chef 16.1.16-universal-mingw32 → 16.3.45-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -7
- data/README.md +3 -3
- data/Rakefile +3 -16
- data/chef-universal-mingw32.gemspec +2 -2
- data/chef.gemspec +7 -6
- data/lib/chef/application.rb +12 -0
- data/lib/chef/application/apply.rb +2 -1
- data/lib/chef/application/base.rb +1 -1
- data/lib/chef/application/client.rb +1 -1
- data/lib/chef/application/windows_service_manager.rb +1 -1
- data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
- data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +1 -1
- data/lib/chef/client.rb +3 -3
- data/lib/chef/cookbook/chefignore.rb +1 -1
- data/lib/chef/cookbook/metadata.rb +1 -1
- data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
- data/lib/chef/cookbook/syntax_check.rb +1 -2
- data/lib/chef/cookbook_loader.rb +15 -29
- data/lib/chef/cookbook_version.rb +2 -2
- data/lib/chef/data_bag.rb +5 -6
- data/lib/chef/deprecated.rb +12 -0
- data/lib/chef/digester.rb +3 -2
- data/lib/chef/dsl/platform_introspection.rb +2 -0
- data/lib/chef/environment.rb +1 -2
- data/lib/chef/exceptions.rb +3 -0
- data/lib/chef/file_access_control.rb +1 -1
- data/lib/chef/file_access_control/windows.rb +2 -2
- data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +1 -1
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +3 -3
- data/lib/chef/handler.rb +2 -0
- data/lib/chef/http.rb +27 -13
- data/lib/chef/http/authenticator.rb +3 -1
- data/lib/chef/http/http_request.rb +1 -1
- data/lib/chef/http/json_output.rb +1 -1
- data/lib/chef/http/ssl_policies.rb +18 -0
- data/lib/chef/knife.rb +5 -5
- data/lib/chef/knife/bootstrap.rb +19 -19
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +9 -9
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
- data/lib/chef/knife/client_bulk_delete.rb +1 -1
- data/lib/chef/knife/config_get.rb +2 -1
- data/lib/chef/knife/config_list_profiles.rb +4 -1
- data/lib/chef/knife/config_use_profile.rb +15 -5
- data/lib/chef/knife/configure.rb +1 -1
- data/lib/chef/knife/cookbook_delete.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +6 -14
- data/lib/chef/knife/core/bootstrap_context.rb +1 -1
- data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +1 -0
- data/lib/chef/knife/core/subcommand_loader.rb +20 -1
- data/lib/chef/knife/core/ui.rb +8 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +2 -3
- data/lib/chef/knife/data_bag_create.rb +1 -1
- data/lib/chef/knife/node_bulk_delete.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +1 -1
- data/lib/chef/knife/rehash.rb +3 -21
- data/lib/chef/knife/role_bulk_delete.rb +1 -1
- data/lib/chef/knife/ssh.rb +6 -2
- data/lib/chef/knife/supermarket_share.rb +1 -1
- data/lib/chef/knife/supermarket_unshare.rb +1 -1
- data/lib/chef/log.rb +8 -3
- data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
- data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
- data/lib/chef/mixin/openssl_helper.rb +27 -5
- data/lib/chef/mixin/path_sanity.rb +5 -4
- data/lib/chef/mixin/securable.rb +2 -2
- data/lib/chef/mixin/shell_out.rb +4 -188
- data/lib/chef/mixin/template.rb +1 -0
- data/lib/chef/mixin/which.rb +6 -3
- data/lib/chef/mixins.rb +1 -0
- data/lib/chef/node.rb +36 -12
- data/lib/chef/node_map.rb +21 -18
- data/lib/chef/platform/service_helpers.rb +31 -28
- data/lib/chef/powershell.rb +1 -1
- data/lib/chef/provider/batch.rb +3 -10
- data/lib/chef/provider/cron.rb +2 -14
- data/lib/chef/provider/execute.rb +2 -1
- data/lib/chef/provider/git.rb +12 -4
- data/lib/chef/provider/group/dscl.rb +2 -2
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/ifconfig.rb +7 -7
- data/lib/chef/provider/mount/aix.rb +1 -1
- data/lib/chef/provider/mount/solaris.rb +0 -1
- data/lib/chef/provider/mount/windows.rb +2 -2
- data/lib/chef/provider/noop.rb +1 -1
- data/lib/chef/provider/package/openbsd.rb +1 -1
- data/lib/chef/provider/package/portage.rb +2 -2
- data/lib/chef/provider/package/powershell.rb +6 -2
- data/lib/chef/provider/package/rubygems.rb +2 -2
- data/lib/chef/provider/package/snap.rb +97 -29
- data/lib/chef/provider/package/windows.rb +9 -4
- data/lib/chef/provider/package/windows/msi.rb +3 -3
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/powershell_script.rb +10 -14
- data/lib/chef/provider/remote_file/http.rb +4 -1
- data/lib/chef/provider/script.rb +4 -75
- data/lib/chef/provider/service.rb +2 -2
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +2 -2
- data/lib/chef/provider/service/openbsd.rb +4 -4
- data/lib/chef/provider/service/redhat.rb +1 -1
- data/lib/chef/provider/service/windows.rb +1 -1
- data/lib/chef/provider/subversion.rb +2 -2
- data/lib/chef/provider/user/dscl.rb +4 -4
- data/lib/chef/provider/user/linux.rb +3 -3
- data/lib/chef/provider/user/mac.rb +5 -5
- data/lib/chef/provider/windows_script.rb +87 -25
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +31 -11
- data/lib/chef/resource.rb +24 -11
- data/lib/chef/resource/alternatives.rb +1 -1
- data/lib/chef/resource/apt_package.rb +1 -1
- data/lib/chef/resource/archive_file.rb +28 -8
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +4 -2
- data/lib/chef/resource/build_essential.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +14 -2
- data/lib/chef/resource/chef_gem.rb +57 -21
- data/lib/chef/resource/chocolatey_feature.rb +1 -2
- data/lib/chef/resource/cron/_cron_shared.rb +98 -0
- data/lib/chef/resource/cron/cron.rb +46 -0
- data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb} +7 -87
- data/lib/chef/resource/cron_access.rb +13 -5
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/dmg_package.rb +2 -2
