Created
February 1, 2010 13:08
-
-
Save mrchrisadams/291681 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "base_server", | |
| "chef_type": "role", | |
| "json_class": "Chef::Role", | |
| "description": "This role is the bootstrap for every server, putting sysadmin accounts on it, and switching off non essential services", | |
| "default_attributes": { | |
| "groups" : { | |
| "sysadmin" : { | |
| "gid" : 7000 | |
| }, | |
| "backup" : { | |
| "gid" : 300 | |
| } | |
| }, | |
| "active_groups" : [ | |
| "sysadmin" | |
| ], | |
| "active_users" : [ | |
| "sysadmin", | |
| ":chrisadams" | |
| ], | |
| "users" : { | |
| "sysadmin" : { | |
| "password" : "#{default_password}", | |
| "comment" : "John Doe", | |
| "uid" : 4001, | |
| "groups" : [ | |
| "sysadmin" | |
| ] | |
| } | |
| }, | |
| "apache2" : { | |
| "listen_ports": [ | |
| "80", | |
| "443" | |
| ] | |
| }, | |
| "ssh_keys" : { | |
| "felix" : "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA20n8nr1VzWDNPhLpSK64jDag6wTBqO8tCMTTRitzltJF7uEpywM31idGaZPLmKsxrPMCz6ZIlBimY1mwMAuWAG6U0KK6XIncoxuUOSCHLaeHSNxiJIdrKIOOmFwfdk737SBLesa02C/a2cS2E6rX84PTvBahYwlZO0ObAYx3tfh2f+dRoxmhL3h18FFN/tJZ0zfftdA15FFixh1ngPcWjahsKO2Ah5NDEnh+quNUWXIBHYELWoJmOMqz+pnXf/kzkKVg3INZIqhOiYncLlBlY0rRNsWlVOUdSUlH4Wz1isejRdYhHl6L8IWvZqRtzJe/T/BlAzXDqzQ7wV9aH5lpmw== felix@f.local", | |
| "sysadmin" : "ssh-dss AAAAB3NzaC1kc3MAAACBAIT6z+X6Je7o5wBB3T8QkeO0jXhGr4JTiksSi9f2ok/GLYShrJ2UhZP1faNv8drtHT83mu03mj0WpAA/fmThz0NJFVGb6AUOUPTJG8z+Os0kUT5FwzJDtEbZL5tZPysRSzVy1kaWi0NS2fYZ9Sruv4u2mjf/DmCKvKhdK5bAwZYLAAAAFQDNYbgUDajXlTmSZj71+Yn+wcQlDwAAAIAQrkc+ufEkdlRQKH2ZUtz3tmws9j6WlEWKdfbdFmbjVRqkMNPjc2fOuKc4+/T3DA84px6J17amqQPg5p30jS8V9kwoldzT69yW7gAomEZ1jV3QxKjwLQppQZMRpD2kn7YUOReSvFHh0t5BDxfrd2lRGM9f9+KHdNKKhH30Lp9t0QAAAIBwvdjrs6pE4IJu+z9aVERU9BRBpnjZsKZiklcAUh7edEqunRjAHSoveNpJLIibeaXJQCXtuFkr6DRwkrDgpW0nRW0jRahfNPZrc7yZ14QL4JS4iD6ktFJfo4wjpr78fbddSqOFT+25/xsrFtpkscvNGV9Hs9z7E2SUHOZrtLP6zg== peter@redpill.headshift1.local", | |
| "chrisadams" : "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApF/6aBvK05cHjvInsvfYTHjpNrTtnUUPG2R8CS9/MykjhsmRiuluhE6EO00LwkLmm9e6SAM+32euTLhEVjtht4Q67smVvxVxFcDHgPc5UHQprQJQ0q4RQhrex4QLqyvlaTCitdW26vWAKk2itoFEGeYnZHyK6bYuiIIlHjeCQ2MZ+RO2R2WFVGBF31+JGcWsQs7ZURPJACCViNOm4M5y/KnO3e7BNlpnxJb1Z2S6Fziznqf+qIDzqsdF3QDroRNoVSsHOkrzBRXIoygZqahcMl3vnKoKpJN1ITgjncKsCxy1ij/bfQ4kU7pTZ/FkD7guexkuRpMTTMZaV1jY5je98Q== chrisadams@Chris-Adamss-MacBook-Pro.local" | |
| } | |
| }, | |
| "override_attributes": { | |
| "apache2": { | |
| "max_children": "50" | |
| } | |
| }, | |
| "recipes" : [ | |
| "apache2", | |
| "apache2::mod_ssl", | |
| "users" | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from http://github.com/37signals/37s_cookbooks/tree/master/users/ | |
| node[:groups].each do |group_key, config| | |
| group group_key do | |
| group_name group_key.to_s | |
| gid config[:gid] | |
| action [:create, :manage] | |
| end | |
| end | |
| if node[:active_users] | |
| node[:active_users].each do |username| | |
| config = node[:users][username] | |
| # $config = config | |
| # require 'irb' | |
| # IRB.start | |
| user username do | |
| comment config[:comment] | |
| uid config[:uid] | |
| gid config[:groups].first | |
| home "/home/#{username}" | |
| shell "/bin/bash" | |
| password config[:password] | |
| supports :manage_home => true | |
| action [:create, :manage] | |
| end | |
| end | |
| end | |
| node[:active_groups].each do |group_name, config| | |
| users = node[:users].find_all { |u| u.last[:groups].include?(group_name) } | |
| users.each do |u, config| | |
| user u do | |
| comment config[:comment] | |
| uid config[:uid] | |
| gid config[:groups].first | |
| home "/home/#{u}" | |
| shell "/bin/bash" | |
| password config[:password] | |
| supports :manage_home => true | |
| action [:create, :manage] | |
| end | |
| config[:groups].each do |g| | |
| group g do | |
| group_name g.to_s | |
| gid node[:groups][g][:gid] | |
| members [ u ] | |
| append true | |
| action [:modify] | |
| end | |
| end | |
| remote_file "/home/#{u}/.profile" do | |
| source "users/#{u}/.profile" | |
| mode 0750 | |
| owner u | |
| group config[:groups].first.to_s | |
| end | |
| directory "/home/#{u}/.ssh" do | |
| action :create | |
| owner u | |
| group config[:groups].first.to_s | |
| mode 0700 | |
| end | |
| add_keys u do | |
| conf config | |
| end | |
| end | |
| # remove users who may have been added but are now restricted from this node's role | |
| # (node[:users] - users).each do |u| | |
| # user u do | |
| # action :remove | |
| # end | |
| # end | |
| end | |
| # Remove initial setup user and group. | |
| user "ubuntu" do | |
| action :remove | |
| end | |
| group "ubuntu" do | |
| action :remove | |
| end | |
| directory "/u" do | |
| action :create | |
| owner "root" | |
| group "admin" | |
| mode 0775 | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment