├── .gitignore ├── chefignore ├── environments ├── README.md ├── instantiate.sh ├── allinone.json.template └── onerack.json.template ├── roles ├── os-worker-combined.json ├── logged.json ├── audited.json ├── infra-messaging.json ├── os-allinone.json ├── infra-caching.json ├── openstack-dashboard.json ├── infra-db-all.json ├── openstack-volume-api.json ├── infra-db-volume.json ├── openstack-image.json ├── infra-db-dashboard.json ├── infra-db-identity.json ├── openstack-identity.json ├── openstack-volume-scheduler.json ├── openstack-image-api.json ├── openstack-identity-api.json ├── infra-db-image.json ├── openstack-image-registry.json ├── openstack-identity-admin-api.json ├── openstack-volume-worker.json ├── infra-db-openstack.json ├── openstack-volume-worker-lvm.json ├── openstack-volume.json ├── openstack-compute-api.json ├── openstack-compute-cert.json ├── openstack-compute-vncproxy.json ├── openstack-compute-conductor.json ├── openstack-compute-scheduler.json ├── openstack-compute-api-ec2.json ├── openstack-compute-api-native.json ├── openstack-compute-network.json ├── openstack-compute-api-metadata.json ├── booted.json ├── openstack-compute-worker-multihost.json ├── infra-db-compute.json ├── openstack-compute-api-volume.json ├── infra-logging.json ├── os-compute-all.json ├── system-tools.json ├── os-all-but-compute.json ├── openstack-compute-worker.json ├── os-production-mode.json ├── os-controller-combined.json ├── openstack-base.json ├── base.json ├── os-dev-mode.json └── README.md ├── certificates └── README.md ├── config └── rake.rb ├── data_bags └── README.md ├── Rakefile ├── cookbooks └── README.md ├── README.md ├── .gitmodules └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | .rake_test_cache 2 | .chef 3 | -------------------------------------------------------------------------------- /chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file. 2 | # Lines that start with '# ' are comments. 3 | 4 | # emacs 5 | *~ 6 | 7 | # vim 8 | *.sw[a-z] 9 | 10 | # subversion 11 | */.svn/* 12 | -------------------------------------------------------------------------------- /environments/README.md: -------------------------------------------------------------------------------- 1 | Requires Chef 0.10.0+. 2 | 3 | This directory is for Ruby DSL and JSON files for environments. For more information see the Chef wiki page: 4 | 5 | http://wiki.opscode.com/display/chef/Environments 6 | -------------------------------------------------------------------------------- /environments/instantiate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # instantiate template 3 | # usage: ./instantiate.sh prefix style 4 | # e.g. ./instantiate.sh aio1 allinone 5 | set -o nounset 6 | set -e 7 | PREFIX=$1 8 | STYLE=$2 9 | sed s/\$\{PREFIX\}/${PREFIX}/ $STYLE.json.template > ${PREFIX}.json 10 | -------------------------------------------------------------------------------- /roles/os-worker-combined.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-worker-combined", 3 | "json_class": "Chef::Role", 4 | "env_run_lists": { 5 | }, 6 | "run_list": [ 7 | "role[base]", 8 | "role[openstack-compute-worker-multihost]", 9 | "role[openstack-volume-worker-lvm]" 10 | ], 11 | "description": "A role for the (compute+volume) worker node in onerack.", 12 | "chef_type": "role" 13 | } 14 | -------------------------------------------------------------------------------- /roles/logged.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "logged", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "recipe[rsyslog::client]" 10 | ], 11 | "description": "A collection a recipes that any node that has services logged in some way will have.", 12 | "chef_type": "role", 13 | "override_attributes": { 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /roles/audited.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "audited", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "recipe[acct]", 10 | "recipe[tcpspy]" 11 | ], 12 | "description": "A collection a recipes that any node that is audited in some way will have.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/infra-messaging.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-messaging", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[infra-messaging]" 11 | ], 12 | "description": "A role that exposes a RabbitMQ message queue server.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/os-allinone.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-allinone", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[os-all-but-compute]", 10 | "role[os-compute-all]" 11 | ], 12 | "description": "A role that the single node in all-in-one setup will have.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/infra-caching.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-caching", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[memcached]" 11 | ], 12 | "description": "A collection of recipes that configures caching on nodes in an environment.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/openstack-dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-dashboard", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "recipe[horizon::server]" 12 | ], 13 | "description": "A role that exposes the OpenStack Dashboard.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/infra-db-all.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-all", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[infra-db-openstack]", 10 | "role[infra-db-identity]" 11 | ], 12 | "description": "A collection of recipes that sets up all databases used in an OpenStack environment.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/openstack-volume-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-volume-api", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "recipe[cinder::api]" 12 | ], 13 | "description": "A role that exposes the OpenStack Volume API service.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/infra-db-volume.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-volume", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[mysql::server]", 11 | "recipe[cinder::db]" 12 | ], 13 | "description": "A collection of recipes that sets an OpenStack Volume database cluster.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/openstack-image.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-image", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[openstack-image-registry]", 10 | "role[openstack-image-api]" 11 | ], 12 | "description": "A role that exposes both the OpenStack Image (Glance) Registry Service and API.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/infra-db-dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-dashboard", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[mysql::server]", 11 | "recipe[horizon::db]" 12 | ], 13 | "description": "A collection of recipes that sets an OpenStack Dashboard database cluster.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/infra-db-identity.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-identity", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[mysql::server]", 11 | "recipe[keystone::db]" 12 | ], 13 | "description": "A collection of recipes that sets an OpenStack Identity database cluster.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/openstack-identity.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-identity", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[openstack-identity-api]", 10 | "role[openstack-identity-admin-api]" 11 | ], 12 | "description": "A role that exposes both the OpenStack Identity (Keystone) Service and Admin API.", 13 | "chef_type": "role", 14 | "override_attributes": { 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /roles/openstack-volume-scheduler.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-volume-scheduler", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "recipe[cinder::scheduler]" 12 | ], 13 | "description": "A role that exposes the OpenStack Volume scheduler service.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/openstack-image-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-image-api", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "role[infra-caching]", 12 | "recipe[glance::api]" 13 | ], 14 | "description": "A role that exposes the OpenStack Image (Glance) Service API.", 15 | "chef_type": "role", 16 | "override_attributes": { 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /roles/openstack-identity-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-identity-api", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "role[infra-caching]", 12 | "recipe[keystone::server]" 13 | ], 14 | "description": "A role that exposes the OpenStack Identity (Keystone) Service API.", 15 | "chef_type": "role", 16 | "override_attributes": { 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /roles/infra-db-image.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-image", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[mysql::server]", 11 | "recipe[glance::db]" 12 | ], 13 | "description": "A collection of recipes that sets up glance database used in an OpenStack availability zone.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | "mysql": { 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /roles/openstack-image-registry.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-image-registry", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "role[infra-caching]", 12 | "recipe[glance::registry]" 13 | ], 14 | "description": "A role that exposes the OpenStack Image (Glance) Registry Service.", 15 | "chef_type": "role", 16 | "override_attributes": { 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /roles/openstack-identity-admin-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-identity-admin-api", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "role[infra-caching]", 12 | "recipe[keystone::server]" 13 | ], 14 | "description": "A role that exposes the OpenStack Identity (Keystone) Admin API.", 15 | "chef_type": "role", 16 | "override_attributes": { 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /roles/openstack-volume-worker.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-volume-worker", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "recipe[cinder::volume]" 12 | ], 13 | "description": "A role that exposes the OpenStack Volume service. This role assumes that block device setup has already been done on the node.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/infra-db-openstack.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-openstack", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[infra-db-compute]", 10 | "role[infra-db-image]", 11 | "role[infra-db-volume]", 12 | "role[infra-db-dashboard]" 13 | ], 14 | "description": "A collection of recipes that sets up all databases used in an OpenStack availability zone except for Identity.", 15 | "chef_type": "role", 16 | "override_attributes": { 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /roles/openstack-volume-worker-lvm.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-volume-worker-lvm", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "recipe[block-device::lvm]", 12 | "recipe[cinder::volume]" 13 | ], 14 | "description": "A role that exposes the OpenStack Volume service and configures a volume group using an LVM recipe.", 15 | "chef_type": "role", 16 | "override_attributes": { 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /roles/openstack-volume.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-volume", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "recipe[cinder::api]", 12 | "recipe[cinder::scheduler]", 13 | "recipe[cinder::volume]" 14 | ], 15 | "description": "An aggregate role that exposes the OpenStack Volume API, Scheduler and worker service.", 16 | "chef_type": "role", 17 | "override_attributes": { 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /roles/openstack-compute-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-api", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[openstack-compute-api-native]", 13 | "role[openstack-compute-api-ec2]" 14 | ], 15 | "description": "A role that exposes all of the OpenStack Compute REST APIs.", 16 | "chef_type": "role", 17 | "override_attributes": { 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /roles/openstack-compute-cert.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-cert", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "recipe[nova::nova-cert]" 15 | ], 16 | "description": "A role that exposes the OpenStack Compute Cert service.", 17 | "chef_type": "role", 18 | "override_attributes": { 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /roles/openstack-compute-vncproxy.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-vncproxy", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "recipe[nova::vncproxy]" 15 | ], 16 | "description": "A role that exposes the OpenStack Compute VNC Proxy Service", 17 | "chef_type": "role", 18 | "override_attributes": { 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /roles/openstack-compute-conductor.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-conductor", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "recipe[nova::conductor]" 15 | ], 16 | "description": "A role that exposes the OpenStack Compute Conductor service.", 17 | "chef_type": "role", 18 | "override_attributes": { 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /roles/openstack-compute-scheduler.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-scheduler", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "recipe[nova::scheduler]" 15 | ], 16 | "description": "A role that exposes the OpenStack Compute Scheduler service.", 17 | "chef_type": "role", 18 | "override_attributes": { 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /roles/openstack-compute-api-ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-api-ec2", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "role[infra-caching]", 15 | "recipe[nova::api-ec2]" 16 | ], 17 | "description": "A role that exposes the OpenStack Compute EC2 REST API.", 18 | "chef_type": "role", 19 | "override_attributes": { 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /roles/openstack-compute-api-native.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-api-native", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "role[openstack-base]", 11 | "role[infra-caching]", 12 | "recipe[nova::nova-setup]", // Runs the initial Nova database and network setups 13 | "recipe[nova::api-os-compute]" 14 | ], 15 | "description": "A role that exposes the OpenStack Compute Native REST API.", 16 | "chef_type": "role", 17 | "override_attributes": { 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /roles/openstack-compute-network.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-network", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "recipe[nova::network]" 15 | ], 16 | "description": "A role that exposes the OpenStack Compute Network service. (Incompatible with the Quantum Service).", 17 | "chef_type": "role", 18 | "override_attributes": { 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /roles/openstack-compute-api-metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-api-metadata", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api" 6 | } 7 | }, 8 | "json_class": "Chef::Role", 9 | "env_run_lists": { 10 | }, 11 | "run_list": [ 12 | "role[base]", 13 | "role[openstack-base]", 14 | "role[infra-caching]", 15 | "recipe[nova::api-metadata]" 16 | ], 17 | "description": "A role that exposes the OpenStack Compute Metadata REST API.", 18 | "chef_type": "role", 19 | "override_attributes": { 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /roles/booted.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "booted", 3 | "default_attributes": { 4 | "chef_client": { 5 | "init_style": "none", 6 | "cron": { 7 | "minute": "*/10", 8 | "hour": "*" 9 | } 10 | } 11 | }, 12 | "json_class": "Chef::Role", 13 | "env_run_lists": { 14 | }, 15 | "run_list": [ 16 | "recipe[ohai]", 17 | "recipe[apt]", 18 | "recipe[chef-client::cron]" 19 | ], 20 | "description": "An interim state that ALL nodes are initially checked into, before they are assigned their proper role.", 21 | "chef_type": "role", 22 | "override_attributes": { 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /roles/openstack-compute-worker-multihost.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-worker-multihost", 3 | "default_attributes": { 4 | "nova": { 5 | "network": { 6 | "multi_host": true 7 | } 8 | } 9 | }, 10 | "json_class": "Chef::Role", 11 | "env_run_lists": { 12 | }, 13 | "run_list": [ 14 | "role[openstack-compute-api-metadata]", 15 | "role[openstack-compute-worker]", 16 | "role[openstack-compute-network]" 17 | ], 18 | "description": "A role that spins up a KVM Compute worker that works in multi_host mode.", 19 | "chef_type": "role", 20 | "override_attributes": { 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /roles/infra-db-compute.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-db-compute", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[base]", 10 | "recipe[mysql::server]", 11 | "recipe[nova::db]" 12 | ], 13 | "description": "A collection of recipes that sets up Nova database used in an OpenStack availability zone.", 14 | "chef_type": "role", 15 | "override_attributes": { 16 | "mysql": { 17 | "tunable": { 18 | "character-set-server": "latin1", // nova db sync handles upgrade to utf8 19 | "collation-server": "latin1_general_ci" 20 | } 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /roles/openstack-compute-api-volume.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-api-volume", 3 | "default_attributes": { 4 | "nova": { 5 | "keystone_service_chef_role": "openstack-identity-api", 6 | "libvirt": { 7 | "type": "kvm" 8 | } 9 | } 10 | }, 11 | "json_class": "Chef::Role", 12 | "env_run_lists": { 13 | }, 14 | "run_list": [ 15 | "role[base]", 16 | "role[openstack-base]", 17 | "role[infra-caching]", 18 | "recipe[nova::api-os-volume]" 19 | ], 20 | "description": "A role that exposes the OpenStack Compute Volume API service. (Incompatible with the Cinder API service).", 21 | "chef_type": "role", 22 | "override_attributes": { 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /roles/infra-logging.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infra-logging", 3 | "default_attributes": { 4 | "rsyslog": { 5 | "log_dir": "/var/log/remote", 6 | "priv_seperation": false, 7 | "user": "root" 8 | } 9 | }, 10 | "json_class": "Chef::Role", 11 | "env_run_lists": { 12 | }, 13 | "run_list": [ 14 | "recipe[rsyslog::server]", //this has to be before base because role[base] requires role[logged], 15 | //which requires rsyslog::client, which requires rsyslog::server. 16 | "role[base]" 17 | ], 18 | "description": "A collection of recipes that collects syslog events from nodes in an environment.", 19 | "chef_type": "role", 20 | "override_attributes": { 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /roles/os-compute-all.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-compute-all", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "role[openstack-compute-api]", 10 | "role[openstack-compute-api-metadata]", 11 | "role[openstack-compute-scheduler]", 12 | "recipe[nova::keystone_registration]", 13 | //"role[openstack-compute-conductor]", 14 | "role[openstack-compute-cert]", 15 | "role[openstack-compute-vncproxy]", 16 | "role[openstack-compute-network]", 17 | "role[openstack-compute-worker]" 18 | ], 19 | "description": "A role that sets up all nova components.", 20 | "chef_type": "role", 21 | "override_attributes": { 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /roles/system-tools.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "system-tools", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "recipe[curl]", 10 | "recipe[dstat]", 11 | "recipe[ethtool]", 12 | "recipe[iotop]", 13 | "recipe[iperf]", 14 | "recipe[git]", 15 | "recipe[ltrace]", 16 | "recipe[mtr]", 17 | "recipe[rsync]", 18 | "recipe[screen]", 19 | "recipe[smem]", 20 | "recipe[socat]", 21 | "recipe[tree]", 22 | "recipe[sysctl]", 23 | "recipe[vim]", 24 | "recipe[tmux]" 25 | ], 26 | "description": "A collection of recipes that installs system administration tools.", 27 | "chef_type": "role", 28 | "override_attributes": { 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /roles/os-all-but-compute.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-all-but-compute", 3 | "json_class": "Chef::Role", 4 | "env_run_lists": { 5 | }, 6 | "run_list": [ 7 | "role[base]", 8 | "role[infra-logging]", 9 | "role[infra-messaging]", 10 | "role[infra-db-all]", 11 | "role[openstack-identity]", 12 | "recipe[keystone::registration]", 13 | "recipe[glance::keystone_registration]", 14 | "role[openstack-image]", 15 | "recipe[cinder::keystone_registration]", 16 | "role[openstack-volume-api]", 17 | "role[openstack-volume-scheduler]", 18 | "role[openstack-volume-worker]", 19 | "role[openstack-dashboard]" 20 | ], 21 | "description": "A role for the node in novatrunk with everything but nova.", 22 | "chef_type": "role" 23 | } 24 | -------------------------------------------------------------------------------- /roles/openstack-compute-worker.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-compute-worker", 3 | "default_attributes": { 4 | "create-swap": { 5 | "swap-size": 1 6 | }, 7 | "sysctl": { 8 | "net": { 9 | "ipv4": { 10 | "ip_forward": 1 11 | } 12 | } 13 | }, 14 | "nova": { 15 | "keystone_service_chef_role": "openstack-identity-api", 16 | "libvirt": { 17 | "type": "kvm" 18 | } 19 | } 20 | }, 21 | "json_class": "Chef::Role", 22 | "env_run_lists": { 23 | }, 24 | "run_list": [ 25 | "role[base]", 26 | "role[openstack-base]", 27 | "recipe[swap]", 28 | "recipe[nova::compute]" 29 | ], 30 | "description": "A role that spins up a KVM Compute worker.", 31 | "chef_type": "role", 32 | "override_attributes": { 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /certificates/README.md: -------------------------------------------------------------------------------- 1 | Creating SSL certificates is a common task done in web application infrastructures, so a rake task is provided to generate certificates. These certificates are stored here by the ssl_cert task. 2 | 3 | Configure the values used in the SSL certificate by modifying `config/rake.rb`. 4 | 5 | To generate a certificate set for a new monitoring server, for example: 6 | 7 | rake ssl_cert FQDN=monitoring.example.com 8 | 9 | Once the certificates are generated, copy them into the cookbook(s) where you want to use them. 10 | 11 | cp certificates/monitoring.example.com.* cookbooks/COOKBOOK/files/default 12 | 13 | In the recipe for that cookbook, create a `cookbook_file` resource to configure a resource that puts them in place on the destination server. 14 | 15 | cookbook_file '/etc/apache2/ssl/monitoring.example.com.pem' 16 | owner 'root' 17 | group 'root' 18 | mode 0600 19 | end 20 | -------------------------------------------------------------------------------- /roles/os-production-mode.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-production-mode", 3 | "description": "A role for Production OpenStack environment (the opposite of developer mode)", 4 | "json_class": "Chef::Role", 5 | "default_attributes": { 6 | }, 7 | "override_attributes": { 8 | "glance": { 9 | "debug": false, 10 | "verbose": false 11 | }, 12 | "cinder": { 13 | "debug": false, 14 | "verbose": false 15 | }, 16 | "horizon": { 17 | "debug": false 18 | }, 19 | "nova": { 20 | "debug": false, 21 | "verbose": false 22 | }, 23 | "openstack": { 24 | "auth": { 25 | "strategy": "token" 26 | }, 27 | "secret": { 28 | "key_path": "/etc/chef/encrypted_data_bag_secret" 29 | }, 30 | "developer_mode": false 31 | } 32 | }, 33 | "chef_type": "role", 34 | "run_list": [ 35 | 36 | ], 37 | "env_run_lists": { 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /roles/os-controller-combined.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-controller-combined", 3 | "json_class": "Chef::Role", 4 | "env_run_lists": { 5 | }, 6 | "run_list": [ 7 | "role[base]", 8 | "role[infra-logging]", 9 | "role[infra-messaging]", 10 | "role[infra-db-all]", 11 | "role[openstack-identity]", 12 | "recipe[keystone::registration]", 13 | "recipe[glance::keystone_registration]", 14 | "role[openstack-image]", 15 | "recipe[nova::keystone_registration]", 16 | "role[openstack-compute-api]", 17 | "role[openstack-compute-scheduler]", 18 | //"role[openstack-compute-conductor]", 19 | "role[openstack-compute-cert]", 20 | "role[openstack-compute-vncproxy]", 21 | "recipe[cinder::keystone_registration]", 22 | "role[openstack-volume-api]", 23 | "role[openstack-volume-scheduler]", 24 | "role[openstack-dashboard]" 25 | ], 26 | "description": "A role for the identity/compute/image/volume controller node.", 27 | "chef_type": "role" 28 | } 29 | -------------------------------------------------------------------------------- /roles/openstack-base.