Initial commit

This commit is contained in:
Brandon Wright 2011-06-12 14:15:48 -07:00
commit 31f17731ed
153 changed files with 14352 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.vagrant

4
Gemfile Normal file
View File

@ -0,0 +1,4 @@
# A sample Gemfile
source "http://rubygems.org"
gem "vagrant"

33
Gemfile.lock Normal file
View File

@ -0,0 +1,33 @@
GEM
remote: http://rubygems.org/
specs:
abstract (1.0.0)
archive-tar-minitar (0.5.2)
erubis (2.6.6)
abstract (>= 1.0.0)
ffi (1.0.9)
i18n (0.5.0)
json (1.5.1)
mario (0.0.6)
net-scp (1.0.4)
net-ssh (>= 1.99.1)
net-ssh (2.1.4)
thor (0.14.6)
vagrant (0.7.5)
archive-tar-minitar (= 0.5.2)
erubis (~> 2.6.6)
i18n (~> 0.5.0)
json (~> 1.5.1)
mario (~> 0.0.6)
net-scp (~> 1.0.4)
net-ssh (~> 2.1.0)
thor (~> 0.14.6)
virtualbox (~> 0.8.3)
virtualbox (0.8.6)
ffi (~> 1.0)
PLATFORMS
ruby
DEPENDENCIES
vagrant

26
Readme.md Normal file
View File

@ -0,0 +1,26 @@
# Vagrant Wordpress Theming #
This is a [Vagrant][vagrant] setup for creating Wordpress themes. Uses
[Chef Solo][chef] recipes for provisioning. The recipes are copied from
[my fork][cookbooks-developish] of [those by Opscode][cookbooks-opscode], which
allows for their use with Chef Solo and for a blank MySQL root password.
## Requirements ##
* [Vagrant][vagrant]
## To get started ##
$ git clone git://github.com/developish/vagrant-wordpress.git
$ cd vagrant-wordpress
$ vagrant up
$ open http://localhost:8080
Copy a base theme (like [Starkers][starkers]) into the theme directory, choose
it in the Wordpress dashboard, and get to work!
[vagrant]:http://vagrantup.com
[chef]:http://wiki.opscode.com/display/chef/Chef+Solo
[cookbooks-developish]:https://github.com/opscode/cookbooks
[cookbooks-opscode]:https://github.com/opscode/cookbooks
[starkers]:http://starkerstheme.com

53
Vagrantfile vendored Normal file
View File

@ -0,0 +1,53 @@
Vagrant::Config.run do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Every Vagrant virtual environment requires a box to build off of.
config.vm.box = "lucid32"
# The url from where the 'config.vm.box' box will be fetched if it
# doesn't already exist on the user's system.
config.vm.box_url = "http://files.vagrantup.com/lucid32.box"
# Boot with a GUI so you can see the screen. (Default is headless)
# config.vm.boot_mode = :gui
# Assign this VM to a host only network IP, allowing you to access it
# via the IP.
# config.vm.network "33.33.33.10"
# Forward a port from the guest to the host, which allows for outside
# computers to access the VM, whereas host only networking does not.
config.vm.forward_port "http", 80, 8080
config.vm.forward_port "mysql", 3306, 3306
# Share an additional folder to the guest VM. The first argument is
# an identifier, the second is the path on the guest to mount the
# folder, and the third is the path on the host to the actual folder.
config.vm.share_folder "theme", "/var/www/wordpress/wp-content/themes/theme",
"./theme"
# Enable provisioning with chef solo, specifying a cookbooks path (relative
# to this Vagrantfile), and adding some recipes and/or roles.
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "cookbooks"
chef.add_recipe "apt"
chef.add_recipe "wordpress"
chef.json.merge!(
"mysql" => {
"server_root_password" => "",
"allow_remote_root" => true
},
"wordpress" => {
"db" => {
"database" => "wordpress",
"user" => "wordpress",
"password" => "wordpress"
}
}
)
end
end

View File

@ -0,0 +1,78 @@
= DESCRIPTION:
Complete Debian/Ubuntu style Apache2 configuration.
= REQUIREMENTS:
Debian or Ubuntu preferred.
Red Hat, CentOS, Fedora and ArchLinux can be used but will be converted to a Debian/Ubuntu style Apache as it's far easier to manage with Chef.
= ATTRIBUTES:
The file attributes/apache.rb contains the following attribute types:
* platform specific locations and settings.
* general settings
* prefork attributes
* worker attributes
General settings and prefork/worker attributes are tunable.
= USAGE:
Include the apache2 recipe to install Apache2 and get 'sane' default settings. Configuration is modularized through Apache vhost sites a la Debian style configuration.
For Red Hat, CentOS and Fedora you should first disable selinux as it's not supported (yet), then remove the stock httpd and all it's dependencies prior to attempting to use this recipe. Many packages in these distributions drop conflicting configs into conf.d, all of which haven't been accounted for yet. Starting from scratch will also make it far easier to debug.
== Defines:
* +apache_module+: sets up an Apache module.
* +apache_conf+: sets up a config file for an apache module.
* +apache_site+: sets up a vhost site. The conf file must be available.
* +web_app+: copies the template for a web app and enables it as a site via +apache_site+.
== Web Apps:
Various applications that can be set up with Apache as the front end, such as PHP, Django, Rails and others can use the web_app define to set up the template and the Apache site. The define is kind of dumb, so the template needs have the application implementation settings, since we don't know what your app is or what is needed from Apache.
We only prototype one parameter for the +web_app+ define, "template". This is used to specify the name of the template to use in the current cookbook. When you use +web_app+, you can set up any parameters you want to use in your template. They will get passed to the template through the params hash. For example, the sample +web_app.conf.erb+ template in this cookbook makes use of these.
* +docroot+
* +server_name+
* +server_aliases+
These are available as +params[:docroot]+, +params[:server_name]+, +params[:server_aliases]+ prefixed with an @ within the template.
If 'cookbook' and 'template' are not specified, the current cookbook's +templates/default/web_app.conf.erb+ will be used. If this template is not suitable for your application, copy it to your cookbook and customize as needed.
== God Monitor:
There's a new recipe, +apache2::god_monitor+. You will need to make sure to include the 'god' recipe before using the +apache2::god_monitor+ recipe in your cookbook.
== OpenID Auth
Installs the +mod_auth_openid+ module from source. Specify an array of OpenIDs that are allowed to authenticate with the attribute +apache[:allowed_openids]+. Use the following in a vhost to protect with OpenID authentication:
AuthOpenIDEnabled On
AuthOpenIDDBLocation /var/cache/apache2/mod_auth_openid.db
AuthOpenIDUserProgram /usr/local/bin/mod_auth_openid.rb
Change the DBLocation as appropriate for your platform. You'll need to change the file in the recipe to match. The UserProgram is optional if you don't want to limit access by certain OpenIDs.
= LICENSE & AUTHOR:
Author:: Joshua Timberman (<joshua@opscode.com>)
Copyright:: 2009, Opscode, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,87 @@
#
# Cookbook Name:: apache2
# Attributes:: apache
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Where the various parts of apache are
case platform
when "redhat","centos","fedora","suse"
set[:apache][:dir] = "/etc/httpd"
set[:apache][:log_dir] = "/var/log/httpd"
set[:apache][:user] = "apache"
set[:apache][:binary] = "/usr/sbin/httpd"
set[:apache][:icondir] = "/var/www/icons/"
set[:apache][:cache_dir] = "/var/cache/httpd"
when "debian","ubuntu"
set[:apache][:dir] = "/etc/apache2"
set[:apache][:log_dir] = "/var/log/apache2"
set[:apache][:user] = "www-data"
set[:apache][:binary] = "/usr/sbin/apache2"
set[:apache][:icondir] = "/usr/share/apache2/icons"
set[:apache][:cache_dir] = "/var/cache/apache2"
when "arch"
set[:apache][:dir] = "/etc/httpd"
set[:apache][:log_dir] = "/var/log/httpd"
set[:apache][:user] = "http"
set[:apache][:binary] = "/usr/sbin/httpd"
set[:apache][:icondir] = "/usr/share/httpd/icons"
set[:apache][:cache_dir] = "/var/cache/httpd"
else
set[:apache][:dir] = "/etc/apache2"
set[:apache][:log_dir] = "/var/log/apache2"
set[:apache][:user] = "www-data"
set[:apache][:binary] = "/usr/sbin/apache2"
set[:apache][:icondir] = "/usr/share/apache2/icons"
set[:apache][:cache_dir] = "/var/cache/apache2"
end
###
# These settings need the unless, since we want them to be tunable,
# and we don't want to override the tunings.
###
# General settings
default[:apache][:listen_ports] = [ "80","443" ]
default[:apache][:contact] = "ops@example.com"
default[:apache][:timeout] = 300
default[:apache][:keepalive] = "On"
default[:apache][:keepaliverequests] = 100
default[:apache][:keepalivetimeout] = 5
# Security
default[:apache][:servertokens] = "Prod"
default[:apache][:serversignature] = "On"
default[:apache][:traceenable] = "On"
# mod_auth_openids
default[:apache][:allowed_openids] = Array.new
# Prefork Attributes
default[:apache][:prefork][:startservers] = 16
default[:apache][:prefork][:minspareservers] = 16
default[:apache][:prefork][:maxspareservers] = 32
default[:apache][:prefork][:serverlimit] = 400
default[:apache][:prefork][:maxclients] = 400
default[:apache][:prefork][:maxrequestsperchild] = 10000
# Worker Attributes
default[:apache][:worker][:startservers] = 4
default[:apache][:worker][:maxclients] = 1024
default[:apache][:worker][:minsparethreads] = 64
default[:apache][:worker][:maxsparethreads] = 192
default[:apache][:worker][:threadsperchild] = 64
default[:apache][:worker][:maxrequestsperchild] = 0

