Last active
August 29, 2015 13:59
-
-
Save micgo/10693216 to your computer and use it in GitHub Desktop.
Chef - Intermediate Topics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name "base" | |
| description "Base Server Role" | |
| run_list "recipe[chef-client::delete_validation]", "recipe[chef-client]", "recipe[ntp]", "recipe[motd]", "recipe[users]", "recipe[push-jobs]" | |
| default_attributes( | |
| "chef_client" => { | |
| "config" => { | |
| "ssl_verify_mode" => ":verify_peer" | |
| } | |
| }, | |
| "push_jobs" => { | |
| "package_url" => "https://s3.amazonaws.com/chef-intermediate-topics/opscode-push-jobs-client-1.0.2-1.el6.x86_64.rpm", | |
| "package_checksum" => "2af78d8dd0d55ed5555227a2997b7d4440f32a90c0190389d418026490a63ca7", | |
| "whitelist" => { | |
| "chef-client" => "chef-client" | |
| } | |
| } | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rubygems' | |
| require 'pony' | |
| module MyCompany | |
| class EmailMe < Chef::Handler | |
| def initialize(from_address, to_address) | |
| @from_address = from_address | |
| @to_address = to_address | |
| end | |
| def report | |
| status = success? ? "Successful" : "Failed" | |
| subject = "#{status} Chef run report from #{node.name}" | |
| report_string = "" | |
| # report on changed resources | |
| if ! run_status.updated_resources.empty? | |
| # get some info about all the changed resources! | |
| run_status.updated_resources.each do |r| | |
| report_string += "The resource #{r.name} was changed in cookbook #{r.cookbook_name} at #{r.source_line}\n" | |
| end | |
| else | |
| report_string += "No resources changed by chef-client\n" | |
| end | |
| Pony.mail(:to => @to_address, | |
| :from => @from_address, | |
| :subject => subject, | |
| :body => report_string) | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo | openssl s_client -connect EXTERNAL_NAME_GOES_HERE:443 2>&1 | sed -n '/-\+BEGIN/,/-\+END/p' | sudo tee /etc/chef/trusted_certs/cert.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| -A INPUT -p icmp -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT | |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT | |
| -A INPUT -p tcp --match multiport --dports 10000:10003 -j ACCEPT | |
| -A INPUT -j REJECT --reject-with icmp-host-prohibited | |
| -A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
| COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ohai.plugin(:Apache) do | |
| provides "apache/modules" | |
| collect_data(:default) do | |
| apache Mash.new | |
| apache[:modules] = {:static => [], :shared => []} | |
| modules = shell_out("apachectl -t -D DUMP_MODULES") | |
| modules.stdout.each_line do |line| | |
| fullkey, value = line.split(/\(/, 2).map {|i| i.strip} | |
| apache_mod = fullkey.gsub(/_module/,"") | |
| dso_type = value.to_s.chomp("\)") | |
| if dso_type.match(/shared/) | |
| apache[:modules][:shared] << apache_mod | |
| elsif dso_type.match(/static/) | |
| apache[:modules][:static] << apache_mod | |
| end | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use_inline_resources | |
| action :create do | |
| # Set the document root | |
| document_root = "/srv/apache/#{new_resource.site_name}" | |
| # Add a template for Apache virtual host configuration | |
| template "/etc/httpd/conf.d/#{new_resource.site_name}.conf" do | |
| source "custom.erb" | |
| mode "0644" | |
| variables( | |
| :document_root => document_root, | |
| :port => new_resource.site_port | |
| ) | |
| end | |
| # Add a directory resource to create the document_root | |
| directory document_root do | |
| mode "0755" | |
| recursive true | |
| end | |
| # Add a template resource for the virtual host's index.html | |
| template "#{document_root}/index.html" do | |
| source "index.html.erb" | |
| mode "0644" | |
| variables( | |
| :site_name => new_resource.site_name, | |
| :port => new_resource.site_port | |
| ) | |
| end | |
| end | |
| action :remove do | |
| file "/etc/httpd/conf.d/#{new_resource.site_name}.conf" do | |
| action :delete | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment