chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -5
- data/chef.gemspec +3 -0
- data/lib/chef/application/base.rb +11 -1
- data/lib/chef/application.rb +3 -1
- data/lib/chef/client.rb +2 -3
- data/lib/chef/compliance/default_attributes.rb +5 -3
- data/lib/chef/compliance/input.rb +115 -0
- data/lib/chef/compliance/input_collection.rb +139 -0
- data/lib/chef/compliance/profile.rb +122 -0
- data/lib/chef/compliance/profile_collection.rb +109 -0
- data/lib/chef/compliance/reporter/automate.rb +1 -1
- data/lib/chef/compliance/runner.rb +62 -6
- data/lib/chef/compliance/waiver.rb +115 -0
- data/lib/chef/compliance/waiver_collection.rb +143 -0
- data/lib/chef/data_bag.rb +1 -2
- data/lib/chef/data_bag_item.rb +1 -2
- data/lib/chef/deprecated.rb +10 -4
- data/lib/chef/dsl/compliance.rb +38 -0
- data/lib/chef/dsl/reader_helpers.rb +51 -0
- data/lib/chef/dsl/recipe.rb +4 -2
- data/lib/chef/dsl/render_helpers.rb +44 -0
- data/lib/chef/dsl/secret.rb +62 -0
- data/lib/chef/dsl/toml.rb +116 -0
- data/lib/chef/dsl/universal.rb +7 -0
- data/lib/chef/dsl.rb +1 -0
- data/lib/chef/event_dispatch/base.rb +44 -2
- data/lib/chef/exceptions.rb +20 -0
- data/lib/chef/formatters/doc.rb +60 -13
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/formatters/minimal.rb +6 -5
- data/lib/chef/handler/slow_report.rb +1 -1
- data/lib/chef/http/basic_client.rb +15 -7
- data/lib/chef/http.rb +12 -8
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/policy_builder/policyfile.rb +88 -45
- data/lib/chef/provider/execute.rb +1 -1
- data/lib/chef/provider/file.rb +4 -2
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/launchd.rb +6 -6
- data/lib/chef/provider/link.rb +2 -2
- data/lib/chef/provider/lwrp_base.rb +1 -1
- data/lib/chef/provider/package/habitat.rb +168 -0
- data/lib/chef/provider/package/powershell.rb +5 -0
- data/lib/chef/provider/registry_key.rb +3 -2
- data/lib/chef/provider/remote_file/http.rb +1 -1
- data/lib/chef/provider/subversion.rb +4 -4
- data/lib/chef/provider/support/yum_repo.erb +1 -1
- data/lib/chef/provider/systemd_unit.rb +17 -16
- data/lib/chef/provider/template.rb +1 -1
- data/lib/chef/provider/user/mac.rb +3 -3
- data/lib/chef/provider/yum_repository.rb +27 -43
- data/lib/chef/provider/zypper_repository.rb +3 -3
- data/lib/chef/provider.rb +26 -1
- data/lib/chef/provider_resolver.rb +8 -2
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource/archive_file.rb +17 -14
- data/lib/chef/resource/chef_client_config.rb +7 -2
- data/lib/chef/resource/chef_client_cron.rb +1 -1
- data/lib/chef/resource/chef_client_launchd.rb +1 -1
- data/lib/chef/resource/chef_client_scheduled_task.rb +46 -3
- data/lib/chef/resource/chef_client_systemd_timer.rb +1 -1
- data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
- data/lib/chef/resource/chef_vault_secret.rb +2 -2
- data/lib/chef/resource/chocolatey_config.rb +13 -13
- data/lib/chef/resource/dsc_resource.rb +1 -1
- data/lib/chef/resource/execute.rb +5 -5
- data/lib/chef/resource/file/verification/json.rb +50 -0
- data/lib/chef/resource/file/verification/yaml.rb +52 -0
- data/lib/chef/resource/gem_package.rb +2 -1
- data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
- data/lib/chef/resource/habitat/habitat_package.rb +129 -0
- data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
- data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
- data/lib/chef/resource/habitat_config.rb +107 -0
- data/lib/chef/resource/habitat_install.rb +247 -0
- data/lib/chef/resource/habitat_service.rb +451 -0
- data/lib/chef/resource/habitat_user_toml.rb +92 -0
- data/lib/chef/resource/homebrew_cask.rb +1 -1
- data/lib/chef/resource/inspec_input.rb +128 -0
- data/lib/chef/resource/inspec_waiver.rb +185 -0
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -2
- data/lib/chef/resource/launchd.rb +3 -3
- data/lib/chef/resource/lwrp_base.rb +1 -1
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/registry_key.rb +36 -48
- data/lib/chef/resource/remote_file.rb +99 -3
- data/lib/chef/resource/rhsm_subscription.rb +5 -5
- data/lib/chef/resource/ruby_block.rb +100 -0
- data/lib/chef/resource/scm/subversion.rb +1 -1
- data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
- data/lib/chef/resource/support/client.erb +8 -1
- data/lib/chef/resource/support/sup.toml.erb +179 -0
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +3 -3
- data/lib/chef/resource/timezone.rb +2 -2
- data/lib/chef/resource/user_ulimit.rb +1 -0
- data/lib/chef/resource/windows_defender.rb +163 -0
- data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
- data/lib/chef/resource/windows_printer.rb +78 -44
- data/lib/chef/resource/windows_printer_port.rb +1 -1
- data/lib/chef/resource/windows_uac.rb +3 -1
- data/lib/chef/resource/windows_update_settings.rb +259 -0
- data/lib/chef/resource/windows_user_privilege.rb +1 -1
- data/lib/chef/resource/yum_package.rb +1 -5
- data/lib/chef/resource.rb +13 -17
- data/lib/chef/resource_inspector.rb +6 -2
- data/lib/chef/resources.rb +14 -1
- data/lib/chef/run_context/cookbook_compiler.rb +112 -28
- data/lib/chef/run_context.rb +31 -1
- data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
- data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
- data/lib/chef/secret_fetcher/base.rb +76 -0
- data/lib/chef/secret_fetcher/example.rb +46 -0
- data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
- data/lib/chef/secret_fetcher.rb +61 -0
- data/lib/chef/version.rb +1 -1
- data/spec/data/archive_file/test_archive.tar.gz +0 -0
- data/spec/functional/mixin/from_file_spec.rb +1 -1
- data/spec/functional/resource/archive_file_spec.rb +87 -0
- data/spec/functional/resource/group_spec.rb +5 -1
- data/spec/functional/resource/link_spec.rb +8 -0
- data/spec/integration/compliance/compliance_spec.rb +61 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
- data/spec/integration/recipes/resource_action_spec.rb +6 -6
- data/spec/spec_helper.rb +3 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +51 -0
- data/spec/support/shared/unit/provider/file.rb +2 -8
- data/spec/unit/compliance/input_spec.rb +104 -0
- data/spec/unit/compliance/profile_spec.rb +120 -0
- data/spec/unit/compliance/runner_spec.rb +46 -2
- data/spec/unit/compliance/waiver_spec.rb +104 -0
- data/spec/unit/data_bag_item_spec.rb +2 -2
- data/spec/unit/data_bag_spec.rb +1 -1
- data/spec/unit/dsl/render_helpers_spec.rb +102 -0
- data/spec/unit/dsl/secret_spec.rb +71 -0
- data/spec/unit/formatters/doc_spec.rb +1 -1
- data/spec/unit/http/basic_client_spec.rb +30 -0
- data/spec/unit/http_spec.rb +8 -2
- data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
- data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
- data/spec/unit/provider/apt_update_spec.rb +3 -1
- data/spec/unit/provider/link_spec.rb +13 -7
- data/spec/unit/provider/mount/aix_spec.rb +1 -1
- data/spec/unit/provider/package/powershell_spec.rb +74 -12
- data/spec/unit/provider/remote_file/http_spec.rb +10 -0
- data/spec/unit/provider/template_spec.rb +2 -2
- data/spec/unit/provider_spec.rb +23 -0
- data/spec/unit/resource/archive_file_spec.rb +414 -3
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
- data/spec/unit/resource/file/verification/json_spec.rb +72 -0
- data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
- data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
- data/spec/unit/resource/inspec_input_spec.rb +300 -0
- data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
- data/spec/unit/resource/mount_spec.rb +10 -0
- data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource/user_ulimit_spec.rb +14 -1
- data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
- data/spec/unit/resource/windows_defender_spec.rb +71 -0
- data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
- data/spec/unit/resource_spec.rb +19 -8
- data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
- data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
- data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
- data/spec/unit/secret_fetcher_spec.rb +82 -0
- data/tasks/rspec.rb +2 -1
- metadata +106 -7
@@ -0,0 +1,329 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Chef Software, Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require_relative "../../resource"
|
19
|
+
|
20
|
+
class Chef
|
21
|
+
class Resource
|
22
|
+
class HabitatSup < Chef::Resource
|
23
|
+
unified_mode true
|
24
|
+
|
25
|
+
provides :habitat_sup do |_node|
|
26
|
+
false
|
27
|
+
end
|
28
|
+
|
29
|
+
description "Use the **habitat_sup** resource to runs a Chef Habitat supervisor for one or more Chef Habitat services. The resource is commonly used in conjunction with `habitat_service` which will manage the services loaded and started within the supervisor."
|
30
|
+
introduced "17.3"
|
31
|
+
examples <<~DOC
|
32
|
+
**Set up with just the defaults**
|
33
|
+
|
34
|
+
```ruby
|
35
|
+
habitat_sup 'default'
|
36
|
+
```
|
37
|
+
|
38
|
+
**Update listen ports and use Supervisor toml config**
|
39
|
+
|
40
|
+
```ruby
|
41
|
+
habitat_sup 'test-options' do
|
42
|
+
listen_http '0.0.0.0:9999'
|
43
|
+
listen_gossip '0.0.0.0:9998'
|
44
|
+
toml_config true
|
45
|
+
end
|
46
|
+
```
|
47
|
+
|
48
|
+
**Use with an on-prem Habitat Builder. Note: Access to public builder may not be available due to your company policies**
|
49
|
+
|
50
|
+
```ruby
|
51
|
+
habitat_sup 'default' do
|
52
|
+
bldr_url 'https://bldr.private.net'
|
53
|
+
end
|
54
|
+
```
|
55
|
+
|
56
|
+
**Using update_condition**
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
habitat_sup 'default' do
|
60
|
+
bldr_url 'https://bldr.private.net'
|
61
|
+
habitat_channel 'dev'
|
62
|
+
update_condition 'track-channel'
|
63
|
+
end
|
64
|
+
```
|
65
|
+
|
66
|
+
**Provide event_stream_* information**
|
67
|
+
|
68
|
+
```ruby
|
69
|
+
habitat_sup 'default' do
|
70
|
+
license 'accept'
|
71
|
+
event_stream_application 'myapp'
|
72
|
+
event_stream_environment 'production'
|
73
|
+
event_stream_site 'MySite'
|
74
|
+
event_stream_url 'automate.private.net:4222'
|
75
|
+
event_stream_token 'myawesomea2clitoken='
|
76
|
+
event_stream_cert '/hab/cache/ssl/mycert.crt'
|
77
|
+
end
|
78
|
+
```
|
79
|
+
|
80
|
+
**Provide specific versions**
|
81
|
+
|
82
|
+
```ruby
|
83
|
+
habitat_sup 'default' do
|
84
|
+
bldr_url 'https://bldr.private.net'
|
85
|
+
sup_version '1.5.50'
|
86
|
+
launcher_version '13458'
|
87
|
+
service_version '0.6.0' # WINDOWS ONLY
|
88
|
+
end
|
89
|
+
```
|
90
|
+
|
91
|
+
**Set latest version of packages to retain**
|
92
|
+
|
93
|
+
habitat_sup 'default' do
|
94
|
+
bldr_url 'https://bldr.private.net'
|
95
|
+
sup_version '1.5.86'
|
96
|
+
launcher_version '13458'
|
97
|
+
service_version '0.6.0' # WINDOWS ONLY
|
98
|
+
keep_latest '2'
|
99
|
+
end
|
100
|
+
```
|
101
|
+
DOC
|
102
|
+
|
103
|
+
property :bldr_url, String,
|
104
|
+
description: "The Habitat Builder URL for the `habitat_package` resource, if needed."
|
105
|
+
|
106
|
+
property :permanent_peer, [true, false], default: false,
|
107
|
+
description: "Only valid for `:run` action, passes `--permanent-peer` to the hab command."
|
108
|
+
|
109
|
+
property :listen_ctl, String,
|
110
|
+
description: "Only valid for `:run` action, passes `--listen-ctl` with the specified address and port, e.g., `0.0.0.0:9632`, to the hab command."
|
111
|
+
|
112
|
+
property :listen_gossip, String,
|
113
|
+
description: "Only valid for `:run` action, passes `--listen-gossip` with the specified address and port, e.g., `0.0.0.0:9638`, to the hab command."
|
114
|
+
|
115
|
+
property :listen_http, String,
|
116
|
+
description: "Only valid for `:run` action, passes `--listen-http` with the specified address and port, e.g., `0.0.0.0:9631`, to the hab command."
|
117
|
+
|
118
|
+
property :org, String, default: "default",
|
119
|
+
description: "Only valid for `:run` action, passes `--org` with the specified org name to the hab command."
|
120
|
+
|
121
|
+
property :peer, [String, Array], coerce: proc { |b| b.is_a?(String) ? [b] : b },
|
122
|
+
description: "Only valid for `:run` action, passes `--peer` with the specified initial peer to the hab command."
|
123
|
+
|
124
|
+
property :ring, String,
|
125
|
+
description: "Only valid for `:run` action, passes `--ring` with the specified ring key name to the hab command."