- data/lib/chef/resource/execute.rb +479 -9
- data/lib/chef/resource/file.rb +1 -1
- data/lib/chef/resource/freebsd_package.rb +1 -1
- data/lib/chef/resource/gem_package.rb +35 -2
- data/lib/chef/resource/helpers/cron_validations.rb +6 -3
- data/lib/chef/resource/homebrew_package.rb +30 -1
- data/lib/chef/resource/homebrew_update.rb +107 -0
- data/lib/chef/resource/hostname.rb +23 -36
- data/lib/chef/resource/kernel_module.rb +14 -1
- data/lib/chef/resource/launchd.rb +1 -1
- data/lib/chef/resource/lwrp_base.rb +1 -0
- data/lib/chef/resource/macos_userdefaults.rb +176 -61
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/openssl_x509_certificate.rb +11 -14
- data/lib/chef/resource/openssl_x509_crl.rb +1 -2
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +23 -4
- data/lib/chef/resource/powershell_script.rb +4 -2
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/remote_file.rb +26 -10
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/service.rb +2 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +16 -1
- data/lib/chef/resource/sudo.rb +30 -3
- data/lib/chef/resource/swap_file.rb +17 -0
- data/lib/chef/resource/template.rb +1 -1
- data/lib/chef/resource/timezone.rb +15 -0
- data/lib/chef/resource/user_ulimit.rb +1 -1
- data/lib/chef/resource/windows_ad_join.rb +30 -1
- data/lib/chef/resource/windows_audit_policy.rb +227 -0
- data/lib/chef/resource/windows_auto_run.rb +11 -0
- data/lib/chef/resource/windows_certificate.rb +26 -0
- data/lib/chef/resource/windows_dns_record.rb +17 -0
- data/lib/chef/resource/windows_firewall_profile.rb +197 -0
- data/lib/chef/resource/windows_font.rb +3 -3
- data/lib/chef/resource/windows_package.rb +1 -1
- data/lib/chef/resource/windows_pagefile.rb +1 -1
- data/lib/chef/resource/windows_script.rb +2 -16
- data/lib/chef/resource/windows_security_policy.rb +67 -36
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +4 -4
- data/lib/chef/resource/windows_user_privilege.rb +30 -7
- data/lib/chef/resource/yum_repository.rb +9 -9
- data/lib/chef/resource_inspector.rb +7 -1
- data/lib/chef/resources.rb +5 -2
- data/lib/chef/role.rb +1 -2
- data/lib/chef/search/query.rb +1 -1
- data/lib/chef/server_api_versions.rb +4 -0
- data/lib/chef/shell/shell_session.rb +2 -0
- data/lib/chef/util/diff.rb +2 -3
- data/lib/chef/util/windows/net_user.rb +1 -1
- data/lib/chef/util/windows/volume.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/win32/file.rb +1 -1
- data/lib/chef/win32/registry.rb +3 -4
- data/lib/chef/win32/security.rb +1 -1
- data/spec/data/lwrp/providers/buck_passer.rb +1 -1
- data/spec/data/lwrp/providers/buck_passer_2.rb +1 -1
- data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +1 -1
- data/spec/functional/knife/configure_spec.rb +1 -1
- data/spec/functional/knife/ssh_spec.rb +5 -16
- data/spec/functional/resource/aix_service_spec.rb +9 -2
- data/spec/functional/resource/aixinit_service_spec.rb +1 -2
- data/spec/functional/resource/apt_package_spec.rb +0 -1
- data/spec/functional/resource/bash_spec.rb +3 -2
- data/spec/functional/resource/bff_spec.rb +1 -1
- data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
- data/spec/functional/resource/cron_spec.rb +20 -2
- data/spec/functional/resource/dnf_package_spec.rb +4 -1
- data/spec/functional/resource/execute_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +23 -1
- data/spec/functional/resource/group_spec.rb +15 -3
- data/spec/functional/resource/ifconfig_spec.rb +9 -1
- data/spec/functional/resource/insserv_spec.rb +3 -3
- data/spec/functional/resource/link_spec.rb +2 -5
- data/spec/functional/resource/mount_spec.rb +9 -1
- data/spec/functional/resource/msu_package_spec.rb +9 -3
- data/spec/functional/resource/powershell_script_spec.rb +4 -4
- data/spec/functional/resource/remote_file_spec.rb +9 -15
- data/spec/functional/resource/rpm_spec.rb +1 -1
- data/spec/functional/resource/timezone_spec.rb +2 -0
- data/spec/functional/resource/windows_package_spec.rb +0 -1
- data/spec/functional/resource/windows_path_spec.rb +4 -0
- data/spec/functional/resource/windows_security_policy_spec.rb +0 -1
- data/spec/functional/resource/windows_service_spec.rb +4 -0
- data/spec/functional/resource/windows_task_spec.rb +12 -11
- data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
- data/spec/functional/resource/yum_package_spec.rb +4 -1
- data/spec/functional/resource/zypper_package_spec.rb +4 -1
- data/spec/functional/run_lock_spec.rb +2 -1
- data/spec/functional/shell_spec.rb +5 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/crypto_spec.rb +1 -1
- data/spec/integration/knife/config_list_profiles_spec.rb +30 -2
- data/spec/integration/knife/config_use_profile_spec.rb +55 -2
- data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
- data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
- data/spec/integration/knife/environment_from_file_spec.rb +1 -1
- data/spec/integration/knife/node_from_file_spec.rb +1 -1
- data/spec/integration/knife/role_from_file_spec.rb +1 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
- data/spec/integration/recipes/resource_load_spec.rb +4 -2
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +1 -1
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +10 -4
- data/spec/support/chef_helpers.rb +1 -20
- data/spec/support/platform_helpers.rb +1 -3
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +0 -1
- data/spec/support/shared/functional/securable_resource.rb +1 -2
- data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
- data/spec/support/shared/functional/windows_script.rb +2 -2