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openstack-base", 3 | "default_attributes": { 4 | }, 5 | "json_class": "Chef::Role", 6 | "env_run_lists": { 7 | }, 8 | "run_list": [ 9 | "recipe[openstack-common]" 10 | ], 11 | "description": "A base role applied to all openstack nodes.", 12 | "chef_type": "role", 13 | "override_attributes": { 14 | "glance": { 15 | "rabbit_server_chef_role": "infra-messaging", 16 | "keystone_service_chef_role": "openstack-identity" 17 | }, 18 | "cinder": { 19 | "rabbit_server_chef_role": "infra-messaging", 20 | "keystone_service_chef_role": "openstack-identity", 21 | "glance_api_chef_role": "openstack-image-api" 22 | }, 23 | "horizon": { 24 | "keystone_service_chef_role": "openstack-identity", 25 | "keystone_default_role": "member" 26 | }, 27 | //"rsyslog": { 28 | // "server_search": "role:infra-logging" 29 | //}, 30 | "nova": { 31 | "rabbit_server_chef_role": "infra-messaging", 32 | "keystone_service_chef_role": "openstack-identity" 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /config/rake.rb: -------------------------------------------------------------------------------- 1 | # Configure the Rakefile's tasks. 2 | 3 | ### 4 | # Company and SSL Details 5 | # Used with the ssl_cert task. 6 | ### 7 | 8 | # The company name - used for SSL certificates, and in srvious other places 9 | COMPANY_NAME = "Example Com" 10 | 11 | # The Country Name to use for SSL Certificates 12 | SSL_COUNTRY_NAME = "US" 13 | 14 | # The State Name to use for SSL Certificates 15 | SSL_STATE_NAME = "Several" 16 | 17 | # The Locality Name for SSL - typically, the city 18 | SSL_LOCALITY_NAME = "Locality" 19 | 20 | # What department? 21 | SSL_ORGANIZATIONAL_UNIT_NAME = "Operations" 22 | 23 | # The SSL contact email address 24 | SSL_EMAIL_ADDRESS = "ops@example.com" 25 | 26 | # License for new Cookbooks 27 | # Can be :apachev2 or :none 28 | NEW_COOKBOOK_LICENSE = :apachev2 29 | 30 | ### 31 | # Useful Extras (which you probably don't need to change) 32 | ### 33 | 34 | # The top of the repository checkout 35 | TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), "..")) 36 | 37 | # Where to store certificates generated with ssl_cert 38 | CADIR = File.expand_path(File.join(TOPDIR, "certificates")) 39 | -------------------------------------------------------------------------------- /data_bags/README.md: -------------------------------------------------------------------------------- 1 | Data Bags 2 | --------- 3 | 4 | This directory contains directories of the various data bags you create for your infrastructure. Each subdirectory corresponds to a data bag on the Chef Server, and contains JSON files of the items that go in the bag. 5 | 6 | First, create a directory for the data bag. 7 | 8 | mkdir data_bags/BAG 9 | 10 | Then create the JSON files for items that will go into that bag. 11 | 12 | $EDITOR data_bags/BAG/ITEM.json 13 | 14 | The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM". For example, 15 | 16 | { 17 | "id": "foo" 18 | } 19 | 20 | Next, create the data bag on the Chef Server. 21 | 22 | knife data bag create BAG 23 | 24 | Then upload the items in the data bag's directory to the Chef Server. 25 | 26 | knife data bag from file BAG ITEM.json 27 | 28 | 29 | Encrypted Data Bags 30 | ------------------- 31 | 32 | Added in Chef 0.10, encrypted data bags allow you to encrypt the contents of your data bags. The content of attributes will no longer be searchable. To use encrypted data bags, first you must have or create a secret key. 33 | 34 | openssl rand -base64 512 > secret_key 35 | 36 | You may use this secret_key to add items to a data bag during a create. 37 | 38 | knife data bag create --secret-file secret_key passwords mysql 39 | 40 | You may also use it when adding ITEMs from files, 41 | 42 | knife data bag create passwords 43 | knife data bag from file passwords data_bags/passwords/mysql.json --secret-file secret_key 44 | 45 | The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM" and the contents will be encrypted when uploaded. For example, 46 | 47 | { 48 | "id": "mysql", 49 | "password": "abc123" 50 | } 51 | 52 | Without the secret_key, the contents are encrypted. 53 | 54 | knife data bag show passwords mysql 55 | id: mysql 56 | password: 2I0XUUve1TXEojEyeGsjhw== 57 | 58 | Use the secret_key to view the contents. 59 | 60 | knife data bag show passwords mysql --secret-file secret_key 61 | id: mysql 62 | password: abc123 63 | 64 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # 2 | # Rakefile for Chef Server Repository 3 | # 4 | # Author:: Adam Jacob () 5 | # Copyright:: Copyright (c) 2008 Opscode, Inc. 6 | # License:: Apache License, Version 2.0 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | # 20 | 21 | require 'rubygems' 22 | require 'chef' 23 | require 'json' 24 | 25 | # Load constants from rake config file. 26 | require File.join(File.dirname(__FILE__), 'config', 'rake') 27 | 28 | # Detect the version control system and assign to $vcs. Used by the update 29 | # task in chef_repo.rake (below). The install task calls update, so this 30 | # is run whenever the repo is installed. 31 | # 32 | # Comment out these lines to skip the update. 33 | 34 | if File.directory?(File.join(TOPDIR, ".svn")) 35 | $vcs = :svn 36 | elsif File.directory?(File.join(TOPDIR, ".git")) 37 | $vcs = :git 38 | end 39 | 40 | # Load common, useful tasks from Chef. 41 | # rake -T to see the tasks this loads. 42 | 43 | load 'chef/tasks/chef_repo.rake' 44 | 45 | desc "Bundle a single cookbook for distribution" 46 | task :bundle_cookbook => [ :metadata ] 47 | task :bundle_cookbook, :cookbook do |t, args| 48 | tarball_name = "#{args.cookbook}.tar.gz" 49 | temp_dir = File.join(Dir.tmpdir, "chef-upload-cookbooks") 50 | temp_cookbook_dir = File.join(temp_dir, args.cookbook) 51 | tarball_dir = File.join(TOPDIR, "pkgs") 52 | FileUtils.mkdir_p(tarball_dir) 53 | FileUtils.mkdir(temp_dir) 54 | FileUtils.mkdir(temp_cookbook_dir) 55 | 56 | child_folders = [ "cookbooks/#{args.cookbook}", "site-cookbooks/#{args.cookbook}" ] 57 | child_folders.each do |folder| 58 | file_path = File.join(TOPDIR, folder, ".") 59 | FileUtils.cp_r(file_path, temp_cookbook_dir) if File.directory?(file_path) 60 | end 61 | 62 | system("tar", "-C", temp_dir, "-cvzf", File.join(tarball_dir, tarball_name), "./#{args.cookbook}") 63 | 64 | FileUtils.rm_rf temp_dir 65 | end 66 | -------------------------------------------------------------------------------- /roles/base.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "base", 3 | "default_attributes": { 4 | "motd-tail": { 5 | "additional_text": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nThis system is restricted solely to the authorized users for legitimate\nbusiness purposes only. The actual or attempted unauthorized access,\nuse, or modification of this system is strictly prohibited. Unauthorized\nusers are subject to criminal and civil penalties under state, federal, \nor other applicable domestic and foreign laws. The use of this system may be\nmonitored and recorded for administrative and security reasons. Anyone\naccessing this system expressly consents to such monitoring and is\nadvised that if monitoring reveals possible evidence of criminal\nactivity, The provider may provide the evidence of such activity to law\nenforcement officials.