View File

@ -0,0 +1,26 @@
#
# Cookbook Name:: apache2
# Definition:: apache_conf
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :apache_conf do
template "#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf" do
source "mods/#{params[:name]}.conf.erb"
notifies :restart, resources(:service => "apache2")
mode 0644
end
end

View File

@ -0,0 +1,43 @@
#
# Cookbook Name:: apache2
# Definition:: apache_module
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :apache_module, :enable => true, :conf => false do
include_recipe "apache2"
if params[:conf]
apache_conf params[:name]
end
if params[:enable]
execute "a2enmod #{params[:name]}" do
command "/usr/sbin/a2enmod #{params[:name]}"
notifies :restart, resources(:service => "apache2")
not_if do (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") and
((File.exists?("#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf"))?
(File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.conf")):(true)))
end
end
else
execute "a2dismod #{params[:name]}" do
command "/usr/sbin/a2dismod #{params[:name]}"
notifies :restart, resources(:service => "apache2")
only_if do ::File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") end
end
end
end

View File

@ -0,0 +1,40 @@
#
# Cookbook Name:: apache2
# Definition:: apache_site
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :apache_site, :enable => true do
include_recipe "apache2"
if params[:enable]
execute "a2ensite #{params[:name]}" do
command "/usr/sbin/a2ensite #{params[:name]}"
notifies :restart, resources(:service => "apache2")
not_if do
::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") or
::File.symlink?("#{node[:apache][:dir]}/sites-enabled/000-#{params[:name]}")
end
only_if do ::File.exists?("#{node[:apache][:dir]}/sites-available/#{params[:name]}") end
end
else
execute "a2dissite #{params[:name]}" do
command "/usr/sbin/a2dissite #{params[:name]}"
notifies :restart, resources(:service => "apache2")
only_if do ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") end
end
end
end

View File

@ -0,0 +1,49 @@
#
# Cookbook Name:: apache2
# Definition:: web_app
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :web_app, :template => "web_app.conf.erb" do
application_name = params[:name]
include_recipe "apache2"
include_recipe "apache2::mod_rewrite"
include_recipe "apache2::mod_deflate"
include_recipe "apache2::mod_headers"
template "#{node[:apache][:dir]}/sites-available/#{application_name}.conf" do
source params[:template]
owner "root"
group "root"
mode 0644
if params[:cookbook]
cookbook params[:cookbook]
end
variables(
:application_name => application_name,
:params => params
)
if ::File.exists?("#{node[:apache][:dir]}/sites-enabled/#{application_name}.conf")
notifies :reload, resources(:service => "apache2"), :delayed
end
end
apache_site "#{params[:name]}.conf" do
enable enable_setting
end
end

View File

@ -0,0 +1,41 @@
#!/usr/bin/perl
=begin
Generates Ubuntu style module.load files.
./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
=cut
use File::Find;
use strict;
use warnings;
die "Must have '/path/to/modules' and '/path/to/modules.load'"
unless $ARGV[0] && $ARGV[1];
find(
{
wanted => sub {
return 1 if $File::Find::name !~ /\.so$/;
my $modfile = $_;
$modfile =~ /(lib|mod_)(.+)\.so$/;
my $modname = $2;
my $filename = "$ARGV[1]/$modname.load";
unless ( -f $filename ) {
open( FILE, ">", $filename ) or die "Cannot open $filename";
print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
close(FILE);
}
},
follow => 1,
},
$ARGV[0]
);
exit 0;

View File

@ -0,0 +1,197 @@
maintainer "Opscode, Inc."
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
version "0.99.4"
recipe "apache2", "Main Apache configuration"
recipe "apache2::mod_alias", "Apache module 'alias' with config file"
recipe "apache2::mod_auth_basic", "Apache module 'auth_basic'"
recipe "apache2::mod_auth_digest", "Apache module 'auth_digest'"
recipe "apache2::mod_auth_openid", "Apache module 'authopenid'"
recipe "apache2::mod_authn_file", "Apache module 'authn_file'"
recipe "apache2::mod_authnz_ldap", "Apache module 'authnz_ldap'"
recipe "apache2::mod_authz_default", "Apache module 'authz_default'"
recipe "apache2::mod_authz_groupfile", "Apache module 'authz_groupfile'"
recipe "apache2::mod_authz_host", "Apache module 'authz_host'"
recipe "apache2::mod_authz_user", "Apache module 'authz_user'"
recipe "apache2::mod_autoindex", "Apache module 'autoindex' with config file"
recipe "apache2::mod_cgi", "Apache module 'cgi'"
recipe "apache2::mod_dav", "Apache module 'dav'"
recipe "apache2::mod_dav_svn", "Apache module 'dav_svn'"
recipe "apache2::mod_deflate", "Apache module 'deflate' with config file"
recipe "apache2::mod_dir", "Apache module 'dir' with config file"
recipe "apache2::mod_env", "Apache module 'env'"
recipe "apache2::mod_expires", "Apache module 'expires'"
recipe "apache2::mod_fcgid", "Apache module 'fcgid', package on ubuntu/debian, rhel/centos, compile source on suse; with config file"
recipe "apache2::mod_headers", "Apache module 'headers'"
recipe "apache2::mod_ldap", "Apache module 'ldap'"
recipe "apache2::mod_log_config", "Apache module 'log_config'"
recipe "apache2::mod_mime", "Apache module 'mime' with config file"
recipe "apache2::mod_negotiation", "Apache module 'negotiation' with config file"
recipe "apache2::mod_php5", "Apache module 'php5'"
recipe "apache2::mod_proxy", "Apache module 'proxy' with config file"
recipe "apache2::mod_proxy_ajp", "Apache module 'proxy_ajp'"
recipe "apache2::mod_proxy_balancer", "Apache module 'proxy_balancer'"
recipe "apache2::mod_proxy_connect", "Apache module 'proxy_connect'"
recipe "apache2::mod_proxy_http", "Apache module 'proxy_http'"
recipe "apache2::mod_python", "Apache module 'python'"
recipe "apache2::mod_rewrite", "Apache module 'rewrite'"
recipe "apache2::mod_setenvif", "Apache module 'setenvif' with config file"
recipe "apache2::mod_ssl", "Apache module 'ssl' with config file, adds port 443 to listen_ports"
recipe "apache2::mod_status", "Apache module 'status' with config file"
%w{redhat centos debian ubuntu arch}.each do |os|
supports os
end
attribute "apache",
:display_name => "Apache Hash",
:description => "Hash of Apache attributes",
:type => "hash"
attribute "apache/dir",
:display_name => "Apache Directory",
:description => "Location for Apache configuration",
:default => "/etc/apache2"
attribute "apache/log_dir",
:display_name => "Apache Log Directory",
:description => "Location for Apache logs",
:default => "/etc/apache2"
attribute "apache/user",
:display_name => "Apache User",
:description => "User Apache runs as",
:default => "www-data"
attribute "apache/binary",
:display_name => "Apache Binary",
:description => "Apache server daemon program",
:default => "/usr/sbin/apache2"
attribute "apache/icondir",
:display_name => "Apache Icondir",
:description => "Directory location for icons",
:default => "/usr/share/apache2/icons"
attribute "apache/listen_ports",
:display_name => "Apache Listen Ports",
:description => "Ports that Apache should listen on",
:type => "array",
:default => [ "80", "443" ]
attribute "apache/contact",
:display_name => "Apache Contact",
:description => "Email address of webmaster",
:default => "ops@example.com"
attribute "apache/timeout",
:display_name => "Apache Timeout",
:description => "Connection timeout value",
:default => "300"
attribute "apache/keepalive",
:display_name => "Apache Keepalive",
:description => "HTTP persistent connections",
:default => "On"
attribute "apache/keepaliverequests",
:display_name => "Apache Keepalive Requests",
:description => "Number of requests allowed on a persistent connection",
:default => "100"
attribute "apache/keepalivetimeout",
:display_name => "Apache Keepalive Timeout",
:description => "Time to wait for requests on persistent connection",
:default => "5"
attribute "apache/servertokens",
:display_name => "Apache Server Tokens",
:description => "Server response header",
:default => "Prod"
attribute "apache/serversignature",
:display_name => "Apache Server Signature",
:description => "Configure footer on server-generated documents",
:default => "On"
attribute "apache/traceenable",
:display_name => "Apache Trace Enable",
:description => "Determine behavior of TRACE requests",
:default => "On"
attribute "apache/allowed_openids",
:display_name => "Apache Allowed OpenIDs",
:description => "Array of OpenIDs allowed to authenticate",
:default => ""
attribute "apache/prefork",
:display_name => "Apache Prefork",
:description => "Hash of Apache prefork tuning attributes.",
:type => "hash"
attribute "apache/prefork/startservers",
:display_name => "Apache Prefork MPM StartServers",
:description => "Number of MPM servers to start",
:default => "16"
attribute "apache/prefork/minspareservers",
:display_name => "Apache Prefork MPM MinSpareServers",
:description => "Minimum number of spare server processes",
:default => "16"
attribute "apache/prefork/maxspareservers",
:display_name => "Apache Prefork MPM MaxSpareServers",
:description => "Maximum number of spare server processes",
:default => "32"
attribute "apache/prefork/serverlimit",
:display_name => "Apache Prefork MPM ServerLimit",
:description => "Upper limit on configurable server processes",
:default => "400"
attribute "apache/prefork/maxclients",
:display_name => "Apache Prefork MPM MaxClients",
:description => "Maximum number of simultaneous connections",
:default => "400"
attribute "apache/prefork/maxrequestsperchild",
:display_name => "Apache Prefork MPM MaxRequestsPerChild",
:description => "Maximum number of request a child process will handle",
:default => "10000"
attribute "apache/worker",
:display_name => "Apache Worker",
:description => "Hash of Apache prefork tuning attributes.",
:type => "hash"
attribute "apache/worker/startservers",
:display_name => "Apache Worker MPM StartServers",
:description => "Initial number of server processes to start",
:default => "4"
attribute "apache/worker/maxclients",
:display_name => "Apache Worker MPM MaxClients",
:description => "Maximum number of simultaneous connections",
:default => "1024"
attribute "apache/worker/minsparethreads",
:display_name => "Apache Worker MPM MinSpareThreads",
:description => "Minimum number of spare worker threads",
:default => "64"
attribute "apache/worker/maxsparethreads",
:display_name => "Apache Worker MPM MaxSpareThreads",
:description => "Maximum number of spare worker threads",
:default => "192"
attribute "apache/worker/threadsperchild",
:display_name => "Apache Worker MPM ThreadsPerChild",
:description => "Constant number of worker threads in each server process",
:default => "64"
attribute "apache/worker/maxrequestsperchild",
:display_name => "Apache Worker MPM MaxRequestsPerChild",
:description => "Maximum number of request a child process will handle",
:default => "0"

