] [-c 6 | .I config-file 7 | .B ] [-t metric] 8 | .SH DESCRIPTION 9 | .B zabbix_agentd 10 | is a daemon for monitoring of various server parameters. 11 | .SS Options 12 | .IP "-c, --config config-file" 13 | Use the alternate system wide 14 | .I config-file 15 | instead of 16 | .I /etc/zabbix/zabbix_agentd.conf\fR. 17 | Use absolute path. 18 | . 19 | .IP "-p, --print" 20 | Print supported metrics and exit. 21 | .IP "-t, --test metric" 22 | Test single metric and exit. 23 | .IP "-h, --help" 24 | Display this help and exit. 25 | .IP "-V, --version" 26 | Output version information and exit. 27 | .SH FILES 28 | .TP 29 | .I /etc/zabbix/zabbix_agentd.conf 30 | Default location of Zabbix Agent configuration file. 31 | .SH "SEE ALSO" 32 | .BR zabbix_get (8), 33 | .BR zabbix_proxy (8), 34 | .BR zabbix_sender (8), 35 | .BR zabbix_server (8) 36 | .SH BUGS 37 | Note that 38 | .B -t 39 | and 40 | .B -p 41 | switches do not work with user parameters. Use 42 | .B zabbix_get 43 | instead. 44 | .SH AUTHOR 45 | Alexei Vladishev 46 | -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/share/man/man8/zabbix_proxy.8: -------------------------------------------------------------------------------- 1 | .TH ZABBIX_PROXY 8 "4 August 2009" 2 | .SH NAME 3 | zabbix_proxy \- Zabbix Proxy daemon. 4 | .SH SYNOPSIS 5 | .B zabbix_proxy [-hV] [-c 6 | .I config-file 7 | .B ] 8 | .SH DESCRIPTION 9 | .B zabbix_proxy 10 | is a Proxy daemon used for remote data collection. 11 | .SS Options 12 | .IP "-c, --config config-file" 13 | Use the alternate 14 | .I config-file 15 | instead of 16 | .I /etc/zabbix/zabbix_proxy.conf 17 | . 18 | .IP "-h, --help" 19 | Display this help and exit. 20 | .IP "-V, --version" 21 | Output version information and exit. 22 | .SH FILES 23 | .TP 24 | .I /etc/zabbix/zabbix_proxy.conf 25 | Default location of Zabbix Proxy configuration file. 26 | .SH "SEE ALSO" 27 | .BR zabbix_agentd (8), 28 | .BR zabbix_get (8), 29 | .BR zabbix_sender (8), 30 | .BR zabbix_server (8) 31 | .SH AUTHOR 32 | Alexei Vladishev 33 | -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/share/man/man8/zabbix_server.8: -------------------------------------------------------------------------------- 1 | .TH ZABBIX_SERVER 8 "4 August 2009" 2 | .SH NAME 3 | zabbix_server \- Zabbix server daemon. 4 | .SH SYNOPSIS 5 | .B zabbix_server [-hV] [-c 6 | .I config-file 7 | .B ] [-n ] 8 | .SH DESCRIPTION 9 | .B zabbix_server 10 | is a core daemon of Zabbix software. 11 | .SS Options 12 | .IP "-c, --config config-file" 13 | Use the alternate system wide 14 | .I config-file 15 | instead of 16 | .I /etc/zabbix/zabbix_server.conf 17 | . 18 | .IP "-n, --new-nodeid nodeid" 19 | Convert database data to new nodeid. 20 | .IP "-h, --help" 21 | Display this help and exit. 22 | .IP "-V, --version" 23 | Output version information and exit. 24 | .SH FILES 25 | .TP 26 | .I /etc/zabbix/zabbix_server.conf 27 | Default location of Zabbix Server configuration file. 28 | .SH "SEE ALSO" 29 | .BR zabbix_agentd (8), 30 | .BR zabbix_get (8), 31 | .BR zabbix_proxy (8), 32 | .BR zabbix_sender (8) 33 | .SH AUTHOR 34 | Alexei Vladishev 35 | -------------------------------------------------------------------------------- /cookbooks/zabbix/files/default/zabbix/share/svc/zabbix_agent.