\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" 6 | }, 7 | "authorization": { 8 | "sudo": { 9 | "groups": [ 10 | "sysadmin" 11 | ], 12 | "agent_forwarding": true, 13 | "include_sudoers_d": true, 14 | "passwordless": true 15 | } 16 | }, 17 | "openssh": { 18 | "server": { 19 | "password_authentication": "no", 20 | "permit_root_login": "no", 21 | "print_motd": "no" 22 | }, 23 | "client": { 24 | "forward_agent": "yes" 25 | } 26 | }, 27 | "chef_client": { 28 | "init_style": "none", 29 | "cron": { 30 | "minute": "*/30", 31 | "hour": "*", 32 | "log_file": "/tmp/chef-client.out" 33 | } 34 | } 35 | }, 36 | "json_class": "Chef::Role", 37 | "env_run_lists": { 38 | }, 39 | "run_list": [ 40 | "recipe[ntp]", 41 | "recipe[apt]", 42 | "recipe[ohai]", 43 | //"recipe[bash]", 44 | "recipe[chef-client::delete_validation]", 45 | "recipe[chef-client::cron]", 46 | //"recipe[users::sysadmins]", 47 | "recipe[openssh]", 48 | "recipe[sudo]", 49 | "recipe[motd-tail]", 50 | "role[system-tools]", 51 | //"role[graphed]", 52 | "role[logged]" 53 | //"role[audited]", 54 | //"role[monitored]" 55 | ], 56 | "description": "A collection of recipes that ALL nodes in the OpenStack cluster will have. Every non-base role includes this role in its run list.", 57 | "chef_type": "role", 58 | "override_attributes": { 59 | "ntp": { 60 | "servers": [ 61 | "0.pool.ntp.org", 62 | "1.pool.ntp.org", 63 | "2.pool.ntp.org", 64 | "12.129.64.150", 65 | "63.240.192.73", 66 | "63.240.129.148", 67 | "12.130.97.150", 68 | "63.241.193.69", 69 | "206.19.225.150", 70 | "12.129.192.149", 71 | "206.19.185.150", 72 | "63.240.1.42" 73 | ] 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /roles/os-dev-mode.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "os-dev-mode", 3 | "description": "A role for developer friendly OpenStack environment", 4 | "json_class": "Chef::Role", 5 | "default_attributes": { 6 | }, 7 | "override_attributes": { 8 | "glance": { 9 | "image_upload": true, 10 | "images": [ 11 | "cirros", 12 | "precise", 13 | "centos" 14 | ], 15 | "debug": true, 16 | "verbose": true 17 | }, 18 | "cinder": { 19 | "api": { 20 | "ratelimit": "False" 21 | }, 22 | "debug": true, 23 | "verbose": true 24 | }, 25 | "horizon": { 26 | "debug": true 27 | }, 28 | "nova": { 29 | "ratelimit": { // Disable ratelimiting so Tempest doesn't have issues. 30 | "api": { 31 | "enabled": false 32 | }, 33 | "volume": { 34 | "enabled": false 35 | } 36 | }, 37 | "debug": true, 38 | "verbose": true 39 | }, 40 | "keystone": { 41 | "bind_interface": "", //listen on 0.0.0.0 42 | "debug": true, 43 | "verbose": true, 44 | "roles": [ 45 | "admin", 46 | "keystone_admin", 47 | "keystone_service_admin", 48 | "member", 49 | "netadmin", 50 | "sysadmin" 51 | ], 52 | "tenants": [ 53 | "admin", 54 | "service", 55 | "demo" 56 | ], 57 | "admin_user": "admin", 58 | "users": { 59 | "admin": { 60 | "password": "admin", 61 | "default_tenant": "admin", 62 | "roles": { // Each key is the role name, each value is a list of tenants 63 | "admin": [ 64 | "admin" 65 | ], 66 | "keystone_admin": [ 67 | "admin" 68 | ], 69 | "keystone_service_admin": [ 70 | "admin" 71 | ] 72 | } 73 | }, 74 | "demo": { 75 | "password": "demo", 76 | "default_tenant": "demo", 77 | "roles": { // Each key is the role name, each value is a list of tenants 78 | "sysadmin": [ 79 | "demo" 80 | ], 81 | "netadmin": [ 82 | "demo" 83 | ], 84 | "member": [ 85 | "demo" 86 | ] 87 | } 88 | } 89 | } 90 | }, 91 | "rabbitmq": { 92 | "cluster": false 93 | }, 94 | "openstack": { 95 | "auth": { 96 | "strategy": "token" 97 | }, 98 | "secret": { 99 | "key_path": "/etc/chef/encrypted_data_bag_secret" 100 | }, 101 | "developer_mode": true 102 | } 103 | }, 104 | "chef_type": "role", 105 | "run_list": [ 106 | 107 | ], 108 | "env_run_lists": { 109 | } 110 | } 111 | -------------------------------------------------------------------------------- /cookbooks/README.md: -------------------------------------------------------------------------------- 1 | This directory contains the cookbooks used to configure systems in your infrastructure with Chef. 2 | 3 | Knife needs to be configured to know where the cookbooks are located with the `cookbook_path` setting. If this is not set, then several cookbook operations will fail to work properly. 4 | 5 | cookbook_path ["./cookbooks"] 6 | 7 | This setting tells knife to look for the cookbooks directory in the present working directory. This means the knife cookbook subcommands need to be run in the `chef-repo` directory itself. To make sure that the cookbooks can be found elsewhere inside the repository, use an absolute path. This is a Ruby file, so something like the following can be used: 8 | 9 | current_dir = File.dirname(__FILE__) 10 | cookbook_path ["#{current_dir}/../cookbooks"] 11 | 12 | Which will set `current_dir` to the location of the knife.rb file itself (e.g. `~/chef-repo/.chef/knife.rb`). 13 | 14 | Configure knife to use your preferred copyright holder, email contact and license. Add the following lines to `.chef/knife.rb`. 15 | 16 | cookbook_copyright "Example, Com." 17 | cookbook_email "cookbooks@example.com" 18 | cookbook_license "apachev2" 19 | 20 | Supported values for `cookbook_license` are "apachev2", "mit","gplv2","gplv3", or "none". These settings are used to prefill comments in the default recipe, and the corresponding values in the metadata.rb. You are free to change the the comments in those files. 21 | 22 | Create new cookbooks in this directory with Knife. 23 | 24 | knife cookbook create COOKBOOK 25 | 26 | This will create all the cookbook directory components. You don't need to use them all, and can delete the ones you don't need. It also creates a README file, metadata.rb and default recipe. 27 | 28 | You can also download cookbooks directly from the Opscode Cookbook Site. There are two subcommands to help with this depending on what your preference is. 29 | 30 | The first and recommended method is to use a vendor branch if you're using Git. This is automatically handled with Knife. 31 | 32 | knife cookbook site install COOKBOOK 33 | 34 | This will: 35 | 36 | * Download the cookbook tarball from cookbooks.opscode.com. 37 | * Ensure its on the git master branch. 38 | * Checks for an existing vendor branch, and creates if it doesn't. 39 | * Checks out the vendor branch (chef-vendor-COOKBOOK). 40 | * Removes the existing (old) version. 41 | * Untars the cookbook tarball it downloaded in the first step. 42 | * Adds the cookbook files to the git index and commits. 43 | * Creates a tag for the version downloaded. 44 | * Checks out the master branch again. 45 | * Merges the cookbook into master. 46 | * Repeats the above for all the cookbooks dependencies, downloading them from the community site 47 | 48 | The last step will ensure that any local changes or modifications you have made to the cookbook are preserved, so you can keep your changes through upstream updates. 49 | 50 | If you're not using Git, use the site download subcommand to download the tarball. 51 | 52 | knife cookbook site download COOKBOOK 53 | 54 | This creates the COOKBOOK.tar.gz from in the current directory (e.g., `~/chef-repo`). We recommend following a workflow similar to the above for your version control tool. 55 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Overview 2 | ======== 3 | 4 | Every Chef installation needs a Chef Repository. This is the place where cookbooks, roles, config files and other artifacts for managing systems with Chef will live. We strongly recommend storing this repository in a version control system such as Git and treat it like source code. 5 | 6 | While we prefer Git, and make this repository available via GitHub, you are welcome to download a tar or zip archive and use your favorite version control system to manage the code. 7 | 8 | Repository Directories 9 | ====================== 10 | 11 | This repository contains several directories, and each directory contains a README file that describes what it is for in greater detail, and how to use it for managing your systems with Chef. 12 | 13 | * `certificates/` - SSL certificates generated by `rake ssl_cert` live here. 14 | * `config/` - Contains the Rake configuration file, `rake.rb`. 15 | * `cookbooks/` - Cookbooks you download or create. 16 | * `data_bags/` - Store data bags and items in .json in the repository. 17 | * `roles/` - Store roles in .rb or .json in the repository. 