View File

@ -0,0 +1,209 @@
#
# Cookbook Name:: apache2
# Recipe:: default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package "apache2" do
case node[:platform]
when "centos","redhat","fedora","suse"
package_name "httpd"
when "debian","ubuntu"
package_name "apache2"
when "arch"
package_name "apache"
end
action :install
end
service "apache2" do
case node[:platform]
when "centos","redhat","fedora","suse"
service_name "httpd"
# If restarted/reloaded too quickly httpd has a habit of failing.
# This may happen with multiple recipes notifying apache to restart - like
# during the initial bootstrap.
restart_command "/sbin/service httpd restart && sleep 1"
reload_command "/sbin/service httpd reload && sleep 1"
when "debian","ubuntu"
service_name "apache2"
restart_command "/usr/sbin/invoke-rc.d apache2 restart && sleep 1"
reload_command "/usr/sbin/invoke-rc.d apache2 reload && sleep 1"
when "arch"
service_name "httpd"
end
supports value_for_platform(
"debian" => { "4.0" => [ :restart, :reload ], "default" => [ :restart, :reload, :status ] },
"ubuntu" => { "default" => [ :restart, :reload, :status ] },
"centos" => { "default" => [ :restart, :reload, :status ] },
"redhat" => { "default" => [ :restart, :reload, :status ] },
"fedora" => { "default" => [ :restart, :reload, :status ] },
"arch" => { "default" => [ :restart, :reload, :status ] },
"default" => { "default" => [:restart, :reload ] }
)
action :enable
end
if platform?("centos", "redhat", "fedora", "suse", "arch")
directory node[:apache][:log_dir] do
mode 0755
action :create
end
cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do
source "apache2_module_conf_generate.pl"
mode 0755
owner "root"
group "root"
end
%w{sites-available sites-enabled mods-available mods-enabled}.each do |dir|
directory "#{node[:apache][:dir]}/#{dir}" do
mode 0755
owner "root"
group "root"
action :create
end
end
execute "generate-module-list" do
if node[:kernel][:machine] == "x86_64"
libdir = value_for_platform("arch" => { "default" => "lib" }, "default" => "lib64")
else
libdir = "lib"
end
command "/usr/local/bin/apache2_module_conf_generate.pl /usr/#{libdir}/httpd/modules /etc/httpd/mods-available"
action :run
end
%w{a2ensite a2dissite a2enmod a2dismod}.each do |modscript|
template "/usr/sbin/#{modscript}" do
source "#{modscript}.erb"
mode 0755
owner "root"
group "root"
end
end
# installed by default on centos/rhel, remove in favour of mods-enabled
file "#{node[:apache][:dir]}/conf.d/proxy_ajp.conf" do
action :delete
backup false
end
file "#{node[:apache][:dir]}/conf.d/README" do
action :delete
backup false
end
# welcome page moved to the default-site.rb temlate
file "#{node[:apache][:dir]}/conf.d/welcome.conf" do
action :delete
backup false
end
end
directory "#{node[:apache][:dir]}/ssl" do
action :create
mode 0755
owner "root"
group "root"
end
directory "#{node[:apache][:dir]}/conf.d" do
action :create
mode 0755
owner "root"
group "root"
end
directory node[:apache][:cache_dir] do
action :create
mode 0755
owner node[:apache][:user]
end
template "apache2.conf" do
case node[:platform]
when "centos","redhat","fedora","arch"
path "#{node[:apache][:dir]}/conf/httpd.conf"
when "debian","ubuntu"
path "#{node[:apache][:dir]}/apache2.conf"
end
source "apache2.conf.erb"
owner "root"
group "root"
mode 0644
notifies :restart, resources(:service => "apache2")
end
template "security" do
path "#{node[:apache][:dir]}/conf.d/security"
source "security.erb"
owner "root"
group "root"
mode 0644
backup false
notifies :restart, resources(:service => "apache2")
end
template "charset" do
path "#{node[:apache][:dir]}/conf.d/charset"
source "charset.erb"
owner "root"
group "root"
mode 0644
backup false
notifies :restart, resources(:service => "apache2")
end
template "#{node[:apache][:dir]}/ports.conf" do
source "ports.conf.erb"
group "root"
owner "root"
variables :apache_listen_ports => node[:apache][:listen_ports]
mode 0644
notifies :restart, resources(:service => "apache2")
end
template "#{node[:apache][:dir]}/sites-available/default" do
source "default-site.erb"
owner "root"
group "root"
mode 0644
notifies :restart, resources(:service => "apache2")
end
include_recipe "apache2::mod_status"
include_recipe "apache2::mod_alias"
include_recipe "apache2::mod_auth_basic"
include_recipe "apache2::mod_authn_file"
include_recipe "apache2::mod_authz_default"
include_recipe "apache2::mod_authz_groupfile"
include_recipe "apache2::mod_authz_host"
include_recipe "apache2::mod_authz_user"
include_recipe "apache2::mod_autoindex"
include_recipe "apache2::mod_dir"
include_recipe "apache2::mod_env"
include_recipe "apache2::mod_mime"
include_recipe "apache2::mod_negotiation"
include_recipe "apache2::mod_setenvif"
include_recipe "apache2::mod_log_config" if platform?("centos", "redhat", "fedora", "suse", "arch")
apache_site "default" if platform?("centos", "redhat", "fedora")
service "apache2" do
action :start
end

View File

@ -0,0 +1,33 @@
#
# Cookbook Name:: apache2
# Recipe:: god_monitor
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_service = service "apache2" do
action :nothing
end
start_command = apache_service.start_command
stop_command = apache_service.stop_command
restart_command = apache_service.restart_command
god_monitor "apache2" do
config "apache2.god.erb"
start (start_command)?start_command : "/etc/init.d/#{apache_service.service_name} start"
restart (restart_command)?restart_command : "/etc/init.d/#{apache_service.service_name} restart"
stop (stop_command)?stop_command : "/etc/init.d/#{apache_service.service_name} stop"
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: alias
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "alias" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: auth_basic
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "auth_basic"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: auth_digest
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "auth_digest"