|
126
|
+
|
127
|
+
property :hab_channel, String,
|
128
|
+
description: "The channel to install Habitat from. Defaults to stable"
|
129
|
+
|
130
|
+
property :auto_update, [true, false], default: false,
|
131
|
+
description: "Passes `--auto-update`. This will set the Habitat supervisor to automatically update itself any time a stable version has been released."
|
132
|
+
|
133
|
+
property :auth_token, String,
|
134
|
+
description: "Auth token for accessing a private organization on bldr. This value is templated into the appropriate service file."
|
135
|
+
|
136
|
+
property :gateway_auth_token, String,
|
137
|
+
description: "Auth token for accessing the supervisor's HTTP gateway. This value is templated into the appropriate service file."
|
138
|
+
|
139
|
+
property :update_condition, String,
|
140
|
+
description: "Passes `--update-condition` dictating when this service should updated. Defaults to `latest`. Options are `latest` or `track-channel` **_Note: This requires a minimum habitat version of 1.5.71_**
|
141
|
+
- `latest`: Runs the latest package that can be found in the configured channel and local packages.
|
142
|
+
- `track-channel`: Always run what is at the head of a given channel. This enables service rollback where demoting a package from a channel will cause the package to rollback to an older version of the package. A ramification of enabling this condition is packages newer than the package at the head of the channel will be automatically uninstalled during a service rollback."
|
143
|
+
|
144
|
+
property :limit_no_files, String,
|
145
|
+
description: "allows you to set LimitNOFILE in the systemd service when used Note: Linux Only."
|
146
|
+
|
147
|
+
property :license, String, equal_to: ["accept"],
|
148
|
+
description: "Specifies acceptance of habitat license when set to `accept`."
|
149
|
+
|
150
|
+
property :health_check_interval, [String, Integer], coerce: proc { |h| h.is_a?(String) ? h : h.to_s },
|
151
|
+
description: "The interval (seconds) on which to run health checks."
|
152
|
+
|
153
|
+
property :event_stream_application, String,
|
154
|
+
description: "The name of your application that will be displayed in the Chef Automate Applications Dashboard."
|
155
|
+
|
156
|
+
property :event_stream_environment, String,
|
157
|
+
description: "The application environment for the supervisor, this is for grouping in the Applications Dashboard."
|
158
|
+
|
159
|
+
property :event_stream_site, String,
|
160
|
+
description: "Application Dashboard label for the 'site' of the application - can be filtered in the dashboard."
|
161
|
+
|
162
|
+
property :event_stream_url, String,
|
163
|
+
description: "`AUTOMATE_HOSTNAME:4222` - the Chef Automate URL with port 4222 specified Note: The port can be changed if needed."
|
164
|
+
|
165
|
+
property :event_stream_token, String,
|
166
|
+
description: "Chef Automate token for sending application event stream data."
|
167
|
+
|
168
|
+
property :event_stream_cert, String,
|
169
|
+
description: "With `Intermediary Certificates` or, Automate 2 being set to use TLS with a valid cert, you will need to provide `Habitat` with your certificate for communication with Automate to work. [Follow these steps!](https://automate.chef.io/docs/applications-setup/#share-the-tls-certificate-with-chef-habitat)."
|
170
|
+
|
171
|
+
property :sup_version, String,
|
172
|
+
description: "Allows you to choose which version of supervisor you would like to install. Note: If a version is provided, it will also install that version of habitat if not previously installed."
|
173
|
+
|
174
|
+
property :launcher_version, String,
|
175
|
+
description: "Allows you to choose which version of launcher to install."
|
176
|
+
|
177
|
+
property :service_version, String, # Windows only
|
178
|
+
description: "Allows you to choose which version of the **_Windows Service_** to install."
|
179
|
+
|
180
|
+
property :keep_latest, String,
|
181
|
+
description: "Automatically cleans up old packages. If this flag is enabled, service startup will initiate an uninstall of all previous versions of the associated package. This also applies when a service is restarted due to an update. If a number is passed to this argument, that number of latest versions will be kept. The same logic applies to the Supervisor package `env:HAB_KEEP_LATEST_PACKAGES=1` Note: This requires Habitat version `1.5.86+`"
|
182
|
+
|
183
|
+
property :toml_config, [true, false], default: false,
|
184
|
+
description: "Supports using the Supervisor toml configuration instead of passing exec parameters to the service, [reference](https://www.habitat.sh/docs/reference/#supervisor-config)."