18 | 19 | Rake Tasks 20 | ========== 21 | 22 | The repository contains a `Rakefile` that includes tasks that are installed with the Chef libraries. To view the tasks available with in the repository with a brief description, run `rake -T`. 23 | 24 | The default task (`default`) is run when executing `rake` with no arguments. It will call the task `test_cookbooks`. 25 | 26 | The following tasks are not directly replaced by knife sub-commands. 27 | 28 | * `bundle_cookbook[cookbook]` - Creates cookbook tarballs in the `pkgs/` dir. 29 | * `install` - Calls `update`, `roles` and `upload_cookbooks` Rake tasks. 30 | * `ssl_cert` - Create self-signed SSL certificates in `certificates/` dir. 31 | * `update` - Update the repository from source control server, understands git and svn. 32 | 33 | The following tasks duplicate functionality from knife and may be removed in a future version of Chef. 34 | 35 | * `metadata` - replaced by `knife cookbook metadata -a`. 36 | * `new_cookbook` - replaced by `knife cookbook create`. 37 | * `role[role_name]` - replaced by `knife role from file`. 38 | * `roles` - iterates over the roles and uploads with `knife role from file`. 39 | * `test_cookbooks` - replaced by `knife cookbook test -a`. 40 | * `test_cookbook[cookbook]` - replaced by `knife cookbook test COOKBOOK`. 41 | * `upload_cookbooks` - replaced by `knife cookbook upload -a`. 42 | * `upload_cookbook[cookbook]` - replaced by `knife cookbook upload COOKBOOK`. 43 | 44 | Configuration 45 | ============= 46 | 47 | The repository uses two configuration files. 48 | 49 | * config/rake.rb 50 | * .chef/knife.rb 51 | 52 | The first, `config/rake.rb` configures the Rakefile in two sections. 53 | 54 | * Constants used in the `ssl_cert` task for creating the certificates. 55 | * Constants that set the directory locations used in various tasks. 56 | 57 | If you use the `ssl_cert` task, change the values in the `config/rake.rb` file appropriately. These values were also used in the `new_cookbook` task, but that task is replaced by the `knife cookbook create` command which can be configured below. 58 | 59 | The second config file, `.chef/knife.rb` is a repository specific configuration file for knife. If you're using the Opscode Platform, you can download one for your organization from the management console. If you're using the Open Source Chef Server, you can generate a new one with `knife configure`. For more information about configuring Knife, see the Knife documentation. 60 | 61 | http://help.opscode.com/faqs/chefbasics/knife 62 | 63 | Next Steps 64 | ========== 65 | 66 | Read the README file in each of the subdirectories for more information about what goes in those directories. 67 | -------------------------------------------------------------------------------- /roles/README.md: -------------------------------------------------------------------------------- 1 | # Roles used in an OpenStack deployment 2 | 3 | We structure the roles used in the deployment into neat, 4 | easily encapsulated building blocks. Service nodes will 5 | take on one or more roles in the deployment, and having 6 | role definitions simple and combinable makes it easy to 7 | identify what purpose a node serves in the cluster by simply 8 | looking at the roles the node lists. 9 | 10 | ## Base roles 11 | 12 | There are a set of role definitions that serve as building 13 | blocks for other roles: 14 | 15 | * base.json 16 | 17 | A collection of recipes that ALL nodes in the OpenStack cluster 18 | will have. Every non-base role includes this role in its run list. 19 | 20 | * booted.json 21 | 22 | An interim state that ALL nodes are initially checked into, before 23 | they are assigned their proper role. 24 | 25 | In this role it is safe to perform tasks which require a reboot, such 26 | as configuring grub with SOL, udev changes, static IP pivoting, etc... 27 | 28 | * graphed.json 29 | 30 | A collection of recipes that any node that is graphed will 31 | have. 32 | 33 | * logged.json 34 | 35 | A collection a recipes that any node that has services logged 36 | in some way will have. 37 | 38 | * system-tools 39 | 40 | A collection of recipes that installs system administration tools. 41 | 42 | ## Worker roles 43 | 44 | There are a set of role definitions that control what services 45 | run on a service node. 46 | 47 | * openstack-base.json 48 | 49 | A base role applied to all openstack nodes. 50 | 51 | * openstack-dashboard.json 52 | 53 | Sets up the Horizon OpenStack dashboard. 54 | 55 | * openstack-identity-api.json 56 | 57 | Sets up the OpenStack Identity API service (commonly called 58 | Keystone). 59 | 60 | * openstack-identity-admin-api.json 61 | 62 | Sets up the OpenStack Identity Admin API service. 63 | 64 | * openstack-compute-api-native.json 65 | 66 | Sets up and runs the native OpenStack Compute API service. 67 | 68 | * openstack-compute-api-ec2.json 69 | 70 | Sets up the EC2 compatible API service. 71 | 72 | * openstack-compute-api-ec2-metadata.json 73 | 74 | Sets up the EC2 Metadata API service on the node. 75 | 76 | * openstack-compute-worker.json 77 | 78 | Sets up the OpenStack Compute worker service (nova-compute). 79 | 80 | * openstack-compute-scheduler.json 81 | 82 | Sets up the OpenStack Compute scheduler service. 83 | 84 | * openstack-compute-network.json 85 | 86 | Sets up the Nova OpenStack network service - incompatible 87 | with the openstack-network-api role, which represents the 88 | newer Quantum OpenStack Network API service. 89 | 90 | * openstack-compute-cert.json 91 | 92 | Sets up the OpenStack Compute cert service. 93 | 94 | * openstack-compute-vncproxy.json 95 | 96 | Sets up the OpenStack Compute (No)VNC Proxy service. 97 | 98 | * openstack-image-api.json 99 | 100 | Sets up the OpenStack Image API service (commonly called 101 | Glance). 102 | 103 | * openstack-image-registry-api.json 104 | 105 | Sets up the OpenStack Image Registry service. 106 | 107 | * openstack-network-api.json 108 | 109 | Sets up the Quantum OpenStack Network API service. 110 | 111 | * openstack-volume-api.json 112 | 113 | Sets up the OpenStack Volume API service (commonly called 114 | Cinder). 115 | 116 | * openstack-volume-scheduler.json 117 | 118 | Sets up the OpenStack Volume scheduler service. 119 | 120 | * openstack-volume-worker.json 121 | 122 | Sets up the OpenStack Volume worker service (cinder-volume). 123 | 124 | ## Aggregate roles 125 | 126 | These roles are composed of more granular roles: 127 | 128 | * openstack-compute-worker-multihost.json 129 | 130 | Sets up the OpenStack Compute worker service (nova-compute) in `multi_host` 131 | networking mode, which requires the nova-network and nova-metadata-api 132 | services to run on the same host, therefore this role composes: 133 | 134 | * openstack-compute-api-metadata.json 135 | * openstack-compute-worker.json 136 | * openstack-compute-network.json 137 | -------------------------------------------------------------------------------- /environments/allinone.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "name": "${PREFIX}", 3 | "description": "All-in-one OpenStack environment.", 4 | "cookbook_versions": { 5 | }, 6 | "json_class": "Chef::Environment", 7 | "chef_type": "environment", 8 | "default_attributes": { 9 | }, 10 | "override_attributes": { 11 | "openvswitch": { 12 | "hub_name": "${PREFIX}-gateway", 13 | "vxlan_bridge_ids": [1, 2, 3], 14 | "netmask" : "255.255.255.0", 15 | "addresses" : { 16 | "${PREFIX}-gateway" : ["10.251.0.1", "10.252.0.1", "172.31.0.1"], 17 | "${PREFIX}-chefserver" : ["10.251.0.2", "10.252.0.2", "172.31.0.2"], 18 | "${PREFIX}-controller" : ["10.251.0.3", "10.252.0.3", "172.31.0.3"], 19 | "${PREFIX}-worker1" : ["10.251.0.4", "10.252.0.4", "172.31.0.4"], 20 | "${PREFIX}-worker2" : ["10.251.0.5", "10.252.0.5", "172.31.0.5"], 21 | "${PREFIX}-worker3" : ["10.251.0.6", "10.252.0.6", "172.31.0.6"], 22 | "${PREFIX}-worker4" : ["10.251.0.7", "10.252.0.7", "172.31.0.7"], 23 | "${PREFIX}-worker5" : ["10.251.0.8", "10.252.0.8", "172.31.0.8"] 24 | } 25 | }, 26 | "rsyslog": { 27 | "server_ip": "${PREFIX}-allinone" 28 | }, 29 | "openstack": { 30 | "release": "folsom", 31 | "endpoints": { 32 | "compute-api": { 33 | "uri": "http://${PREFIX}-allinone:8774/v2/%(tenant_id)s" 34 | }, 35 | "compute-ec2-admin": { 