├── .rbenv-gemsets ├── doc ├── .gitignore ├── services │ ├── index.rst │ └── warehouse.rst ├── index.rst ├── generating-these-docs.rst └── getting-started.rst ├── .rbenv-version ├── cookbooks ├── pgbouncer │ ├── providers │ │ ├── user.rb │ │ ├── database.rb │ │ └── default.rb │ ├── Berksfile │ ├── recipes │ │ └── default.rb │ ├── Gemfile │ ├── templates │ │ └── default │ │ │ ├── users.erb │ │ │ └── upstart.conf.erb │ ├── .gitignore │ ├── metadata.rb │ ├── resources │ │ ├── user.rb │ │ ├── database.rb │ │ └── default.rb │ └── chefignore ├── psf-loadbalancer │ ├── README.md │ ├── Berksfile │ ├── Gemfile │ ├── .gitignore │ ├── recipes │ │ ├── heartbeat.rb │ │ ├── stud.rb │ │ └── haproxy.rb │ ├── metadata.rb │ └── chefignore ├── psf-advocacy │ ├── recipes │ │ └── default.rb │ ├── Berksfile │ ├── Gemfile │ ├── .gitignore │ ├── metadata.rb │ ├── README.md │ └── chefignore ├── stud │ ├── Berksfile │ ├── Gemfile │ ├── files │ │ └── ubuntu-12.04 │ │ │ ├── stud_0.3-1-19a7f1_amd64.deb │ │ │ └── stud_0.3-2-ef1745_amd64.deb │ ├── .gitignore │ ├── metadata.rb │ ├── templates │ │ └── default │ │ │ └── upstart.conf.erb │ ├── README.md │ ├── resources │ │ └── default.rb │ └── providers │ │ └── default.rb ├── haproxy │ ├── Berksfile │ ├── Gemfile │ ├── attributes │ │ └── default.rb │ ├── files │ │ └── ubuntu-12.04 │ │ │ └── haproxy_1.5-dev22-r1_amd64.deb │ ├── recipes │ │ └── default.rb │ ├── templates │ │ └── default │ │ │ └── global.cfg.erb │ ├── .gitignore │ ├── metadata.rb │ ├── resources │ │ ├── default.rb │ │ └── section.rb │ ├── README.md │ ├── providers │ │ └── section.rb │ └── chefignore ├── psf-monitoring │ ├── README.md │ ├── files │ │ └── default │ │ │ └── riemann-dash │ │ │ └── config.rb │ ├── Gemfile │ ├── templates │ │ └── default │ │ │ ├── storage-schemas.conf.erb │ │ │ ├── riemann.config.erb │ │ │ └── graphite-vhost.conf.erb │ ├── recipes │ │ ├── client.rb │ │ └── server.rb │ ├── .gitignore │ ├── metadata.rb │ ├── Berksfile │ ├── attributes │ │ └── default.rb │ └── chefignore ├── pypy-home │ ├── README.md │ ├── Berksfile │ ├── Gemfile │ ├── .gitignore │ ├── metadata.rb │ ├── templates │ │ └── default │ │ │ └── nginx.conf.erb │ ├── recipes │ │ └── default.rb │ └── chefignore ├── user │ ├── Berksfile │ ├── Gemfile │ ├── .travis.yml │ ├── .gitignore │ ├── test │ │ ├── support │ │ │ └── Gemfile │ │ ├── providers │ │ │ └── account_spec.rb │ │ ├── spec_helper.rb │ │ └── resources │ │ │ └── account_spec.rb │ ├── templates │ │ └── default │ │ │ └── authorized_keys.erb │ ├── metadata.rb │ ├── recipes │ │ ├── default.rb │ │ └── data_bag.rb │ ├── Rakefile │ ├── chefignore │ ├── resources │ │ └── account.rb │ ├── attributes │ │ └── default.rb │ └── CHANGELOG.md ├── psf-misc │ ├── Berksfile │ ├── Gemfile │ ├── recipes │ │ ├── sysstat.rb │ │ ├── ack.rb │ │ ├── sudo.rb │ │ ├── ntp.rb │ │ ├── ops-scripts.rb │ │ └── backup.rb │ ├── templates │ │ └── default │ │ │ └── sudo_env_keep.erb │ ├── .gitignore │ ├── README.md │ ├── metadata.rb │ ├── files │ │ └── default │ │ │ └── fix-deny-hosts │ └── chefignore ├── psf-moin │ ├── Berksfile │ ├── Gemfile │ ├── .gitignore │ ├── metadata.rb │ ├── chefignore │ ├── recipes │ │ └── default.rb │ └── templates │ │ └── default │ │ ├── moin.wsgi.erb │ │ └── wiki.python.org.conf.erb ├── psf-pycon │ ├── README.md │ ├── test │ │ └── data_bags │ │ │ └── secrets │ │ │ ├── pycon.json │ │ │ └── postgres.json │ ├── templates │ │ └── default │ │ │ ├── environment.erb │ │ │ └── nginx.conf.erb │ ├── Berksfile │ ├── recipes │ │ ├── apt_pgdg_postgresql.rb │ │ └── local_db.rb │ ├── attributes │ │ └── default.rb │ └── metadata.rb ├── psf-pypi │ ├── Berksfile │ ├── Gemfile │ ├── recipes │ │ ├── default.rb │ │ ├── logging.rb │ │ └── pgbouncer.rb │ ├── .gitignore │ ├── templates │ │ └── default │ │ │ ├── nginx_static.conf.erb │ │ │ ├── nginx_redirect.conf.erb │ │ │ ├── warehouse.upstart.conf.erb │ │ │ ├── 25-pypi-logging.conf.erb │ │ │ ├── nginx-warehouse.conf.erb │ │ │ └── nginx_pypi.conf.erb │ ├── attributes │ │ └── default.rb │ ├── metadata.rb │ └── chefignore ├── rsnapshot │ ├── Berksfile │ ├── recipes │ │ ├── default.rb │ │ ├── client.rb │ │ ├── backupall.rb │ │ └── server.rb │ ├── Gemfile │ ├── providers │ │ ├── script.rb │ │ ├── backup.rb │ │ ├── client.rb │ │ └── server.rb │ ├── templates │ │ └── default │ │ │ └── sudoers.erb │ ├── resources │ │ ├── script.rb │ │ ├── client.rb │ │ ├── retain.rb │ │ └── backup.rb │ ├── .gitignore │ ├── metadata.rb │ ├── files │ │ └── default │ │ │ └── rsync.py │ ├── chefignore │ └── attributes │ │ └── default.rb ├── psf-rsnapshot │ ├── Berksfile │ ├── Gemfile │ ├── .gitignore │ ├── metadata.rb │ ├── recipes │ │ └── postgres.rb │ └── chefignore ├── psf-evote │ ├── Berksfile │ ├── README.md │ ├── metadata.rb │ ├── attributes │ │ └── default.rb │ ├── templates │ │ └── default │ │ │ └── 0.py.erb │ └── recipes │ │ └── default.rb ├── psf-postgresql │ ├── metadata.rb │ ├── files │ │ └── default │ │ │ └── pgdg.pref │ └── recipes │ │ └── 92.rb ├── psf-debbuild │ ├── files │ │ └── default │ │ │ ├── dh-virtualenv_0.6_all.deb │ │ │ └── python-virtualenv_1.10.1-1_all.deb │ ├── metadata.rb │ └── recipes │ │ ├── warehouse.rb │ │ └── default.rb ├── pypy-codespeed │ ├── README.md │ └── chefignore ├── psf-search │ ├── metadata.rb │ ├── templates │ │ └── default │ │ │ └── elasticsearch.conf.erb │ └── recipes │ │ └── default.rb ├── cron │ ├── metadata.rb │ ├── templates │ │ └── default │ │ │ └── cron.d.erb │ ├── recipes │ │ ├── test.rb │ │ └── default.rb │ ├── CHANGELOG.md │ ├── resources │ │ └── d.rb │ ├── providers │ │ └── d.rb │ ├── README.md │ └── metadata.json ├── buildmaster.txt └── wiki.txt ├── roles ├── buildmaster.rb ├── python-speed.rb ├── rpi.rb ├── advocacy.rb ├── future-docs.rb ├── pyramid-community.rb ├── psf-pycon.rb ├── monitoring.rb ├── psf-pycon-staging.rb ├── pypy-home.rb ├── coverity.rb ├── evote.rb ├── wiki.rb ├── loadbalancer.rb ├── pypy-codespeed.rb ├── postfix-relay.rb ├── redesign-staging.rb ├── debbuild.rb ├── elasticsearch.rb ├── rsnapshot.rb ├── README.md ├── pypi.rb └── base.rb ├── chefignore ├── environments └── README.md ├── data_bags ├── users │ ├── haypo.json │ ├── coderanger.json │ ├── jezdez.json │ ├── eric.json │ ├── jnoller.json │ ├── rbauer.json │ ├── melotti.json │ ├── mmangoba.json │ ├── eliben.json │ ├── lemburg.json │ ├── twaldmann.json │ ├── alex_gaynor.json │ ├── zware.json │ ├── bitdancer.json │ ├── lvh.json │ ├── vkurup.json │ ├── jeff.json │ ├── fwierzbicki.json │ ├── blaflamme.json │ ├── daaray.json │ ├── julia.json │ ├── dpoirier.json │ ├── trevorray.json │ ├── heimes.json │ ├── jafo.json │ ├── antoine.json │ ├── trent.json │ ├── jacob.json │ ├── lukesneeringer.json │ ├── gbrandl.json │ ├── benjamin.json │ ├── fijal.json │ ├── frank.json │ ├── copelco.json │ ├── jburch.json │ ├── lovewell.json │ ├── ncnwoko.json │ ├── csmith.json │ ├── dchukhin.json │ ├── dstufft.json │ ├── mattip.json │ ├── ernestd.json │ ├── benjaminws.json │ ├── sheep.json │ ├── arigo.json │ ├── richard.json │ ├── loewis.json │ ├── pablogsal.json │ └── osuadmin.json └── README.md ├── .gitignore ├── Gemfile ├── .berkshelf-test-config.js ├── Makefile ├── certificates └── README.md ├── config └── rake.rb ├── .chef ├── knife.rb ├── fake-client.pem └── bootstrap │ └── psf-osu.erb └── hostnames /.rbenv-gemsets: -------------------------------------------------------------------------------- 1 | psf-chef 2 | -------------------------------------------------------------------------------- /doc/.gitignore: -------------------------------------------------------------------------------- 1 | _build 2 | -------------------------------------------------------------------------------- /.rbenv-version: -------------------------------------------------------------------------------- 1 | 1.9.3-p392 2 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/providers/user.rb: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/providers/database.rb: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/recipes/default.rb: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cookbooks/stud/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | -------------------------------------------------------------------------------- /cookbooks/haproxy/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/README.md: -------------------------------------------------------------------------------- 1 | psf-monitoring cookbook 2 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/README.md: -------------------------------------------------------------------------------- 1 | Configuration for pypy.org 2 | -------------------------------------------------------------------------------- /cookbooks/user/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/recipes/default.rb: -------------------------------------------------------------------------------- 1 | pgbouncer 'pgbouncer' 2 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/README.md: -------------------------------------------------------------------------------- 1 | Configuration for pycon website 2 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/psf-rsnapshot/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/recipes/default.rb: -------------------------------------------------------------------------------- 1 | include_recipe 'rsnapshot::client' 2 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/files/default/riemann-dash/config.rb: -------------------------------------------------------------------------------- 1 | set :port, 6000 2 | -------------------------------------------------------------------------------- /cookbooks/stud/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/user/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/haproxy/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-evote/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | cookbook 'apt' 5 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /roles/buildmaster.rb: -------------------------------------------------------------------------------- 1 | name "buildmaster" 2 | description "Python buildbot master" 3 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/recipes/sysstat.rb: -------------------------------------------------------------------------------- 1 | package 'sysstat' do 2 | action :upgrade 3 | end 4 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/templates/default/sudo_env_keep.erb: -------------------------------------------------------------------------------- 1 | Defaults env_keep="SSH_AUTH_SOCK" 2 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-rsnapshot/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | -------------------------------------------------------------------------------- /cookbooks/psf-postgresql/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'psf-postgresql' 2 | version '0.0.2' 3 | 4 | depends 'apt' 5 | -------------------------------------------------------------------------------- /doc/services/index.rst: -------------------------------------------------------------------------------- 1 | Services 2 | ======== 3 | 4 | .. toctree:: 5 | :maxdepth: 2 6 | 7 | warehouse 8 | -------------------------------------------------------------------------------- /roles/python-speed.rb: -------------------------------------------------------------------------------- 1 | name "python-speed" 2 | description "speed.python.org runner box" 3 | # fijal is owner 4 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/providers/script.rb: -------------------------------------------------------------------------------- 1 | action :install do 2 | # This space left intentionally blank 3 | end 4 | -------------------------------------------------------------------------------- /roles/rpi.rb: -------------------------------------------------------------------------------- 1 | name "rpi" 2 | description "RaspberryPI News/Info site" 3 | # Jesse Noller is owner of this service 4 | -------------------------------------------------------------------------------- /cookbooks/psf-postgresql/files/default/pgdg.pref: -------------------------------------------------------------------------------- 1 | Package: * 2 | Pin: release o=apt.postgresql.org 3 | Pin-Priority: 200 4 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/test/data_bags/secrets/pycon.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "psf-pycon", 3 | "secret_key": "secret" 4 | } 5 | -------------------------------------------------------------------------------- /roles/advocacy.rb: -------------------------------------------------------------------------------- 1 | name "advocacy" 2 | description "PSF advocacy site" 3 | run_list [ 4 | "recipe[psf-advocacy]", 5 | ] 6 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/recipes/ack.rb: -------------------------------------------------------------------------------- 1 | # Because Gaynor bugged me about it 2 | package 'ack-grep' do 3 | action :upgrade 4 | end 5 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/recipes/sudo.rb: -------------------------------------------------------------------------------- 1 | include_recipe "sudo" 2 | 3 | sudo "env_keep" do 4 | template "sudo_env_keep.erb" 5 | end 6 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/recipes/ntp.rb: -------------------------------------------------------------------------------- 1 | 2 | cron "ntp resync" do 3 | hour "0" 4 | minute "0" 5 | command "service ntp restart" 6 | end 7 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/recipes/client.rb: -------------------------------------------------------------------------------- 1 | rsnapshot_client 'rsnapshot' do 2 | server_role node['rsnapshot']['client']['server_role'] 3 | end 4 | -------------------------------------------------------------------------------- /roles/future-docs.rb: -------------------------------------------------------------------------------- 1 | name 'future-docs' 2 | description 'Sandbox to work on future docs system' 3 | # Owner Georg Brandl 4 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/templates/default/users.erb: -------------------------------------------------------------------------------- 1 | <%- @users.each do |user| -%> 2 | "<%= user.name %>" "<%= user.password_hash %>" 3 | <%- end -%> 4 | -------------------------------------------------------------------------------- /roles/pyramid-community.rb: -------------------------------------------------------------------------------- 1 | name "pyramid-community" 2 | description "Pyramid community website" 3 | # Owner: Blaise Laflamme 4 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/templates/default/storage-schemas.conf.erb: -------------------------------------------------------------------------------- 1 | [catchall] 2 | priority = 0 3 | pattern = ^.* 4 | retentions = 10:100800,900:63000 5 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/recipes/default.rb: -------------------------------------------------------------------------------- 1 | 2 | resources('rsnapshot_backup[/]').action(:nothing) 3 | 4 | sysctl_param 'kernel.panic' do 5 | value 10 6 | end 7 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/templates/default/sudoers.erb: -------------------------------------------------------------------------------- 1 | Defaults env_keep+="SSH_ORIGINAL_COMMAND" 2 | rsnapshot ALL=(root) NOPASSWD:/usr/local/bin/rsnapshot-rsync.py 3 | -------------------------------------------------------------------------------- /roles/psf-pycon.rb: -------------------------------------------------------------------------------- 1 | name "psf-pycon" 2 | description "Production Pycon website" 3 | # Owner: Diana Clark 4 | run_list [ 5 | "recipe[psf-pycon::app]" 6 | ] 7 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/recipes/ops-scripts.rb: -------------------------------------------------------------------------------- 1 | 2 | cookbook_file '/usr/local/bin/fix-deny-hosts' do 3 | mode "744" 4 | owner "root" 5 | group "root" 6 | end 7 | 8 | -------------------------------------------------------------------------------- /roles/monitoring.rb: -------------------------------------------------------------------------------- 1 | name "monitoring" 2 | description "Nagios and etc" 3 | # Owners: Noah Kantrowitz 4 | run_list [ 5 | "recipe[psf-monitoring::server]", 6 | ] 7 | -------------------------------------------------------------------------------- /cookbooks/psf-debbuild/files/default/dh-virtualenv_0.6_all.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/python/psf-chef/master/cookbooks/psf-debbuild/files/default/dh-virtualenv_0.6_all.deb -------------------------------------------------------------------------------- /cookbooks/stud/files/ubuntu-12.04/stud_0.3-1-19a7f1_amd64.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/python/psf-chef/master/cookbooks/stud/files/ubuntu-12.04/stud_0.3-1-19a7f1_amd64.deb -------------------------------------------------------------------------------- /cookbooks/stud/files/ubuntu-12.04/stud_0.3-2-ef1745_amd64.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/python/psf-chef/master/cookbooks/stud/files/ubuntu-12.04/stud_0.3-2-ef1745_amd64.deb -------------------------------------------------------------------------------- /roles/psf-pycon-staging.rb: -------------------------------------------------------------------------------- 1 | name "psf-pycon-staging" 2 | description "Staging for Pycon website" 3 | # Owner: Diana Clark 4 | run_list [ 5 | "recipe[psf-pycon::app]" 6 | ] 7 | -------------------------------------------------------------------------------- /roles/pypy-home.rb: -------------------------------------------------------------------------------- 1 | name "pypy-home" 2 | description "Frontend for pypy.org" 3 | # Owner: Alex Gaynor 4 | run_list [ 5 | "recipe[pypy-home]" 6 | ] 7 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/templates/default/environment.erb: -------------------------------------------------------------------------------- 1 | <% @app_env.each_pair do |environment_variable, value| %> 2 | export <%= environment_variable %>="<%= value %>" 3 | <% end %> 4 | -------------------------------------------------------------------------------- /cookbooks/haproxy/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default['haproxy']['user'] = 'haproxy' 2 | default['haproxy']['group'] = 'haproxy' 3 | default['haproxy']['config_directory'] = '/etc/haproxy' 4 | -------------------------------------------------------------------------------- /cookbooks/haproxy/files/ubuntu-12.04/haproxy_1.5-dev22-r1_amd64.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/python/psf-chef/master/cookbooks/haproxy/files/ubuntu-12.04/haproxy_1.5-dev22-r1_amd64.deb -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/recipes/client.rb: -------------------------------------------------------------------------------- 1 | include_recipe "collectd::client_graphite" 2 | 3 | %w(disk load cpu memory interface swap).each do |plug| 4 | collectd_plugin plug 5 | end 6 | -------------------------------------------------------------------------------- /roles/coverity.rb: -------------------------------------------------------------------------------- 1 | name "coverity" 2 | description "Coverity scan server" 3 | # Owner: Christian Heimes 4 | 5 | run_list [ 6 | "recipe[build-essential]", 7 | ] 8 | -------------------------------------------------------------------------------- /roles/evote.rb: -------------------------------------------------------------------------------- 1 | name "evote" 2 | description "EVote web2py application" 3 | # Owner: David Mertz/Massimo 4 | run_list [ 5 | "recipe[psf-evote]", 6 | "role[postfix-relay]", 7 | ] 8 | -------------------------------------------------------------------------------- /cookbooks/user/.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | gemfile: 3 | - test/support/Gemfile 4 | rvm: 5 | - 1.9.3 6 | script: BUNDLE_GEMFILE=test/support/Gemfile bundle exec rake test foodcritic 7 | -------------------------------------------------------------------------------- /cookbooks/psf-debbuild/files/default/python-virtualenv_1.10.1-1_all.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/python/psf-chef/master/cookbooks/psf-debbuild/files/default/python-virtualenv_1.10.1-1_all.deb -------------------------------------------------------------------------------- /cookbooks/psf-evote/README.md: -------------------------------------------------------------------------------- 1 | # psf-evote cookbook 2 | 3 | # Usage 4 | 5 | Add `recipe[psf-evote]` to run list. 6 | 7 | # Author 8 | 9 | Author:: Noah Kantrowitz 10 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/resources/script.rb: -------------------------------------------------------------------------------- 1 | default_action :install 2 | 3 | attribute :name, :kind_of => String, :name_attribute => true 4 | attribute :command, :kind_of => String, :required => true 5 | -------------------------------------------------------------------------------- /cookbooks/haproxy/recipes/default.rb: -------------------------------------------------------------------------------- 1 | haproxy 'haproxy' do 2 | user node['haproxy']['user'] 3 | group node['haproxy']['group'] 4 | config_directory node['haproxy']['config_directory'] 5 | end 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/haproxy/templates/default/global.cfg.erb: -------------------------------------------------------------------------------- 1 | global 2 | log 127.0.0.1 local0 3 | log 127.0.0.1 local1 notice 4 | maxconn 4096 5 | user <%= @haproxy.user %> 6 | group <%= @haproxy.group %> 7 | -------------------------------------------------------------------------------- /cookbooks/haproxy/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/stud/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/user/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /roles/wiki.rb: -------------------------------------------------------------------------------- 1 | name "wiki" 2 | description "Python wiki site" 3 | # Owner: Noah Kantrowitz (I guess? Sigh) 4 | 5 | run_list [ 6 | 'recipe[psf-moin]', 7 | 'role[postfix-relay]', 8 | ] 9 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/templates/default/nginx_static.conf.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef 2 | # Local modifications will be overwritten 3 | 4 | server { 5 | server_name <%= @domain %>; 6 | root <%= @root_dir %>; 7 | } 8 | -------------------------------------------------------------------------------- /cookbooks/psf-rsnapshot/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file. 2 | # Lines that start with '# ' are comments. 3 | 4 | # emacs 5 | *~ 6 | 7 | # vim 8 | *.sw[a-z] 9 | 10 | # subversion 11 | */.svn/* 12 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/resources/client.rb: -------------------------------------------------------------------------------- 1 | default_action :install 2 | actions :remove 3 | 4 | attribute :name, :kind_of => String, :name_attribute => true 5 | attribute :server_role, :kind_of => String, :default => nil 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/user/test/support/Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | gem 'rake' 4 | gem 'minitest' 5 | gem 'chef', (ENV['CHEF_VERSION'] ? ENV['CHEF_VERSION'] : '~> 0.10.8') 6 | gem 'foodcritic', :platforms => :ruby_19 7 | -------------------------------------------------------------------------------- /environments/README.md: -------------------------------------------------------------------------------- 1 | Requires Chef 0.10.0+. 2 | 3 | This directory is for Ruby DSL and JSON files for environments. For more information see the Chef wiki page: 4 | 5 | http://wiki.opscode.com/display/chef/Environments 6 | -------------------------------------------------------------------------------- /roles/loadbalancer.rb: -------------------------------------------------------------------------------- 1 | name "loadbalancer" 2 | description "PSF load balancer" 3 | run_list [ 4 | "recipe[psf-loadbalancer::heartbeat]", 5 | "recipe[psf-loadbalancer::haproxy]", 6 | "recipe[psf-loadbalancer::stud]", 7 | ] 8 | -------------------------------------------------------------------------------- /cookbooks/user/templates/default/authorized_keys.erb: -------------------------------------------------------------------------------- 1 | # 2 | # Generated by Chef for <%= @user %>@<%= node['fqdn'] %>. 