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /cookbooks/zabbix/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Joyent" 2 | maintainer_email "benr@joyent.com" 3 | license "All rights reserved" 4 | description "Installs/Configures zabbix" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) 6 | version "0.0.1" 7 | -------------------------------------------------------------------------------- /cookbooks/zabbix/recipes/agent.rb: -------------------------------------------------------------------------------- 1 | ## 2 | ## Zabbix Client Installation 3 | ## 4 | 5 | 6 | ## Find the admin interface, whether it be bnx0 or bnx1. [ This is pretty primative, should evolve over time. ] 7 | if defined?(node[:network][:interfaces][:bnx0][:addresses]) then 8 | local_addr = node[:network][:interfaces][:bnx0][:addresses].find {|addr, addr_info| addr_info[:family] == "inet"}.first 9 | elsif defined?(node[:network][:interfaces][:bnx1][:addresses]) 10 | local_addr = node[:network][:interfaces][:bnx1][:addresses].find {|addr, addr_info| addr_info[:family] == "inet"}.first 11 | end 12 | 13 | 14 | 15 | user "zabbix" do 16 | uid 42 17 | gid "bin" 18 | home "/" 19 | shell "/bin/sh" 20 | end 21 | 22 | 23 | remote_directory "/opt/zabbix" do 24 | source "zabbix" 25 | files_owner "root" 26 | files_group "root" 27 | files_mode '0755' 28 | owner "root" 29 | group "root" 30 | mode '0755' 31 | end 32 | 33 | directory "/opt/zabbix/etc" do 34 | owner "root" 35 | group "root" 36 | mode "0755" 37 | action :create 38 | end 39 | 40 | ### The following is commented out, we may use it in the future, but not yet. 41 | ### Location for UserParameter Add-ons: 42 | #remote_directory "/opt/zabbix/etc/zabbix_agentd" do 43 | # source "zabbix_agentd" 44 | # files_owner "root" 45 | # files_group "root" 46 | # files_mode '0755' 47 | # owner "root" 48 | # group "root" 49 | # mode '0755' 50 | #end 51 | 52 | template "/opt/zabbix/etc/zabbix_agentd.conf" do 53 | source "zabbix_agentd.conf.erb" 54 | variables( 55 | :server_ip => node[:zabbix][:server], 56 | :listen_ip => local_addr, 57 | :external_nic => node[:zabbix][:external_nic] 58 | ) 59 | owner "root" 60 | group "root" 61 | mode '0644' 62 | notifies :restart, "service[zabbix/agent]" 63 | end 64 | 65 | ## Create Zabbix Readable Version of Sysinfo in /tmp 66 | execute "Copy sysinfo for Zabbix" do 67 | command "cp /tmp/.sysinfo.parsable /tmp/.sysinfo.zabbix && chown zabbix /tmp/.sysinfo.zabbix " 68 | creates "/tmp/.sysinfo.zabbix" 69 | only_if "ls -l /tmp/.sysinfo.parsable" 70 | end 71 | 72 | ## Prep the log file: 73 | file "/var/log/zabbix_agentd.log" do 74 | owner "zabbix" 75 | group "bin" 76 | mode '0644' 77 | end 78 | 79 | execute "Zabbix Log Rotation" do 80 | command 'echo "/var/log/zabbix_agentd.log -c -C 3 -s 10m" >> /etc/logadm.conf' 81 | not_if "grep zabbix_agentd /etc/logadm.conf" 82 | end 83 | 84 | ## Import and Start the SMF Manifest 85 | execute "Import SMF Manifest" do 86 | command "svccfg import /opt/zabbix/share/svc/zabbix_agent.xml" 87 | not_if "svcs -H zabbix/agent" 88 | end 89 | 90 | service "zabbix/agent" do 91 | action [ :start, :enable ] 92 | provider Chef::Provider::Service::Solaris 93 | end 94 | -------------------------------------------------------------------------------- /cookbooks/zabbix/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: zabbix 3 | # Recipe:: default 4 | # 