- data/spec/support/shared/integration/knife_support.rb +2 -9
- data/spec/support/shared/unit/application_dot_d.rb +0 -1
- data/spec/support/shared/unit/execute_resource.rb +1 -1
- data/spec/support/shared/unit/provider/file.rb +12 -8
- data/spec/unit/application/solo_spec.rb +4 -2
- data/spec/unit/application_spec.rb +11 -2
- data/spec/unit/chef_fs/config_spec.rb +2 -2
- data/spec/unit/chef_fs/diff_spec.rb +8 -8
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
- data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
- data/spec/unit/client_spec.rb +4 -1
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
- data/spec/unit/data_bag_spec.rb +6 -3
- data/spec/unit/data_collector_spec.rb +1 -1
- data/spec/unit/decorator_spec.rb +23 -23
- data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
- data/spec/unit/environment_spec.rb +5 -1
- data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
- data/spec/unit/guard_interpreter_spec.rb +1 -1
- data/spec/unit/http/api_versions_spec.rb +20 -2
- data/spec/unit/http/ssl_policies_spec.rb +20 -0
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +5 -8
- data/spec/unit/knife/cookbook_download_spec.rb +2 -2
- data/spec/unit/knife/cookbook_show_spec.rb +6 -7
- data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
- data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
- data/spec/unit/log/syslog_spec.rb +6 -10
- data/spec/unit/log/winevt_spec.rb +21 -13
- data/spec/unit/lwrp_spec.rb +9 -6
- data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
- data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
- data/spec/unit/mixin/powershell_out_spec.rb +2 -4
- data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +0 -1
- data/spec/unit/mixin/shell_out_spec.rb +25 -26
- data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
- data/spec/unit/mixin/unformatter_spec.rb +2 -2
- data/spec/unit/mixin/uris_spec.rb +1 -1
- data/spec/unit/mixin/user_context_spec.rb +1 -9
- data/spec/unit/mixin/which.rb +8 -0
- data/spec/unit/node_spec.rb +98 -11
- data/spec/unit/property_spec.rb +6 -6
- data/spec/unit/provider/batch_spec.rb +130 -0
- data/spec/unit/provider/cron/unix_spec.rb +1 -1
- data/spec/unit/provider/cron_spec.rb +9 -49
- data/spec/unit/provider/dsc_resource_spec.rb +22 -38
- data/spec/unit/provider/dsc_script_spec.rb +10 -10
- data/spec/unit/provider/execute_spec.rb +1 -8
- data/spec/unit/provider/git_spec.rb +3 -3
- data/spec/unit/provider/ifconfig_spec.rb +0 -1
- data/spec/unit/provider/mdadm_spec.rb +1 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
- data/spec/unit/provider/package/openbsd_spec.rb +1 -1
- data/spec/unit/provider/package/pacman_spec.rb +17 -20
- data/spec/unit/provider/package/powershell_spec.rb +95 -86
- data/spec/unit/provider/package/rubygems_spec.rb +5 -10
- data/spec/unit/provider/package/smartos_spec.rb +1 -1
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +30 -53
- data/spec/unit/provider/powershell_script_spec.rb +3 -45
- data/spec/unit/provider/script_spec.rb +20 -110
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/windows_spec.rb +2 -6
- data/spec/unit/provider/systemd_unit_spec.rb +28 -24
- data/spec/unit/provider/user/dscl_spec.rb +2 -2
- data/spec/unit/provider/windows_env_spec.rb +5 -4
- data/spec/unit/provider/zypper_repository_spec.rb +60 -10
- data/spec/unit/provider_spec.rb +1 -0
- data/spec/unit/resource/archive_file_spec.rb +11 -2
- data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +17 -7
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
- data/spec/unit/resource/cron_spec.rb +2 -2
- data/spec/unit/resource/execute_spec.rb +10 -0
- data/spec/unit/resource/file/verification_spec.rb +2 -1
- data/spec/unit/resource/helpers/cron_validations_spec.rb +5 -1
- data/spec/unit/resource/homebrew_update_spec.rb +30 -0
- data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
- data/spec/unit/resource/powershell_script_spec.rb +10 -15
- data/spec/unit/resource/timezone_spec.rb +1 -1
- data/spec/unit/resource/windows_audit_policy_spec.rb +64 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
- data/spec/unit/resource/windows_package_spec.rb +1 -0
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +2 -2
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +84 -1
- data/spec/unit/role_spec.rb +23 -21
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_lock_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/server_api_spec.rb +43 -16
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/util/diff_spec.rb +1 -15
- data/spec/unit/util/dsc/configuration_generator_spec.rb +1 -1
- data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
- data/spec/unit/util/selinux_spec.rb +2 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +9 -0
- data/spec/unit/win32/security_spec.rb +4 -3
- metadata +68 -40
- data/lib/chef/resource/cron.rb +0 -157
@@ -0,0 +1,46 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Bryan McLellan (btm@loftninjas.org)
|
3
|
+
# Author:: Tyler Cloke (<tyler@chef.io>)
|
4
|
+
# Copyright:: Copyright 2009-2016, Bryan McLellan
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../../resource"
|
21
|
+
require_relative "../helpers/cron_validations"
|
22
|
+
require_relative "../../provider/cron" # do not remove. we actually need this below
|
23
|
+
|
24
|
+
class Chef
|
25
|
+
class Resource
|
26
|
+
class Cron < Chef::Resource
|
27
|
+
unified_mode true
|
28
|
+
|
29
|
+
use "cron_shared"
|
30
|
+
|
31
|
+
provides :cron
|
32
|
+
|
33
|
+
description "Use the **cron** resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron."