3 | # Local modifications will be overwritten. 4 | # 5 | <% @ssh_keys.each do |key| -%> 6 | <%= key %> 7 | <% end -%> 8 | -------------------------------------------------------------------------------- /cookbooks/pypy-codespeed/README.md: -------------------------------------------------------------------------------- 1 | Configuration for speed.pypy.org has moved to salt: 2 | https://github.com/python/psf-salt/tree/master/salt/codespeed 3 | and 4 | https://github.com/python/psf-salt/blob/master/pillar/base/codespeed.sls 5 | -------------------------------------------------------------------------------- /roles/pypy-codespeed.rb: -------------------------------------------------------------------------------- 1 | name "pypy-codespeed" 2 | description "Frontend for PyPy codespeed instance" 3 | # Owner: Alex Gaynor 4 | run_list [ 5 | "recipe[pypy-codespeed::pgbouncer]", 6 | "recipe[pypy-codespeed]", 7 | ] 8 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/test/data_bags/secrets/postgres.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "postgres", 3 | "pycon2014": { 4 | "hostname": "localhost", 5 | "user": "psf-pycon", 6 | "password": "pycon", 7 | "database": "psf-pycon" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/templates/default/nginx_redirect.conf.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef 2 | # Local modifications will be overwritten 3 | 4 | server { 5 | server_name <%= @existing_domain %>; 6 | return 301 $scheme://<%= @new_domain %>$request_uri; 7 | } 8 | -------------------------------------------------------------------------------- /cookbooks/haproxy/metadata.rb: -------------------------------------------------------------------------------- 1 | name "haproxy" 2 | maintainer "Noah Kantrowitz" 3 | maintainer_email "noah@coderanger.net" 4 | license "Apache 2.0" 5 | description "Install and configure HAProxy" 6 | version "0.0.5" 7 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/recipes/heartbeat.rb: -------------------------------------------------------------------------------- 1 | 2 | include_recipe "heartbeat" 3 | 4 | secrets = data_bag_item('secrets', 'heartbeat') 5 | 6 | heartbeat "psf-loadbalancer" do 7 | authkeys secrets['secrets'][0] 8 | resources "140.211.10.69" 9 | end 10 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/metadata.rb: -------------------------------------------------------------------------------- 1 | name "pgbouncer" 2 | maintainer "Noah Kantrowitz" 3 | maintainer_email "noah@coderanger.net" 4 | license "Apache 2.0" 5 | description "Install and configure pgbouncer" 6 | version "0.0.1" 7 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/README.md: -------------------------------------------------------------------------------- 1 | Misc. stuffs to configure PSF systems. 2 | 3 | ##Scripts Usage 4 | 5 | ###fix-deny-hosts 6 | - run this ala `sudo fix-deny-hosts 0.0.0.0` to unbannnnnnn an ip 7 | - don't worry, it'll try to keep you from doing something stupid 8 | 9 | -------------------------------------------------------------------------------- /cookbooks/stud/metadata.rb: -------------------------------------------------------------------------------- 1 | name "stud" 2 | maintainer "Benjamin W. Smith" 3 | maintainer_email "benjaminwarfield@just-another.net" 4 | license "Apache 2.0" 5 | description "Install and configure stud" 6 | version "0.0.5" 7 | -------------------------------------------------------------------------------- /data_bags/users/haypo.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "haypo", 3 | "comment": "Victor Stinner", 4 | "sudo": ["buildmaster", "python-speed"], 5 | "ssh_keys": [ 6 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIVzct/vFIVEAQ5aG8WJlJJWPNZYbVDyI5jwljst8mk haypo2017" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /roles/postfix-relay.rb: -------------------------------------------------------------------------------- 1 | name "postfix-relay" 2 | description "Utility role to install an outbound SMTP relay" 3 | run_list [ 4 | "recipe[postfix]", 5 | ] 6 | 7 | override_attributes({ 8 | :postfix => { 9 | :relayhost => 'mail.python.org', 10 | }, 11 | }) 12 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/templates/default/upstart.conf.erb: -------------------------------------------------------------------------------- 1 | description "start and stop pgbouncer" 2 | version "1.0" 3 | author "Noah Kantrowitz" 4 | 5 | start on startup 6 | stop on shutdown 7 | 8 | respawn 9 | 10 | exec /usr/sbin/pgbouncer /etc/pgbouncer/pgbouncer.ini 11 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | cookbook 'application_nginx', :git => 'https://github.com/coderanger/application_nginx.git' # Pending http://tickets.opscode.com/browse/COOK-3254 5 | cookbook 'apt' 6 | cookbook 'postgresql' 7 | cookbook 'database' 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | tmp 2 | .chef/psf-validator.pem 3 | .rake_test_cache 4 | site-cookbooks/**/metadata.json 5 | .vagrant 6 | .bundle 7 | .gems 8 | bin/ 9 | Gemfile.lock 10 | Berksfile.lock 11 | Vagrantfile 12 | data_bags/secrets/ 13 | data_bags/reprepro/ 14 | .chef_user 15 | .kitchen 16 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/metadata.rb: -------------------------------------------------------------------------------- 1 | name "rsnapshot" 2 | maintainer "Noah Kantrowitz" 3 | maintainer_email "noah@coderanger.net" 4 | license "Apache 2.0" 5 | description "Install and configure rsnapshot server and clients" 6 | version "0.0.3" 7 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # An sample Gemfile 2 | source "https://rubygems.org" 3 | 4 | gem "chef" 5 | gem "rake" 6 | gem "berkshelf", "~>1.4" 7 | gem "foodcritic" 8 | gem "chef-rewind" 9 | gem "chef-zero" 10 | gem "knife-reporter", :github => "benjaminws/knife-reporter", :branch => "development" 11 | -------------------------------------------------------------------------------- /cookbooks/stud/templates/default/upstart.conf.erb: -------------------------------------------------------------------------------- 1 | description "start and stop <%= @stud.resource_name %>" 2 | version "1.0" 3 | author "Noah Kantrowitz" 4 | 5 | start on startup 6 | stop on shutdown 7 | 8 | respawn 9 | 10 | exec /usr/bin/stud --config=/etc/stud/<%= @stud.name %>.conf 11 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Martin von Löwis" 2 | maintainer_email "" 3 | license "Apache 2.0" 4 | description "Configuration related to the PSF advocacy site" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 | version "0.0.1" 7 | -------------------------------------------------------------------------------- /roles/redesign-staging.rb: -------------------------------------------------------------------------------- 1 | name "redesign-staging" 2 | description "Staging server for web redesign project" 3 | # Owners: Jacob Kaplan-Moss , Frank Wiles 4 | run_list [ 5 | "recipe[pydotorg-redesign::staging]", 6 | "recipe[pydotorg-redesign::elasticsearch]" 7 | ] 8 | -------------------------------------------------------------------------------- /cookbooks/psf-rsnapshot/metadata.rb: -------------------------------------------------------------------------------- 1 | name "psf-rsnapshot" 2 | maintainer "Noah Kantrowitz" 3 | maintainer_email "noah@coderanger.net" 4 | license "Apache 2.0" 5 | description "Setup backups for all PSF specific things" 6 | version "0.0.2" 7 | 8 | depends "rsnapshot" 9 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/providers/backup.rb: -------------------------------------------------------------------------------- 1 | action :backup do 2 | node.set['rsnapshot_backups'] ||= {} 3 | node.set['rsnapshot_backups'][new_resource.directory] = { 4 | 'directory' => new_resource.directory, 5 | 'options' => new_resource.full_options, 6 | } 7 | end 8 | 9 | action :remove do 10 | raise 'later' 11 | end 12 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Noah Kantrowitz" 2 | maintainer_email "noah@coderanger.net" 3 | license "Apache 2.0" 4 | description "Configuration related to the PSF systems in general" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 | version "0.0.1" 7 | 8 | depends "sudo" 9 | -------------------------------------------------------------------------------- /roles/debbuild.rb: -------------------------------------------------------------------------------- 1 | name "debbuild" 2 | description "Ubuntu APT Server" 3 | run_list [ 4 | "recipe[java]", 5 | "recipe[reprepro]", 6 | "recipe[psf-debbuild]", 7 | "recipe[psf-debbuild::warehouse]", 8 | ] 9 | override_attributes({ 10 | :reprepro => { 11 | :enable_repository_on_host => true, 12 | }, 13 | }) 14 | -------------------------------------------------------------------------------- /cookbooks/psf-search/metadata.rb: -------------------------------------------------------------------------------- 1 | name "psf-search" 2 | maintainer "Donald Stufft" 3 | maintainer_email "donald@stufft.io" 4 | license "Apache 2.0" 5 | description "Setups up Nginx for Elasticsearch Cluster" 6 | version "0.0.2" 7 | 8 | depends "nginx" 9 | depends "firewall" 10 | -------------------------------------------------------------------------------- /.berkshelf-test-config.js: -------------------------------------------------------------------------------- 1 | { 2 | "chef": { 3 | "chef_server_url": "http://localhost:8889", 4 | "validation_client_name": "psf-validator", 5 | "validation_key_path": ".chef/psf-validator.pem", 6 | "client_key": ".chef/fake-client.pem", 7 | "node_name": "fake-node" 8 | }, 9 | "ssl": { 10 | "verify": false 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/metadata.rb: -------------------------------------------------------------------------------- 1 | name "moin" 2 | maintainer "Noah Kantrowitz" 3 | maintainer_email "noah@coderanger.net" 4 | license "Apache 2.0" 5 | description "Installs and configures moinmoin for wiki.python.org" 6 | version "0.0.2" 7 | 8 | depends "apache2" 9 | depends "python" 10 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/recipes/logging.rb: -------------------------------------------------------------------------------- 1 | template "/etc/rsyslog.d/25-pypi-logging.conf" do 2 | source "25-pypi-logging.conf.erb" 3 | backup false 4 | variables( 5 | :cdn => node["pypi"]["cdn"]["logging"], 6 | ) 7 | 8 | owner "root" 9 | group "root" 10 | mode "644" 11 | 12 | notifies :restart, "service[#{node['rsyslog']['service_name']}]" 13 | end 14 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/recipes/apt_pgdg_postgresql.rb: -------------------------------------------------------------------------------- 1 | include_recipe 'apt' 2 | 3 | apt_repository 'apt.postgresql.org' do 4 | uri 'http://apt.postgresql.org/pub/repos/apt' 5 | distribution "#{node['lsb']['codename']}-pgdg" 6 | components ['main', node['postgresql']['version']] 7 | key 'http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc' 8 | action :add 9 | end 10 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Alex Gaynor" 2 | maintainer_email "alex.gaynor@gmail.com" 3 | license "Apache 2.0" 4 | description "Configuration for pypy.org" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 | version "0.0.2" 7 | 8 | depends "sudo" 9 | depends "application_nginx" 10 | depends "mercurial" 11 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/recipes/backupall.rb: -------------------------------------------------------------------------------- 1 | rsnapshot_backup '/' do 2 | exclude '/dev/*' 3 | exclude '/media/*' 4 | exclude '/mnt/*' 5 | exclude '/proc/*' 6 | exclude '/sys/*' 7 | exclude '/tmp/*' 8 | exclude '/var/cache/apt/archives/*' 9 | exclude '/var/lib/schroot/*' 10 | exclude '/var/lock/*' 11 | exclude '/var/run/*' 12 | exclude '/var/tmp/*' 13 | end 14 | -------------------------------------------------------------------------------- /data_bags/users/coderanger.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "coderanger", 3 | "comment": "Noah Kantrowitz ", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvV0vQo3OpzqDFDBHW5o5abdbNJNNg9YkiawTpSnOusB+E9Hp2Pae1jT3r+7ZUqIIutXuNOPOefIy6oR0YuZhL6d9uhRIl9LMTB0XXzj5aW5ZbbGO6nsaERQUU3ALYzrwxgX8kLvCcAQmrVhhRH88Zqo4lkRkxXpN1LdPANh9qa0= coderanger@alfred" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-debbuild/metadata.rb: -------------------------------------------------------------------------------- 1 | name "psf-debbuild" 2 | maintainer "Donald Stufft" 3 | maintainer_email "donald@stufft.io" 4 | license "Apache 2.0" 5 | description "Installs and configures builders" 6 | version "0.0.19" 7 | 8 | depends "reprepro" 9 | depends "poise" 10 | depends "jenkins" 11 | depends "postgresql" 12 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # Logging Configuration 2 | default["pypi"]["cdn"]["logging"]["app_name"] = "pypicdn" 3 | default["pypi"]["cdn"]["logging"]["process_script"] = "/data/pypi/tools/rsyslog-cdn.py" 4 | 5 | # Warehouse Domain Setup 6 | default["warehouse"]["domains"] = ["pypi.python.org"] 7 | 8 | # Warehouse Elasticsearch Setup 9 | default["warehouse"]["elasticsearch"]["hosts"] = [] 10 | -------------------------------------------------------------------------------- /cookbooks/psf-evote/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'psf-evote' 2 | maintainer 'Noah Kantrowitz' 3 | maintainer_email 'noah@coderanger.net' 4 | license 'Apache 2' 5 | description 'Installs/Configures Evote' 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version '0.1.1' 8 | 9 | depends 'git' 10 | depends 'python' 11 | depends 'gunicorn' 12 | depends 'supervisor' 13 | -------------------------------------------------------------------------------- /cookbooks/cron/metadata.rb: -------------------------------------------------------------------------------- 1 | name "cron" 2 | maintainer "Opscode, Inc." 3 | maintainer_email "cookbooks@opscode.com" 4 | license "Apache 2.0" 5 | description "Installs cron" 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version "1.2.8" 8 | 9 | %w{redhat centos scientific fedora amazon debian ubuntu raspbian}.each do |os| 10 | supports os 11 | end 12 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Noah Kantrowitz" 2 | maintainer_email "noah@coderanger.net" 3 | license "Apache 2.0" 4 | description "Configuration related to the PSF load balancers" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 | version "0.0.35" 7 | 8 | depends "heartbeat" 9 | #depends "jn_sysctl" 10 | depends "haproxy" 11 | depends "stud" 12 | -------------------------------------------------------------------------------- /cookbooks/user/test/providers/account_spec.rb: -------------------------------------------------------------------------------- 1 | require 'minitest/autorun' 2 | require File.expand_path(File.join(File.dirname(__FILE__), '../spec_helper')) 3 | 4 | describe 'Chef::Provider::UserAccount' do 5 | include ProviderMixins 6 | 7 | let(:cookbook) { :user } 8 | let(:lwrp) { :account } 9 | 10 | before { @it = load_provider(cookbook, lwrp).new } 11 | after { unload_provider(cookbook, lwrp) } 12 | end 13 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/metadata.rb: -------------------------------------------------------------------------------- 1 | name "psf-monitoring" 2 | maintainer "Benjamin W. Smith" 3 | maintainer_email "benjaminwarfield@just-another.net" 4 | license "Apache 2.0" 5 | description "Install and configure Monitoring Tools" 6 | version "0.0.2" 7 | 8 | depends "riemann" 9 | depends "runit" 10 | depends "graphite" 11 | depends "apt" 12 | depends "collectd" 13 | depends "firewall" 14 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default['nodejs']['version'] = "0.10.11" 2 | default['nodejs']['src_url'] = "http://nodejs.org/dist" 3 | default['nodejs']['dir'] = "/usr/local" 4 | default['nodejs']['checksum_linux_x64'] = '0fa2be9b44d6acd4bd43908bade00053de35e6e27f72a2dc41d072c86263b52a' 5 | default['nodejs']['checksum_linux_x86'] = '2a08c5d1e19591ec8ea0fbd54f7a17ebbce447eb6b98d1a89392969cee24c949' 6 | 7 | node.set['postgresql']['version'] = '9.3' 8 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/templates/default/warehouse.upstart.conf.erb: -------------------------------------------------------------------------------- 1 | description "Wsrehouse" 2 | 3 | start on (filesystem) 4 | stop on runlevel [016] 5 | 6 | respawn 7 | console log 8 | setuid warehouse 9 | setgid warehouse 10 | chdir /opt/warehouse 11 | 12 | <% @environment.each_pair do |key, value| %> 13 | env <%= key %>=<%= value %> 14 | <% end %> 15 | 16 | exec /opt/warehouse/bin/gunicorn -c /opt/warehouse/etc/gunicorn.config.py warehouse.wsgi 17 | -------------------------------------------------------------------------------- /roles/elasticsearch.rb: -------------------------------------------------------------------------------- 1 | name "elasticsearch" 2 | description "Search Index Server" 3 | run_list [ 4 | "recipe[java]", 5 | "recipe[elasticsearch]", 6 | "recipe[psf-search]", 7 | ] 8 | override_attributes({ 9 | :elasticsearch => { 10 | :version => "0.90.6", 11 | :network => { 12 | :host => "_eth2_", 13 | }, 14 | }, 15 | :java => { 16 | :oracle => { 17 | "accept_oracle_download_terms" => true 18 | }, 19 | }, 20 | }) 21 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | delete: 2 | knife ec2 server list | tail +2 | grep running | awk '{print $$1;}' | xargs -n 1 knife ec2 server delete -y 3 | yes | knife node bulk_delete 'i-.*' 4 | 5 | ip: 6 | @knife ec2 server list | tail +2 | grep running | awk '{print $$2;}' 7 | 8 | ssh: 9 | ssh -o StrictHostKeyChecking=no "ubuntu@$$(make ip)" 10 | 11 | trace: 12 | @ssh -o StrictHostKeyChecking=no "ubuntu@$$(make ip)" cat /var/chef/cache/chef-stacktrace.out 13 | @echo 14 | 15 | -------------------------------------------------------------------------------- /cookbooks/cron/templates/default/cron.d.erb: -------------------------------------------------------------------------------- 1 | # Crontab for <%= @name %> managed by Chef. Changes will be overwritten. 2 | <% if @mailto -%> 3 | MAILTO=<%= @mailto %> 4 | <% end -%> 5 | <% if @path -%> 6 | PATH=<%= @path %> 7 | <% end -%> 8 | <% if @shell -%> 9 | SHELL=<%= @shell %> 10 | <% end -%> 11 | <% if @home -%> 12 | HOME=<%= @home %> 13 | <% end -%> 14 | 15 | <%= @minute %> <%= @hour %> <%= @day %> <%= @month %> <%= @weekday %> <%= @user %> <%= @command %> 16 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | cookbook "collectd", :git => "https://github.com/miah/chef-collectd.git", :ref => "tags/1.0.8" 4 | cookbook "riemann", :git => "https://github.com/benjaminws/riemann-chef.git", :ref => "a6882ef7bad0d842f42f2fa97acbefd7d0d29c38" 5 | cookbook "runit" 6 | cookbook "graphite", :git => "git://github.com/hw-cookbooks/graphite.git", :ref => "39b0e35d437a7a8d4a8ce09e2617fdda4c917801" 7 | cookbook "apt" 8 | cookbook "firewall" 9 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/resources/user.rb: -------------------------------------------------------------------------------- 1 | attribute :name, :name_attribute => true 2 | attribute :password, :kind_of => [String, NilClass] 3 | attribute :hash, :equal_to => %{plain md5 crypt}, :default => 'md5' 4 | 5 | def password_hash 6 | case self.hash 7 | when 'plain' 8 | self.password 9 | when 'md5' 10 | require 'digest/md5' 11 | 'md5' + Digest::MD5.hexdigest(self.password + self.name) 12 | when 'crypt' 13 | raise 'Not implemented' 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/attributes/default.rb: -------------------------------------------------------------------------------- 1 | node.set['graphite']['carbon']['line_receiver_port'] = 2002 2 | node.set['graphite']['carbon']['line_receiver_interface'] = "127.0.0.1" 3 | node.set['graphite']['carbon']['pickle_receiver_interface'] = "127.0.0.1" 4 | node.set['graphite']['carbon']['cache_query_interface'] = "127.0.0.1" 5 | node.set['riemann']['server'] = '140.211.10.83' 6 | node.set['collectd']['version'] = '4.10' 7 | node.set['graphite']['server_address'] = '140.211.10.83' 8 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/resources/retain.rb: -------------------------------------------------------------------------------- 1 | attribute :name, :kind_of => String, :name_attribute => true 2 | attribute :count, :kind_of => Integer, :default => 1 3 | attribute :minute, :kind_of => [Integer, String], :default => '*' 4 | attribute :hour, :kind_of => [Integer, String], :default => '*' 5 | attribute :day, :kind_of => [Integer, String], :default => '*' 6 | attribute :month, :kind_of => [Integer, String], :default => '*' 7 | attribute :weekday, :kind_of => [Integer, String], :default => '*' 8 | -------------------------------------------------------------------------------- /cookbooks/psf-debbuild/recipes/warehouse.rb: -------------------------------------------------------------------------------- 1 | # Install the PyPy PPA 2 | apt_repository "pypy" do 3 | uri "http://ppa.launchpad.net/pypy/ppa/ubuntu" 4 | distribution node['lsb']['codename'] 5 | components ["main"] 6 | keyserver "keyserver.ubuntu.com" 7 | key "2862D0785AFACD8C65B23DB0251104D968854915" 8 | end 9 | 10 | # Install PyPy 11 | package "pypy" 12 | 13 | # Install Invoke 14 | python_pip "invoke" do action :upgrade end 15 | python_pip "wheel" do action :upgrade end 16 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Ernest W. Durbin III" 2 | maintainer_email "ewdurbin@gmail.com" 3 | license "Apache 2.0" 4 | description "Configuration for us.pycon.org staging and production" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 | version "0.0.44" 7 | 8 | depends "sudo" 9 | depends "application_python" 10 | depends "application_nginx" 11 | depends "nodejs" 12 | depends "git" 13 | depends "firewall" 14 | depends "cron" 15 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/files/default/rsync.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import os 3 | import re 4 | import shlex 5 | import sys 6 | 7 | cmd = os.environ.get('SSH_ORIGINAL_COMMAND') 8 | if not cmd: 9 | print 'No command given' 10 | sys.exit(1) 11 | 12 | if re.match(r'^rsync --server --sender -[a-zA-Z0-9.]+ --numeric-ids . [a-zA-Z0-9_/-]+$', cmd): 13 | cmd_args = shlex.split(cmd) 14 | os.execv('/usr/bin/rsync', cmd_args) 15 | else: 16 | print 'Command %r unnacceptable'%cmd 17 | sys.exit(1) 18 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/files/default/fix-deny-hosts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | IP_ADDR="$1" 4 | 5 | if [[ ${IP_ADDR} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then 6 | echo "Cleaning up denyhosts for ${IP_ADDR}" 7 | else 8 | echo "Sorry, you did not provide an actual ip address" 9 | exit 1 10 | fi 11 | 12 | service denyhosts stop 13 | 14 | for file in /var/lib/denyhosts/*; do 15 | sed -i "/${IP_ADDR}/d" "$file" 16 | done 17 | 18 | sed -i "/${IP_ADDR}/d" /etc/hosts.deny 19 | 20 | service denyhosts start 21 | -------------------------------------------------------------------------------- /data_bags/users/jezdez.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "jezdez", 3 | "comment": "Jannis Leidel", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtWlcfMDSuv88RRhWYjLRlryypTPTFeuUJqFjJNqWpk3HiIgW6MwKq68ZgTiyBeuwHDbpzz5ixl4OCb+k4nySfUoL1A+JR6ECGii11+go6zpl2I/CZDHEEv9hlhzGtxQXVgeHWu/8iP/2c0ya7kHpdsuU/S+1ex0SwJPMxionofpQFTqmwlRrDM/EWoTiRp70hJpoEg33R1KbD9RqtJ4jQXjpNq78Cza/7ZhnaFLCS/mBUSUQxBCf/jo5PI1UhR2X4MfV8EI//hQa/o4cKTjouswRf2H6PwqCPtJ4G1Lozu20YyMhgZmaXpzoOpgh3bLv8QLC6LXqwu7h8SEk2QcpDQ==" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /roles/rsnapshot.rb: -------------------------------------------------------------------------------- 1 | name "rsnapshot" 2 | description "RSnapshot backup server" 3 | # Owner: Noah Kantrowitz 4 | 5 | run_list 'recipe[psf-postgresql::92]','recipe[rsnapshot::server]', 'recipe[psf-rsnapshot::postgres]' 6 | 7 | override_attributes({ 8 | rsnapshot: { 9 | server: { 10 | retain: { 11 | hourly: { 12 | count: 4, 13 | hour: '*/6', 14 | }, 15 | daily: { 16 | count: 7, 17 | } 18 | }, 19 | }, 20 | }, 21 | }) 22 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/templates/default/25-pypi-logging.conf.