├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── Policyfile.rb ├── README.md ├── attributes └── default.rb ├── chefignore ├── files └── nginx.run ├── kitchen.dokken.yml ├── kitchen.vagrant.yml ├── kitchen.yml ├── metadata.rb ├── recipes ├── _accept_license.rb ├── _data_collector.rb ├── _nginx.rb ├── _tuning.rb ├── _workstation.rb ├── backup.rb ├── cron.rb ├── data_bag_loader.rb ├── default.rb ├── legacy_loader.rb ├── maintenance.rb ├── managed_organization.rb ├── policyfile_loader.rb ├── restore.rb └── upgrade.rb ├── resources ├── cookbooks_loader.rb ├── data_bag_loader.rb ├── environments_loader.rb ├── managed_chef_server_backup.rb ├── managed_chef_server_cron.rb ├── managed_chef_server_restore.rb ├── managed_chef_server_upgrade.rb ├── managed_data_bag.rb ├── managed_organization.rb ├── policyfile_loader.rb └── roles_loader.rb ├── templates ├── chef_infra_server.erb ├── config.json.erb └── config.rb.erb └── test ├── chef-server-backup-202002192050.tgz ├── cookbooks ├── chef-client-11.0.3.tar.gz ├── iptables-f22c85827ea7aeb84405a95fb970e90adda48bf0.tgz ├── mattray-e05a337121886cef84c257b2b34afa0ccaa7ec8b.tgz ├── ntp-3.4.0.tar.gz ├── ntp-3.5.0.tar.gz ├── ntp-3.6.0.tar.gz ├── openssh-364454bb9bf013a49f919a66b1234aba8c555380.tgz ├── sudo-5.5.tar.gz └── sudo.tgz ├── data_bags ├── tests │ ├── atest.json │ ├── test1.json │ ├── test10.json │ ├── test100.json │ ├── test11.json │ ├── test12.json │ ├── test13.json │ ├── test14.json │ ├── test15.json │ ├── test16.json │ ├── test17.json │ ├── test18.json │ ├── test19.json │ ├── test2.json │ ├── test20.json │ ├── test21.json │ ├── test22.json │ ├── test23.json │ ├── test24.json │ ├── test25.json │ ├── test26.json │ ├── test27.json │ ├── test28.json │ ├── test29.json │ ├── test3.json │ ├── test30.json │ ├── test31.json │ ├── test32.json │ ├── test33.json │ ├── test34.json │ ├── test35.json │ ├── test36.json │ ├── test37.json │ ├── test38.json │ ├── test39.json │ ├── test4.json │ ├── test40.json │ ├── test41.json │ ├── test42.json │ ├── test43.json │ ├── test44.json │ ├── test45.json │ ├── test46.json │ ├── test47.json │ ├── test48.json │ ├── test49.json │ ├── test5.json │ ├── test50.json │ ├── test51.json │ ├── test52.json │ ├── test53.json │ ├── test54.json │ ├── test55.json │ ├── test56.json │ ├── test57.json │ ├── test58.json │ ├── test59.json │ ├── test6.json │ ├── test60.json │ ├── test61.json │ ├── test62.json │ ├── test63.json │ ├── test64.json │ ├── test65.json │ ├── test66.json │ ├── test67.json │ ├── test68.json │ ├── test69.json │ ├── test7.json │ ├── test70.json │ ├── test71.json │ ├── test72.json │ ├── test73.json │ ├── test74.json │ ├── test75.json │ ├── test76.json │ ├── test77.json │ ├── test78.json │ ├── test79.json │ ├── test8.json │ ├── test80.json │ ├── test81.json │ ├── test82.json │ ├── test83.json │ ├── test84.json │ ├── test85.json │ ├── test86.json │ ├── test87.json │ ├── test88.json │ ├── test89.json │ ├── test9.json │ ├── test90.json │ ├── test91.json │ ├── test92.json │ ├── test93.json │ ├── test94.json │ ├── test95.json │ ├── test96.json │ ├── test97.json │ ├── test98.json │ └── test99.json └── users │ ├── user1.json │ ├── user2.json │ ├── user3.json │ └── user4.json ├── environments ├── essex.rb ├── lab-admin.json ├── lab.json └── vagrant.json ├── integration ├── backup │ └── default_test.rb ├── cron │ └── default_test.rb ├── data_bags │ └── default_test.rb ├── data_collector │ └── default_test.rb ├── default │ └── default_test.rb ├── legacy │ └── default_test.rb ├── policyfiles │ └── default_test.rb ├── restore │ └── default_test.rb ├── test_cookbook │ ├── README.md │ ├── attributes │ │ └── default.rb │ ├── files │ │ ├── inez_bottlebru_sh.crt │ │ └── ndnd_bottlebru_sh.crt │ ├── metadata.rb │ └── recipes │ │ └── default.rb ├── upgrade13 │ └── default_test.rb └── upgrade14 │ └── default_test.rb ├── policyfiles ├── base-53e07f37074575abfe75bbb74032f6cd63fc566ff2b8e655f9a2ddf91a3615a8.tgz ├── base-7427d6677d53d5953ce721e7ff3335acdf4b9f1a81cf5c81cd237088f1198efe.tgz ├── base-bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008.tgz ├── base.lock.json ├── beaglebone-d99228eafe13624df42011864f0506a05ef62b39ce8c6fdb877ba8a56df2bf4a.tgz ├── beaglebone.lock.json ├── macbookpro-2650ccb921e337219fb65e8f9832d54273d5076f094e0e0b463b585a58c5e181.tgz ├── macbookpro-3e28786370e469117c04d08524510ff81c97022f45dc33eee9f6523b04643a0f.tgz └── macbookpro.lock.json └── roles ├── base.rb ├── lab-admin.json ├── lab-base.json └── lab-environment.json /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | *~ 3 | *# 4 | .#* 5 | \#*# 6 | .*.sw[a-z] 7 | *.un~ 8 | *.deb 9 | *.rpm 10 | 11 | # Bundler 12 | Gemfile.lock 13 | gems.locked 14 | bin/* 15 | .bundle/* 16 | 17 | # test kitchen 18 | .kitchen/ 19 | .kitchen.local.yml 20 | policyfiles/*lock.json 21 | 22 | # Chef 23 | Berksfile.lock 24 | .zero-knife.rb 25 | Policyfile.lock.json 26 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # managed_chef_server CHANGELOG 2 | 3 | This file is used to list changes made in each version of the managed_chef_server cookbook. 4 | 5 | # 0.1.0 6 | - Initial release. 7 | - Installation and recovery of Chef server. 8 | - Creation of managed organization and user for managing the server. 9 | - Skeleton of tests. 10 | 11 | # 0.2.0 12 | - cookstyle cleanups 13 | - example policyfiles for testing 14 | - policyfile_loader recipe 15 | 16 | # 0.3.0 17 | - restore from backup works 18 | - Chef 13.8.5 testing 19 | 20 | # 0.3.1 21 | - switch to config.rb from knife.rb 22 | 23 | # 0.4.0 24 | - refactor policyfiles for more straightforward testing 25 | - backup scheduled via cron and attributes 26 | - cron recipe for managing the chef-server with the chef-client under cron, with or without a policyfile archive 27 | 28 | # 0.5.0 29 | - legacy loader for cookbooks, environments, roles 30 | - nginx as non-root (@chrisg-fastlane) 31 | 32 | # 0.6.0 33 | - legacy loader recipe supports Berkshelf 34 | - fix some issues with the restore for the managed user 35 | 36 | # 0.6.1 37 | - legacy loader skip an empty cookbook list 38 | 39 | # 0.6.2 40 | - policyfile_loader now puts policyfiles in a _default policygroup as defined by an attribute. 41 | 42 | # 0.7.0 43 | - data_bag_loader recipe and tests 44 | 45 | # 0.7.1 46 | - [https://github.com/mattray/managed_chef_server-cookbook/issues/11](more retries built in with chef-server-ctl commands) 47 | 48 | # 0.7.2 49 | - [https://github.com/mattray/managed_chef_server-cookbook/issues/7](legacy_loader is now idempotent and validates .rb environments and roles) 50 | 51 | # 0.8.0 52 | - [https://github.com/mattray/managed_chef_server-cookbook/pull/17](added skipping the Chef Server pedant tests) 53 | 54 | # 0.9.0 55 | - Added support for policyfiles to set their policy group by setting the `['mcs']['policyfile']['group']` attribute 56 | 57 | # 0.10.0 58 | - Skip existing policies to speed up loading 59 | - remove chefdk cookbook dependency in favor of directly using chef_ingredient 60 | 61 | # 0.11.0 62 | - Added private performance tuning recipe [_tuning.rb](recipes/_tuning.rb) 63 | 64 | # 0.12.0 65 | - lowered precedence of tuning attributes to default from overkill 66 | - add the admin user to the org if it's missing, not just on a first create 67 | - ensure the data bag directory exists when loading data bags 68 | - [https://github.com/mattray/managed_chef_server-cookbook/pull/22](refactor to use rubyblocks instead of raw ruby in recipes, fixes race conditions) 69 | 70 | # 0.13.0 71 | - minimum Chef version is now 14 72 | - added Chef 15 support for all CLIs 73 | - new kitchen test suites for testing Chef 14 and 15 versions 74 | 75 | # 0.14.0 76 | - new _chefdk.rb private recipe for installing the ChefDK 77 | - refactor new Custom Resources 78 | - managed_organization :create 79 | - chef_server_backup :create 80 | - chef_server_cron :create 81 | - chef_server_restore :run 82 | - cookbooks_loader :load 83 | - data_bag_loader :load 84 | - data_bag :create, :prune, :item_create, :item_prune (all called by the data_bag_loader) 85 | - environments_loader :load 86 | - policyfile_loader :load 87 | - roles_loader :load 88 | - the following attributes were removed to simplify managing multiple organizations 89 | -default['mcs']['managed_user']['dir'] 90 | -default['mcs']['managed_user']['user_name'] 91 | -default['mcs']['managed_user']['first_name'] 92 | -default['mcs']['managed_user']['last_name'] 93 | - the following attributes were added to expand cron coverage 94 | -default['mcs']['backup']['cron']['month'] = '*' 95 | -default['mcs']['backup']['cron']['weekday'] = '*' 96 | -default['mcs']['cron']['month'] = '*' 97 | -default['mcs']['cron']['weekday'] = '*' 98 | - all the loaders now support organizations 99 | 100 | # 0.15.0 101 | - refactored custom resources to not conflict with existing Chef resources (ie. `data_bag`) and renamed them for clarity. 102 | - [include _chefdk.rb in default.rb](https://github.com/mattray/managed_chef_server-cookbook/issues/29) for compatibility with wrapper cookbooks 103 | - [refactored managed_organization out to a separate recipe](https://github.com/mattray/managed_chef_server-cookbook/issues/28) for supporting multiple organizations 104 | - [refactored organization keys to unique names](https://github.com/mattray/managed_chef_server-cookbook/issues/27) 105 | 106 | # 0.15.1 107 | - [updated the condition to validate the existence of data bag item](https://github.com/mattray/managed_chef_server-cookbook/issues/33) 108 | - [updated the condition to validate the existence of data bag](https://github.com/mattray/managed_chef_server-cookbook/issues/33) 109 | 110 | # 0.16.0 111 | - [rename cookbook to managed_chef_server](https://github.com/mattray/managed_chef_server-cookbook/issues/30) 112 | - Accept the Chef Infra Server 13 license if `node['chef-server']['accept_license']` is set 113 | - [Clean up old backup directory recursively](https://github.com/mattray/managed_chef_server-cookbook/issues/35) 114 | 115 | # 0.17.0 116 | - [switched to Chef Workstation from ChefDK](https://github.com/mattray/managed_chef_server-cookbook/issues/38) 117 | - [remove Chef Workstation from chef-client path](https://github.com/mattray/managed_chef_server-cookbook/issues/36) 118 | - refactor default recipe to split install and restores 119 | - rename managed org keys to `-validator.pem` 120 | - backup and restore the managed organization validator pems 121 | - configure data collection with private `_data_collector` recipe 122 | - switch tests over to 'test_org' to make it easier to see in Automate 123 | 124 | # 0.18.0 125 | - dropped Chef 14 support, add Chef 16 support 126 | - [workstation installation is overwriting chef-client symlink with non-existent destination](https://github.com/mattray/managed_chef_server-cookbook/issues/40) 127 | - added sleep while loop to wait for startup completion 128 | - refactored testing policyfiles to be easier to follow 129 | - move license acceptance into a private recipe. 130 | - upgrade recipe 131 | 132 | # 0.18.1 133 | - updated custom resources to account for [breaking Custom Resource change in Chef 16.2](https://discourse.chef.io/t/chef-infra-client-16-2-released/17284) 134 | 135 | # 0.18.2 136 | - [attempt to fix issue with missing directory](https://github.com/mattray/managed_chef_server-cookbook/issues/42) 137 | 138 | # 0.18.3 139 | - sort policyfiles by time to avoid potential race condition 140 | 141 | # 0.18.4 142 | - [make location of the directory containing managed users configurable](https://github.com/mattray/managed_chef_server-cookbook/issues/45) 143 | 144 | # 0.18.5 145 | - specify cookbook source of files and templates for external custom resource usage 146 | 147 | # 0.18.6 148 | - [on restore, copy the validator.pem without subscribing to the user reset](https://github.com/mattray/managed_chef_server-cookbook/issues/47) 149 | 150 | # 0.19.0 151 | - [fix "undefined method `+' for nil:NilClass" on string additions](https://github.com/mattray/managed_chef_server-cookbook/issues/49) 152 | - [uninstall ChefDK in favor of Chef Workstation](https://github.com/mattray/managed_chef_server-cookbook/issues/48) 153 | - expand test coverage for Chef Infra Server 12, 13 and 14. 14 is currently having issues 154 | 155 | # 0.19.1 156 | - move the `syntax_check_cache_path` out of `/etc/opscode/` into the `Chef::Config[:file_cache_path]/syntaxcache` 157 | 158 | # 0.20.0 159 | - Chef Infra Server 14.3.14 support with Chef Infra 15 & 16 and CentOS 8 support 160 | - removed pedant tests because they were flaky for testing and of limited production value 161 | - updated _nginx recipe to support non-root ownership of `/var/opt/opscode/nginx` 162 | 163 | # NEXT 164 | - Chef Infra 17 support (remove Chef Infra 15 support) 165 | - organization attributes 166 | 167 | # Backlog 168 | - Chef 16: clean up end.run_action https://docs.chef.io/release_notes/#compile_time-on-all-resources 169 | - Chef 16: improve property require behavior https://docs.chef.io/release_notes/#improved-property-require-behavior 170 | 171 | ## maintenance recipe 172 | Maintaining the Chef server may involve periodically cleaning up stale nodes and unused policies. This is likely to use `knife-tidy` and various `chef` commands. Scheduling and implementation TBD. 173 | - inspec for configuration checks 174 | inspec exec https://github.com/mattray/inspec-chef-server/tree/rhel --attrs=config.yml 175 | - investigate `chef-server-ctl cleanup` 176 | - knife tidy 177 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Policyfile.rb: -------------------------------------------------------------------------------- 1 | name 'default' 2 | 3 | default_source :supermarket 4 | 5 | cookbook 'managed_chef_server', path: '.' 6 | cookbook 'test_cookbook', path: 'test/integration/test_cookbook/' # just for data_collector /etc/hosts testing 7 | 8 | run_list 'managed_chef_server', 'managed_chef_server::managed_organization' 9 | named_run_list :backup, 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::backup' 10 | named_run_list :cron, 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::cron' 11 | named_run_list :data_collector, 'test_cookbook', 'managed_chef_server', 'managed_chef_server::managed_organization' 12 | named_run_list :data_bags, 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::data_bag_loader' 13 | named_run_list :legacy, 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::legacy_loader' 14 | named_run_list :policyfile, 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::policyfile_loader' 15 | named_run_list :restore, 'managed_chef_server::restore', 'managed_chef_server::managed_organization' 16 | named_run_list :upgrade, 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::upgrade' 17 | named_run_list :everything, 'test_cookbook', 'managed_chef_server', 'managed_chef_server::managed_organization', 'managed_chef_server::data_bag_loader', 'managed_chef_server::legacy_loader', 'managed_chef_server::policyfile_loader', 'managed_chef_server::backup', 'managed_chef_server::upgrade' 18 | 19 | # default settings 20 | default['chef-server']['accept_license'] = true 21 | default['mcs']['managed_user']['email'] = 'test@foo.com' 22 | default['mcs']['org']['name'] = 'test_org' 23 | 24 | # backup testing every 5 minutes 25 | default['mcs']['backup']['cron']['minute'] = '*/5' 26 | default['mcs']['backup']['cron']['hour'] = '*' 27 | 28 | # cron testing 29 | default['mcs']['cron']['minute'] = '*/5' 30 | default['mcs']['cron']['options'] = ['--local-mode', '-F min'] 31 | default['mcs']['cron']['policyfile_archive'] = '/backups/policyfiles/base-53e07f37074575abfe75bbb74032f6cd63fc566ff2b8e655f9a2ddf91a3615a8.tgz' 32 | 33 | # data bag testing 34 | default['mcs']['data_bags']['dir'] = '/backups/data_bags' 35 | default['mcs']['data_bags']['prune'] = true 36 | 37 | # legacy testing 38 | default['mcs']['cookbooks']['dir'] = '/backups/cookbooks' 39 | default['mcs']['environments']['dir'] = '/backups/environments' 40 | default['mcs']['roles']['dir'] = '/backups/roles' 41 | 42 | # policyfile testing 43 | default['mcs']['policyfile']['dir'] = '/backups/policyfiles' 44 | 45 | # restore testing 46 | default['mcs']['restore']['file'] = '/backups/chef-server-backup-202002192050.tgz' 47 | 48 | # package sources, these may be overridden in the kitchen.yml as necessary 49 | # default['chef-server']['package_source'] = '/backups/chef-server-core-13.2.0-1.el7.x86_64.rpm' 50 | # default['chef-workstation']['package_source'] = '/backups/chef-workstation-0.18.3-1.el7.x86_64.rpm' 51 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # managed_chef_server 2 | 3 | Deploys and configures the Chef Infra Server in a relatively stateless model. The included [policyfiles](policyfiles) provide examples of deployment options and the required attributes. You will need to pass 4 | 5 | node['chef-server']['accept_license'] = true 6 | 7 | for Chef Server 13 and 14. 8 | 9 | # Recipes 10 | 11 | ## default ## 12 | 13 | Installs the Chef Infra Server in a new deployment, wrapping the [Chef-Server](https://github.com/chef-cookbooks/chef-server) cookbook. You will need to use the `managed_organization` recipe or provide your own organizations recipe to use the other recipes. If you wish to configure your Chef Infra Server to report to Automate you will need to provide the following attributes like so: 14 | 15 | node['mcs']['data_collector']['token'] = '1234ABCD5678efjkkPmBsihvwXI=' 16 | node['mcs']['data_collector']['root_url'] = 'https://YOURAUTOMATE/data-collector/v0/' 17 | node['mcs']['data_collector']['proxy'] = true 18 | node['mcs']['profiles']['root_url'] = 'https://YOURAUTOMATE' 19 | 20 | ## managed_organization ## 21 | 22 | This creates a managed Chef organization and an org-managing admin user through the appropriate [attributes](attributes/default.rb#24). 23 | 24 | ## restore ## 25 | 26 | Restores the Chef Infra Server in a new deployment, including the `default` recipe. It looks for the existence of a [knife-ec-backup](https://github.com/chef/knife-ec-backup) tarball to restore from, configured with the `node['mcs']['restore']['file']` attribute. If you are using the `managed_organization` recipe it will restore your `/etc/chef/managed/ORG_NAME/ORG_NAME.keys` from the backup. 27 | 28 | ## upgrade ## 29 | 30 | Upgrades the existing Chef Infra Server to a new version with the package provided. The cookbook follows the [Chef Infra Server Standalone Upgrade Documentation](https://docs.chef.io/upgrade_server/#standalone) and will stop the server for the duration of the upgrade and perform the `chef-server-ctl cleanup` at the end. You may provide the appropriate .RPM or .DEB package via the `node['mcs']['upgrade']['package_source']` attribute. 31 | 32 | ## backup ## 33 | 34 | Runs `knife ec backup` via cron and puts the backups in the `node['mcs']['backup']['dir']`. The default is 2:30am daily, but you may change the cron schedule via the following attributes. 35 | 36 | node['mcs']['backup']['cron']['minute'] = '30' 37 | node['mcs']['backup']['cron']['hour'] = '2' 38 | node['mcs']['backup']['cron']['day'] = '*' 39 | node['mcs']['backup']['cron']['month'] = '*' 40 | node['mcs']['backup']['cron']['weekday'] = '*' 41 | 42 | ## cron ## 43 | 44 | Schedules the Chef client to run on the Chef Infra Server via cron against a provided policyfile archive. This may be set to use `--local-mode`, for when the Chef client has no other Chef Infra Server to contact. See the example [policyfiles/cron.rb](policyfiles/cron.rb) and [kitchen.yml](kitchen.yml) for reference. 45 | 46 | ## data_bag_loader ## 47 | 48 | The `node['mcs']['data_bags']['dir']` is compared against the existing data bags on the server and creates and/or updates them as necessary. If the `node['mcs']['data_bags']['prune']` attribute is `true` then the data bags and their items are deleted if they exist on the server but do not have the requisite JSON files. 49 | 50 | ## legacy_loader ## 51 | 52 | Takes the `node['mcs']['cookbooks']['dir']`, `node['mcs']['environments']['dir']` and `node['mcs']['roles']['dir']` directories and loads whatever content is found into the Chef Infra Server organization. If you want to use the same directory for the roles and environments the recipe can distinguish between JSON files. The cookbooks are expected to be tarballs in a directory, they will all be attempted to load via their `Berksfile` or with `knife`. For legacy cookbooks with multiple dependencies it may take multiple runs to load everything. 53 | 54 | ## policyfile_loader ## 55 | 56 | Takes the `node['mcs']['policyfile']['dir']` and parses any `.lock.json` files to determine which policyfile archives to load into the local Chef Infra Server. Policies will be assigned to the group designated by the `node['mcs']['policyfile']['group']` attribute for the Chef Infra Server (`_default` is the default). If the policy itself sets the `node['mcs']['policyfile']['group']` attribute, the policy will be assigned to that group. 57 | 58 | # Attributes 59 | The [default.rb](attributes/default.rb) attributes file documents available settings and tunings. 60 | 61 | # Custom Resources 62 | 63 | Custom resources are used to reduce the complexity of the included recipes. 64 | 65 | ## managed_organization 66 | 67 | The `:create` action will instantiate a Chef Infra Server organization with an internal administrator user. The name properties is the `organization`. The organization's `full_name`, `email`, and `password` are all optional properties. 68 | 69 | ## managed_chef_server_backup 70 | 71 | This resource schedules backups of the Chef Infra Server via cron-style properties (`minute`, `hour`, `day`, `month`, `weekday`). The backups are written to the `directory` and their filenames start with the `prefix`. 72 | 73 | ## managed_chef_server_cron 74 | 75 | This resource requires an `archive` property specifying the policyfile archive to deploy and use for running via `cron`. 76 | 77 | ## managed_chef_server_restore 78 | 79 | This resource requires a `tarball` property specifying the `knife ec backup` tarball to restore from. 80 | 81 | ## cookbook_loader 82 | 83 | This resource runs `berks` or `knife` against the `directory` property specifying the source for the cookbook tarballs to keep in sync with the server. 84 | 85 | ## data_bag_loader 86 | 87 | This resource works off of the `directory` property specifying the source for the data bags to keep in sync with the server. 