36 | "uri": "http://${PREFIX}-allinone:8773/services/Admin" 37 | }, 38 | "compute-ec2-api": { 39 | "uri": "http://${PREFIX}-allinone:8773/services/Cloud" 40 | }, 41 | "compute-xvpvnc": { 42 | "uri": "http://${PREFIX}-allinone:6081/console" 43 | }, 44 | "compute-novnc": { 45 | "uri": "http://${PREFIX}-allinone:6080/vnc_auto.html" 46 | }, 47 | "image-api": { 48 | "uri": "http://${PREFIX}-allinone:9292/v1" 49 | }, 50 | "image-registry": { 51 | "uri": "http://${PREFIX}-allinone:9191/v1/" 52 | }, 53 | "identity-api": { 54 | "uri": "http://${PREFIX}-allinone:5000/v2.0/" 55 | }, 56 | "identity-admin": { 57 | "uri": "http://${PREFIX}-allinone:35357/v2.0/" 58 | }, 59 | "volume-api": { 60 | "uri": "http://${PREFIX}-allinone:8776/v1/%(tenant_id)s" 61 | } 62 | }, 63 | "db": { 64 | "compute": { 65 | "host": "${PREFIX}-allinone" 66 | }, 67 | "identity": { 68 | "host": "${PREFIX}-allinone" 69 | }, 70 | "image": { 71 | "host": "${PREFIX}-allinone" 72 | }, 73 | "volume": { 74 | "host": "${PREFIX}-allinone" 75 | }, 76 | "dashboard": { 77 | "host": "${PREFIX}-allinone" 78 | } 79 | } 80 | }, 81 | "queue": { 82 | "host": "${PREFIX}-allinone", 83 | "port": "5672" 84 | }, 85 | "nova": { 86 | "region": "${PREFIX}", 87 | "apply_novnc_patch": false, 88 | "dhcp_domain": "${PREFIX}", 89 | "libvirt": { 90 | "virt_type": "kvm", 91 | "bind_interface": "eth0" 92 | }, 93 | "novnc_proxy": { 94 | "bind_interface": "eth0" 95 | }, 96 | "config": { 97 | "availability_zone": "zone0", 98 | "default_schedule_zone": "zone0", 99 | "storage_availability_zone": "zone0" 100 | }, 101 | "networks": [ 102 | { 103 | "label": "private", 104 | "ipv4_cidr": "10.252.0.0/24", 105 | "bridge": "br100" 106 | } 107 | ], 108 | "network": { 109 | "flat_interface": "eth0", 110 | "network_manager": "nova.network.manager.FlatDHCPManager", 111 | "fixed_range": "10.252.0.0/24", 112 | "public_interface": "br100" 113 | } 114 | }, 115 | "glance": { 116 | "region": "${PREFIX}" 117 | }, 118 | "keystone": { 119 | "region": "${PREFIX}", 120 | "bind_interface": "eth0" 121 | }, 122 | "cinder": { 123 | "region": "${PREFIX}" 124 | } 125 | } 126 | } 127 | -------------------------------------------------------------------------------- /environments/onerack.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "name": "${PREFIX}", 3 | "description": "Single controller OpenStack environment.", 4 | "cookbook_versions": { 5 | }, 6 | "json_class": "Chef::Environment", 7 | "chef_type": "environment", 8 | "default_attributes": { 9 | }, 10 | "override_attributes": { 11 | "openvswitch": { 12 | "hub_name": "${PREFIX}-gateway", 13 | "sdn_controller_name": "${PREFIX}-controller", 14 | "vxlan_bridge_ids": [1, 2, 3], 15 | "netmask" : "255.255.255.0", 16 | "addresses" : { 17 | // eth2 address 0.0.0.0 because Nova network handles 18 | // 10.252.0.x/24 address allocation for iVMs and will set 19 | // corresponding routing table rules on rVMs 20 | // 21 | // eth3 address 172.31.0.x/24 instead of 10.253.0.x/24 simply 22 | // because it "looks like" public address 23 | "${PREFIX}-gateway" : ["10.251.0.1", "0.0.0.0", "172.31.0.1"], 24 | "${PREFIX}-chefserver" : ["10.251.0.2", "0.0.0.0", "172.31.0.2"], 25 | "${PREFIX}-controller" : ["10.251.0.3", "0.0.0.0", "172.31.0.3"], 26 | // provides base IPs of workers {$PREFIX}-workerX 27 | "worker" : ["10.251.0.", "0.0.0.", "172.31.0."] 28 | } 29 | }, 30 | "rsyslog": { 31 | "server_ip": "${PREFIX}-controller" 32 | }, 33 | "mysql": { 34 | "bind_address": "0.0.0.0", 35 | "tunable": { 36 | "skip-name-resolve": true 37 | } 38 | }, 39 | "openstack": { 40 | "release": "folsom", 41 | "endpoints": { 42 | "compute-api": { 43 | "uri": "http://${PREFIX}-controller:8774/v2/%(tenant_id)s" 44 | }, 45 | "compute-ec2-admin": { 46 | "uri": "http://${PREFIX}-controller:8773/services/Admin" 47 | }, 48 | "compute-ec2-api": { 49 | "uri": "http://${PREFIX}-controller:8773/services/Cloud" 50 | }, 51 | "compute-xvpvnc": { 52 | "uri": "http://${PREFIX}-controller:6081/console" 53 | }, 54 | "compute-novnc": { 55 | "uri": "http://${PREFIX}-controller:6080/vnc_auto.html" 56 | }, 57 | "image-api": { 58 | "uri": "http://${PREFIX}-controller:9292/v1" 59 | }, 60 | "image-registry": { 61 | "uri": "http://${PREFIX}-controller:9191/v1/" 62 | }, 63 | "identity-api": { 64 | "uri": "http://${PREFIX}-controller:5000/v2.0/" 65 | }, 66 | "identity-admin": { 67 | "uri": "http://${PREFIX}-controller:35357/v2.0/" 68 | }, 69 | "volume-api": { 70 | "uri": "http://${PREFIX}-controller:8776/v1/%(tenant_id)s" 71 | } 72 | }, 73 | "db": { 74 | "compute": { 75 | "host": "${PREFIX}-controller" 76 | }, 77 | "identity": { 78 | "host": "${PREFIX}-controller" 79 | }, 80 | "image": { 81 | "host": "${PREFIX}-controller" 82 | }, 83 | "volume": { 84 | "host": "${PREFIX}-controller" 85 | }, 86 | "dashboard": { 87 | "host": "${PREFIX}-controller" 88 | } 89 | } 90 | }, 91 | "queue": { 92 | "host": "${PREFIX}-controller", 93 | "port": "5672" 94 | }, 95 | "nova": { 96 | "region": "${PREFIX}", 97 | "apply_novnc_patch": false, 98 | "dhcp_domain": "${PREFIX}", 99 | "libvirt": { 100 | "virt_type": "kvm", 101 | "bind_interface": "eth1" 102 | }, 103 | "novnc_proxy": { 104 | "bind_interface": "eth1" 105 | }, 106 | "config": { 107 | "availability_zone": "zone0", 108 | "default_schedule_zone": "zone0", 109 | "storage_availability_zone": "zone0" 110 | }, 111 | "networks": [ 112 | { 113 | "label": "private", 114 | "ipv4_cidr": "10.252.0.0/24", 115 | "bridge": "br100", 116 | "num_networks": "1", 117 | "network_size": "255", 118 | "multi_host": "T" 119 | // if 8.8.4.4 (Nova network default DNS) is blocked in 120 | // your network, need to add dns1 attribute into Nova 121 | // networks attribute, or manually update 122 | // mysql.nova.networks 123 | } 124 | ], 125 | "network": { 126 | "flat_interface": "eth2", 127 | "network_manager": "nova.network.manager.FlatDHCPManager", 128 | "fixed_range": "10.252.0.0/24", 129 | // public_interface use eth0 since only it can forward 130 | // Internet traffic. Change it to eth3 when public network 131 | // and floating IP issues are fixed 132 | "public_interface": "eth0" 133 | } 134 | }, 135 | "glance": { 136 | "region": "${PREFIX}" 137 | }, 138 | "keystone": { 139 | "region": "${PREFIX}", 140 | "bind_interface": "eth1" 141 | }, 142 | "cinder": { 143 | "region": "${PREFIX}" 144 | }, 145 | "block-device": { 146 | "volume_name": "cinder-volumes", 147 | "devices": ["/dev/vdb1"] 148 | } 149 | } 150 | } 151 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "cookbooks/curl"] 2 | path = cookbooks/curl 3 | url = git://github.com/retr0h/cookbook-curl.git 4 | [submodule "cookbooks/dstat"] 5 | path = cookbooks/dstat 6 | url = git://github.com/retr0h/cookbook-dstat.git 7 | [submodule "cookbooks/ethtool"] 8 | path = cookbooks/ethtool 9 | url = git://github.com/retr0h/cookbook-ethtool.git 10 | [submodule "cookbooks/iotop"] 11 | path = cookbooks/iotop 12 | url = git://github.com/retr0h/cookbook-iotop.git 13 | [submodule "cookbooks/iperf"] 14 | path = cookbooks/iperf 15 | url = git://github.com/retr0h/cookbook-iperf.git 16 | [submodule "cookbooks/lldpd"] 17 | path = cookbooks/lldpd 18 | url = git://github.com/retr0h/cookbook-lldpd.git 19 | [submodule "cookbooks/ltrace"] 20 | path = cookbooks/ltrace 21 | url = git://github.com/retr0h/cookbook-ltrace.git 22 | [submodule "cookbooks/mtr"] 23 | path = cookbooks/mtr 24 | url = git://github.com/retr0h/cookbook-mtr.git 25 | [submodule "cookbooks/smem"] 26 | path = cookbooks/smem 27 | url = git://github.com/retr0h/cookbook-smem.git 28 | [submodule "cookbooks/socat"] 29 | path = cookbooks/socat 30 | url = git://github.com/retr0h/cookbook-socat.git 31 | [submodule "cookbooks/tree"] 32 | path = cookbooks/tree 33 | url = git://github.com/retr0h/cookbook-tree.git 34 | [submodule "cookbooks/git"] 35 | path = cookbooks/git 36 | url = git://github.com/opscode-cookbooks/git.git 37 | [submodule "cookbooks/screen"] 38 | path = cookbooks/screen 39 | url = git://github.com/opscode-cookbooks/screen.git 40 | [submodule "cookbooks/rsync"] 41 | path = cookbooks/rsync 42 | url = git://github.com/opscode-cookbooks/rsync.git 43 | [submodule "cookbooks/chef-client"] 44 | path = cookbooks/chef-client 