5 | # Copyright 2011, Joyent, Inc. 6 | # 7 | # All rights reserved - Do Not Redistribute 8 | # 9 | -------------------------------------------------------------------------------- /cookbooks/zabbix/templates/default/zabbix_agentd.conf.erb: -------------------------------------------------------------------------------- 1 | Server=<%= @server_ip %> 2 | 3 | 4 | ############ GENERAL PARAMETERS ################# 5 | 6 | ### Option: PidFile 7 | # Name of PID file. 8 | # 9 | # Mandatory: no 10 | # Default: 11 | PidFile=/var/tmp/zabbix_agentd.pid 12 | 13 | ### Option: LogFile 14 | # Name of log file. 15 | # If not set, syslog is used. 16 | # 17 | # Mandatory: no 18 | # Default: 19 | # LogFile= 20 | 21 | LogFile=/var/log/zabbix_agentd.log 22 | 23 | ### Option: LogFileSize 24 | # Maximum size of log file in MB. 25 | # 0 - disable automatic log rotation. 26 | # 27 | # Mandatory: no 28 | # Range: 0-1024 29 | # Default: 30 | LogFileSize=30 31 | 32 | ### Option: DebugLevel 33 | # Specifies debug level 34 | # 0 - no debug 35 | # 1 - critical information 36 | # 2 - error information 37 | # 3 - warnings 38 | # 4 - for debugging (produces lots of information) 39 | # 40 | # Mandatory: no 41 | # Range: 0-4 42 | # Default: 43 | # DebugLevel=3 44 | 45 | ### Option: SourceIP 46 | # Source IP address for outgoing connections. 47 | # 48 | # Mandatory: no 49 | # Default: 50 | # SourceIP= 51 | 52 | ### Option: EnableRemoteCommands 53 | # Whether remote commands from Zabbix server are allowed. 54 | # 0 - not allowed 55 | # 1 - allowed 56 | # 57 | # Mandatory: no 58 | # Default: 59 | # EnableRemoteCommands=0 60 | 61 | ### Option: LogRemoteCommands 62 | # Enable logging of executed shell commands as warnings 63 | # 0 - disabled 64 | # 1 - enabled 65 | # 66 | # Mandatory: no 67 | # Default: 68 | # LogRemoteCommands=0 69 | 70 | ##### Passive checks related 71 | 72 | ### Option: Server 73 | # List of comma delimited IP addresses (or hostnames) of Zabbix servers. 74 | # No spaces allowed. First entry is used for receiving list of and sending active checks. 75 | # Note that hostnames must resolve hostname->IP address and IP address->hostname. 76 | # If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally. 77 | # 78 | # Mandatory: yes 79 | # Default: 80 | # Server= 81 | 82 | 83 | ### Option: Hostname 84 | # Unique, case sensitive hostname. 85 | # Required for active checks and must match hostname as configured on the server. 86 | # 87 | # Default: 88 | # Hostname=system.uname 89 | <% if @node[:zabbix][:hostname] then -%> 90 | Hostname=<%= @node[:zabbix][:hostname] %> 91 | <% end -%> 92 | 93 | ### Option: ListenPort 94 | # Agent will listen on this port for connections from the server. 95 | # 96 | # Mandatory: no 97 | # Range: 1024-32767 98 | # Default: 99 | # ListenPort=10050 100 | 101 | ### Option: ListenIP 102 | # Agent will listen on the specified interface. 103 | # 104 | # Mandatory: no 105 | # Default: 106 | ListenIP=<%= @listen_ip %> 107 | 108 | 109 | ### Option: DisablePassive 110 | # Disable passive checks. The agent will not listen on any TCP port. 111 | # Only active checks will be processed. 112 | # 0 - do not disable 113 | # 1 - disable 114 | # 115 | # Mandatory: no 116 | # Default: 117 | # DisablePassive=0 118 | 119 | ##### Active checks related 120 | 121 | ### Option: DisableActive 122 | # Disable active checks. The agent will work in passive mode listening for server. 