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef 2 | # Local modifications will be overwritten 3 | 4 | $ModLoad omprog 5 | $ActionOMProgBinary <%= @cdn['process_script'] %> 6 | 7 | # Don't filter duplicate lines 8 | $RepeatedMsgReduction off 9 | 10 | # Send all logging to a process, then discard it 11 | :app-name, isequal, "<%= @cdn['app_name'] %>" :omprog: 12 | :app-name, isequal, "<%= @cdn['app_name'] %>" ~ 13 | 14 | # Turn back on filtering duplicate lines 15 | $RepeatedMsgReduction on 16 | -------------------------------------------------------------------------------- /data_bags/users/eric.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "eric", 3 | "comment": "Eric Holscher", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "sssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxfyp7EWNLOYfV1qv8rI7Hrh3JuKwbba0aNEUxdXC79GMONoU/Yde3dQp8kHvPPaTue1tu0qJDpIZecWPOrjsBRshCGeGEicuTcLmnibwwvofPb9KZl0k/hHy1IzlvYeoA/3LXCDSnlrh5vLYDZorcRXzN817zeHxV2h2ltuM9tNO6QO+SfYGoxuctgjg9kmLDTzTGUTfLoka+cRPghSty+B7YrNI/F4eNCknU+afNffuJp03F0w4S9nkSpGACSHp+VGtCP2kDgTRjs+kcRrfWZ1pzFPBGnmOX0VIf9lfoljBM9aSFv91I8OHiak9IUNS0hI54rO7VD7nz7jDU1qyQw== eric@Bahamut" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/jnoller.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "jnoller", 3 | "comment": "Jesse Noller", 4 | "sudo": ["rpi"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDNacce5gEL8FZI4m+aWRyKx4p0L+stVoRFWV7OeAh/s5yx3pVsAkxKJUTmCE8JDKs3VqTMADTclwk9/PkK6N5TtcVz+FPkikLTqoHjZ20s6jwtOwQBmjTCvb2v8ARsftldXmlJTCVOWS8gcBOMxtLa+rl1fERcomqcz1bPGoUnZ+WbkM6DBNoJZygfzQ7cLdsE92/F/27ggH9BqxO2HyLCkQBQLZyQwpyxcEWpI/WSe2zMvAHL04O2bdjiY7Q37FgO7/jP/1AU6UtDCRv5KB0QT1PXhNRURWEwdm/xiJ7Ts0vPK861rRVoHKgTU06zjh0wopT2F3RMyd48IoLVFV7 jesse@ack.home" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/rbauer.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "rbauer", 3 | "comment": "Reimar Bauer", 4 | "sudo": ["wiki"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN6dtR0q/fsBl+U3QkPdQ2ISt/1Axe8/0vFbdG1EsRz+pRK/jeuC+xIZPYsKhKtY4rIt+34lnxUdpf1sAPHKu5biVGuV9JX/Wcl8CCQBUEEx5XGZAVb/A1nlv10xnu9VbsK40jbkPKoLm5RoJQgUzTO3kBCiHelM76ls8qhQIBus6QHjLzT4xoFnUMqG6ukMYfX62jKCvoTK8gUrv/phkomvb2jUKEA/49RJxN6Dm1uyppvpKJ3fSwffg+RrD1EpyAeJI1IckOo1310eqpaQMFG9LRxk3Fy2QohyD+IRVB2gDVSssmdCQ1gyF6DUjYcSCDk5loFy+urGcox8jfwXzt Reimar Bauer" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/recipes/local_db.rb: -------------------------------------------------------------------------------- 1 | # Setup postgres locally for testing 2 | db = data_bag_item("secrets", "postgres")["pycon2014"] 3 | 4 | postgresql_database_user db['user'] do 5 | connection host: "127.0.0.1", port: 5432, username: 'postgres', password: node['postgresql']['password']['postgres'] 6 | password db['password'] 7 | end 8 | 9 | postgresql_database db['database'] do 10 | connection host: "127.0.0.1", port: 5432, username: 'postgres', password: node['postgresql']['password']['postgres'] 11 | owner db['user'] 12 | end 13 | -------------------------------------------------------------------------------- /data_bags/users/melotti.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "melotti", 3 | "comment": "Ezio Melotti ", 4 | "sudo": [], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm1FUCa4Q+cKyMIg4QX4dszX+Wnj216HHCkHMgf2L0chYZVPvbWzboJqs+peInkWnXwYBnmJFdiHSxkwY4fnv1P3o+fb5wcl3fv0/kqIwcC+iavKlDOeBI51FP2s++QpvD5cU6rW202b8k2K5COJ5mlkIvgfhiyRYnR4LbHePLG+jd/4I6gCtUcGTQqwNaJOzRzvaviRd395S7+I8L35iWt1zTNck9II1gCvfcCLeM7XYtogFBq1LW5BZ9f+hZtJC0RcIpihHeoSNW7bmqWH5d0noQrBaKQfz5xm2BlQPM82/QWGUSZjPphynrCV8rYtitM3nkBl5zIxHsfoQbsp5ZQ== None" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/mmangoba.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "mmangoba", 3 | "comment": "Mark Mangoba ", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDIyIjqd+6mIvByOemz5H891/RgA92JiFsNS82l5QmRkfX0B8zBwnXFEECi3lIF/wcQD+zUNyZw8YkTzQG4MK5gTPKTkjoUYX1pZC206yzhHnJtD1GXE5tAog8wzYl/jL4s/eeAdYYctPdUTj96zfzhOhVPttx4PfOn6hvruCm247sJ4+BQuXSyWtzCHJSQUw5ZK+6gQHXuhVNhlfdom4WBnB6kU4ajuHr3pc+x9qtFXsPllJylXluK+97CG4MQnJeP+Zzv9bInSP6pOgbmTml2pMtw3K+IQS6FWsWZW2IHDqyBIMRIv99CLaiYJV0H4feqk3z48N20xQwhyIzlDRN" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/eliben.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "eliben", 3 | "comment": "Eli Bendersky", 4 | "sudo": ["buildmaster"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuz/lWvUeomtN53PVbfybsYuwA8ZGYq+FzexbAC9ErFVHc27looSbz1CMkSBghUO0GlKHG7j/rkwRGQhhavPlYiOZzKx3Y2W/zPx+EiTUrHIFnCejhNkQQm4PpYWsjUlgQPAmcMafd7JC4hz8t2emMavI5DG3tyqNihHB5DtX+hQ3lJ51VyD9Ky2ihtAZGfOPSnuRx81EFPAD75uSCxTOvNuPEjCHvkSynsz+tDKCwjAIr7oGlkp/stmWKpqGfiKMVXC4UCskAHSdZgbUTkTWoz6E6K3pqESdFa+nEBzwyyICaBrTyg25tEnIml+OSIjss9rSncijNJibhz6CRL/vmQ== eliben@eliben-desktop" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/lemburg.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "lemburg", 3 | "comment": "Marc-Andre Lemburg", 4 | "sudo": ["wiki"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaPO2fk5o6Z41WALEBvErRsYC0Ozjg4VmhDSisvKAnUKss1jYoA1bJ0wR7jFPL7TU6j2LBcyuHMEylU9OWdWaMsSaFy/Jyiw+/fApSRwU0+1yP8qUaeEwQHRv5g426KExvRtxmPx6bw3drpdBv9vaEhTLYbE4yl27lZIYY9c50l9oSPoFfDZg8XZuXqsHY6/BSFxtw0PDUd/qKYZycX4C9AMg4FQocz6Lc4MFbIZaJOFRyfsX6HPAWkY2O0MDydikA83eWg7AEZHmJUyV9QZcrOLutAQfEOdA7XfDkdUkR6bnR/PIjWo7k+4H4UdSBS1bDbEcUsKAGIhiwJmGBdkjj marc-andre.lemburg" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/twaldmann.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "twaldmann", 3 | "comment": "Thomas Waldmann", 4 | "sudo": ["wiki"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw8SBifjGDAMOgqQH5CGH2zqubePOYH7KgytBlW9K+qOMGjxTlIXmfqdotvegw8ebrmx9W2YoybJoXC9+qrl4vcczjyhXu/g/4PU2WWEvY3bSZEFCxuG0kPyPzOKMTth7yYNIb0k4VEVx46QlTKkfIJdzr8oQ8nar02sA3G8pkWygyvhKhqkZCCdrd+8nnJLSfCLY92qtAArcX0hlqhEf1fnvUkmqvqfDbwnqDoNs4wgcuXSsMSE4TV8IWH2CAhd3Fmkpzh8tBcdI6iXH/ThnsBO1XTKy+w8dOnFtS+GRGyc+gwYgNTiI71ZnlGAuI5mvmNFBWauUXkvdh8JjAqeqEw== tw@black.tw_rsa_2008" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/alex_gaynor.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "alex_gaynor", 3 | "comment": "Alex Gaynor", 4 | "sudo": ["pypy-home", "pypy-codespeed"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCOcQscO6WOu1q8x416ikxikp7+J86KY5CAOsqtHtghDMvoG+VCBJ9vJQJvt5M97lsdtSErhdNBZKdFXF2vyFsNBccE4AoBWDuuTSOoA4NjkCXQTpcKkb0xfjuv4z1TS6N/i6fk53G/j3iT2zO7SWrcA9v5pmr3Teiy0VfWR6o6Tw55ROjBE1C8FE2fsz+ZWLVJrYUo/EE7WHlajN7Rh8/gMWBdDVcNJ/g78nso6nvvr4Kfbr1Im34Cz+HuZx+GW2/KbW3h9CoYlmMM4gboKh+gmr+3K8rIoiDsVm7iJd2mrfCcq+MZ6ugoAgOnvayuyPU52eKvyMGy8pAH9T7+qVl5" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/zware.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "zware", 3 | "comment": "Zach Ware", 4 | "sudo": ["buildmaster", "python-speed"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5vqLruv6gzJgZ7zaKJnaWzzWAW7azAtetqMPVN+67cGMcQtnRmG2ih6UOXc1fA0fuZudKBgqlRw3Yg2UcT8ehP505PoHVuq+j0uZ4ogzQ8BJbZIaMEfbPXdzwUfqU3Ju3sur0XQYu0HHexKUU6ZZjjwl5LOmw9dTtY0cb7N7emePy//c7IaDuNsWg+4zaTDUwEhyWLVw6Ev4e0b1ufDxTvHqRXMVCfq0IYMsRXcg8+88GGF8kIS4QMbX/GcsFfOLHj35aJbAk6dqcCZWXWX/bRL937KYl9zENOkvlRbodEZqufDBsa+7Dm29LeV9JPfKJU3+5qM/LkfYPBiw1rH0L zach@screamer" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/bitdancer.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "bitdancer", 3 | "comment": "R. David Murray", 4 | "sudo": ["buildmaster"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuYcpQYf83SgoEg4cOkHhJMm8w5+THrouyoCkOeZvoy+Zr0ofYgq9kARwIntORan+RYqmKsuMBjv2hGaiy0gz8REZU07LoE+cokQ2OcqI2ieyQWL18SLU6dJRUKJR5QyStZm/URUHQsE/b13qL6FXqJ5XmOcJNKTTOkvSvoG2Jcgi1aajY1ZMLfAq0VKqI+o6007SMOFC3HILlwcJAmPeRxz5Tf2xT5A26leqWo+Qvi4BPxe6DsbbVF2BmmMguOTNqW/TgOwmGtb2/q/VLF9mJJesAkVFaFI3It2a/ymuyj+hpFLaMBOrEgdtqHtWF7dnOGBBSak1r5hLYwV/SmSH7 rdmurray@hey 20140909" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/lvh.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "lvh", 3 | "comment": "lvh <_@lvh.io>", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0ofk7RiX74N2ElJerfWvtQxq9/ZlAMyymrHS7ovZm1AeT+MtpqOSEamgWKZ4rYBpgRZ5vhDPw6+MuT1RafYCDvuxvM+f/roZwgEsiDI1+PPMYhFHGSrZDZR2z4WmyiCwBz30/QFfD5Yy90H0KnwCRJtdjpj6GcR8EtsMdTeq86rzr9uUSBm2CT+IScDn7F2P9IhnEXMDLUtK/6v8LakKk8jcJzXzTGxv/dIfyb8TDaLGht92FAJF8gS80OgwbIKBs+lUbI1FQICMcw5Lp5hMRm+Chtkn331E9VT7M4Q7weU7Ib4+86FLGL1OJn+yOgUIzulfJLTlg6ENld0YK/K5P lvh" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/metadata.rb: -------------------------------------------------------------------------------- 1 | name "psf-pypi" 2 | maintainer "Noah Kantrowitz" 3 | maintainer_email "noah@coderanger.net" 4 | license "Apache 2.0" 5 | description "Installs and configures PyPI" 6 | version "0.0.24" 7 | 8 | depends "pgbouncer" 9 | depends "rsyslog" 10 | depends "postgresql" 11 | depends "mercurial" 12 | depends "python" 13 | depends "nginx" 14 | depends "supervisor" 15 | depends "gunicorn" 16 | depends "sysctl" 17 | -------------------------------------------------------------------------------- /data_bags/users/vkurup.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "vkurup", 3 | "comment": "Vinod Kurup ", 4 | "sudo": ["rpi"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiTwxbWvOyQTj78k4H/45uLE6aM967bOT3rv1O45krss0EOOLdOjORg5jc8x2ToP9OI0psiz7A3eAES5yqvwT61W9FaGdYWDe1p4XrucqkjnlBLmbsU6sy2nM1MxkCw1O6ZB+Z3PRzYJ8VB7CrS5PKB0ny86zoyTtmZWUsNNICc+OsKWwI1tV0Q/CV+Noz07Mm0aQhdM0EvsYophgSojxS3SeC1Vof/oeL8U0VJ19UxdHRelJ6P6P1EDdos5ub8jDePOrz79MOGefAj4IUlABWwC4RSI6PD54qZxvDeWpdAWT5HqAZxLgrzvwgYC2CM1N9h80Wb3mlPwViyVX/gc3z vkurup@caktusgroup.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/jeff.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "jeff", 3 | "comment": "Jeff Triplett", 4 | "sudo": ["redesign-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlqqTbxE1+YK4VB+1mPrGaXBUK7I7xP0/jZYYIqXy0luk7gCOfywUFn7POWxllLIKPfw/5sIZtjDacA6Ng6lFlsQvG2ofVZJiRdmfydUFAtmFiHDa/3ibvOAXdFw6xcxirvY6aUEEmMP0sCQffiVvwUpPE+HNZgV/n/3u39aEdNtRZ6j6UV6zw0Ld0YNcoSuQvyVWC9oZxaUGcu2n0DK1jRyD03I2rmR4jQBj+tBPx+npo+127ER8qLVc4G7zPlwKor0pywo1UugrKwEJK++kcshT6dfdtE4jvEpVhCDlywFHN6XXLbJjRM0Q8l5eWjeqIdCl0tG9wYElC3j8uvrjGQ== jefftriplett@rsa-Jeff-Tripletts-iMac.local" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/fwierzbicki.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "fwierzbicki", 3 | "comment": "Frank Wierzbicki ", 4 | "sudo": ["wiki"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAscNf5qrUYYXPjSJAjDPeZIwmxHJKf10sjBSoRXoD6nBfCoN+joPZIX+xxPZWqunFKcRxcaQCtxAOYLWDy2s4AfIe1oGv2gPZsrYOs3FrlSYSnvOgfbQzmqs1p7Jm5Rxwh/TKRonh8iYt8YD04z6oQ1/p1WkazsVXD/dekX0vC5PzMRMIpq3oUTJ1BaWbFQmh580r6J9mAgavxwuaOrDT/Ld73kvYwdFFbIuK1LRcYdQvuJDK8+y9qTk5shb8FtmAPLCwQV9S4OwItoZVUp29rCQgmPH3dOY1GB2EM2lus7mRRc4e371kIGKC5/jCLSeA0Jc4mATDvxSx45sSmygutw== frank@pacman.local" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/haproxy/resources/default.rb: -------------------------------------------------------------------------------- 1 | default_action :install 2 | actions :reload 3 | 4 | attribute :name, :name_attribute => true 5 | attribute :config_template, :kind_of => String 6 | attribute :service_template, :kind_of => String 7 | attribute :config_directory, :kind_of => String, :default => '/etc/haproxy' 8 | attribute :user, :kind_of => String, :default => 'haproxy' 9 | attribute :group, :kind_of => String, :default => 'haproxy' 10 | 11 | def resource_name 12 | if self.name != 'haproxy' 13 | "haproxy-#{self.name}" 14 | else 15 | 'haproxy' 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/README.md: -------------------------------------------------------------------------------- 1 | aptitude install apache2 2 | create /etc/apache2/sites-available/advocacy 3 | a2enmod rewrite 4 | a2dissite 000-default 5 | a2ensite advocacy 6 | mkdir /data/advocacy (was /data/www/advocacy) 7 | rsync -avz ximinez.python.org:/data/www/advocacy /data 8 | apt-get install webalizer 9 | rsync -avz ximinez.python.org:/data/webstats/advocacy /data/webstats 10 | create /etc/webalizer/advocacy.conf 11 | move logfiles to /var/log/apache2 12 | change /etc/logrotate.d/apache2 to daily, four days 13 | apt-get install munin 14 | ln -s /var/cache/munin/www munin 15 | -------------------------------------------------------------------------------- /data_bags/users/blaflamme.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "blaflamme", 3 | "comment": "Blaise Laflamme ", 4 | "sudo": ["pyramid-community"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArFTxEbdY2TofDXDDR/P9P6QreBRdCHD+suQ/pqBjFKOOuKj/pGHg439rrT8uPngk3ccyeQA2KjPzGaRJStEIYsIsDmC3qctodiHMTxFuxLrjnSBA/zzlUClspxEErx6+Unw4PEj8uRsvkuBg3GRAeDxkPjGwQXCxJszJR+gpweJLNH3Wf9LWNp/iLMSOZY0zaSiyVGFytWJl1xFn2TMiPMqrTwfuUBjFqLEN4U9VF3dOH0tpN4haHxNYco7FIKgDNYO1EwnO0I8CbiwRGu04b7/ZBV4b6mCfbj26WCPbKQqhEz4Hh+HGtHfVURNrkkYQHJeAh63kusLpsEmAT9bz7w== blaise@laflamme.org" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-evote/attributes/default.rb: -------------------------------------------------------------------------------- 1 | node.default['psf-evote']['development'] = false 2 | node.default['psf-evote']['dburi'] = 'sqlite://storage.sqlite' 3 | node.default['psf-evote']['email_sender'] = 'elections@python.org' 4 | node.default['psf-evote']['as_service'] = false 5 | node.default['psf-evote']['debug_mode'] = false 6 | node.default['psf-evote']['scheme'] = 'https' 7 | node.default['psf-evote']['title'] = 'PSF E-Vote' 8 | node.default['psf-evote']['subtitle'] = 'Online voting for the Python Software Foundation' 9 | node.default['psf-evote']['author'] = 'elections@python.org' 10 | -------------------------------------------------------------------------------- /data_bags/users/daaray.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "daaray", 3 | "comment": "David Ray ", 4 | "sudo": ["rpi", "psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDAjwyvvD6fojZ47GDqEBR1uN8dEBtGTzyFnQ6rlJT01Lw628PhSY+XwZxG6RfQt2+cFVkYo9cGpHWyGM4hP65Ft1XNkOiXAsa9yoWykOAlqpOEMLEHZ0w5NsDP+uCextuVIEIaBu1pcvKgUlcSJlDhoCUF00DBbkYDpNKRY2f1AN49HdfXB+xGGKnb6xJtb4487fDsE10pGbPRWsvL2w2FzHFwt7a/1rQ03y6sFHZhURSW4jCwBKAvdNazVrL3A/cVXJEBa9Q1LSfvG18ILk8GOVT7gmQLLFOJAeSWK576PjIizBqB1wgIi3sSjCWS22BocONrifqQ9v/URA4E68R dray@caktusgroup.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/julia.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "julia", 3 | "comment": "Julia Elman ", 4 | "sudo": ["rpi", "psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiWIXlDw5EiFGzrZwf3itMBNSKOkP6SyAAq5hzIhrVvrVx2kip5wePD/wJsIy9Ci/Lt0s1qIMx2+aIRf5CC1LLlR6v4rydvrD5PJrIaEJfyWBf73aQdZz4Uj2F46Z9Z+EWjYt7OmPLb2YyzEMI/ULJKiD+LWp76mtupNN3NI0pF0/pJhvtDPsuJnZwZUXoRlZmbZzYo2krDKYKopku7MpaJGinrw1DSkLO23duq9M8iu19otC+sCjmNPBQs9wfhtJ6lbNJrme/P8r8SzUinGhDrIo5D38iLnkKQTOL8GqNYLTNYo5/WlXZp4VQ4YD3txrtOo4z24a4aRuu8lL0So7Z julia@jolly-roger " 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/dpoirier.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "dpoirier", 3 | "comment": "Dan Poirier ", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmFIbg8mdvn7MQajwpBWXdK+utvP7+d0f391Z+v2r79Pam3/9j8VFBH8mioAmp9b2iFL6DZeDOYWOIM5R3U/bIVvJ8/2kZpE+rItJRyuqYQp3ZbOkBTxmv1avRfX4LSaM4uvurtSHK+VFbRXRlSKr7gURM7d7pUXTsuqAuGiJeBRc492RhKsaRf21/7+X8LyUuIWmaGn/CRgn6SBtq1xTilCAlkiRFBbUR++qkHWonfImAeHN6EiIx9fwtvfjtJA8kW49t75io9HoIovA24psyfZZuMFYkiPzDtPDXSm0fhwx0IbAZc2W1iWqYLbrBZM7A3QGyF61JeafxuC+Jzm3Ow== dpoirier@caktusgroup.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/templates/default/nginx-warehouse.conf.erb: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name <%= @domains.join(' ') %>; 4 | 5 | add_header Strict-Transport-Security "max-age=31536000"; 6 | 7 | if ($http_x_forwarded_proto = "http") { 8 | rewrite ^/(.*)$ https://<%= @domains.first %>/$1 permanent; 9 | } 10 | 11 | root <%= @static_root %>; 12 | 13 | try_files /system/maintenance.html $uri $uri/index.html $uri.html @warehouse; 14 | 15 | location @warehouse { 16 | proxy_pass http://unix:<%= @sock %>:; 17 | proxy_set_header Host $http_host; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /cookbooks/haproxy/README.md: -------------------------------------------------------------------------------- 1 | Steps to build this custom HAProxy package: 2 | 3 | 1. sudo aptitude install build-essential libev-dev ruby1.9.1 ruby1.9.1-dev libpcre3-dev libssl-dev 4 | 2. wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev22.tar.gz 5 | 3. tar -xvf haproxy-1.5-dev22.tar.gz 6 | 4. cd haproxy-1.5-dev22 7 | 5. sudo make all install TARGET=linux2628 PREFIX=/usr USE_PCRE=1 USE_STATIC_PCRE=1 USE_OPENSSL=1 8 | 6. sudo gem install fpm 9 | 7. fpm -s dir -t deb -n haproxy -v 1.5-dev22 -C / -d 'libssl1.0.0' -d 'libc6 >= 2.5' /usr/sbin/haproxy /usr/share/man/man1/haproxy.1 /usr/doc/haproxy 10 | -------------------------------------------------------------------------------- /data_bags/users/trevorray.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "trevorray", 3 | "comment": "Trevor Ray ", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCm56PvMfyIiOixO6r9+i3F0g10DMNmXZV8BzWQp/cORj24Q41TgWCZwziKqKkOS6OC6cTBkq5NU7qpRE8qZImfXg/sLEbHnVx0QtIM9ikYy+FUoZun85R5YGWwrwd6WgQh0RIaAT2gaJsyYbBJCb01kq3z5b9gqc/qyF/hmEIgpqV/vi/aJPPULOUN3cbkKt3wm25ysQtr3VsWSzQYn+7Ek+45229oeSdre2Vk3mtI6hQeKwA057WqwMcjCUUU0wdwmLtCAUe0pryhi2LE82YLc9o7v4CRWi0nOMcnhR4guqy6n+CvJs/oo4sfvwbh2ZdN3eXJ7kGJYT7YEE4m7OIZ tray@caktusgroup.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-postgresql/recipes/92.rb: -------------------------------------------------------------------------------- 1 | # Via http://wiki.postgresql.org/wiki/Apt/FAQ#I_want_only_specific_packages_from_this_repository 2 | # Not actually working 3 | # cookbook_file '/etc/apt/preferences.d/pgdg.pref' do 4 | # owner 'root' 5 | # group 'root' 6 | # mode '644' 7 | # source 'pgdg.pref' 8 | # end 9 | 10 | apt_repository 'pgdg' do 11 | uri 'http://apt.postgresql.org/pub/repos/apt/' 12 | arch 'amd64' 13 | distribution 'precise-pgdg' 14 | components ['main'] 15 | key 'http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc' 16 | end 17 | 18 | package 'postgresql-9.2' do 19 | action :upgrade 20 | end 21 | -------------------------------------------------------------------------------- /cookbooks/user/metadata.rb: -------------------------------------------------------------------------------- 1 | maintainer "Fletcher Nichol" 2 | maintainer_email "fnichol@nichol.ca" 3 | license "Apache 2.0" 4 | description "A convenient Chef LWRP to manage user accounts and SSH keys (this is not the opscode users cookbook)" 5 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 | version "0.2.13" 7 | 8 | supports "ubuntu" 9 | supports "debian" 10 | supports "mac_os_x" 11 | supports "suse" 12 | 13 | recipe "user", "This recipe is a no-op and does nothing." 14 | recipe "user::data_bag", "Processes a list of users with data drawn from a data bag." 15 | 16 | depends "sudo" 17 | -------------------------------------------------------------------------------- /cookbooks/haproxy/providers/section.rb: -------------------------------------------------------------------------------- 1 | action :install do 2 | template "#{new_resource.haproxy_resource.config_directory}/conf.d/#{new_resource.name}.cfg" do 3 | source new_resource.source 4 | cookbook new_resource.cookbook || new_resource.cookbook_name.to_s 5 | owner 'root' 6 | group 'root' 7 | mode '644' 8 | variables new_resource.variables 9 | notifies :reload, new_resource.haproxy_resource 10 | end 11 | end 12 | 13 | action :remove do 14 | file "#{new_resource.haproxy_resource.config_directory}/conf.d/#{new_resource.name}.cfg" do 15 | action :delete 16 | notifies :reload, new_resource.haproxy_resource 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /doc/index.rst: -------------------------------------------------------------------------------- 1 | .. psf-infra documentation master file, created by 2 | sphinx-quickstart on Mon Mar 4 00:48:32 2013. 3 | You can adapt this file completely to your liking, but it should at least 4 | contain the root `toctree` directive. 5 | 6 | Welcome! 7 | ===================================== 8 | 9 | Welcome to the Python Infrastructure Team Documentation Index 10 | 11 | 12 | 13 | .. toctree:: 14 | :maxdepth: 2 15 | 16 | services/index 17 | 18 | 19 | 20 | Let's get started 21 | ================== 22 | 23 | * :ref:`genindex` 24 | * :ref:`search` 25 | * :doc:`getting-started` 26 | * :doc:`nodes` 27 | * :doc:`roles` 28 | * :doc:`generating-these-docs` 29 | -------------------------------------------------------------------------------- /roles/README.md: -------------------------------------------------------------------------------- 1 | Create roles here, in either the Role Ruby DSL (.rb) or JSON (.json) files. To install roles on the server, use knife. 2 | 3 | For example, create `roles/base_example.rb`: 4 | 5 | name "base_example" 6 | description "Example base role applied to all nodes." 7 | # List of recipes and roles to apply. Requires Chef 0.8, earlier versions use 'recipes()'. 8 | #run_list() 9 | # Attributes applied if the node doesn't have it set already. 10 | #default_attributes() 11 | # Attributes applied no matter what the node has set already. 12 | #override_attributes() 13 | 14 | Then upload it to the Chef Server: 15 | 16 | knife role from file roles/base_example.rb 17 | -------------------------------------------------------------------------------- /data_bags/users/heimes.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "heimes", 3 | "comment": "Christian Heimes", 4 | "sudo": ["coverity"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkoQQLR4G0G4R96kHapKiiq/KMTexZF9WNpzpZRco++nTWrpUWx1GFr1Iy0FDtnN6RveEtrHWt+wlvMlmuRr598ETrUgEVw9SPZFcfyN5XvT58IXSZPxH3rcVxYdPQQ+JsugMvrnMftufg9zb8TibKUllAVDKPZIpfmhHsVywzwQHdMQ1HVvHD5452RSFjqwiScbASpkH3h0G1TIbVmGz9I3GUP/7sI4RV3VWxrq6fE7BEjZCwABENz4KRdasBOMRm2AN2HTwnFEMY3lcvZ/woy4N45rwjQE/gZozGJ7lRn4E64ddzsnRQiYwXR4gzd4hOVjzBB47+vd/0l0s2bTxX YubiKey 20150326 0xC788C4C1D4550D45 sub 0xD962168DF72F58FC", 7 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu2nk2u9FyQS2VDkJMx1WONXnjy2aMtHDeO/Eai/OCu heimes@hamiller 20150326" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /cookbooks/user/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: user 3 | # Recipe:: default 4 | # 5 | # Copyright 2011, Fletcher Nichol 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | -------------------------------------------------------------------------------- /cookbooks/haproxy/resources/section.rb: -------------------------------------------------------------------------------- 1 | default_action :install 2 | actions :remove 3 | 4 | attribute :name, :name_attribute => true 5 | attribute :haproxy, :kind_of => String, :default => 'haproxy' 6 | attribute :source, :kind_of => String, :required => true 7 | attribute :cookbook, :kind_of => [String, NilClass] 8 | attribute :variables, :kind_of => Hash, :default => {} 9 | 10 | def haproxy_resource 11 | @haproxy_resource ||= resources("haproxy[#{self.haproxy}]") 12 | rescue Chef::Exceptions::ResourceNotFound 13 | known_resources = run_context.resource_collection.select {|res| res.is_a? Chef::Resource::Haproxy} 14 | raise "Unknown HAProxy parent #{self.haproxy.inspect}. Did you mean one of: #{known_resources.join(', ')}" 15 | end 16 | -------------------------------------------------------------------------------- /data_bags/users/jafo.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "jafo", 3 | "comment": "Sean Reifschneider", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAPyIPM0G6XhAPjzo0vsGbhnP8yav14STOh2W7hjH3dVweja7bWmjyfeDdSo3Ld/ZdaGjkhDpgbELmSK8fjHthC3S5Mmvat8cwrdcNMLyCEsbiUDpIzNAGvpp90xwRxd+m0iRwBXCMmPo4LEp5DPkKHxdr+kbG0m6nLexu5ikfFIVAAAAFQD/px7n7s8vQZLBZOGeXGZ2rm7S+wAAAIBXSB5Ls67RYuOYIII7oH2Rs6PZMxvCAd/PMNR3g6W4blc8yXiFkCjmVcdfUNAylk5gyQIE+UVKDxl4p2AQklTAVDRlqVUchQr1GMpl6mN0+SbsINZMuGpCs3ZCikwmGhqbcWOOqdGVH5OTm5hJQG4mFZAGdbasFGp5+N5yZSYLDQAAAIBq5w+VuN/iINGSSJ083ia/qKb80jkoSuJsqajo3t5WzTGKIuvndZRd7w2uJiw+BYm2wm0PPLl0loDO7ATYmVeNOvckgik3PzQOCVim/uNb5L+Vk2RGdhTxiUZnLUvBKT/AAg6uROp5j6sys0+kHmCN5xJ+Iday2YZ0YJVjNxjaZw== jafo@guin.tummy.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/antoine.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "antoine", 3 | "comment": "Antoine Pitrou", 4 | "sudo": ["buildmaster"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAJiwbeZEP4oPxn/mpbcjPIfmyqDRoyut/AAE76coOCKB3BouwYJPns4Osas6NjR3m9TErNrvcFcm2jCXYTxbrIQmnz1oLwxzmjPK36AUpXtqOy5GPdFUJiVe7iqEBslwtaPVGweXrYdv7ZaI7G6m1ZJDh03uqP6HjNIA1y3yeJFDAAAAFQCxc0R9pwTFUnB4HeHJnx0xE1qg3wAAAIAyxftjIkEAghCBeqbc7W5GRHt2AQ6nczrMCn76pc25+2SkbK750Zk5dAZtIiGkvwNBH2sDdKUzccWkKN7LcyW8ChPLLM1VNVHfgwqQEDbopjd7FkLsOwuQGSxpPoZpTPmewmfJxBJN3kNE5MRVYpzihmqCCoNRi4peMBonuevm4QAAAIEAgCRFJydgXmtk3MiGkX2MyU0DAoAmRzUtJtstYLY0ZqdUvd/0fD4JkpIyZu1N7ROYwzsVCAoU/H6gNGuUFY/NcvfKBUBPZ/yYHECTmstJIWY2X1yVSx59s4lJBZzVUgrP++KTLS+F7n6bil5rsmAaUqg/MoxoMJVLhkvdLvyVPZY= antoine.pitrou" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/trent.