88 | 89 | ## managed_data_bag 90 | 91 | This has `:create`, `:prune`, `:item_create`, and `:item_prune` for managing the data bags available on the server. This custom resource is called from the `data_bag_loader` resource. 92 | 93 | ## environments_loader 94 | 95 | All of the Ruby or JSON environment files in the `directory` will be loaded onto the Chef Infra Server and updated if they change. 96 | 97 | ## policyfile_loader 98 | 99 | This resource looks for policyfile locks and archives in the `directory` specifying the source, only uploading them if they have been updated. 100 | 101 | ## roles_loader 102 | 103 | All of the Ruby or JSON role files in the `directory` will be loaded onto the Chef Infra Server and updated if they change. 104 | 105 | # Testing 106 | 107 | There is a [kitchen.yml](kitchen.yml) that may be used for testing with Vagrant. The [kitchen.vagrant.yml](kitchen.vagrant.yml) may be symlinked as **kitchen.local.yml** and used with local caches to speed up testing. The following Suites map to separate named run lists in the [Policyfile.rb](Policyfile.rb) that may be repurposed as necessary, with `15*` variants for testing with Chef Infra Client 15 and `-12/13/14` indicating Chef Infra Server tests by version. The `test` directory will need to be populated with downloaded DEB and RPM installers as necessary. 108 | 109 | Testing is primarily on CentOS 7, with `-ubuntu` variants added for the `default`, `restore`, `upgrade`, and `everything` tests. Some Chef 15 Infra client and Chef Infra Server 12 (deprecated) tests have been removed to reduce the number of tested combinations. 110 | 111 | ## 15/16default-12/13/14 112 | 113 | Tests simple installation and creation of the managed Chef user and organization. 114 | 115 | ## 16backup-13/14 116 | 117 | Checks the backup script is in the crontab and backup directories are available. Chef Infra Client 15 and Chef Infra Server 12 removed for efficiency. 118 | 119 | ## 16cron-13/14 120 | 121 | Checks the chef-client is in the crontab. Chef Infra Client 15 and Chef Infra Server 12 removed for efficiency. 122 | 123 | ## 16data_bags-13/14 124 | 125 | Adds loading data bags from the included [test](test) directory. It restores from a previous data bag backup to ensure pruning and updating work. 126 | 127 | ## 16data_collector-13/14 128 | 129 | Tests deploying the Chef Infra Server configured to send data to an external Automate deployment. 130 | 131 | ## 16legacy-13/14 132 | 133 | Adds loading cookbooks, environments and roles from the included [test](test) directory. 134 | 135 | ## 16policyfile-13/14 136 | 137 | Adds loading policyfiles from the included [test](test) directory. 138 | 139 | ## 15/16restore-12/13/14 140 | 141 | Restores the Chef Infra Server from a backup consisting of the `everything` content. `kitchen verify restore` ensures the policyfiles were restored properly. 142 | 143 | ## 15/16upgrade-12-13/13-14 144 | 145 | Installs the Chef Infra Server, loads data bags, loads legacy content, loads policyfiles, and adds backup via cron, then upgrades the installed version of Chef Infra Server. There are upgrades from Chef Infra Server versions 12 to 13 and from 13 to 14. 146 | 147 | ## 15/16everything-13/14 148 | 149 | Installs the Chef Infra Server, loads data bags, loads legacy content, loads policyfiles, adds backup via cron, and upgrades the installation. 150 | 151 | # License and Authors 152 | 153 | - Author: Matt Ray [matt@chef.io](mailto:matt@chef.io) 154 | - Copyright 2018-2021, Chef Software, Inc 155 | 156 | ```text 157 | Licensed under the Apache License, Version 2.0 (the "License"); 158 | you may not use this file except in compliance with the License. 159 | You may obtain a copy of the License at 160 | 161 | http://www.apache.org/licenses/LICENSE-2.0 162 | 163 | Unless required by applicable law or agreed to in writing, software 164 | distributed under the License is distributed on an "AS IS" BASIS, 165 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 166 | See the License for the specific language governing permissions and 167 | limitations under the License. 168 | ``` 169 | -------------------------------------------------------------------------------- /attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Attributes:: default 4 | # 5 | 6 | # if you still need deprecated recipes related to tuning Solr and Postgres, set this back to 13 or 12 7 | default['mcs']['chef_server_version'] = 14 8 | 9 | # upgrade package 10 | default['mcs']['upgrade']['package_source'] = nil 11 | 12 | # _data_collection recipe 13 | default['mcs']['data_collector']['token'] = nil 14 | default['mcs']['data_collector']['root_url'] = nil 15 | default['mcs']['data_collector']['proxy'] = false 16 | default['mcs']['profiles']['root_url'] = nil 17 | 18 | # restore recipe 19 | # set location of backup file to restore from 20 | default['mcs']['restore']['file'] = nil 21 | 22 | # managed organization for Chef-managed server 23 | default['mcs']['managed']['dir'] = '/etc/opscode/managed' 24 | default['mcs']['org']['name'] = 'chef_managed_org' 25 | default['mcs']['org']['full_name'] = 'Chef Managed Organization' 26 | # if you want an email address for the managed organization users 27 | default['mcs']['managed_user']['email'] = nil 28 | # if you want a non-random password for the user 29 | default['mcs']['managed_user']['password'] = nil 30 | 31 | # backup recipe 32 | # schedule via cron 33 | default['mcs']['backup']['cron']['minute'] = '30' 34 | default['mcs']['backup']['cron']['hour'] = '2' 35 | default['mcs']['backup']['cron']['day'] = '*' 36 | default['mcs']['backup']['cron']['month'] = '*' 37 | default['mcs']['backup']['cron']['weekday'] = '*' 38 | default['mcs']['backup']['dir'] = Chef::Config[:file_cache_path] + '/mcs-backups' 39 | # this will have the timestamp added 40 | default['mcs']['backup']['prefix'] = 'chef-server-backup-' 41 | 42 | # cron recipe 43 | default['mcs']['cron']['minute'] = '*/30' 44 | default['mcs']['cron']['hour'] = '*' 45 | default['mcs']['cron']['day'] = '*' 46 | default['mcs']['cron']['month'] = '*' 47 | default['mcs']['cron']['weekday'] = '*' 48 | default['mcs']['cron']['options'] = [] 49 | default['mcs']['cron']['policyfile_archive'] = nil 50 | default['mcs']['cron']['zero_dir'] = Chef::Config[:file_cache_path] + '/mcs-cron' 51 | 52 | # data_bag_loader recipe 53 | default['mcs']['data_bags']['dir'] = nil 54 | default['mcs']['data_bags']['prune'] = false 55 | 56 | # Chef Workstation attributes cargo-culted for compatibility 57 | default['chef-workstation']['channel'] = :stable 58 | default['chef-workstation']['version'] = 'latest' 59 | default['chef-workstation']['package_source'] = nil 60 | 61 | # legacy_loader recipe 62 | default['mcs']['cookbooks']['dir'] = nil 63 | default['mcs']['environments']['dir'] = nil 64 | default['mcs']['roles']['dir'] = nil 65 | 66 | # policyfile_loader recipe 67 | default['mcs']['policyfile']['dir'] = nil 68 | default['mcs']['policyfile']['group'] = '_default' 69 | default['mcs']['policyfile']['lockfiletype'] = '.lock.json' 70 | default['mcs']['policyfile']['purge'] = false 71 | 72 | # _tuning recipe 73 | # if you want to configure the settings in the _tuning recipe you may set these 74 | # please refer to the recipe source for explanations and documentation links 75 | default['mcs']['opscode_solr4']['heap_size'] = nil 76 | -------------------------------------------------------------------------------- /chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # to a chef-server or supermarket. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | examples/* 55 | Guardfile 56 | Procfile 57 | .kitchen* 58 | kitchen.* 59 | .rubocop.yml 60 | spec/* 61 | Rakefile 62 | .travis.yml 63 | .foodcritic 64 | .codeclimate.yml 65 | 66 | # SCM # 67 | ####### 68 | .git 69 | */.git 70 | .gitignore 71 | .gitmodules 72 | .gitconfig 73 | .gitattributes 74 | .svn 75 | */.bzr/* 76 | */.hg/* 77 | */.svn/* 78 | 79 | # Berkshelf # 80 | ############# 81 | Berksfile 82 | Berksfile.lock 83 | cookbooks/* 84 | tmp 85 | 86 | # Bundler # 87 | ########### 88 | vendor/* 89 | 90 | # Policyfile # 91 | ############## 92 | Policyfile.rb 93 | Policyfile.lock.json 94 | policyfiles/* 95 | 96 | # Cookbooks # 97 | ############# 98 | CONTRIBUTING* 99 | CHANGELOG* 100 | TESTING* 101 | 102 | # Vagrant # 103 | ########### 104 | .vagrant 105 | Vagrantfile 106 | -------------------------------------------------------------------------------- /files/nginx.run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec 2>&1 3 | exec /opt/opscode/embedded/bin/veil-env-helper -o DATA_COLLECTOR_TOKEN=data_collector.token -s REDIS_PASSWORD=redis_lb.password -- \ 4 | chpst -P -U opscode:opscode -u opscode:opscode \ 5 | /opt/opscode/embedded/sbin/nginx -c /var/opt/opscode/nginx/etc/nginx.conf 6 | -------------------------------------------------------------------------------- /kitchen.dokken.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: dokken 4 | privileged: true # because Docker and SystemD/Upstart 5 | chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> 6 | volumes: 7 | - <%= ENV['PWD'] %>/test:/backups 8 | 9 | transport: 10 | name: dokken 11 | 12 | provisioner: 13 | name: dokken 14 | chef_options: '-z --chef-zero-port 9010' 15 | deprecations_as_errors: true 16 | 17 | platforms: 18 | - name: centos-7 19 | driver: 20 | image: dokken/centos-7 21 | pid_one_command: /usr/lib/systemd/systemd 22 | intermediate_instructions: 23 | - RUN yum install -y crontabs 24 | 25 | suites: 26 | - name: default 27 | attributes: 28 | chefdk: 29 | package_source: '/backups/chefdk-3.1.0-1.el7.x86_64.rpm' 30 | chef-server: 31 | package_source: '/backups/chef-server-core-12.17.33-1.el7.x86_64.rpm' 32 | verifier: 33 | inspec_tests: 34 | - test/integration/default 35 | - name: backup 36 | provisioner: 37 | named_run_list: backup 38 | attributes: 39 | chefdk: 40 | package_source: '/backups/chefdk-3.1.0-1.el7.x86_64.rpm' 41 | chef-server: 42 | package_source: '/backups/chef-server-core-12.17.33-1.el7.x86_64.rpm' 43 | verifier: 44 | inspec_tests: 45 | - test/integration/default 46 | - name: restore 47 | provisioner: 48 | named_run_list: restore 49 | attributes: 50 | chefdk: 51 | package_source: '/backups/chefdk-3.1.0-1.el7.x86_64.rpm' 52 | chef-server: 53 | package_source: '/backups/chef-server-core-12.17.33-1.el7.x86_64.rpm' 54 | mcs: 55 | restore: 56 | file: '/backups/chef-server-backup-201809030650.tgz' 57 | verifier: 58 | inspec_tests: 59 | - test/integration/default 60 | - test/integration/policyfiles 61 | - name: policyfile 62 | provisioner: 63 | named_run_list: policyfiles 64 | attributes: 65 | chefdk: 66 | package_source: '/backups/chefdk-3.1.0-1.el7.x86_64.rpm' 67 | chef-server: 68 | package_source: '/backups/chef-server-core-12.17.33-1.el7.x86_64.rpm' 69 | mcs: 70 | policyfile: 71 | dir: '/backups' 72 | verifier: 73 | inspec_tests: 74 | - test/integration/default 75 | - test/integration/policyfiles 76 | - name: everything 77 | provisioner: 78 | named_run_list: everything 79 | attributes: 80 | chefdk: 81 | package_source: '/backups/chefdk-3.1.0-1.el7.x86_64.rpm' 82 | chef-server: 83 | package_source: '/backups/chef-server-core-12.17.33-1.el7.x86_64.rpm' 84 | mcs: 85 | policyfile: 86 | dir: '/backups' 87 | restore: 88 | file: '/backups/chef-server-backup-201809030650.tgz' 89 | verifier: 90 | inspec_tests: 91 | - test/integration/default 92 | - test/integration/policyfiles 93 | -------------------------------------------------------------------------------- /kitchen.vagrant.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | customize: 5 | memory: 4096 6 | cpus: 2 7 | -------------------------------------------------------------------------------- /kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | synced_folders: 5 | - ['test', '/backups', 'create: true', owner: "root", group: "root"] 6 | customize: 7 | memory: 2048 8 | cpus: 2 9 | network: 10 | - ["private_network", {ip: "192.168.33.22"}] 11 | 12 | provisioner: 13 | name: chef_zero 14 | always_update_cookbooks: true 15 | chef_license: accept 16 | product_name: chef 17 | product_version: 16 18 | 19 | verifier: 20 | name: inspec 21 | color: false 22 | 23 | platforms: 24 | - name: centos-7 25 | - name: centos-8 26 | - name: ubuntu-18.04 27 | 28 | suites: 29 | - name: 15default-12 30 | provisioner: 31 | product_version: 15 32 | attributes: 33 | chef-server: 34 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 35 | mcs: 36 | chef_server_version: 12 37 | verifier: 38 | inspec_tests: 39 | - test/integration/default 40 | excludes: ["centos-8", "ubuntu-18.04"] 41 | - name: 15default-13 42 | provisioner: 43 | product_version: 15 44 | attributes: 45 | chef-server: 46 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 47 | mcs: 48 | chef_server_version: 13 49 | verifier: 50 | inspec_tests: 51 | - test/integration/default 52 | excludes: ["ubuntu-18.04"] 53 | - name: 15default-14 54 | provisioner: 55 | product_version: 15 56 | attributes: 57 | chef-server: 58 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 59 | verifier: 60 | inspec_tests: 61 | - test/integration/default 62 | excludes: ["ubuntu-18.04"] 63 | - name: 16default-12 64 | attributes: 65 | chef-server: 66 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 67 | mcs: 68 | chef_server_version: 12 69 | verifier: 70 | inspec_tests: 71 | - test/integration/default 72 | excludes: ["centos-8", "ubuntu-18.04"] 73 | - name: 16default-13 74 | attributes: 75 | chef-server: 76 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 77 | mcs: 78 | chef_server_version: 13 79 | verifier: 80 | inspec_tests: 81 | - test/integration/default 82 | excludes: ["ubuntu-18.04"] 83 | - name: 16default-14 84 | attributes: 85 | chef-server: 86 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 87 | verifier: 88 | inspec_tests: 89 | - test/integration/default 90 | excludes: ["ubuntu-18.04"] 91 | - name: 16backup-13 92 | provisioner: 93 | named_run_list: backup 94 | attributes: 95 | chef-server: 96 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 97 | mcs: 98 | chef_server_version: 13 99 | verifier: 100 | inspec_tests: 101 | - test/integration/default 102 | - test/integration/backup 103 | excludes: ["ubuntu-18.04"] 104 | - name: 16backup-14 105 | provisioner: 106 | named_run_list: backup 107 | attributes: 108 | chef-server: 109 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 110 | verifier: 111 | inspec_tests: 112 | - test/integration/default 113 | - test/integration/backup 114 | excludes: ["ubuntu-18.04"] 115 | - name: 16cron-13 116 | provisioner: 117 | named_run_list: cron 118 | attributes: 119 | chef-server: 120 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 121 | mcs: 122 | chef_server_version: 13 123 | managed: 124 | dir: /root/managed 125 | verifier: 126 | inspec_tests: 127 | - test/integration/cron 128 | excludes: ["ubuntu-18.04"] 129 | - name: 16cron-14 130 | provisioner: 131 | named_run_list: cron 132 | attributes: 133 | chef-server: 134 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 135 | mcs: 136 | managed: 137 | dir: /root/managed 138 | verifier: 139 | inspec_tests: 140 | - test/integration/cron 141 | excludes: ["ubuntu-18.04"] 142 | - name: 16data_bags-13 143 | provisioner: 144 | named_run_list: data_bags 145 | attributes: 146 | chef-server: 147 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 148 | mcs: 149 | chef_server_version: 13 150 | verifier: 151 | inspec_tests: 152 | - test/integration/default 153 | - test/integration/data_bags 154 | excludes: ["ubuntu-18.04"] 155 | - name: 16data_bags-14 156 | provisioner: 157 | named_run_list: data_bags 158 | attributes: 159 | chef-server: 160 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 161 | verifier: 162 | inspec_tests: 163 | - test/integration/default 164 | - test/integration/data_bags 165 | excludes: ["ubuntu-18.04"] 166 | - name: 16data_collector-13 167 | provisioner: 168 | named_run_list: data_collector 169 | attributes: 170 | chef-server: 171 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 172 | mcs: 173 | chef_server_version: 13 174 | verifier: 175 | inspec_tests: 176 | - test/integration/default 177 | - test/integration/data_collector 178 | excludes: ["ubuntu-18.04"] 179 | - name: 16data_collector-14 180 | provisioner: 181 | named_run_list: data_collector 182 | attributes: 183 | chef-server: 184 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 185 | verifier: 186 | inspec_tests: 187 | - test/integration/default 188 | - test/integration/data_collector 189 | excludes: ["ubuntu-18.04"] 190 | - name: 16legacy-13 191 | provisioner: 192 | named_run_list: legacy 193 | attributes: 194 | chef-server: 195 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 196 | mcs: 197 | chef_server_version: 13 198 | verifier: 199 | inspec_tests: 200 | - test/integration/default 201 | - test/integration/legacy 202 | excludes: ["ubuntu-18.04"] 203 | - name: 16legacy-14 204 | provisioner: 205 | named_run_list: legacy 206 | attributes: 207 | chef-server: 208 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 209 | verifier: 210 | inspec_tests: 211 | - test/integration/default 212 | - test/integration/legacy 213 | excludes: ["ubuntu-18.04"] 214 | - name: 16policyfile-13 215 | provisioner: 216 | named_run_list: policyfile 217 | attributes: 218 | chef-server: 219 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 220 | mcs: 221 | chef_server_version: 13 222 | verifier: 223 | inspec_tests: 224 | - test/integration/default 225 | - test/integration/policyfiles 226 | excludes: ["ubuntu-18.04"] 227 | - name: 16policyfile-14 228 | provisioner: 229 | named_run_list: policyfile 230 | attributes: 231 | chef-server: 232 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 233 | verifier: 234 | inspec_tests: 235 | - test/integration/default 236 | - test/integration/policyfiles 237 | excludes: ["ubuntu-18.04"] 238 | - name: 15restore-12 239 | provisioner: 240 | named_run_list: restore 241 | product_version: 15 242 | attributes: 243 | chef-server: 244 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 245 | mcs: 246 | chef_server_version: 12 247 | verifier: 248 | inspec_tests: 249 | - test/integration/default 250 | - test/integration/data_bags 251 | - test/integration/policyfiles 252 | - test/integration/restore 253 | excludes: ["centos-8", "ubuntu-18.04"] 254 | - name: 15restore-13 255 | provisioner: 256 | named_run_list: restore 257 | product_version: 15 258 | attributes: 259 | chef-server: 260 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 261 | mcs: 262 | chef_server_version: 13 263 | verifier: 264 | inspec_tests: 265 | - test/integration/default 266 | - test/integration/data_bags 267 | - test/integration/policyfiles 268 | - test/integration/restore 269 | excludes: ["ubuntu-18.04"] 270 | - name: 15restore-14 271 | provisioner: 272 | named_run_list: restore 273 | product_version: 15 274 | attributes: 275 | chef-server: 276 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 277 | verifier: 278 | inspec_tests: 279 | - test/integration/default 280 | - test/integration/data_bags 281 | - test/integration/policyfiles 282 | - test/integration/restore 283 | excludes: ["ubuntu-18.04"] 284 | - name: 16restore-12 285 | provisioner: 286 | named_run_list: restore 287 | attributes: 288 | chef-server: 289 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 290 | mcs: 291 | chef_server_version: 12 292 | verifier: 293 | inspec_tests: 294 | - test/integration/default 295 | - test/integration/data_bags 296 | - test/integration/policyfiles 297 | - test/integration/restore 298 | excludes: ["centos-8", "ubuntu-18.04"] 299 | - name: 16restore-13 300 | provisioner: 301 | named_run_list: restore 302 | attributes: 303 | chef-server: 304 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 305 | mcs: 306 | chef_server_version: 13 307 | verifier: 308 | inspec_tests: 309 | - test/integration/default 310 | - test/integration/data_bags 311 | - test/integration/policyfiles 312 | - test/integration/restore 313 | excludes: ["ubuntu-18.04"] 314 | - name: 16restore-14 315 | provisioner: 316 | named_run_list: restore 317 | attributes: 318 | chef-server: 319 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 320 | verifier: 321 | inspec_tests: 322 | - test/integration/default 323 | - test/integration/data_bags 324 | - test/integration/policyfiles 325 | - test/integration/restore 326 | excludes: ["ubuntu-18.04"] 327 | - name: 15upgrade-12-13 328 | provisioner: 329 | named_run_list: upgrade 330 | product_version: 15 331 | attributes: 332 | chef-server: 333 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 334 | mcs: 335 | chef_server_version: 13 336 | upgrade: 337 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 338 | verifier: 339 | inspec_tests: 340 | - test/integration/default 341 | - test/integration/upgrade13 342 | excludes: ["centos-8", "ubuntu-18.04"] 343 | - name: 15upgrade-12-14 344 | provisioner: 345 | named_run_list: upgrade 346 | product_version: 15 347 | attributes: 348 | chef-server: 349 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 350 | mcs: 351 | upgrade: 352 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 353 | verifier: 354 | inspec_tests: 355 | - test/integration/default 356 | - test/integration/upgrade14 357 | excludes: ["centos-8", "ubuntu-18.04"] 358 | - name: 15upgrade-13-14 359 | provisioner: 360 | named_run_list: upgrade 361 | product_version: 15 362 | attributes: 363 | chef-server: 364 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 365 | mcs: 366 | upgrade: 367 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 368 | verifier: 369 | inspec_tests: 370 | - test/integration/default 371 | - test/integration/upgrade14 372 | excludes: ["ubuntu-18.04"] 373 | - name: 16upgrade-12-13 374 | provisioner: 375 | named_run_list: upgrade 376 | attributes: 377 | chef-server: 378 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 379 | mcs: 380 | chef_server_version: 13 381 | upgrade: 382 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 383 | verifier: 384 | inspec_tests: 385 | - test/integration/default 386 | - test/integration/upgrade13 387 | excludes: ["centos-8", "ubuntu-18.04"] 388 | - name: 16upgrade-12-14 389 | provisioner: 390 | named_run_list: upgrade 391 | attributes: 392 | chef-server: 393 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 394 | mcs: 395 | upgrade: 396 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 397 | verifier: 398 | inspec_tests: 399 | - test/integration/default 400 | - test/integration/upgrade14 401 | excludes: ["centos-8", "ubuntu-18.04"] 402 | - name: 16upgrade-13-14 403 | provisioner: 404 | named_run_list: upgrade 405 | attributes: 406 | chef-server: 407 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 408 | mcs: 409 | upgrade: 410 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 411 | verifier: 412 | inspec_tests: 413 | - test/integration/default 414 | - test/integration/upgrade14 415 | excludes: ["ubuntu-18.04"] 416 | - name: 15everything-12-13 417 | provisioner: 418 | named_run_list: everything 419 | product_version: 15 420 | attributes: 421 | chef-server: 422 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 423 | mcs: 424 | chef_server_version: 13 425 | upgrade: 426 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 427 | verifier: 428 | inspec_tests: 429 | - test/integration/default 430 | - test/integration/data_collector 431 | - test/integration/backup 432 | - test/integration/data_bags 433 | - test/integration/legacy 434 | - test/integration/policyfiles 435 | - test/integration/upgrade13 436 | excludes: ["centos-8", "ubuntu-18.04"] 437 | - name: 15everything-12-14 438 | provisioner: 439 | named_run_list: everything 440 | product_version: 15 441 | attributes: 442 | chef-server: 443 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 444 | mcs: 445 | upgrade: 446 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 447 | verifier: 448 | inspec_tests: 449 | - test/integration/default 450 | - test/integration/data_collector 451 | - test/integration/backup 452 | - test/integration/data_bags 453 | - test/integration/legacy 454 | - test/integration/policyfiles 455 | - test/integration/upgrade14 456 | excludes: ["centos-8", "ubuntu-18.04"] 457 | - name: 15everything-13-14 458 | provisioner: 459 | named_run_list: everything 460 | product_version: 15 461 | attributes: 462 | chef-server: 463 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 464 | mcs: 465 | upgrade: 466 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 467 | verifier: 468 | inspec_tests: 469 | - test/integration/default 470 | - test/integration/data_collector 471 | - test/integration/backup 472 | - test/integration/data_bags 473 | - test/integration/legacy 474 | - test/integration/policyfiles 475 | - test/integration/upgrade14 476 | excludes: ["ubuntu-18.04"] 477 | - name: 16everything-12-13 478 | provisioner: 479 | named_run_list: everything 480 | attributes: 481 | chef-server: 482 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 483 | mcs: 484 | chef_server_version: 13 485 | upgrade: 486 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 487 | verifier: 488 | inspec_tests: 489 | - test/integration/default 490 | - test/integration/data_collector 491 | - test/integration/backup 492 | - test/integration/data_bags 493 | - test/integration/legacy 494 | - test/integration/policyfiles 495 | - test/integration/upgrade13 496 | excludes: ["centos-8", "ubuntu-18.04"] 497 | - name: 16everything-12-14 498 | provisioner: 499 | named_run_list: everything 500 | attributes: 501 | chef-server: 502 | package_source: /backups/chef-server-core-12.19.31-1.el7.x86_64.rpm 503 | mcs: 504 | upgrade: 505 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 506 | verifier: 507 | inspec_tests: 508 | - test/integration/default 509 | - test/integration/data_collector 510 | - test/integration/backup 511 | - test/integration/data_bags 512 | - test/integration/legacy 513 | - test/integration/policyfiles 514 | - test/integration/upgrade14 515 | excludes: ["centos-8", "ubuntu-18.04"] 516 | - name: 16everything-13-14 517 | provisioner: 518 | named_run_list: everything 519 | attributes: 520 | chef-server: 521 | package_source: /backups/chef-server-core-13.2.0-1.el7.x86_64.rpm 522 | mcs: 523 | upgrade: 524 | package_source: /backups/chef-server-core-14.3.14-1.el7.x86_64.rpm 525 | verifier: 526 | inspec_tests: 527 | - test/integration/default 528 | - test/integration/data_collector 529 | - test/integration/backup 530 | - test/integration/data_bags 531 | - test/integration/legacy 532 | - test/integration/policyfiles 533 | - test/integration/upgrade14 534 | excludes: ["ubuntu-18.04"] 535 | - name: 15default-12-ubuntu 536 | provisioner: 537 | product_version: 15 538 | attributes: 539 | chef-server: 540 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 541 | mcs: 542 | chef_server_version: 12 543 | verifier: 544 | inspec_tests: 545 | - test/integration/default 546 | excludes: ["centos-7", "centos-8"] 547 | - name: 15default-13-ubuntu 548 | provisioner: 549 | product_version: 15 550 | attributes: 551 | chef-server: 552 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 553 | mcs: 554 | chef_server_version: 13 555 | verifier: 556 | inspec_tests: 557 | - test/integration/default 558 | excludes: ["centos-7", "centos-8"] 559 | - name: 15default-14-ubuntu 560 | provisioner: 561 | product_version: 15 562 | attributes: 563 | chef-server: 564 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 565 | verifier: 566 | inspec_tests: 567 | - test/integration/default 568 | excludes: ["centos-7", "centos-8"] 569 | - name: 16default-12-ubuntu 570 | attributes: 571 | chef-server: 572 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 573 | mcs: 574 | chef_server_version: 12 575 | verifier: 576 | inspec_tests: 577 | - test/integration/default 578 | excludes: ["centos-7", "centos-8"] 579 | - name: 16default-13-ubuntu 580 | attributes: 581 | chef-server: 582 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 583 | mcs: 584 | chef_server_version: 13 585 | verifier: 586 | inspec_tests: 587 | - test/integration/default 588 | excludes: ["centos-7", "centos-8"] 589 | - name: 16default-14-ubuntu 590 | attributes: 591 | chef-server: 592 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 593 | verifier: 594 | inspec_tests: 595 | - test/integration/default 596 | excludes: ["centos-7", "centos-8"] 597 | - name: 15restore-12-ubuntu 598 | provisioner: 599 | named_run_list: restore 600 | product_version: 15 601 | attributes: 602 | chef-server: 603 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 604 | mcs: 605 | chef_server_version: 12 606 | verifier: 607 | inspec_tests: 608 | - test/integration/default 609 | - test/integration/data_bags 610 | - test/integration/policyfiles 611 | - test/integration/restore 612 | excludes: ["centos-7", "centos-8"] 613 | - name: 15restore-13-ubuntu 614 | provisioner: 615 | named_run_list: restore 616 | product_version: 15 617 | attributes: 618 | chef-server: 619 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 620 | verifier: 621 | inspec_tests: 622 | - test/integration/default 623 | - test/integration/data_bags 624 | - test/integration/policyfiles 625 | - test/integration/restore 626 | excludes: ["centos-7", "centos-8"] 627 | - name: 15restore-14-ubuntu 628 | provisioner: 629 | named_run_list: restore 630 | product_version: 15 631 | attributes: 632 | chef-server: 633 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 634 | verifier: 635 | inspec_tests: 636 | - test/integration/default 637 | - test/integration/data_bags 638 | - test/integration/policyfiles 639 | - test/integration/restore 640 | excludes: ["centos-7", "centos-8"] 641 | - name: 16restore-12-ubuntu 642 | provisioner: 643 | named_run_list: restore 644 | attributes: 645 | chef-server: 646 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 647 | mcs: 648 | chef_server_version: 12 649 | verifier: 650 | inspec_tests: 651 | - test/integration/default 652 | - test/integration/data_bags 653 | - test/integration/policyfiles 654 | - test/integration/restore 655 | excludes: ["centos-7", "centos-8"] 656 | - name: 16restore-13-ubuntu 657 | provisioner: 658 | named_run_list: restore 659 | attributes: 660 | chef-server: 661 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 662 | mcs: 663 | chef_server_version: 13 664 | verifier: 665 | inspec_tests: 666 | - test/integration/default 667 | - test/integration/data_bags 668 | - test/integration/policyfiles 669 | - test/integration/restore 670 | excludes: ["centos-7", "centos-8"] 671 | - name: 16restore-14-ubuntu 672 | provisioner: 673 | named_run_list: restore 674 | attributes: 675 | chef-server: 676 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 677 | verifier: 678 | inspec_tests: 679 | - test/integration/default 680 | - test/integration/data_bags 681 | - test/integration/policyfiles 682 | - test/integration/restore 683 | excludes: ["centos-7", "centos-8"] 684 | - name: 15upgrade-12-13-ubuntu 685 | provisioner: 686 | named_run_list: upgrade 687 | product_version: 15 688 | attributes: 689 | chef-server: 690 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 691 | mcs: 692 | chef_server_version: 13 693 | upgrade: 694 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 695 | verifier: 696 | inspec_tests: 697 | - test/integration/default 698 | - test/integration/upgrade13 699 | excludes: ["centos-7", "centos-8"] 700 | - name: 15upgrade-12-14-ubuntu 701 | provisioner: 702 | named_run_list: upgrade 703 | product_version: 15 704 | attributes: 705 | chef-server: 706 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 707 | mcs: 708 | upgrade: 709 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 710 | verifier: 711 | inspec_tests: 712 | - test/integration/default 713 | - test/integration/upgrade14 714 | excludes: ["centos-7", "centos-8"] 715 | - name: 15upgrade-13-14-ubuntu 716 | provisioner: 717 | named_run_list: upgrade 718 | product_version: 15 719 | attributes: 720 | chef-server: 721 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 722 | mcs: 723 | upgrade: 724 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 725 | verifier: 726 | inspec_tests: 727 | - test/integration/default 728 | - test/integration/upgrade14 729 | excludes: ["centos-7", "centos-8"] 730 | - name: 16upgrade-12-13-ubuntu 731 | provisioner: 732 | named_run_list: upgrade 733 | attributes: 734 | chef-server: 735 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 736 | mcs: 737 | chef_server_version: 13 738 | upgrade: 739 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 740 | verifier: 741 | inspec_tests: 742 | - test/integration/default 743 | - test/integration/upgrade13 744 | excludes: ["centos-7", "centos-8"] 745 | - name: 16upgrade-12-14-ubuntu 746 | provisioner: 747 | named_run_list: upgrade 748 | attributes: 749 | chef-server: 750 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 751 | mcs: 752 | upgrade: 753 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 754 | verifier: 755 | inspec_tests: 756 | - test/integration/default 757 | - test/integration/upgrade14 758 | excludes: ["centos-7", "centos-8"] 759 | - name: 16upgrade-13-14-ubuntu 760 | provisioner: 761 | named_run_list: upgrade 762 | attributes: 763 | chef-server: 764 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 765 | mcs: 766 | upgrade: 767 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 768 | verifier: 769 | inspec_tests: 770 | - test/integration/default 771 | - test/integration/upgrade14 772 | excludes: ["centos-7", "centos-8"] 773 | - name: 15everything-12-13-ubuntu 774 | provisioner: 775 | named_run_list: everything 776 | product_version: 15 777 | attributes: 778 | chef-server: 779 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 780 | mcs: 781 | chef_server_version: 13 782 | upgrade: 783 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 784 | verifier: 785 | inspec_tests: 786 | - test/integration/default 787 | - test/integration/data_collector 788 | - test/integration/backup 789 | - test/integration/data_bags 790 | - test/integration/legacy 791 | - test/integration/policyfiles 792 | - test/integration/upgrade13 793 | excludes: ["centos-7", "centos-8"] 794 | - name: 15everything-12-14-ubuntu 795 | provisioner: 796 | named_run_list: everything 797 | product_version: 15 798 | attributes: 799 | chef-server: 800 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 801 | mcs: 802 | upgrade: 803 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 804 | verifier: 805 | inspec_tests: 806 | - test/integration/default 807 | - test/integration/data_collector 808 | - test/integration/backup 809 | - test/integration/data_bags 810 | - test/integration/legacy 811 | - test/integration/policyfiles 812 | - test/integration/upgrade14 813 | excludes: ["centos-7", "centos-8"] 814 | - name: 15everything-13-14-ubuntu 815 | provisioner: 816 | named_run_list: everything 817 | product_version: 15 818 | attributes: 819 | chef-server: 820 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 821 | mcs: 822 | upgrade: 823 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 824 | verifier: 825 | inspec_tests: 826 | - test/integration/default 827 | - test/integration/data_collector 828 | - test/integration/backup 829 | - test/integration/data_bags 830 | - test/integration/legacy 831 | - test/integration/policyfiles 832 | - test/integration/upgrade14 833 | excludes: ["centos-7", "centos-8"] 834 | - name: 16everything-12-13-ubuntu 835 | provisioner: 836 | named_run_list: everything 837 | attributes: 838 | chef-server: 839 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 840 | mcs: 841 | chef_server_version: 13 842 | upgrade: 843 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 844 | verifier: 845 | inspec_tests: 846 | - test/integration/default 847 | - test/integration/data_collector 848 | - test/integration/backup 849 | - test/integration/data_bags 850 | - test/integration/legacy 851 | - test/integration/policyfiles 852 | - test/integration/upgrade13 853 | excludes: ["centos-7", "centos-8"] 854 | - name: 16everything-12-14-ubuntu 855 | provisioner: 856 | named_run_list: everything 857 | attributes: 858 | chef-server: 859 | package_source: /backups/chef-server-core_12.19.31-1_amd64.deb 860 | mcs: 861 | upgrade: 862 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 863 | verifier: 864 | inspec_tests: 865 | - test/integration/default 866 | - test/integration/data_collector 867 | - test/integration/backup 868 | - test/integration/data_bags 869 | - test/integration/legacy 870 | - test/integration/policyfiles 871 | - test/integration/upgrade14 872 | excludes: ["centos-7", "centos-8"] 873 | - name: 16everything-13-14-ubuntu 874 | provisioner: 875 | named_run_list: everything 876 | attributes: 877 | chef-server: 878 | package_source: /backups/chef-server-core_13.2.0-1_amd64.deb 879 | mcs: 880 | upgrade: 881 | package_source: /backups/chef-server-core_14.3.14-1_amd64.deb 882 | verifier: 883 | inspec_tests: 884 | - test/integration/default 885 | - test/integration/data_collector 886 | - test/integration/backup 887 | - test/integration/data_bags 888 | - test/integration/legacy 889 | - test/integration/policyfiles 890 | - test/integration/upgrade14 891 | excludes: ["centos-7", "centos-8"] 892 | -------------------------------------------------------------------------------- /metadata.rb: -------------------------------------------------------------------------------- 1 | name 'managed_chef_server' 2 | maintainer 'Matt Ray' 3 | maintainer_email 'matt@chef.io' 4 | license 'Apache-2.0' 5 | description 'Installs and configures a Chef server' 6 | version '0.20.0' 7 | chef_version '>= 15' 8 | 9 | supports 'redhat' 10 | supports 'centos' 11 | supports 'debian' 12 | 13 | depends 'chef-server', '~> 5.6' 14 | depends 'chef-ingredient', '~> 3.3' 15 | 16 | source_url 'https://github.com/mattray/managed_chef_server-cookbook' 17 | issues_url 'https://github.com/mattray/managed_chef_server-cookbook/issues' 18 | -------------------------------------------------------------------------------- /recipes/_accept_license.rb: -------------------------------------------------------------------------------- 1 | # Chef Server 13 requires license acceptance 2 | directory '/etc/chef/accepted_licenses/' do 3 | recursive true 4 | end 5 | 6 | template '/etc/chef/accepted_licenses/chef_infra_server' do 7 | source 'chef_infra_server.erb' 8 | mode '0400' 9 | variables(time: Time.now) 10 | action :create_if_missing 11 | only_if { node['chef-server']['accept_license'] } 12 | end 13 | -------------------------------------------------------------------------------- /recipes/_data_collector.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: _data_collector 4 | # 5 | 6 | # if using Automate, configure data collection 7 | # https://automate.chef.io/docs/data-collection/#setting-up-data-collection-on-chef-server-versions-1214-and-higher 8 | token = node['mcs']['data_collector']['token'] 9 | unless token.nil? 10 | execute 'chef-server-ctl set-secret data_collector token' do 11 | command "chef-server-ctl set-secret data_collector token '#{token}'" 12 | not_if "chef-server-ctl show-secret data_collector token | grep '#{token}'" 13 | end 14 | 15 | # Please restart these services: nginx, opscode-erchef 16 | execute 'chef-server-ctl restart nginx' do 17 | action :nothing 18 | subscribes :run, 'execute[chef-server-ctl set-secret data_collector token]', :immediately 19 | end 20 | 21 | execute 'chef-server-ctl restart opscode-erchef' do 22 | action :nothing 23 | subscribes :run, 'execute[chef-server-ctl set-secret data_collector token]', :immediately 24 | notifies :reconfigure, 'chef_ingredient[chef-server]', :immediately 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /recipes/_nginx.rb: -------------------------------------------------------------------------------- 1 | # tweak settings to make chef nginx run as opscode rather than as root 2 | # this is done by granting setcap privilege to the the chef nginx binary 3 | # (so that it can open up privileged port 443) then changing the 4 | # system startup of chef nginx to run as opscode user and setting 5 | # ownership of log directories so opscode can write to them 6 | 7 | directory '/opt/opscode/sv/nginx' do 8 | recursive true 9 | end 10 | 11 | cookbook_file '/opt/opscode/sv/nginx/run' do 12 | source 'nginx.run' 13 | cookbook 'managed_chef_server' 14 | sensitive true 15 | mode '0755' 16 | end 17 | 18 | execute 'chown nginx logs' do 19 | command 'chown -R opscode:opscode /var/log/opscode/nginx /opt/opscode/embedded/nginx /var/opt/opscode/nginx' 20 | only_if 'ls -al /var/log/opscode/nginx | grep root' || 'ls -al /opt/opscode/embedded/nginx | grep root' || 'ls -al /var/opt/opscode/nginx | grep root' 21 | end 22 | 23 | execute 'setcap cap_net_bind_service=ep nginx' do 24 | command '/sbin/setcap cap_net_bind_service=ep /opt/opscode/embedded/sbin/nginx' 25 | not_if '/sbin/setcap -v cap_net_bind_service=ep /opt/opscode/embedded/sbin/nginx' 26 | end 27 | 28 | execute 'chef-server-ctl restart nginx' do 29 | action :nothing 30 | subscribes :run, 'execute[setcap cap_net_bind_service=ep nginx]', :immediately 31 | end 32 | -------------------------------------------------------------------------------- /recipes/_tuning.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: _tuning 4 | # 5 | # DEPRECATED, these are no longer valid for Chef Infra Server 14 6 | 7 | # private recipe for performance tuning based off of recommendations in 8 | # https://docs.chef.io/server_tuning.html#large-node-sizes 9 | # http://irvingpop.github.io/blog/2015/04/20/tuning-the-chef-server-for-scale/ 10 | # https://getchef.zendesk.com/hc/en-us/articles/207465126-Large-Nodes-opscode-solr-max-field-length 11 | 12 | # Available Memory 13 | # From the docs: 14 | # The default value for opscode_solr4['heap_size'] should work for many organizations, 15 | # especially those with fewer than 25 nodes. For organizations with more than 25 16 | # nodes, set this value to 25% of system memory or 1024, whichever is smaller. 17 | # For very large configurations, increase this value to 25% of system memory or 18 | # 4096, whichever is smaller. This value should not exceed 8192. 19 | # 20 | # Interpretation: use 1/4 memory and cap at 8GB unless it's already set 21 | total_mem = node['memory']['total'][0..-3].to_i / 1024 22 | if node['mcs']['opscode_solr4']['heap_size'] 23 | solr_heap_size = node['mcs']['opscode_solr4']['heap_size'] 24 | else 25 | solr_heap_size = total_mem / 4 26 | solr_heap_size = 8192 if (total_mem / 4) > 8192 27 | end 28 | 29 | # Large Node Sizes 30 | # not touching yet 31 | # opscode_erchef['max_request_size'] 32 | # opscode_solr4['max_field_length'] 33 | 34 | # postgresql 35 | # To handle the heavy write load on large clusters, it is recommended to tune the 36 | # checkpointer per [https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server] 37 | # postgresql['checkpoint_segments'] = 64 38 | # postgresql['checkpoint_completion_target'] = 0.9 39 | # log all of the queries that took longer than 1000ms to complete 40 | # postgresql['log_min_duration_statement'] = 1000 41 | 42 | # chef-server configuration settings 43 | node.default['chef-server']['configuration'] += <<-EOS 44 | opscode_solr4['heap_size'] = #{solr_heap_size} 45 | postgresql['checkpoint_completion_target'] = 0.9 46 | postgresql['checkpoint_segments'] = 64 47 | postgresql['log_min_duration_statement'] = 1000 48 | EOS 49 | -------------------------------------------------------------------------------- /recipes/_workstation.rb: -------------------------------------------------------------------------------- 1 | # uninstall any pre-existing ChefDKs on an upgrade 2 | chef_ingredient 'chefdk' do 3 | action :uninstall 4 | end.run_action(:uninstall) 5 | 6 | # need the Chef Workstation for the 'chef' command 7 | chef_ingredient 'chef-workstation' do 8 | action :install 9 | version node['chef-workstation']['version'] 10 | channel node['chef-workstation']['channel'] 11 | package_source node['chef-workstation']['package_source'] 12 | end.run_action(:install) 13 | 14 | # this symlink confuses chef-workstation and chef client packages and may 15 | # downgrade/upgrade the chef-client version unintentionally 16 | # https://github.com/mattray/managed_chef_server-cookbook/issues/36 17 | # https://github.com/mattray/managed_chef_server-cookbook/issues/40 18 | link '/bin/chef-client' do 19 | to '/opt/chef/bin/chef-client' 20 | only_if { ::File.exist?('/opt/chef/bin/chef-client') } 21 | end 22 | -------------------------------------------------------------------------------- /recipes/backup.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: backup 4 | # 5 | 6 | managed_chef_server_backup node['mcs']['backup']['dir'] do 7 | prefix node['mcs']['backup']['prefix'] 8 | minute node['mcs']['backup']['cron']['minute'] 9 | hour node['mcs']['backup']['cron']['hour'] 10 | day node['mcs']['backup']['cron']['day'] 11 | month node['mcs']['backup']['cron']['month'] 12 | weekday node['mcs']['backup']['cron']['weekday'] 13 | end 14 | -------------------------------------------------------------------------------- /recipes/cron.