|
34
|
+
|
35
|
+
state_attrs :minute, :hour, :day, :month, :weekday, :user
|
36
|
+
|
37
|
+
default_action :create
|
38
|
+
allowed_actions :create, :delete
|
39
|
+
|
40
|
+
property :time, Symbol,
|
41
|
+
description: "A time interval.",
|
42
|
+
equal_to: Chef::Provider::Cron::SPECIAL_TIME_VALUES
|
43
|
+
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -15,15 +15,18 @@
|
|
15
15
|
# limitations under the License.
|
16
16
|
#
|
17
17
|
|
18
|
-
require_relative "
|
19
|
-
require_relative "helpers/cron_validations"
|
18
|
+
require_relative "../../resource"
|
19
|
+
require_relative "../helpers/cron_validations"
|
20
20
|
require "shellwords" unless defined?(Shellwords)
|
21
|
-
require_relative "
|
21
|
+
require_relative "../../dist"
|
22
22
|
|
23
23
|
class Chef
|
24
24
|
class Resource
|
25
25
|
class CronD < Chef::Resource
|
26
26
|
unified_mode true
|
27
|
+
|
28
|
+
use "cron_shared"
|
29
|
+
|
27
30
|
provides :cron_d
|
28
31
|
|
29
32
|
introduced "14.4"
|
@@ -98,92 +101,9 @@ class Chef
|
|
98
101
|
description: "Schedule your cron job with one of the special predefined value instead of ** * pattern.",
|
99
102
|
equal_to: %w{ @reboot @yearly @annually @monthly @weekly @daily @midnight @hourly }
|
100
103
|
|
101
|
-
property :minute, [Integer, String],
|
102
|
-
description: "The minute at which the cron entry should run (`0 - 59`).",
|
103
|
-
default: "*", callbacks: {
|
104
|
-
"should be a valid minute spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 59) },
|
105
|
-
}
|
106
|
-
|
107
|
-
property :hour, [Integer, String],
|
108
|
-
description: "The hour at which the cron entry is to run (`0 - 23`).",
|
109
|
-
default: "*", callbacks: {
|
110
|
-
"should be a valid hour spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 0, 23) },
|
111
|
-
}
|
112
|
-
|
113
|
-
property :day, [Integer, String],
|
114
|
-
description: "The day of month at which the cron entry should run (`1 - 31`).",
|
115
|
-
default: "*", callbacks: {
|
116
|
-
"should be a valid day spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_numeric(spec, 1, 31) },
|
117
|
-
}
|
118
|
-
|
119
|
-
property :month, [Integer, String],
|
120
|
-
description: "The month in the year on which a cron entry is to run (`1 - 12`, `jan-dec`, or `*`).",
|
121
|
-
default: "*", callbacks: {
|
122
|
-
"should be a valid month spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_month(spec) },
|
123
|
-
}
|
124
|
-
|
125
|
-
property :weekday, [Integer, String],
|
126
|
-
description: "The day of the week on which this entry is to run (`0-7`, `mon-sun`, or `*`), where Sunday is both `0` and `7`.",
|
127
|
-
default: "*", callbacks: {
|
128
|
-
"should be a valid weekday spec" => ->(spec) { Chef::ResourceHelpers::CronValidations.validate_dow(spec) },
|
129
|
-
}
|
130
|
-
|
131
|
-
property :command, String,
|
132
|
-
description: "The command to run.",
|
133
|
-
required: [:create]
|
134
|
-
|
135
|
-
property :user, String,
|
136
|
-
description: "The name of the user that runs the command.",
|
137
|
-
default: "root"
|
138
|
-
|
139
|
-
property :mailto, String,
|
140
|
-
description: "Set the `MAILTO` environment variable in the cron.d file."
|
141
|
-
|
142
|
-
property :path, String,
|
143
|
-
description: "Set the `PATH` environment variable in the cron.d file."
|
144
|
-
|
145
|
-
property :home, String,
|
146
|
-
description: "Set the `HOME` environment variable in the cron.d file."
|
147
|
-
|
148
|
-
property :shell, String,
|
149
|
-
description: "Set the `SHELL` environment variable in the cron.d file."
|
150
|
-
|
151
104
|
property :comment, String,
|
152
105
|
description: "A comment to place in the cron.d file."
|
153
106
|
|
154
|
-
property :environment, Hash,
|
155
|
-
description: "A Hash containing additional arbitrary environment variables under which the cron job will be run in the form of `({'ENV_VARIABLE' => 'VALUE'})`.",
|
156
|
-
default: lazy { {} }
|
157
|
-
|
158
|
-
TIMEOUT_OPTS = %w{duration preserve-status foreground kill-after signal}.freeze
|
159
|
-
TIMEOUT_REGEX = /\A\S+/.freeze
|
160
|
-
|
161
|
-
property :time_out, Hash,
|
162
|
-
description: "A Hash of timeouts in the form of `({'OPTION' => 'VALUE'})`.
|
163
|
-
Accepted valid options are:
|
164
|
-
`preserve-status` (BOOL, default: 'false'),
|
165
|
-
`foreground` (BOOL, default: 'false'),
|
166
|
-
`kill-after` (in seconds),
|
167
|
-
`signal` (a name like 'HUP' or a number)",
|
168
|
-
default: lazy { {} },
|
169
|
-
introduced: "15.7",
|
170
|
-
coerce: proc { |h|
|
171
|
-
if h.is_a?(Hash)
|
172
|
-
invalid_keys = h.keys - TIMEOUT_OPTS
|
173
|
-
unless invalid_keys.empty?
|
174
|
-
error_msg = "Key of option time_out must be equal to one of: \"#{TIMEOUT_OPTS.join('", "')}\"! You passed \"#{invalid_keys.join(", ")}\"."
|
175
|
-
raise Chef::Exceptions::ValidationFailed, error_msg
|
176
|
-
end
|
177
|
-
unless h.values.all? { |x| x =~ TIMEOUT_REGEX }
|
178
|
-
error_msg = "Values of option time_out should be non-empty string without any leading whitespace."
|
179
|
-
raise Chef::Exceptions::ValidationFailed, error_msg
|
180
|
-
end
|
181
|
-
h
|
182
|
-
elsif h.is_a?(Integer) || h.is_a?(String)
|
183
|
-
{ "duration" => h }
|
184
|
-
end
|
185
|
-
}
|
186
|
-
|
187
107
|
property :mode, [String, Integer],
|
188
108
|
description: "The octal mode of the generated crontab file.",
|
189
109
|
default: "0600"
|
@@ -238,7 +158,7 @@ class Chef
|
|
238
158
|
|
239
159
|
# @todo this is Chef 12 era cleanup. Someday we should remove it all
|
240
160
|
template "/etc/cron.d/#{sanitized_name}" do
|
241
|
-
source ::File.expand_path("../support/cron.d.erb",
|
161
|
+
source ::File.expand_path("../support/cron.d.erb", __dir__)
|
242
162
|
local true
|
243
163
|
mode new_resource.mode
|
244
164
|
variables(
|
@@ -28,7 +28,7 @@ class Chef
|
|
28
28
|
provides(:cron_manage) # legacy name @todo in Chef 15 we should { true } this so it wins over the cookbook
|
29
29
|
|
30
30
|
introduced "14.4"
|
31
|
-
description "Use the **cron_access** resource to manage
|
31
|
+
description "Use the **cron_access** resource to manage cron's cron.allow and cron.deny files. Note: This resource previously shipped in the `cron` cookbook as `cron_manage`, which it can still be used as for backwards compatibility with existing Chef Infra Client releases."
|
32
32
|
examples <<~DOC
|
33
33
|
**Add the mike user to cron.allow**
|
34
34
|
|
@@ -58,12 +58,19 @@ class Chef
|
|
58
58
|
description: "An optional property to set the user name if it differs from the resource block's name.",
|
59
59
|
name_property: true
|
60
60
|
|
61
|
+
CRON_PATHS = {
|
62
|
+
"aix" => "/var/adm/cron",
|
63
|
+
"solaris" => "/etc/cron.d",
|
64
|
+
"default" => "/etc",
|
65
|
+
}.freeze
|
66
|
+
|
61
67
|
action :allow do
|
62
68
|
description "Add the user to the cron.allow file."