View File

@ -0,0 +1,83 @@
#
# Cookbook Name:: apache2
# Recipe:: mod_auth_openid
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
openid_dev_pkgs = value_for_platform(
"ubuntu" => { "default" => %w{ apache2-prefork-dev libopkele-dev libopkele3 } },
"debian" => { "default" => %w{ apache2-prefork-dev libopkele-dev libopkele3 } },
"arch" => { "default" => ["libopkele"] }
)
case node[:platform]
when "arch"
include_recipe "pacman"
package "tidyhtml"
end
openid_dev_pkgs.each do |pkg|
case node[:platform]
when "arch"
pacman_aur pkg do
action [:build, :install]
end
else
package pkg
end
end
remote_file "#{Chef::Config[:file_cache_path]}/mod_auth_openid-0.4.tar.gz" do
source "http://butterfat.net/releases/mod_auth_openid/mod_auth_openid-0.4.tar.gz"
mode 0644
end
bash "install mod_auth_openid" do
cwd Chef::Config[:file_cache_path]
code <<-EOH
tar zxvf mod_auth_openid-0.4.tar.gz
cd mod_auth_openid-0.4 && ./configure
perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile
make && make install
EOH
case node[:platform]
when "arch"
not_if { ::File.exists?("/usr/lib/httpd/modules/mod_auth_openid.so") }
else
not_if { ::File.exists?("/usr/lib/apache2/modules/mod_auth_openid.so") }
end
end
file "#{node[:apache][:cache_dir]}/mod_auth_openid.db" do
owner node[:apache][:user]
mode 0640
end
template "#{node[:apache][:dir]}/mods-available/authopenid.load" do
source "mods/authopenid.load.erb"
owner "root"
group "root"
mode 0644
end
apache_module "authopenid"
template "/usr/local/bin/mod_auth_openid.rb" do
source "mod_auth_openid.rb.erb"
owner node[:apache][:user]
group node[:apache][:user]
mode 0750
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authn_file
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authn_file"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authnz_ldap
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authnz_ldap"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_default"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_groupfile
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_groupfile"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_host
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_host"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_user
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_user"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: autoindex
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "autoindex" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: cgi
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "cgi"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: dav
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "dav"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: dav_svn
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package "libapache2-svn"
apache_module "dav_svn"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: deflate
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "deflate" do
conf true
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: dir
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "dir" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: env
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "env"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: expires
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "expires"

View File

@ -0,0 +1,46 @@
#
# Cookbook Name:: apache2
# Recipe:: fcgid
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform?("debian", "ubuntu")
package "libapache2-mod-fcgid"
elsif platform?("centos", "redhat", "fedora", "arch")
package "mod_fcgid" do
notifies :run, resources(:execute => "generate-module-list"), :immediately
end
file "#{node[:apache][:dir]}/conf.d/fcgid.conf" do
action :delete
backup false
end
elsif platform?("suse")
apache_lib_path = node[:architecture] == "i386" ? "/usr/lib/httpd" : "/usr/lib64/httpd"
package "httpd-devel"
bash "install-fcgid" do
code <<-EOH
(cd #{Chef::Config[:file_cache_path]}; wget http://superb-east.dl.sourceforge.net/sourceforge/mod-fcgid/mod_fcgid.2.2.tgz)
(cd #{Chef::Config[:file_cache_path]}; tar zxvf mod_fcgid.2.2.tgz)
(cd #{Chef::Config[:file_cache_path]}; perl -pi -e 's!/usr/local/apache2!#{apache_lib_path}!g' ./mod_fcgid.2.2/Makefile)
(cd #{Chef::Config[:file_cache_path]}/mod_fcgid.2.2; make install)
EOH
end
end
apache_module "fcgid" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: headers
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "headers"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: ldap
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "ldap"

View File

@ -0,0 +1,24 @@
#
# Cookbook Name:: apache2
# Recipe:: log_config
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform?("centos", "redhat", "fedora", "suse", "arch")
apache_module "log_config"
else
include_recipe "apache2"
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: mime
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "mime" do
conf true
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: negotiation
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "negotiation" do
conf true
end

View File

@ -0,0 +1,37 @@
#
# Cookbook Name:: apache2
# Recipe:: php5
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node[:platform]
when "debian", "ubuntu"
package "libapache2-mod-php5" do
action :install
end
when "arch"
package "php-apache" do
action :install
notifies :run, resources(:execute => "generate-module-list"), :immediately
end
when "centos", "redhat", "fedora"
package "php53" do
action :install
notifies :run, resources(:execute => "generate-module-list"), :immediately
end
end
apache_module "php5"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_ajp"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_balancer"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_connect"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy_http
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_http"

View File

@ -0,0 +1,32 @@
#
# Cookbook Name:: apache2
# Recipe:: python
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node[:platform]
when "debian", "ubuntu"
package "libapache2-mod-python" do
action :install
end
when "centos", "redhat", "fedora"
package "mod_python" do
action :install
notifies :run, resources(:execute => "generate-module-list"), :immediately
end
end
apache_module "python"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: rewrite
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "rewrite"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: setenvif
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "setenvif" do
conf true
end

View File

@ -0,0 +1,43 @@
#
# Cookbook Name:: apache2
# Recipe:: ssl
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform?("centos", "redhat", "fedora")
package "mod_ssl" do
action :install
notifies :run, resources(:execute => "generate-module-list"), :immediately
end
file "#{node[:apache][:dir]}/conf.d/ssl.conf" do
action :delete
backup false
end
end
ports = node[:apache][:listen_ports].include?("443") ? node[:apache][:listen_ports] : [node[:apache][:listen_ports], "443"].flatten
template "#{node[:apache][:dir]}/ports.conf" do
source "ports.conf.erb"
variables :apache_listen_ports => ports
notifies :restart, resources(:service => "apache2")
mode 0644
end
apache_module "ssl" do
conf true
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: status
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "status" do
conf true
end

View File

@ -0,0 +1,27 @@
#
# Cookbook Name:: apache2
# Recipe:: python
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node[:platform]
when "debian","ubuntu"
package "libapache2-mod-wsgi"
when "redhat","centos","fedora", "arch"
package "mod_wsgi"
end
apache_module "wsgi"

View File

@ -0,0 +1,22 @@
#!/bin/sh -e
SYSCONFDIR='<%= node[:apache][:dir] %>'
if [ -z $1 ]; then
echo "Which module would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/mods-enabled/*.load | \
sed -e "s,$SYSCONFDIR/mods-enabled/,,g" | sed -e 's/\.load$//g;' | xargs echo
echo -n "Module name? "
read MODNAME
else
MODNAME=$1
fi
if ! [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load ]; then
echo "This module is already disabled, or does not exist!"
exit 1
fi
rm -f $SYSCONFDIR/mods-enabled/$MODNAME.*
echo "Module $MODNAME disabled; reload apache to fully disable."

View File

@ -0,0 +1,29 @@
#!/bin/sh -e
SYSCONFDIR='<%= node[:apache][:dir] %>'
if [ -z $1 ]; then
echo "Which site would you like to disable?"
echo -n "Your choices are: "
ls $node[:apache][:dir]/sites-enabled/* | \
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
fi
echo "Site $SITENAME disabled; reload apache to disable."

View File

@ -0,0 +1,37 @@
#!/bin/sh -e
SYSCONFDIR='<%= node[:apache][:dir] %>'
if [ -z $1 ]; then
echo "Which module would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/mods-available/*.load | \
sed -e "s,$SYSCONFDIR/mods-available/,,g" | sed -e 's/\.load$//g;' | xargs echo
echo -n "Module name? "
read MODNAME
else
MODNAME=$1
fi
#figure out if we're on a prefork or threaded mpm
if [ -x /usr/sbin/apache2 ]; then
PREFORK=`/usr/sbin/apache2 -l | grep prefork || true`
fi
if [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load && -e $SYSCONFDIR/mods-enabled/$MODNAME.conf ]; then
echo "This module is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/mods-available/$MODNAME.load ]; then
echo "This module does not exist!"
exit 1
fi
for i in conf load; do
if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then
ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $SYSCONFDIR/mods-enabled/$MODNAME.$i;
fi
done
echo "Module $MODNAME installed; reload apache to enable."

View File

@ -0,0 +1,38 @@
#!/bin/sh -e
SYSCONFDIR='<%= node[:apache][:dir] %>'
if [ -z $1 ]; then
echo "Which site would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-available/* | \
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
echo "This site does not exist!"
exit 1
fi
if [ $SITENAME = "default" ]; then
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
else
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
fi
echo "Site $SITENAME installed; reload apache to enable."