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "trent", 3 | "comment": "Trent Nelson", 4 | "sudo": ["buildmaster"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAIUOkkcw+6VRaJmXkDoEsRXFkb1z2xKtOAD2RaN7JrbWjPmW/QSxIyB5CMcw3fuvdR5IXjjTcI+plfbAm/f+irA5xxFb0Wm75Vehr3fcUYXxSFXbOWrvMTjP8PGx+Q8V95JZKeyoZ++sppa2JMpcpG9Ai4WjkYeC1q1+zVwfPYgRAAAAFQCLaTYXBaRByL5d6pP9QE7YA1RsnwAAAIB0bJDPVOp3IsPvUNHwAQfAK2g+0V3Fzbu0ZIk2U5+ngZZnumFSEIkInN4pIaiAiv1ArN9dbErnTEQwoVJoqg+swB7jceho+GFQmAO8SrGeV5WPXEDRwEPt/aV9knmS1cbhETcSs5+M16FGXNklCzlIr1jDud7Aipq0Hj0nv+hafQAAAIA+8JA3uX1lDi1o07W5xBkFY0wOURJl4mfdEUMUys24jk5YlyyhECaRMENsbbeQkZYYkBpziwCm1sX0P1biq6I1LCYvkBTj7io76l+zxLsCWcmeiYiTmtL/9Qh3OD0H96fxOZ+fOIZDXze7cWuZBoTd8VooupscCpg28+JJYzaCMg== tnelson@dark.teleri.net" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/jacob.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "jacob", 3 | "comment": "Jacob Kaplan-Moss", 4 | "sudo": ["redesign-staging"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBALyQYE4QhhyJFyM4ic6TOaqxaqYseg+p61P/5oemFnuvhJhse9enA1CG47Jgm4gqssZEKaMjwNKqaJ4h3Bj8QUEZMuAEQ4wj0+uVvJtC03hU2W3LyVu0gDp209qvOpucnb8T8cbxb2RfalH5Ha3BCv2c5IBtvN9xrWESHfmD6kZJAAAAFQDa41XqM/keyrfgX6FieWKTm2n+swAAAIAQdoE21GAI9nEkW5iesrgQZnBZYcjdGmb7oYpRHmjDHL0o1yOCvGCWYLCV4ypo2RDcm7t3RFeRast6V0r/EWUr1rWTSCt0+vdhsLJsoM7gG62ISSI0WqxMN5RvGv5pfREFxLH4UQ1TQMUWlxeoKKkwG2Ex4jVSSNtZVRc5eTCuLwAAAIA/zeN2EioRmFeNRL7rTRZp0AmVIdHJqIPKrNPYybmXlU+Q+nPe7YLWoZSivumvU7cdLHPKFtuB+3VLaQkuujZY/PbW2zwrozJYPN4H+SerJQ7bMtfl+Z75ryXD4kNX4SgvDocrKqpvo7tH/Z/JBkK/PXvOGIOCzwkrqgDj+bJMDg== jacob@jacobian.org" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/lukesneeringer.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "luke", 3 | "comment": "Luke Sneeringer", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAIQh38wqDVGtVxptNBGvfnKyBXLEoVyViTsFVxp22egblMlzvrtjtkEJKS4hgGmrU0Fc2x2nkBq7oACDKL74Pzjyr+2CKCkE3PAoK09Uj3Dx+jEjvtVJFxNFNAywlUPq5dovSdF9nI0/R3ZH3JaSVSUq+XmPyXNwy8HaLGmqVPk1AAAAFQDXcmI5Z/Qng1BliWvRq2bEkIhSBQAAAIBqWspf5HP39WGsR+OLZyQVEQBAen+eUVhSrMt2vf0xEvjMioTV7P2BKUNY+1xICDQvGx508d+MV4eEf6bt3cprBd7ogpKpRIanutGH7rDKYXZkyyNQZGJjxzSF6U9bpZZtOFOw0tuKx4GPryp1mWegZITcUmqZo9OXMLl+8haCnQAAAIBmRM8t/ulFgLfSYwmxarR2OXy8FbZH0rpyOHsyvn2hakub4f/hMZT29kKcXG0umCeXOnbrjmfMKQnhCu2yeHzfbInmwHBzjwvv3JgxlWQ4IJUaur/xBAtjWJlzPYObXgzl8y99bAJGsO6xRuC8LMhAzre/60EffOspXItoAVCQLA==" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/gbrandl.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "gbrandl", 3 | "comment": "Georg Brandl", 4 | "sudo": ["buildmaster", "future-docs"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAJYtc6/8pn0/AgND+D/k2o+fzofXjSavnBAcpbPpUk55bLIJ011JlvOu1olHyFcbhHqmZ0ped1no+0Y2yeuu8N8amQ99WBQwX3HXWUYYhqljTP15U3PbEWjcEl01dEhz3k123MTxJW7Vvt3Y6XsD9M7CDxd/PM1YShfklNn0wdohAAAAFQC7V4y9drTeS6Nurm8dWD0adHrnrQAAAIBzxum3FDzNXIZrqwx7OCrbxQuUI6wwvCDEOHBt4B5S+sVFglSweMbhGKFm1g6NjTD06zOx0qPGKC4IWcBP+hoN63ZpJKsdmi5UzVmrbfWvpLOhgV9I+kDuBU1VXvsazudf1HVqkgNPsWPCZcOYYyQs0jYUxRRANwY1kZsK2soi3QAAAIBpkcmrNwUC/gneUF4tfZeNe3J0MBjZ0rPBwAp31uPLLtEnsdCCP/DagdeGov9zpEuI34a54xKhBDLP2kcFvA911jchGPu76qYWG+JpKJlDWK2yRrOG4DfhdVlOWULy125Ykk1EVYCtzyx2AoVIkspRI6R0dKXewAaWkpI+8BYWdQ== gbrandl@cf.sf.net" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/benjamin.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "benjamin", 3 | "comment": "Benjamin Peterson ", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBANpPWYXUKzXK0wu3YQmUUv/Zh1mrohKiOW9y9k2BBGdkqCAgGF4fT10TuDCJOeb6NAGepVrVaqGgwIiitTQSI2Ak1vBLbkgmoZki0RxnE0HnUnbPBsfOqRFCix69UZfiVru1ou+Abh/HSFlp9WzIXhO/PcSpnQqok2KDP5Lz6xLnAAAAFQDK8g9xhUyxzDi10nODkamckO/x9QAAAIEA0aemLSnMDGPpRSpJohub5x4+mHcFV4+VysgMghOd+IuyoasaKBc4ZB34mMxyfTsL2o08J4WwgvMM7wNlTXn/kFczi+1qJeO4KgA51ZfTnCK2yCMcMA02Yln0CJIIbqt4Tb1WewOTamC7yUIxnvzBScEfE83lgFIwK69Q7IBCm74AAACBALiPwc2RyGh9jbJo5GiGvRKhxHAJotklzesEr88JOaFeJAipVo9lMVuIKFAb3aY/yQPTXtoWaXizk1gW9TYZmJXpFs5aVU2Ar8q8gp6PyU6R0sT+M3dL9HWtAYclVXeq9hX7wW5jgFEuq2QJ7dex8e8tbR7FRGk11nrXuX7he4qk Benjamin Peterson" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-rsnapshot/recipes/postgres.rb: -------------------------------------------------------------------------------- 1 | package 'postgresql-client' 2 | 3 | postgres = data_bag_item('secrets', 'postgres') 4 | postgres.delete('id') 5 | 6 | file '/etc/rsnapshot_postgres_passwords' do 7 | owner 'root' 8 | group 'root' 9 | mode '0600' 10 | content postgres.map{|name, data| "*:*:*:#{data['user']}:#{data['password']}\n"}.join('') 11 | end 12 | 13 | postgres.each do |name, data| 14 | version = if data['hostname'] == 'pg2.osuosl.org' 15 | '9.2' 16 | else 17 | '9.1' 18 | end 19 | rsnapshot_script "postgres-#{name}" do 20 | command "/usr/bin/env PGPASSFILE=/etc/rsnapshot_postgres_passwords /usr/lib/postgresql/#{version}/bin/pg_dump -h #{data['hostname']} -U #{data['user']} -f backup.sql #{data['database']}" 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /data_bags/users/fijal.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "fijal", 3 | "comment": "Maciej Fijalkowski", 4 | "sudo": ["pypy-home", "pypy-codespeed", "python-speed"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAJbByTtD76TRTTxJBFRkfMgHKjhQky/9wq0GZoYvUCWpzL/59H1y7V8SWRmEmHRQBuO+Z5/UBz3poUwHyftYSMA1zUiD5ZlWDoFNeiCb/lmO779IBVb98Pg5zZiN4be1niZozmmoL4IdpwHfIZZMA2Ycdlqww8zE90PEgyPZezPbAAAAFQDdlsczacwXg2HidIa7Tu5nVIzxhQAAAIAdoFDvTP3xfJvv9BbRCG65mn80lRwUjTuXGuPMdR4e/N4zEb96OnZuqJEtzfFF6UWDqNHXcN6k07fo0bqLFg706io+5kTQamnUG7+QQRT4df1Dg6qmMpzh3LHyAZe81DZmdSAJMSbwTqT46G3r2VmOXwo/GJYMf7O/m61bPrXcqAAAAIABmglK3TZCOOzFv6P9H/efeb7EmgVy/NMyjvCYHl6Eb6aB8oOn7YQA6cfh1DE++ax746d5fke5LiCcWtjh4TNf6mDaFORXEtqUK7e6A8r2W/fJ1YgEAdY9Qy81ilJEhVTmYDvAIA4fvpmBdXti2Xq28sAEFJU8DPrFBjGx3VDkTg== fijal@zygmunt" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/frank.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "frank", 3 | "comment": "Frank Wiles", 4 | "sudo": ["pydotorg-staging-web", "pydotorg-prod-web"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAN3K472pNxIi1LIz6VeFYVmsRDhj5Kx7xKpoKVNUBXKZastMQ7rhI/KeRVshhR+q4apR4EbKE9qsyO2632RYzC5W8lc6YKs/lShMBDe2knnyQsaLLguOsrn8+1PusdxPPW91XCINTrKyr3Nwsh5dck8OvzJ9ahCIW0RlZiV3dyM7AAAAFQC/4DxBpn/7d2QVFjf2jL6y3AtgeQAAAIEAva/IdhMV7inBKd1aMBCNdul59eAuZImjAgAY6HNJoh7iFHHx/jZRc9vhk8YfWV0Bu9MIECVN8rbdwrYCvmkDhreTYZ4dLntO7qtHgjeIEX2qZbz+WihmcF8G2XubShJSX1eGsbgl4cNPWbTBf/EzLf++RdfIqSMWuZO6/LQxL8oAAACBALSbnQv/5eQf3hGzXb91tDutWLjx/QvR7UXmJjgvAhSdAbvACLE+hF30XXYXwlwAycPn1G/cYZThMlVZnHZXKscErir0vNKFR922vjfjsTZ2QfNL5RCpggzeMMT8J6s4Mo936vut8nsWUJ69Bwz2Ib4/GPE2NcmAb6iuht2HmqaI frank@mobile.wiles.org" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/stud/README.md: -------------------------------------------------------------------------------- 1 | Steps to build this custom stud package: 2 | 3 | Note that we are using a fork off the bumptech repo, this is for SNI support with wildcards. 4 | See https://github.com/bumptech/stud/pull/126 for details. Make sure you rev the second 5 | component of the version number (2, below) each time. 6 | 7 | 1. sudo aptitude install build-essential git libev-dev ruby1.9.1 ruby1.9.1-dev 8 | 2. git clone https://github.com/firebase/stud.git 9 | 2.5 git checkout ef1745b7bfbac9eee9045ca9d90487c763b21490 10 | 3. Edit Makefile so that PREFIX=/usr 11 | 4. make 12 | 5. sudo make install 13 | 6. sudo gem install fpm 14 | 7. fpm -s dir -t deb -n stud -v 0.3-2-ef1745 -C / -d 'libc6 >= 2.4' -d 'libev4 >= 1:4.04' -d 'libssl1.0.0 >= 1.0.0' /usr/bin/stud /usr/share/man/man8/stud.8 15 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/resources/database.rb: -------------------------------------------------------------------------------- 1 | attribute :name, :name_attribute => true 2 | attribute :dbname, :kind_of => [String, NilClass], :default => false # false used as a sentinel value 3 | attribute :host, :kind_of => String, :required => true 4 | attribute :port, :kind_of => [String, Integer], :default => 5432 5 | attribute :user, :kind_of => [String, NilClass] 6 | attribute :password, :kind_of => [String, NilClass] 7 | 8 | def to_config 9 | config_line = [] 10 | config_line << "dbname=#{self.dbname || self.name}" unless self.dbname.nil? 11 | config_line << "host=#{self.host} port=#{self.port}" 12 | if self.user 13 | config_line << "user=#{self.user}" 14 | config_line << "password=#{self.password}" if self.password 15 | end 16 | config_line.join(' ') 17 | end 18 | -------------------------------------------------------------------------------- /data_bags/users/copelco.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "copelco", 3 | "comment": "Colin Copeland ", 4 | "sudo": ["rpi", "psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAP/dCNcAJED+pBsEwH01E4NU2xrvoB6H5gXkvQHWIKUuMF3MWXgSGhKpgVqLJKh+d0gwuKyI9344HM5dFs4z3E0JhI7Fg4uXIYu1SwuqnxO+D18WLVGt4gCn57JCjLy/c8LJWAHJWFb2v9t4fayC+oBiyEvpjI6VYIJnSvO3D4tjAAAAFQCNzcKi0sehN1Jw+zB6ccMlHt5E6wAAAIEAnW18UHG/O+RIkJazTJ7qFlOb79RS1nnvnHAvtfuiAPIBmeJcKoZkiQzeBYtFereSRHmSug9DsqHK6C5PrP36UMZYhDkqqp5gpJexmokI2kt3AVxJwro7cjy6Tq+0yt+lwqH4JEblybk7yPeRNC1ihnp2CSipC5LP1PydIcgN9/UAAACAeH1OxUzgCfpM06cfKL57gtjIS34ryCdkT2oYfYOANa8vahN2JqxB004o+z2CnQ9DkTqzzf9jUYI/qal19+zYhn8Bd/FdPVp+VTfRpR17fQKuTWrnF7g6jNVN2ltwHo6o99vrCzjHhJHZ2EXOODzAUrACptyfQv/ZCutkjAg44YE= copelco@montgomery.local" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/recipes/pgbouncer.rb: -------------------------------------------------------------------------------- 1 | include_recipe 'pgbouncer' 2 | 3 | database = data_bag_item('secrets', 'postgres') 4 | 5 | directory '/var/run/postgresql' do 6 | owner 'pgbouncer' 7 | end 8 | 9 | pgbouncer_database database['pypi']['database'] do 10 | host database['pypi']['hostname'] 11 | user database['pypi']['user'] 12 | password database['pypi']['password'] 13 | end 14 | 15 | pgbouncer_user database['pypi']['user'] do 16 | password database['pypi']['password'] 17 | end 18 | 19 | pgbouncer_database database['testpypi']['database'] do 20 | host database['testpypi']['hostname'] 21 | user database['testpypi']['user'] 22 | password database['testpypi']['password'] 23 | end 24 | 25 | pgbouncer_user database['testpypi']['user'] do 26 | password database['testpypi']['password'] 27 | end 28 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/templates/default/nginx.conf.erb: -------------------------------------------------------------------------------- 1 | server { 2 | listen <%= @resource.port %>; 3 | server_name <%= @resource.server_name.is_a?(Array) ? @resource.server_name.join(' ') : @resource.server_name %>; 4 | 5 | <% if @resource.ssl %> 6 | return 301 https://$server_name$request_uri; 7 | } 8 | 9 | server { 10 | listen 443 ssl; 11 | server_name <%= @resource.server_name.is_a?(Array) ? @resource.server_name.join(' ') : @resource.server_name %>; 12 | 13 | ssl_certificate <%= @resource.ssl_certificate %>; 14 | ssl_certificate_key <%= @resource.ssl_certificate_key %>; 15 | 16 | add_header Strict-Transport-Security "max-age=31536000" always; 17 | <% end %> 18 | 19 | <% @resource.static_files.each do |url, path| %> 20 | location <%= url %> { 21 | root <%= path %>; 22 | } 23 | <% end %> 24 | } 25 | -------------------------------------------------------------------------------- /cookbooks/psf-evote/templates/default/0.py.erb: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | DEVELOPMENT = <%= @development ? 'True' : 'False' %> 3 | DBURI = '<%= @dburi %>' 4 | EMAIL_SENDER = '<%= @email_sender %>' 5 | EMAIL_SERVER = 'localhost' 6 | EMAIL_LOGIN = None 7 | GMAIL_LOGIN = None 8 | AS_SERVICE = <%= @as_service ? 'True' : 'False' %> 9 | DEBUG_MODE = <%= @debug_mode ? 'True' : 'False' %> 10 | SCHEME = '<%= @scheme %>' 11 | 12 | response.title = '<%= @title %>' 13 | response.subtitle = '<%= @subtitle %>' 14 | 15 | ## read more at http://dev.w3.org/html5/markup/meta.name.html 16 | response.meta.author = '<%= @author %>' 17 | response.meta.description = '<%= @subtitle %>' 18 | response.meta.keywords = '' 19 | response.meta.generator = '' 20 | 21 | ## your http://google.com/analytics id 22 | response.google_analytics_id = None 23 | -------------------------------------------------------------------------------- /data_bags/users/jburch.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "jburch", 3 | "comment": "Jacob Burch", 4 | "sudo": ["pydotorg-staging-web", "pydotorg-prod-web"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDACY8qOdKTC+XJ2NnwQwNhn/2iP1Z16fxjEysGreSyovxokaTtJqignnNAvWVRZ8gOq+Mn1WgwpPtauHLGk5drQoZ4Y+XM6mwcGfWVieW0lzMJ5zeMJg6zcktnNH/nndqHMQRNYIV5eyD5Tk0UUb+2MWJ1cBpoaFmqCabZ7INsivpjqSmZIREFuNkFSH62zUr/LGUWJe//hYkFrRo4iDYAj6Lb+YObSNGkvIIJ1Bf5BFZ8zix7DRgK9W8u1GxhdV6D8csK7MWsauoCTaK+jLujpgj9hwSZV2nwWtkETM298NmSb1Hd94+OLwMhIommWklUN5A8/zuQyWJNcf1rdS5m0ACPfXEt5LvohtI8uMceJmCZVQAW91fP7OVb4rrDtfhHJGK3sgQXCQli6ySfWr2mDwzXKYnfjNImE6omlCWxHMC3kiSQb4+aX+E1z9YfsOx+Z1K+H/zI4sVDI3pLFub9MmKgP5E7JS6tFHPx7UJYq6z6XnkOjMrk39Iz0izKWl9+onWx43jonbhq5sXhC+/0cYP5E/j7T+7DIlZrsI0v+wA222V6ooEIn3SXOC8YukK9mh+rJMQ5k/LwBEY11NCWsQU1M7jltxc8b+ly5SxKnRz4uIj1T+wi9JT5ourXEG3gozhSg/vYI+RbuQoo76hTILxEthlRUZf02pS4t0oT7Q==" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /cookbooks/cron/recipes/test.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: cron 3 | # Recipe:: test 4 | # 5 | # Copyright:: (c) 2012, Opscode, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | include_recipe "cron" 21 | 22 | cron_d "daily-usage-report" do 23 | minute 0 24 | hour 23 25 | command "/srv/app/scripts/daily_report" 26 | user "appuser" 27 | end 28 | -------------------------------------------------------------------------------- /roles/pypi.rb: -------------------------------------------------------------------------------- 1 | name "pypi" 2 | description "Python package index server" 3 | run_list [ 4 | 'recipe[rsyslog::server]', 5 | 'recipe[psf-postgresql::92]', 6 | 'recipe[psf-pypi::pgbouncer]', 7 | 'recipe[psf-pypi::logging]', 8 | 'recipe[psf-pypi::pypi]', 9 | 'recipe[psf-pypi::warehouse]', 10 | 'recipe[psf-pypi]' 11 | ] 12 | override_attributes({ 13 | :warehouse => { 14 | :domains => ["preview-pypi.python.org"], 15 | }, 16 | :pypi => { 17 | :web => { 18 | :database => { 19 | :hostname => "localhost", 20 | }, 21 | }, 22 | }, 23 | :nginx => { 24 | # We disable gzip because of BREACH 25 | :gzip => "off", 26 | }, 27 | :rsyslog => { 28 | :port => 51450, 29 | :user => "root", 30 | :group => "admin", 31 | :log_dir => "/var/log/rsyslog", 32 | :per_host_dir => "%HOSTNAME%", 33 | :high_precision_timestamps => true, 34 | }, 35 | }) 36 | -------------------------------------------------------------------------------- /data_bags/users/lovewell.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "lovewell", 3 | "comment": "Rebecca Lovewell ", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+wCuGhMEXvS1ys+Oox2BvQR+VhyaCr2/KgHTCg7txHTmEYcltyuwVKC0/uTKNFa/VBkgXMWa+6vVQUtDu9O4Yh+rZ0CCEulTwRx6w01oDipvg3SN4i4qbjHYvvA7D4WuXJ1KtKdqYqjxlOBqCbX9yqgvQm/Jntmr1ihKdWp5kKT7YliE47y0ab0kzJoPH4jTrXqKRVldpiJlUhHQbXj1uhSeN1uWYFblj2BivEfO78yR6n9mQRW/EN7CDcDRQJ99sgynEnOxHtpkpAyJZsHjSRgIrB8JUXKhSfSDINttdTNN5Th3vWq+2JdhOwpbgNfd3cJ9csvdTRjg7TfGifLBKmoEHVRg0WF0JR0YiF3YK5yayoJEJ3VeH9AAaXObUprjyiSPQqcF4zg5EY1ojgdPXNWw6gWs8aVjIrqmStQKYDy+G2s6l816hAsfg1Gf6P4ZoEdIelXgpLlzLbphocfmHujkonfN7QCgGWU8k1ABaf8MBzA1Xd5Dnbp/aQ1VCEmVRhY3T3dQp8S/SmFbn6zl27h3THCNFXkzOwpCA6+u2dhhWVgibO4xTU6DA1OCbQpZwcZvVNGGD5nBTHQRABgyU64C7ZtvKg1CHcXqM7ZCWpFZmuw3SVQdl8MK1RuhtjrB25LV5GcB9eY85hiElFlh+utKzJxLkyaU0rJDIw== lovewell@caktus007" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/ncnwoko.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "ncnwoko", 3 | "comment": "NC Nwoko ", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPauOc4l4koOoiwAH+4eDP1r3fAMAA7p45fYdzJX2Rzs2rn3bMA1pJFEOIr9aAhAY8EY+dmpoga0P/nnT1WWfkp5lRjEDHxCz332o81BAqBS9occ0b6l48iHh5itFSw6sBG0iidbMBh8Mf+vfOnwRvCdFfANa+LTDuuQJfiDdq4brrfnUgeyutAzylhSUrizWs6sQQr10uz2L5RjnmL+kc20v9ciFgXVHuSSX3aNj4ViXQVvuHEfUyOwJQwIzqJHbho/0Xh/6/aHcDo8NQ2ygAzf2RCiF3Z147xaFPQq9kF9BF3n1THLvKovP1/qMnOGLaucGsAGQ4vCezAfbgM+/BOIzdIL8jpkEKVmWIR0sR/MjZZT1zIWmnFSnTrb+2farStZo6LtiyuMH0GA4TSrin8Ss91TknjxovGqmpVi2VSO4I6CFy2Nh6dkSlGPtg6wlpi6Hx/qtdkIk2f/Ss8E6cL4FsqEvHXzCqPSaQM7gR+zAx+uLp5H/EQ68TCW+Nzgo/AMXkeUWG9xIt5LcyyInApUFnPbP3AuffdpgI/jyA1sNpZhjR4Ui3aKsBwuEM+CVl14XytjHqQUqBbDZ/Q+Aq7jVYy4wlb0FykeMJShZlP9pM2GlJPBV+jIB5bwLuQYmtiRNOYmMtDIQqsZbkMLtuHEMdKNy46G8V3xfCtLMZqw== nwoko.nc@gmail.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/csmith.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "csmith", 3 | "comment": "Caleb Smith ", 4 | "sudo": ["rpi", "psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgbRroEeB5tgLaU3RsKXu9WkXSDe684F7rPxsZnO3U3EJyz+n5cic2Q9/D8X4HA7qoVEVxa5flDRoAZZu7bOf2vrOgp4I12+Ja1+jg2fkfm5egxvoKXIwP+Fn9MHW8XziWsBzU0PzVmSRmEE0cF3//Naif62vUuwu76KzD0zvUlvuLdAf8qJqeWt09j//fGoGl1JcCC5TMz+MCh5c9n6J3UBC3Iq/xe+/3laZ+wkA7Ge9ZE0v9IECGETxkXcyznWZ8Ajz7S/GVkBsTgRhNaQ9wbZ1MY1m+RZYL5bPaOmrGS2yp3SUzTnhp59GKReIxLyzKjM4fJWAxIqosAcz6x/7r3UYdt0kfVxk/pMigFi3asjuTFWp41LH95mQXGJ3AbS09Z8Fmap7E3gFEIqVVfd5xWAD5+224CesTT1pbBK0F1Zb50612d3Mev2PPUzsWHF878CcIy7jIn8LP5CT4SNHIJsOVrdsnCeT6mP/RZ3vZX2aAqCLSTxHPEhYN+F3QireSN9cZrUQSPvk9XFHXfqpCa8BVs5/PdpKCDS1tgGsu5lg88ZPQKUB3C7oBehHm1cFLTlGufWgCMhs8CUcI5Pv2Ttnl2tCuXcCRTLKNnH7i7PzH7gWvsl5xjFeqYRIRwP7xgSMshNSQEoYfIGUqGkZRHWLJVEvwSON7ioChjfNRBw== csmith@caktus003 " 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /certificates/README.md: -------------------------------------------------------------------------------- 1 | Creating SSL certificates is a common task done in web application infrastructures, so a rake task is provided to generate certificates. These certificates are stored here by the ssl_cert task. 2 | 3 | Configure the values used in the SSL certificate by modifying `config/rake.rb`. 4 | 5 | To generate a certificate set for a new monitoring server, for example: 6 | 7 | rake ssl_cert FQDN=monitoring.example.com 8 | 9 | Once the certificates are generated, copy them into the cookbook(s) where you want to use them. 10 | 11 | cp certificates/monitoring.example.com.* cookbooks/COOKBOOK/files/default 12 | 13 | In the recipe for that cookbook, create a `cookbook_file` resource to configure a resource that puts them in place on the destination server. 14 | 15 | cookbook_file '/etc/apache2/ssl/monitoring.example.com.pem' 16 | owner 'root' 17 | group 'root' 18 | mode 0600 19 | end 20 | -------------------------------------------------------------------------------- /data_bags/users/dchukhin.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "dchukhin", 3 | "comment": "Dmitriy Chukhin ", 4 | "sudo": ["psf-pycon", "psf-pycon-staging"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCyaAGW8HiLvLP9whINKHck0faKwryO++lqA+GYD9G2XZkbsxcBKqU1b3STGn8jXrDjtr4FcKXFGLq8uOS4/FOiCs45TwLOcA4enyTbaPxrZA05Zw5J5hYZ1y4bBvc+GxytAoyySN3MTG7Q2Mb3TgTTl5G/J+d+zGljHBbrjn1Y3xCRPi9ed82bzqdI+6S8kk7kzub++EScjegTfbPhtsyrY4WbZ0Z/hW0Odtt4rXhsktdfLpYTZ3jJs9YapOBFHblRRlZxtc45o5Q2+4B8z8dr1t3jiFqJJdTL5Cnn+DzD/CHiJE/hT8hc4XcHJPjfymMlX2c6AhxN87RcOWHplTGirkNwSnsyquM4fzZPlXpR7aPbTXQNjGrryk95EEkes+/RmdES6QCptGCqGtcmCRFvIYh4v50r7OvyU12GJUmN3HWyDcLMY6JmDvfYzz2ETBeMPWVP++N4IVDzG08WenjA4vTkw2Yvwaodbhe8m0vodqfkNX/ll13wMKf6TAKLFOLc8NfRh4xP936d4xL7pcsGS6LC6pVd6JjJ3CKKHqGcxRuw/00IzFoRRgs+fzIhmXUKbrFtAJbkXaYpV/rfzRc+no3ddWwZ4hK0FaQ5YBU1rfkCBoJzzIWFdJc8dqfbSMwMohHtFZGDhX9seJoo5KZFUbzl0qSD2hJrehGB3k3fQ== dchukhin@gmail.com" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /data_bags/users/dstufft.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "dstufft", 3 | "comment": "Donald Stufft ", 4 | "shell": "/usr/bin/zsh", 5 | "sudo": true, 6 | "ssh_keys": [ 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5md5DAPib7J+uGHanzgQOJ9GwGYAi7RLbG+rB/0NRk8UbUnwzn0JwkqNTXzeomUapO5Z3cOxQ98jzb0k03hGOzhzjIQpaKI1uKxPPquDevf/PwM5ZQaJzlx/8ah76GzJtEQpIIIbw/fofzywv9pZKTBCDL3wBHB94oByQjr0BG9CfjbMZq6FXcBKfo89L56nLQ8cdvxg2tjNJQElva5gL/xnqjpowtQYjA9MPKFmDwJPcrRF2AstBg5Zpkg+8K4JhJltucXTPEva97alK9prshGFY6XLtVD0mtgbwpHFXjFm7cIQYr8XG3pJdtWki0fLg0o3W1YBukQ+reDblT8SnFaDscgF1gStTra5zXfVF5OJaaRFE8zaYuwC01DQT9sN9G4fV4eK8HRbgpObCJcxnCyTs/SYGVhO1PpOiQYmyswGUlV4vU8G3gl3u0D+gkcpHRkdko0HlFbNUt1wKIZWcGLJcKkNWMKGSf1TaciU+6+2A4QVDxtdab8HdjnbuugX9/FckqjZypaUOwl8U4fYc4JbdUQ78PvcQrSQvhRPZB+1KSvm8rwRuBnFWiNlYmThLhGmKDBXegNF8eFRe4dApzv2DyshasHs4tNv46YIox6FdFEw0voRNPqhbTCF3XIdOQvxkHeZRyGGWv4WCTImM5+3GhXrbOQUtB9NjfM7rhQ== donald@stufft.io" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/recipes/backup.rb: -------------------------------------------------------------------------------- 1 | BACKUPS_KEYS = [ 2 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA43FpT4Ig2p8QFo4QjaZ5NVwE7k45wzRPE8jCASiFgtIdcfCF/i/2nSphkapwiJCWFiT66Au48RJRP6HnRwadi0AxlKdun/iWcUPsIMlU6P2EefU4Ol8Vdgg6aTAaKVeLKto5+Z9FXGkd5BCU8QLmm/5F8qsckHmgV0cpeSCdl7rFHXSp4OJE3gTDKPY7rJVIdHZ8NkdV6L63Yd/encXotVddroPS+q92wr5nc/w8g16SpmXuIbwDbkS+sCkZY5N8ByYgq/Vcs1RtCnzvEEWmIwgz6JlZt1l8ISK9hpbNOZUDuWo5mVbGQRx0qCeLoDDWxI7TZRI6/lQbW4f0uwStww==", 3 | ] 4 | 5 | directory "/root/.ssh" do 6 | owner "root" 7 | group "root" 8 | mode "755" 9 | end 10 | 11 | template "/root/.ssh/authorized_keys" do 12 | cookbook "user" 13 | source "authorized_keys.erb" 14 | owner "root" 15 | group "root" 16 | mode "644" 17 | variables :user => "root", :ssh_keys => BACKUPS_KEYS.map{|key| %Q{no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,command="rsync --server --sender -lHogDtpre.i --ignore-errors --numeric-ids --inplace . /" #{key}}} 18 | end 19 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/resources/backup.rb: -------------------------------------------------------------------------------- 1 | default_action :backup 2 | actions :remove 3 | 4 | attribute :directory, :kind_of => String, :name_attribute => true 5 | attribute :options, :kind_of => String, :default => '' 6 | attribute :_exclude, :kind_of => Array, :default => [] 7 | def exclude(*args) 8 | if args.length == 0 9 | self._exclude 10 | else 11 | args.flatten! 12 | self._exclude.push(*args) 13 | end 14 | end 15 | 16 | def full_options 17 | options = self.options.split(',').inject({}) do |pair, memo| 18 | key, val = pair.split('=', 2) 19 | memo[key] = val 20 | memo 21 | end 22 | unless self.exclude.empty? 23 | rsync_long_args = options['rsync_long_args'] || (options['+rsync_long_args'] ||= '') 24 | rsync_long_args << ' ' unless rsync_long_args.empty? 25 | rsync_long_args << self.exclude.map{|path| "--exclude=#{path}"}.join(' ') 26 | end 27 | options.map{|key, val| "#{key}=#{val}"}.join(',') 28 | end 29 | -------------------------------------------------------------------------------- /cookbooks/buildmaster.txt: -------------------------------------------------------------------------------- 1 | apt-get install git 2 | apt-get install python-twisted-web 3 | apt-get install python-twisted-words 4 | apt-get install apache2 5 | apt-get install python-sqlalchemy 6 | apt-get install python-jinja2 7 | apt-get install python-migrate 8 | apt-get install python-setuptools 9 | apt-get install postfix 10 | addgroup --system buildbot 11 | adduser --system --group --shell /bin/bash --home /data/buildbot buildbot 12 | git clone -b pydotorg-0.8.6 git@github.com:loewis/buildbot.git 13 | rsync -avz dinsdale:/data/buildbot/master /data/buildbot 14 | create /etc/apache2/site-available/buildbot 15 | a2dissite 000-default 16 | a2ensite buildbot 17 | a2enmod proxy 18 | a2enmod proxy_http 19 | rsync -avz dinsdale:/data/www/buildbot /data/www 20 | create /home/buildbot/buildbot.sh 21 | python setup.py install --root /home/buildbot/ --install-lib /lib/python --install-scripts /bin 22 | upgrade master.cfg 23 | ./buildbot.sh upgrade-master master 24 | 25 | 26 | -------------------------------------------------------------------------------- /cookbooks/cron/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | cron Cookbook CHANGELOG 2 | ======================= 3 | This file is used to list changes made in each version of the cron cookbook. 4 | 5 | v1.2.8 6 | ------ 7 | ### Bug 8 | - **[COOK-3452](https://tickets.opscode.com/browse/COOK-3452)** - Add support for raspbian platform 9 | 10 | v1.2.6 11 | ------ 12 | ### Improvement 13 | - **[COOK-3005](https://tickets.opscode.com/browse/COOK-3005)** - Remove blankline in template 14 | 15 | v1.2.4 16 | ------ 17 | - [COOK-3058]: simplify conditionals in cron recipe 18 | 19 | v1.2.2 20 | ------ 21 | - [COOK1829] - `cron_d` LWRPtemplate should imply cron cookbook by default 22 | 23 | v1.2.0 24 | ------ 25 | - [COOK-938] - don't default to upgrading cron and fix rhel6 package name 26 | - [COOK-1622] - add LWRP for cron.d files 27 | 28 | v1.0.4 29 | ------ 30 | - [COOK-1514] - Cron cookbook manages wrong service name on SuSE 31 | 32 | v1.0.0 33 | ------ 34 | - [COOK-1124] - add RHEL platform support 35 | -------------------------------------------------------------------------------- /cookbooks/user/Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | require 'rake/testtask' 3 | 4 | Rake::TestTask.new do |t| 5 | t.libs.push "lib" 6 | t.test_files = FileList['test/**/*_spec.rb'] 7 | t.verbose = true 8 | end 9 | 10 | desc "Runs foodcritc linter" 11 | task :foodcritic do 12 | if Gem::Version.new("1.9.2") <= Gem::Version.new(RUBY_VERSION.dup) 13 | sandbox = File.join(File.dirname(__FILE__), %w{tmp foodcritic cookbook}) 14 | prepare_foodcritic_sandbox(sandbox) 15 | 16 | sh "foodcritic --epic-fail any #{File.dirname(sandbox)}" 17 | else 18 | puts "WARN: foodcritic run is skipped as Ruby #{RUBY_VERSION} is < 1.9.2." 19 | end 20 | end 21 | 22 | task :default => 'test' 23 | 24 | private 25 | 26 | def prepare_foodcritic_sandbox(sandbox) 27 | files = %w{*.md *.rb attributes definitions files providers 28 | recipes resources templates} 29 | 30 | rm_rf sandbox 31 | mkdir_p sandbox 32 | cp_r Dir.glob("{#{files.join(',')}}"), sandbox 33 | end 34 | -------------------------------------------------------------------------------- /data_bags/users/mattip.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "mattip", 3 | "comment": "Matti Picus", 4 | "sudo": ["pypy-home", "pypy-codespeed", "python-speed"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4NVQIJX7GvaoNUFEGo+dQvpIGx9aCbuVqT4O3T3GQ/cxrikfIDX9VqGm2w5B/1+EvMf43kfBFzD8nuoByCvN+axmHkW4V54pq9jDEAL1SwheOiQLygj3XbcDgsY4TET3hGIbfEQgtRbLyHFrVG97IrkwJ4i/4fr+vnvzR7Us2teX1IWJwsKuNGzW69hJHGMNuXPawU+JC9dP42EfjrQrkiIuvMWrXQer1uVGx7gPwd3AxtTu3fx1QfiaJ5J74jALsgaOGep1I3Ap+KFLPZDf0PAM56aHbOxnsM1R76JRsCZVgXDwShVi9J2yQogcONXEP8O+BAFv0lP03qjiNs2oz matti@asus", 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzePfoLowdG+U7211Xmi1XJJ9acxLzLSYueJDOpnfx/XciyiFbHaJfU1LDTJwkxDAedZn48w7OmHbMsVhGiHun5uJu4EU3QJN3rMxqDDNqWMwo2f09kMhdSjbCR7BVdBUzLQteUDtcXJ7QdH+6sSFRrECyUkehcp49cwVJ0S0w7GWb31enpfUWEoTNgHsnXpabF7EepiK5iWe0j1cHd0GM3rDpVNc8asjRGESb3L0gG6RU+t9ptEvDqnPuPq3vWf+Fb724F+3uSB2ehjPDZwcWZGli/FSjmjft3+7JhAeSTPAptSg6n0ienqLlE0/pom+6BHtMDurmYIFhCDpvq+rv mattip@tannit" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /data_bags/users/ernestd.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "ernestd", 3 | "comment": "Ernest W. Durbin III ", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF7Cy65krMq6D+YLboaFdqb1auNSG+nrh9IkLL2rBdrpwxhdri1mIBeIAreTBXQXErDf8SfQ6N+S08ZIZxtN5nXK1jnbL69LVhveUdBmSfVcz+djOMQWDGoH5tAIC3ktT/JUQNDZgM11XDAqpp2AM9aVMtsAgtfiaNN5R4vdMjq3dPODWBdQYzKUIBELZKjIDIgSgcaKvg1X8ims6qIcT3vQ9GEHxEV6IY9SoKT4cJ6d3dp2jK7lcBsXOs2Z7dn/TWthHt81Sa29vBpXjmPLplOsStNcnuIsJW5JVfBMgUIfLYH5+mvYADtEiH6JYecc7Rtmk4BWr6gtDSE1JkBnZ9 Ernest@ewd3air.local", 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+mY0dRSTzJnkCeocsYqOKE3A404r+SjNz2dFRppodwSyjN1TQRgI/Te1N3OObqWfBh+f4OllnJihe19++OvcIIug8S7eNxUYh/5oK1OXIr6jgF9x6kT/8lanwZ8+KU09T2b1sKRQPJTDuvVMyxybbmc/zCsPIOGQw+PqY166Ju8Nk3Wmbnzt2F1crCxWkVIlfup8dIOqoqoEzyvwuFrMGVC/IJ9yiqgirIMiuTIDAHG8alB0efQLkEkOeeF5iNprOt8iODWsP9OzJu2+v9LlMQz16MzJJn+59+6lvcsd2J0PDFzGV03aK/rKz1mnat/rSOGoSHQlVDB5SHPtsUTCr ernestd@ewd3mbp.local" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /data_bags/users/benjaminws.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "benjaminws", 3 | "comment": "Benjamin W. Smith ", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcY/+b32IynLZhF/fjBfGjUjGlS1XCaMYKNxPZNekBv0hWteBh185k3A1yAZWRWAgLsvpHpe5Srs3Wxoz+NF51UWHMYVtpPzXEmpcjsqOe96rKrixFSlrYt89iHklW4FdAV3oJbbQpvXb8c6eFD6dantzmHj8FFRg+f5Bb+lsGhLIzxDcjcKJbySGLHHS+SgQvaXMFd1XE+Gs/SXgQxpbWV347BdOETJplA96jVB74bxoIP+GuCImO34VCu4eG+klnhMeY2MscYgmBa3ePjD86qef0StBu9zzruR5s+y4cYQK8h5Xm2+sC6RdZbZaSeQL+yfYXhPhfvEv4v5WT/QDb bsmith@bsmith-laptop", 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1BJUpRtzq1fCntjuNm4YeIDcefBFbkjzFCvN7Zot4UVWpExWqOLJynRYmaAUAFnJNQd5QuXsBIEmC9ySPV0gs+ueX9yg+RLieXcPoym2fMQ7UgmkaJloYgLnWJM3apG0UnGEDRO6Bz4cm+PC5NPfuZlOdYeOmNVKZoOe3via2RABec+hsWRdr2mD7OVL4PUR3AL3IPa9r8WlLhIBG53MkiVU2su8RVnEEyHmc61YQL8sFnI2zt6aSNiFuHvo6sHL3cMsP9XNArOtONZCc3NPvzN9Lh9jCk+JEe47ox/17CxMCOVhn3B9nRh2oGXydYf6LWH2wkhQ5y07dIjULKi9T benjaminws@macbuntu" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/recipes/stud.rb: -------------------------------------------------------------------------------- 1 | directory '/var/lib/stud' do 2 | owner 'root' 3 | group 'root' 4 | mode '700' 5 | end 6 | 7 | domains = %w{pycon.org pythonhosted.org raspberry.io python.org} 8 | 9 | # Force the owner and permissions to be safe 10 | domains.each do |domain| 11 | file "/etc/ssl/private/#{domain}.pem" do 12 | owner 'root' 13 | group 'root' 14 | mode '600' 15 | only_if { ::File.exists?("/etc/ssl/private/#{domain}.pem") } 16 | end 17 | end 18 | 19 | stud 'stud' do 20 | version '0.3-2-ef1745' 21 | pem_file domains.map{|domain| "/etc/ssl/private/#{domain}.pem" } 22 | frontend '[*]:443' 23 | tls false 24 | ssl true 25 | ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5' 26 | prefer_server_ciphers true 27 | user 'nobody' 28 | group 'nogroup' 29 | chroot '/var/lib/stud' 30 | syslog true 31 | write_proxy true 32 | workers 4 33 | backlog 500 34 | end 35 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/recipes/haproxy.rb: -------------------------------------------------------------------------------- 1 | # sysctl "net.ipv4.ip_nonlocal_bind" do 2 | # value 1 3 | # end 4 | 5 | include_recipe 'haproxy' 6 | 7 | haproxy_section 'python' do 8 | source 'haproxy.cfg.erb' 9 | variables({ 10 | :pypi_servers => search(:node, 'roles:pypi AND tags:active'), 11 | :preview_pypi_servers => search(:node, 'roles:pypi AND tags:active'), 12 | :testpypi_servers => search(:node, 'roles:pypi AND tags:active'), 13 | :wiki_servers => search(:node, 'roles:wiki AND tags:active'), 14 | :pypy_home_servers => search(:node, 'roles:pypy-home AND tags:active'), 15 | :preview_servers => search(:node, 'roles:pydotorg-staging-web'), 16 | :pydotorg_servers => search(:node, 'roles:pydotorg-prod-web AND tags:active'), 17 | :raspberry_servers => search(:node, 'roles:rpi'), 18 | :evote_servers => search(:node, 'roles:evote'), 19 | :uspycon_servers => search(:node, 'roles:psf-pycon AND tags:production'), 20 | :uspycon_staging_servers => search(:node, 'roles:psf-pycon-staging'), 21 | }) 22 | end 23 | -------------------------------------------------------------------------------- /cookbooks/cron/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: cron 3 | # Recipe:: default 4 | # 5 | # Copyright 2010-2013, Opscode, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | package 'cron' do 21 | package_name case node['platform_family'] 22 | when 'rhel', 'fedora' 23 | node['platform_version'].to_f >= 6.0 ? 'cronie' : 'vixie-cron' 24 | end 25 | end 26 | 27 | service 'cron' do 28 | service_name 'crond' if platform_family?('rhel', 'fedora') 29 | action [:enable, :start] 30 | end 31 | -------------------------------------------------------------------------------- /config/rake.rb: -------------------------------------------------------------------------------- 1 | # Configure the Rakefile's tasks. 2 | 3 | ### 4 | # Company and SSL Details 5 | # Used with the ssl_cert task. 6 | ### 7 | 8 | # The company name - used for SSL certificates, and in srvious other places 9 | COMPANY_NAME = "Example Com" 10 | 11 | # The Country Name to use for SSL Certificates 12 | SSL_COUNTRY_NAME = "US" 13 | 14 | # The State Name to use for SSL Certificates 15 | SSL_STATE_NAME = "Several" 16 | 17 | # The Locality Name for SSL - typically, the city 18 | SSL_LOCALITY_NAME = "Locality" 19 | 20 | # What department? 21 | SSL_ORGANIZATIONAL_UNIT_NAME = "Operations" 22 | 23 | # The SSL contact email address 24 | SSL_EMAIL_ADDRESS = "ops@example.com" 25 | 26 | # License for new Cookbooks 27 | # Can be :apachev2 or :none 28 | NEW_COOKBOOK_LICENSE = :apachev2 29 | 30 | ### 31 | # Useful Extras (which you probably don't need to change) 32 | ### 33 | 34 | # The top of the repository checkout 35 | TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), "..")) 36 | 37 | # Where to store certificates generated with ssl_cert 38 | CADIR = File.expand_path(File.join(TOPDIR, "certificates")) 39 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/recipes/default.rb: -------------------------------------------------------------------------------- 1 | include_recipe 'mercurial' 2 | 3 | # Temporary workaround because the hg provider computes the target rev 4 | # locally before pulling, so of course it is always the old. The right fix is 5 | # to either always pull (lame) or use the hg API to enumerate hashes on the 6 | # remote server. See http://stackoverflow.com/a/11900786/78722 for the latter. 7 | if ::File.exists?('/srv/pypy.org/shared/cached-copy/.hg') 8 | execute 'hg pull' do 9 | user 'root' 10 | group 'root' 11 | cwd '/srv/pypy.org/shared/cached-copy' 12 | end 13 | 14 | execute 'hg checkout -C extradoc' do 15 | user 'root' 16 | group 'root' 17 | cwd '/srv/pypy.org/shared/cached-copy' 18 | end 19 | end 20 | 21 | application "pypy.org" do 22 | path "/srv/pypy.org" 23 | repository "https://bitbucket.org/pypy/pypy.org" 24 | revision 'tip' 25 | scm_provider Chef::Provider::Mercurial 26 | 27 | nginx_load_balancer do 28 | template "nginx.conf.erb" 29 | server_name [node['fqdn'], 'pypy.org', 'www.pypy.org'] 30 | static_files "/" => "/srv/pypy.org/current" 31 | end 32 | end 33 | -------------------------------------------------------------------------------- /cookbooks/psf-search/templates/default/elasticsearch.conf.erb: -------------------------------------------------------------------------------- 1 | server { 2 | listen <%= node.ipaddress %>:8200; 3 | server_name elasticsearch; 4 | client_max_body_size 50M; 5 | 6 | location / { 7 | 8 | # Deny Nodes Shutdown API 9 | if ($request_filename ~ "_shutdown") { 10 | return 403; 11 | break; 12 | } 13 | 14 | # Pass requests to ElasticSearch 15 | proxy_pass http://127.0.0.1:<%= node.elasticsearch[:http][:port] %>; 16 | proxy_redirect off; 17 | 18 | proxy_set_header X-Real-IP $remote_addr; 19 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 20 | proxy_set_header Host $http_host; 21 | 22 | # For CORS Ajax 23 | proxy_pass_header Access-Control-Allow-Origin; 24 | proxy_pass_header Access-Control-Allow-Methods; 25 | proxy_hide_header Access-Control-Allow-Headers; 26 | add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; 27 | add_header Access-Control-Allow-Credentials true; 28 | 29 | # Authentication 30 | auth_basic "Elasticsearch"; 31 | auth_basic_user_file htpasswd; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /data_bags/users/sheep.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "sheep", 3 | "comment": "Radomir Dopiralski", 4 | "sudo": ["wiki"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAPedoK6QQN1A/vEK1XacvyjwyqCAKPmDoLQqcFKS2SIS+28JAYdKTdCWeBsCfV1X5eP6Flx97hS71DGHl5zRe5oRKTzlC9hbYvrzluEt6RBSdgAFS258QLpmIJx0wY42QCHl+R8hgOiXCazmZYhqZXV4n0ano1xoNaR+gwlz0yrPAAAAFQCQxuffMBiYpT/D9+CAQwEJFkQx1wAAAIEAuTKVLJhZA64MG11xJl32I8whSWPmJs+e0L9cKn+gIaywfqrMyBzuQyP8Ayfxol43ZhF3+v6hSJKqrz28lMC84H4xCI+ZjiNjai9qsZD1Xdv4AfWMwLDtkaOjuKHqueFPoz3+tp3op9OUspRnDbd7tWWSW55SwamGljGvN9jqFcEAAACBALob/qkcsmBPr9J+5wNgTZysMIGwKqmCdPY/dNv9htW6ybvtrQ0rTgRImoqAtztyRFVkNmwhJF8Yi9KM5d8+/yUz37FN4IUhBZ54zroYE0KjfTHd8iXXjVliAfr8R9bM/d1v/Vsb+uLYZqQ7g55Q1+letgAiF9G1Qoe7i8VTJCFc sheep@atos", 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtpcQYFmuI4mnghdgHpkYNE5Gs1oLfmB/cmM4h+8anzNHEVr8tUVJqGRphhTQRRvFVAmxh/akXqiefmLWsANAAqsS80On5tJn2v8y3QyM5xncTrIeU0J7GoMSXnI/FSVkGBO51VvWdwK0K4d7MQQZzRjvZ+wUGRNzqXVJeO3DUIhBLaFL5Rouosn/Q+fSwJW5x02en5zoKXhbhwKd7OllCkKbZXkVkYnRpY7hqAE13yBelbEQFbxQpve7LFbB3Ki4EGJqaoJkcbu2K4OiE83wsyFGF7MlHaPf0n9AjVQKj5QD5a6Tm/CgnJ4R78AxG7qh7OcGfkzSnDVZAHhFhxcXFw== sheep@ghostwheel" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/templates/default/riemann.config.erb: -------------------------------------------------------------------------------- 1 | ; vim: filetype=clojure 2 | 3 | (logging/init :file "/var/log/riemann/riemann.log") 4 | 5 | ; Listen on the local interface over TCP (5555), UDP (5555), and websockets 6 | ; (5556) 7 | (let [host "0.0.0.0"] 8 | (tcp-server :host host) 9 | (udp-server :host host)) 10 | 11 | ; Run a graphite server 12 | (let [host "0.0.0.0"] 13 | (graphite-server :host host)) 14 | 15 | (def graph (graphite {:host "127.0.0.1" :port 2002})) 16 | 17 | (streams graph) 18 | 19 | ; Expire old events from the index every 5 seconds. 20 | (periodically-expire 5) 21 | 22 | ; Keep events in the index for 5 minutes by default. 23 | ; Modified to 1 min to keep the memory down, at least until we need to start taking advantage of it 24 | (let [index (default :ttl 60 (update-index (index)))] 25 | 26 | ; Inbound events will be passed to these streams: 27 | (streams 28 | 29 | ; Index all events immediately. 30 | index 31 | 32 | ; Calculate an overall rate of events. 33 | (with {:metric 1 :host nil :state "ok" :service "events/sec"} 34 | (rate 5 index)) 35 | 36 | ; Log expired events. 37 | (expired 38 | (fn [event] (info "expired" event))) 39 | )) 40 | -------------------------------------------------------------------------------- /data_bags/users/arigo.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "arigo", 3 | "comment": "Armin Rigo ", 4 | "sudo": ["pypy-home", "pypy-codespeed"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAAEBANuQDG+rsSpiGIQGXoo1TgbHzng0sdJrnnyctTjIsDNYuTtVBwKifGoVNyxFT9ZaQnp3j0lQ3ufjbyYvKAkg5aAPfizqJG5Ueo1b0Py1VNZtz0d/sgSRinkxmhUSZE+QPxGSbMe88OQ4Mc+L1uZeahuPjwOssm1A5FMAgfNeOgsgC/PSzoB5VeH5hFPwigYpuxoLrKlYNZdKIHy+f2Ielip4Dqh63/ZSojz0WiDld4n4BIf2Oee5fUmi7zYCc3lEgk+TLptSU0g1VNudlXXcG+HfUUTcBUwE45WK2dK5RFRaSNI3MJKSg8Ed/1tRqX6wONEG00/oOyISMMjW6ywDXJ8AAAAVAO6654MAZFBk1Svq009En+KdRJS/AAABAAqekgndW11XCwS0lN5xZiGwPuYdkJe1yUApxnrRBAFznzqlbJpmdh+MsFmAfAlTUn2grfe8HSHrRASF5WV6YprExmdAyY6YtSi5YXlPfzhuLOFjcOo8vyV5GyyOzfigFotQEZ39kXAkPatDygoAHpB4m0mzDlNhgR+XG10EsH/ptvaXLzk8sf0gP6fj4VkcKkwyvBNnqyoPRPVmuLKbDiMGSMvOJuR7sO0yqRfcZcUN7S7VELaNsB4GTBXLOr2dhuIHADih3woAtSAOSAx+ab5BsVNPJKJhdZfBnAuJvhkcVYQSdqNuJbq9AwoKuvsryJ4RMdL7TtY5pzod6LVfO8YAAAEBALQxvePSQuyD82rYHSlZMn3vdWwC8f2zYBNx8i6aq4vI5QSQfNvhdoPeS97C1F9BOOCWGarA2V5v9XkPqKxyaY5qclrGgcd2PbkCCFykWG/nlev2t+rptC6fHYI63LnrgdCr6he4+PlcQu3Plgd4F+f6I++cv2STtYZ7y4ZuJ7Sgadsz0H7WOjlb0o4BMHXNsI5VCvw8Pd+QU/4dObFg4ttFr46wi1/7z6X6ejMMhCsft9TwuKbDs0ulxDeiFxZZVz+PGl8jMuJ7ACH5PGORRge8qHmcJxMLzt4SjNM6USnXw0RmgEaX52UOPI58Cyr989QBxqpZKDMX1o32Rq22Q8o= arigo@aspic" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /.chef/knife.rb: -------------------------------------------------------------------------------- 1 | # Some sane defaults 2 | log_level :info 3 | log_location STDOUT 4 | node_name ENV["CHEF_USER"] || ENV["USER"] 5 | client_key File.expand_path("~/.chef/#{node_name}.pem") 6 | 7 | # Load a user config file if present 8 | user_config = File.expand_path("~/.chef/knife.rb") 9 | if File.exist?(user_config) 10 | ::Chef::Log.info("Loading user-specific configuration from #{user_config}") if defined?(::Chef) 11 | instance_eval(IO.read(user_config), user_config, 1) 12 | end 13 | 14 | # Project-specific settings, can't be overriden by the user 15 | current_dir = File.dirname(__FILE__) 16 | validation_client_name "psf-validator" 17 | validation_key File.join(current_dir, "psf-validator.pem") 18 | chef_server_url "https://api.opscode.com/organizations/psf" 19 | cache_type "BasicFile" 20 | cache_options :path => File.expand_path("~/.chef/checksums") 21 | cookbook_path File.expand_path("../../cookbooks", __FILE__) 22 | knife[:distro] = 'psf-osu' 23 | 24 | if !File.exists?(validation_key) && defined?(::Chef) 25 | ::Chef::Log.error "validator key not found, you will be unable to bootstrap new nodes. Please contact infrastructure@python.org for a copy if needed" 26 | end 27 | -------------------------------------------------------------------------------- /cookbooks/psf-pycon/templates/default/nginx.conf.erb: -------------------------------------------------------------------------------- 1 | upstream <%= @resource.application.name %> { 2 | <% unless @application_socket.empty? -%> 3 | <% @application_socket.each do |socket_name| -%> 4 | server unix:<%= socket_name %>; 5 | <% end -%> 6 | <% end -%> 7 | <% @hosts.each do |node| %> 8 | server <%= node.is_a?(String) ? node : node.attribute?('cloud') ? node['cloud']['local_ipv4'] : node['ipaddress'] %>:<%= @resource.application_port %>; 9 | <% end %> 10 | } 11 | 12 | server { 13 | listen <%= @resource.port %>; 14 | 15 | if ($http_x_forwarded_proto = "http") { 16 | return 301 https://$http_host$request_uri; 17 | } 18 | 19 | server_name <%= @resource.server_name.is_a?(Array) ? @resource.server_name.join(' ') : @resource.server_name %>; 20 | <% if @resource.ssl %> 21 | ssl on; 22 | ssl_certificate <%= @resource.ssl_certificate %>; 23 | ssl_certificate_key <%= @resource.ssl_certificate_key %>; 24 | <% end %> 25 | <% @resource.static_files.each do |url, path| %> 26 | location <%= url %> { 27 | alias <%= path %>; 28 | } 29 | <% end %> 30 | location /2016 { 31 | client_max_body_size 20M; 32 | proxy_pass http://<%= @resource.application.name %>; 33 | proxy_set_header Host $http_host; 34 | } 35 | rewrite ^/$ /2015/ redirect; 36 | } 37 | -------------------------------------------------------------------------------- /cookbooks/wiki.txt: -------------------------------------------------------------------------------- 1 | Setup of wiki.python.org 2 | ------------------------ 3 | 4 | apt-get install apache2 5 | apt-get install python-moinmoin 6 | apt-get install libapache2-mod-wsgi 7 | apt-get install python-openid 8 | apt-get install python-docutils 9 | apt-get install munin 10 | mkdir -p /data/www 11 | rsync -avz root@dinsdale:/data/moin /data 12 | touch /data/moin/synced (to allow removing modified files) 13 | rsync -avz root@dinsdale:/data/www/wiki /data/www 14 | adduser --system --uid 1071 --home /data/moin --no-create-home --disabled-password moin 15 | addgroup --system --gid 1071 moin 16 | create /etc/apache2/sites-available/wiki 17 | a2ensite wiki 18 | a2dissite 000-default 19 | moin --config-dir=/data/moin/instances --wiki-url=http://wiki.python.org/moin maint cleancache 20 | moin --config-dir=/data/moin/instances --wiki-url=http://wiki.python.org/jython maint cleancache 21 | moin --config-dir=/data/moin/instances --wiki-url=http://wiki.python.org/psf maint cleancache 22 | moin --config-dir=/data/moin/instances --wiki-url=http://wiki.python.org/moin-pycon maint cleancache 23 | drop url_prefix_static modification from farmconfig.py 24 | rsync -avz dinsdale:/data/webstats/wiki /data/webstats 25 | apt-get install webalizer 26 | create /etc/webalizer/wiki.conf 27 | change /etc/logrotate.d/apache2 to daily, rotate 4 28 | 29 | -------------------------------------------------------------------------------- /roles/base.rb: -------------------------------------------------------------------------------- 1 | name "base" 2 | description "Base recipes for all nodes" 3 | run_list [ 4 | "recipe[chef-client::cron]", 5 | "recipe[chef-client::delete_validation]", 6 | "recipe[user::data_bag]", 7 | "recipe[psf-misc::sudo]", 8 | "recipe[psf-misc::backup]", 9 | "recipe[psf-misc::ntp]", 10 | "recipe[psf-misc::ack]", 11 | "recipe[psf-misc::sysstat]", 12 | "recipe[psf-misc::ops-scripts]", 13 | "recipe[ntp]", 14 | "recipe[motd-tail]", 15 | "recipe[zsh]", 16 | "recipe[openssh]", 17 | "recipe[rsnapshot::client]", 18 | "recipe[rsnapshot::backupall]", 19 | "recipe[psf-monitoring::client]", 20 | ] 21 | override_attributes({ 22 | :authorization => { 23 | :sudo => { 24 | :include_sudoers_d => true, 25 | }, 26 | }, 27 | :chef_client => { 28 | :cron => { 29 | :minute => "*/30", 30 | :hour => "*", 31 | } 32 | }, 33 | :ntp => { 34 | :servers => ["time.osuosl.org"], 35 | }, 36 | :openssh => { 37 | :server => { 38 | :password_authentication => "no", 39 | :permit_root_login => "without-password", 40 | :subsystem => "sftp /usr/lib/openssh/sftp-server", 41 | }, 42 | }, 43 | :rsnapshot => { 44 | :client => { 45 | :server_role => "rsnapshot", 46 | }, 47 | }, 48 | :user => { 49 | :ssh_keygen => false, 50 | }, 51 | }) 52 | -------------------------------------------------------------------------------- /cookbooks/user/test/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'chef/resource' 2 | require 'chef/resource' 3 | 4 | module ResourceMixins 5 | def load_resource(cookbook, lrwp) 6 | Chef::Resource.build_from_file(cookbook.to_s, File.expand_path(File.join( 7 | File.dirname(__FILE__), %w{.. resources}, "#{lwrp.to_s}.rb")), nil) 8 | end 9 | 10 | def unload_resource(cookbook, lwrp) 11 | Chef::Resource.send(:remove_const, lwrp_const(cookbook, lwrp)) 12 | end 13 | 14 | def resource_klass(cookbook, lwrp) 15 | Chef::Resource.const_get(lwrp_const(cookbook, lrwp)) 16 | end 17 | 18 | private 19 | 20 | def lwrp_const(cookbook, lwrp) 21 | :"#{cookbook.to_s.capitalize}#{lwrp.to_s.capitalize}" 22 | end 23 | end 24 | 25 | module ProviderMixins 26 | def load_provider(cookbook, lrwp) 27 | Chef::Provider.build_from_file(cookbook.to_s, File.expand_path(File.join( 28 | File.dirname(__FILE__), %w{.. resources}, "#{lwrp.to_s}.rb")), nil) 29 | end 30 | 31 | def unload_provider(cookbook, lwrp) 32 | Chef::Provider.send(:remove_const, lwrp_const(cookbook, lwrp)) 33 | end 34 | 35 | def provider_klass(cookbook, lwrp) 36 | Chef::Provider.const_get(lwrp_const(cookbook, lrwp)) 37 | end 38 | 39 | private 40 | 41 | def lwrp_const(cookbook, lwrp) 42 | :"#{cookbook.to_s.capitalize}#{lwrp.to_s.capitalize}" 43 | end 44 | end 45 | -------------------------------------------------------------------------------- /cookbooks/psf-search/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # Make sure Nginx is installed 2 | include_recipe "nginx" 3 | 4 | secrets = data_bag_item("secrets", "elasticsearch") 5 | 6 | file "#{node['nginx']['dir']}/htpasswd" do 7 | content "#{secrets['username']}:{PLAIN}#{secrets['password']}" 8 | 9 | owner "root" 10 | group "www-data" 11 | mode "640" 12 | 13 | notifies :reload, resources(:service => 'nginx') 14 | end 15 | 16 | template "#{node['nginx']['dir']}/sites-available/elasticsearch.conf" do 17 | source "elasticsearch.conf.erb" 18 | 19 | owner "root" 20 | group "root" 21 | mode "644" 22 | 23 | notifies :reload, resources(:service => 'nginx') 24 | end 25 | 26 | nginx_site "elasticsearch.conf" do 27 | enable true 28 | end 29 | 30 | nginx_site "default" do 31 | enable false 32 | end 33 | 34 | 35 | # Setup the Firewall to disallow ElasticSearch not via Nginx from anything other 36 | # than other ES nodes. 