From e7be1b3d379bdb1ee55de0d68f7946ed9f63fc62 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 15 Feb 2020 16:56:35 +0000
Subject: [PATCH] Reduce implicit coupling between cookbooks

---
 .kitchen.yml                                | 17 ++++++-----------
 cookbooks/blogs/metadata.rb                 |  1 +
 cookbooks/blogs/recipes/default.rb          |  1 +
 cookbooks/donate/attributes/default.rb      |  1 +
 cookbooks/donate/metadata.rb                |  1 +
 cookbooks/donate/recipes/default.rb         |  1 +
 cookbooks/forum/attributes/default.rb       |  1 +
 cookbooks/forum/metadata.rb                 |  1 +
 cookbooks/forum/recipes/default.rb          |  2 ++
 cookbooks/letsencrypt/attributes/default.rb |  1 +
 cookbooks/letsencrypt/metadata.rb           |  1 +
 cookbooks/letsencrypt/recipes/default.rb    |  2 ++
 cookbooks/ohai/resources/plugin.rb          |  7 +++++++
 cookbooks/otrs/attributes/default.rb        | 11 ++++++++---
 cookbooks/otrs/metadata.rb                  |  2 ++
 cookbooks/otrs/recipes/default.rb           |  5 +++--
 cookbooks/postgresql/recipes/default.rb     |  1 +
 cookbooks/squid/metadata.rb                 |  1 +
 cookbooks/squid/recipes/default.rb          |  2 ++
 roles/donate.rb                             | 11 -----------
 roles/forum.rb                              | 11 -----------
 roles/letsencrypt.rb                        | 10 ----------
 roles/otrs.rb                               | 19 +------------------
 23 files changed, 44 insertions(+), 66 deletions(-)
 create mode 100644 cookbooks/donate/attributes/default.rb
 create mode 100644 cookbooks/forum/attributes/default.rb
 create mode 100644 cookbooks/letsencrypt/attributes/default.rb

diff --git a/.kitchen.yml b/.kitchen.yml
index 63e3503e2..9b9a4c03c 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -40,7 +40,6 @@ suites:
         clients: none
   - name: blogs
     run_list:
-      - recipe[accounts::default]
       - recipe[blogs::default]
   - name: clamav
     run_list:
@@ -74,8 +73,7 @@ suites:
         mpm: prefork
   - name: donate
     run_list:
-      - recipe[accounts::default]
-      - role[donate]
+      - recipe[donate::default]
     attributes:
       apache:
         mpm: prefork
@@ -87,15 +85,15 @@ suites:
       - recipe[fail2ban::default]
   - name: forum
     run_list:
-      - recipe[accounts::default]
-      - role[forum]
+      - recipe[forum::default]
+    attributes:
+      apache:
+        mpm: prefork
   - name: incron
     run_list:
       - recipe[incron::default]
   - name: letsencrypt
     run_list:
-      - recipe[accounts::default]
-      - recipe[apt::default]
       - role[letsencrypt]
     attributes:
       apt:
@@ -139,9 +137,7 @@ suites:
       - recipe[osmosis::default]
   - name: otrs
     run_list:
-      - recipe[accounts::default]
-      - recipe[chef::default]
-      - role[otrs]
+      - recipe[otrs::default]
   - name: planet
     run_list:
       - recipe[planet::default]
@@ -168,7 +164,6 @@ suites:
       - recipe[spamassassin::default]
   - name: squid
     run_list:
-      - recipe[apt::default]
       - recipe[squid::default]
   - name: tools
     run_list:
diff --git a/cookbooks/blogs/metadata.rb b/cookbooks/blogs/metadata.rb
index 6f2b7dfc6..19d88bcfe 100644
--- a/cookbooks/blogs/metadata.rb
+++ b/cookbooks/blogs/metadata.rb
@@ -6,5 +6,6 @@ description       "Configures server-info web site"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "apache"
 depends           "git"
diff --git a/cookbooks/blogs/recipes/default.rb b/cookbooks/blogs/recipes/default.rb
index c8c96788c..6432a98d3 100644
--- a/cookbooks/blogs/recipes/default.rb
+++ b/cookbooks/blogs/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "apache"
 include_recipe "git"
 