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: cron 4 | # 5 | 6 | # assumes the chef-client is already installed and may be managed by another Chef server 7 | 8 | managed_chef_server_cron 'Chef server Chef client cron job' do 9 | archive node['mcs']['cron']['policyfile_archive'] 10 | minute node['mcs']['cron']['minute'] 11 | hour node['mcs']['cron']['hour'] 12 | day node['mcs']['cron']['day'] 13 | month node['mcs']['cron']['month'] 14 | weekday node['mcs']['cron']['weekday'] 15 | end 16 | -------------------------------------------------------------------------------- /recipes/data_bag_loader.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: data_bag_loader 4 | # 5 | 6 | data_bag_loader node['mcs']['data_bags']['dir'] do 7 | organization node['mcs']['org']['name'] 8 | prune node['mcs']['data_bags']['prune'] 9 | end 10 | -------------------------------------------------------------------------------- /recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: default 4 | # 5 | 6 | # Chef Server 13 requires license acceptance 7 | include_recipe 'managed_chef_server::_accept_license' 8 | 9 | # need the ChefWorkstation for the 'berks' and 'chef' commands 10 | include_recipe 'managed_chef_server::_workstation' 11 | 12 | # performance tuning based off of recommendations in https://docs.chef.io/server_tuning.html#large-node-sizes 13 | # deprecated for Chef Infra Server 14 14 | if node['mcs']['chef_server_version'] < 14 15 | include_recipe 'managed_chef_server::_tuning' 16 | end 17 | 18 | # Configure the Chef Server for data collection forwarding by adding the following setting to /etc/opscode/chef-server.rb: 19 | node.default['chef-server']['configuration'] += "data_collector['root_url'] = '#{node['mcs']['data_collector']['root_url']}'\n" if node['mcs']['data_collector']['root_url'] 20 | # Add for chef client run forwarding 21 | node.default['chef-server']['configuration'] += "data_collector['proxy'] = #{node['mcs']['data_collector']['proxy']}\n" if node['mcs']['data_collector']['proxy'] 22 | # Add for compliance scanning 23 | node.default['chef-server']['configuration'] += "profiles['root_url'] = '#{node['mcs']['profiles']['root_url']}'\n" if node['mcs']['profiles']['root_url'] 24 | 25 | # chef-server install 26 | include_recipe 'chef-server::default' 27 | 28 | # run nginx as a non-root user 29 | include_recipe 'managed_chef_server::_nginx' 30 | 31 | # configure data collection with Automate 32 | include_recipe 'managed_chef_server::_data_collector' 33 | 34 | # give everything time to start up 35 | ruby_block 'Wait for the Chef Infra Server to be ready before proceeding' do 36 | block do 37 | wait = 0 38 | while wait < 12 # wait up to 2 minutes, then proceed 39 | puts '.' 40 | if shell_out('chef-server-ctl status').stdout.match?('down') 41 | wait += 1 42 | shell_out('sleep 10') 43 | else 44 | wait = 12 45 | end 46 | end 47 | end 48 | not_if 'chef-server-ctl status' 49 | end 50 | -------------------------------------------------------------------------------- /recipes/legacy_loader.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: legacy_loader 4 | # 5 | 6 | # cookbooks 7 | cookbooks_loader node['mcs']['cookbooks']['dir'] do 8 | organization node['mcs']['org']['name'] 9 | end 10 | 11 | # environments 12 | environments_loader node['mcs']['environments']['dir'] do 13 | organization node['mcs']['org']['name'] 14 | end 15 | 16 | # roles 17 | roles_loader node['mcs']['roles']['dir'] do 18 | organization node['mcs']['org']['name'] 19 | end 20 | -------------------------------------------------------------------------------- /recipes/maintenance.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: maintenance 4 | # 5 | 6 | # Use knife-tidy to remove stale nodes? 7 | # https://github.com/chef-customers/knife-tidy 8 | 9 | # Use the chef clean-policy-revisions subcommand to delete orphaned policy 10 | # revisions to Policyfile files from the Chef server. An orphaned policy revision 11 | # is not associated to any policy group and therefore is not in active use by any 12 | # node. Use chef show-policy --orphans to view a list of orphaned policy revisions. 13 | # execute 'chef clean-policy-revisions' 14 | 15 | # Use the 'chef clean-policy-cookbooks' subcommand to delete cookbooks that are 16 | # not used by Policyfile files. Cookbooks are considered unused when they are not 17 | # referenced by any policy revisions on the Chef server. 18 | -------------------------------------------------------------------------------- /recipes/managed_organization.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: managed_organization 4 | # 5 | 6 | # create the managed Chef organization and user 7 | managed_organization 'create managed Chef server organization and user' do 8 | organization node['mcs']['org']['name'] 9 | full_name node['mcs']['org']['full_name'] 10 | email node['mcs']['managed_user']['email'] 11 | password node['mcs']['managed_user']['password'] 12 | end 13 | -------------------------------------------------------------------------------- /recipes/policyfile_loader.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: policyfile_loader 4 | # 5 | 6 | policyfile_loader node['mcs']['policyfile']['dir'] do 7 | organization node['mcs']['org']['name'] 8 | end 9 | -------------------------------------------------------------------------------- /recipes/restore.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: restore 4 | # 5 | 6 | include_recipe 'managed_chef_server::default' 7 | 8 | # restore from a backup if present 9 | managed_chef_server_restore 'restore Chef server from backup' do 10 | tarball node['mcs']['restore']['file'] 11 | not_if { !defined?(node['mcs']['restore']['file']) } 12 | end 13 | -------------------------------------------------------------------------------- /recipes/upgrade.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: managed_chef_server 3 | # Recipe:: upgrade 4 | # 5 | 6 | # Chef Server 13 requires license acceptance 7 | include_recipe 'managed_chef_server::_accept_license' 8 | 9 | managed_chef_server_upgrade 'upgrade Chef Infra Server' do 10 | package_source node['mcs']['upgrade']['package_source'] 11 | only_if { ::File.exist?(node['mcs']['upgrade']['package_source']) } 12 | end 13 | -------------------------------------------------------------------------------- /resources/cookbooks_loader.rb: -------------------------------------------------------------------------------- 1 | resource_name :cookbooks_loader 2 | provides :cookbooks_loader 3 | 4 | property :directory, String, name_property: true 5 | property :organization, String, required: true 6 | 7 | action :load do 8 | cookbooks_dir = new_resource.directory 9 | organization = new_resource.organization 10 | 11 | return if cookbooks_dir.nil? || !Dir.exist?(cookbooks_dir) 12 | 13 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 14 | configjson = "#{node['mcs']['managed']['dir']}/#{organization}/config.json" 15 | 16 | cookbooks_temp_dir = Chef::Config[:file_cache_path] + '/mcs-cookbooks' 17 | # create a temp dir for untarring the cookbooks 18 | Dir.mkdir(cookbooks_temp_dir) unless Dir.exist?(cookbooks_temp_dir) 19 | 20 | # iterate over the files in the cookbooks directory, Berks first 21 | Dir.foreach(cookbooks_dir) do |tarfile| 22 | next unless tarfile.end_with?('.tgz', '.tar.gz') 23 | 24 | untarred_dir = "#{cookbooks_temp_dir}/#{tarfile.sub(/.tgz$|.tar.gz$/, '')}" 25 | untarred_marker = untarred_dir + '-TAR' 26 | # untar into temp directory named after the tarball 27 | unless ::File.exist?(untarred_marker) 28 | Dir.mkdir(untarred_dir) # create a temp dir for each tarball 29 | shell_out!("tar -C #{untarred_dir} -xzf #{cookbooks_dir}/#{tarfile}") # untar to directory 30 | shell_out!("touch #{untarred_marker}") # marker file indicating not to untar again 31 | end 32 | 33 | berks_marker = untarred_dir + '-BERKS' 34 | berksfile = "#{untarred_dir}/#{untarred_dir.split('/').last}/Berksfile" 35 | if ::File.exist?(berksfile) 36 | bash "berks install/upload #{tarfile}" do 37 | cwd untarred_dir 38 | code <<-EOH 39 | berks install -b #{berksfile} -c #{configjson} 40 | berks upload -b #{berksfile} -c #{configjson} 41 | touch #{berks_marker} 42 | EOH 43 | not_if { ::File.exist?(berks_marker) } 44 | end 45 | end 46 | end 47 | 48 | # iterate over the files in the cookbooks directory, knife loop 49 | Dir.foreach(cookbooks_dir) do |tarfile| 50 | next unless tarfile.end_with?('.tgz', '.tar.gz') 51 | 52 | untarred_dir = "#{cookbooks_temp_dir}/#{tarfile.sub(/.tgz$|.tar.gz$/, '')}" 53 | knife_marker = untarred_dir + '-KNIFE' 54 | berksfile = "#{untarred_dir}/#{untarred_dir.split('/').last}/Berksfile" 55 | 56 | unless ::File.exist?(berksfile) 57 | # try knife cookbook upload. This could take multiple passes given dependencies 58 | bash "knife cookbook upload #{tarfile}" do 59 | cwd untarred_dir 60 | code <<-EOH 61 | knife cookbook upload -a -c #{configrb} -o #{untarred_dir} 62 | touch #{knife_marker} 63 | EOH 64 | ignore_failure true 65 | not_if { ::File.exist?(knife_marker) } 66 | end 67 | end 68 | end 69 | end 70 | -------------------------------------------------------------------------------- /resources/data_bag_loader.rb: -------------------------------------------------------------------------------- 1 | resource_name :data_bag_loader 2 | provides :data_bag_loader 3 | 4 | property :directory, String, name_property: true 5 | property :organization, String, required: true 6 | property :prune, [true, false], default: false 7 | 8 | action :load do 9 | data_bag_dir = new_resource.directory 10 | organization = new_resource.organization 11 | prune = new_resource.prune 12 | 13 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 14 | data_bag_md5s = "#{Chef::Config[:file_cache_path]}/mcs-databags-#{organization}" 15 | 16 | return if data_bag_dir.nil? || !Dir.exist?(data_bag_dir) 17 | 18 | # find the data bags to manage by the directory names 19 | dir_data_bags = Dir.entries(data_bag_dir) - ['.', '..'] 20 | 21 | # get existing server data bags and remove any that aren't on the filesystem 22 | if prune 23 | server_data_bags = shell_out("knife data bag list -c #{configrb}").stdout.split 24 | # if on server, but not in the directory, remove them 25 | (server_data_bags - dir_data_bags).each do |prune_data_bag| 26 | managed_data_bag "#{organization}:#{prune_data_bag}" do 27 | organization organization 28 | data_bag prune_data_bag 29 | action :prune 30 | end 31 | end 32 | end 33 | 34 | # manage contents of each data bag 35 | dir_data_bags.each do |data_bag| 36 | # create data bags if missing 37 | managed_data_bag "#{organization}:#{data_bag}" do 38 | organization organization 39 | data_bag data_bag 40 | action :create 41 | end 42 | 43 | data_bag_files = Dir.entries(data_bag_dir + '/' + data_bag) - ['.', '..'] 44 | 45 | # prune first, then re-add later if not in the MD5 file 46 | if prune 47 | md5_items = shell_out("grep ^#{data_bag} #{data_bag_md5s}").stdout.split 48 | if md5_items.count > data_bag_files.count # reset md5s if > than files # 49 | shell_out("sed -i '/^#{data_bag}/d' #{data_bag_md5s}") 50 | end 51 | # query the server for the IDs and prune any extras 52 | server_items = shell_out("knife data bag show #{data_bag} -c #{configrb}").stdout.split 53 | server_items.sort.each do |item| # sort for clearer logging 54 | next unless shell_out("grep ^#{data_bag}:#{item} #{data_bag_md5s}").error? 55 | managed_data_bag "#{organization}:#{data_bag}:#{item}" do 56 | organization organization 57 | data_bag data_bag 58 | item item 59 | action :item_prune 60 | end 61 | end 62 | end 63 | 64 | # create items for each json entry 65 | data_bag_files.sort.each do |item_json| # sort for clearer logging 66 | managed_data_bag "#{organization}:#{data_bag}:#{data_bag_dir}/#{data_bag}/#{item_json}" do 67 | organization organization 68 | data_bag data_bag 69 | item "#{data_bag_dir}/#{data_bag}/#{item_json}" 70 | action :item_create 71 | end 72 | end 73 | end 74 | end 75 | -------------------------------------------------------------------------------- /resources/environments_loader.rb: -------------------------------------------------------------------------------- 1 | resource_name :environments_loader 2 | provides :environments_loader 3 | 4 | property :directory, String, name_property: true 5 | property :organization, String, required: true 6 | 7 | action :load do 8 | environments_dir = new_resource.directory 9 | organization = new_resource.organization 10 | 11 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 12 | 13 | return if environments_dir.nil? || !Dir.exist?(environments_dir) 14 | 15 | # find existing policies on the server 16 | server_environments = {} 17 | 18 | shell_out("knife environment list -c #{configrb}").stdout.each_line do |environment| 19 | environment.strip! 20 | next if environment.nil? || environment.empty? 21 | content = JSON.load(shell_out!("knife environment show #{environment} -c #{configrb} --format json").stdout) 22 | server_environments[environment] = content 23 | end 24 | 25 | Dir.foreach(environments_dir) do |environment| 26 | next unless environment.end_with?('.rb', '.json') 27 | if environment.end_with?('.json') 28 | json = JSON.parse(::File.read(environments_dir + '/' + environment)) 29 | else # it's .rb 30 | e = Chef::Environment.new 31 | e.from_file(environments_dir + '/' + environment) 32 | json = JSON.load(e.to_json) 33 | end 34 | type = json['chef_type'] 35 | next unless type.eql?('environment') 36 | name = json['name'] 37 | execute "knife environment from file #{environment}" do 38 | command "knife environment from file #{environment} -c #{configrb}" 39 | cwd environments_dir 40 | not_if { server_environments.key?(name) && json.eql?(server_environments[name]) } 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /resources/managed_chef_server_backup.rb: -------------------------------------------------------------------------------- 1 | resource_name :managed_chef_server_backup 2 | provides :managed_chef_server_backup 3 | 4 | property :directory, String, name_property: true 5 | property :prefix, String, default: 'chef-server-backup-' 6 | property :minute, String, default: '*' 7 | property :hour, String, default: '*' 8 | property :day, String, default: '*' 9 | property :month, String, default: '*' 10 | property :weekday, String, default: '*' 11 | 12 | action :create do 13 | backup_dir = new_resource.directory 14 | command = "#{backup_dir}/backup.sh" 15 | 16 | directory backup_dir 17 | 18 | # shell script for backup 19 | file command do 20 | mode '0700' 21 | content "#/bin/sh 22 | cd #{backup_dir} 23 | PATH=$PATH:/opt/opscode/embedded/bin /opt/opscode/embedded/bin/knife ec backup --with-key-sql --with-user-sql -c /etc/opscode/pivotal.rb backup > backup.log 2>&1 24 | cd backup 25 | cp -r #{node['mcs']['managed']['dir']} chef_managed_orgs 26 | tar -czf ../#{new_resource.prefix}`date +%Y%m%d%H%M`.tgz * 27 | cd .. 28 | rm -rf backup" 29 | end 30 | 31 | cron "knife ec backup #{backup_dir}" do 32 | environment('PWD' => backup_dir) 33 | command command 34 | minute new_resource.minute 35 | hour new_resource.hour 36 | day new_resource.day 37 | month new_resource.month 38 | weekday new_resource.weekday 39 | end 40 | end 41 | -------------------------------------------------------------------------------- /resources/managed_chef_server_cron.rb: -------------------------------------------------------------------------------- 1 | resource_name :managed_chef_server_cron 2 | provides :managed_chef_server_cron 3 | 4 | property :archive, String, name_property: true 5 | property :minute, String, default: '*' 6 | property :hour, String, default: '*' 7 | property :day, String, default: '*' 8 | property :month, String, default: '*' 9 | property :weekday, String, default: '*' 10 | 11 | action :create do 12 | archive = new_resource.archive 13 | crondir = node['mcs']['cron']['zero_dir'] 14 | 15 | # chef-client under cron doesn't appreciate PWD 16 | command = "date >> /var/log/chef/client.log 2>&1; cd #{crondir}; chef-client" 17 | node['mcs']['cron']['options'].to_a.each { |x| command += " #{x}" } 18 | command += ' >> /var/log/chef/client.log 2>&1' 19 | 20 | if ::File.exist?(archive) 21 | archive_check = Chef::Config[:file_cache_path] + '/archive.check' 22 | md5sum = shell_out('md5sum', archive) 23 | 24 | # this file updates when the archive changes 25 | file archive_check do 26 | content md5sum.stdout 27 | end 28 | 29 | # delete crondir if archive is new/changed 30 | directory "delete #{crondir}" do 31 | path crondir 32 | recursive true 33 | action :nothing 34 | subscribes :delete, "file[#{archive_check}]", :immediately 35 | end 36 | 37 | directory crondir 38 | 39 | execute "tar -C #{crondir} -xzf #{archive}" do 40 | action :nothing 41 | subscribes :run, "directory[#{crondir}]", :immediately 42 | end 43 | end 44 | 45 | # ensure logging directory 46 | directory '/var/log/chef' 47 | 48 | # schedule chef-client on a recurring cron job. Override attributes as necessary 49 | cron 'chef-client' do 50 | command command 51 | minute new_resource.minute 52 | hour new_resource.hour 53 | day new_resource.day 54 | month new_resource.month 55 | weekday new_resource.weekday 56 | end 57 | end 58 | -------------------------------------------------------------------------------- /resources/managed_chef_server_restore.rb: -------------------------------------------------------------------------------- 1 | resource_name :managed_chef_server_restore 2 | provides :managed_chef_server_restore 3 | 4 | property :tarball, String, name_property: true 5 | 6 | action :run do 7 | # file and directory for restoring from backup 8 | restore_file = new_resource.tarball 9 | restore_dir = "#{Chef::Config[:file_cache_path]}/restoredir" 10 | 11 | # create restore directory if backup present 12 | directory restore_dir do 13 | only_if { defined?(restore_file) && ::File.exist?(restore_file) } 14 | end 15 | 16 | # untar backup if present 17 | execute "tar -C #{restore_dir} -xzf #{restore_file}" do 18 | action :nothing 19 | subscribes :run, "directory[#{restore_dir}]", :immediately 20 | end 21 | 22 | # restore from backup if present 23 | execute 'knife ec restore' do 24 | environment('PATH' => '/opt/opscode/embedded/bin:$PATH') 25 | command "/opt/opscode/embedded/bin/knife ec restore --with-key-sql --with-user-sql -c /etc/opscode/pivotal.rb #{restore_dir}" 26 | action :nothing 27 | subscribes :run, "execute[tar -C #{restore_dir} -xzf #{restore_file}]", :immediately 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /resources/managed_chef_server_upgrade.rb: -------------------------------------------------------------------------------- 1 | # follows https://docs.chef.io/upgrade_server/#standalone 2 | resource_name :managed_chef_server_upgrade 3 | provides :managed_chef_server_upgrade 4 | 5 | property :package_source, String, name_property: true 6 | 7 | action :upgrade do 8 | upgrade_marker = "#{Chef::Config[:file_cache_path]}/managed_chef_server.upgraded" 9 | upgrade_package = new_resource.package_source 10 | upgrade_file = ::File.basename(upgrade_package) 11 | 12 | # Check for upgrade file, exit if already upgraded. 13 | if ::File.exist?(upgrade_marker) 14 | # compare the content against the upgrade package 15 | content = ::File.read(upgrade_marker) 16 | return if content.match?(upgrade_file) 17 | end 18 | 19 | # Run the following command to make sure all services are in a sane state. 20 | execute 'chef-server-ctl reconfigure' 21 | 22 | # Stop the server. 23 | execute 'chef-server-ctl stop' do 24 | retries 3 # sometimes it's slow to stop 25 | retry_delay 30 26 | end 27 | 28 | # Install the upgrade package, don't allow downgrades. 29 | # apt_package doesn't allow source installs, specifying dpkg_package instead 30 | if platform_family?('debian') 31 | dpkg_package 'chef-server-core' do 32 | source upgrade_package 33 | action :upgrade 34 | end 35 | else 36 | package 'chef-server-core' do 37 | allow_downgrade false 38 | source upgrade_package 39 | action :upgrade 40 | end 41 | end 42 | 43 | # Upgrade the server, assumes the license has been accepted. 44 | if node['chef-server']['accept_license'] 45 | execute "CHEF_LICENSE='accept' chef-server-ctl upgrade" 46 | else 47 | log "Chef license not accepted, exiting." 48 | return 49 | end 50 | 51 | # Restart the server. 52 | execute 'chef-server-ctl start' 53 | 54 | # After the upgrade process is complete and everything is tested and verified 55 | # to be working properly, clean up the server by removing all of the old data. 56 | execute 'chef-server-ctl cleanup' 57 | 58 | # Mark that the system has already been upgraded. Re-running this process 59 | # shouldn't be an issue, but this will save time. 60 | file upgrade_marker do 61 | content upgrade_file 62 | end 63 | end 64 | -------------------------------------------------------------------------------- /resources/managed_data_bag.rb: -------------------------------------------------------------------------------- 1 | # the data bags that are loaded on the Chef server are tracked in the various 2 | # mcs-databags-* files with their items and md5 sums because this is much faster 3 | # than making a full scrape of the Chef server every run. If these files are 4 | # removed, they'll re-upload to the Chef server which shouldn't be an issue 5 | 6 | resource_name :managed_data_bag 7 | provides :managed_data_bag 8 | 9 | property :data_bag, String, required: true 10 | property :organization, String, required: true 11 | property :item, String 12 | 13 | # creates a new data bag unless there's already an entry for it in the 14 | # file tracking items that have been pushed to the Chef Server 15 | action :create do 16 | data_bag = new_resource.data_bag 17 | organization = new_resource.organization 18 | 19 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 20 | data_bag_md5s = "#{Chef::Config[:file_cache_path]}/mcs-databags-#{organization}" 21 | 22 | shell_out("touch #{data_bag_md5s}") 23 | bag_exists = !shell_out("grep ^#{data_bag}: #{data_bag_md5s}").error? 