123 | # 124 | # Mandatory: no 125 | # Default: 126 | DisableActive=0 127 | 128 | #DisableActive=1 129 | 130 | ### Option: ServerPort 131 | # Server port for retrieving list of and sending active checks. 132 | # 133 | # Mandatory: no 134 | # Default: 135 | # ServerPort=10051 136 | 137 | ### Option: RefreshActiveChecks 138 | # How often list of active checks is refreshed, in seconds. 139 | # 140 | # Mandatory: no 141 | # Range: 60-3600 142 | # Default: 143 | RefreshActiveChecks=120 144 | 145 | ### Option: BufferSend 146 | # Do not keep data longer than N seconds in buffer. 147 | # 148 | # Mandatory: no 149 | # Range: 1-3600 150 | # Default: 151 | # BufferSend=5 152 | 153 | ### Option: BufferSize 154 | # Maximum number of values in a memory buffer. The agent will send 155 | # all collected data to Zabbix Server or Proxy if the buffer is full. 156 | # 157 | # Mandatory: no 158 | # Range: 1-65535 159 | # Default: 160 | # BufferSize=100 161 | 162 | ### Option: MaxLinesPerSecond 163 | # Maximum number of new lines the agent will send per second to Zabbix Server 164 | # or Proxy processing 'log' and 'logrt' active checks. 165 | # The provided value will be overridden by the parameter 'maxlines', 166 | # provided in 'log' or 'logrt' item keys. 167 | # 168 | # Mandatory: no 169 | # Range: 1-1000 170 | # Default: 171 | # MaxLinesPerSecond=100 172 | 173 | 174 | ############ ADVANCED PARAMETERS ################# 175 | 176 | ### Option: StartAgents 177 | # Number of pre-forked instances of zabbix_agentd that process passive checks. 178 | # 179 | # Mandatory: no 180 | # Range: 1-16 181 | # Default: 182 | # StartAgents=3 183 | 184 | ### Option: Timeout 185 | # Spend no more than Timeout seconds on processing 186 | # 187 | # Mandatory: no 188 | # Range: 1-30 189 | # Default: 190 | # Timeout=3 191 | 192 | ### Option: Include 193 | # You may include individual files or all files in a directory in the configuration file. 194 | # 195 | # Mandatory: no 196 | # Default: 197 | # Include= 198 | 199 | # Include=/opt/zabbix/etc/zabbix_agent.userparams.conf 200 | # Include=/opt/zabbix/etc/zabbix_agentd/ 201 | 202 | 203 | ####### USER-DEFINED MONITORED PARAMETERS ####### 204 | 205 | ### Option: UnsafeUserParameters 206 | # Allow all characters to be passed in arguments to user-defined parameters. 207 | # 0 - do not allow 208 | # 1 - allow 209 | # 210 | # Mandatory: no 211 | # Range: 0-1 212 | # Default: 213 | # UnsafeUserParameters=0 214 | 215 | ### Option: UserParameter 216 | # User-defined parameter to monitor. There can be several user-defined parameters. 217 | # Format: UserParameter=, 218 | # Note that shell command must not return empty string or EOL only. 219 | # Example: UserParameter=system.test,who|wc -l 220 | 221 | # Dell PERC Checks, Requires "mega_status" 222 | UserParameter=megaraid.online,grep online /tmp/.mega_status|cut -f2 -d" " 223 | UserParameter=megaraid.failed,grep failed /tmp/.mega_status|cut -f2 -d" " 224 | UserParameter=megaraid.rebuilding,grep rebuilding /tmp/.mega_status|cut -f2 -d" " 225 | UserParameter=megaraid.unknown,grep unknown /tmp/.mega_status|cut -f2 -d" " 226 | UserParameter=megaraid.prefail,grep predictive /tmp/.mega_status|cut -f2 -d" " 227 | 228 | # Flexible