37 | firewall "ufw" do 38 | action :enable 39 | end 40 | 41 | firewall_rule "ssh" do 42 | port 22 43 | action :allow 44 | notifies :enable, 'firewall[ufw]' 45 | end 46 | 47 | firewall_rule "elasticsearch-nginx" do 48 | port 8200 49 | action :allow 50 | end 51 | 52 | firewall_rule "elasticsearch-internal" do 53 | protocol :tcp 54 | port_range 9200..9400 55 | source "192.168.3.0/24" 56 | action :allow 57 | end 58 | -------------------------------------------------------------------------------- /cookbooks/user/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/haproxy/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/psf-misc/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/psf-pypi/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/pypy-home/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/providers/client.rb: -------------------------------------------------------------------------------- 1 | action :install do 2 | group 'rsnapshot' do 3 | system true 4 | end 5 | 6 | user 'rsnapshot' do 7 | comment 'rsnapshot backup service' 8 | gid 'rsnapshot' 9 | system true 10 | shell '/bin/bash' 11 | home '/home/rsnapshot' 12 | supports :manage_home => true 13 | end 14 | 15 | cookbook_file '/usr/local/bin/rsnapshot-rsync.py' do 16 | source 'rsync.py' 17 | owner 'root' 18 | group 'root' 19 | mode '755' 20 | end 21 | 22 | directory '/home/rsnapshot/.ssh' do 23 | owner 'rsnapshot' 24 | group 'rsnapshot' 25 | mode '755' 26 | end 27 | 28 | if new_resource.server_role 29 | server = search(:node, "roles:#{new_resource.server_role}").first 30 | if server 31 | file '/home/rsnapshot/.ssh/authorized_keys' do 32 | owner 'rsnapshot' 33 | group 'rsnapshot' 34 | mode '644' 35 | content %Q{no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,from="#{server['ipaddress']}",command="sudo /usr/local/bin/rsnapshot-rsync.py" #{server['rsnapshot']['server_key']}} 36 | end 37 | else 38 | file '/home/rsnapshot/.ssh/authorized_keys' do 39 | action :delete 40 | end 41 | end 42 | else 43 | file '/home/rsnapshot/.ssh/authorized_keys' do 44 | action :delete 45 | end 46 | end 47 | 48 | sudo new_resource.name do 49 | template 'sudoers.erb' 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /cookbooks/psf-advocacy/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/psf-loadbalancer/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/psf-rsnapshot/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/pypy-codespeed/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/resources/default.rb: -------------------------------------------------------------------------------- 1 | default_action :install 2 | 3 | # Administrative settings 4 | attribute :logfile, :kind_of => String, :default => '/var/log/postgresql/pgbouncer.log' 5 | attribute :pidfile, :kind_of => String, :default => '/var/run/postgresql/pgbouncer.pid' 6 | # Where to wait for clients 7 | attribute :listen_addr, :kind_of => String, :default => '127.0.0.1' 8 | attribute :listen_port, :kind_of => [String, Integer], :default => 5432 9 | attribute :unix_socket_dir, :kind_of => String, :default => '/var/run/postgresql' 10 | # Authentication settings 11 | attribute :auth_type, :equal_to => %w{any trust plain crypt md5}, :default => 'md5' 12 | attribute :auth_file, :kind_of => [String, NilClass], :default => '/etc/pgbouncer/users' 13 | # Users allowed into database 'pgbouncer' 14 | attribute :admin_users, :kind_of => [String, Array, NilClass] 15 | attribute :stats_users, :kind_of => [String, Array, NilClass] 16 | # Pooler personality questions 17 | attribute :pool_mode, :equal_to => %w{session transaction statement}, :default => 'session' 18 | attribute :server_reset_query, :kind_of => [String, NilClass], :default => 'DISCARD ALL;' 19 | attribute :server_check_query, :kind_of => [String, NilClass], :default => 'SELECT 1;' 20 | attribute :server_check_delay, :kind_of => [String, Integer], :default => 10 21 | # Connection limits 22 | attribute :max_client_conn, :kind_of => [String, Integer], :default => 100 23 | attribute :default_pool_size, :kind_of => [String, Integer], :default => 40 24 | -------------------------------------------------------------------------------- /cookbooks/user/resources/account.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: user 3 | # Resource:: account 4 | # 5 | # Author:: Fletcher Nichol 6 | # 7 | # Copyright 2011, Fletcher Nichol 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | 22 | actions :create, :remove, :modify, :manage, :lock, :unlock 23 | 24 | attribute :username, :kind_of => String, :name_attribute => true 25 | attribute :comment, :kind_of => String 26 | attribute :uid, :kind_of => [String,Integer] 27 | attribute :gid, :kind_of => [String,Integer] 28 | attribute :home, :kind_of => String 29 | attribute :shell, :kind_of => String 30 | attribute :password, :kind_of => String 31 | attribute :system_user, :default => false 32 | attribute :manage_home, :default => nil 33 | attribute :create_group, :default => nil 34 | attribute :ssh_keys, :kind_of => [Array,String], :default => [] 35 | attribute :ssh_keygen, :default => nil 36 | 37 | def initialize(*args) 38 | super 39 | @action = :create 40 | end 41 | -------------------------------------------------------------------------------- /cookbooks/user/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: user 3 | # Attributes:: default 4 | # 5 | # Author:: Fletcher Nichol 6 | # 7 | # Copyright 2011, Fletcher Nichol 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | 22 | case platform 23 | when 'debian','ubuntu','redhat','centos','amazon','scientific','fedora','freebsd','suse' 24 | default['user']['home_root'] = "/home" 25 | default['user']['default_shell'] = "/bin/bash" 26 | when 'openbsd' 27 | default['user']['home_root'] = "/home" 28 | default['user']['default_shell'] = "/bin/ksh" 29 | when 'mac_os_x', 'mac_os_x_server' 30 | default['user']['home_root'] = "/Users" 31 | default['user']['default_shell'] = "/bin/bash" 32 | else 33 | default['user']['home_root'] = "/home" 34 | default['user']['default_shell'] = nil 35 | end 36 | 37 | default['user']['manage_home'] = "true" 38 | default['user']['create_user_group'] = "true" 39 | default['user']['ssh_keygen'] = "true" 40 | 41 | default['user']['data_bag'] = "users" 42 | default['user']['lockdown'] = false 43 | -------------------------------------------------------------------------------- /cookbooks/cron/resources/d.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: cron 3 | # Resource:: d 4 | # 5 | # Copyright 2010-2013, Opscode, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | actions :create, :delete 21 | 22 | attribute :name, :kind_of => String, :name_attribute => true 23 | attribute :cookbook, :kind_of => String, :default => "cron" 24 | 25 | attribute :minute, :kind_of => [Integer, String], :default => "*" 26 | attribute :hour, :kind_of => [Integer, String], :default => "*" 27 | attribute :day, :kind_of => [Integer, String], :default => "*" 28 | attribute :month, :kind_of => [Integer, String], :default => "*" 29 | attribute :weekday, :kind_of => [Integer, String], :default => "*" 30 | 31 | attribute :command, :kind_of => String, :required => true 32 | 33 | attribute :user, :kind_of => String, :default => "root" 34 | 35 | attribute :mailto, :kind_of => [String, NilClass] 36 | attribute :path, :kind_of => [String, NilClass] 37 | attribute :home, :kind_of => [String, NilClass] 38 | attribute :shell, :kind_of => [String, NilClass] 39 | 40 | def initialize(*args) 41 | super 42 | @action = :create 43 | end 44 | -------------------------------------------------------------------------------- /cookbooks/cron/providers/d.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: cron 3 | # Provider:: d 4 | # 5 | # Copyright 2010-2013, Opscode, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | action :delete do 21 | file "/etc/cron.d/#{new_resource.name}" do 22 | action :delete 23 | end 24 | end 25 | 26 | action :create do 27 | t = template "/etc/cron.d/#{new_resource.name}" do 28 | cookbook new_resource.cookbook 29 | source "cron.d.erb" 30 | mode "0644" 31 | variables({ 32 | :name => new_resource.name, 33 | 34 | :minute => new_resource.minute, 35 | :hour => new_resource.hour, 36 | :day => new_resource.day, 37 | :month => new_resource.month, 38 | :weekday => new_resource.weekday, 39 | 40 | :command => new_resource.command, 41 | :user => new_resource.user, 42 | 43 | :mailto => new_resource.mailto, 44 | :path => new_resource.path, 45 | :home => new_resource.home, 46 | :shell => new_resource.shell 47 | }) 48 | action :create 49 | end 50 | new_resource.updated_by_last_action(t.updated_by_last_action?) 51 | end 52 | -------------------------------------------------------------------------------- /doc/generating-these-docs.rst: -------------------------------------------------------------------------------- 1 | Generating these docs 2 | ====================== 3 | 4 | The goal of this document is to outline how to generate these documents and 5 | where they land. 6 | 7 | By the end of this you should have a full copy of this documentation. 8 | 9 | Prerequisites 10 | ------------- 11 | 12 | You'll need the python `sphinx` package. 13 | 14 | Your distribution may have a package for this, but you may also be able to 15 | install it with python package tools like so: 16 | 17 | :: 18 | 19 | $ pip install sphinx 20 | 21 | Or with `easy_install`: 22 | 23 | :: 24 | 25 | $ easy_install sphinx 26 | 27 | 28 | Checkout the docs branch 29 | ------------------------ 30 | 31 | :: 32 | 33 | $ git checkout docs 34 | 35 | Generate a local copy of the docs 36 | ---------------------------------- 37 | 38 | This will generate html from our documentation, and place it in 39 | `./doc/_build/html` 40 | 41 | :: 42 | 43 | $ bundle exec rake docs 44 | 45 | Generate a single module of the documentation 46 | ---------------------------------------------- 47 | 48 | Say you want to generate only the node documentation 49 | 50 | :: 51 | 52 | $ bundle exec rake docs:nodes 53 | 54 | Or maybe you want to generate only the html 55 | 56 | :: 57 | 58 | $ bundle exec rake docs:html 59 | 60 | Manually publish this documentation 61 | ------------------------------------ 62 | 63 | Typically our documentation should be automatically generated. Just in case 64 | you want to publish it manually, you can do this. 65 | 66 | :: 67 | 68 | $ bundle exec rake docs:publish 69 | 70 | This will tell readthedocs.org to clone the tip of this repo on github 71 | and build it. 72 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/recipes/server.rb: -------------------------------------------------------------------------------- 1 | chef_gem 'chef-rewind' 2 | require 'chef/rewind' 3 | 4 | include_recipe 'runit' 5 | include_recipe 'riemann::server' 6 | include_recipe 'graphite' 7 | include_recipe 'firewall' 8 | include_recipe 'psf-monitoring::client' 9 | 10 | %w{ruby1.9.3 rubygems}.each do |pkg| 11 | package pkg do 12 | action :upgrade 13 | end 14 | end 15 | 16 | gem_package 'riemann-tools' do 17 | action :install 18 | gem_binary '/usr/bin/gem1.9.3' 19 | end 20 | 21 | template '/etc/riemann/riemann.config' do 22 | source 'riemann.config.erb' 23 | owner 'root' 24 | group 'root' 25 | mode '0644' 26 | notifies :restart, 'service[riemann]' 27 | end 28 | 29 | firewall 'ufw' do 30 | action :enable 31 | end 32 | 33 | firewall_rule 'ssh' do 34 | port 22 35 | protocol :tcp 36 | action :allow 37 | end 38 | 39 | firewall_rule 'http' do 40 | port 80 41 | protocol :tcp 42 | action :allow 43 | end 44 | 45 | firewall_rule 'riemann_our_net' do 46 | port 5555 47 | source '140.211.10.64/26' 48 | direction :in 49 | action :allow 50 | end 51 | 52 | firewall_rule 'graphite_our_net' do 53 | port 2003 54 | source '140.211.10.64/26' 55 | direction :in 56 | action :allow 57 | end 58 | 59 | firewall_rule 'riemann_speed' do 60 | port 5555 61 | source '140.211.15.123/32' 62 | direction :in 63 | action :allow 64 | end 65 | 66 | firewall_rule 'graphite_speed' do 67 | port 2003 68 | source '140.211.15.123/32' 69 | direction :in 70 | action :allow 71 | end 72 | 73 | storage_template = "#{node['graphite']['base_dir']}/conf/storage-schemas.conf" 74 | 75 | rewind :template => storage_template do 76 | source 'storage-schemas.conf.erb' 77 | cookbook_name 'psf-monitoring' 78 | end 79 | -------------------------------------------------------------------------------- /data_bags/users/richard.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "richard", 3 | "comment": "Richard Jones", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBAOBHkGxDowSpIqTioMKmYP8Vu0AXvcLZTsDETOWM4ak6LM8mxjgLWaZ3JoOES+tBJL26ygvugRzZNVfbM5xeN3s8OoYLnsXwJPn3FX9viQ5MSHX2fD9nu6MCNuxWjvhezMHHTWF/Hdop2uFxwizlnectGIwtGwj0s6wue7TZcsxFAAAAFQClEEy3n0dYb0JSHtWH1LA2PgY1LQAAAIAiG1xyHajn9/fRXRvflSltwG0RmIwf1e1Hmw9Fno3SUdWmPvLRWAc7uUSxXiifCRDlvfzhERMw07ra1hTye1GjPMxG144ooF1peCEEIsLBvv9LbsP+9+byR/yHg7TOeNjYpbEZLdaY/EG4T94cLp/y939MPI/+JZV5s1p69+UKPwAAAIEAhbOSvfz4ge03In/asws0YkS1VMranFGCAUKXqckVcEPbCMYxHAA3aEWLvNSXXWgSHl1zcvntfE1spZyHYpfC0Iif+0HE+zOF4TTsybbVHMqsyCd21U7H86CGWo0B5CdG9/zYcgfRx+++fltfr8jSRwGHz8WE1e36K2rEK+MD7ZI= richard@localhost", 7 | "ssh-dss AAAAB3NzaC1kc3MAAACBAO/XIk/r+XOXy3w9+kDPtcoPa+pgtWtKAWVfQtTxBGzrGe9HEHZgvTaoBV0EPkT6WxhycS2SZoOWAG/yYtn7z9BMUrXVITSKXxjkZhQ5KIPLDhJ7GzRKHpRUVQOinIDJLo6AhcVd9LH3fsp3j7pDgTMylmqcTfaCjKTTCZVwo14XAAAAFQCBOydEbfYGOJXWIR8k0SbRJbL57QAAAIEAr3Mez9ACqpM/xraoEofQPZy+gSKq27fj3UuqKd3q9Xp5B21+8j8TU7u0GqpRIVdTGXEV2TJ+KRgAlxyTZKCheSfDRklOa7V3Iu+GZYFRxU2J5sVJ2hmLZX6JIZodBHJsCIZkZtV4/Qv+XBIkvYeFXUktTOlJLGn8dLrbp5/OYesAAACBAMxwv3wmJwabwnIvaFwR0trgSJ36lBOZjRqtxKGK2d2rp7JgGkUsXBbyefvn1H7uvJhT/gsQHLPGbPPt2HkJeQvTgXMhoEZgxDJSeMJeNEKoDVriX0/RO2ttWqXAnsZqD72tP2yIJnPYBB6b7vCKI0GUDO2Y2ADVdEMxNnRytXWc richard@ximinez.python.org", 8 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIhQoc4+cQys7cZdhdzxCYjMN4sm3FKZNOwibX/4nN5ld0xWPVZ0TNByBzZAD8IEHWhyqKCLXNMhzsSoTXuRAD67ayEOEL4YjpNzOarcbdDQcCMN4RwvegK4ToHMCUaPjM/KT2Kg+GfhUdf5AtniqI2NeGOzUYiL3f0AnxCA6E9lcqpG4Vp2Tswtov474w4+Yq4oZmn1vWFq5i91OFr37HeuVwIuSY4FTL0XXGfAoL1n+Ge5vTp5vNv/nqINrykT1raWimhboFGOVg0nn26lAnFZFsCzUv7p/K9oORIb8aTGwDJzSOuEJ+PB4Z9/nC+2zUeRJqpxRKLWgIM5eH33bv rjones@mhs" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /cookbooks/cron/README.md: -------------------------------------------------------------------------------- 1 | cron Cookbook 2 | ============= 3 | Installs the cron package and starts the crond service. 4 | 5 | 6 | Requirements 7 | ------------ 8 | Platforms: 9 | - RHEL family 10 | - Debian family 11 | 12 | 13 | Resources and Providers 14 | ----------------------- 15 | ### `cron_d` 16 | The `cron_d` LWRP can be used to manage files in `/etc/cron.d`. It supports the same interface as Chef's built-in `cron` resource: 17 | 18 | ```ruby 19 | cron_d 'daily-usage-report' do 20 | minute 0 21 | hour 23 22 | command '/srv/app/scripts/daily_report' 23 | user 'appuser' 24 | end 25 | ``` 26 | 27 | #### Attributes 28 | * `minute`, `hour`, `day`, `month`, `weekday` - schedule your cron job. These correspond exactly to their equivalents in the crontab file. All default to "*". 29 | * `command` - the command to run. Required. 30 | * `user` - the user to run as. Defaults to "root". 31 | * `mailto`, `path`, `home`, `shell` - set the corresponding environment variables in the cron.d file. No default. 32 | 33 | 34 | License & Authors 35 | ----------------- 36 | - Author:: Joshua Timberman (joshua@opscode.com) 37 | 38 | ```text 39 | Copyright 2010-2012, Opscode, Inc. 40 | 41 | Licensed under the Apache License, Version 2.0 (the "License"); 42 | you may not use this file except in compliance with the License. 43 | You may obtain a copy of the License at 44 | 45 | http://www.apache.org/licenses/LICENSE-2.0 46 | 47 | Unless required by applicable law or agreed to in writing, software 48 | distributed under the License is distributed on an "AS IS" BASIS, 49 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 50 | See the License for the specific language governing permissions and 51 | limitations under the License. 52 | ``` 53 | -------------------------------------------------------------------------------- /.chef/fake-client.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA3R0sXmkX8B8wFYPCW4mk4o7/p+5IRAz8Jmv6h55wHT+moqrH 3 | 2AtK1SrnEEqpNe6CMAfh+552LgAqE9B0pz6EDmak6FwHPRP5xPCzyOJrb6dcHwyk 4 | 6V6PZ9JwqVsgMrgam4LMhbh3+BaZ7b4vnmMkTh0xiotMEMWx1n6Kr23VESrOEY2E 5 | R9Sf5hgUWlEOcfvT+GZphVuhz5LUhXy/F8T6YbcPnfkh+futYpx5LX6XTeMtRx2T 6 | j9BIN8im0M0wDD20q5gBWIGs4xzJPoRTnHoFtcXW/oMJqJBVE5FAdmgCxQaU0KDI 7 | QTCkKzb6+o/eUWRu0VRL1hGPj4XnuqS1aP33SQIDAQABAoIBACwuUxo+N4lEQhBa 8 | dnBh7W9TkWPVqdznF076DmIg11gQytP/+dSCVR6I5wiLUoozMRI10QK84/JHGCFD 9 | arusMyjJe7PuB4g9wI+IZPQDweHad/7AQQdcXJ0rIFXGnoVj4fUmyoUBmf8ZTQKD 10 | GPK17qApFygOs1E6n1EzkbSB5qv6GVhKGYpDJcQQrZ2zUS2ER1hLKb9RZWkfogB2 11 | 91Wc0ercN2ccSzbwO5RK6dljdfADKipeqMDrbPDH4m0aSa2KmVbLeQYj+NVvfv0G 12 | TjP7Y5EuCSoq3h9ozohkHWA3iedLD7RHhjin0MQniXCfIdpMDbwSAOD6trlQTsOT 13 | XV4UKd0CgYEA/LfFvAjN9vU27NRh3mHLE09uGxwk7CP0HW7FSsjLlAljRI3rxlQn 14 | UfXFP3qGR0j4as+WTm1n26i5WgCIj/udjrckotz4uCddCJS6P1T8kBynfviJFFaL 15 | noAu9jYtm6bHlf0UHx6ScVLMGDISnRfZKGIwKdW9m3QnA36GHKF4jHsCgYEA3/xT 16 | Slc2/FCuwxwdTqlP9MmHhlUiNSRlRsZ3fhJoMhh56NSCr/rDW8lMywEVYFBvPiVT 17 | jzIpSDZeCoqKcMw3dpuzKZbdfQEupffTNFCvsNJi+ad5RzUlL5o7rzegx+kmhQHR 18 | iwuMhIYHvS+8/wqgkFkiMstqYe9nQdcB3DdfagsCgYBxLz14Qdk9SgYXe+d5WgNB 19 | 2slNiwVeXZvvsrTaEaRb4Ph8s7NtWDNkGdcF3zJUqvHXpLGE3qstThv1m1eOZPrj 20 | +FKIPr+GetrIBRSFWOLlCHBcBaQfX8OYcYCW9RzoIYIyQu7IIUElUBfonkSH5y5z 21 | T8aSdhA9l4ABqKEYIZmEEQKBgQCcs5Ep315uo5vAkLjIQZfYr+2Kw6DNAQuBunP6 22 | 1bHj6k/P3m0X5R4r5uc81yM3YM6S8dZFxlgvVynvwgEc7SKYblGn9Q472Enkfz9Z 23 | yGFCGc54zvwAH2RGq2a6LPblJW53e1A4MPo79PERIIbe/3ZZxqIwWzOwFKdu3pdE 24 | k9DDBQKBgQCXgnoFG2RWn7aRm7QB9sSTqsjeZc5LrUbSMYd49A3mKdC5Co19IzL3 25 | 6PPFV1nGt5mx2NdTVg0rRbwkc5/JGskVk0N/xxpmNrgbwrKbLg/+YSS1YbDJ3EsG 26 | 0PZlS4fmelx8Rnz2eyIszrQEdiMpYySlFnIJLWwXjngn7X7UkzKikQ== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /cookbooks/stud/resources/default.rb: -------------------------------------------------------------------------------- 1 | default_action :install 2 | 3 | attribute :name, :name_attribute => true 4 | attribute :version, :kind_of => String, :required => true 5 | attribute :config_template, :kind_of => String 6 | attribute :service_template, :kind_of => String 7 | attribute :frontend, :kind_of => String, :default => '[*]:8443' 8 | attribute :backend, :kind_of => String, :default => '[127.0.0.1]:8000' 9 | attribute :pem_file, :kind_of => [String, Array], :required => true 10 | attribute :tls, :equal_to => [true, false], :default => true 11 | attribute :ssl, :equal_to => [true, false], :default => false 12 | attribute :ciphers, :kind_of => String, :default => '' 13 | attribute :prefer_server_ciphers, :equal_to => [true, false], :default => false 14 | attribute :ssl_engine, :kind_of => String, :default => '' 15 | attribute :workers, :kind_of => Integer, :default => 1 16 | attribute :backlog, :kind_of => Integer, :default => 100 17 | attribute :keepalive, :kind_of => Integer, :default => 3600 18 | attribute :chroot, :kind_of => String, :default => '' 19 | attribute :user, :kind_of => String, :default => '' 20 | attribute :group, :kind_of => String, :default => '' 21 | attribute :quiet, :equal_to => [true, false], :default => false 22 | attribute :syslog, :equal_to => [true, false], :default => false 23 | attribute :syslog_facility, :kind_of => String, :default => 'daemon' 24 | attribute :daemon, :equal_to => [true, false], :default => false 25 | attribute :write_ip, :equal_to => [true, false], :default => false 26 | attribute :write_proxy, :equal_to => [true, false], :default => false 27 | attribute :proxy_proxy, :equal_to => [true, false], :default => false 28 | 29 | def resource_name 30 | if self.name != 'stud' 31 | "stud-#{self.name}" 32 | else 33 | 'stud' 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /cookbooks/psf-debbuild/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # Get our secrets 2 | secrets = data_bag_item("secrets", "debbuild") 3 | 4 | # Put our python-virtualenv package into reprepro 5 | cookbook_file "python-virtualenv_1.10.1-1_all.deb" do 6 | path "/tmp/python-virtualenv_1.10.1-1_all.deb" 7 | action :create_if_missing 8 | end 9 | 10 | reprepro_deb "/tmp/python-virtualenv_1.10.1-1_all.deb" 11 | 12 | # Put our dh-virtualenv package into reprepro 13 | cookbook_file "dh-virtualenv_0.6_all.deb" do 14 | path "/tmp/dh-virtualenv_0.6_all.deb" 15 | action :create_if_missing 16 | end 17 | 18 | reprepro_deb "/tmp/dh-virtualenv_0.6_all.deb" 19 | 20 | # Install Jenkins 21 | jenkins node['jenkins']['server']['home'] 22 | jenkins_plugin "git" 23 | jenkins_plugin "debian-package-builder" 24 | jenkins_plugin "ws-cleanup" 25 | jenkins_plugin "postbuildscript" 26 | 27 | sudo "jenkins" do 28 | user "jenkins" 29 | nopasswd true 30 | end 31 | 32 | # Install git 33 | package "git" 34 | 35 | # Install equivs 36 | package "equivs" 37 | 38 | # Install Twine 39 | python_pip "twine" do 40 | action :upgrade 41 | end 42 | 43 | # Install PyPI Credentials 44 | file "/#{node['jenkins']['server']['home']}/.pypirc" do 45 | owner "jenkins" 46 | group "jenkins" 47 | mode "0600" 48 | 49 | backup false 50 | 51 | content <<-eos 52 | [distutils] 53 | index-servers = 54 | pypi 55 | 56 | [pypi] 57 | repository:https://pypi.python.org/pypi 58 | username:#{secrets['pypi_username']} 59 | password:#{secrets['pypi_password']} 60 | eos 61 | end 62 | 63 | directory "/#{node['jenkins']['server']['home']}/.ssh" do 64 | owner "jenkins" 65 | group "jenkins" 66 | end 67 | 68 | file "/#{node['jenkins']['server']['home']}/.ssh/id_rsa" do 69 | owner "jenkins" 70 | group "jenkins" 71 | mode "0600" 72 | 73 | backup false 74 | 75 | content secrets["ssh_key"] 76 | end 77 | -------------------------------------------------------------------------------- /.chef/bootstrap/psf-osu.erb: -------------------------------------------------------------------------------- 1 | bash -c ' 2 | <%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%> 3 | 4 | exists() { 5 | if command -v $1 &>/dev/null 6 | then 7 | return 0 8 | else 9 | return 1 10 | fi 11 | } 12 | 13 | install_sh="http://opscode.com/chef/install.sh" 14 | version_string="-v <%= chef_version %>" 15 | 16 | cat > /etc/resolv.conf <<'EOP' 17 | nameserver 140.211.166.130 18 | nameserver 140.211.166.131 19 | search psf.osuosl.org python.org osuosl.bak 20 | EOP 21 | 22 | if ! exists /usr/bin/chef-client; then 23 | if exists wget; then 24 | bash <(wget <%= "--proxy=on " if knife_config[:bootstrap_proxy] %> ${install_sh} -O -) ${version_string} 25 | elif exists curl; then 26 | bash <(curl -L <%= "--proxy \"#{knife_config[:bootstrap_proxy]}\" " if knife_config[:bootstrap_proxy] %> ${install_sh}) ${version_string} 27 | else 28 | echo "Neither wget nor curl found. Please install one and try again." >&2 29 | exit 1 30 | fi 31 | fi 32 | 33 | mkdir -p /etc/chef 34 | 35 | awk NF > /etc/chef/validation.pem <<'EOP' 36 | <%= validation_key %> 37 | EOP 38 | chmod 0600 /etc/chef/validation.pem 39 | 40 | <% if @chef_config[:encrypted_data_bag_secret] -%> 41 | awk NF > /etc/chef/encrypted_data_bag_secret <<'EOP' 42 | <%= encrypted_data_bag_secret %> 43 | EOP 44 | chmod 0600 /etc/chef/encrypted_data_bag_secret 45 | <% end -%> 46 | 47 | <%# Generate Ohai Hints -%> 48 | <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> 49 | mkdir -p /etc/chef/ohai/hints 50 | 51 | <% @chef_config[:knife][:hints].each do |name, hash| -%> 52 | cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP' 53 | <%= hash.to_json %> 54 | EOP 55 | <% end -%> 56 | <% end -%> 57 | 58 | cat > /etc/chef/client.rb <<'EOP' 59 | <%= config_content %> 60 | EOP 61 | 62 | cat > /etc/chef/first-boot.json <<'EOP' 63 | <%= first_boot.to_json %> 64 | EOP 65 | 66 | <%= start_chef %>' 67 | -------------------------------------------------------------------------------- /cookbooks/pgbouncer/providers/default.rb: -------------------------------------------------------------------------------- 1 | action :install do 2 | group 'postgres' do 3 | system true 4 | end 5 | 6 | user 'pgbouncer' do 7 | comment 'PgBouncer service' 8 | gid 'postgres' 9 | system true 10 | shell '/bin/false' 11 | home '/var/lib/postgresql' 12 | end 13 | 14 | package 'pgbouncer' do 15 | action :upgrade 16 | end 17 | 18 | execute '/etc/init.d/pgbouncer stop' do 19 | user 'root' 20 | only_if { ::File.exists? '/etc/init.d/pgbouncer' } 21 | end 22 | 23 | file '/etc/default/pgbouncer' do 24 | action :delete 25 | end 26 | 27 | file '/etc/init.d/pgbouncer' do 28 | action :delete 29 | end 30 | 31 | template '/etc/init/pgbouncer.conf' do 32 | source 'upstart.conf.erb' 33 | owner 'root' 34 | group 'root' 35 | mode '644' 36 | variables :pgbouncer => new_resource 37 | notifies :restart, 'service[pgbouncer]' 38 | end 39 | 40 | service 'pgbouncer' do 41 | action :enable 42 | provider Chef::Provider::Service::Upstart 43 | supports :reload => true, :status => true 44 | end 45 | 46 | directory '/etc/pgbouncer' do 47 | owner 'root' 48 | group 'root' 49 | mode '755' 50 | end 51 | 52 | template '/etc/pgbouncer/pgbouncer.ini' do 53 | source 'pgbouncer.ini.erb' 54 | owner 'root' 55 | group 'postgres' 56 | mode '640' 57 | notifies :reload, 'service[pgbouncer]' 58 | variables :pgbouncer => new_resource, :databases => run_context.resource_collection.select {|res| res.is_a? Chef::Resource::PgbouncerDatabase} 59 | end 60 | 61 | template '/etc/pgbouncer/users' do 62 | source 'users.erb' 63 | owner 'root' 64 | group 'postgres' 65 | mode '640' 66 | notifies :reload, 'service[pgbouncer]' 67 | variables :users => run_context.resource_collection.select {|res| res.is_a? Chef::Resource::PgbouncerUser} 68 | end 69 | 70 | service 'pgbouncer' do 71 | action :start 72 | end 73 | end 74 | -------------------------------------------------------------------------------- /hostnames: -------------------------------------------------------------------------------- 1 | speed-python.osuosl.org 140.211.15.123 - base, python-speed 2 | virt-h669vt.psf.osuosl.org 140.211.10.66 - base, loadbalancer 3 | virt-wzmlmm.psf.osuosl.org 140.211.10.67 - base, advocacy # shutdown 4 | virt-gwhg4e.psf.osuosl.org 140.211.10.76 - base, coverity # shutdown 5 | virt-ys0nco.psf.osuosl.org 140.211.10.79 - base, wiki, postfix-relay 6 | virt-et2yi0.psf.osuosl.org 140.211.10.71 - base, buildmaster 7 | virt-wdiwcy.psf.osuosl.org 140.211.10.78 - base, pypy-codespeed # Migrated to DigitalOcean - shutdown. 8 | virt-ozvw2q.psf.osuosl.org 140.211.10.74 - 9 | virt-l4es2w.psf.osuosl.org 140.211.10.77 - 10 | virt-sxw5uy.psf.osuosl.org 140.211.10.70 - base, loadbalancer 11 | virt-k4b2sa.psf.osuosl.org 140.211.10.80 - base, rsnapshot 12 | virt-yfae7i.psf.osuosl.org 140.211.10.68 - 13 | virt-8joqck.psf.osuosl.org 140.211.10.75 - base, rpi 14 | virt-7yvsjn.psf.osuosl.org 140.211.10.72 - 15 | virt-oku3tm.psf.osuosl.org 140.211.10.73 - 16 | virt-sae8wg.psf.osuosl.org 140.211.10.81 - unknown # shutdown 17 | virt-7tac5q.psf.osuosl.org 140.211.10.82 - pypy-home 18 | virt-l99amx.psf.osuosl.org 140.211.10.83 - monitoring 19 | virt-kchn16.psf.osuosl.org 140.211.10.84 - 20 | virt-nsz0jn.psf.osuosl.org 140.211.10.85 - 21 | virt-vm43og.psf.osuosl.org 140.211.10.86 - 22 | virt-2ttcf4.psf.osuosl.org 140.211.10.87 - 23 | virt-tkd3sc.psf.osuosl.org 140.211.10.88 - 24 | virt-byl2f7.psf.osuosl.org 140.211.10.89 - 25 | virt-ak9lsk.psf.osuosl.org 140.211.10.90 - 26 | virt-flqzel.psf.osuosl.org 140.211.10.91 - unknown # shutdown 27 | virt-c2fg44.psf.osuosl.org 140.211.10.92 - 28 | virt-8pjlh8.psf.osuosl.org 140.211.10.93 - 29 | virt-82qt2a.psf.osuosl.org 140.211.10.94 - unknown # shutdown 30 | virt-q0dzqq.psf.osuosl.org 140.211.10.95 - 31 | virt-znzn20.psf.osuosl.org 140.211.10.96 - 32 | virt-ssqrj8.psf.osuosl.org 140.211.10.97 - 33 | virt-f3pu59.psf.osuosl.org 140.211.10.98 - 34 | virt-pa4z19.psf.osuosl.org 140.211.10.99 - 35 | virt-9f03qg.psf.osuosl.org 140.211.10.100 - 36 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/recipes/default.rb: -------------------------------------------------------------------------------- 1 | include_recipe 'apache2' 2 | include_recipe 'apache2::mod_wsgi' 3 | include_recipe 'python' 4 | 5 | python_virtualenv '/srv/moin' do 6 | action :create 7 | owner 'root' 8 | group 'root' 9 | end 10 | 11 | { 12 | 'moin' => '1.9.6', 13 | 'python-openid' => '2.2.5', 14 | 'docutils' => '0.10', 15 | }.each do |name, ver| 16 | python_pip name do 17 | action :upgrade 18 | version ver 19 | virtualenv '/srv/moin' 20 | user 'root' 21 | group 'root' 22 | end 23 | end 24 | 25 | group 'moin' do 26 | system true 27 | end 28 | 29 | user 'moin' do 30 | comment 'MoinMoin service' 31 | gid 'moin' 32 | system true 33 | shell '/bin/bash' 34 | home '/data/moin' 35 | end 36 | 37 | directory '/data' do 38 | owner 'root' 39 | group 'root' 40 | mode '755' 41 | end 42 | 43 | directory '/data/moin' do 44 | owner 'moin' 45 | group 'moin' 46 | mode '755' 47 | end 48 | 49 | directory '/data/www' do 50 | owner 'moin' 51 | group 'moin' 52 | mode '755' 53 | end 54 | 55 | # template "#{node['apache']['dir']}/sites-available/wiki.python.org.conf" do 56 | # source 'wiki.python.org.conf.erb' 57 | # owner 'root' 58 | # group 'root' 59 | # mode '644' 60 | # notifies :reload, 'service[apache2]' 61 | # end 62 | 63 | # apache_site 'wiki.python.org.conf' 64 | # apache_site 'default' do 65 | # enable false 66 | # end 67 | 68 | # template '/srv/moin/moin.wsgi' do 69 | # source 'moin.wsgi.erb' 70 | # owner 'root' 71 | # group 'root' 72 | # mode '644' 73 | # notifies :reload, 'service[apache2]' 74 | # end 75 | 76 | # %w{moin jython psf moin-pycon}.each do |wiki| 77 | # execute "/srv/moin/bin/moin --config-dir=/data/moin/instances --wiki-url=http://wiki.python.org/#{wiki} maint cleancache" do 78 | # action :nothing 79 | # user 'moin' 80 | # group 'moin' 81 | # subscribes :run, 'python_pip[moin]' 82 | # notifies :reload, 'service[apache2]' 83 | # end 84 | # end 85 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/providers/server.rb: -------------------------------------------------------------------------------- 1 | action :install do 2 | package 'rsnapshot' do 3 | action :upgrade 4 | end 5 | 6 | backups = [] 7 | search(:node, 'rsnapshot_backups:*') do |backup_node| 8 | backup_node['rsnapshot_backups'].each do |directory, backup| 9 | next if backup_node.name == node.name # For now just skip self 10 | backup = backup.to_hash 11 | backup['host'] = backup_node['fqdn'] || backup_node['ipaddress'] 12 | backup['directory'] << '/' unless backup['directory'].end_with?('/') 13 | backups << backup if backup['host'] 14 | end 15 | end 16 | 17 | scripts = [] 18 | run_context.resource_collection.each do |res| 19 | if res.is_a? Chef::Resource::RsnapshotScript 20 | scripts << res 21 | end 22 | end 23 | 24 | template "#{new_resource.dir}/rsnapshot.conf" do 25 | source 'rsnapshot.conf.erb' 26 | owner 'root' 27 | group 'root' 28 | mode '400' 29 | variables :server => new_resource, :backups => backups, :scripts => scripts 30 | end 31 | 32 | new_resource.retain.each do |ret| 33 | cron "rsnapshot-#{new_resource.name}-#{ret.name}" do 34 | minute ret.minute 35 | hour ret.hour 36 | day ret.day 37 | month ret.month 38 | weekday ret.weekday 39 | command "/usr/bin/rsnapshot #{ret.name}" 40 | end 41 | end 42 | 43 | # Just in case 44 | directory '/root/.ssh' do 45 | owner 'root' 46 | group 'root' 47 | mode '755' 48 | end 49 | 50 | execute "#{new_resource.name}: generate SSH key" do 51 | command 'ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsnapshot -N ""' 52 | user 'root' 53 | not_if { ::File.exists?('/root/.ssh/id_rsnapshot')} 54 | end 55 | 56 | ruby_block "#{new_resource.name}: read SSH key" do 57 | block do 58 | node.set['rsnapshot']['server_key'] = ::File.new('/root/.ssh/id_rsnapshot.pub').read 59 | end 60 | end 61 | end 62 | 63 | action :remove do 64 | raise 'later' 65 | end 66 | -------------------------------------------------------------------------------- /data_bags/users/loewis.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "loewis", 3 | "comment": "Martin von Löwis", 4 | "sudo": ["advocacy", "wiki", "buildmaster", "pypi"], 5 | "ssh_keys": [ 6 | "ssh-dss AAAAB3NzaC1kc3MAAACBALEQSXDzDyY1PENMiRh7mVZsfJTG34ytr/GLMOhpLrFmsQRglkBdK04hEcd6gDT3+7vEUmHndIdj2RLQCG4OR8XISTrQ2Nmq1aktw+MABkmrp3pnPyKUxI0LC3F3ZKRdTefzIz8JeSVrJ7bzxRPX2ogN5i4vz0F8JZidx9tN5MODAAAAFQC7zsu/+K7W0eYMRXrNvvoX/0dCPwAAAIAwJNCVFKZldb//3yo7KMjrIGZrLwjBjc08E+cEFh0VkREL0TLRnHorwPdmkPKLZd0FjN/NJJLYUtAiX4ty9ZEXg0g9psVydhK9YMP6+gfRDtlrdse4N0PHgLeS4d70S6s9Zhtxdgl8T/vc8PDhzDkvqoD6rOlGbDXXTsm1FmzbigAAAIEApPn5qyxaYBrGXsUzW8Q1tnjIJKVTEZNS54cOgXvnGZkStg+e8Usr5d23Ik2cMs5c28NwifVhw9FREi04kEfbKE5XoiKcBYHAVXwriO1CVDznGuPAJmUVc3frY55Rg16vCXsMvJxNKfVil7mhLTwbgwTN8tZbEj5Tlh/mSRVredQ= martin@mira", 7 | "ssh-dss AAAAB3NzaC1kc3MAAACBANVhIMrbKczF76sU4k73Bhh4qR15psW6stle8Zo+/jY7OBGfwf3m/UaH6QEwfQQka6glIkB062oM4ZtzauS6iQNcmeBuAywRM1jfWQ3SqnWUuAevAKQ5NHJ5lvMUWxrQLZch/SNLkQER83XY0PvRr/TR8jqzdQLTdNoB0ErLElVXAAAAFQCm+TYKtE7/pQpVz6td5n9+pZR1aQAAAIB5Rclk9FBfSe1hJ2lKkRcki/t2m4SyI3pV9WAEV2wqWdz4YTrIKwmEGFAFxBd8ElbnLahPTtWsFSgaAyzRr6/903rjSTlDupg28mhKPWoJ5yypzpgEbqvtERrbQVkSVLrOpGECQIKtdWqQcdINnILjA3Jx/+UbcR6hY+8APDZQ1gAAAIEAgYl2sn4Hs/xzGwevZUq9Cqd+t6UcYnpSwutZoewP/yLGNXGzAu6CjD7UHi8vcYupB1ojVaWNlRNYBANRlpcbO1J4u1mW5Ky5tYOax4ts+sdIET/241qgpFq40KVF2uIFkNUUIdIigUQPUhqy+41IUWU8o2QRXmo8I6Cw7vppJTQ= loewis@kosh", 8 | "ssh-dss AAAAB3NzaC1kc3MAAACBALfLPD0tevBjI5aqbV/B8e+9a13o/CQmBeEc7zFiVJ9/ZRPMmKHmuwczpMwzrA5ABS8Ih/HZ864yG+d1IMcJZW4PSzPw0mMWGadR/rGfeZJA03nG90TNJp0DqQXQ8e5RZif9StBpPJ67qQMY3KeyKveJZU99d5oSfxpWOVxE9QwBAAAAFQCmKEkEf4fXceJisqqTEbQ932hRUwAAAIB6Otm8xZtTb1ZF7JqsD2DjfKiu7vHVx204UG78I3Fj9BwIQx4zK+fSgjI3ZyMfJjAcBekQQKE5uWnD0PsrJO7q80C2HZNzY9da7Ou8bvegltn5cME36Xh2DQEEEVBGNnTCgG0Fj8UVCVnjIjvAOOxx8jpV5LXrfty6uAoy+cs6UwAAAIBBI2qoYRr6/V7BTlVAo9Tpg3tkbbYduC64jfcdfqjJhgc9nWoqWqW4k3lMadWOXhMheXOyfndm+qhVYe1rbboUaD4MyFOGyvG/AVH4PdXdKyMVQncO47hNko7bxTCrplNERjTrWrMdOtR1CuDLfRTBkBgW1h6dhsZZkQm6rUeFNw== loewis@creosote.python.org" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /cookbooks/psf-evote/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: psf-evote 3 | # Recipe:: default 4 | # 5 | # Copyright (C) 2013 Noah Kantrowitz 6 | # 7 | 8 | include_recipe 'git' 9 | include_recipe 'python' 10 | include_recipe 'gunicorn' 11 | include_recipe 'supervisor' 12 | 13 | group 'evote' do 14 | system true 15 | end 16 | 17 | user 'evote' do 18 | comment 'evote service' 19 | gid 'evote' 20 | system true 21 | shell '/bin/false' 22 | home '/srv/evote' 23 | end 24 | 25 | directory '/srv/evote' do 26 | owner 'evote' 27 | group 'evote' 28 | end 29 | 30 | git '/srv/evote/web2py' do 31 | repository 'https://github.com/web2py/web2py.git' 32 | reference 'R-2.5.1' 33 | user 'evote' 34 | end 35 | 36 | %w{welcome examples admin}.each do |app| 37 | directory "/srv/evote/web2py/applications/#{app}" do 38 | action :delete 39 | recursive true 40 | end 41 | end 42 | 43 | git '/srv/evote/web2py/applications/init' do 44 | repository 'https://github.com/mdipierro/evote.git' 45 | reference 'master' 46 | user 'evote' 47 | end 48 | 49 | dburi = if Chef::Config[:solo] 50 | 'sqlite://storage.sqlite' # For local testing 51 | else 52 | db = data_bag_item('secrets', 'postgres')['evote'] 53 | "postgres://#{db['user']}:#{db['password']}@#{db['hostname']}/#{db['database']}" 54 | end 55 | 56 | template '/srv/evote/web2py/applications/init/models/0.py' do 57 | source '0.py.erb' 58 | owner 'evote' 59 | group 'evote' 60 | mode '644' 61 | variables node['psf-evote'].merge(:dburi => dburi) 62 | end 63 | 64 | python_pip 'rsa' 65 | 66 | supervisor_service 'evote' do 67 | command 'gunicorn -b 0.0.0.0 -w 4 wsgihandler' 68 | autostart true 69 | user 'evote' 70 | directory '/srv/evote/web2py' 71 | subscribes :restart, 'template[/srv/evote/web2py/applications/init/models/0.py]' 72 | end 73 | 74 | cron 'expire_evote_sessions' do 75 | minute 0 76 | command 'cd /srv/evote/web2py && python web2py.py -S init -M -R scripts/sessions2trash.py -A -o' 77 | user 'evote' 78 | end 79 | -------------------------------------------------------------------------------- /cookbooks/user/test/resources/account_spec.rb: -------------------------------------------------------------------------------- 1 | require 'minitest/autorun' 2 | require File.expand_path(File.join(File.dirname(__FILE__), '../spec_helper')) 3 | 4 | describe 'Chef::Resource::UserAccount' do 5 | include ResourceMixins 6 | 7 | let(:cookbook) { :user } 8 | let(:lwrp) { :account } 9 | 10 | before { @it = load_resource(cookbook, lwrp).new("fuzzybear") } 11 | after { unload_resource(cookbook, lwrp) } 12 | 13 | it "sets the name attribute to username attr" do 14 | @it.username.must_equal "fuzzybear" 15 | end 16 | 17 | %w{uid gid}.each do |attr| 18 | it "takes a String value for #{attr} attr" do 19 | @it.send(attr, "666") 20 | @it.send(attr).must_equal "666" 21 | end 22 | 23 | it "takes an Integer value for #{attr} attr" do 24 | @it.send(attr, 777) 25 | @it.send(attr).must_equal 777 26 | end 27 | end 28 | 29 | %w{comment home shell password}.each do |attr| 30 | it "takes a String value for #{attr} attr" do 31 | @it.send(attr, "goop") 32 | @it.send(attr).must_equal "goop" 33 | end 34 | end 35 | 36 | it "takes a Boolean value for system_user attr" do 37 | @it.system_user true 38 | @it.system_user.must_equal true 39 | end 40 | 41 | it "defaults to false for system_user attr" do 42 | @it.system_user.must_equal false 43 | end 44 | 45 | %w{manage_home create_group ssh_keygen}.each do |attr| 46 | it "takes a truthy value for #{attr} attr" do 47 | @it.send(attr, true) 48 | @it.send(attr).must_equal true 49 | end 50 | 51 | it "defaults to nil for #{attr} attr" do 52 | @it.send(attr).must_be_nil 53 | end 54 | end 55 | 56 | it "takes a String value for ssh_keys attr" do 57 | @it.ssh_keys "mykey" 58 | @it.ssh_keys.must_equal "mykey" 59 | end 60 | 61 | it "takes an Array value for ssh_keys attr" do 62 | @it.ssh_keys ["a", "b"] 63 | @it.ssh_keys.must_equal ["a", "b"] 64 | end 65 | 66 | it "defaults to an empty Array for ssh_keys attr" do 67 | @it.ssh_keys.must_equal [] 68 | end 69 | end 70 | -------------------------------------------------------------------------------- /data_bags/README.md: -------------------------------------------------------------------------------- 1 | Data Bags 2 | --------- 3 | 4 | This directory contains directories of the various data bags you create for your infrastructure. Each subdirectory corresponds to a data bag on the Chef Server, and contains JSON files of the items that go in the bag. 5 | 6 | First, create a directory for the data bag. 7 | 8 | mkdir data_bags/BAG 9 | 10 | Then create the JSON files for items that will go into that bag. 11 | 12 | $EDITOR data_bags/BAG/ITEM.json 13 | 14 | The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM". For example, 15 | 16 | { 17 | "id": "foo" 18 | } 19 | 20 | Next, create the data bag on the Chef Server. 21 | 22 | knife data bag create BAG 23 | 24 | Then upload the items in the data bag's directory to the Chef Server. 25 | 26 | knife data bag from file BAG ITEM.json 27 | 28 | 29 | Encrypted Data Bags 30 | ------------------- 31 | 32 | Added in Chef 0.10, encrypted data bags allow you to encrypt the contents of your data bags. The content of attributes will no longer be searchable. To use encrypted data bags, first you must have or create a secret key. 33 | 34 | openssl rand -base64 512 > secret_key 35 | 36 | You may use this secret_key to add items to a data bag during a create. 37 | 38 | knife data bag create --secret-file secret_key passwords mysql 39 | 40 | You may also use it when adding ITEMs from files, 41 | 42 | knife data bag create passwords 43 | knife data bag from file passwords data_bags/passwords/mysql.json --secret-file secret_key 44 | 45 | The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM" and the contents will be encrypted when uploaded. For example, 46 | 47 | { 48 | "id": "mysql", 49 | "password": "abc123" 50 | } 51 | 52 | Without the secret_key, the contents are encrypted. 53 | 54 | knife data bag show passwords mysql 55 | id: mysql 56 | password: 2I0XUUve1TXEojEyeGsjhw== 57 | 58 | Use the secret_key to view the contents. 59 | 60 | knife data bag show passwords mysql --secret-file secret_key 61 | id: mysql 62 | password: abc123 63 | 64 | -------------------------------------------------------------------------------- /cookbooks/stud/providers/default.rb: -------------------------------------------------------------------------------- 1 | action :install do 2 | # Quickie argument validation 3 | write_count = [new_resource.write_ip, new_resource.write_proxy, new_resource.proxy_proxy].count{|val| val} 4 | raise 'At most one of write-ip, write-proxy, and proxy-proxy can be enabled' if write_count > 1 5 | raise "Certificate #{new_resource.pem_file} not found" unless new_resource.pem_file.is_a?(Array) ? new_resource.pem_file.all?{|path| ::File.exists?(path)} : ::File.exists?(new_resource.pem_file) 6 | 7 | package_file_name = "stud_#{new_resource.version}_amd64.deb" 8 | 9 | package 'libev4' do 10 | action :upgrade 11 | end 12 | 13 | cookbook_file "#{Chef::Config[:file_cache_path]}/#{package_file_name}" do 14 | source package_file_name 15 | cookbook 'stud' 16 | owner 'root' 17 | group 'root' 18 | mode '644' 19 | end 20 | 21 | dpkg_package 'stud' do 22 | source "#{Chef::Config[:file_cache_path]}/#{package_file_name}" 23 | version new_resource.version 24 | end 25 | 26 | template "/etc/init/#{new_resource.resource_name}.conf" do 27 | source new_resource.service_template || 'upstart.conf.erb' 28 | cookbook new_resource.service_template ? new_resource.cookbook_name.to_s : 'stud' 29 | owner 'root' 30 | group 'root' 31 | mode '644' 32 | variables :stud => new_resource 33 | notifies :restart, "service[#{new_resource.resource_name}]" 34 | end 35 | 36 | service new_resource.resource_name do 37 | action :enable 38 | provider Chef::Provider::Service::Upstart 39 | supports :status => true 40 | end 41 | 42 | directory '/etc/stud' do 43 | owner 'root' 44 | group 'root' 45 | mode '755' 46 | end 47 | 48 | template "/etc/stud/#{new_resource.name}.conf" do 49 | source new_resource.config_template || 'stud.conf.erb' 50 | cookbook new_resource.config_template ? new_resource.cookbook_name.to_s : 'stud' 51 | owner 'root' 52 | group 'root' 53 | mode '644' 54 | variables :stud => new_resource 55 | notifies :restart, "service[#{new_resource.resource_name}]" 56 | end 57 | 58 | service new_resource.resource_name do 59 | action :start 60 | end 61 | end 62 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/templates/default/moin.wsgi.erb: -------------------------------------------------------------------------------- 1 | # -*- coding: iso-8859-1 -*- 2 | """ 3 | MoinMoin - mod_wsgi driver script 4 | 5 | To use this, add those statements to your Apache's VirtualHost definition: 6 | 7 | # you will invoke your moin wiki at the root url, like http://servername/FrontPage: 8 | WSGIScriptAlias / /some/path/moin.wsgi 9 | 10 | # create some wsgi daemons - use someuser.somegroup same as your data_dir: 11 | WSGIDaemonProcess daemonname user=someuser group=somegroup processes=5 threads=10 maximum-requests=1000 umask=0007 12 | 13 | # use the daemons we defined above to process requests! 14 | WSGIProcessGroup daemonname 15 | 16 | @copyright: 2008 by MoinMoin:ThomasWaldmann 17 | @license: GNU GPL, see COPYING for details. 18 | """ 19 | 20 | import sys, os 21 | 22 | # a) Configuration of Python's code search path 23 | # If you already have set up the PYTHONPATH environment variable for the 24 | # stuff you see below, you don't need to do a1) and a2). 25 | 26 | # a1) Path of the directory where the MoinMoin code package is located. 27 | # Needed if you installed with --prefix=PREFIX or you didn't use setup.py. 28 | #sys.path.insert(0, 'PREFIX/lib/python2.3/site-packages') 29 | 30 | # a2) Path of the directory where wikiconfig.py / farmconfig.py is located. 31 | # See wiki/config/... for some sample config files. 32 | #sys.path.insert(0, '/path/to/wikiconfigdir') 33 | sys.path.insert(0, '/data/moin/instances') 34 | 35 | # b) Configuration of moin's logging 36 | # If you have set up MOINLOGGINGCONF environment variable, you don't need this! 37 | # You also don't need this if you are happy with the builtin defaults. 38 | # See wiki/config/logging/... for some sample config files. 39 | #from MoinMoin import log 40 | #log.load_config('/path/to/logging_configuration_file') 41 | 42 | from MoinMoin.web.serving import make_application 43 | 44 | # Creating the WSGI application 45 | # use shared=True to have moin serve the builtin static docs 46 | # use shared=False to not have moin serve static docs 47 | # use shared='/my/path/to/htdocs' to serve static docs from that path 48 | application = make_application(shared=True) 49 | -------------------------------------------------------------------------------- /cookbooks/psf-moin/templates/default/wiki.python.org.conf.erb: -------------------------------------------------------------------------------- 1 | 2 | ServerAdmin webmaster@python.org 3 | ServerName wiki.jython.org 4 | RedirectMatch /(.*) http://wiki.python.org/jython/$1 5 | 6 | 7 | 8 | ServerAdmin webmaster@python.org 9 | DocumentRoot /data/www/wiki 10 | ServerName wiki.python.org 11 | 12 | CustomLog /var/log/apache2/wiki.access.log combined 13 | ErrorLog /var/log/apache2/wiki.error.log 14 | 15 | Alias /wiki/python /data/moin/europython 16 | Alias /wiki /srv/moin/lib/python2.7/site-packages/MoinMoin/web/static/htdocs 17 | Alias /pics /data/www/wiki/pics 18 | Alias /europython /data/moin/europython 19 | Alias /common /srv/moin/lib/python2.7/site-packages/MoinMoin/web/static/htdocs/common 20 | 21 | WSGIDaemonProcess moin processes=4 maximum-requests=1000 display-name=wsgi-moin user=moin group=moin python-path=/srv/moin/lib/python2.7/site-packages 22 | WSGIProcessGroup moin 23 | 24 | WSGIScriptAlias /moin /srv/moin/moin.wsgi 25 | WSGIScriptAlias /psf /srv/moin/moin.wsgi 26 | WSGIScriptAlias /moin-pycon /srv/moin/moin.wsgi 27 | 28 | AuthName "PyCon Committee Wiki" 29 | AuthType Basic 30 | AuthUserFile /etc/apache2/moin-pycon.pass 31 | require valid-user 32 | 33 | 34 | WSGIScriptAlias /jython /srv/moin/moin.wsgi 35 | 36 | # Spammers 37 | # deny from xxx.xxx.xxx.xxx 38 | deny from 112.201.71.118 39 | deny from 121.96.204.167 40 | deny from 122.3.171.14 41 | deny from 180.190.160.34 42 | deny from 180.190.162.72 43 | deny from 180.190.163.120 44 | deny from 180.190.168.213 45 | deny from 180.190.195.208 46 | deny from 180.190.198.63 47 | deny from 180.190.207.172 48 | deny from 180.190.213.117 49 | deny from 180.190.214.241 50 | deny from 180.190.217.230 51 | deny from 180.190.220.191 52 | deny from 180.190.222.65 53 | deny from 180.190.235.252 54 | deny from 203.177.74.140 55 | deny from 222.127.169.83 56 | deny from 58.71.32.78 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /cookbooks/psf-monitoring/templates/default/graphite-vhost.conf.erb: -------------------------------------------------------------------------------- 1 | # Graphite Apache Virtual Host 2 | # 3 | # Generated by Chef 4 | NameVirtualHost *:<%= node['graphite']['listen_port'] %> 5 | 6 | # You may need to manually edit this file to fit your needs. 7 | > 8 | ServerName <%= node['graphite']['url'] %> 9 | <% unless node['graphite']['url_aliases'].empty? %> 10 | ServerAlias <%= [node['graphite']['url_aliases']].flatten.compact.join(" ") %> 11 | <% end %> 12 | DocumentRoot "<%= node['graphite']['doc_root'] %>" 13 | ErrorLog <%= node['graphite']['storage_dir'] %>/log/webapp/error.log 14 | CustomLog <%= node['graphite']['storage_dir'] %>/log/webapp/access.log common 15 | 16 | 17 | SetHandler python-program 18 | PythonPath "['<%= node['graphite']['doc_root'] %>'] + sys.path" 19 | PythonHandler django.core.handlers.modpython 20 | SetEnv DJANGO_SETTINGS_MODULE graphite.settings 21 | PythonDebug Off 22 | PythonAutoReload Off 23 | <% if node['graphite']['basic_auth'] -%> 24 | Require valid-user 25 | Order allow,deny 26 | Allow from all 27 | AuthType Basic 28 | AuthName "Graphite Stats" 29 | AuthBasicProvider file 30 | AuthUserFile <%= node['graphite']['basic_auth']['user_file'] %> 31 | <% end %> 32 | 33 | 34 | 35 | SetHandler None 36 | 37 | 38 | 39 | SetHandler None 40 | 41 | 42 | <% if node['recipes'].include? "ganglia::web" -%> 43 | 44 | SetHandler None 45 | 46 | <% end -%> 47 | 48 | # NOTE: In order for the django admin site media to work you 49 | # must change @DJANGO_ROOT@ to be the path to your django 50 | # installation, which is probably something like: 51 | # /usr/lib/python2.6/site-packages/django 52 | Alias /media/ "<%= node['graphite']['django_root'] %>/contrib/admin/media/" 53 | 54 | 55 | -------------------------------------------------------------------------------- /data_bags/users/pablogsal.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "pablogsal", 3 | "comment": "Pablo Galindo", 4 | "sudo": ["buildmaster", "python-speed"], 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRdlgbkLHE0xBQ1Lu+fyj5aK0ftjUCn8EMJ0FoAmRg7s6i5fNN9zEBYJhNEqgz0MnIzx42QtOQkr1SH2vsOkiWOUvVA+eCjvEIuPAthxR+InxkqOatDb+gKzCquxXXFobg7YPxWIodYFJ2LiCThol3TVCsUkEMftCSTAfrzUWIFsO+kCYLvmw4yD9buuE2LJjcdk59WpeF688chhhI6EE0DIRmERjVPWVxQpCoTHsab0wz50BjjBPucP6ydrH1+CmrHWENy+MtU5GYaIKrwRWVinmaIDR2pkTc15xLx+HiXqvFpNugHY25Mqtrn1OqEOncEC3VjDNLz9l+37ecUxkfVj1KoaChqbzbFkKzbGKZMvXkh5VXDXTGZbvcQojl/nBr9/wcB5Ar8hHVIoor0smldSP19G47+kwsWFC38UwVlnAlYkGmnTO7/++H7bDc6viztDf/1CH0y5+ek/mf2serTBYytYnfMUvRhPkteJQTV22cLHjVsIYcCaNFWc4DtmqZI6xAz9Lo1VkNr4H5SHfPbaQ895NNOmt6Ngt8YK/Ko19DDxqOCqsV24yik917y2YdMNsd6W2aF82nRNuDcRtrDs+FQFSSpxPsUtshxJpTnekQv0AVJM/r+mvbTFotAguaC/yid5IsWjAs+IZ0a6TH30M1hxFw/NtuDlxsLivZqw==", 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC34fbzw9gfpohw0zAAyPGkWe4PbZ88p2WJJN/trAoorrHrbEEPhyDyfwEhCQezp2p3vXck/y00YayvamsYFTIppNgjlwf8coezJ8O5yYBVNGkUm7V9L270M9rLks60OvZjys2p9vCRqApagdG8Nb8H91Y48R1dnYA+ewpqhT7+5AAv9muenRPnrc12rbWQC/tiVk6Zn0NHj0UWnbQZtFWoUIZ1PMdPo7wFaxGsKqVVvN6M2Bclv9FiJzNie4x4ENejqLGOJY+S/w8aVcWgK4URaEX1j13wt+4hPDKLvyPeYrLz0CIadcE6OIxtCjNNgaCFW6f0ETQUOlraTs7ybNYKkIiSU36myiV0NzQxGPXK6VUvNxyfmb/fTzbMjZBYxkKVPOFN2YbCOMoI3WOOZqWbnqiNUVXEUHbvB4L6KP+/EP0oq+oDBqKd5lXVaNoLiJBXCa14dF5N3nIeGlaq5isf5j1xsDgEFNAwLpeEVt3yoNUMUBO05cN/veRHv/quYxwES9Lg2wiaUTvEpfDQxLi99p/9jrepEHgkh61OyiUWAJE8ZCr6/MzaMO4RYRxTxEpx7057JCOp6IdFWOjcDIZi74ZtMCpEcWT81DXN7IC72ytTcpiGfWigmWps4Wa5hr525RM/zki8BlLmuOuR94TNb7wUImq7Y+/umaliJEpgTw==", 8 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDwV/X4e2/fJsdUZr2B/baKVZtrqXLg+/nMQx/hqINgKS6ZwAOBqqLPdp/nD4oiDnSfQp9oIYt4HzYKAaxV8cfKj4FoI/x8ou++dAe8WFFGXjpQwX0ltspVRIRIOVvkTqqKEiqP6IfDaMp40pojZWXTR8Of3YHapEWvSGeAax4ZzX1LGVpv201CafWK6TSf8yTWnoTcUlfNvz5yUsNk1g0vwtzfeDp1SE6RIzLhXxdXxiuI4t//FIQJjBw+GTaM4HkZgSNQ48S2IgAT66JgDFL9t86HT/Pv4Ja2LqkdtOtEZtDDew7wCPw5omKU6AW+6g3/kMZ91+/Vs2IgHzALko+Ssu8Qza2/IIEytgqq5uMNZ5kcfXrk3beqdYNaFY78JoLgXebrYKWmFpK8apph5XPZPrD4NkxIYof41YL6cENcAKWJTw7Zi6mze0poCmoTfGB7Togo++teuHSM6OMTGnXZFijs3nWwvbPjoKm0UIe1wvGk2EzQ6CW2cuc3CxgHePGgCEWDqRS4ghiiBBv6PSX7H0g9bRM7SYtESWsJugxiHX9M+XwkekW16QixaVAkQaLjo0o/nI78mzy85Uy3CCpOTHTrQjZGn+0AKE+O9gO4cu1yXMQYS6UC1P+GZzRNmf4PVTDtkAhLFD+7GzNSaFMbq9DUZlL4vJc0NJCBXuP46Q==" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /cookbooks/cron/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cron", 3 | "version": "1.2.8", 4 | "description": "Installs cron", 5 | "long_description": "cron Cookbook\n=============\nInstalls the cron package and starts the crond service.\n\n\nRequirements\n------------\nPlatforms:\n- RHEL family\n- Debian family\n\n\nResources and Providers\n-----------------------\n### `cron_d`\nThe `cron_d` LWRP can be used to manage files in `/etc/cron.d`. It supports the same interface as Chef's built-in `cron` resource:\n\n```ruby\ncron_d 'daily-usage-report' do\n minute 0\n hour 23\n command '/srv/app/scripts/daily_report'\n user 'appuser'\nend\n```\n\n#### Attributes\n* `minute`, `hour`, `day`, `month`, `weekday` - schedule your cron job. These correspond exactly to their equivalents in the crontab file. All default to \"*\".\n* `command` - the command to run. Required.\n* `user` - the user to run as. Defaults to \"root\".\n* `mailto`, `path`, `home`, `shell` - set the corresponding environment variables in the cron.d file. No default.\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman (joshua@opscode.com)\n\n```text\nCopyright 2010-2012, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", 6 | "maintainer": "Opscode, Inc.", 7 | "maintainer_email": "cookbooks@opscode.com", 8 | "license": "Apache 2.0", 9 | "platforms": { 10 | "redhat": ">= 0.0.0", 11 | "centos": ">= 0.0.0", 12 | "scientific": ">= 0.0.0", 13 | "fedora": ">= 0.0.0", 14 | "amazon": ">= 0.0.0", 15 | "debian": ">= 0.0.0", 16 | "ubuntu": ">= 0.0.0", 17 | "raspbian": ">= 0.0.0" 18 | }, 19 | "dependencies": { 20 | }, 21 | "recommendations": { 22 | }, 23 | "suggestions": { 24 | }, 25 | "conflicting": { 26 | }, 27 | "providing": { 28 | }, 29 | "replacing": { 30 | }, 31 | "attributes": { 32 | }, 33 | "groupings": { 34 | }, 35 | "recipes": { 36 | } 37 | } -------------------------------------------------------------------------------- /cookbooks/psf-pypi/templates/default/nginx_pypi.conf.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef 2 | # Local modifications will be overwritten 3 | 4 | server { 5 | listen 80<% if @default_server %> default_server<% end %>; 6 | server_name <%= @domains.first %>; 7 | root <%= @root_dir %>; 8 | 9 | <% if @hsts_seconds %> 10 | add_header Strict-Transport-Security "max-age=<%= @hsts_seconds %>"; 11 | <% end %> 12 | 13 | rewrite ^/$ https://<%= @domains.first %>/pypi redirect; 14 | 15 | location ~* ^/(pypi|daytime|mirrors|id|oauth|security).* { 16 | include uwsgi_params; 17 | uwsgi_pass <%= @uwsgi_sock %>; 18 | uwsgi_param SCRIPT_NAME /$1; 19 | # the following magic stands for "UWSGI_MODIFIER_MANAGE_PATH_INFO" 20 | # .. when setting the SCRIPT_NAME remove that bit from the PATH_INFO 21 | uwsgi_modifier1 30; 22 | } 23 | 24 | location ~* ^/(simple|serversig|packages).* { 25 | include uwsgi_params; 26 | uwsgi_pass <%= @uwsgi_sock %>; 27 | uwsgi_param SCRIPT_NAME /$1; 28 | # the following magic stands for "UWSGI_MODIFIER_MANAGE_PATH_INFO" 29 | # .. when setting the SCRIPT_NAME remove that bit from the PATH_INFO 30 | uwsgi_modifier1 30; 31 | 32 | gzip on; 33 | gzip_comp_level 9; 34 | gzip_vary on; 35 | } 36 | 37 | location /raw-packages { 38 | alias <%= @packages_dir %>; 39 | 40 | add_header X-PYPI-LAST-SERIAL $upstream_http_x_pypi_last_serial; 41 | add_header Surrogate-Key $upstream_http_surrogate_key; 42 | 43 | internal; 44 | 45 | autoindex on; 46 | 47 | <% if @hsts_seconds %> 48 | add_header Strict-Transport-Security "max-age=<%= @hsts_seconds %>"; 49 | <% end %> 50 | } 51 | 52 | location ~* ^/(stats|local-stats).* { 53 | autoindex on; 54 | } 55 | 56 | location /static { 57 | alias <%= @static_dir %>; 58 | 59 | add_header Cache-Control public; 60 | expires 1d; 61 | 62 | <% if @hsts_seconds %> 63 | add_header Strict-Transport-Security "max-age=<%= @hsts_seconds %>"; 64 | <% end %> 65 | 66 | gzip on; 67 | gzip_comp_level 9; 68 | gzip_vary on; 69 | } 70 | 71 | # allow big uploads 72 | client_max_body_size <%= @upload_size %>; 73 | } 74 | 75 | <% if @domains.length > 1 %> 76 | server { 77 | listen 80; 78 | server_name <%= @domains.last(@domains.length - 1).join(" ") %>; 79 | return 301 $scheme://<%= @domains.first %>$request_uri; 80 | } 81 | <% end %> 82 | -------------------------------------------------------------------------------- /cookbooks/user/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 0.2.13 (unreleased) 2 | 3 | 4 | ## 0.2.12 (May 1, 2012) 5 | 6 | ### Bug fixes 7 | 8 | * user_account LWRP now notifies when updated (FC017). ([@fnichol][]) 9 | * Add plaform equivalents in default attrs (FC024). ([@fnichol][]) 10 | 11 | ### Improvements 12 | 13 | * Add unit testing for user_account resource. ([@fnichol][]) 14 | * Add unit testing for attributes. ([@fnichol][]) 15 | * Add TravisCI to run test suite and Foodcritic linter. ([@fnichol][]) 16 | * Reorganize README with section links. ([@fnichol][]) 17 | * Pull request [#7](https://github.com/fnichol/chef-user/pull/7): Fix semantic issues in README. ([@nathenharvey][]) 18 | 19 | 20 | ## 0.2.10 (January 20, 2012) 21 | 22 | ### Bug fixes 23 | 24 | * Pull request [#6](https://github.com/fnichol/chef-user/pull/6): Fix ordering of user deletion in :remove action. ([@nessche][]) 25 | 26 | ### Improvements 27 | 28 | * Issue [#4](https://github.com/fnichol/chef-user/issues/4): Support Ruby 1.8.6 (no #end_with?). ([@fnichol][]) 29 | * Issue [#3](https://github.com/fnichol/chef-user/issues/3): Mention dependency on ruby-shadow if managing password. ([@fnichol][]) 30 | * Issue [#5](https://github.com/fnichol/chef-user/issues/5): Clarify iteration through node['users'] in recipe[user::data_bag]. ([@fnichol][]) 31 | 32 | 33 | ## 0.2.8 (January 20, 2012) 34 | 35 | ### Improvements 36 | 37 | * Handle user names with periods in them. ([@fnichol][]) 38 | 39 | 40 | ## 0.2.6 (October 18, 2011) 41 | 42 | ### Improvements 43 | 44 | * Data bag item attribute `username` can override `id` for users with illegal data bag characters. ([@fnichol]) 45 | 46 | 47 | ## 0.2.4 (September 19, 2011) 48 | 49 | ### Bug fixes 50 | 51 | * Fix data bag missing error message. ([@fnichol][]) 52 | 53 | 54 | ## 0.2.2 (September 14, 2011) 55 | 56 | ### Bug fixes 57 | 58 | * Issue [#2](https://github.com/fnichol/chef-user/issues/2): user_account resource should accept String or Integer for uid attribute. ([@fnichol][]) 59 | * Add home and shell defaults for SuSE. ([@fnichol][]) 60 | 61 | ### Improvements 62 | 63 | * Add installation instructions to README. ([@fnichol][]) 64 | * Add fallback default `home_root` attribute value of "/home". ([@fnichol][]) 65 | 66 | 67 | ## 0.2.0 (August 12, 2011) 68 | 69 | The initial release. 70 | 71 | [@fnichol]: https://github.com/fnichol 72 | [@nathenharvey]: https://github.com/nathenharvey 73 | [@nessche]: https://github.com/nessche 74 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/recipes/server.rb: -------------------------------------------------------------------------------- 1 | rsnapshot_server 'rsnapshot' do 2 | dir node['rsnapshot']['server']['dir'] 3 | config_version node['rsnapshot']['server']['config_version'] 4 | snapshot_root node['rsnapshot']['server']['snapshot_root'] 5 | no_create_root node['rsnapshot']['server']['no_create_root'] 6 | cmd_cp node['rsnapshot']['server']['cmd_cp'] 7 | cmd_rm node['rsnapshot']['server']['cmd_rm'] 8 | cmd_rsync node['rsnapshot']['server']['cmd_rsync'] 9 | cmd_ssh node['rsnapshot']['server']['cmd_ssh'] 10 | cmd_logger node['rsnapshot']['server']['cmd_logger'] 11 | cmd_du node['rsnapshot']['server']['cmd_du'] 12 | cmd_rsnapshot_diff node['rsnapshot']['server']['cmd_rsnapshot_diff'] 13 | cmd_preexec node['rsnapshot']['server']['cmd_preexec'] 14 | cmd_postexec node['rsnapshot']['server']['cmd_postexec'] 15 | linux_lvm_cmd_lvcreate node['rsnapshot']['server']['linux_lvm_cmd_lvcreate'] 16 | linux_lvm_cmd_lvremove node['rsnapshot']['server']['linux_lvm_cmd_lvremove'] 17 | linux_lvm_cmd_mount node['rsnapshot']['server']['linux_lvm_cmd_mount'] 18 | linux_lvm_cmd_umount node['rsnapshot']['server']['linux_lvm_cmd_umount'] 19 | verbose node['rsnapshot']['server']['verbose'] 20 | loglevel node['rsnapshot']['server']['loglevel'] 21 | logfile node['rsnapshot']['server']['logfile'] 22 | lockfile node['rsnapshot']['server']['lockfile'] 23 | stop_on_stale_lockfile node['rsnapshot']['server']['stop_on_stale_lockfile'] 24 | rsync_short_args node['rsnapshot']['server']['rsync_short_args'] 25 | rsync_long_args node['rsnapshot']['server']['rsync_long_args'] 26 | ssh_args node['rsnapshot']['server']['ssh_args'] 27 | du_args node['rsnapshot']['server']['du_args'] 28 | one_fs node['rsnapshot']['server']['one_fs'] 29 | link_dest node['rsnapshot']['server']['link_dest'] 30 | sync_first node['rsnapshot']['server']['sync_first'] 31 | use_lazy_deletes node['rsnapshot']['server']['use_lazy_deletes'] 32 | rsync_numtries node['rsnapshot']['server']['rsync_numtries'] 33 | linux_lvm_snapshotsize node['rsnapshot']['server']['linux_lvm_snapshotsize'] 34 | linux_lvm_snapshotname node['rsnapshot']['server']['linux_lvm_snapshotname'] 35 | linux_lvm_vgpath node['rsnapshot']['server']['linux_lvm_vgpath'] 36 | linux_lvm_mountpath node['rsnapshot']['server']['linux_lvm_mountpath'] 37 | node['rsnapshot']['server']['retain'].each do |retain_name, retain_data| 38 | retain retain_name, retain_data if retain_data 39 | end 40 | end 41 | -------------------------------------------------------------------------------- /cookbooks/user/recipes/data_bag.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: user 3 | # Recipe:: data_bag 4 | # 5 | # Copyright 2011, Fletcher Nichol 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | include_recipe 'sudo' 21 | 22 | bag = node['user']['data_bag'] 23 | lockdown = node['user']['lockdown'] 24 | 25 | admin_group = [] 26 | 27 | search(bag, "*:*") do |u| 28 | username = u['username'] || u['id'] 29 | 30 | # Figure out if we should force-remove this user 31 | remove_user = u['roles'].is_a?(Array) && !u['roles'].any?{|role| node['roles'].include?(role)} 32 | 33 | # If :sudo is an array, check roles, otherwise if it is true just apply sudo globally 34 | if u['sudo'].is_a?(Array) && u['sudo'].any?{|role| node['roles'].include?(role)} 35 | admin_group << username 36 | elsif u['sudo'].is_a?(Hash) && u['sudo'].any?{|role, cmd| node['roles'].include?(role)} 37 | cmds = [] 38 | u['sudo'].each_pair do |role, cmd| 39 | cmds << cmd if node['roles'].include?(role) 40 | end 41 | if !cmds.empty? 42 | sudo username do 43 | user username 44 | commands cmds 45 | nopasswd true 46 | end 47 | end 48 | elsif u['sudo'] == true 49 | admin_group << username 50 | elsif lockdown 51 | # When under lockdown mode, any user without sudo isn't allowed in at all 52 | remove_user = true 53 | end 54 | 55 | user_account username do 56 | %w{comment uid gid home shell password system_user manage_home create_group 57 | ssh_keys ssh_keygen}.each do |attr| 58 | send(attr, u[attr]) if u[attr] 59 | end 60 | 61 | # If you don't match the roles for this node, make sure you don't exist 62 | if remove_user 63 | action :remove 64 | else 65 | action u['action'].to_sym if u['action'] 66 | end 67 | end 68 | end 69 | 70 | group "admin" do 71 | action [:create, :manage] 72 | members admin_group 73 | end 74 | 75 | sudo "admin" do 76 | group "admin" 77 | nopasswd true 78 | commands ["ALL"] 79 | end 80 | -------------------------------------------------------------------------------- /data_bags/users/osuadmin.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "osuadmin", 3 | "comment": "OSU Admin group account ", 4 | "sudo": true, 5 | "ssh_keys": [ 6 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb8mIhrDs4wX7bBEV+anf7Gh3m98lQ0MQbyfSClNjwPIF4BHwczOct6m2mr+V4ft5I8JGUDk2ke20v3+bR5NIsEtGh3fRd+KeLOVPiboIPWADAAqm4WSuW10ow3IPF6BLWv/3RnAv1l8tVbCdUz3i1U/ryFcOHS9BLdTy+tprfc8amEfNfVrx/WpwSl4eXZImsOaQAKvzAPsCSDK/2DOQ0NPfUD1ECm0AqxVBWemDCITP3g+GRMueRRo1ui89BvhnK+B8bApJeUVMw3Ltw0cgps2fKfeGqKf9Ree9Twt6Mpkr04owVLXCdNMU4p2ilhcWmgvVJRQxAfH1yx519vAtv mythmon@gmail.com # added automatically for ganeti web manager user: mythmon", 7 | "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs8yFI2vksQUZtkQAsj2CY5Fw5xBDSIIPpqUtG3l06PxaNtj+JJ2JrGhU18qOtJZUCZDXPPLiBvrMCiGR+IgQy7CM6+tJr7PKlT63nF126eU1nrZTJL6+0GqomFV5p4lhJS48l2NQmTD0Z0ZoUGaKPhbfNHVYC1Dbn6EeNopB+hnJi2jCv5DaJ3JeMrGLV2K1PS3SfSIxCDjy7doxcqooz/HqrptDvTAsWEC3A3Sgyh+6uS01ON4NLOJ4vJNW7L3jj9iVeietCcGLYalZPQrsK4L+4G1kwLjN5Tyv4E4FbiiSY4NtoasTeXersoK8Vi3PV17mZcLUTb6qnBdgCi9gzQ== jordane@Gonff # added automatically for ganeti web manager user: osuadmin", 8 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb8mIhrDs4wX7bBEV+anf7Gh3m98lQ0MQbyfSClNjwPIF4BHwczOct6m2mr+V4ft5I8JGUDk2ke20v3+bR5NIsEtGh3fRd+KeLOVPiboIPWADAAqm4WSuW10ow3IPF6BLWv/3RnAv1l8tVbCdUz3i1U/ryFcOHS9BLdTy+tprfc8amEfNfVrx/WpwSl4eXZImsOaQAKvzAPsCSDK/2DOQ0NPfUD1ECm0AqxVBWemDCITP3g+GRMueRRo1ui89BvhnK+B8bApJeUVMw3Ltw0cgps2fKfeGqKf9Ree9Twt6Mpkr04owVLXCdNMU4p2ilhcWmgvVJRQxAfH1yx519vAtv mythmon@gmail.com # added automatically for ganeti web manager user: osuadmin", 9 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3ri8+ysHfdNpqlMidI9tbHaHxBaAozzym/iPvyChkDLugppyoyPKyJGn42dcpKJA7xRdNFDaZTDtSkOMxah+/6Ov/y5doOvGFoR4ykZVzb7pVUmRGAXNVzIoiQgzjhhha/YOnyab5NyMUA9JVZV+3lsoz0YBjlYuvbRyQ3C38HD11X2Y9T7ZqPJ4MB6s0Dnfe88SnuZFdzBxZzLCsZ/jXgTXqB8WbUbSs5ShtK3YW5DIHw2+3k7hw1QOROcS4ibrV8JOwCjE2Csm3UZklQd3cz7S9Sp34KSy8XxQ4YasGojw8Ut5zklJhgbebAwm5ckkW27WrS+qw12k7R91fnWrd relud@nitrogen # added automatically for ganeti web manager user: relud", 10 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnBjOARXUzKUzYmdYe2UdpUhoZgG2YeqS2mQF/YgNx7gJJbLn/v8GjV5efDGl0Ad2rW6CO30keN92V6U4oBs2W0+tFNyFScd8NYLPW+ijz7wtAuE4Vf2yJCXa8zFZzi2nTayIekufYsZvk55GhFUav1NFAh7EeQjBnFLck7wlnA6ENCYxIHFFtRRTYv3LCHdvfUtWuKbDim1UWxHufQj1q8ay732nV6RTzVwH4PDDCJjsgxMDcZqfRcRrQE3n98Bzkb/TAG22G3E2KOa+RTtwxRjaMs/ZKA9lV3MjeLUk8SQW9h64hiZB1tl5njVfhC6shtdgKZy/JUiV97IF+2NbBC2LQ/AsGgYUGkPwwR8SiFhzxy5lqrQo9eXVLs6NuM6Q9GdRfOhigxw9ukQPYu29z4Uq4EaWQgtszXmy5hwkPKA1gIEj6ZpYl2y481wGEdXBoK9m1avs0EVlhQ5pXKv1XAn2icqGsaiajSyqNeYRH87q25I+VKJcPCSW7uVDWm+sTFUWe++5hAcHym0QAzmCYwAqYBwdCZl8oepZUA7Szalqxu9Vdka/IjoKiTDJjWf8NWAMs8v6sOvymdzZD4+I3JFkPOrtG3m+Ex6dRB1BQ63Hzmjx+BuiUU95/YsYq5CwGOjkkr+O29HwOBnxfnDqakKULh9H/28Zftco2qUphLQ== osuosl unmanaged" 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /cookbooks/rsnapshot/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default['rsnapshot']['server']['dir'] = '/etc' 2 | default['rsnapshot']['server']['config_version'] = '1.2' 3 | default['rsnapshot']['server']['snapshot_root'] = '/var/cache/rsnapshot' 4 | default['rsnapshot']['server']['no_create_root'] = false 5 | default['rsnapshot']['server']['cmd_cp'] = '/bin/cp' 6 | default['rsnapshot']['server']['cmd_rm'] = '/bin/rm' 7 | default['rsnapshot']['server']['cmd_rsync'] = '/usr/bin/rsync' 8 | default['rsnapshot']['server']['cmd_ssh'] = '/usr/bin/ssh' 9 | default['rsnapshot']['server']['cmd_logger'] = '/usr/bin/logger' 10 | default['rsnapshot']['server']['cmd_du'] = '/usr/bin/du' 11 | default['rsnapshot']['server']['cmd_rsnapshot_diff'] = '/usr/bin/rsnapshot-diff' 12 | default['rsnapshot']['server']['cmd_preexec'] = nil 13 | default['rsnapshot']['server']['cmd_postexec'] = nil 14 | default['rsnapshot']['server']['linux_lvm_cmd_lvcreate'] = nil 15 | default['rsnapshot']['server']['linux_lvm_cmd_lvremove'] = nil 16 | default['rsnapshot']['server']['linux_lvm_cmd_mount'] = nil 17 | default['rsnapshot']['server']['linux_lvm_cmd_umount'] = nil 18 | default['rsnapshot']['server']['verbose'] = 2 19 | default['rsnapshot']['server']['loglevel'] = 3 20 | default['rsnapshot']['server']['logfile'] = nil 21 | default['rsnapshot']['server']['lockfile'] = '/var/run/rsnapshot.pid' 22 | default['rsnapshot']['server']['stop_on_stale_lockfile'] = true 23 | default['rsnapshot']['server']['rsync_short_args'] = '-a' 24 | default['rsnapshot']['server']['rsync_long_args'] = '--delete --numeric-ids --relative --delete-excluded' 25 | default['rsnapshot']['server']['ssh_args'] = '-i /root/.ssh/id_rsnapshot -o StrictHostKeyChecking=no' 26 | default['rsnapshot']['server']['du_args'] = '-csh' 27 | default['rsnapshot']['server']['one_fs'] = false 28 | default['rsnapshot']['server']['link_dest'] = false 29 | default['rsnapshot']['server']['sync_first'] = false 30 | default['rsnapshot']['server']['use_lazy_deletes'] = false 31 | default['rsnapshot']['server']['rsync_numtries'] = nil 32 | default['rsnapshot']['server']['linux_lvm_snapshotsize'] = nil 33 | default['rsnapshot']['server']['linux_lvm_snapshotname'] = nil 34 | default['rsnapshot']['server']['linux_lvm_vgpath'] = nil 35 | default['rsnapshot']['server']['linux_lvm_mountpath'] = nil 36 | 37 | default['rsnapshot']['server']['retain']['hourly']['count'] = 12 38 | default['rsnapshot']['server']['retain']['hourly']['minute'] = 0 39 | default['rsnapshot']['server']['retain']['hourly']['hour'] = '*/4' 40 | default['rsnapshot']['server']['retain']['daily']['count'] = 14 41 | default['rsnapshot']['server']['retain']['daily']['minute'] = 0 42 | default['rsnapshot']['server']['retain']['daily']['hour'] = 0 43 | 44 | default['rsnapshot']['client']['server_role'] = nil 45 | -------------------------------------------------------------------------------- /doc/services/warehouse.rst: -------------------------------------------------------------------------------- 1 | Warehouse 2 | ========= 3 | 4 | Warehouse is deployed continuously. Every push to master triggers a new build 5 | which will get picked up the next time the deployment procedure is run on 6 | the Warehouse servers. The process is: 7 | 8 | 1. For every push to master, except those automatically generated by the 9 | release process, trigger a new test run which will ensure nothing has 10 | broken. If the test run completes successfully, then a new build job is 11 | triggered in Jenkins. 12 | 2. Jenkins will generate and tag a new version for the next release of 13 | Warehouse, following a version scheme of ``YY.MM.NN``, where ``NN`` is an 14 | incrementing serial number. 15 | 3. Jenkins will generate a new Python source distribution and Wheel of the 16 | latest release. 17 | 4. Jenkins will generate a new Debian package of the latest version, bundling 18 | Warehouse and all of its dependencies into a single virtual environment 19 | which, when installed, will end up in ``/opt/warehouse``. 20 | 5. If generating both the Python packages and the Debian package was successful 21 | then Jenkins will publish the Python packages to PyPI, the Debian packages 22 | to an internal apt repository, and push the tagged version to GitHub. 23 | 6. Chef will periodically (every 30 minutes) check the internal apt repository 24 | for an updated package and will update to the latest version if needed. 25 | 26 | 27 | Environment / Dependencies 28 | -------------------------- 29 | 30 | * PyPy 31 | * PostgreSQL 9.2+ (Hosted by OSUOL) 32 | * Elasticsearch 33 | 34 | 35 | Configuration 36 | ------------- 37 | 38 | Warehouse is configured using a YAML file which the cookbook will write to 39 | ``/opt/warehouse/etc/config.yml``. 40 | 41 | 42 | Debian Packages and Virtual Environments 43 | ---------------------------------------- 44 | 45 | The Warehouse deployment uses Debian packaging as a means of delivery to the 46 | application servers. This allows us to easily generate a build artifact and 47 | then deploy that built artifact to the application server. 48 | 49 | Using a modified `dh-virtualenv`_ the build process for the Debian package 50 | creates a new virtual environment, installs Warehouse and all of its 51 | dependencies into that virtual environment, and then packages the resulting 52 | environment into a single debian package. 53 | 54 | This setup was chosen because it offers the best isolation from build time 55 | failures. It also moves as much of the process into a one time build process 56 | instead of needing to execute a pip install every 30 minutes to check for 57 | updated requirements. 58 | 59 | 60 | .. _dh-virtualenv: http://labs.spotify.com/2013/10/10/packaging-in-your-packaging-dh-virtualenv/ 61 | -------------------------------------------------------------------------------- /doc/getting-started.rst: -------------------------------------------------------------------------------- 1 | Getting started with this repo 2 | ============================== 3 | 4 | The goal of this document is to get you to a working state with the repo. 5 | 6 | By the end of this you should be able to run these commands: 7 | 8 | * `bundle exec knife node list` 9 | * `bundle exec berks list` 10 | * `bundle exec rake docs` 11 | 12 | Configuration 13 | ------------- 14 | 15 | The repository uses two configuration files. 16 | 17 | * `config/rake.rb` 18 | * `.chef/knife.rb` 19 | 20 | The first, `config/rake.rb` configures the Rakefile in two sections. 21 | 22 | * Constants used in the `ssl_cert` task for creating the certificates. 23 | * Constants that set the directory locations used in various tasks. 24 | 25 | If you use the `ssl_cert` task, change the values in the `config/rake.rb` file appropriately. These values were also used in the `new_cookbook` task, but that task is replaced by the `knife cookbook create` command which can be configured below. 26 | 27 | The second config file, `.chef/knife.rb` is a repository specific configuration file for knife. If you're using the Opscode Platform, you can download one for your organization from the management console. If you're using the Open Source Chef Server, you can generate a new one with `knife configure`. For more information about configuring Knife, see the Knife documentation. 28 | 29 | http://help.opscode.com/faqs/chefbasics/knife 30 | 31 | Setting up a development environment 32 | ------------------------------------ 33 | 34 | Some things you'll need: 35 | 36 | * this repo, cloned locally 37 | * ruby 1.9 38 | * the chef validator key 39 | * a valid chef client key 40 | 41 | Some things to consider: 42 | 43 | * rbenv: https://github.com/sstephenson/rbenv (via rbenv installer https://github.com/fesplugas/rbenv-installer) 44 | 45 | Some common steps: 46 | 47 | :: 48 | 49 | $ gem install bundler 50 | 51 | # get our ruby dependencies 52 | # Create local binstubs and install the gems right here. 53 | $ bundle install --binstubs --path .gems 54 | 55 | # get our chef cookbook dependencies 56 | $ bundle exec berks install 57 | 58 | Managing Cookbooks 59 | ------------------ 60 | 61 | We use berkshelf to manage our cookbooks and dependencies. Berkshelf is 62 | straight forward. 63 | 64 | To get started with it, look here: http://berkshelf.com/ 65 | 66 | From the command line, it looks like this: 67 | 68 | List all of our cookbooks 69 | 70 | :: 71 | 72 | $ bundle exec berks list 73 | 74 | Install all our 3rd party dependencies 75 | 76 | :: 77 | 78 | $ bundle exec berks install 79 | 80 | Upload a cookbook managed by berkshelf 81 | 82 | :: 83 | 84 | $ bundle exec berks upload 85 | 86 | Create a new cookbook 87 | 88 | :: 89 | 90 | $ bundle exec berks cookbook 91 | --------------------------------------------------------------------------------