From 34666b81c1ff78ac49e2afb85f6cabf8742dfb4c Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 15 Nov 2017 22:54:49 +0000 Subject: [PATCH 1/1] Update some custom resources for Chef 14 compatibility --- cookbooks/apt/resources/source.rb | 30 ++++++++-------- cookbooks/imagery/resources/layer.rb | 50 +++++++++++++------------- cookbooks/imagery/resources/site.rb | 28 +++++++-------- cookbooks/ssl/resources/certificate.rb | 38 ++++++++++---------- 4 files changed, 75 insertions(+), 71 deletions(-) diff --git a/cookbooks/apt/resources/source.rb b/cookbooks/apt/resources/source.rb index f80b85d17..12325308d 100644 --- a/cookbooks/apt/resources/source.rb +++ b/cookbooks/apt/resources/source.rb @@ -34,22 +34,22 @@ end action :create do if key - execute "apt-key-#{key}-clean" do + execute "apt-key-#{new_resource.key}-clean" do command "/usr/bin/apt-key adv --batch --delete-key --yes #key}" - only_if "/usr/bin/apt-key adv --list-keys #{key} | fgrep expired" + only_if "/usr/bin/apt-key adv --list-keys #{new_resource.key} | fgrep expired" end if key_url - execute "apt-key-#{key}-install" do - command "/usr/bin/apt-key adv --fetch-keys #{key_url}" - not_if "/usr/bin/apt-key adv --list-keys #{key}" - notifies :run, "execute[apt-update-#{source_name}]" + execute "apt-key-#{new_resource.key}-install" do + command "/usr/bin/apt-key adv --fetch-keys #{new_resource.key_url}" + not_if "/usr/bin/apt-key adv --list-keys #{new_resource.key}" + notifies :run, "execute[apt-update-#{new_resource.source_name}]" end else - execute "apt-key-#{key}-install" do - command "/usr/bin/apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys #{key}" - not_if "/usr/bin/apt-key adv --list-keys #{key}" - notifies :run, "execute[apt-update-#{source_name}]" + execute "apt-key-#{new_resource.key}-install" do + command "/usr/bin/apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys #{new_resource.key}" + not_if "/usr/bin/apt-key adv --list-keys #{new_resource.key}" + notifies :run, "execute[apt-update-#{new_resource.source_name}]" end end end @@ -60,10 +60,10 @@ action :create do group "root" mode 0o644 variables :url => url - notifies :run, "execute[apt-update-#{source_name}]" + notifies :run, "execute[apt-update-#{new_resource.source_name}]" end - execute "apt-update-#{source_name}" do + execute "apt-update-#{new_resource.source_name}" do action update ? :run : :nothing command "/usr/bin/apt-get update --no-list-cleanup -o Dir::Etc::sourcelist='#{source_path}' -o Dir::Etc::sourceparts='-'" end @@ -75,6 +75,8 @@ action :delete do end end -def source_path - "/etc/apt/sources.list.d/#{source_name}.list" +action_class do + def source_path + "/etc/apt/sources.list.d/#{new_resource.source_name}.list" + end end diff --git a/cookbooks/imagery/resources/layer.rb b/cookbooks/imagery/resources/layer.rb index 957e46b47..2868c7f7b 100644 --- a/cookbooks/imagery/resources/layer.rb +++ b/cookbooks/imagery/resources/layer.rb @@ -41,20 +41,20 @@ property :overlay, [TrueClass, FalseClass], :default => false property :default_layer, [TrueClass, FalseClass], :default => false action :create do - file "/srv/imagery/layers/#{site}/#{layer}.yml" do + file "/srv/imagery/layers/#{new_resource.site}/#{new_resource.layer}.yml" do owner "root" group "root" mode 0o644 - content YAML.dump(:name => layer, - :title => title || layer, - :url => "//{s}.#{site}/layer/#{layer}/{z}/{x}/{y}.png", - :attribution => copyright, - :default => default_layer, - :maxZoom => max_zoom, - :overlay => overlay) + content YAML.dump(:name => new_resource.layer, + :title => new_resource.title || new_resource.layer, + :url => "//{s}.#{new_resource.site}/layer/#{new_resource.layer}/{z}/{x}/{y}.png", + :attribution => new_resource.copyright, + :default => new_resource.default_layer, + :maxZoom => new_resource.max_zoom, + :overlay => new_resource.overlay) end - template "/srv/imagery/mapserver/layer-#{layer}.map" do + template "/srv/imagery/mapserver/layer-#{new_resource.layer}.map" do cookbook "imagery" source "mapserver.map.erb" owner "root" @@ -63,17 +63,17 @@ action :create do variables new_resource.to_hash end - systemd_service "mapserv-fcgi-#{layer}" do - description "Map server for #{layer} layer" - environment "MS_MAPFILE" => "/srv/imagery/mapserver/layer-#{layer}.map", + systemd_service "mapserv-fcgi-#{new_resource.layer}" do + description "Map server for #{new_resource.layer} layer" + environment "MS_MAPFILE" => "/srv/imagery/mapserver/layer-#{new_resource.layer}.map", "MS_MAP_PATTERN" => "^/srv/imagery/mapserver/", "MS_DEBUGLEVEL" => "0", "MS_ERRORFILE" => "stderr" limit_nofile 16384 user "imagery" group "imagery" - exec_start_pre "/bin/rm -f /run/mapserver-fastcgi/layer-#{layer}.socket" - exec_start "/usr/bin/spawn-fcgi -n -s /run/mapserver-fastcgi/layer-#{layer}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{layer}.pid -- /usr/bin/multiwatch -f 6 --signal=TERM -- /usr/lib/cgi-bin/mapserv" + exec_start_pre "/bin/rm -f /run/mapserver-fastcgi/layer-#{new_resource.layer}.socket" + exec_start "/usr/bin/spawn-fcgi -n -s /run/mapserver-fastcgi/layer-#{new_resource.layer}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{new_resource.layer}.pid -- /usr/bin/multiwatch -f 6 --signal=TERM -- /usr/lib/cgi-bin/mapserv" private_tmp true private_devices true private_network true @@ -81,25 +81,25 @@ action :create do protect_home true no_new_privileges true restart "always" - pid_file "/run/mapserver-fastcgi/layer-#{layer}.pid" + pid_file "/run/mapserver-fastcgi/layer-#{new_resource.layer}.pid" end - service "mapserv-fcgi-#{layer}" do + service "mapserv-fcgi-#{new_resource.layer}" do provider Chef::Provider::Service::Systemd action [:enable, :start] supports :status => true, :restart => true, :reload => false - subscribes :restart, "template[/srv/imagery/mapserver/layer-#{layer}.map]" - subscribes :restart, "systemd_service[mapserv-fcgi-#{layer}]" + subscribes :restart, "template[/srv/imagery/mapserver/layer-#{new_resource.layer}.map]" + subscribes :restart, "systemd_service[mapserv-fcgi-#{new_resource.layer}]" end - directory "/srv/imagery/nginx/#{site}" do + directory "/srv/imagery/nginx/#{new_resource.site}" do owner "root" group "root" mode 0o755 recursive true end - template "/srv/imagery/nginx/#{site}/layer-#{layer}.conf" do + template "/srv/imagery/nginx/#{new_resource.site}/layer-#{new_resource.layer}.conf" do cookbook "imagery" source "nginx_imagery_layer_fragment.conf.erb" owner "root" @@ -110,23 +110,23 @@ action :create do end action :delete do - file "/srv/imagery/layers/#{site}/#{layer}.yml" do + file "/srv/imagery/layers/#{new_resource.site}/#{new_resource.layer}.yml" do action :delete end - service "mapserv-fcgi-layer-#{layer}" do + service "mapserv-fcgi-layer-#{new_resource.layer}" do action [:stop, :disable] end - file "/srv/imagery/mapserver/layer-#{layer}.map" do + file "/srv/imagery/mapserver/layer-#{new_resource.layer}.map" do action :delete end - systemd_service "mapserv-fcgi-#{layer}" do + systemd_service "mapserv-fcgi-#{new_resource.layer}" do action :delete end - file "/srv/imagery/nginx/#{site}/layer-#{layer}.conf" do + file "/srv/imagery/nginx/#{new_resource.site}/layer-#{new_resource.layer}.conf" do action :delete end end diff --git a/cookbooks/imagery/resources/site.rb b/cookbooks/imagery/resources/site.rb index c2f0e47c5..155a43f42 100644 --- a/cookbooks/imagery/resources/site.rb +++ b/cookbooks/imagery/resources/site.rb @@ -27,27 +27,27 @@ property :aliases, [String, Array], :default => [] property :bbox, Array, :required => true action :create do - directory "/srv/#{site}" do + directory "/srv/#{new_resource.site}" do user "root" group "root" mode 0o755 end - directory "/srv/imagery/layers/#{site}" do + directory "/srv/imagery/layers/#{new_resource.site}" do user "root" group "root" mode 0o755 recursive true end - directory "/srv/imagery/overlays/#{site}" do + directory "/srv/imagery/overlays/#{new_resource.site}" do user "root" group "root" mode 0o755 recursive true end - template "/srv/#{site}/index.html" do + template "/srv/#{new_resource.site}/index.html" do source "index.html.erb" user "root" group "root" @@ -55,43 +55,43 @@ action :create do variables :title => title end - cookbook_file "/srv/#{site}/imagery.css" do + cookbook_file "/srv/#{new_resource.site}/imagery.css" do source "imagery.css" user "root" group "root" mode 0o644 end - cookbook_file "/srv/#{site}/clientaccesspolicy.xml" do + cookbook_file "/srv/#{new_resource.site}/clientaccesspolicy.xml" do