View File

@ -0,0 +1,232 @@
#
# Generated by Chef
#
# Based on the Ubuntu apache2.conf
ServerRoot "<%= node[:apache][:dir] %>"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
<% if node[:platform] == "debian" || node[:platform] == "ubuntu" -%>
LockFile /var/lock/apache2/accept.lock
<% else %>
LockFile logs/accept.lock
<% end -%>
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
<% if node[:platform] == "debian" || node[:platform] == "ubuntu" -%>
PidFile /var/run/apache2.pid
<% elsif node[:platform] == "centos" || node[:platform] == "redhat" || node[:platform] == "fedora" -%>
PidFile /var/run/httpd.pid
<% elsif node[:platform] == "arch" -%>
PidFile /var/run/httpd/httpd.pid
<% else -%>
PidFile logs/httpd.pid
<% end -%>
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout <%= node[:apache][:timeout] %>
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive <%= node[:apache][:keepalive] %>
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests <%= node[:apache][:keepaliverequests] %>
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout <%= node[:apache][:keepalivetimeout] %>
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers <%= node[:apache][:prefork][:startservers] %>
MinSpareServers <%= node[:apache][:prefork][:minspareservers] %>
MaxSpareServers <%= node[:apache][:prefork][:maxspareservers] %>
ServerLimit <%= node[:apache][:prefork][:serverlimit] %>
MaxClients <%= node[:apache][:prefork][:maxclients] %>
MaxRequestsPerChild <%= node[:apache][:prefork][:maxrequestsperchild] %>
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers <%= node[:apache][:worker][:startservers] %>
MaxClients <%= node[:apache][:worker][:maxclients] %>
MinSpareThreads <%= node[:apache][:worker][:minsparethreads] %>
MaxSpareThreads <%= node[:apache][:worker][:maxsparethreads] %>
ThreadsPerChild <%= node[:apache][:worker][:threadsperchild] %>
MaxRequestsPerChild <%= node[:apache][:worker][:maxrequestsperchild] %>
</IfModule>
User <%= node[:apache][:user] %>
Group <%= node[:apache][:user] %>
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog <%= node[:apache][:log_dir] %>/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# Include module configuration:
Include <%= node[:apache][:dir] %>/mods-enabled/*.load
Include <%= node[:apache][:dir] %>/mods-enabled/*.conf
# Include ports listing
Include <%= node[:apache][:dir] %>/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.
# Alias /error/ "/usr/share/apache2/error/"
#
# <Directory "/usr/share/apache2/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
# Include generic snippets of statements
Include <%= node[:apache][:dir] %>/conf.d/
# Include the virtual host configurations:
Include <%= node[:apache][:dir] %>/sites-enabled/

View File

@ -0,0 +1,19 @@
God.watch do |w|
w.name = "apache2"
w.interval = 30.seconds # default
w.start = "<%= @params[:start] %>"
w.stop = "/etc/init.d/httpd stop"
w.restart = "<%= @params[:restart] %>"
w.start_grace = 10.seconds
w.restart_grace = 10.seconds
w.pid_file = "/var/run/httpd.pid"
w.behavior(:clean_pid_file)
w.start_if do |start|
start.condition(:process_running) do |c|
c.interval = 5.seconds
c.running = false
c.notify = 'admin'
end
end
end

View File

@ -0,0 +1,6 @@
# Read the documentation before enabling AddDefaultCharset.
# In general, it is only a good idea if you know that all your files
# have this encoding. It will override any encoding given in the files
# in meta http-equiv or xml encoding tags.
#AddDefaultCharset UTF-8

View File

@ -0,0 +1,57 @@
<VirtualHost *:80>
ServerAdmin <%= node[:apache][:contact] %>
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog <%= node[:apache][:log_dir] %>/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog <%= node[:apache][:log_dir] %>/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<% if node[:platform] == "centos" || node[:platform] == "redhat" || node[:platform] == "fedora" -%>
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
<% end -%>
</VirtualHost>

View File

@ -0,0 +1,12 @@
#!/usr/bin/env ruby
allowed_openids = Array.new
<% node[:apache][:allowed_openids].each do |id| -%>
allowed_openids << "<%= id %>"
<% end -%>
if allowed_openids.grep(ARGV[0]).length > 0
exit 0
else
exit 1
end

View File

@ -0,0 +1,2 @@
These configs are taken from a Debian apache2.2-common 2.2.11-3 install. They
work on CentOS 5.3 with a few conditions using erb.

View File

@ -0,0 +1,24 @@
<IfModule alias_module>
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "<%= node[:apache][:icondir] %>"
<Directory "<%= node[:apache][:icondir] %>">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</IfModule>

View File

@ -0,0 +1,6 @@
<% case node[:platform] -%>
<% when "arch" -%>
LoadModule authopenid_module /usr/lib/httpd/modules/mod_auth_openid.so
<% else -%>
LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so
<% end -%>

View File

@ -0,0 +1,101 @@
<IfModule mod_autoindex.c>
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
#
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
# It's a suffix rule, so simply matching "core" matches "score" as well !
AddIcon /icons/bomb.gif /core
AddIcon (SND,/icons/sound2.gif) .ogg
AddIcon (VID,/icons/movie.gif) .ogm
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# Default icons for OpenDocument format
AddIcon /icons/odf6odt-20x22.png .odt
AddIcon /icons/odf6ods-20x22.png .ods
AddIcon /icons/odf6odp-20x22.png .odp
AddIcon /icons/odf6odg-20x22.png .odg
AddIcon /icons/odf6odc-20x22.png .odc
AddIcon /icons/odf6odf-20x22.png .odf
AddIcon /icons/odf6odb-20x22.png .odb
AddIcon /icons/odf6odi-20x22.png .odi
AddIcon /icons/odf6odm-20x22.png .odm
AddIcon /icons/odf6ott-20x22.png .ott
AddIcon /icons/odf6ots-20x22.png .ots
AddIcon /icons/odf6otp-20x22.png .otp
AddIcon /icons/odf6otg-20x22.png .otg
AddIcon /icons/odf6otc-20x22.png .otc
AddIcon /icons/odf6otf-20x22.png .otf
AddIcon /icons/odf6oti-20x22.png .oti
AddIcon /icons/odf6oth-20x22.png .oth
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# RCS CVS *,v *,t
</IfModule>

View File

@ -0,0 +1,16 @@
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
</IfModule>

View File

@ -0,0 +1,5 @@
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

View File

@ -0,0 +1,10 @@
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
IPCConnectTimeout 20
</IfModule>
<% if node[:platform] == "centos" || node[:platform] == "redhat" || node[:platform] == "fedora" -%>
# Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid
SharememPath run/mod_fcgid/fcgid_shm
<% end -%>

View File

@ -0,0 +1,196 @@
<IfModule mod_mime.c>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
<% case node[:platform] -%>
<% when "arch" -%>
TypesConfig <%= node['apache']['dir'] %>/conf/mime.types
<% else -%>
TypesConfig /etc/mime.types
<% end -%>
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have
# nothing to do with the FancyIndexing customization directives above.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#AddEncoding x-bzip2 .bz2
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-bzip2 .bz2
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
# See README.Debian for Spanish
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
# See README.Debian for Turkish
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddCharset us-ascii .ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5 .b5
AddCharset cn-Big5 .cn-big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7 .utf7
AddCharset UTF-8 .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
#Not sure how euc-tw got in - IANA doesn't list it???
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis .shift_jis .sjis
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For server-parsed imagemap files:
#
#AddHandler imap-file map
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

View File

@ -0,0 +1,18 @@
<IfModule mod_negotiation.c>
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
</IfModule>

View File

@ -0,0 +1,19 @@
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
#Allow from .example.com
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
</IfModule>

View File

@ -0,0 +1,28 @@
<IfModule mod_setenvif.c>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
</IfModule>

View File

@ -0,0 +1,72 @@
<IfModule mod_ssl.c>
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache dbm:/var/run/apache2/ssl_scache
<% if node[:platform] == "centos" || node[:platform] == "redhat" || node[:platform] == "fedora" -%>
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
<% else -%>
SSLSessionCache shmcb:/var/run/apache2/ssl_scache
<% end -%>
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<% if node[:platform] == "centos" || node[:platform] == "redhat" || node[:platform] == "fedora" -%>
SSLMutex default
<% else -%>
SSLMutex file:/var/run/apache2/ssl_mutex
<% end -%>
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!ADH
# Use this instead if you want to allow cipher upgrades via SGC facility.
# In this case you also have to use something like
# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2
</IfModule>

View File

@ -0,0 +1,16 @@
<IfModule mod_status.c>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost ip6-localhost
# Allow from .example.com
</Location>
</IfModule>

View File

@ -0,0 +1,2 @@
# Port <%= @port %>
-A FWR -p tcp -m tcp --dport <%= @port %> -j ACCEPT

View File

@ -0,0 +1,6 @@
#This file generated via template by Chef.
<% @apache_listen_ports.each do |port| -%>
Listen <%= port %>
NameVirtualHost *:<%= port %>
<% end -%>

View File

@ -0,0 +1,50 @@
#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages. It will be made the default for the release after lenny.
#
#<Directory />
# AllowOverride None
# Order Deny,Allow
# Deny from all
#</Directory>
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Minimal
ServerTokens <%= node[:apache][:servertokens] %>
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
#ServerSignature Off
ServerSignature <%= node[:apache][:serversignature] %>
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
#
#TraceEnable Off
TraceEnable <%= node[:apache][:traceenable] %>

View File

@ -0,0 +1,43 @@
<VirtualHost *:80>
ServerName <%= @params[:server_name] %>
ServerAlias <% @params[:server_aliases].each do |a| %><%= "#{a}" %> <% end %>
DocumentRoot <%= @params[:docroot] %>
RewriteEngine On
<Directory <%= @params[:docroot] %>>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
LogLevel info
ErrorLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-error.log
CustomLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-access.log combined
RewriteEngine On
RewriteLog <%= node[:apache][:log_dir] %>/<%= @application_name %>-rewrite.log
RewriteLogLevel 0
# Canonical host, <%= @params[:server_name] %>
RewriteCond %{HTTP_HOST} !^<%= @params[:server_name] %> [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*)$ http://<%= @params[:server_name] %>/$1 [L,R=301]
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /system/maintenance.html [L]
</VirtualHost>