|
69
|
+
allow_path = ::File.join(value_for_platform_family(CRON_PATHS), "cron.allow")
|
63
70
|
|
64
71
|
with_run_context :root do
|
65
|
-
edit_resource(:template,
|
66
|
-
source ::File.expand_path("
|
72
|
+
edit_resource(:template, allow_path) do |new_resource|
|
73
|
+
source ::File.expand_path("support/cron_access.erb", __dir__)
|
67
74
|
local true
|
68
75
|
mode "0600"
|
69
76
|
variables["users"] ||= []
|
@@ -76,10 +83,11 @@ class Chef
|
|
76
83
|
|
77
84
|
action :deny do
|
78
85
|
description "Add the user to the cron.deny file."
|
86
|
+
deny_path = ::File.join(value_for_platform_family(CRON_PATHS), "cron.deny")
|
79
87
|
|
80
88
|
with_run_context :root do
|
81
|
-
edit_resource(:template,
|
82
|
-
source ::File.expand_path("
|
89
|
+
edit_resource(:template, deny_path) do |new_resource|
|
90
|
+
source ::File.expand_path("support/cron_access.erb", __dir__)
|
83
91
|
local true
|
84
92
|
mode "0600"
|
85
93
|
variables["users"] ||= []
|
data/lib/chef/resource/csh.rb
CHANGED
@@ -38,7 +38,7 @@ class Chef
|
|
38
38
|
end
|
39
39
|
```
|
40
40
|
|
41
|
-
**Install
|
41
|
+
**Install VirtualBox from the .mpkg**:
|
42
42
|
|
43
43
|
```ruby
|
44
44
|
dmg_package 'Virtualbox' do
|
@@ -66,7 +66,7 @@ class Chef
|
|
66
66
|
description: "The remote URL that is used to download the `.dmg` file, if specified."
|
67
67
|
|
68
68
|
property :file, String,
|
69
|
-
description: "The
|
69
|
+
description: "The absolute path to the `.dmg` file on the local system."
|
70
70
|
|
71
71
|
property :owner, [String, Integer],
|
72
72
|
description: "The user that should own the package installation."
|
@@ -27,10 +27,476 @@ class Chef
|
|
27
27
|
|
28
28
|
provides :execute, target_mode: true
|
29
29
|
|
30
|
-
description "Use the **execute** resource to execute a single command. Commands that"
|
31
|
-
|
32
|
-
|
33
|
-
|
30
|
+
description "Use the **execute** resource to execute a single command. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence. Note: Use the **script** resource to execute a script using a specific interpreter (Ruby, Python, Perl, csh, or Bash)."
|
31
|
+
|
32
|
+
examples <<~EXAMPLES
|
33
|
+
**Run a command upon notification**:
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
execute 'slapadd' do
|
37
|
+
command 'slapadd < /tmp/something.ldif'
|
38
|
+
creates '/var/lib/slapd/uid.bdb'
|
39
|
+
|
40
|
+
action :nothing
|
41
|
+
end
|
42
|
+
|
43
|
+
template '/tmp/something.ldif' do
|
44
|
+
source 'something.ldif'
|
45
|
+
|
46
|
+
notifies :run, 'execute[slapadd]', :immediately
|
47
|
+
end
|
48
|
+
```
|
49
|
+
|
50
|
+
**Run a touch file only once while running a command**:
|
51
|
+
|
52
|
+
```ruby
|
53
|
+
execute 'upgrade script' do
|
54
|
+
command 'php upgrade-application.php && touch /var/application/.upgraded'
|
55
|
+
|
56
|
+
creates '/var/application/.upgraded'
|
57
|
+
action :run
|
58
|
+
end
|
59
|
+
```
|
60
|
+
|
61
|
+
**Run a command which requires an environment variable**:
|
62
|
+
|
63
|
+
```ruby
|
64
|
+
execute 'slapadd' do
|
65
|
+
command 'slapadd < /tmp/something.ldif'
|
66
|
+
creates '/var/lib/slapd/uid.bdb'
|
67
|
+
|
68
|
+
action :run
|
69
|
+
environment ({'HOME' => '/home/my_home'})
|
70
|
+
end
|
71
|
+
```
|
72
|
+
|
73
|
+
**Delete a repository using yum to scrub the cache**:
|
74
|
+
|
75
|
+
```ruby
|
76
|
+
# the following code sample thanks to gaffneyc @ https://gist.github.com/918711
|
77
|
+
execute 'clean-yum-cache' do
|
78
|
+
command 'yum clean all'
|
79
|
+
action :nothing
|
80
|
+
end
|
81
|
+
|
82
|
+
file '/etc/yum.repos.d/bad.repo' do
|
83
|
+
action :delete
|
84
|
+
notifies :run, 'execute[clean-yum-cache]', :immediately
|
85
|
+
end
|
86
|
+
```
|
87
|
+
|
88
|
+
**Prevent restart and reconfigure if configuration is broken**:
|
89
|
+
|
90
|
+
Use the `:nothing` action (common to all resources) to prevent the test from
|
91
|
+
starting automatically, and then use the `subscribes` notification to run a
|
92
|
+
configuration test when a change to the template is detected.
|
93
|
+
|
94
|
+
```ruby
|
95
|
+
execute 'test-nagios-config' do
|
96
|
+
command 'nagios3 --verify-config'
|
97
|
+
action :nothing
|
98
|
+
subscribes :run, 'template[/etc/nagios3/configures-nagios.conf]', :immediately
|
99
|
+
end
|
100
|
+
```
|
101
|
+
|
102
|
+
**Notify in a specific order**:
|
103
|
+
|
104
|
+
To notify multiple resources, and then have these resources run in a certain
|
105
|
+
order, do something like the following.
|
106
|
+
|
107
|
+
```ruby
|
108
|
+
execute 'foo' do
|
109
|
+
command '...'
|
110
|
+
notifies :create, 'template[baz]', :immediately
|
111
|
+
notifies :install, 'package[bar]', :immediately
|
112
|
+
notifies :run, 'execute[final]', :immediately
|
113
|
+
end
|
114
|
+
|
115
|
+
template 'baz' do
|
116
|
+
#...
|
117
|
+
notifies :run, 'execute[restart_baz]', :immediately
|
118
|
+
end
|
119
|
+
|
120
|
+
package 'bar'
|
121
|
+
execute 'restart_baz'
|
122
|
+
execute 'final' do
|
123
|
+
command '...'
|
124
|
+
end
|
125
|
+
```
|
126
|
+
|
127
|
+
where the sequencing will be in the same order as the resources are listed in
|
128
|
+
the recipe: `execute 'foo'`, `template 'baz'`, `execute [restart_baz]`,
|
129
|
+
`package 'bar'`, and `execute 'final'`.
|
130
|
+
|
131
|
+
**Execute a command using a template**:
|
132
|
+
|
133
|
+
The following example shows how to set up IPv4 packet forwarding using the
|
134
|
+
**execute** resource to run a command named `forward_ipv4` that uses a template
|
135
|
+
defined by the **template** resource.
|
136
|
+
|
137
|
+
```ruby
|
138
|
+
execute 'forward_ipv4' do
|
139
|
+
command 'echo > /proc/.../ipv4/ip_forward'
|
140
|
+
action :nothing
|
141
|
+
end
|
142
|
+
|
143
|
+
template '/etc/file_name.conf' do
|
144
|
+
source 'routing/file_name.conf.erb'
|
145
|
+
|
146
|
+
notifies :run, 'execute[forward_ipv4]', :delayed
|
147
|
+
end
|
148
|
+
```
|
149
|
+
|
150
|
+
where the `command` property for the **execute** resource contains the command
|
151
|
+
that is to be run and the `source` property for the **template** resource
|
152
|
+
specifies which template to use. The `notifies` property for the **template**
|
153
|
+
specifies that the `execute[forward_ipv4]` (which is defined by the **execute**
|
154
|
+
resource) should be queued up and run at the end of a Chef Infra Client run.
|
155
|
+
|
156
|
+
**Add a rule to an IP table**:
|
157
|
+
|
158
|
+
The following example shows how to add a rule named `test_rule` to an IP table
|
159
|
+
using the **execute** resource to run a command using a template that is defined
|
160
|
+
by the **template** resource:
|
161
|
+
|
162
|
+
```ruby
|
163
|
+
execute 'test_rule' do
|
164
|
+
command 'command_to_run
|
165
|
+
--option value
|
166
|
+
--option value
|
167
|
+
--source \#{node[:name_of_node][:ipsec][:local][:subnet]}
|
168
|
+
-j test_rule'
|
169
|
+
|
170
|
+
action :nothing
|
171
|
+
end
|
172
|
+
|
173
|
+
template '/etc/file_name.local' do
|
174
|
+
source 'routing/file_name.local.erb'
|
175
|
+
notifies :run, 'execute[test_rule]', :delayed
|
176
|
+
end
|
177
|
+
```
|
178
|
+
|
179
|
+
where the `command` property for the **execute** resource contains the command
|
180
|
+
that is to be run and the `source` property for the **template** resource
|
181
|
+
specifies which template to use. The `notifies` property for the **template**
|
182
|
+
specifies that the `execute[test_rule]` (which is defined by the **execute**
|
183
|
+
resource) should be queued up and run at the end of a Chef Infra Client run.
|
184
|
+
|
185
|
+
**Stop a service, do stuff, and then restart it**:
|
186
|
+
|
187
|
+
The following example shows how to use the **execute**, **service**, and
|
188
|
+
**mount** resources together to ensure that a node running on Amazon EC2 is
|
189
|
+
running MySQL. This example does the following:
|
190
|
+
|
191
|
+
- Checks to see if the Amazon EC2 node has MySQL
|
192
|
+
- If the node has MySQL, stops MySQL
|
193
|
+
- Installs MySQL
|
194
|
+
- Mounts the node
|
195
|
+
- Restarts MySQL
|
196
|
+
|
197
|
+
```ruby
|
198
|
+
# the following code sample comes from the ``server_ec2``
|
199
|
+
# recipe in the following cookbook:
|
200
|
+
# https://github.com/chef-cookbooks/mysql
|
201
|
+
|
202
|
+
if (node.attribute?('ec2') && !FileTest.directory?(node['mysql']['ec2_path']))
|
203
|
+
service 'mysql' do
|
204
|
+
action :stop
|
205
|
+
end
|
206
|
+
|
207
|
+
execute 'install-mysql' do
|
208
|
+
command "mv \#{node['mysql']['data_dir']} \#{node['mysql']['ec2_path']}"
|
209
|
+
not_if { ::File.directory?(node['mysql']['ec2_path']) }
|
210
|
+
end
|
211
|
+
|
212
|
+
[node['mysql']['ec2_path'], node['mysql']['data_dir']].each do |dir|
|
213
|
+
directory dir do
|
214
|
+
owner 'mysql'
|
215
|
+
group 'mysql'
|
216
|
+
end
|
217
|
+
end
|
218
|
+
|
219
|
+
mount node['mysql']['data_dir'] do
|
220
|
+
device node['mysql']['ec2_path']
|
221
|
+
fstype 'none'
|
222
|
+
options 'bind,rw'
|
223
|
+
action [:mount, :enable]
|
224
|
+
end
|
225
|
+
|
226
|
+
service 'mysql' do
|
227
|
+
action :start
|
228
|
+
end
|
229
|
+
end
|
230
|
+
```
|
231
|
+
|
232
|
+
where
|
233
|
+
|
234
|
+
- the two **service** resources are used to stop, and then restart the MySQL service
|
235
|
+
- the **execute** resource is used to install MySQL
|
236
|
+
- the **mount** resource is used to mount the node and enable MySQL
|
237
|
+
|
238
|
+
**Use the platform_family? method**:
|
239
|
+
|
240
|
+
The following is an example of using the `platform_family?` method in the Recipe
|
241
|
+
DSL to create a variable that can be used with other resources in the same
|
242
|
+
recipe. In this example, `platform_family?` is being used to ensure that a
|
243
|
+
specific binary is used for a specific platform before using the **remote_file**
|
244
|
+
resource to download a file from a remote location, and then using the
|
245
|
+
**execute** resource to install that file by running a command.
|
246
|
+
|
247
|
+
```ruby
|
248
|
+
if platform_family?('rhel')
|
249
|
+
pip_binary = '/usr/bin/pip'
|
250
|
+
else
|
251
|
+
pip_binary = '/usr/local/bin/pip'
|
252
|
+
end
|
253
|
+
|
254
|
+
remote_file "\#{Chef::Config[:file_cache_path]}/distribute_setup.py" do
|
255
|
+
source 'http://python-distribute.org/distribute_setup.py'
|
256
|
+
mode '0755'
|
257
|
+
not_if { ::File.exist?(pip_binary) }
|
258
|
+
end
|
259
|
+
|
260
|
+
execute 'install-pip' do
|
261
|
+
cwd Chef::Config[:file_cache_path]
|
262
|
+
command <<~EOF
|
263
|
+
# command for installing Python goes here
|
264
|
+
EOF
|
265
|
+
not_if { ::File.exist?(pip_binary) }
|
266
|
+
end
|
267
|
+
```
|
268
|
+
|
269
|
+
where a command for installing Python might look something like:
|
270
|
+
|
271
|
+
```ruby
|
272
|
+
\#{node['python']['binary']} distribute_setup.py \#{::File.dirname(pip_binary)}/easy_install pip
|
273
|
+
```
|
274
|
+
|
275
|
+
**Control a service using the execute resource**:
|
276
|
+
|
277
|
+
<div class="admonition-warning">
|
278
|
+
<p class="admonition-warning-title">Warning</p>
|
279
|
+
<div class="admonition-warning-text">
|
280
|
+
This is an example of something that should NOT be done. Use the **service**
|
281
|
+
resource to control a service, not the **execute** resource.