|
185
|
+
|
186
|
+
action :run, description: "The `run` action handles installing Habitat using the `habitat_install` resource, ensures that the appropriate versions of the `core/hab-sup` and `core/hab-launcher` packages are installed using `habitat_package`, and then drops off the appropriate init system definitions and manages the service." do
|
187
|
+
habitat_install new_resource.name do
|
188
|
+
license new_resource.license
|
189
|
+
hab_version new_resource.sup_version if new_resource.sup_version
|
190
|
+
not_if { ::File.exist?("/bin/hab") }
|
191
|
+
not_if { ::File.exist?("/usr/bin/hab") }
|
192
|
+
not_if { ::File.exist?("c:/habitat/hab.exe") }
|
193
|
+
not_if { ::File.exist?("c:/ProgramData/Habitat/hab.exe") }
|
194
|
+
end
|
195
|
+
|
196
|
+
habitat_package "core/hab-sup" do
|
197
|
+
bldr_url new_resource.bldr_url if new_resource.bldr_url
|
198
|
+
version new_resource.sup_version if new_resource.sup_version
|
199
|
+
end
|
200
|
+
|
201
|
+
habitat_package "core/hab-launcher" do
|
202
|
+
bldr_url new_resource.bldr_url if new_resource.bldr_url
|
203
|
+
version new_resource.launcher_version if new_resource.launcher_version
|
204
|
+
end
|
205
|
+
|
206
|
+
if windows?
|
207
|
+
directory "C:/hab/sup/default/config" do
|
208
|
+
recursive true
|
209
|
+
only_if { ::Dir.exist?("C:/hab") }
|
210
|
+
only_if { use_toml_config }
|
211
|
+
action :create
|
212
|
+
end
|
213
|
+
|
214
|
+
template "C:/hab/sup/default/config/sup.toml" do
|
215
|
+
source ::File.expand_path("../support/sup.toml.erb", __dir__)
|
216
|
+
local true
|
217
|
+
sensitive true
|
218
|
+
variables(
|
219
|
+
bldr_url: new_resource.bldr_url,
|
220
|
+
permanent_peer: new_resource.permanent_peer,
|
221
|
+
listen_ctl: new_resource.listen_ctl,
|
222
|
+
listen_gossip: new_resource.listen_gossip,
|
223
|
+
listen_http: new_resource.listen_http,
|
224
|
+
organization: new_resource.org,
|
225
|
+
peer: peer_list_with_port,
|
226
|
+
ring: new_resource.ring,
|
227
|
+
auto_update: new_resource.auto_update,
|
228
|
+
update_condition: new_resource.update_condition,
|
229
|
+
health_check_interval: new_resource.health_check_interval,
|
230
|
+
event_stream_application: new_resource.event_stream_application,
|
231
|
+
event_stream_environment: new_resource.event_stream_environment,
|
232
|
+
event_stream_site: new_resource.event_stream_site,
|
233
|
+
event_stream_url: new_resource.event_stream_url,
|
234
|
+
event_stream_token: new_resource.event_stream_token,
|
235
|
+
event_stream_server_certificate: new_resource.event_stream_cert,
|
236
|
+
keep_latest_packages: new_resource.keep_latest
|
237
|
+
)
|
238
|
+
only_if { use_toml_config }
|
239
|
+
only_if { ::Dir.exist?("C:/hab/sup/default/config") }
|
240
|
+
end
|
241
|
+
else
|
242
|
+
directory "/hab/sup/default/config" do
|
243
|
+
mode "0755"
|
244
|
+
recursive true
|
245
|
+
only_if { use_toml_config }
|
246
|
+
only_if { ::Dir.exist?("/hab") }
|
247
|
+
action :create
|
248
|
+
end
|
249
|
+
|
250
|
+
template "/hab/sup/default/config/sup.toml" do
|
251
|
+
source ::File.expand_path("../support/sup.toml.erb", __dir__)
|
252
|
+
local true
|
253
|
+
sensitive true
|
254
|
+
variables(
|
255
|
+
bldr_url: new_resource.bldr_url,
|
256
|
+
permanent_peer: new_resource.permanent_peer,
|
257
|
+
listen_ctl: new_resource.listen_ctl,
|
258
|
+
listen_gossip: new_resource.listen_gossip,
|
259
|
+
listen_http: new_resource.listen_http,
|
260
|
+
organization: new_resource.org,
|
261
|
+
peer: peer_list_with_port,
|
262
|
+
ring: new_resource.ring,
|
263
|
+
auto_update: new_resource.auto_update,
|
264
|
+
update_condition: new_resource.update_condition,
|
265
|
+
health_check_interval: new_resource.health_check_interval,
|
266
|
+
event_stream_application: new_resource.event_stream_application,
|
267
|
+
event_stream_environment: new_resource.event_stream_environment,
|
268
|
+
event_stream_site: new_resource.event_stream_site,
|
269
|
+
event_stream_url: new_resource.event_stream_url,
|
270
|
+
event_stream_token: new_resource.event_stream_token,
|
271
|
+
event_stream_server_certificate: new_resource.event_stream_cert,
|
272
|
+
keep_latest_packages: new_resource.keep_latest
|
273
|
+
)
|
274
|
+
only_if { use_toml_config }
|
275
|
+
only_if { ::Dir.exist?("/hab/sup/default/config") }
|
276
|
+
end
|
277
|
+
end
|
278
|
+
end
|
279
|
+
|
280
|
+
action_class do
|
281
|
+
use "habitat_shared"
|
282
|
+
# validate that peers have been passed with a port # for toml file
|
283
|
+
def peer_list_with_port
|
284
|
+
if new_resource.peer
|
285
|
+
peer_list = []
|
286
|
+
new_resource.peer.each do |p|
|
287
|
+
peer_list << if p !~ /.*:.*/
|
288
|
+
p + ":9632"