109
cookbooks/apt/README.md Normal file
View File

@ -0,0 +1,109 @@
Description
===========
Configures various APT components on Debian-like systems. Also includes a LWRP.
Recipes
=======
default
-------
The default recipe runs apt-get update during the Compile Phase of the Chef run to ensure that the system's package cache is updated with the latest. It is recommended that this recipe appear first in a node's run list (directly or through a role) to ensure that when installing packages, Chef will be able to download the latest version available on the remote APT repository.
This recipe also sets up a local cache directory for preseeding packages.
cacher
------
Installs the apt-cacher package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/report. The cacher recipe includes the `cacher-client` recipe, so it helps seed itself.
cacher-client
-------------
Configures the node to use the apt-cacher server as a client.
Resources/Providers
===================
This LWRP provides an easy way to manage additional APT repositories.
# Actions
- :add: creates a repository file and builds the repository listing
- :remove: removes the repository file
# Attribute Parameters
- repo_name: name attribute. The name of the channel to discover
- uri: the base of the Debian distribution
- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick`
- components: package groupings..when it doubt use `main`
- deb_src: whether or not to add the repository as a source repo as well
- key_server: the GPG keyserver where the key for the repo should be retrieved
- key: if a `key_server` is provided, this is assumed to be the fingerprint, otherwise it is the URI to the GPG key for the repo
# Example
# add the Zenoss repo
apt_repository "zenoss" do
uri "http://dev.zenoss.org/deb"
components ["main","stable"]
action :add
end
# add the Nginx PPA; grab key from keyserver
apt_repository "nginx-php" do
uri "http://ppa.launchpad.net/nginx/php5/ubuntu"
distribution node['lsb']['codename']
components ["main"]
keyserver "keyserver.ubuntu.com"
key "C300EE8C"
action :add
end
# add the Cloudkick Repo
apt_repository "cloudkick" do
uri "http://packages.cloudkick.com/ubuntu"
distribution node['lsb']['codename']
components ["main"]
key "http://packages.cloudkick.com/cloudkick.packages.key"
action :add
end
# remove Zenoss repo
apt_repository "zenoss" do
action :remove
end
Usage
=====
Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:
template "/etc/apt/sources.list.d/my_apt_sources.list" do
notifies :run, resources(:execute => "apt-get update"), :immediately
end
The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.
Put `recipe[apt::cacher]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server.
License and Author
==================
Author:: Joshua Timberman (<joshua@opscode.com>)
Author:: Matt Ray (<matt@opscode.com>)
Author:: Seth Chisamore (<schisamo@opscode.com>)
Copyright 2009-2011 Opscode, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,9 @@
# apt-cacher startup configuration file
# IMPORTANT: check the apt-cacher.conf file before using apt-cacher as daemon.
# set to 1 to start the daemon at boot time
AUTOSTART=1
# extra settings to override the ones in apt-cacher.conf
# EXTRAOPT=" daemon_port=3142 limit=30 "

View File

@ -0,0 +1,144 @@
# This file has been modified by ./apt-proxy-to-apt-cacher
# Some lines may have been appended at the bottom of this file
# This file has been modified by /usr/share/apt-cacher/apt-proxy-to-apt-cacher
# Some lines may have been appended at the bottom of this file
#################################################################
# This is the config file for apt-cacher. On most Debian systems
# you can safely leave the defaults alone.
#################################################################
# cache_dir is used to set the location of the local cache. This can
# become quite large, so make sure it is somewhere with plenty of space.
cache_dir=/var/cache/apt-cacher
# The email address of the administrator is displayed in the info page
# and traffic reports.
admin_email=root@localhost
# For the daemon startup settings please edit the file /etc/default/apt-cacher.
# Daemon port setting, only useful in stand-alone mode. You need to run the
# daemon as root to use privileged ports (<1024).
daemon_port = 3142
# optional settings, user and group to run the daemon as. Make sure they have
# sufficient permissions on the cache and log directories. Comment the settings
# to run apt-cacher as the native user.
group=www-data
user=www-data
# optional setting, binds the listening daemon to one specified IP. Use IP
# ranges for more advanced configuration, see below.
# daemon_addr=localhost
# If your apt-cacher machine is directly exposed to the Internet and you are
# worried about unauthorised machines fetching packages through it, you can
# specify a list of IPv4 addresses which are allowed to use it and another
# list of IPv4 addresses which aren't.
# Localhost (127.0.0.1) is always allowed. Other addresses must be matched
# by allowed_hosts and not by denied_hosts to be permitted to use the cache.
# Setting allowed_hosts to "*" means "allow all".
# Otherwise the format is a comma-separated list containing addresses,
# optionally with masks (like 10.0.0.0/22), or ranges of addresses (two
# addresses separated by a hyphen, no masks, like '192.168.0.3-192.168.0.56').
allowed_hosts=*
denied_hosts=
# And similiarly for IPv6 with allowed_hosts_6 and denied_hosts_6.
# Note that IPv4-mapped IPv6 addresses (::ffff:w.x.y.z) are truncated to
# w.x.y.z and are handled as IPv4.
allowed_hosts_6=fec0::/16
denied_hosts_6=
# This thing can be done by Apache but is much simplier here - limit access to
# Debian mirrors based on server names in the URLs
#allowed_locations=ftp.uni-kl.de,ftp.nerim.net,debian.tu-bs.de
# Apt-cacher can generate usage reports every 24 hours if you set this
# directive to 1. You can view the reports in a web browser by pointing
# to your cache machine with '/apt-cacher/report' on the end, like this:
# http://yourcache.example.com/apt-cacher/report
# Generating reports is very fast even with many thousands of logfile
# lines, so you can safely turn this on without creating much
# additional system load.
generate_reports=1
# Apt-cacher can clean up its cache directory every 24 hours if you set
# this directive to 1. Cleaning the cache can take some time to run
# (generally in the order of a few minutes) and removes all package
# files that are not mentioned in any existing 'Packages' lists. This
# has the effect of deleting packages that have been superseded by an
# updated 'Packages' list.
clean_cache=1
# The directory to use for apt-cacher access and error logs.
# The access log records every request in the format:
# date-time|client ip address|HIT/MISS/EXPIRED|object size|object name
# The error log is slightly more free-form, and is also used for debug
# messages if debug mode is turned on.
# Note that the old 'logfile' and 'errorfile' directives are
# deprecated: if you set them explicitly they will be honoured, but it's
# better to just get rid of them from old config files.
logdir=/var/log/apt-cacher
# apt-cacher can use different methods to decide whether package lists need to
# be updated,
# A) looking at the age of the cached files
# B) getting HTTP header from server and comparing that with cached data. This
# method is more reliable and avoids desynchronisation of data and index files
# but needs to transfer few bytes from the server every time somebody requests
# the files ("apt-get update")
# Set the following value to the maximum age (in hours) for method A or to 0
# for method B
expire_hours=0
# Apt-cacher can pass all its requests to an external http proxy like
# Squid, which could be very useful if you are using an ISP that blocks
# port 80 and requires all web traffic to go through its proxy. The
# format is 'hostname:port', eg: 'proxy.example.com:8080'.
http_proxy=proxy.example.com:8080
# Use of an external proxy can be turned on or off with this flag.
# Value should be either 0 (off) or 1 (on).
use_proxy=0
# External http proxy sometimes need authentication to get full access. The
# format is 'username:password'.
http_proxy_auth=proxyuser:proxypass
# Use of external proxy authentication can be turned on or off with this flag.
# Value should be either 0 (off) or 1 (on).
use_proxy_auth=0
# Rate limiting sets the maximum bandwidth in bytes per second to use
# for fetching packages. Syntax is fully defined in 'man wget'.
# Use 'k' or 'm' to use kilobits or megabits / second: eg, 'limit=25k'.
# Use 0 or a negative value for no rate limiting.
limit=0
# Debug mode makes apt-cacher spew a lot of extra debug junk to the
# error log (whose location is defined with the 'logdir' directive).
# Leave this off unless you need it, or your error log will get very
# big. Acceptable values are 0 or 1.
debug=0
# Adapt the line in the usage info web page to match your server configuration
# example_sources_line=deb&nbsp;http://<b>my.cacher.server:3142/</b>ftp.au.debian.org/debian&nbsp;unstable&nbsp;main&nbsp;contrib&nbsp;non-free
# Print a 410 (Gone) HTTP message with the specified text when accessed via
# CGI. Useful to tell users to adapt their sources.list files when the
# apt-cacher server is beeing relocated (via apt-get's error messages while
# running "update")
#cgi_advise_to_use = Please use http://cacheserver:3142/ as apt-cacher access URL
#cgi_advise_to_use = Server relocated. To change sources.list, run perl -pe "s,/apt-cacher\??,:3142," -i /etc/apt/sources.list
# Server mapping - this allows to hide real server names behind virtual paths
# that appear in the access URL. This method is known from apt-proxy. This is
# also the only method to use FTP access to the target hosts. The syntax is simple, the part of the beginning to replace, followed by a list of mirror urls, all space separated. Multiple profile are separated by semicolons
# path_map = debian ftp.uni-kl.de/pub/linux/debian ftp2.de.debian.org/debian ; ubuntu archive.ubuntu.com/ubuntu ; security security.debian.org/debian-security ftp2.de.debian.org/debian-security
# Note that you need to specify all target servers in the allowed_locations
# options if you make use of it. Also note that the paths should not overlap
# each other. FTP access method not supported yet, maybe in the future.
# extra setting from apt-proxy configuration
path_map = ubuntu us.archive.ubuntu.com/ubuntu ; ubuntu-security security.ubuntu.com/ubuntu ; debian debian.osuosl.org/debian/ ; security security.debian.org/debian-security