|
282
|
+
</div>
|
283
|
+
</div>
|
284
|
+
|
285
|
+
Do something like this:
|
286
|
+
|
287
|
+
```ruby
|
288
|
+
service 'tomcat' do
|
289
|
+
action :start
|
290
|
+
end
|
291
|
+
```
|
292
|
+
|
293
|
+
and NOT something like this:
|
294
|
+
|
295
|
+
```ruby
|
296
|
+
execute 'start-tomcat' do
|
297
|
+
command '/etc/init.d/tomcat start'
|
298
|
+
action :run
|
299
|
+
end
|
300
|
+
```
|
301
|
+
|
302
|
+
There is no reason to use the **execute** resource to control a service because
|
303
|
+
the **service** resource exposes the `start_command` property directly, which
|
304
|
+
gives a recipe full control over the command issued in a much cleaner, more
|
305
|
+
direct manner.
|
306
|
+
|
307
|
+
**Use the search recipe DSL method to find users**:
|
308
|
+
|
309
|
+
The following example shows how to use the `search` method in the Recipe DSL to
|
310
|
+
search for users:
|
311
|
+
|
312
|
+
```ruby
|
313
|
+
# the following code sample comes from the openvpn cookbook:
|
314
|
+
|
315
|
+
search("users", "*:*") do |u|
|
316
|
+
execute "generate-openvpn-\#{u['id']}" do
|
317
|
+
command "./pkitool \#{u['id']}"
|
318
|
+
cwd '/etc/openvpn/easy-rsa'
|
319
|
+
end
|
320
|
+
|
321
|
+
%w{ conf ovpn }.each do |ext|
|
322
|
+
template "\#{node['openvpn']['key_dir']}/\#{u['id']}.\#{ext}" do
|
323
|
+
source 'client.conf.erb'
|
324
|
+
variables :username => u['id']
|
325
|
+
end
|
326
|
+
end
|
327
|
+
end
|
328
|
+
```
|
329
|
+
|
330
|
+
where
|
331
|
+
|
332
|
+
- the search data will be used to create **execute** resources
|
333
|
+
- the **template** resource tells Chef Infra Client which template to use
|
334
|
+
|
335
|
+
**Enable remote login for macOS**:
|
336
|
+
|
337
|
+
```ruby
|
338
|
+
execute 'enable ssh' do
|
339
|
+
command '/usr/sbin/systemsetup -setremotelogin on'
|
340
|
+
not_if '/usr/sbin/systemsetup -getremotelogin | /usr/bin/grep On'
|
341
|
+
action :run
|
342
|
+
end
|
343
|
+
```
|
344
|
+
|
345
|
+
**Execute code immediately, based on the template resource**:
|
346
|
+
|
347
|
+
By default, notifications are `:delayed`, that is they are queued up as they are
|
348
|
+
triggered, and then executed at the very end of a Chef Infra Client run. To run
|
349
|
+
kan action immediately, use `:immediately`:
|
350
|
+
|
351
|
+
```ruby
|
352
|
+
template '/etc/nagios3/configures-nagios.conf' do
|
353
|
+
# other parameters
|
354
|
+
notifies :run, 'execute[test-nagios-config]', :immediately
|
355
|
+
end
|
356
|
+
```
|
357
|
+
|
358
|
+
and then Chef Infra Client would immediately run the following:
|
359
|
+
|
360
|
+
```ruby
|
361
|
+
execute 'test-nagios-config' do
|
362
|
+
command 'nagios3 --verify-config'
|
363
|
+
action :nothing
|
364
|
+
end
|
365
|
+
```
|
366
|
+
|
367
|
+
**Sourcing a file**:
|
368
|
+
|
369
|
+
The **execute** resource cannot be used to source a file (e.g. `command 'source
|
370
|
+
filename'`). The following example will fail because `source` is not an
|
371
|
+
executable:
|
372
|
+
|
373
|
+
```ruby
|
374
|
+
execute 'foo' do
|
375
|
+
command 'source /tmp/foo.sh'
|
376
|
+
end
|
377
|
+
```
|
378
|
+
|
379
|
+
|
380
|
+
Instead, use the **script** resource or one of the **script**-based resources
|
381
|
+
(**bash**, **csh**, **perl**, **python**, or **ruby**). For example:
|
382
|
+
|
383
|
+
```ruby
|
384
|
+
bash 'foo' do
|
385
|
+
code 'source /tmp/foo.sh'
|
386
|
+
end
|
387
|
+
```
|
388
|
+
|
389
|
+
**Run a Knife command**:
|
390
|
+
|
391
|
+
```ruby
|
392
|
+
execute 'create_user' do
|
393
|
+
command <<~EOM
|
394
|
+
knife user create \#{user}
|
395
|
+
--admin
|
396
|
+
--password password
|
397
|
+
--disable-editing
|
398
|
+
--file /home/vagrant/.chef/user.pem
|
399
|
+
--config /tmp/knife-admin.rb
|
400
|
+
EOM
|
401
|
+
end
|
402
|
+
```
|
403
|
+
|
404
|
+
**Run install command into virtual environment**:
|
405
|
+
|
406
|
+
The following example shows how to install a lightweight JavaScript framework
|
407
|
+
into Vagrant:
|
408
|
+
|
409
|
+
```ruby
|
410
|
+
execute "install q and zombiejs" do
|
411
|
+
cwd "/home/vagrant"
|
412
|
+
user "vagrant"
|
413
|
+
environment ({'HOME' => '/home/vagrant', 'USER' => 'vagrant'})
|
414
|
+
command "npm install -g q zombie should mocha coffee-script"
|
415
|
+
action :run
|
416
|
+
end
|
417
|
+
```
|
418
|
+
|
419
|
+
**Run a command as a named user**:
|
420
|
+
|
421
|
+
The following example shows how to run `bundle install` from a Chef Infra Client
|
422
|
+
run as a specific user. This will put the gem into the path of the user
|
423
|
+
(`vagrant`) instead of the root user (under which the Chef Infra Client runs):
|
424
|
+
|
425
|
+
```ruby
|
426
|
+
execute '/opt/chefdk/embedded/bin/bundle install' do
|
427
|
+
cwd node['chef_workstation']['bundler_path']
|
428
|
+
user node['chef_workstation']['user']
|
429
|
+
|
430
|
+
environment ({
|
431
|
+
'HOME' => "/home/\#{node['chef_workstation']['user']}",
|
432
|
+
'USER' => node['chef_workstation']['user']
|
433
|
+
})
|
434
|
+
not_if 'bundle check'
|
435
|
+
end
|
436
|
+
```
|
437
|
+
|
438
|
+
**Run a command as an alternate user**:
|
439
|
+
|
440
|
+
*Note*: When Chef is running as a service, this feature requires that the user
|
441
|
+
that Chef runs as has 'SeAssignPrimaryTokenPrivilege' (aka
|
442
|
+
'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and
|
443
|
+
NetworkService have this right when running as a service. This is necessary
|
444
|
+
even if the user is an Administrator.