24 | 25 | unless bag_exists 26 | execute "knife data bag create #{data_bag} #{organization}" do 27 | command "knife data bag create #{data_bag} -c #{configrb}" 28 | end 29 | end 30 | end 31 | 32 | # delete the data bag and remove entries from the file tracking items pushed to 33 | # the Chef Server. Logic for identifying bags to prune is from data_bag_loader 34 | action :prune do 35 | data_bag = new_resource.data_bag 36 | organization = new_resource.organization 37 | 38 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 39 | data_bag_md5s = "#{Chef::Config[:file_cache_path]}/mcs-databags-#{organization}" 40 | 41 | bash "knife_data_bag_delete #{data_bag}" do 42 | cwd Chef::Config[:file_cache_path] 43 | code <<-EOH 44 | knife data bag delete #{data_bag} -y -c #{configrb} 45 | sed -i '/^#{data_bag}/d' #{data_bag_md5s} 46 | EOH 47 | end 48 | end 49 | 50 | # create a new data bag item from the JSON file providing it and track the entry 51 | # through the bag, item ID and MD5 52 | action :item_create do 53 | data_bag = new_resource.data_bag 54 | item_json = new_resource.item 55 | organization = new_resource.organization 56 | 57 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 58 | data_bag_md5s = "#{Chef::Config[:file_cache_path]}/mcs-databags-#{organization}" 59 | 60 | item = JSON.parse(::File.read(item_json)) 61 | item_id = item['id'] 62 | 63 | md5sum = shell_out('md5sum', item_json).stdout.split[0] 64 | item_exists = !shell_out("grep #{data_bag}:#{item_id}:#{md5sum} #{data_bag_md5s}").error? 65 | 66 | unless item_exists 67 | # remove any previous items, create data bag item, add item to data_bag_md5s 68 | bash "knife data bag from file #{data_bag} #{item_json} to #{organization}" do 69 | cwd Chef::Config[:file_cache_path] 70 | code <<-EOH 71 | sed -i '/^#{data_bag}:#{item_id}/d' #{data_bag_md5s} 72 | knife data bag from file #{data_bag} #{item_json} -c #{configrb} 73 | echo #{data_bag}:#{item_id}:#{md5sum} >> #{data_bag_md5s} 74 | EOH 75 | end 76 | end 77 | end 78 | 79 | # delete the data bag item if it is not in the file tracking items pushed to 80 | # the Chef Server. data_bag_loader checks items for verifying to prune them 81 | action :item_prune do 82 | organization = new_resource.organization 83 | data_bag = new_resource.data_bag 84 | item = new_resource.item 85 | 86 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 87 | 88 | execute "knife data bag delete #{data_bag} #{item} from #{organization}" do 89 | command "knife data bag delete #{data_bag} #{item} -y -c #{configrb}" 90 | end 91 | end 92 | -------------------------------------------------------------------------------- /resources/managed_organization.rb: -------------------------------------------------------------------------------- 1 | resource_name :managed_organization 2 | provides :managed_organization 3 | 4 | property :organization, String, name_property: true 5 | property :full_name, String, default: 'Chef Managed Organization' 6 | property :email, String, required: true 7 | property :password, String 8 | 9 | action :create do 10 | # create organization and validator.pem 11 | org_name = new_resource.organization 12 | org_full_name = new_resource.full_name 13 | org_dir = "#{node['mcs']['managed']['dir']}/#{org_name}" 14 | org_key = "#{org_dir}/#{org_name}-validator.pem" 15 | org_syntaxcache = "#{Chef::Config[:file_cache_path]}/syntaxcache/#{org_name}" 16 | 17 | # create a managed user instead of using the pivotal user 18 | user_key = "#{org_dir}/#{org_name}-user.key" 19 | user_name = "chef_managed_user_#{org_name}" 20 | user_email = new_resource.email 21 | user_first_name = 'Chef' 22 | user_last_name = 'Managed' 23 | user_pass = new_resource.password 24 | user_pass = Random.new_seed unless user_pass 25 | 26 | # create files for managing the Chef server 27 | directory org_dir do 28 | recursive true 29 | mode '0700' 30 | end 31 | 32 | # write a config.rb 33 | template "#{org_dir}/config.rb" do 34 | source 'config.rb.erb' 35 | cookbook 'managed_chef_server' 36 | mode '0400' 37 | variables( 38 | o_name: org_name, 39 | o_key: org_key, 40 | o_syntaxcache: org_syntaxcache, 41 | u_name: user_name, 42 | u_key: user_key 43 | ) 44 | end 45 | 46 | # berks config for legacy_loader 47 | template "#{org_dir}/config.json" do 48 | source 'config.json.erb' 49 | cookbook 'managed_chef_server' 50 | mode '0400' 51 | variables( 52 | o_name: org_name, 53 | o_key: org_key, 54 | u_name: user_name, 55 | u_key: user_key 56 | ) 57 | end 58 | 59 | # on restore, reset the private key 60 | execute 'delete managed user key on restore' do 61 | command "chef-server-ctl delete-user-key #{user_name} default" 62 | retries 2 63 | not_if { ::File.exist?(user_key) } 64 | not_if { !defined?(node['mcs']['restore']['file']) } 65 | only_if "chef-server-ctl list-user-keys #{user_name} | grep default" 66 | end 67 | 68 | execute 'reset managed user key on restore' do 69 | command "chef-server-ctl add-user-key #{user_name} --key-name default > #{user_key}" 70 | retries 2 71 | action :nothing 72 | subscribes :run, 'execute[delete managed user key on restore]', :immediately 73 | end 74 | 75 | # on restore copy back the organization key 76 | execute 'copy managed organization pem on restore' do 77 | command "cp #{Chef::Config[:file_cache_path]}/restoredir/chef_managed_orgs/#{org_name}/#{org_name}-validator.pem #{org_dir}/" 78 | only_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/restoredir/chef_managed_orgs/#{org_name}/#{org_name}-validator.pem") } 79 | not_if { ::File.exist?("#{org_dir}/#{org_name}-validator.pem") } 80 | end 81 | 82 | # chef-server-ctl org-create ORG_NAME ORG_FULL_NAME -f FILE_NAME 83 | execute "chef-server-ctl org-create #{org_name}" do 84 | command "chef-server-ctl org-create #{org_name} '#{org_full_name}' -f #{org_key}" 85 | retries 2 86 | not_if "chef-server-ctl org-list | grep #{org_name}" 87 | end 88 | 89 | # chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD -f FILE_NAME 90 | execute "chef-server-ctl user-create #{user_name}" do 91 | command "chef-server-ctl user-create #{user_name} #{user_first_name} #{user_last_name} #{user_email} #{user_pass} -f #{user_key}" 92 | retries 2 93 | sensitive true 94 | not_if "chef-server-ctl user-list | grep #{user_name}" 95 | end 96 | 97 | # add the managed user to the managed org as an admin 98 | execute "chef-server-ctl org-user-add #{org_name} #{user_name}" do 99 | command "chef-server-ctl org-user-add #{org_name} #{user_name} --admin" 100 | retries 2 101 | not_if "chef-server-ctl user-show #{user_name} -l | grep '^organizations:' | grep ' #{org_name}$'" 102 | end 103 | end 104 | -------------------------------------------------------------------------------- /resources/policyfile_loader.rb: -------------------------------------------------------------------------------- 1 | resource_name :policyfile_loader 2 | provides :policyfile_loader 3 | 4 | property :directory, String, name_property: true 5 | property :organization, String, required: true 6 | 7 | action :load do 8 | policyfile_dir = new_resource.directory 9 | organization = new_resource.organization 10 | 11 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 12 | 13 | return if policyfile_dir.nil? || !Dir.exist?(policyfile_dir) 14 | 15 | # find existing policies on the server 16 | server_policies = {} 17 | policyname = '' 18 | 19 | shell_out("CHEF_LICENSE='accept-no-persist' chef show-policy -c #{configrb}").stdout.each_line do |line| 20 | line.chomp! 21 | next if line.empty? || line.start_with?('=') || line =~ /NOT APPLIED/ 22 | if line.start_with?('*') 23 | server_policies[line.split[1] + line.split[2]] = policyname 24 | else 25 | policyname = line 26 | end 27 | end 28 | 29 | # only load policies that aren't in the hash produced from the server 30 | sorted_dir = Dir.entries(policyfile_dir).sort_by { |x| ::File.mtime(policyfile_dir + '/' + x) } # sort by time 31 | sorted_dir.each do |pfile| 32 | next unless pfile.end_with?(node['mcs']['policyfile']['lockfiletype']) 33 | # parse the lockfile and set the appropriate policygroup 34 | policy_lock = JSON.parse(::File.read(policyfile_dir + '/' + pfile)) 35 | policy_name = policy_lock['name'] 36 | filename = policyfile_dir + '/' + policy_name + '-' + policy_lock['revision_id'] + '.tgz' 37 | next unless ::File.exist?(filename) 38 | policy_revision = policy_lock['revision_id'][0, 10] 39 | 40 | policy_group = node['mcs']['policyfile']['group'] 41 | # are they overriding the policy group with an attribute? 42 | policy_group = policy_lock['default_attributes']['mcs']['policyfile']['group'] unless policy_lock.dig('default_attributes', 'mcs', 'policyfile', 'group').nil? 43 | policy_group = policy_lock['override_attributes']['mcs']['policyfile']['group'] unless policy_lock.dig('override_attributes', 'mcs', 'policyfile', 'group').nil? 44 | polindex = policy_group + ':' + policy_revision 45 | 46 | execute "chef push-archive #{policy_group} #{filename}" do 47 | command "CHEF_LICENSE='accept-no-persist' chef push-archive #{policy_group} #{filename} -c #{configrb}" 48 | not_if { server_policies[polindex].eql?(policy_name) } 49 | end 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /resources/roles_loader.rb: -------------------------------------------------------------------------------- 1 | resource_name :roles_loader 2 | provides :roles_loader 3 | 4 | property :directory, String, name_property: true 5 | property :organization, String, required: true 6 | 7 | action :load do 8 | roles_dir = new_resource.directory 9 | organization = new_resource.organization 10 | 11 | configrb = "#{node['mcs']['managed']['dir']}/#{organization}/config.rb" 12 | 13 | return if roles_dir.nil? || !Dir.exist?(roles_dir) 14 | 15 | # find existing policies on the server 16 | server_roles = {} 17 | 18 | shell_out("knife role list -c #{configrb}").stdout.each_line do |role| 19 | role.strip! 20 | next if role.nil? || role.empty? 21 | content = JSON.load(shell_out!("knife role show #{role} -c #{configrb} --format json").stdout) 22 | server_roles[role] = content 23 | end 24 | 25 | Dir.foreach(roles_dir) do |role| 26 | next unless role.end_with?('.rb', '.json') 27 | if role.end_with?('.json') 28 | json = JSON.parse(::File.read(roles_dir + '/' + role)) 29 | else # it's .rb 30 | r = Chef::Role.new 31 | r.from_file(roles_dir + '/' + role) 32 | json = JSON.load(r.to_json) 33 | end 34 | type = json['chef_type'] 35 | next unless type.eql?('role') 36 | name = json['name'] 37 | execute "knife role from file #{role}" do 38 | command "knife role from file #{role} -c #{configrb}" 39 | cwd roles_dir 40 | not_if { server_roles.key?(name) && json.eql?(server_roles[name]) } 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /templates/chef_infra_server.erb: -------------------------------------------------------------------------------- 1 | --- 2 | id: infra-server 3 | name: Chef Infra Server 4 | date_accepted: '<%= @time %>' 5 | accepting_product: infra-server 6 | accepting_product_version: 0.6.0 7 | user: 'managed_chef_server' 8 | file_format: 1 9 | -------------------------------------------------------------------------------- /templates/config.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "chef":{ 3 | "chef_server_url":"https://localhost/organizations/<%= @o_name %>", 4 | "validation_client_name":"<%= @o_name %>", 5 | "validation_key_path":"<%= @o_key %>", 6 | "client_key":"<%= @u_key %>", 7 | "node_name":"<%= @u_name %>" 8 | }, 9 | "ssl": { 10 | "verify":false 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /templates/config.rb.erb: -------------------------------------------------------------------------------- 1 | # managed Chef config.rb 2 | chef_server_url "https://localhost/organizations/<%= @o_name %>" 3 | client_key "<%= @u_key %>" 4 | node_name "<%= @u_name %>" 5 | ssl_verify_mode :verify_none 6 | validation_client_name "<%= @o_name %>" 7 | validation_key "<%= @o_key %>" 8 | # remove after debugging 9 | config_log_level :debug 10 | config_log_location "/tmp/<%= @u_name %>.log" 11 | syntax_check_cache_path "<%= @o_syntaxcache %>" 12 | -------------------------------------------------------------------------------- /test/chef-server-backup-202002192050.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/chef-server-backup-202002192050.tgz -------------------------------------------------------------------------------- /test/cookbooks/chef-client-11.0.3.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/chef-client-11.0.3.tar.gz -------------------------------------------------------------------------------- /test/cookbooks/iptables-f22c85827ea7aeb84405a95fb970e90adda48bf0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/iptables-f22c85827ea7aeb84405a95fb970e90adda48bf0.tgz -------------------------------------------------------------------------------- /test/cookbooks/mattray-e05a337121886cef84c257b2b34afa0ccaa7ec8b.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/mattray-e05a337121886cef84c257b2b34afa0ccaa7ec8b.tgz -------------------------------------------------------------------------------- /test/cookbooks/ntp-3.4.0.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/ntp-3.4.0.tar.gz -------------------------------------------------------------------------------- /test/cookbooks/ntp-3.5.0.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/ntp-3.5.0.tar.gz -------------------------------------------------------------------------------- /test/cookbooks/ntp-3.6.0.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/ntp-3.6.0.tar.gz -------------------------------------------------------------------------------- /test/cookbooks/openssh-364454bb9bf013a49f919a66b1234aba8c555380.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/openssh-364454bb9bf013a49f919a66b1234aba8c555380.tgz -------------------------------------------------------------------------------- /test/cookbooks/sudo-5.5.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/sudo-5.5.tar.gz -------------------------------------------------------------------------------- /test/cookbooks/sudo.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/cookbooks/sudo.tgz -------------------------------------------------------------------------------- /test/data_bags/tests/atest.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "aye", 3 | "name": "Test A" 4 | } 5 | -------------------------------------------------------------------------------- /test/data_bags/tests/test1.json: -------------------------------------------------------------------------------- 1 | { "id": "test1", "name": "Test 1" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test10.json: -------------------------------------------------------------------------------- 1 | { "id": "test10", "name": "Test 10" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test100.json: -------------------------------------------------------------------------------- 1 | { "id": "test100", "name": "Test 100" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test11.json: -------------------------------------------------------------------------------- 1 | { "id": "test11", "name": "Test 11" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test12.json: -------------------------------------------------------------------------------- 1 | { "id": "test12", "name": "Test 12" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test13.json: -------------------------------------------------------------------------------- 1 | { "id": "test13", "name": "Test 13" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test14.json: -------------------------------------------------------------------------------- 1 | { "id": "test14", "name": "Test 14" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test15.json: -------------------------------------------------------------------------------- 1 | { "id": "test15", "name": "Test 15" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test16.json: -------------------------------------------------------------------------------- 1 | { "id": "test16", "name": "Test 16" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test17.json: -------------------------------------------------------------------------------- 1 | { "id": "test17", "name": "Test 17" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test18.json: -------------------------------------------------------------------------------- 1 | { "id": "test18", "name": "Test 18" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test19.json: -------------------------------------------------------------------------------- 1 | { "id": "test19", "name": "Test 19" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test2.json: -------------------------------------------------------------------------------- 1 | { "id": "test2", "name": "Test 2" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test20.json: -------------------------------------------------------------------------------- 1 | { "id": "test20", "name": "Test 20" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test21.json: -------------------------------------------------------------------------------- 1 | { "id": "test21", "name": "Test 21" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test22.json: -------------------------------------------------------------------------------- 1 | { "id": "test22", "name": "Test 22" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test23.json: -------------------------------------------------------------------------------- 1 | { "id": "test23", "name": "Test 23" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test24.json: -------------------------------------------------------------------------------- 1 | { "id": "test24", "name": "Test 24" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test25.json: -------------------------------------------------------------------------------- 1 | { "id": "test25", "name": "Test 25" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test26.json: -------------------------------------------------------------------------------- 1 | { "id": "test26", "name": "Test 26" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test27.json: -------------------------------------------------------------------------------- 1 | { "id": "test27", "name": "Test 27" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test28.json: -------------------------------------------------------------------------------- 1 | { "id": "test28", "name": "Test 28" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test29.json: -------------------------------------------------------------------------------- 1 | { "id": "test29", "name": "Test 29" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test3.json: -------------------------------------------------------------------------------- 1 | { "id": "test3", "name": "Test 3" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test30.json: -------------------------------------------------------------------------------- 1 | { "id": "test30", "name": "Test 30" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test31.json: -------------------------------------------------------------------------------- 1 | { "id": "test31", "name": "Test 31" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test32.json: -------------------------------------------------------------------------------- 1 | { "id": "test32", "name": "Test 32" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test33.json: -------------------------------------------------------------------------------- 1 | { "id": "test33", "name": "Test 33" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test34.json: -------------------------------------------------------------------------------- 1 | { "id": "test34", "name": "Test 34" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test35.json: -------------------------------------------------------------------------------- 1 | { "id": "test35", "name": "Test 35" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test36.json: -------------------------------------------------------------------------------- 1 | { "id": "test36", "name": "Test 36" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test37.json: -------------------------------------------------------------------------------- 1 | { "id": "test37", "name": "Test 37" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test38.json: -------------------------------------------------------------------------------- 1 | { "id": "test38", "name": "Test 38" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test39.json: -------------------------------------------------------------------------------- 1 | { "id": "test39", "name": "Test 39" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test4.json: -------------------------------------------------------------------------------- 1 | { "id": "test4", "name": "Test 4" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test40.json: -------------------------------------------------------------------------------- 1 | { "id": "test40", "name": "Test 40" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test41.json: -------------------------------------------------------------------------------- 1 | { "id": "test41", "name": "Test 41" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test42.json: -------------------------------------------------------------------------------- 1 | { "id": "test42", "name": "Test 42" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test43.json: -------------------------------------------------------------------------------- 1 | { "id": "test43", "name": "Test 43" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test44.json: -------------------------------------------------------------------------------- 1 | { "id": "test44", "name": "Test 44" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test45.json: -------------------------------------------------------------------------------- 1 | { "id": "test45", "name": "Test 45" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test46.json: -------------------------------------------------------------------------------- 1 | { "id": "test46", "name": "Test 46" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test47.json: -------------------------------------------------------------------------------- 1 | { "id": "test47", "name": "Test 47" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test48.json: -------------------------------------------------------------------------------- 1 | { "id": "test48", "name": "Test 48" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test49.json: -------------------------------------------------------------------------------- 1 | { "id": "test49", "name": "Test 49" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test5.json: -------------------------------------------------------------------------------- 1 | { "id": "test5", "name": "Test 5" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test50.json: -------------------------------------------------------------------------------- 1 | { "id": "test50", "name": "Test 50" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test51.json: -------------------------------------------------------------------------------- 1 | { "id": "test51", "name": "Test 51" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test52.json: -------------------------------------------------------------------------------- 1 | { "id": "test52", "name": "Test 52" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test53.json: -------------------------------------------------------------------------------- 1 | { "id": "test53", "name": "Test 53" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test54.json: -------------------------------------------------------------------------------- 1 | { "id": "test54", "name": "Test 54" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test55.json: -------------------------------------------------------------------------------- 1 | { "id": "test55", "name": "Test 55" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test56.json: -------------------------------------------------------------------------------- 1 | { "id": "test56", "name": "Test 56" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test57.json: -------------------------------------------------------------------------------- 1 | { "id": "test57", "name": "Test 57" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test58.json: -------------------------------------------------------------------------------- 1 | { "id": "test58", "name": "Test 58" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test59.json: -------------------------------------------------------------------------------- 1 | { "id": "test59", "name": "Test 59" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test6.json: -------------------------------------------------------------------------------- 1 | { "id": "test6", "name": "Test 6" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test60.json: -------------------------------------------------------------------------------- 1 | { "id": "test60", "name": "Test 60" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test61.json: -------------------------------------------------------------------------------- 1 | { "id": "test61", "name": "Test 61" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test62.json: -------------------------------------------------------------------------------- 1 | { "id": "test62", "name": "Test 62" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test63.json: -------------------------------------------------------------------------------- 1 | { "id": "test63", "name": "Test 63" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test64.json: -------------------------------------------------------------------------------- 1 | { "id": "test64", "name": "Test 64" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test65.json: -------------------------------------------------------------------------------- 1 | { "id": "test65", "name": "Test 65" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test66.json: -------------------------------------------------------------------------------- 1 | { "id": "test66", "name": "Test 66" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test67.json: -------------------------------------------------------------------------------- 1 | { "id": "test67", "name": "Test 67" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test68.json: -------------------------------------------------------------------------------- 1 | { "id": "test68", "name": "Test 68" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test69.json: -------------------------------------------------------------------------------- 1 | { "id": "test69", "name": "Test 69" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test7.json: -------------------------------------------------------------------------------- 1 | { "id": "test7", "name": "Test 7" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test70.json: -------------------------------------------------------------------------------- 1 | { "id": "test70", "name": "Test 70" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test71.json: -------------------------------------------------------------------------------- 1 | { "id": "test71", "name": "Test 71" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test72.json: -------------------------------------------------------------------------------- 1 | { "id": "test72", "name": "Test 72" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test73.json: -------------------------------------------------------------------------------- 1 | { "id": "test73", "name": "Test 73" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test74.json: -------------------------------------------------------------------------------- 1 | { "id": "test74", "name": "Test 74" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test75.json: -------------------------------------------------------------------------------- 1 | { "id": "test75", "name": "Test 75" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test76.json: -------------------------------------------------------------------------------- 1 | { "id": "test76", "name": "Test 76" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test77.json: -------------------------------------------------------------------------------- 1 | { "id": "test77", "name": "Test 77" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test78.json: -------------------------------------------------------------------------------- 1 | { "id": "test78", "name": "Test 78" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test79.json: -------------------------------------------------------------------------------- 1 | { "id": "test79", "name": "Test 79" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test8.json: -------------------------------------------------------------------------------- 1 | { "id": "test8", "name": "Test 8" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test80.json: -------------------------------------------------------------------------------- 1 | { "id": "test80", "name": "Test 80" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test81.json: -------------------------------------------------------------------------------- 1 | { "id": "test81", "name": "Test 81" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test82.json: -------------------------------------------------------------------------------- 1 | { "id": "test82", "name": "Test 82" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test83.json: -------------------------------------------------------------------------------- 1 | { "id": "test83", "name": "Test 83" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test84.json: -------------------------------------------------------------------------------- 1 | { "id": "test84", "name": "Test 84" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test85.json: -------------------------------------------------------------------------------- 1 | { "id": "test85", "name": "Test 85" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test86.json: -------------------------------------------------------------------------------- 1 | { "id": "test86", "name": "Test 86" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test87.json: -------------------------------------------------------------------------------- 1 | { "id": "test87", "name": "Test 87" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test88.json: -------------------------------------------------------------------------------- 1 | { "id": "test88", "name": "Test 88" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test89.json: -------------------------------------------------------------------------------- 1 | { "id": "test89", "name": "Test 89" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test9.json: -------------------------------------------------------------------------------- 1 | { "id": "test9", "name": "Test 9" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test90.json: -------------------------------------------------------------------------------- 1 | { "id": "test90", "name": "Test 90" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test91.json: -------------------------------------------------------------------------------- 1 | { "id": "test91", "name": "Test 91" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test92.json: -------------------------------------------------------------------------------- 1 | { "id": "test92", "name": "Test 92" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test93.json: -------------------------------------------------------------------------------- 1 | { "id": "test93", "name": "Test 93" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test94.json: -------------------------------------------------------------------------------- 1 | { "id": "test94", "name": "Test 94" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test95.json: -------------------------------------------------------------------------------- 1 | { "id": "test95", "name": "Test 95" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test96.json: -------------------------------------------------------------------------------- 1 | { "id": "test96", "name": "Test 96" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test97.json: -------------------------------------------------------------------------------- 1 | { "id": "test97", "name": "Test 97" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test98.json: -------------------------------------------------------------------------------- 1 | { "id": "test98", "name": "Test 98" } 2 | -------------------------------------------------------------------------------- /test/data_bags/tests/test99.json: -------------------------------------------------------------------------------- 1 | { "id": "test99", "name": "Test 99" } 2 | -------------------------------------------------------------------------------- /test/data_bags/users/user1.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "user1", 3 | "name": "User 1" 4 | } 5 | -------------------------------------------------------------------------------- /test/data_bags/users/user2.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "user2", 3 | "name": "User 2" 4 | } 5 | -------------------------------------------------------------------------------- /test/data_bags/users/user3.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "user3", 3 | "name": "User Three" 4 | } 5 | -------------------------------------------------------------------------------- /test/data_bags/users/user4.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "user4", 3 | "name": "User Four" 4 | } 5 | -------------------------------------------------------------------------------- /test/environments/essex.rb: -------------------------------------------------------------------------------- 1 | name 'essex' 2 | description "Defines the network and database settings you're going to use with OpenStack. The networks will be used in the libraries provided by the osops-utils cookbook. This example is for FlatDHCP with 2 physical networks." 3 | 4 | override_attributes( 5 | 'glance' => { 6 | 'image_upload' => true, 7 | 'images' => %w(precise cirros), 8 | 'image' => { 9 | 'cirros' => 'http://hypnotoad/cirros-0.3.0-x86_64-disk.img', 10 | 'precise' => 'http://hypnotoad/precise-server-cloudimg-amd64.tar.gz', 11 | }, 12 | }, 13 | 'mysql' => { 14 | 'allow_remote_root' => true, 15 | 'root_network_acl' => '%', 16 | }, 17 | 'osops_networks' => { 18 | 'public' => '10.0.0.0/24', 19 | 'management' => '10.0.0.0/24', 20 | 'nova' => '10.0.0.0/24', 21 | }, 22 | 'nova' => { 23 | 'network' => { 24 | 'fixed_range' => '192.168.100.0/24', 25 | 'public_interface' => 'eth0', 26 | }, 27 | 'networks' => [ 28 | { 29 | 'label' => 'public', 30 | 'ipv4_cidr' => '192.168.100.0/24', 31 | 'num_networks' => '1', 32 | 'network_size' => '255', 33 | 'bridge' => 'br100', 34 | 'bridge_dev' => 'eth0', 35 | 'dns1' => '8.8.8.8', 36 | 'dns2' => '8.8.4.4', 37 | }, 38 | ], 39 | } 40 | ) 41 | 42 | cookbook_versions( 43 | 'apache2' => '= 1.4.2', 44 | 'apt' => '= 1.8.4', 45 | 'aws' => '= 0.100.6', 46 | 'build-essential' => '= 1.3.4', 47 | 'ntp' => '= 1.3.2', 48 | 'openssh' => '= 1.1.4', 49 | 'openssl' => '= 1.0.0', 50 | 'postgresql' => '= 2.2.0', 51 | 'selinux' => '= 0.5.6', 52 | 'xfs' => '= 1.1.0', 53 | 'yum' => '= 2.1.0', 54 | 'erlang' => '= 1.1.2', 55 | 'mysql' => '= 2.1.2', 56 | 'rabbitmq' => '= 1.8.0', 57 | 'database' => '= 1.3.12', 58 | 'omnibus_updater' => '= 0.1.2', 59 | 'lxc' => '= 0.1.0', 60 | 'sysctl' => '= 0.1.2', 61 | 'osops-utils' => '= 1.0.6', 62 | 'mysql-openstack' => '= 1.0.4', 63 | 'rabbitmq-openstack' => '= 1.0.4', 64 | 'keystone' => '= 2012.1.1', 65 | 'glance' => '= 2012.1.1', 66 | 'nova' => '= 2012.1.2', 67 | 'horizon' => '= 2012.1.1' 68 | ) 69 | -------------------------------------------------------------------------------- /test/environments/lab-admin.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "lab-admin", 3 | "description": "Default run_list for the Admin node", 4 | "json_class": "Chef::Role", 5 | "default_attributes": { 6 | 7 | }, 8 | "override_attributes": { 9 | 10 | }, 11 | "chef_type": "role", 12 | "run_list": [ 13 | "recipe[apt::cacher-ng]", 14 | "recipe[apt::cacher-client]", 15 | "recipe[ntp]", 16 | "recipe[openssh]", 17 | "recipe[users::sysadmins]", 18 | "recipe[sudo]", 19 | "recipe[chef-client::config]", 20 | "recipe[chef-client::service]" 21 | ], 22 | "env_run_lists": { 23 | 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /test/environments/lab.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "lab", 3 | "description": "Environment defining the lab support infrastructure.", 4 | "cookbook_versions": { 5 | 6 | }, 7 | "json_class": "Chef::Environment", 8 | "chef_type": "environment", 9 | "default_attributes": { 10 | 11 | }, 12 | "override_attributes": { 13 | "apt": { 14 | "cacher_ipaddress": "10.0.0.2", 15 | "cacher-client": { 16 | "restrict_environment": true 17 | }, 18 | "cacher_interface": "eth1" 19 | }, 20 | "authorization": { 21 | "sudo": { 22 | "groups": [ 23 | "admin", 24 | "wheel", 25 | "sysadmin" 26 | ], 27 | "users": [ 28 | "mray" 29 | ], 30 | "passwordless": true, 31 | "include_sudoers_d": true 32 | } 33 | }, 34 | "chef_client": { 35 | "config": { 36 | "http_retry_delay": 10, 37 | "log_level": ":warn" 38 | } 39 | }, 40 | "chef-server": { 41 | "package_file": "http://10.0.0.2:9630/chef-full-stack/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb", 42 | "package_checksum": "7c4b2407d44bbd0e39f7ecdc5eee8106919dee8bdad64b38f1da4b759cf3d67f" 43 | }, 44 | "dnsmasq": { 45 | "enable_dhcp": true, 46 | "enable_dns": false, 47 | "dhcp": { 48 | "dhcp-authoritative": null, 49 | "dhcp-range": "eth1,10.0.0.10,10.0.0.100,12h", 50 | "dhcp-option": "3", 51 | "domain": "lab.atx", 52 | "interface": "eth1", 53 | "dhcp-boot": "pxelinux.0", 54 | "enable-tftp": null, 55 | "tftp-root": "/var/lib/tftpboot", 56 | "tftp-secure": null 57 | }, 58 | "dhcp_options": [ 59 | "dhcp-host=80:ee:73:0a:fa:d9,crushinator,10.0.0.11", 60 | "dhcp-host=10:78:d2:c8:b2:51,ignar,10.0.0.12", 61 | "dhcp-host=10:78:d2:c8:b2:07,larry,10.0.0.13", 62 | "dhcp-host=00:19:66:16:b8:d9,lrrr,10.0.0.14", 63 | "dhcp-host=00:16:41:14:50:f5,mom,10.0.0.10" 64 | ] 65 | }, 66 | "ntp": { 67 | "sync_clock": true, 68 | "sync_hw_clock": true 69 | }, 70 | "pxe_dust": { 71 | "chefversion": "11.8.2", 72 | "interface": "eth1", 73 | "chef_server_url": "https://guenter.lab.atx", 74 | "validation_client_name": "admin", 75 | "validation_key": "/etc/chef-server/guenter.pem" 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /test/environments/vagrant.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vagrant", 3 | "description": "Vagrant infrastructure.", 4 | "cookbook_versions": { 5 | 6 | }, 7 | "json_class": "Chef::Environment", 8 | "chef_type": "environment", 9 | "default_attributes": { 10 | 11 | }, 12 | "override_attributes": { 13 | "apt": { 14 | "cacher-client": { 15 | "restrict_environment": true 16 | } 17 | }, 18 | "authorization": { 19 | "sudo": { 20 | "groups": [ 21 | "admin", 22 | "wheel", 23 | "sysadmin" 24 | ], 25 | "users": [ 26 | "mray" 27 | ], 28 | "passwordless": true, 29 | "include_sudoers_d": true 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /test/integration/backup/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::backup 2 | 3 | # backup dir 4 | describe directory('/tmp/kitchen/cache/mcs-backups') do 5 | it { should exist } 6 | end 7 | 8 | describe file('/tmp/kitchen/cache/mcs-backups/backup.sh') do 9 | it { should exist } 10 | it { should be_executable } 11 | end 12 | 13 | # add crontab entry for cron[knife ec backup] 14 | describe crontab do 15 | its('commands') { should include '/tmp/kitchen/cache/mcs-backups/backup.sh' } 16 | end 17 | 18 | describe crontab.commands('/tmp/kitchen/cache/mcs-backups/backup.sh') do 19 | its('minutes') { should cmp '*/5' } 20 | its('hours') { should cmp '*' } 21 | end 22 | -------------------------------------------------------------------------------- /test/integration/cron/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::cron 2 | 3 | # defaults brought over, testing with different managed org dir 4 | describe port(80) do 5 | it { should be_listening } 6 | end 7 | 8 | describe port(443) do 9 | it { should be_listening } 10 | end 11 | 12 | describe directory('/root/managed') do 13 | it { should exist } 14 | end 15 | 16 | describe directory('/root/managed/test_org') do 17 | it { should exist } 18 | end 19 | 20 | # config.rb 21 | [ '/root/managed/test_org/config.rb', '/root/managed/test_org/config.json' ].each do |conf| 22 | describe file conf do 23 | it { should exist } 24 | its('mode') { should cmp '0400' } 25 | its('content') { should match %r{chef_server_url.*https://localhost/organizations/test_org} } 26 | its('content') { should match /validation_client_name.*test_org/ } 27 | its('content') { should match %r{validation_key.*/root/managed/test_org/test_org-validator.pem} } 28 | its('content') { should match %r{client_key.*/root/managed/test_org/test_org-user.key} } 29 | its('content') { should match /node_name.*chef_managed_user_test_org/ } 30 | end 31 | end 32 | 33 | describe file '/root/managed/test_org/test_org-validator.pem' do 34 | it { should exist } 35 | end 36 | 37 | describe file '/root/managed/test_org/test_org-user.key' do 38 | it { should exist } 39 | end 40 | 41 | describe file '/etc/opscode/chef-server.rb' do 42 | it { should exist } 43 | # its('content') { should match /^opscode_solr4\['heap_size'\] = / } 44 | # its('content') { should match /^postgresql\['checkpoint_completion_target'\] = 0.9$/ } 45 | # its('content') { should match /^postgresql\['checkpoint_segments'\] = 64$/ } 46 | # its('content') { should match /^postgresql\['log_min_duration_statement'\] = 1000$/ } 47 | end 48 | 49 | # cron dir 50 | describe directory('/tmp/kitchen/cache/mcs-cron') do 51 | it { should exist } 52 | end 53 | 54 | describe file('/tmp/kitchen/cache/archive.check') do 55 | it { should exist } 56 | end 57 | 58 | # add crontab entry for cron[knife ec backup] 59 | describe crontab do 60 | its('commands') { should include 'date >> /var/log/chef/client.log 2>&1; cd /tmp/kitchen/cache/mcs-cron; chef-client --local-mode -F min >> /var/log/chef/client.log 2>&1' } 61 | end 62 | 63 | describe crontab.commands('date >> /var/log/chef/client.log 2>&1; cd /tmp/kitchen/cache/mcs-cron; chef-client --local-mode -F min >> /var/log/chef/client.log 2>&1') do 64 | its('minutes') { should cmp '*/5' } 65 | its('hours') { should cmp '*' } 66 | its('days') { should cmp '*' } 67 | end 68 | -------------------------------------------------------------------------------- /test/integration/data_bags/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::data_bag_loader 2 | 3 | # check output of knife commands 4 | 5 | describe command('knife data bag list -c /etc/opscode/managed/test_org/config.rb') do 6 | its('stdout') { should match /^users$/ } 7 | its('stdout') { should match /^tests$/ } 8 | end 9 | 10 | describe command('knife data bag show users -c /etc/opscode/managed/test_org/config.rb') do 11 | its('stdout') { should_not match /^user 1$/ } # this one should be pruned 12 | its('stdout') { should match /^user2$/ } 13 | its('stdout') { should match /^user3$/ } 14 | its('stdout') { should match /^user4$/ } 15 | end 16 | 17 | # this one is updated by the data_bag_loader 18 | describe command('knife data bag show users user2 -c /etc/opscode/managed/test_org/config.rb') do 19 | its('stdout') { should match /^name: User 2$/ } 20 | end 21 | 22 | describe command('knife data bag show users user3 -c /etc/opscode/managed/test_org/config.rb') do 23 | its('stdout') { should match /^name: User Three$/ } 24 | end 25 | 26 | describe command('knife data bag show tests -c /etc/opscode/managed/test_org/config.rb') do 27 | its('stdout') { should match /^test1$/ } 28 | its('stdout') { should match /^test2$/ } 29 | its('stdout') { should match /^test3$/ } 30 | its('stdout') { should match /^test4$/ } 31 | its('stdout') { should match /^test5$/ } 32 | its('stdout') { should match /^test6$/ } 33 | its('stdout') { should match /^test7$/ } 34 | its('stdout') { should match /^test8$/ } 35 | its('stdout') { should match /^test9$/ } 36 | its('stdout') { should match /^test10$/ } 37 | its('stdout') { should match /^test11$/ } 38 | its('stdout') { should match /^test12$/ } 39 | its('stdout') { should match /^test13$/ } 40 | its('stdout') { should match /^test14$/ } 41 | its('stdout') { should match /^test15$/ } 42 | its('stdout') { should match /^test16$/ } 43 | its('stdout') { should match /^test17$/ } 44 | its('stdout') { should match /^test18$/ } 45 | its('stdout') { should match /^test19$/ } 46 | its('stdout') { should match /^test20$/ } 47 | its('stdout') { should match /^test21$/ } 48 | its('stdout') { should match /^test22$/ } 49 | its('stdout') { should match /^test23$/ } 50 | its('stdout') { should match /^test24$/ } 51 | its('stdout') { should match /^test25$/ } 52 | its('stdout') { should match /^test26$/ } 53 | its('stdout') { should match /^test27$/ } 54 | its('stdout') { should match /^test28$/ } 55 | its('stdout') { should match /^test29$/ } 56 | its('stdout') { should match /^test30$/ } 57 | its('stdout') { should match /^test31$/ } 58 | its('stdout') { should match /^test32$/ } 59 | its('stdout') { should match /^test33$/ } 60 | its('stdout') { should match /^test34$/ } 61 | its('stdout') { should match /^test35$/ } 62 | its('stdout') { should match /^test36$/ } 63 | its('stdout') { should match /^test37$/ } 64 | its('stdout') { should match /^test38$/ } 65 | its('stdout') { should match /^test39$/ } 66 | its('stdout') { should match /^test40$/ } 67 | its('stdout') { should match /^test41$/ } 68 | its('stdout') { should match /^test42$/ } 69 | its('stdout') { should match /^test43$/ } 70 | its('stdout') { should match /^test44$/ } 71 | its('stdout') { should match /^test45$/ } 72 | its('stdout') { should match /^test46$/ } 73 | its('stdout') { should match /^test47$/ } 74 | its('stdout') { should match /^test48$/ } 75 | its('stdout') { should match /^test49$/ } 76 | its('stdout') { should match /^test50$/ } 77 | its('stdout') { should match /^test51$/ } 78 | its('stdout') { should match /^test52$/ } 79 | its('stdout') { should match /^test53$/ } 80 | its('stdout') { should match /^test54$/ } 81 | its('stdout') { should match /^test55$/ } 82 | its('stdout') { should match /^test56$/ } 83 | its('stdout') { should match /^test57$/ } 84 | its('stdout') { should match /^test58$/ } 85 | its('stdout') { should match /^test59$/ } 86 | its('stdout') { should match /^test60$/ } 87 | its('stdout') { should match /^test61$/ } 88 | its('stdout') { should match /^test62$/ } 89 | its('stdout') { should match /^test63$/ } 90 | its('stdout') { should match /^test64$/ } 91 | its('stdout') { should match /^test65$/ } 92 | its('stdout') { should match /^test66$/ } 93 | its('stdout') { should match /^test67$/ } 94 | its('stdout') { should match /^test68$/ } 95 | its('stdout') { should match /^test69$/ } 96 | its('stdout') { should match /^test70$/ } 97 | its('stdout') { should match /^test71$/ } 98 | its('stdout') { should match /^test72$/ } 99 | its('stdout') { should match /^test73$/ } 100 | its('stdout') { should match /^test74$/ } 101 | its('stdout') { should match /^test75$/ } 102 | its('stdout') { should match /^test76$/ } 103 | its('stdout') { should match /^test77$/ } 104 | its('stdout') { should match /^test78$/ } 105 | its('stdout') { should match /^test79$/ } 106 | its('stdout') { should match /^test80$/ } 107 | its('stdout') { should match /^test81$/ } 108 | its('stdout') { should match /^test82$/ } 109 | its('stdout') { should match /^test83$/ } 110 | its('stdout') { should match /^test84$/ } 111 | its('stdout') { should match /^test85$/ } 112 | its('stdout') { should match /^test86$/ } 113 | its('stdout') { should match /^test87$/ } 114 | its('stdout') { should match /^test88$/ } 115 | its('stdout') { should match /^test89$/ } 116 | its('stdout') { should match /^test90$/ } 117 | its('stdout') { should match /^test91$/ } 118 | its('stdout') { should match /^test92$/ } 119 | its('stdout') { should match /^test93$/ } 120 | its('stdout') { should match /^test94$/ } 121 | its('stdout') { should match /^test95$/ } 122 | its('stdout') { should match /^test96$/ } 123 | its('stdout') { should match /^test97$/ } 124 | its('stdout') { should match /^test98$/ } 125 | its('stdout') { should match /^test99$/ } 126 | its('stdout') { should match /^test100$/ } 127 | its('stdout') { should match /^aye$/ } 128 | end 129 | -------------------------------------------------------------------------------- /test/integration/data_collector/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::_data_collector 2 | 3 | describe file '/etc/opscode/chef-server.rb' do 4 | it { should exist } 5 | its('content') { should match %r{^data_collector\['root_url'\] = 'https://inez.bottlebru.sh/data-collector/v0/'} } 6 | its('content') { should match /^data_collector\['proxy'\] = true/ } 7 | its('content') { should match %r{^profiles\['root_url'\] = 'https://inez.bottlebru.sh'} } 8 | end 9 | -------------------------------------------------------------------------------- /test/integration/default/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::default 2 | 3 | # This is an example test, replace it with your own test. 4 | describe port(80) do 5 | it { should be_listening } 6 | end 7 | 8 | describe port(443) do 9 | it { should be_listening } 10 | end 11 | 12 | describe directory('/etc/opscode/managed') do 13 | it { should exist } 14 | end 15 | 16 | describe directory('/etc/opscode/managed/test_org') do 17 | it { should exist } 18 | end 19 | 20 | # config.rb 21 | describe file '/etc/opscode/managed/test_org/config.rb' do 22 | it { should exist } 23 | its('mode') { should cmp '0400' } 24 | its('content') { should match %r{chef_server_url.*https://localhost/organizations/test_org} } 25 | its('content') { should match %r{validation_client_name.*test_org} } 26 | its('content') { should match %r{validation_key.*/etc/opscode/managed/test_org/test_org-validator.pem} } 27 | its('content') { should match %r{client_key.*/etc/opscode/managed/test_org/test_org-user.key} } 28 | its('content') { should match %r{node_name.*chef_managed_user_test_org} } 29 | its('content') { should match %r{syntax_check_cache_path.*syntaxcache/test_org} } 30 | end 31 | 32 | # config.json 33 | describe file '/etc/opscode/managed/test_org/config.json' do 34 | it { should exist } 35 | its('mode') { should cmp '0400' } 36 | its('content') { should match %r{chef_server_url.*https://localhost/organizations/test_org} } 37 | its('content') { should match %r{validation_client_name.*test_org} } 38 | its('content') { should match %r{validation_key.*/etc/opscode/managed/test_org/test_org-validator.pem} } 39 | its('content') { should match %r{client_key.*/etc/opscode/managed/test_org/test_org-user.key} } 40 | its('content') { should match %r{node_name.*chef_managed_user_test_org} } 41 | end 42 | 43 | describe file '/etc/opscode/managed/test_org/test_org-validator.pem' do 44 | it { should exist } 45 | end 46 | 47 | describe file '/etc/opscode/managed/test_org/test_org-user.key' do 48 | it { should exist } 49 | end 50 | 51 | describe file '/etc/opscode/chef-server.rb' do 52 | it { should exist } 53 | # its('content') { should match /^opscode_solr4\['heap_size'\] = / } 54 | # its('content') { should match /^postgresql\['checkpoint_completion_target'\] = 0.9$/ } 55 | # its('content') { should match /^postgresql\['checkpoint_segments'\] = 64$/ } 56 | # its('content') { should match /^postgresql\['log_min_duration_statement'\] = 1000$/ } 57 | end 58 | -------------------------------------------------------------------------------- /test/integration/legacy/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::legacy 2 | 3 | # check output of knife commands 4 | 5 | describe command('knife environment list -c /etc/opscode/managed/test_org/config.rb') do 6 | its('stdout') { should match /^_default$/ } 7 | its('stdout') { should match /^essex$/ } 8 | its('stdout') { should match /^lab$/ } 9 | its('stdout') { should match /^vagrant$/ } 10 | its('stdout') { should_not match /^lab-admin$/ } 11 | end 12 | 13 | describe command('knife role list -c /etc/opscode/managed/test_org/config.rb') do 14 | its('stdout') { should match /^base$/ } 15 | its('stdout') { should match /^lab-admin$/ } 16 | its('stdout') { should match /^lab-base$/ } 17 | its('stdout') { should_not match /^lab-environment$/ } 18 | end 19 | 20 | # these are going to drift because of Berkshelf 21 | describe command('knife cookbook list -c /etc/opscode/managed/test_org/config.rb') do 22 | its('stdout') { should match /^apt\s+7.4.0$/ } 23 | its('stdout') { should match /^chef-client\s+11.0.3$/ } 24 | its('stdout') { should match /^cron\s+6.4.0$/ } 25 | its('stdout') { should match /^iptables\s+4.3.4$/ } 26 | its('stdout') { should match /^logrotate\s+2.3.0$/ } 27 | its('stdout') { should match /^mattray\s+0.8.0$/ } 28 | its('stdout') { should match /^ntp\s+3.6.0/ } 29 | its('stdout') { should match /^sudo\s+5.5.0/ } 30 | end 31 | 32 | describe command('knife cookbook show ntp -c /etc/opscode/managed/test_org/config.rb') do 33 | its('stdout') { should match /^ntp.*3.6.0/ } 34 | end 35 | 36 | describe command('knife cookbook show sudo -c /etc/opscode/managed/test_org/config.rb') do 37 | its('stdout') { should match /^sudo.*5.4.0$/ } 38 | end 39 | -------------------------------------------------------------------------------- /test/integration/policyfiles/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::policyfiles 2 | 3 | # check output of chef show-policy 4 | 5 | # verify the ChefDK 6 | describe command('chef') do 7 | it { should exist } 8 | end 9 | 10 | describe command('CHEF_LICENSE="accept-no-persist" chef show-policy -c /etc/opscode/managed/test_org/config.rb') do 11 | its('stdout') { should match /^base$/ } 12 | its('stdout') { should match /^\*\s_default:\s*bea04861be$/ } 13 | its('stdout') { should match /^\*\shome:\s*\*NOT\sAPPLIED\*$/ } 14 | its('stdout') { should match /^beaglebone$/ } 15 | its('stdout') { should match /^\*\s_default:\s*d99228eafe$/ } 16 | its('stdout') { should match /^macbookpro$/ } 17 | its('stdout') { should match /^\*\s_default:\s*\*NOT\sAPPLIED\*$/ } 18 | its('stdout') { should match /^\*\shome:\s*3e28786370$/ } 19 | end 20 | 21 | describe command('CHEF_LICENSE="accept-no-persist" chef show-policy base -c /etc/opscode/managed/test_org/config.rb') do 22 | its('stdout') { should match /^base$/ } 23 | its('stdout') { should match /^\*\s_default:\s*bea04861be$/ } 24 | its('stdout') { should match /^\*\shome:\s*\*NOT\sAPPLIED\*$/ } 25 | end 26 | 27 | describe command('CHEF_LICENSE="accept-no-persist" chef show-policy beaglebone -c /etc/opscode/managed/test_org/config.rb') do 28 | its('stdout') { should match /^beaglebone$/ } 29 | its('stdout') { should match /^\*\s_default:\s*d99228eafe$/ } 30 | its('stdout') { should match /^\*\shome:\s*\*NOT\sAPPLIED\*$/ } 31 | end 32 | 33 | describe command('CHEF_LICENSE="accept-no-persist" chef show-policy macbookpro -c /etc/opscode/managed/test_org/config.rb') do 34 | its('stdout') { should match /^macbookpro$/ } 35 | its('stdout') { should match /^\*\s_default:\s*\*NOT\sAPPLIED\*$/ } 36 | its('stdout') { should match /^\*\shome:\s*3e28786370$/ } 37 | end 38 | -------------------------------------------------------------------------------- /test/integration/restore/default_test.rb: -------------------------------------------------------------------------------- 1 | # Inspec test for recipe managed_chef_server::restore 2 | 3 | # check output of knife commands 4 | 5 | describe command('knife environment list -c /etc/opscode/managed/test_org/config.rb') do 6 | its('stdout') { should match /^_default$/ } 7 | its('stdout') { should match /^essex$/ } 8 | its('stdout') { should match /^lab$/ } 9 | its('stdout') { should match /^vagrant$/ } 10 | its('stdout') { should_not match /^lab-admin$/ } 11 | end 12 | 13 | describe command('knife role list -c /etc/opscode/managed/test_org/config.rb') do 14 | its('stdout') { should match /^base$/ } 15 | its('stdout') { should match /^lab-admin$/ } 16 | its('stdout') { should match /^lab-base$/ } 17 | its('stdout') { should_not match /^lab-environment$/ } 18 | end 19 | 20 | # these are should not drift because we're restoring from the backup 21 | describe command('knife cookbook list -c /etc/opscode/managed/test_org/config.rb') do 22 | its('stdout') { should match /^apt\s+7.2.0$/ } 23 | its('stdout') { should match /^chef-client\s+11.0.3$/ } 24 | its('stdout') { should match /^cron\s+6.2.2$/ } 25 | its('stdout') { should match /^iptables\s+4.3.4$/ } 26 | its('stdout') { should match /^logrotate\s+2.2.2$/ } 27 | its('stdout') { should match /^mattray\s+0.8.0$/ } 28 | its('stdout') { should match /^ntp\s+3.6.0/ } 29 | its('stdout') { should match /^sudo\s+5.5.0/ } 30 | end 31 | 32 | describe command('knife cookbook show ntp -c /etc/opscode/managed/test_org/config.rb') do 33 | its('stdout') { should match /^ntp.*3.6.0/ } 34 | end 35 | 36 | describe command('knife cookbook show sudo -c /etc/opscode/managed/test_org/config.rb') do 37 | its('stdout') { should match /^sudo.*5.4.0$/ } 38 | end 39 | -------------------------------------------------------------------------------- /test/integration/test_cookbook/README.md: -------------------------------------------------------------------------------- 1 | # test_cookbook 2 | 3 | Set /etc/hosts and sets attributes to enable data_collector testing 4 | -------------------------------------------------------------------------------- /test/integration/test_cookbook/attributes/default.rb: -------------------------------------------------------------------------------- 1 | override['mcs']['data_collector']['proxy'] = true 2 | override['mcs']['data_collector']['root_url'] = 'https://inez.bottlebru.sh/data-collector/v0/' 3 | override['mcs']['data_collector']['token'] = '35V9X1VO0VRSeUjukPmBsihvwXI=' 4 | override['mcs']['profiles']['root_url'] = 'https://inez.bottlebru.sh' 5 | -------------------------------------------------------------------------------- /test/integration/test_cookbook/files/inez_bottlebru_sh.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDnTCCAoWgAwIBAgIRAPpq2pnU5Vz970hdhNCidpowDQYJKoZIhvcNAQELBQAw 3 | WTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUNoZWYgU29mdHdhcmUxFjAUBgNVBAsT 4 | DUNoZWYgQXV0b21hdGUxGjAYBgNVBAMTEWluZXouYm90dGxlYnJ1LnNoMB4XDTIw 5 | MDIxMTIzMzg0MloXDTMwMDIwODIzMzg0MlowWTELMAkGA1UEBhMCVVMxFjAUBgNV 6 | BAoTDUNoZWYgU29mdHdhcmUxFjAUBgNVBAsTDUNoZWYgQXV0b21hdGUxGjAYBgNV 7 | BAMTEWluZXouYm90dGxlYnJ1LnNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 8 | CgKCAQEAoVst3pHB1l/FpmB9mxyjfM1CKgqt/Rny6WHHN3IDndgT+FUImsRS1I0r 9 | l2C3+wtdrdolILyDbOof7zL4gNfncJ1TSF+WO5fq/B4RJylJA7Xl48HVw696oHiz 10 | Lo0inIqdTaN6VKFESb4OxvuzdtjACRUVc5sov9IU2YG+ba/NXVlIakCihfJaUYH9 11 | RPUtjgPB9tFXqoLAQ2kL1ZiFpVyoDYGasDXD8zLiRlA+n3DPmZVa296qZkHMW+sv 12 | MLfpKa0HgOiSo++srDH2Xb3UBaxuutNRZd9ale4V+bRSXYn1m55Oc5LDZh8yIyUq 13 | 4CGZsqHfDesOrZCjR5ymauzEbjXYmQIDAQABo2AwXjAOBgNVHQ8BAf8EBAMCAqQw 14 | HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8w 15 | HAYDVR0RBBUwE4IRaW5lei5ib3R0bGVicnUuc2gwDQYJKoZIhvcNAQELBQADggEB 16 | AJdVKwFhLwrq3tdVhMuvifTlixRbA91MMhdHiYz9FAMfaZcTHVSuLPBS2l0aZlnQ 17 | 96F9wRyAUVyGFfdZsaJt0wEnlK5BC0wmDOR6e4T8ODTw8BhNcnKhS5Y3sn9jn1H2 18 | Lb1TMR5QaqBUzvrqS4/kZRr3x1tF0oNa2GO2/ZrI/36Um87RD0p5SmiRbmluNa7Y 19 | CusIzuh2m0otm8l+3+ifsQgcPpkAuD/lloW1S4AyXVVUaNIgwF3vd5x37H86KvpI 20 | 9XtcS5HUQ2ubiJKwopiLcrDF2tMAZQ7pfLVt75GT+0zbboXJUOOl7A5oklN4+ugW 21 | RFwxFcL2uwUSfWH8vmyVzDo= 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /test/integration/test_cookbook/files/ndnd_bottlebru_sh.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEEjCCAvqgAwIBAgIVAONdaqFsLfH6I17wfLpyIOD3iiwXMA0GCSqGSIb3DQEB 3 | CwUAMFAxCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdZb3VDb3JwMRMwEQYDVQQLDApP 4 | cGVyYXRpb25zMRowGAYDVQQDDBFuZG5kLmJvdHRsZWJydS5zaDAeFw0yMDAyMTQw 5 | NTEzMjZaFw0zMDAyMTEwNTEzMjZaMFAxCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdZ 6 | b3VDb3JwMRMwEQYDVQQLDApPcGVyYXRpb25zMRowGAYDVQQDDBFuZG5kLmJvdHRs 7 | ZWJydS5zaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALC3gcmV0js2 8 | OGwH/uA6vY6tgoc56SA7T79O8wIJCIqiO0Mw6A3Qg9ASFj0n2e9jvul393cDhK0y 9 | AETwBm2z4Uvx+e/aQdZpmdG1wc3lCuZ+xtQGjXwaahVIEl5cINS/8bU4Ruu9oFSD 10 | vWxfMEtksvHYP2d7PVbyBG+lhKajaJzuB1ucfM2EiFi+zAlh90b2LX21DVTEEl+6 11 | wWH1MMRLqJnix0b1fCqX6bdDVVKwn7oqvbEVYi1iwk61ltmIUgM2elbfuZ7SQTkg 12 | WH0ar3jdX+SfY5PEfJxxjZTaENNB256GxkqR65a9uY9uiGBTo6Qyb/k4AvLitpuJ 13 | DS2w60ImeJ8CAwEAAaOB4jCB3zAcBgNVHREEFTATghFuZG5kLmJvdHRsZWJydS5z 14 | aDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRZei6idyE/nCTIs31VgejxWLJ1 15 | 7zCBjgYDVR0jBIGGMIGDgBRZei6idyE/nCTIs31VgejxWLJ176FUpFIwUDELMAkG 16 | A1UEBhMCVVMxEDAOBgNVBAoMB1lvdUNvcnAxEzARBgNVBAsMCk9wZXJhdGlvbnMx 17 | GjAYBgNVBAMMEW5kbmQuYm90dGxlYnJ1LnNoghUA411qoWwt8fojXvB8unIg4PeK 18 | LBcwDQYJKoZIhvcNAQELBQADggEBAClRnvOkg+HwJPsHPOIH3IcWo+X6Xi0umadP 19 | rmNEHQCkZbJMe3K5BRYxoifZgZ7cbTzGsn9N/aH+/SjlH9FVdj53LuqDSS7KyfQ6 20 | yE/MX96/oRt7HAQqZJprLAk903J9h6ojb68e2YgiYPLTNtTh3cDpScKn5t/rbWdX 21 | 6SvWdtM/cNDfHfxBzGhBIoVyDlfSbamYDbzwH1JXG8kCsdnZ+28lLW5HN1/lw9lT 22 | 505ghcWZENYM/0IQCw7p1yP5OwcyuBVb3BGYptoZt6rZUW65n5KbiKT2/szqREAx 23 | QxHYjlzV3WVG3fEy92GBYQF/nsVdyHx2LkFkNLgeUslJ/BKBECg= 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /test/integration/test_cookbook/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'test_cookbook' 2 | maintainer 'Matt Ray' 3 | maintainer_email 'matt@chef.io' 4 | license 'Apache-2.0' 5 | description 'Testing cookbook' 6 | version '0.1.0' 7 | 8 | depends 'line', '~> 2.8' 9 | -------------------------------------------------------------------------------- /test/integration/test_cookbook/recipes/default.rb: -------------------------------------------------------------------------------- 1 | directory "#{Chef::Config.etc_chef_dir}/trusted_certs" 2 | 3 | # self-signed cert for internal A2 testing 4 | cookbook_file "#{Chef::Config.etc_chef_dir}/trusted_certs/inez_bottlebru_sh.crt" do 5 | sensitive true 6 | source 'inez_bottlebru_sh.crt' 7 | mode '0644' 8 | end 9 | 10 | # self-signed cert for internal Chef Infra Server 11 | cookbook_file "#{Chef::Config.etc_chef_dir}/trusted_certs/ndnd_bottlebru_sh.crt" do 12 | sensitive true 13 | source 'ndnd_bottlebru_sh.crt' 14 | mode '0644' 15 | end 16 | 17 | append_if_no_line 'add ndnd & inez to /etc/hosts' do 18 | path '/etc/hosts' 19 | line '10.0.0.2 ndnd ndnd.bottlebru.sh' 20 | line '10.0.0.10 inez inez.bottlebru.sh' 21 | end 22 | -------------------------------------------------------------------------------- /test/integration/upgrade13/default_test.rb: -------------------------------------------------------------------------------- 1 | # InSpec test for recipe managed_chef_server::upgrade 2 | 3 | if os.debian? 4 | describe file '/tmp/kitchen/cache/managed_chef_server.upgraded' do 5 | it { should exist } 6 | its('content') { should match /^chef-server-core_13.2.0-1_amd64.deb$/ } 7 | end 8 | describe command('apt list --installed | grep chef-server-core') do 9 | its('stdout') { should match /^chef-server-core/ } 10 | its('stdout') { should match /13.2.0-1/ } 11 | its('stdout') { should match /amd64/ } 12 | end 13 | elsif os.redhat? 14 | describe file '/tmp/kitchen/cache/managed_chef_server.upgraded' do 15 | it { should exist } 16 | its('content') { should match /^chef-server-core-13.2.0-1.el7.x86_64.rpm$/ } 17 | end 18 | describe command('rpm -aq | grep chef-server-core') do 19 | its('stdout') { should match /^chef-server-core-13.2.0-1.el7.x86_64$/ } 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /test/integration/upgrade14/default_test.rb: -------------------------------------------------------------------------------- 1 | # InSpec test for recipe managed_chef_server::upgrade 2 | 3 | if os.debian? 4 | describe file '/tmp/kitchen/cache/managed_chef_server.upgraded' do 5 | it { should exist } 6 | its('content') { should match /^chef-server-core_14.3.14-1_amd64.deb$/ } 7 | end 8 | describe command('apt list --installed | grep chef-server-core') do 9 | its('stdout') { should match /^chef-server-core/ } 10 | its('stdout') { should match /14.3.14-1/ } 11 | its('stdout') { should match /amd64/ } 12 | end 13 | elsif os.redhat? 14 | describe file '/tmp/kitchen/cache/managed_chef_server.upgraded' do 15 | it { should exist } 16 | its('content') { should match /^chef-server-core-14.3.14-1.el7.x86_64.rpm$/ } 17 | end 18 | describe command('rpm -aq | grep chef-server-core') do 19 | its('stdout') { should match /^chef-server-core-14.3.14-1.el7.x86_64$/ } 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /test/policyfiles/base-53e07f37074575abfe75bbb74032f6cd63fc566ff2b8e655f9a2ddf91a3615a8.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/policyfiles/base-53e07f37074575abfe75bbb74032f6cd63fc566ff2b8e655f9a2ddf91a3615a8.tgz -------------------------------------------------------------------------------- /test/policyfiles/base-7427d6677d53d5953ce721e7ff3335acdf4b9f1a81cf5c81cd237088f1198efe.