source "clientaccesspolicy.xml" user "root" group "root" mode 0o644 end - cookbook_file "/srv/#{site}/crossdomain.xml" do + cookbook_file "/srv/#{new_resource.site}/crossdomain.xml" do source "crossdomain.xml" user "root" group "root" mode 0o644 end - layers = Dir.glob("/srv/imagery/layers/#{site}/*.yml").collect do |path| + layers = Dir.glob("/srv/imagery/layers/#{new_resource.site}/*.yml").collect do |path| YAML.safe_load(::File.read(path), [Symbol]) end - template "/srv/#{site}/imagery.js" do + template "/srv/#{new_resource.site}/imagery.js" do source "imagery.js.erb" user "root" group "root" mode 0o644 - variables :bbox => bbox, :layers => layers + variables :bbox => new_resource.bbox, :layers => layers end - base_domains = [site] + Array(aliases) + base_domains = [new_resource.site] + Array(new_resource.aliases) tile_domains = base_domains.flat_map { |d| [d, "a.#{d}", "b.#{d}", "c.#{d}"] } - ssl_certificate site do + ssl_certificate new_resource.site do domains tile_domains end @@ -99,9 +99,9 @@ action :create do IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver end - nginx_site site do + nginx_site new_resource.site do template "nginx_imagery.conf.erb" - directory "/srv/imagery/#{site}" + directory "/srv/imagery/#{new_resource.site}" restart_nginx false variables new_resource.to_hash.merge(:resolvers => resolvers) end diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb index 9d0ca7462..b28b98f25 100644 --- a/cookbooks/ssl/resources/certificate.rb +++ b/cookbooks/ssl/resources/certificate.rb @@ -23,69 +23,71 @@ property :certificate, String, :name_property => true property :domains, [String, Array], :required => true action :create do - node.default[:letsencrypt][:certificates][certificate] = { + node.default[:letsencrypt][:certificates][new_resource.certificate] = { :domains => Array(domains) } if letsencrypt - certificate_content = letsencrypt["certificate"] - key_content = letsencrypt["key"] + certificate = letsencrypt["certificate"] + key = letsencrypt["key"] end - if certificate_content - file "/etc/ssl/certs/#{certificate}.pem" do + if certificate + file "/etc/ssl/certs/#{new_resource.certificate}.pem" do owner "root" group "root" mode 0o444 - content certificate_content + content certificate backup false manage_symlink_source false force_unlink true end - file "/etc/ssl/private/#{certificate}.key" do + file "/etc/ssl/private/#{new_resource.certificate}.key" do owner "root" group "ssl-cert" mode 0o440 - content key_content + content key backup false manage_symlink_source false force_unlink true end else - template "/tmp/#{certificate}.ssl.cnf" do + template "/tmp/#{new_resource.certificate}.ssl.cnf" do cookbook "ssl" source "ssl.cnf.erb" owner "root" group "root" mode 0o644 - variables :domains => Array(domains) + variables :domains => Array(new_resource.domains) not_if do - ::File.exist?("/etc/ssl/certs/#{certificate}.pem") && ::File.exist?("/etc/ssl/private/#{certificate}.key") + ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key") end end - execute "/etc/ssl/certs/#{certificate}.pem" do - command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{certificate}.key -out /etc/ssl/certs/#{certificate}.pem -days 365 -nodes -config /tmp/#{certificate}.ssl.cnf" + execute "/etc/ssl/certs/#{new_resource.certificate}.pem" do + command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{new_resource.certificate}.key -out /etc/ssl/certs/#{new_resource.certificate}.pem -days 365 -nodes -config /tmp/#{new_resource.certificate}.ssl.cnf" user "root" group "ssl-cert" not_if do - ::File.exist?("/etc/ssl/certs/#{certificate}.pem") && ::File.exist?("/etc/ssl/private/#{certificate}.key") + ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key") end end end end action :delete do - file "/etc/ssl/certs/#{certificate}.pem" do + file "/etc/ssl/certs/#{new_resource.certificate}.pem" do action :delete end - file "/etc/ssl/private/#{certificate}.key" do + file "/etc/ssl/private/#{new_resource.certificate}.key" do action :delete end end -def letsencrypt - @letsencrypt ||= search(:letsencrypt, "id:#{certificate}").first +action_class do + def letsencrypt + @letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first + end end -- 2.43.2