View File

@ -0,0 +1,50 @@
[DEFAULT]
;; All times are in seconds, but you can add a suffix
;; for minutes(m), hours(h) or days(d)
;; commented out address so apt-proxy will listen on all IPs
;; address = 127.0.0.1
port = 9999
cache_dir = /var/cache/apt-proxy
;; Control files (Packages/Sources/Contents) refresh rate
min_refresh_delay = 1s
complete_clientless_downloads = 1
;; Debugging settings.
debug = all:4 db:0
time = 30
passive_ftp = on
;;--------------------------------------------------------------
;; Cache housekeeping
cleanup_freq = 1d
max_age = 120d
max_versions = 3
;;---------------------------------------------------------------
;; Backend servers
;;
;; Place each server in its own [section]
[ubuntu]
; Ubuntu archive
backends =
http://us.archive.ubuntu.com/ubuntu
[ubuntu-security]
; Ubuntu security updates
backends = http://security.ubuntu.com/ubuntu
[debian]
;; Backend servers, in order of preference
backends =
http://debian.osuosl.org/debian/
[security]
;; Debian security archive
backends =
http://security.debian.org/debian-security
http://ftp2.de.debian.org/debian-security

13
cookbooks/apt/metadata.rb Normal file
View File

@ -0,0 +1,13 @@
maintainer "Opscode, Inc."
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Configures apt and apt services and an LWRP for managing apt repositories"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "1.1.1"
recipe "apt", "Runs apt-get update during compile phase and sets up preseed directories"
recipe "apt::cacher", "Set up an APT cache"
recipe "apt::cacher-client", "Client for the apt::cacher server"
%w{ ubuntu debian }.each do |os|
supports os
end

View File

@ -0,0 +1,72 @@
#
# Cookbook Name:: apt
# Provider:: repository
#
# Copyright 2010-2011, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
action :add do
unless ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list")
Chef::Log.info "Adding #{new_resource.repo_name} repository to /etc/apt/sources.list.d/#{new_resource.repo_name}-source.list"
# add key
if new_resource.keyserver && new_resource.key
execute "install-key #{new_resource.key}" do
command "apt-key adv --keyserver #{new_resource.keyserver} --recv #{new_resource.key}"
action :nothing
end.run_action(:run)
elsif new_resource.key && (new_resource.key =~ /http/)
key_name = new_resource.key.split(/\//).last
remote_file "#{Chef::Config[:file_cache_path]}/#{key_name}" do
source new_resource.key
mode "0644"
action :nothing
end.run_action(:create_if_missing)
execute "install-key #{key_name}" do
command "apt-key add #{Chef::Config[:file_cache_path]}/#{key_name}"
action :nothing
end.run_action(:run)
end
# build our listing
repository = "deb"
repository = "deb-src" if new_resource.deb_src
repository = "# Created by the Chef apt_repository LWRP\n" + repository
repository += " #{new_resource.uri}"
repository += " #{new_resource.distribution}"
new_resource.components.each {|component| repository += " #{component}"}
# write out the file, replace it if it already exists
file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do
owner "root"
group "root"
mode 0644
content repository + "\n"
action :nothing
end.run_action(:create)
execute "update package index" do
command "apt-get update"
action :nothing
end.run_action(:run)
new_resource.updated_by_last_action(true)
end
end
action :remove do
if ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list")
Chef::Log.info "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/"
file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do
action :delete
end
new_resource.updated_by_last_action(true)
end
end

View File

@ -0,0 +1,37 @@
#
# Cookbook Name:: apt
# Recipe:: cacher-client
#
# Copyright 2011, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
servers = search(:node, 'recipes:apt\:\:cacher') || []
if servers.length > 0
Chef::Log.info("apt-cacher server found on #{servers[0]}.")
proxy = "Acquire::http::Proxy \"http://#{servers[0].ipaddress}:3142\";"
file "/etc/apt/apt.conf.d/01proxy" do
owner "root"
group "root"
mode "0644"
content proxy
action :create
end
else
Chef::Log.info("No apt-cacher server found.")
file "/etc/apt/apt.conf.d/01proxy" do
action :delete
only_if {File.exists?("/etc/apt/apt.conf.d/01proxy")}
end
end

View File

@ -0,0 +1,45 @@
#
# Cookbook Name:: apt
# Recipe:: cacher
#
# Copyright 2008-2011, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package "apt-cacher" do
action :install
end
service "apt-cacher" do
supports :restart => true, :status => false
action [ :enable, :start ]
end
cookbook_file "/etc/apt-cacher/apt-cacher.conf" do
source "apt-cacher.conf"
owner "root"
group "root"
mode 0644
notifies :restart, resources(:service => "apt-cacher")
end
cookbook_file "/etc/default/apt-cacher" do
source "apt-cacher"
owner "root"
group "root"
mode 0644
notifies :restart, resources(:service => "apt-cacher")
end
#this will help seed the proxy
include_recipe "apt::cacher-client"

View File

@ -0,0 +1,33 @@
#
# Cookbook Name:: apt
# Recipe:: default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
e = execute "apt-get update" do
action :nothing
end
e.run_action(:run)
%w{/var/cache/local /var/cache/local/preseeding}.each do |dirname|
directory dirname do
owner "root"
group "root"
mode 0755
action :create
end
end

View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: apt
# Resource:: repository
#
# Copyright 2010-2011, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
actions :add, :remove
#name of the repo, used for source.list filename
attribute :repo_name, :kind_of => String, :name_attribute => true
attribute :uri, :kind_of => String
attribute :distribution, :kind_of => String
attribute :components, :kind_of => Array, :default => []
#whether or not to add the repository as a source repo as well
attribute :deb_src, :default => false
attribute :keyserver, :kind_of => String, :default => nil
attribute :key, :kind_of => String, :default => nil

View File

@ -0,0 +1,24 @@
DESCRIPTION
===========
Installs packages required for compiling C software from source.
LICENSE AND AUTHOR
==================
Author:: Joshua Timberman (<joshua@opscode.com>)
Author:: Seth Chisamore (<schisamo@opscode.com>)
Copyright 2009-2011, Opscode, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,10 @@
maintainer "Opscode, Inc."
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Installs C compiler / build tools"
version "1.0.0"
recipe "build-essential", "Installs C compiler and build tools on Linux"
%w{ fedora redhat centos ubuntu debian }.each do |os|
supports os
end

View File

@ -0,0 +1,45 @@
#
# Cookbook Name:: build-essential
# Recipe:: default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform']
when "ubuntu","debian"
%w{build-essential binutils-doc}.each do |pkg|
package pkg do
action :install
end
end
when "centos","redhat","fedora"
%w{gcc gcc-c++ kernel-devel make}.each do |pkg|
package pkg do
action :install
end
end
end
package "autoconf" do
action :install
end
package "flex" do
action :install
end
package "bison" do
action :install
end

37
cookbooks/git/README.rdoc Normal file
View File

@ -0,0 +1,37 @@
= DESCRIPTION:
Installs git.
= REQUIREMENTS:
== Cookbooks:
Opscode Cookbooks (http://github.com/opscode/cookbooks/tree/master)
* runit
= USAGE:
This cookbook primarily installs git core packages. It can also be used to serve git repositories.
include_recipe "git::server"
This creates the directory /srv/git and starts a git daemon, exporting all repositories found. Repositories need to be added manually, but will be available once they are created.
= LICENSE and AUTHOR:
Author:: Joshua Timberman (<joshua@opscode.com>)
Copyright:: 2009, Opscode, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

16
cookbooks/git/metadata.rb Normal file
View File

@ -0,0 +1,16 @@
maintainer "Opscode, Inc."
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Installs git and/or sets up a Git server daemon"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
version "0.9.0"
recipe "git", "Installs git"
recipe "git::server", "Sets up a runit_service for git daemon"
%w{ ubuntu debian arch}.each do |os|
supports os
end
%w{ runit }.each do |cb|
depends cb
end

View File

@ -0,0 +1,24 @@
#
# Cookbook Name:: git
# Recipe:: default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
case node[:platform]
when "debian", "ubuntu"
package "git-core"
else
package "git"
end