User Parameters, for grabbing arbitrary values and state on datasets, services, and zones 229 | UserParameter=zfs.dataset[*],/usr/sbin/zfs get -Hp -o value -p $2 $1 230 | UserParameter=smf.status[*],/usr/bin/svcs -Ho state $1 231 | UserParameter=zones.state[*],/usr/sbin/zoneadm -z $1 list -p | cut -f3 -d":" 232 | 233 | # Zone Data Parameters 234 | UserParameter=zones.count.total,/usr/sbin/zoneadm list -c | grep -v global | wc -l 235 | UserParameter=zones.count.running,/usr/sbin/zoneadm list | grep -v global | wc -l 236 | UserParameter=zones.running,/usr/sbin/zoneadm list -c | grep -v global 237 | UserParameter=zones.configured,/usr/sbin/zoneadm list -c | grep -v global 238 | 239 | # ZFS 240 | UserParameter=zfs.arc.size,/usr/bin/kstat -p zfs:0:arcstats:size | cut -f2 241 | 242 | # IPMI System 243 | UserParameter=platform.power.usage,/usr/sbin/ipmitool -I bmc sensor list | grep -i watt | awk '{print $4}' 244 | UserParameter=platform.temp.amb,/usr/sbin/ipmitool -I bmc sensor list | grep Ambient | head -1 | awk '{print $4}' 245 | UserParameter=platform.sel,/usr/sbin/ipmitool -I bmc sel list 246 | 247 | # Network 248 | UserParameter=nic.external.link,/usr/sbin/dladm show-link -po state <%= @external_nic %> 249 | 250 | # MegaCLI check for CacheFlushInterval reporting 251 | UserParameter=megaraid.cacheflush,/opt/custom/bin/MegaCli -AdpGetProp CacheFlushInterval -aALL|sed -n 's/.*Interval = \([^s]\).*/\1/p' 252 | 253 | # ZFS IO throttle health 254 | UserParameter=zfs.throttle.d_s,/usr/bin/vfsstat -Z -r|grep -v zone|cut -d, -f11|nawk '{ sum += $1 } END { print sum }' 255 | UserParameter=zfs.throttle.del_t,/usr/bin/vfsstat -Z -r|grep -v zone|cut -d, -f12|nawk '{ sum += $1 } END { print sum }' 256 | -------------------------------------------------------------------------------- /knife_bootstrap/README.md: -------------------------------------------------------------------------------- 1 | SmartOS Knife Bootstrap Scripts 2 | =============================== 3 | 4 | Here are two different bootstrap scripts which allow Chef's Knife utility to bootstrap a SmartOS Global Zone for use with Hosted Chef ("The Opscode Platform"). 5 | 6 | * _smartos-gz-fat.erb_: Installs and configures Chef using a pre-compiled binary distribution of Chef known as the Joyent Ops "Fat Client". If you want the fastest setup with minimal footprint, this is the way to go. 7 | * _smartos-gz-pkgsrc.erb_: Installs a full PKG-SRC environment, then installs Ruby and dependancies, then installs Chef as a Gem. If you want a full development environment and the latest version of Chef/Ohai, choose this option. 8 | 9 | How to Use 10 | ---------- 11 | 12 | Create a ~/.chef/bootstrap directory if it doesn't already exist, and copy the script(s) into that directory. 13 | 14 | Each bootstrap script is known as a "distribution", so simply pass the name of the file (minus extension) to 'knife bootstrap -d script'. Example: 15 | 16 | 
17 | # knife bootstrap 1.2.3.4 -d smartos-gz-pkgsrc -r "initial_run_list,..."
18 |