45 | url = git://github.com/opscode-cookbooks/chef-client.git 46 | [submodule "cookbooks/chef_handler"] 47 | path = cookbooks/chef_handler 48 | url = git://github.com/opscode-cookbooks/chef_handler.git 49 | [submodule "cookbooks/users"] 50 | path = cookbooks/users 51 | url = git://github.com/opscode-cookbooks/users.git 52 | [submodule "cookbooks/sudo"] 53 | path = cookbooks/sudo 54 | url = git://github.com/opscode-cookbooks/sudo.git 55 | [submodule "cookbooks/apt"] 56 | path = cookbooks/apt 57 | url = git://github.com/opscode-cookbooks/apt.git 58 | [submodule "cookbooks/runit"] 59 | path = cookbooks/runit 60 | url = git://github.com/opscode-cookbooks/runit.git 61 | [submodule "cookbooks/yum"] 62 | path = cookbooks/yum 63 | url = git://github.com/opscode-cookbooks/yum.git 64 | [submodule "cookbooks/dmg"] 65 | path = cookbooks/dmg 66 | url = git://github.com/opscode-cookbooks/dmg.git 67 | [submodule "cookbooks/apache2"] 68 | path = cookbooks/apache2 69 | url = git://github.com/opscode-cookbooks/apache2.git 70 | [submodule "cookbooks/build-essential"] 71 | path = cookbooks/build-essential 72 | url = git://github.com/opscode-cookbooks/build-essential.git 73 | [submodule "cookbooks/php"] 74 | path = cookbooks/php 75 | url = git://github.com/opscode-cookbooks/php.git 76 | [submodule "cookbooks/nginx"] 77 | path = cookbooks/nginx 78 | url = git://github.com/opscode-cookbooks/nginx.git 79 | [submodule "cookbooks/perl"] 80 | path = cookbooks/perl 81 | url = git://github.com/opscode-cookbooks/perl.git 82 | [submodule "cookbooks/bluepill"] 83 | path = cookbooks/bluepill 84 | url = git://github.com/opscode-cookbooks/bluepill.git 85 | [submodule "cookbooks/xml"] 86 | path = cookbooks/xml 87 | url = git://github.com/opscode-cookbooks/xml.git 88 | [submodule "cookbooks/mysql"] 89 | path = cookbooks/mysql 90 | url = git://github.com/opscode-cookbooks/mysql.git 91 | [submodule "cookbooks/openssl"] 92 | path = cookbooks/openssl 93 | url = git://github.com/opscode-cookbooks/openssl.git 94 | [submodule "cookbooks/rsyslog"] 95 | path = cookbooks/rsyslog 96 | url = git://github.com/opscode-cookbooks/rsyslog.git 97 | [submodule "cookbooks/java"] 98 | path = cookbooks/java 99 | url = git://github.com/opscode-cookbooks/java.git 100 | [submodule "cookbooks/sysctl"] 101 | path = cookbooks/sysctl 102 | url = git://github.com/onehealth-cookbooks/sysctl.git 103 | [submodule "cookbooks/ntp"] 104 | path = cookbooks/ntp 105 | url = git://github.com/opscode-cookbooks/ntp.git 106 | [submodule "cookbooks/openssh"] 107 | path = cookbooks/openssh 108 | url = git://github.com/opscode-cookbooks/openssh.git 109 | [submodule "cookbooks/vim"] 110 | path = cookbooks/vim 111 | url = git://github.com/opscode-cookbooks/vim.git 112 | [submodule "cookbooks/ark"] 113 | path = cookbooks/ark 114 | url = git://github.com/opscode-cookbooks/ark.git 115 | [submodule "cookbooks/parted"] 116 | path = cookbooks/parted 117 | url = git://github.com/retr0h/cookbook-parted.git 118 | [submodule "cookbooks/maven"] 119 | path = cookbooks/maven 120 | url = git://github.com/opscode-cookbooks/maven.git 121 | [submodule "cookbooks/database"] 122 | path = cookbooks/database 123 | url = git://github.com/opscode-cookbooks/database.git 124 | [submodule "cookbooks/aws"] 125 | path = cookbooks/aws 126 | url = git://github.com/opscode-cookbooks/aws.git 127 | [submodule "cookbooks/postgresql"] 128 | path = cookbooks/postgresql 129 | url = git://github.com/opscode-cookbooks/postgresql.git 130 | [submodule "cookbooks/xfs"] 131 | path = cookbooks/xfs 132 | url = git://github.com/opscode-cookbooks/xfs.git 133 | [submodule "cookbooks/keystone"] 134 | path = cookbooks/keystone 135 | url = git://github.com/att-cloud/cookbook-keystone.git 136 | [submodule "cookbooks/glance"] 137 | path = cookbooks/glance 138 | url = git://github.com/att-cloud/cookbook-glance.git 139 | [submodule "cookbooks/horizon"] 140 | path = cookbooks/horizon 141 | url = git://github.com/att-cloud/cookbook-horizon.git 142 | [submodule "cookbooks/nova"] 143 | path = cookbooks/nova 144 | url = git://github.com/maoy/cookbook-nova.git 145 | [submodule "cookbooks/selinux"] 146 | path = cookbooks/selinux 147 | url = git://github.com/opscode-cookbooks/selinux.git 148 | [submodule "cookbooks/erlang"] 149 | path = cookbooks/erlang 150 | url = git://github.com/opscode-cookbooks/erlang.git 151 | [submodule "cookbooks/swap"] 152 | path = cookbooks/swap 153 | url = git://github.com/att-cloud/cookbook-swap.git 154 | [submodule "cookbooks/openstack-common"] 155 | path = cookbooks/openstack-common 156 | url = git://github.com/att-cloud/cookbook-openstack-common.git 157 | [submodule "cookbooks/cinder"] 158 | path = cookbooks/cinder 159 | url = git://github.com/att-cloud/cookbook-cinder.git 160 | [submodule "cookbooks/python"] 161 | path = cookbooks/python 162 | url = git://github.com/opscode-cookbooks/python.git 163 | [submodule "cookbooks/graphite"] 164 | path = cookbooks/graphite 165 | url = git://github.com/att-cloud/cookbook-graphite.git 166 | [submodule "cookbooks/diamond"] 167 | path = cookbooks/diamond 168 | url = git://github.com/att-cloud/cookbook-diamond.git 169 | [submodule "cookbooks/block-device"] 170 | path = cookbooks/block-device 171 | url = git://github.com/att-cloud/cookbook-block-device.git 172 | [submodule "cookbooks/tmux"] 173 | path = cookbooks/tmux 174 | url = git://github.com/opscode-cookbooks/tmux.git 175 | [submodule "cookbooks/nagios"] 176 | path = cookbooks/nagios 177 | url = git://github.com/att-cloud/cookbook-nagios.git 178 | [submodule "cookbooks/failmail"] 179 | path = cookbooks/failmail 180 | url = git://github.com/att-cloud/cookbook-failmail.git 181 | [submodule "cookbooks/bash"] 182 | path = cookbooks/bash 183 | url = git://github.com/att-cloud/cookbook-bash.git 184 | [submodule "cookbooks/memcached"] 185 | path = cookbooks/memcached 186 | url = git://github.com/opscode-cookbooks/memcached.git 187 | [submodule "cookbooks/mongodb"] 188 | path = cookbooks/mongodb 189 | url = git://github.com/edelight/chef-mongodb.git 190 | [submodule "cookbooks/motd-tail"] 191 | path = cookbooks/motd-tail 192 | url = git://github.com/opscode-cookbooks/motd-tail.git 193 | [submodule "cookbooks/acct"] 194 | path = cookbooks/acct 195 | url = git://github.com/retr0h/cookbook-acct.git 196 | [submodule "cookbooks/tcpspy"] 197 | path = cookbooks/tcpspy 198 | url = git://github.com/retr0h/cookbook-tcpspy.git 199 | [submodule "cookbooks/rabbitmq"] 200 | path = cookbooks/rabbitmq 201 | url = git://github.com/att-cloud/cookbook-rabbitmq.git 202 | [submodule "cookbooks/cron"] 203 | path = cookbooks/cron 204 | url = git://github.com/opscode-cookbooks/cron.git 205 | [submodule "cookbooks/kvm"] 206 | path = cookbooks/kvm 207 | url = git://github.com/maoy/cookbook-kvm.git 208 | [submodule "cookbooks/devstack"] 209 | path = cookbooks/devstack 210 | url = git://github.com/att-cloud/cookbook-devstack.git 211 | [submodule "cookbooks/openvswitch"] 212 | path = cookbooks/openvswitch 213 | url = git://github.com/att-cloud/cookbook-openvswitch.git 214 | [submodule "cookbooks/ohai"] 215 | path = cookbooks/ohai 216 | url = git://github.com/maoy/cookbook-ohai-inception.git 217 | [submodule "cookbooks/windows"] 218 | path = cookbooks/windows 219 | url = git://github.com/opscode-cookbooks/windows 220 | [submodule "cookbooks/sysfs"] 221 | path = cookbooks/sysfs 222 | url = git://github.com/Youscribe/sysfs-cookbook.git 223 | [submodule "cookbooks/cpu"] 224 | path = cookbooks/cpu 225 | url = git://github.com/Youscribe/cpu-cookbook.git 226 | [submodule "cookbooks/modules"] 227 | path = cookbooks/modules 228 | url = git://github.com/Youscribe/modules-cookbook.git 229 | [submodule "cookbooks/nginx_simplecgi"] 230 | path = cookbooks/nginx_simplecgi 231 | url = git://github.com/heavywater/chef-nginx_simplecgi.git 232 | [submodule "cookbooks/iptables"] 233 | path = cookbooks/iptables 234 | url = git://github.com/opscode-cookbooks/iptables 235 | [submodule "cookbooks/infra-messaging"] 236 | path = cookbooks/infra-messaging 237 | url = git://github.com/maoy/cookbook-infra-messaging.git 238 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------