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/policyfiles/base-7427d6677d53d5953ce721e7ff3335acdf4b9f1a81cf5c81cd237088f1198efe.tgz -------------------------------------------------------------------------------- /test/policyfiles/base-bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/policyfiles/base-bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008.tgz -------------------------------------------------------------------------------- /test/policyfiles/base.lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "revision_id": "bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008", 3 | "name": "base", 4 | "run_list": [ 5 | "recipe[chef-client::config]", 6 | "recipe[chef-client::service]", 7 | "recipe[chef-client::delete_validation]", 8 | "recipe[ntp::default]", 9 | "recipe[openssh::default]", 10 | "recipe[sudo::default]", 11 | "recipe[mattray::default]" 12 | ], 13 | "included_policy_locks": [ 14 | 15 | ], 16 | "cookbook_locks": { 17 | "chef-client": { 18 | "version": "11.0.0", 19 | "identifier": "f3b5a97fe4f47a0041e9f76a60f912a1d82f0e93", 20 | "dotted_decimal_identifier": "68598158940501114.72473134129401.20486325997203", 21 | "cache_key": "chef-client-11.0.0-supermarket.chef.io", 22 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/chef-client/versions/11.0.0/download", 23 | "source_options": { 24 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/chef-client/versions/11.0.0/download", 25 | "version": "11.0.0" 26 | } 27 | }, 28 | "cron": { 29 | "version": "6.2.0", 30 | "identifier": "8fa65311f8e3471f1e405ab3b755d79dee9788ca", 31 | "dotted_decimal_identifier": "40433797383643975.8758986026497877.237073312745674", 32 | "cache_key": "cron-6.2.0-supermarket.chef.io", 33 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/cron/versions/6.2.0/download", 34 | "source_options": { 35 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/cron/versions/6.2.0/download", 36 | "version": "6.2.0" 37 | } 38 | }, 39 | "iptables": { 40 | "version": "4.3.4", 41 | "identifier": "f22c85827ea7aeb84405a95fb970e90adda48bf0", 42 | "dotted_decimal_identifier": "68165896295589806.51866186821908848.256232877493232", 43 | "cache_key": "iptables-4.3.4-supermarket.chef.io", 44 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/iptables/versions/4.3.4/download", 45 | "source_options": { 46 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/iptables/versions/4.3.4/download", 47 | "version": "4.3.4" 48 | } 49 | }, 50 | "logrotate": { 51 | "version": "2.2.0", 52 | "identifier": "53e09234a4f73cc13f46d833d2e5075cafddfaa8", 53 | "dotted_decimal_identifier": "23609341620057916.54394244012692197.8094668946088", 54 | "cache_key": "logrotate-2.2.0-supermarket.chef.io", 55 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/logrotate/versions/2.2.0/download", 56 | "source_options": { 57 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/logrotate/versions/2.2.0/download", 58 | "version": "2.2.0" 59 | } 60 | }, 61 | "mattray": { 62 | "version": "0.8.0", 63 | "identifier": "e05a337121886cef84c257b2b34afa0ccaa7ec8b", 64 | "dotted_decimal_identifier": "63149571771041900.67418489663697738.274932846554251", 65 | "cache_key": "mattray-053d4047b435bcc1e984bb4ea15f2af02bd33072", 66 | "origin": "https://github.com/mattray/mattray-cookbook.git", 67 | "source_options": { 68 | "git": "https://github.com/mattray/mattray-cookbook.git", 69 | "revision": "053d4047b435bcc1e984bb4ea15f2af02bd33072" 70 | } 71 | }, 72 | "ntp": { 73 | "version": "3.6.0", 74 | "identifier": "26879ce677e782ce2986d5888c5afea78593cd18", 75 | "dotted_decimal_identifier": "10845157066270594.58029504287247450.279995454049560", 76 | "cache_key": "ntp-3.6.0-supermarket.chef.io", 77 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/ntp/versions/3.6.0/download", 78 | "source_options": { 79 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/ntp/versions/3.6.0/download", 80 | "version": "3.6.0" 81 | } 82 | }, 83 | "openssh": { 84 | "version": "2.7.0", 85 | "identifier": "364454bb9bf013a49f919a66b1234aba8c555380", 86 | "dotted_decimal_identifier": "15274779457875987.46337343890043171.82165078774656", 87 | "cache_key": "openssh-2.7.0-supermarket.chef.io", 88 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/openssh/versions/2.7.0/download", 89 | "source_options": { 90 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/openssh/versions/2.7.0/download", 91 | "version": "2.7.0" 92 | } 93 | }, 94 | "sudo": { 95 | "version": "5.4.0", 96 | "identifier": "e3d9c9b1e8d017ee20de223ba8fe6030015da82b", 97 | "dotted_decimal_identifier": "64134280009797655.67027182886299902.105759297611819", 98 | "cache_key": "sudo-5.4.0-supermarket.chef.io", 99 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/sudo/versions/5.4.0/download", 100 | "source_options": { 101 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/sudo/versions/5.4.0/download", 102 | "version": "5.4.0" 103 | } 104 | } 105 | }, 106 | "default_attributes": { 107 | 108 | }, 109 | "override_attributes": { 110 | "authorization": { 111 | "sudo": { 112 | "groups": [ 113 | "sudo" 114 | ], 115 | "include_sudoers_d": true, 116 | "passwordless": true, 117 | "users": [ 118 | "mattray" 119 | ] 120 | } 121 | }, 122 | "chef_client": { 123 | "config": { 124 | "client_fork": true, 125 | "color": false, 126 | "http_retry_delay": 10, 127 | "interval": 600, 128 | "log_level": ":warn", 129 | "verbose_logging": true 130 | } 131 | }, 132 | "ntp": { 133 | "servers": [ 134 | "0.au.pool.ntp.org", 135 | "1.au.pool.ntp.org", 136 | "2.au.pool.ntp.org", 137 | "3.au.pool.ntp.org" 138 | ], 139 | "sync_hw_clock": true 140 | } 141 | }, 142 | "solution_dependencies": { 143 | "Policyfile": [ 144 | [ 145 | "chef-client", 146 | "= 11.0.0" 147 | ], 148 | [ 149 | "cron", 150 | "= 6.2.0" 151 | ], 152 | [ 153 | "iptables", 154 | "= 4.3.4" 155 | ], 156 | [ 157 | "logrotate", 158 | "= 2.2.0" 159 | ], 160 | [ 161 | "mattray", 162 | ">= 0.0.0" 163 | ], 164 | [ 165 | "ntp", 166 | "= 3.6.0" 167 | ], 168 | [ 169 | "openssh", 170 | "= 2.7.0" 171 | ], 172 | [ 173 | "sudo", 174 | "= 5.4.0" 175 | ] 176 | ], 177 | "dependencies": { 178 | "chef-client (11.0.0)": [ 179 | [ 180 | "cron", 181 | ">= 4.2.0" 182 | ], 183 | [ 184 | "logrotate", 185 | ">= 1.9.0" 186 | ] 187 | ], 188 | "cron (6.2.0)": [ 189 | 190 | ], 191 | "iptables (4.3.4)": [ 192 | 193 | ], 194 | "logrotate (2.2.0)": [ 195 | 196 | ], 197 | "mattray (0.8.0)": [ 198 | 199 | ], 200 | "ntp (3.6.0)": [ 201 | 202 | ], 203 | "openssh (2.7.0)": [ 204 | [ 205 | "iptables", 206 | ">= 1.0.0" 207 | ] 208 | ], 209 | "sudo (5.4.0)": [ 210 | 211 | ] 212 | } 213 | } 214 | } 215 | -------------------------------------------------------------------------------- /test/policyfiles/beaglebone-d99228eafe13624df42011864f0506a05ef62b39ce8c6fdb877ba8a56df2bf4a.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/policyfiles/beaglebone-d99228eafe13624df42011864f0506a05ef62b39ce8c6fdb877ba8a56df2bf4a.tgz -------------------------------------------------------------------------------- /test/policyfiles/beaglebone.lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "revision_id": "d99228eafe13624df42011864f0506a05ef62b39ce8c6fdb877ba8a56df2bf4a", 3 | "name": "beaglebone", 4 | "run_list": [ 5 | "recipe[chef-client::config]", 6 | "recipe[chef-client::service]", 7 | "recipe[chef-client::delete_validation]", 8 | "recipe[ntp::default]", 9 | "recipe[openssh::default]", 10 | "recipe[sudo::default]", 11 | "recipe[mattray::default]", 12 | "recipe[mattray::beaglebone]" 13 | ], 14 | "included_policy_locks": [ 15 | { 16 | "name": "base", 17 | "revision_id": "bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008", 18 | "source_options": { 19 | "policy_group": "home", 20 | "server": "https://api.chef.io/organizations/matt", 21 | "policy_name": "base", 22 | "policy_revision_id": "bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008" 23 | } 24 | } 25 | ], 26 | "cookbook_locks": { 27 | "chef-client": { 28 | "version": "11.0.0", 29 | "identifier": "2b9e0b8c40038176c7e475ff14d04ae1c8245a5a", 30 | "dotted_decimal_identifier": "12277196433392513.33433831297979600.82333585922650", 31 | "cache_key": "chef-client-f3b5a97fe4f47a0041e9f76a60f912a1d82f0e93", 32 | "origin": "https://api.chef.io/organizations/matt", 33 | "source_options": { 34 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 35 | "identifier": "f3b5a97fe4f47a0041e9f76a60f912a1d82f0e93" 36 | } 37 | }, 38 | "cron": { 39 | "version": "6.2.0", 40 | "identifier": "a5cc1576282b67be0b926c69123aa6a02a7013d5", 41 | "dotted_decimal_identifier": "46667763705981799.53492969086980666.183206836966357", 42 | "cache_key": "cron-8fa65311f8e3471f1e405ab3b755d79dee9788ca", 43 | "origin": "https://api.chef.io/organizations/matt", 44 | "source_options": { 45 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 46 | "identifier": "8fa65311f8e3471f1e405ab3b755d79dee9788ca" 47 | } 48 | }, 49 | "iptables": { 50 | "version": "4.3.4", 51 | "identifier": "f22c85827ea7aeb84405a95fb970e90adda48bf0", 52 | "dotted_decimal_identifier": "68165896295589806.51866186821908848.256232877493232", 53 | "cache_key": "iptables-f22c85827ea7aeb84405a95fb970e90adda48bf0", 54 | "origin": "https://api.chef.io/organizations/matt", 55 | "source_options": { 56 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 57 | "identifier": "f22c85827ea7aeb84405a95fb970e90adda48bf0" 58 | } 59 | }, 60 | "logrotate": { 61 | "version": "2.2.0", 62 | "identifier": "53e09234a4f73cc13f46d833d2e5075cafddfaa8", 63 | "dotted_decimal_identifier": "23609341620057916.54394244012692197.8094668946088", 64 | "cache_key": "logrotate-53e09234a4f73cc13f46d833d2e5075cafddfaa8", 65 | "origin": "https://api.chef.io/organizations/matt", 66 | "source_options": { 67 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 68 | "identifier": "53e09234a4f73cc13f46d833d2e5075cafddfaa8" 69 | } 70 | }, 71 | "mattray": { 72 | "version": "0.8.0", 73 | "identifier": "e05a337121886cef84c257b2b34afa0ccaa7ec8b", 74 | "dotted_decimal_identifier": "63149571771041900.67418489663697738.274932846554251", 75 | "cache_key": "mattray-053d4047b435bcc1e984bb4ea15f2af02bd33072", 76 | "origin": "https://github.com/mattray/mattray-cookbook.git", 77 | "source_options": { 78 | "git": "https://github.com/mattray/mattray-cookbook.git", 79 | "revision": "053d4047b435bcc1e984bb4ea15f2af02bd33072" 80 | } 81 | }, 82 | "ntp": { 83 | "version": "3.6.0", 84 | "identifier": "5d02ecb058a7cf091e8ba52665cdeed53fb95030", 85 | "dotted_decimal_identifier": "26180388428228559.2566859910440397.262599664554032", 86 | "cache_key": "ntp-26879ce677e782ce2986d5888c5afea78593cd18", 87 | "origin": "https://api.chef.io/organizations/matt", 88 | "source_options": { 89 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 90 | "identifier": "26879ce677e782ce2986d5888c5afea78593cd18" 91 | } 92 | }, 93 | "openssh": { 94 | "version": "2.7.0", 95 | "identifier": "d8b2f1f3b7ee3c826e96cb465849a3f34ff954fb", 96 | "dotted_decimal_identifier": "60995347215281724.36713340906920009.180265414120699", 97 | "cache_key": "openssh-364454bb9bf013a49f919a66b1234aba8c555380", 98 | "origin": "https://api.chef.io/organizations/matt", 99 | "source_options": { 100 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 101 | "identifier": "364454bb9bf013a49f919a66b1234aba8c555380" 102 | } 103 | }, 104 | "sudo": { 105 | "version": "5.4.0", 106 | "identifier": "d144485ec135d28b514bf94bcb90152ed57fb628", 107 | "dotted_decimal_identifier": "58903347750581714.39214408509672336.23290894595624", 108 | "cache_key": "sudo-e3d9c9b1e8d017ee20de223ba8fe6030015da82b", 109 | "origin": "https://api.chef.io/organizations/matt", 110 | "source_options": { 111 | "chef_server_artifact": "https://api.chef.io/organizations/matt", 112 | "identifier": "e3d9c9b1e8d017ee20de223ba8fe6030015da82b" 113 | } 114 | } 115 | }, 116 | "default_attributes": { 117 | 118 | }, 119 | "override_attributes": { 120 | "authorization": { 121 | "sudo": { 122 | "groups": [ 123 | "sudo" 124 | ], 125 | "include_sudoers_d": true, 126 | "passwordless": true, 127 | "users": [ 128 | "mattray" 129 | ] 130 | } 131 | }, 132 | "chef_client": { 133 | "config": { 134 | "client_fork": true, 135 | "color": false, 136 | "http_retry_delay": 10, 137 | "interval": 600, 138 | "log_level": ":warn", 139 | "verbose_logging": true 140 | } 141 | }, 142 | "ntp": { 143 | "servers": [ 144 | "0.au.pool.ntp.org", 145 | "1.au.pool.ntp.org", 146 | "2.au.pool.ntp.org", 147 | "3.au.pool.ntp.org" 148 | ], 149 | "sync_hw_clock": true 150 | } 151 | }, 152 | "solution_dependencies": { 153 | "Policyfile": [ 154 | [ 155 | "chef-client", 156 | "= 11.0.0" 157 | ], 158 | [ 159 | "cron", 160 | "= 6.2.0" 161 | ], 162 | [ 163 | "iptables", 164 | "= 4.3.4" 165 | ], 166 | [ 167 | "logrotate", 168 | "= 2.2.0" 169 | ], 170 | [ 171 | "mattray", 172 | ">= 0.0.0" 173 | ], 174 | [ 175 | "ntp", 176 | "= 3.6.0" 177 | ], 178 | [ 179 | "openssh", 180 | "= 2.7.0" 181 | ], 182 | [ 183 | "sudo", 184 | "= 5.4.0" 185 | ] 186 | ], 187 | "dependencies": { 188 | "chef-client (11.0.0)": [ 189 | [ 190 | "cron", 191 | ">= 4.2.0" 192 | ], 193 | [ 194 | "logrotate", 195 | ">= 1.9.0" 196 | ] 197 | ], 198 | "cron (6.2.0)": [ 199 | 200 | ], 201 | "iptables (4.3.4)": [ 202 | 203 | ], 204 | "logrotate (2.2.0)": [ 205 | 206 | ], 207 | "mattray (0.8.0)": [ 208 | 209 | ], 210 | "ntp (3.6.0)": [ 211 | 212 | ], 213 | "openssh (2.7.0)": [ 214 | [ 215 | "iptables", 216 | ">= 1.0.0" 217 | ] 218 | ], 219 | "sudo (5.4.0)": [ 220 | 221 | ] 222 | } 223 | } 224 | } 225 | -------------------------------------------------------------------------------- /test/policyfiles/macbookpro-2650ccb921e337219fb65e8f9832d54273d5076f094e0e0b463b585a58c5e181.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/policyfiles/macbookpro-2650ccb921e337219fb65e8f9832d54273d5076f094e0e0b463b585a58c5e181.tgz -------------------------------------------------------------------------------- /test/policyfiles/macbookpro-3e28786370e469117c04d08524510ff81c97022f45dc33eee9f6523b04643a0f.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattray/managed_chef_server-cookbook/fb84f3fd6ec5c4688d817690933010fdba4bf6e7/test/policyfiles/macbookpro-3e28786370e469117c04d08524510ff81c97022f45dc33eee9f6523b04643a0f.tgz -------------------------------------------------------------------------------- /test/policyfiles/macbookpro.lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "revision_id": "3e28786370e469117c04d08524510ff81c97022f45dc33eee9f6523b04643a0f", 3 | "name": "macbookpro", 4 | "run_list": [ 5 | "recipe[chef-client::config]", 6 | "recipe[chef-client::service]", 7 | "recipe[chef-client::delete_validation]", 8 | "recipe[ntp::default]", 9 | "recipe[openssh::default]", 10 | "recipe[sudo::default]", 11 | "recipe[mattray::default]", 12 | "recipe[mattray::macbookpro]", 13 | "recipe[chef_client_updater::default]" 14 | ], 15 | "included_policy_locks": [ 16 | { 17 | "name": "base", 18 | "revision_id": "bea04861beddc0410cbb77f7bc7e1c70f15c29fc3f9b070f01e843962c5d6008", 19 | "source_options": { 20 | "path": "./base.lock.json" 21 | } 22 | } 23 | ], 24 | "cookbook_locks": { 25 | "chef-client": { 26 | "version": "11.0.0", 27 | "identifier": "f3b5a97fe4f47a0041e9f76a60f912a1d82f0e93", 28 | "dotted_decimal_identifier": "68598158940501114.72473134129401.20486325997203", 29 | "cache_key": "chef-client-11.0.0-supermarket.chef.io", 30 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/chef-client/versions/11.0.0/download", 31 | "source_options": { 32 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/chef-client/versions/11.0.0/download", 33 | "version": "11.0.0" 34 | } 35 | }, 36 | "chef_client_updater": { 37 | "version": "3.4.1", 38 | "identifier": "833e914e98231f69882df6bc3e5ffdfda21279eb", 39 | "dotted_decimal_identifier": "36942015758869279.29704603549056607.279265787673067", 40 | "cache_key": "chef_client_updater-3.4.1-supermarket.chef.io", 41 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/chef_client_updater/versions/3.4.1/download", 42 | "source_options": { 43 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/chef_client_updater/versions/3.4.1/download", 44 | "version": "3.4.1" 45 | } 46 | }, 47 | "cron": { 48 | "version": "6.2.0", 49 | "identifier": "8fa65311f8e3471f1e405ab3b755d79dee9788ca", 50 | "dotted_decimal_identifier": "40433797383643975.8758986026497877.237073312745674", 51 | "cache_key": "cron-6.2.0-supermarket.chef.io", 52 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/cron/versions/6.2.0/download", 53 | "source_options": { 54 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/cron/versions/6.2.0/download", 55 | "version": "6.2.0" 56 | } 57 | }, 58 | "iptables": { 59 | "version": "4.3.4", 60 | "identifier": "f22c85827ea7aeb84405a95fb970e90adda48bf0", 61 | "dotted_decimal_identifier": "68165896295589806.51866186821908848.256232877493232", 62 | "cache_key": "iptables-4.3.4-supermarket.chef.io", 63 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/iptables/versions/4.3.4/download", 64 | "source_options": { 65 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/iptables/versions/4.3.4/download", 66 | "version": "4.3.4" 67 | } 68 | }, 69 | "logrotate": { 70 | "version": "2.2.0", 71 | "identifier": "53e09234a4f73cc13f46d833d2e5075cafddfaa8", 72 | "dotted_decimal_identifier": "23609341620057916.54394244012692197.8094668946088", 73 | "cache_key": "logrotate-2.2.0-supermarket.chef.io", 74 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/logrotate/versions/2.2.0/download", 75 | "source_options": { 76 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/logrotate/versions/2.2.0/download", 77 | "version": "2.2.0" 78 | } 79 | }, 80 | "mattray": { 81 | "version": "0.8.0", 82 | "identifier": "e05a337121886cef84c257b2b34afa0ccaa7ec8b", 83 | "dotted_decimal_identifier": "63149571771041900.67418489663697738.274932846554251", 84 | "cache_key": "mattray-053d4047b435bcc1e984bb4ea15f2af02bd33072", 85 | "origin": "https://github.com/mattray/mattray-cookbook.git", 86 | "source_options": { 87 | "git": "https://github.com/mattray/mattray-cookbook.git", 88 | "revision": "053d4047b435bcc1e984bb4ea15f2af02bd33072" 89 | } 90 | }, 91 | "ntp": { 92 | "version": "3.6.0", 93 | "identifier": "26879ce677e782ce2986d5888c5afea78593cd18", 94 | "dotted_decimal_identifier": "10845157066270594.58029504287247450.279995454049560", 95 | "cache_key": "ntp-3.6.0-supermarket.chef.io", 96 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/ntp/versions/3.6.0/download", 97 | "source_options": { 98 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/ntp/versions/3.6.0/download", 99 | "version": "3.6.0" 100 | } 101 | }, 102 | "openssh": { 103 | "version": "2.7.0", 104 | "identifier": "364454bb9bf013a49f919a66b1234aba8c555380", 105 | "dotted_decimal_identifier": "15274779457875987.46337343890043171.82165078774656", 106 | "cache_key": "openssh-2.7.0-supermarket.chef.io", 107 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/openssh/versions/2.7.0/download", 108 | "source_options": { 109 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/openssh/versions/2.7.0/download", 110 | "version": "2.7.0" 111 | } 112 | }, 113 | "sudo": { 114 | "version": "5.4.0", 115 | "identifier": "e3d9c9b1e8d017ee20de223ba8fe6030015da82b", 116 | "dotted_decimal_identifier": "64134280009797655.67027182886299902.105759297611819", 117 | "cache_key": "sudo-5.4.0-supermarket.chef.io", 118 | "origin": "https://supermarket.chef.io:443/api/v1/cookbooks/sudo/versions/5.4.0/download", 119 | "source_options": { 120 | "artifactserver": "https://supermarket.chef.io:443/api/v1/cookbooks/sudo/versions/5.4.0/download", 121 | "version": "5.4.0" 122 | } 123 | } 124 | }, 125 | "default_attributes": { 126 | "mcs": { 127 | "policyfile": { 128 | "group": "home" 129 | } 130 | } 131 | }, 132 | "override_attributes": { 133 | "authorization": { 134 | "sudo": { 135 | "groups": [ 136 | "sudo" 137 | ], 138 | "include_sudoers_d": true, 139 | "passwordless": true, 140 | "users": [ 141 | "mattray" 142 | ] 143 | } 144 | }, 145 | "chef_client": { 146 | "config": { 147 | "client_fork": true, 148 | "color": false, 149 | "http_retry_delay": 10, 150 | "interval": 600, 151 | "log_level": ":warn", 152 | "verbose_logging": true 153 | } 154 | }, 155 | "ntp": { 156 | "servers": [ 157 | "0.au.pool.ntp.org", 158 | "1.au.pool.ntp.org", 159 | "2.au.pool.ntp.org", 160 | "3.au.pool.ntp.org" 161 | ], 162 | "sync_hw_clock": true 163 | } 164 | }, 165 | "solution_dependencies": { 166 | "Policyfile": [ 167 | [ 168 | "chef-client", 169 | "= 11.0.0" 170 | ], 171 | [ 172 | "chef_client_updater", 173 | "= 3.4.1" 174 | ], 175 | [ 176 | "cron", 177 | "= 6.2.0" 178 | ], 179 | [ 180 | "iptables", 181 | "= 4.3.4" 182 | ], 183 | [ 184 | "logrotate", 185 | "= 2.2.0" 186 | ], 187 | [ 188 | "mattray", 189 | ">= 0.0.0" 190 | ], 191 | [ 192 | "ntp", 193 | "= 3.6.0" 194 | ], 195 | [ 196 | "openssh", 197 | "= 2.7.0" 198 | ], 199 | [ 200 | "sudo", 201 | "= 5.4.0" 202 | ] 203 | ], 204 | "dependencies": { 205 | "chef-client (11.0.0)": [ 206 | [ 207 | "cron", 208 | ">= 4.2.0" 209 | ], 210 | [ 211 | "logrotate", 212 | ">= 1.9.0" 213 | ] 214 | ], 215 | "chef_client_updater (3.4.1)": [ 216 | 217 | ], 218 | "cron (6.2.0)": [ 219 | 220 | ], 221 | "iptables (4.3.4)": [ 222 | 223 | ], 224 | "logrotate (2.2.0)": [ 225 | 226 | ], 227 | "mattray (0.8.0)": [ 228 | 229 | ], 230 | "ntp (3.6.0)": [ 231 | 232 | ], 233 | "openssh (2.7.0)": [ 234 | [ 235 | "iptables", 236 | ">= 1.0.0" 237 | ] 238 | ], 239 | "sudo (5.4.0)": [ 240 | 241 | ] 242 | } 243 | } 244 | } 245 | -------------------------------------------------------------------------------- /test/roles/base.rb: -------------------------------------------------------------------------------- 1 | name 'base' 2 | description 'Base role applied to all nodes.' 3 | run_list( 4 | 'recipe[apt]', 5 | 'recipe[nagios::client]' 6 | ) 7 | 8 | default_attributes( 9 | 'nagios' => { 10 | 'server_role' => 'monitoring', 11 | } 12 | ) 13 | -------------------------------------------------------------------------------- /test/roles/lab-admin.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "lab-admin", 3 | "description": "Default run_list for the Admin node", 4 | "json_class": "Chef::Role", 5 | "default_attributes": { 6 | 7 | }, 8 | "override_attributes": { 9 | 10 | }, 11 | "chef_type": "role", 12 | "run_list": [ 13 | "recipe[apt::cacher-ng]", 14 | "recipe[apt::cacher-client]", 15 | "recipe[ntp]", 16 | "recipe[openssh]", 17 | "recipe[users::sysadmins]", 18 | "recipe[sudo]", 19 | "recipe[chef-client::config]", 20 | "recipe[chef-client::service]" 21 | ], 22 | "env_run_lists": { 23 | 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /test/roles/lab-base.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "lab-base", 3 | "description": "Default run_list for Matts machines", 4 | "json_class": "Chef::Role", 5 | "default_attributes": { 6 | 7 | }, 8 | "override_attributes": { 9 | "ntp": { 10 | "servers": [ 11 | "10.0.0.2" 12 | ] 13 | } 14 | }, 15 | "chef_type": "role", 16 | "run_list": [ 17 | "recipe[apt::cacher-client]", 18 | "recipe[chef-client::config]", 19 | "recipe[chef-client::service]", 20 | "recipe[chef-client::delete_validation]", 21 | "recipe[chef-pry]", 22 | "recipe[ntp]", 23 | "recipe[openssh]", 24 | "recipe[users::sysadmins]", 25 | "recipe[sudo]" 26 | ], 27 | "env_run_lists": { 28 | 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /test/roles/lab-environment.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "lab-environment", 3 | "description": "Environment defining the lab support infrastructure.", 4 | "cookbook_versions": { 5 | 6 | }, 7 | "json_class": "Chef::Environment", 8 | "chef_type": "environment", 9 | "default_attributes": { 10 | 11 | }, 12 | "override_attributes": { 13 | "apt": { 14 | "cacher_ipaddress": "10.0.0.2", 15 | "cacher-client": { 16 | "restrict_environment": true 17 | }, 18 | "cacher_interface": "eth1" 19 | }, 20 | "authorization": { 21 | "sudo": { 22 | "groups": [ 23 | "admin", 24 | "wheel", 25 | "sysadmin" 26 | ], 27 | "users": [ 28 | "mray" 29 | ], 30 | "passwordless": true, 31 | "include_sudoers_d": true 32 | } 33 | }, 34 | "chef_client": { 35 | "config": { 36 | "http_retry_delay": 10, 37 | "log_level": ":warn" 38 | } 39 | }, 40 | "chef-server": { 41 | "package_file": "http://10.0.0.2:9630/chef-full-stack/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb", 42 | "package_checksum": "7c4b2407d44bbd0e39f7ecdc5eee8106919dee8bdad64b38f1da4b759cf3d67f" 43 | }, 44 | "dnsmasq": { 45 | "enable_dhcp": true, 46 | "enable_dns": false, 47 | "dhcp": { 48 | "dhcp-authoritative": null, 49 | "dhcp-range": "eth1,10.0.0.10,10.0.0.100,12h", 50 | "dhcp-option": "3", 51 | "domain": "lab.atx", 52 | "interface": "eth1", 53 | "dhcp-boot": "pxelinux.0", 54 | "enable-tftp": null, 55 | "tftp-root": "/var/lib/tftpboot", 56 | "tftp-secure": null 57 | }, 58 | "dhcp_options": [ 59 | "dhcp-host=80:ee:73:0a:fa:d9,crushinator,10.0.0.11", 60 | "dhcp-host=10:78:d2:c8:b2:51,ignar,10.0.0.12", 61 | "dhcp-host=10:78:d2:c8:b2:07,larry,10.0.0.13", 62 | "dhcp-host=00:19:66:16:b8:d9,lrrr,10.0.0.14", 63 | "dhcp-host=00:16:41:14:50:f5,mom,10.0.0.10" 64 | ] 65 | }, 66 | "ntp": { 67 | "sync_clock": true, 68 | "sync_hw_clock": true 69 | }, 70 | "pxe_dust": { 71 | "chefversion": "11.8.2", 72 | "interface": "eth1", 73 | "chef_server_url": "https://guenter.lab.atx", 74 | "validation_client_name": "admin", 75 | "validation_key": "/etc/chef-server/guenter.pem" 76 | } 77 | } 78 | } 79 | --------------------------------------------------------------------------------