View File

@ -0,0 +1,34 @@
#
# Cookbook Name:: git
# Recipe:: server
#
# Copyright 2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
include_recipe "git"
directory "/srv/git" do
owner "root"
group "root"
mode 0755
end
case node[:platform]
when "debian", "ubuntu"
include_recipe "runit"
runit_service "git-daemon"
else
log "Platform requires setting up a git daemon service script."
log "Hint: /usr/bin/git daemon --export-all --user=nobody --group=daemon --base-path=/srv/git"
end

View File

@ -0,0 +1,2 @@
#!/bin/sh
exec svlogd -tt ./main

View File

@ -0,0 +1,3 @@
#!/bin/sh
exec 2>&1
exec /usr/bin/git daemon --export-all --user=nobody --group=daemon --base-path=/srv/git /srv/git

137
cookbooks/mysql/README.md Normal file
View File

@ -0,0 +1,137 @@
Description
===========
Installs and configures MySQL client or server.
Changes
=======
### v1.0.5:
* [COOK-465] allow optional remote root connections to mysql
* [COOK-455] improve platform version handling
* externalize conf_dir attribute for easier cross platform support
* change datadir attribute to data_dir for consistency
### v1.0.4:
* fix regressions on debian platform
* [COOK-578] wrap root password in quotes
* [COOK-562] expose all tunables in my.cnf
Requirements
============
Platform
--------
* Debian, Ubuntu
* CentOS, Red Hat, Fedora
Tested on:
* Debian 5.0
* Ubuntu 10.04
* CentOS 5.5
Cookbooks
---------
Requires Opscode's openssl cookbook for secure password generation.
Requires a C compiler and Ruby development package in order to build mysql gem with native extensions. On Debian and Ubuntu systems this is satisfied by installing the "build-essential" and "ruby-dev" packages before running Chef. See USAGE below for information on how to handle this during a Chef run.
Resources and Providers
=======================
The cookbook contains a LWRP, `mysql_database` which can be used to manage databases through calls to the MySQL API. The mysql gem is installed to make this usable. The provider currently supports three actions:
* `flush_tables_with_read_lock` - sends the sql command "flush tables with read lock", used for setting up mysql master/slave replication.
* `unflush_tables` - sends the sql command "unflush tables", used for setting up master/slave replication.
* `create_db` - specify a database to be created.
* `query` - send an arbitrary query to the database, this should be used with care. Pass the SQL statement to use with the `sql` resource attribute.
For example see the USAGE section below.
Attributes
==========
* `mysql['server_root_password']` - Set the server's root password with this, default is a randomly generated password with `OpenSSL::Random.random_bytes`.
* `mysql['server_repl_password']` - Set the replication user 'repl' password with this, default is a randomly generated password with `OpenSSL::Random.random_bytes`.
* `mysql['server_debian_password']` - Set the debian-sys-maint user password with this, default is a randomly generated password with `OpenSSL::Random.random_bytes`.
* `mysql['bind_address']` - Listen address for MySQLd, default is node's ipaddress.
* `mysql['data_dir']` - Location for mysql data directory, default is "/var/lib/mysql"
* `mysql['conf_dir']` - Location for mysql conf directory, default is "/etc/mysql"
* `mysql['ec2_path']` - location of mysql data_dir on EC2 nodes, default "/mnt/mysql"
Performance tuning attributes, each corresponds to the same-named parameter in my.cnf; default values listed
* `mysql['tunable']['key_buffer']` = "250M"
* `mysql['tunable']['max_connections']` = "800"
* `mysql['tunable']['wait_timeout']` = "180"
* `mysql['tunable']['net_write_timeout']` = "30"
* `mysql['tunable']['net_write_timeout']` = "30"
* `mysql['tunable']['back_log']` = "128"
* `mysql['tunable']['table_cache']` = "128"
* `mysql['tunable']['max_heap_table_size']` = "32M"
Usage
=====
On client nodes,
include_recipe "mysql::client"
This will install the MySQL client libraries and development headers on the system. It will also install the Ruby Gem `mysql`, so that the cookbook's LWRP (above) can be used. This is done during the compile-phase of the Chef run. On platforms that are known to have a native package (currently Debian, Ubuntu, Red hat, Centos, Fedora and SUSE), the package will be installed. Other platforms will use the RubyGem.
This creates a resource object for the package and does the installation before other recipes are parsed. You'll need to have the C compiler and such (ie, build-essential on Ubuntu) before running the recipes, but we already do that when installing Chef :-). If you want to be able to access a MySQL database via Ruby within another recipe, you could do so, like so:
mysql_database "create application_production database" do
host "localhost"
username "root"
password node[:mysql][:server_root_password]
database "application_production"
action :create_db
end
This will connect to the MySQL server running on localhost as "root" and password as `mysql[:server_root_password]` attribute (see below) and create the database specified with the `database` parameter. The provider will attempt to determine whether the database exists first.
On server nodes,
include_recipe "mysql::server"
On Debian and Ubuntu, this will preseed the mysql-server package with the randomly generated root password from the attributes file. On other platforms, it simply installs the required packages. It will also create an SQL file, /etc/mysql/grants.sql, that will be used to set up grants for the root, repl and debian-sys-maint users.
On EC2 nodes,
include_recipe "mysql::server_ec2"
When the `ec2_path` doesn't exist we look for a mounted filesystem (eg, EBS) and move the data_dir there.
The client recipe is already included by server and 'default' recipes.
For more infromation on the compile vs execution phase of a Chef run:
* http://wiki.opscode.com/display/chef/Anatomy+of+a+Chef+Run
License and Author
==================
Author:: Joshua Timberman (<joshua@opscode.com>)
Author:: AJ Christensen (<aj@opscode.com>)
Author:: Seth Chisamore (<schisamo@opscode.com>)
Copyright:: 2009-2011 Opscode, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,65 @@
#
# Cookbook Name:: mysql
# Attributes:: server
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['mysql']['bind_address'] = ipaddress
default['mysql']['data_dir'] = "/var/lib/mysql"
case node["platform"]
when "centos", "redhat", "fedora", "suse"
set['mysql']['conf_dir'] = '/etc'
set['mysql']['socket'] = "/var/lib/mysql/mysql.sock"
set['mysql']['pid_file'] = "/var/run/mysqld/mysqld.pid"
set['mysql']['old_passwords'] = 1
else
set['mysql']['conf_dir'] = '/etc/mysql'
set['mysql']['socket'] = "/var/run/mysqld/mysqld.sock"
set['mysql']['pid_file'] = "/var/run/mysqld/mysqld.pid"
set['mysql']['old_passwords'] = 0
end
if attribute?('ec2')
default['mysql']['ec2_path'] = "/mnt/mysql"
default['mysql']['ebs_vol_dev'] = "/dev/sdi"
default['mysql']['ebs_vol_size'] = 50
end
default['mysql']['allow_remote_root'] = false
default['mysql']['tunable']['back_log'] = "128"
default['mysql']['tunable']['key_buffer'] = "256M"
default['mysql']['tunable']['max_allowed_packet'] = "16M"
default['mysql']['tunable']['max_connections'] = "800"
default['mysql']['tunable']['max_heap_table_size'] = "32M"
default['mysql']['tunable']['myisam_recover'] = "BACKUP"
default['mysql']['tunable']['net_read_timeout'] = "30"
default['mysql']['tunable']['net_write_timeout'] = "30"
default['mysql']['tunable']['table_cache'] = "128"
default['mysql']['tunable']['table_open_cache'] = "128"
default['mysql']['tunable']['thread_cache'] = "128"
default['mysql']['tunable']['thread_cache_size'] = 8
default['mysql']['tunable']['thread_concurrency'] = 10
default['mysql']['tunable']['thread_stack'] = "256K"
default['mysql']['tunable']['wait_timeout'] = "180"
default['mysql']['tunable']['query_cache_limit'] = "1M"
default['mysql']['tunable']['query_cache_size'] = "16M"
default['mysql']['tunable']['log_slow_queries'] = "/var/log/mysql/slow.log"
default['mysql']['tunable']['long_query_time'] = 2
default['mysql']['tunable']['innodb_buffer_pool_size'] = "256M"

View File

@ -0,0 +1,19 @@
begin
require 'mysql'
rescue LoadError
Chef::Log.info("Missing gem 'mysql'")
end
module Opscode
module Mysql
module Database
def db
@db ||= ::Mysql.new new_resource.host, new_resource.username, new_resource.password
end
def close
@db.close rescue nil
@db = nil
end
end
end
end

View File

@ -0,0 +1,33 @@
#
# Author:: Seth Chisamore (<schisamo@opscode.com>)
# Copyright:: Copyright (c) 2011 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module Opscode
module Mysql
module Helpers
def debian_before_squeeze?
platform?("debian") && (node.platform_version.to_f < 6.0)
end
def ubuntu_before_lucid?
platform?("ubuntu") && (node.platform_version.to_f < 10.0)
end
end
end
end

Some files were not shown because too many files have changed in this diff Show More