diff --git a/cookbooks/donate/attributes/default.rb b/cookbooks/donate/attributes/default.rb
new file mode 100644
index 000000000..8ce74ce41
--- /dev/null
+++ b/cookbooks/donate/attributes/default.rb
@@ -0,0 +1 @@
+default[:accounts][:users][:donate][:status] = :role
diff --git a/cookbooks/donate/metadata.rb b/cookbooks/donate/metadata.rb
index 0882bddf8..645e74851 100644
--- a/cookbooks/donate/metadata.rb
+++ b/cookbooks/donate/metadata.rb
@@ -6,6 +6,7 @@ description       "Installs and configures Donate Site"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "apache"
 depends           "mysql"
 depends           "git"
diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
index 1b3ede310..25441aaf6 100644
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "apache"
 include_recipe "mysql"
 include_recipe "git"
diff --git a/cookbooks/forum/attributes/default.rb b/cookbooks/forum/attributes/default.rb
new file mode 100644
index 000000000..0c376d592
--- /dev/null
+++ b/cookbooks/forum/attributes/default.rb
@@ -0,0 +1 @@
+default[:accounts][:users][:forum][:status] = :role
diff --git a/cookbooks/forum/metadata.rb b/cookbooks/forum/metadata.rb
index 21edbfe64..edf2fac48 100644
--- a/cookbooks/forum/metadata.rb
+++ b/cookbooks/forum/metadata.rb
@@ -6,6 +6,7 @@ description       "Installs and configures a roundup server"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "apache"
 depends           "git"
 depends           "mysql"
diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb
index fcbf2f330..1e5a4216f 100644
--- a/cookbooks/forum/recipes/default.rb
+++ b/cookbooks/forum/recipes/default.rb
@@ -16,6 +16,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
+include_recipe "accounts"
 include_recipe "apache"
 include_recipe "git"
 include_recipe "mysql"
diff --git a/cookbooks/letsencrypt/attributes/default.rb b/cookbooks/letsencrypt/attributes/default.rb
new file mode 100644
index 000000000..21b32a880
--- /dev/null
+++ b/cookbooks/letsencrypt/attributes/default.rb
@@ -0,0 +1 @@
+default[:accounts][:users][:letsencrypt][:status] = :role
diff --git a/cookbooks/letsencrypt/metadata.rb b/cookbooks/letsencrypt/metadata.rb
index 3af7bdd2e..50f1874b2 100644
--- a/cookbooks/letsencrypt/metadata.rb
+++ b/cookbooks/letsencrypt/metadata.rb
@@ -6,4 +6,5 @@ description       "Support for letsencrypt certificates"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "apache"
diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index 05b1c0fa8..a1df68190 100644
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "apache"
 
 keys = data_bag_item("chef", "keys")
@@ -147,6 +148,7 @@ certificates.each do |name, details|
     user "letsencrypt"
     group "letsencrypt"
     subscribes :run, "template[/srv/acme.openstreetmap.org/requests/#{name}]"
+    not_if { ENV["TEST_KITCHEN"] }
   end
 end
 
diff --git a/cookbooks/ohai/resources/plugin.rb b/cookbooks/ohai/resources/plugin.rb
index 9367a4d83..ceff104b9 100644
--- a/cookbooks/ohai/resources/plugin.rb
+++ b/cookbooks/ohai/resources/plugin.rb
@@ -27,6 +27,13 @@ action :create do
     action :nothing
   end
 
+  directory "/etc/chef/ohai" do
+    owner "root"
+    group "root"
+    mode 0o755
+    recursive true
+  end
+
   declare_resource :template, plugin_path do
     source new_resource.template
     owner "root"
diff --git a/cookbooks/otrs/attributes/default.rb b/cookbooks/otrs/attributes/default.rb
index fff2dc008..7f3d32be7 100644
--- a/cookbooks/otrs/attributes/default.rb
+++ b/cookbooks/otrs/attributes/default.rb
@@ -1,8 +1,13 @@
 default[:otrs][:version] = "6.0.8"
 default[:otrs][:user] = "otrs"
 default[:otrs][:group] = nil
-default[:otrs][:database_cluster] = "9.5/main"
+default[:otrs][:database_cluster] = "10/main"
 default[:otrs][:database_name] = "otrs"
 default[:otrs][:database_user] = "otrs"
-default[:otrs][:database_password] = ""
-default[:otrs][:site] = nil
+default[:otrs][:database_password] = "otrs"
+default[:otrs][:site] = "otrs"
+
+default[:postgresql][:versions] |= ["10"]
+
+default[:accounts][:users][:otrs][:status] = :role
+default[:accounts][:groups][:"www-data"][:members] = [:otrs]
diff --git a/cookbooks/otrs/metadata.rb b/cookbooks/otrs/metadata.rb
index 39f6087c3..1cdd78020 100644
--- a/cookbooks/otrs/metadata.rb
+++ b/cookbooks/otrs/metadata.rb
@@ -6,6 +6,8 @@ description       "Installs and configures OTRS"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "apache"
+depends           "chef"
 depends           "postgresql"
 depends           "tools"
diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb
index 260623a80..e43a89244 100644
--- a/cookbooks/otrs/recipes/default.rb
+++ b/cookbooks/otrs/recipes/default.rb
@@ -17,9 +17,10 @@
 # limitations under the License.
 #
 