19 | 20 | 21 | Some Notes About the Installation 22 | --------------------------------- 23 | 24 | The most important point to keep in mind is that these are intended specifically for the SmartOS *Global Zone*. Because /etc is non-persistant in SmartOS GZ's, we use /var/chef instead, which is not neccisary in SmartOS NGZ's (aka: Zones). 25 | 26 | When the node is bootstrapped, Chef will be run once with whatever cook books you specify in the first time run list (we recommend running the "smartos" cookbook first). If that run is successful the chef-client SMF service will start the client in daemon mode. 27 | -------------------------------------------------------------------------------- /knife_bootstrap/smartos-gz-fat.erb: -------------------------------------------------------------------------------- 1 | # Chef Custom Bootstrap for SmartOS (GZ) Using Joyent Ops Fat Client 2 | # 3 | bash -c ' 4 | <%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%> 5 | 6 | if [ ! -f /opt/chef/bin/chef-client ]; then 7 | cd /tmp && /usr/bin/curl -Os http://8.12.35.49/smartos/Chef-fatclient-SmartOS-10.14.2.tar.bz2 8 | cd / && /usr/bin/gtar xfj /tmp/Chef-fatclient-SmartOS-10.14.2.tar.bz2 9 | cp /usr/bin/gtar /opt/chef/bin/tar 10 | 11 | fi 12 | 13 | mkdir -p /var/chef /opt/custom/smf 2>/dev/null 14 | 15 | ## Copy in the Validation Key 16 | ( 17 | cat <<'EOP' 18 | <%= validation_key %> 19 | EOP 20 | ) > /tmp/validation.pem 21 | /usr/xpg4/bin/awk NF /tmp/validation.pem > /var/chef/validation.pem 22 | rm /tmp/validation.pem 23 | 24 | 25 | ## Copy in Data Bag Secret 26 | <% if @chef_config[:encrypted_data_bag_secret] -%> 27 | ( 28 | cat <<'EOP' 29 | <%= encrypted_data_bag_secret %> 30 | EOP 31 | ) > /tmp/encrypted_data_bag_secret 32 | /usr/xpg4/bin/awk NF /tmp/encrypted_data_bag_secret > /var/chef/encrypted_data_bag_secret 33 | rm /tmp/encrypted_data_bag_secret 34 | <% end -%> 35 | 36 | 37 | ## Copy in Client Configuration 38 | ( 39 | cat <<'EOP' 40 | validation_key "/var/chef/validation.pem" 41 | client_key "/var/chef/client.pem" 42 | <%= config_content %> 43 | EOP 44 | ) > /var/chef/client.rb 45 | 46 | 47 | ## Copy in Initial Run List 48 | ( 49 | cat <<'EOP' 50 | <%= { "run_list" => @run_list }.to_json %> 51 | EOP 52 | ) > /var/chef/first-boot.json 53 | 54 | ## Copy in the SMF XML 55 | ( 56 | cat <<'EOX' 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 97 | 98 | 99 | EOX 100 | ) > /opt/custom/smf/chef-client.xml 101 | 102 | ## Process first run, if successful enable the chef-client in daemon mode. 103 | /opt/chef/bin/chef-client --config /var/chef/client.rb -j /var/chef/first-boot.json && \ 104 | /usr/sbin/svccfg import /opt/custom/smf/chef-client.xml' 105 | -------------------------------------------------------------------------------- /knife_bootstrap/smartos-gz-pkgsrc.erb: -------------------------------------------------------------------------------- 1 | # Chef Custom Bootstrap for SmartOS (GZ) Using PKG-SRC and Ruby Gems 2 | # 3 | bash -c ' 4 | <%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%> 5 | 6 | ## Install PKG-SRC if not present 7 | if [ ! -d /opt/local ]; then 8 | cd / 9 | curl -sk http://pkgsrc.joyent.com/sdc6/2012Q1/x86_64/bootstrap.tar.gz | gzcat | tar -xf - 10 | /opt/local/sbin/pkg_admin rebuild 11 | /opt/local/bin/pkgin -y up 12 | fi 13 | 14 | # Install Ruby & Gems 15 | /opt/local/bin/pkgin -y install gcc47 gcc47-runtime scmgit-base gmake ruby193-base ruby193-yajl-ruby ruby193-nokogiri ruby193-readline pkg-config 16 | /opt/local/bin/gem193 install --no-ri --no-rdoc ohai 17 | /opt/local/bin/gem193 install --no-ri --no-rdoc chef <%= bootstrap_version_string %> 18 | 19 | 20 | mkdir -p /var/chef /opt/custom/smf 2>/dev/null 21 | 22 | ## Copy in the Validation Key 23 | ( 24 | cat <<'EOP' 25 | <%= validation_key %> 26 | EOP 27 | ) > /tmp/validation.pem 28 | /usr/xpg4/bin/awk NF /tmp/validation.pem > /var/chef/validation.pem 29 | rm /tmp/validation.pem 30 | 31 | 32 | ## Copy in Data Bag Secret 33 | <% if @chef_config[:encrypted_data_bag_secret] -%> 34 | ( 35 | cat <<'EOP' 36 | <%= encrypted_data_bag_secret %> 37 | EOP 38 | ) > /tmp/encrypted_data_bag_secret 39 | /usr/xpg4/bin/awk NF /tmp/encrypted_data_bag_secret > /var/chef/encrypted_data_bag_secret 40 | rm /tmp/encrypted_data_bag_secret 41 | <% end -%> 42 | 43 | 44 | ## Copy in Client Configuration 45 | ( 46 | cat <<'EOP' 47 | validation_key "/var/chef/validation.pem" 48 | client_key "/var/chef/client.pem" 49 | <%= config_content %> 50 | EOP 51 | ) > /var/chef/client.rb 52 | 53 | 54 | ## Copy in Initial Run List 55 | ( 56 | cat <<'EOP' 57 | <%= { "run_list" => @run_list }.to_json %> 58 | EOP 59 | ) > /var/chef/first-boot.json 60 | 61 | 62 | ## Copy in the SMF XML 63 | ( 64 | cat <<'EOX' 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 105 | 106 | 107 | EOX 108 | ) > /opt/custom/smf/chef-client-pkgsrc.xml 109 | 110 | ## Process first run, if successful enable the chef-client in daemon mode. 111 | /opt/local/bin/chef-client --config /var/chef/client.rb -j /var/chef/first-boot.json && \ 112 | /usr/sbin/svccfg import /opt/custom/smf/chef-client-pkgsrc.xml' 113 | -------------------------------------------------------------------------------- /nodes/smartos.json: -------------------------------------------------------------------------------- 1 | { 2 | "recipes": [ "smartos", "bart" ] 3 | } 4 | -------------------------------------------------------------------------------- /scripts/bootstrap-smartos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Chef Solo Bootstrap for SmartOS GZ 3 | # See: http://wiki.smartos.org/display/DOC/Using+Chef 4 | # EXAMPLE USE: curl -s http://8.12.35.49/smartos/bootstrap-smartos.sh | bash 5 | 6 | if [[ -f /opt/custom/smf/chef-solo.xml && -f /var/chef/solo.rb ]]; then 7 | echo "WARNING: Chef Solo already installed and configured. Sleeping for 30s. Ctl-C to abort." 8 | sleep 30 9 | fi 10 | 11 | # Download and install Chef Fat Client 12 | cd /tmp && /usr/bin/curl -Os http://8.12.35.49/smartos/Chef-fatclient-SmartOS-10.14.2.tar.bz2 13 | cd / && gtar xfj /tmp/Chef-fatclient-SmartOS-10.14.2.tar.bz2 14 | cp /usr/bin/gtar /opt/chef/bin/tar 15 | mkdir -p /opt/custom/smf /var/chef 16 | 17 | # Create Chef Solo Configuration 18 | cat >/var/chef/solo.rb <>/var/chef/solo.rb 30 | fi 31 | 32 | # Install and Import SMF Service for Chef Solo 33 | cd /opt/custom/smf && /usr/bin/curl -Os http://8.12.35.49/smartos/chef-solo.xml 34 | svccfg import /opt/custom/smf/chef-solo.xml 35 | 36 | if svcs chef-solo >/dev/null; then 37 | echo "Installation complete. Chef Solo SMF Service State: `/usr/bin/svcs -Ho state chef-solo`" 38 | fi 39 | -------------------------------------------------------------------------------- /smf/chef-solo-omnibus.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /smf/chef-solo.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 45 | 46 | 47 | --------------------------------------------------------------------------------