|
445
|
+
|
446
|
+
This right can be added and checked in a recipe using this example:
|
447
|
+
|
448
|
+
```ruby
|
449
|
+
# Add 'SeAssignPrimaryTokenPrivilege' for the user
|
450
|
+
Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')
|
451
|
+
|
452
|
+
# Check if the user has 'SeAssignPrimaryTokenPrivilege' rights
|
453
|
+
Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege')
|
454
|
+
```
|
455
|
+
|
456
|
+
The following example shows how to run `mkdir test_dir` from a Chef Infra Client
|
457
|
+
run as an alternate user.
|
458
|
+
|
459
|
+
```ruby
|
460
|
+
# Passing only username and password
|
461
|
+
execute 'mkdir test_dir' do
|
462
|
+
cwd Chef::Config[:file_cache_path]
|
463
|
+
|
464
|
+
user "username"
|
465
|
+
password "password"
|
466
|
+
end
|
467
|
+
|
468
|
+
# Passing username and domain
|
469
|
+
execute 'mkdir test_dir' do
|
470
|
+
cwd Chef::Config[:file_cache_path]
|
471
|
+
|
472
|
+
domain "domain-name"
|
473
|
+
user "user"
|
474
|
+
password "password"
|
475
|
+
end
|
476
|
+
|
477
|
+
# Passing username = 'domain-name\\username'. No domain is passed
|
478
|
+
execute 'mkdir test_dir' do
|
479
|
+
cwd Chef::Config[:file_cache_path]
|
480
|
+
|
481
|
+
user "domain-name\\username"
|
482
|
+
password "password"
|
483
|
+
end
|
484
|
+
|
485
|
+
# Passing username = 'username@domain-name'. No domain is passed
|
486
|
+
execute 'mkdir test_dir' do
|
487
|
+
cwd Chef::Config[:file_cache_path]
|
488
|
+
|
489
|
+
user "username@domain-name"
|
490
|
+
password "password"
|
491
|
+
end
|
492
|
+
```
|
493
|
+
|
494
|
+
**Run a command with an external input file**:
|
495
|
+
|
496
|
+
execute 'md5sum' do
|
497
|
+
input File.read(__FILE__)
|
498
|
+
end
|
499
|
+
EXAMPLES
|
34
500
|
|
35
501
|
# The ResourceGuardInterpreter wraps a resource's guards in another resource. That inner resource
|
36
502
|
# needs to behave differently during (for example) why_run mode, so we flag it here. For why_run mode
|
@@ -62,13 +528,13 @@ class Chef
|
|
62
528
|
description: "The current working directory from which the command will be run."
|
63
529
|
|
64
530
|
property :environment, Hash,
|
65
|
-
description: "A Hash of environment variables in the form of ({'ENV_VARIABLE' => 'VALUE'})."
|
531
|
+
description: "A Hash of environment variables in the form of `({'ENV_VARIABLE' => 'VALUE'})`. **Note**: These variables must exist for a command to be run successfully."
|
66
532
|
|
67
533
|
property :group, [ String, Integer ],
|
68
534
|
description: "The group name or group ID that must be changed before running a command."
|
69
535
|
|
70
536
|
property :live_stream, [ TrueClass, FalseClass ], default: false,
|
71
|
-
description: "Send the output of the command run by this execute resource block to the #{Chef::Dist::
|
537
|
+
description: "Send the output of the command run by this execute resource block to the #{Chef::Dist::PRODUCT} event stream."
|
72
538
|
|
73
539
|
# default_env defaults to `false` so that the command execution more exactly matches what the user gets on the command line without magic
|
74
540
|
property :default_env, [ TrueClass, FalseClass ], desired_state: false, default: false,
|
@@ -96,13 +562,17 @@ class Chef
|
|
96
562
|
|
97
563
|
# lazy used to set default value of sensitive to true if password is set
|
98
564
|
property :sensitive, [ TrueClass, FalseClass ],
|
99
|
-
description: "Ensure that sensitive resource data is not logged by the #{Chef::Dist::
|
565
|
+
description: "Ensure that sensitive resource data is not logged by the #{Chef::Dist::PRODUCT}.",
|
100
566
|
default: lazy { password ? true : false }, default_description: "True if the password property is set. False otherwise."
|
101
567
|
|
102
568
|
property :elevated, [ TrueClass, FalseClass ], default: false,
|
103
569
|
description: "Determines whether the script will run with elevated permissions to circumvent User Access Control (UAC) interactively blocking the process.\nThis will cause the process to be run under a batch login instead of an interactive login. The user running #{Chef::Dist::CLIENT} needs the 'Replace a process level token' and 'Adjust Memory Quotas for a process' permissions. The user that is running the command needs the 'Log on as a batch job' permission.\nBecause this requires a login, the user and password properties are required.",
|
104
570
|
introduced: "13.3"
|
105
571
|
|
572
|
+
property :input, [String],
|
573
|
+
introduced: "16.2",
|
574
|
+
description: "An optional property to set the input sent to the command as STDIN."
|
575
|
+
|
106
576
|
alias :env :environment
|
107
577
|
|
108
578
|
def self.set_guard_inherited_attributes(*inherited_attributes)
|
@@ -160,11 +630,11 @@ class Chef
|
|
160
630
|
end
|
161
631
|
|
162
632
|
# if domain is provided in both username and domain
|
163
|
-
if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
|
633
|
+
if specified_user.is_a?(String) && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
|
164
634
|
raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
|
165
635
|
end
|
166
636
|
|
167
|
-
if
|
637
|
+
if specified_user.is_a?(String) && specified_domain.nil?
|
168
638
|
# Splitting username of format: Domain\Username
|
169
639
|
domain_and_user = user.split('\\')
|
170
640
|
|