-include_recipe "tools"
-include_recipe "postgresql"
+include_recipe "accounts"
 include_recipe "apache"
+include_recipe "postgresql"
+include_recipe "tools"
 
 passwords = data_bag_item("otrs", "passwords")
 
diff --git a/cookbooks/postgresql/recipes/default.rb b/cookbooks/postgresql/recipes/default.rb
index 3a3c63de1..a79cde84d 100644
--- a/cookbooks/postgresql/recipes/default.rb
+++ b/cookbooks/postgresql/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+package "locales-all"
 package "postgresql-common"
 
 node[:postgresql][:versions].each do |version|
diff --git a/cookbooks/squid/metadata.rb b/cookbooks/squid/metadata.rb
index 845f7bd0c..2e0c9a4ab 100644
--- a/cookbooks/squid/metadata.rb
+++ b/cookbooks/squid/metadata.rb
@@ -6,5 +6,6 @@ description       "Installs and configures squid"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "apt"
 depends           "munin"
 depends           "systemd"
diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb
index fcc5f337c..a5af78090 100644
--- a/cookbooks/squid/recipes/default.rb
+++ b/cookbooks/squid/recipes/default.rb
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+include_recipe "apt"
+
 if node[:squid][:version] >= 3
   apt_package "squid" do
     action :unlock
diff --git a/roles/donate.rb b/roles/donate.rb
index 6e5f2c614..a40547878 100644
--- a/roles/donate.rb
+++ b/roles/donate.rb
@@ -1,17 +1,6 @@
 name "donate"
 description "Role applied to all donate servers"
 
-default_attributes(
-  :accounts => {
-    :users => {
-      :donate => {
-        :status => :role,
-        :members => [:grant, :tomh, :matt]
-      }
-    }
-  }
-)
-
 run_list(
   "recipe[donate]"
 )
diff --git a/roles/forum.rb b/roles/forum.rb
index e9a38146a..8273fc47f 100644
--- a/roles/forum.rb
+++ b/roles/forum.rb
@@ -2,17 +2,6 @@ name "forum"
 description "Role applied to all forum servers"
 
 default_attributes(
-  :accounts => {
-    :users => {
-      :lambertus => {
-        :status => :administrator
-      },
-      :forum => {
-        :status => :role,
-        :members => [:lambertus, :grant]
-      }
-    }
-  },
   :apache => {
     :mpm => "prefork",
     :timeout => 60,
diff --git a/roles/letsencrypt.rb b/roles/letsencrypt.rb
index c0b389da9..3c96b90ae 100644
--- a/roles/letsencrypt.rb
+++ b/roles/letsencrypt.rb
@@ -1,16 +1,6 @@
 name "letsencrypt"
 description "Role applied to all letsencrypt servers"
 
-default_attributes(
-  :accounts => {
-    :users => {
-      :letsencrypt => {
-        :status => :role
-      }
-    }
-  }
-)
-
 run_list(
   "recipe[letsencrypt]"
 )
diff --git a/roles/otrs.rb b/roles/otrs.rb
index 09ec3453e..ec1264eb3 100644
--- a/roles/otrs.rb
+++ b/roles/otrs.rb
@@ -2,16 +2,6 @@ name "otrs"
 description "Role applied to all OTRS servers"
 
 default_attributes(
-  :accounts => {
-    :users => {
-      :otrs => { :status => :role }
-    },
-    :groups => {
-      :"www-data" => {
-        :members => [:otrs]
-      }
-    }
-  },
   :exim => {
     :local_domains => ["otrs.openstreetmap.org"],
     :routes => {
@@ -100,14 +90,7 @@ default_attributes(
   },
   :otrs => {
     :site => "otrs.openstreetmap.org",
-    :site_aliases => ["otrs.osm.org"],
-    :database_cluster => "10/main",
-    :database_name => "otrs",
-    :database_user => "otrs",
-    :database_password => "otrs"
-  },
-  :postgresql => {
-    :versions => ["10"]
+    :site_aliases => ["otrs.osm.org"]
   }
 )
 
-- 
2.43.2