|
289
|
+
else
|
290
|
+
p
|
291
|
+
end
|
292
|
+
end
|
293
|
+
peer_list
|
294
|
+
end
|
295
|
+
end
|
296
|
+
|
297
|
+
# Specify whether toml configuration should be used in place of service arguments.
|
298
|
+
def use_toml_config
|
299
|
+
new_resource.toml_config
|
300
|
+
end
|
301
|
+
|
302
|
+
def exec_start_options
|
303
|
+
# Populate exec_start_options which will pass to 'hab sup run' for platforms if use_toml_config is not 'true'
|
304
|
+
unless use_toml_config
|
305
|
+
opts = []
|
306
|
+
opts << "--permanent-peer" if new_resource.permanent_peer
|
307
|
+
opts << "--listen-ctl #{new_resource.listen_ctl}" if new_resource.listen_ctl
|
308
|
+
opts << "--listen-gossip #{new_resource.listen_gossip}" if new_resource.listen_gossip
|
309
|
+
opts << "--listen-http #{new_resource.listen_http}" if new_resource.listen_http
|
310
|
+
opts << "--org #{new_resource.org}" unless new_resource.org == "default"
|
311
|
+
opts.push(*new_resource.peer.map { |b| "--peer #{b}" }) if new_resource.peer
|
312
|
+
opts << "--ring #{new_resource.ring}" if new_resource.ring
|
313
|
+
opts << "--auto-update" if new_resource.auto_update
|
314
|
+
opts << "--update-condition #{new_resource.update_condition}" if new_resource.update_condition
|
315
|
+
opts << "--health-check-interval #{new_resource.health_check_interval}" if new_resource.health_check_interval
|
316
|
+
opts << "--event-stream-application #{new_resource.event_stream_application}" if new_resource.event_stream_application
|
317
|
+
opts << "--event-stream-environment #{new_resource.event_stream_environment}" if new_resource.event_stream_environment
|
318
|
+
opts << "--event-stream-site #{new_resource.event_stream_site}" if new_resource.event_stream_site
|
319
|
+
opts << "--event-stream-url #{new_resource.event_stream_url}" if new_resource.event_stream_url
|
320
|
+
opts << "--event-stream-token #{new_resource.event_stream_token}" if new_resource.event_stream_token
|
321
|
+
opts << "--event-stream-server-certificate #{new_resource.event_stream_cert}" if new_resource.event_stream_cert
|
322
|
+
opts << "--keep-latest-packages #{new_resource.keep_latest}" if new_resource.keep_latest
|
323
|
+
opts.join(" ")
|
324
|
+
end
|
325
|
+
end
|
326
|
+
end
|
327
|
+
end
|
328
|
+
end
|
329
|
+
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Chef Software, Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require_relative "habitat_sup"
|
19
|
+
|
20
|
+
class Chef
|
21
|
+
class Resource
|
22
|
+
class HabitatSupSystemd < HabitatSup
|
23
|
+
provides :habitat_sup, os: "linux"
|
24
|
+
provides :habitat_sup_systemd
|
25
|
+
|
26
|
+
action :run do
|
27
|
+
super()
|
28
|
+
|
29
|
+
service_environment = []
|
30
|
+
service_environment.push("HAB_BLDR_URL=#{new_resource.bldr_url}") if new_resource.bldr_url
|
31
|
+
service_environment.push("HAB_AUTH_TOKEN=#{new_resource.auth_token}") if new_resource.auth_token
|
32
|
+
service_environment.push("HAB_SUP_GATEWAY_AUTH_TOKEN=#{new_resource.gateway_auth_token}") if new_resource.gateway_auth_token
|
33
|
+
systemd_unit "hab-sup.service" do
|
34
|
+
content(Unit: {
|
35
|
+
Description: "The Habitat Supervisor",
|
36
|
+
},
|
37
|
+
Service: {
|
38
|
+
LimitNOFILE: new_resource.limit_no_files,
|
39
|
+
Environment: service_environment,
|
40
|
+
ExecStart: "/bin/hab sup run #{exec_start_options}",
|
41
|
+
ExecStop: "/bin/hab sup term",
|
42
|
+
Restart: "on-failure",
|
43
|
+
}.compact,
|
44
|
+
Install: {
|
45
|
+
WantedBy: "default.target",
|
46
|
+
})
|
47
|
+
action :create
|
48
|
+
end
|
49
|
+
|
50
|
+
service "hab-sup" do
|
51
|
+
subscribes :restart, "systemd_unit[hab-sup.service]"
|
52
|
+
subscribes :restart, "habitat_package[core/hab-sup]"
|
53
|
+
subscribes :restart, "habitat_package[core/hab-launcher]"
|
54
|
+
subscribes :restart, "template[/hab/sup/default/config/sup.toml]"
|
55
|
+
action %i{enable start}
|
56
|
+
not_if { node["chef_packages"]["chef"]["chef_root"].include?("/pkgs/chef/chef-infra-client") }
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
action :stop do
|
61
|
+
service "hab-sup" do
|
62
|
+
action :stop
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Chef Software, Inc.
|
3
|
+
# License:: Apache License, Version 2.0
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
#
|
17
|
+
|
18
|
+
require "win32/service" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
|
19
|
+
require_relative "habitat_sup"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Resource
|
23
|
+
class HabitatSupWindows < HabitatSup
|
24
|
+
provides :habitat_sup, os: "windows"
|
25
|
+
provides :habitat_sup_windows
|
26
|
+
|
27
|
+
service_file = ::File.expand_path("../support/HabService.dll.config.erb")
|
28
|
+
win_service_config = "C:/hab/svc/windows-service/HabService.dll.config"
|
29
|
+
|
30
|
+
action :run do
|
31
|
+
super()
|
32
|
+
|
33
|
+
# TODO: There has to be a better way to handle auth token on windows
|
34
|
+
# than the system wide environment variable
|
35
|
+
auth_action = new_resource.auth_token ? :create : :delete
|
36
|
+
env "HAB_AUTH_TOKEN" do
|
37
|
+
value new_resource.auth_token if new_resource.auth_token
|
38
|
+
action auth_action
|
39
|
+
end
|
40
|
+
|
41
|
+
gateway_auth_action = new_resource.gateway_auth_token ? :create : :delete
|
42
|
+
env "HAB_SUP_GATEWAY_AUTH_TOKEN" do
|
43
|
+
value new_resource.gateway_auth_token if new_resource.gateway_auth_token
|
44
|
+
action gateway_auth_action
|
45
|
+
end
|
46
|
+
|
47
|
+
bldr_action = new_resource.bldr_url ? :create : :delete
|
48
|
+
env "HAB_BLDR_URL" do
|
49
|
+
value new_resource.bldr_url if new_resource.bldr_url
|
50
|
+
action bldr_action
|
51
|
+
end
|
52
|
+
|
53
|
+
habitat_package "core/windows-service" do
|
54
|
+
bldr_url new_resource.bldr_url if new_resource.bldr_url
|
55
|
+
version new_resource.service_version if new_resource.service_version
|
56
|
+
end
|
57
|
+
|
58
|
+
execute "hab pkg exec core/windows-service install" do
|
59
|
+
not_if { ::Win32::Service.exists?("Habitat") }
|
60
|
+
end
|
61
|
+
|
62
|
+
# win_version = `dir /D /B C:\\hab\\pkgs\\core\\hab-launcher`.split().last
|
63
|
+
|
64
|
+
template win_service_config.to_s do
|
65
|
+
source ::File.expand_path("../support/HabService.dll.config.erb", __dir__)
|
66
|
+
local true
|
67
|
+
cookbook "habitat"
|
68
|
+
variables exec_start_options: exec_start_options,
|
69
|
+
bldr_url: new_resource.bldr_url,
|
70
|
+
auth_token: new_resource.auth_token,
|
71
|
+
gateway_auth_token: new_resource.gateway_auth_token
|
72
|
+
# win_launcher: win_version
|
73
|
+
action :touch
|
74
|
+
end
|
75
|
+
|
76
|
+
service "Habitat" do
|
77
|
+
subscribes :restart, "env[HAB_AUTH_TOKEN]"
|
78
|
+
subscribes :restart, "env[HAB_SUP_GATEWAY_AUTH_TOKEN]"
|
79
|
+
subscribes :restart, "env[HAB_BLDR_URL]"
|
80
|
+
subscribes :restart, "template[#{win_service_config}]"
|
81
|
+
subscribes :restart, "habitat_package[core/hab-sup]"
|
82
|
+
subscribes :restart, "habitat_package[core/hab-launcher]"
|
83
|
+
subscribes :restart, "template[C:/hab/sup/default/config/sup.toml]"
|
84
|
+
action %i{enable start}
|
85
|
+
not_if { node["chef_packages"]["chef"]["chef_root"].include?("/pkgs/chef/chef-infra-client") }
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
# Copyright:: Chef Software Inc.
|
2
|
+
# License:: Apache License, Version 2.0
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
require_relative "../http"
|
17
|
+
require_relative "../json_compat"
|
18
|
+
require_relative "../resource"
|
19
|
+
|
20
|
+
class Chef
|
21
|
+
class Resource
|
22
|
+
class HabitatConfig < Chef::Resource
|
23
|
+
unified_mode true
|
24
|
+
|
25
|
+
provides :habitat_config
|
26
|
+
|
27
|
+
description "Use the **habitat_config** resource to apply a configuration to a Chef Habitat service."
|
28
|
+
introduced "17.3"
|
29
|
+
examples <<~DOC
|
30
|
+
**Configure your nginx defaults**
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
habitat_config 'nginx.default' do
|
34
|
+
config({
|
35
|
+
worker_count: 2,
|
36
|
+
http: {
|
37
|
+
keepalive_timeout: 120
|
38
|
+
}
|
39
|
+
})
|
40
|
+
end
|
41
|
+
```
|
42
|
+
DOC
|
43
|
+
|
44
|
+
property :config, Mash, required: true, coerce: proc { |m| m.is_a?(Hash) ? Mash.new(m) : m },
|
45
|
+
description: "The configuration to apply as a ruby hash, for example, `{ worker_count: 2, http: { keepalive_timeout: 120 } }`."
|
46
|
+
|
47
|
+
property :service_group, String, name_property: true, desired_state: false,
|
48
|
+
description: "The service group to apply the configuration to. For example, `nginx.default`"
|
49
|
+
|
50
|
+
property :remote_sup, String, default: "127.0.0.1:9632", desired_state: false,
|
51
|
+
description: "Address to a remote supervisor's control gateway."
|
52
|
+
|
53
|
+
# Http port needed for querying/comparing current config value
|
54
|
+
property :remote_sup_http, String, default: "127.0.0.1:9631", desired_state: false,
|
55
|
+
description: "Address for remote supervisor http port. Used to pull existing."
|
56
|
+
|
57
|
+
property :gateway_auth_token, String, desired_state: false,
|
58
|
+
description: "Auth token for accessing the remote supervisor's http port."
|
59
|
+
|
60
|
+
property :user, String, desired_state: false,
|
61
|
+
description: "Name of user key to use for encryption. Passes `--user` to `hab config apply`."
|
62
|
+
|
63
|
+
load_current_value do
|
64
|
+
http_uri = "http://#{remote_sup_http}"
|
65
|
+
|
66
|
+
begin
|
67
|
+
headers = {}
|
68
|
+
headers["Authorization"] = "Bearer #{gateway_auth_token}" if property_is_set?(:gateway_auth_token)
|
69
|
+
census = Mash.new(Chef::HTTP::SimpleJSON.new(http_uri).get("/census", headers))
|
70
|
+
sc = census["census_groups"][service_group]["service_config"]["value"]
|
71
|
+
rescue
|
72
|
+
# Default to a blank config if anything (http error, json parsing, finding
|
73
|
+
# the config object) goes wrong
|
74
|
+
sc = {}
|
75
|
+
end
|
76
|
+
config sc
|
77
|
+
end
|
78
|
+
|
79
|
+
action :apply, description: "applies the given configuration" do
|
80
|
+
converge_if_changed do
|
81
|
+
# Use the current timestamp as the serial number/incarnation
|
82
|
+
incarnation = Time.now.tv_sec
|
83
|
+
|
84
|
+
opts = []
|
85
|
+
# opts gets flattened by shell_out_compact later
|
86
|
+
opts << ["--remote-sup", new_resource.remote_sup] if new_resource.remote_sup
|
87
|
+
opts << ["--user", new_resource.user] if new_resource.user
|
88
|
+
|
89
|
+
tempfile = Tempfile.new(["habitat_config", ".toml"])
|
90
|
+
begin
|
91
|
+
tempfile.write(render_toml(new_resource.config))
|
92
|
+
tempfile.close
|
93
|
+
|
94
|
+
hab("config", "apply", opts, new_resource.service_group, incarnation, tempfile.path)
|
95
|
+
ensure
|
96
|
+
tempfile.close
|
97
|
+
tempfile.unlink
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
action_class do
|
103
|
+
use "../resource/habitat/habitat_shared"
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|