chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (173) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -5
  3. data/chef.gemspec +3 -0
  4. data/lib/chef/application/base.rb +11 -1
  5. data/lib/chef/application.rb +3 -1
  6. data/lib/chef/client.rb +2 -3
  7. data/lib/chef/compliance/default_attributes.rb +5 -3
  8. data/lib/chef/compliance/input.rb +115 -0
  9. data/lib/chef/compliance/input_collection.rb +139 -0
  10. data/lib/chef/compliance/profile.rb +122 -0
  11. data/lib/chef/compliance/profile_collection.rb +109 -0
  12. data/lib/chef/compliance/reporter/automate.rb +1 -1
  13. data/lib/chef/compliance/runner.rb +62 -6
  14. data/lib/chef/compliance/waiver.rb +115 -0
  15. data/lib/chef/compliance/waiver_collection.rb +143 -0
  16. data/lib/chef/data_bag.rb +1 -2
  17. data/lib/chef/data_bag_item.rb +1 -2
  18. data/lib/chef/deprecated.rb +10 -4
  19. data/lib/chef/dsl/compliance.rb +38 -0
  20. data/lib/chef/dsl/reader_helpers.rb +51 -0
  21. data/lib/chef/dsl/recipe.rb +4 -2
  22. data/lib/chef/dsl/render_helpers.rb +44 -0
  23. data/lib/chef/dsl/secret.rb +62 -0
  24. data/lib/chef/dsl/toml.rb +116 -0
  25. data/lib/chef/dsl/universal.rb +7 -0
  26. data/lib/chef/dsl.rb +1 -0
  27. data/lib/chef/event_dispatch/base.rb +44 -2
  28. data/lib/chef/exceptions.rb +20 -0
  29. data/lib/chef/formatters/doc.rb +60 -13
  30. data/lib/chef/formatters/error_mapper.rb +2 -2
  31. data/lib/chef/formatters/minimal.rb +6 -5
  32. data/lib/chef/handler/slow_report.rb +1 -1
  33. data/lib/chef/http/basic_client.rb +15 -7
  34. data/lib/chef/http.rb +12 -8
  35. data/lib/chef/json_compat.rb +1 -1
  36. data/lib/chef/policy_builder/policyfile.rb +88 -45
  37. data/lib/chef/provider/execute.rb +1 -1
  38. data/lib/chef/provider/file.rb +4 -2
  39. data/lib/chef/provider/group/dscl.rb +1 -1
  40. data/lib/chef/provider/launchd.rb +6 -6
  41. data/lib/chef/provider/link.rb +2 -2
  42. data/lib/chef/provider/lwrp_base.rb +1 -1
  43. data/lib/chef/provider/package/habitat.rb +168 -0
  44. data/lib/chef/provider/package/powershell.rb +5 -0
  45. data/lib/chef/provider/registry_key.rb +3 -2
  46. data/lib/chef/provider/remote_file/http.rb +1 -1
  47. data/lib/chef/provider/subversion.rb +4 -4
  48. data/lib/chef/provider/support/yum_repo.erb +1 -1
  49. data/lib/chef/provider/systemd_unit.rb +17 -16
  50. data/lib/chef/provider/template.rb +1 -1
  51. data/lib/chef/provider/user/mac.rb +3 -3
  52. data/lib/chef/provider/yum_repository.rb +27 -43
  53. data/lib/chef/provider/zypper_repository.rb +3 -3
  54. data/lib/chef/provider.rb +26 -1
  55. data/lib/chef/provider_resolver.rb +8 -2
  56. data/lib/chef/providers.rb +1 -0
  57. data/lib/chef/resource/archive_file.rb +17 -14
  58. data/lib/chef/resource/chef_client_config.rb +7 -2
  59. data/lib/chef/resource/chef_client_cron.rb +1 -1
  60. data/lib/chef/resource/chef_client_launchd.rb +1 -1
  61. data/lib/chef/resource/chef_client_scheduled_task.rb +46 -3
  62. data/lib/chef/resource/chef_client_systemd_timer.rb +1 -1
  63. data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
  64. data/lib/chef/resource/chef_vault_secret.rb +2 -2
  65. data/lib/chef/resource/chocolatey_config.rb +13 -13
  66. data/lib/chef/resource/dsc_resource.rb +1 -1
  67. data/lib/chef/resource/execute.rb +5 -5
  68. data/lib/chef/resource/file/verification/json.rb +50 -0
  69. data/lib/chef/resource/file/verification/yaml.rb +52 -0
  70. data/lib/chef/resource/gem_package.rb +2 -1
  71. data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
  72. data/lib/chef/resource/habitat/habitat_package.rb +129 -0
  73. data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
  74. data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
  75. data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
  76. data/lib/chef/resource/habitat_config.rb +107 -0
  77. data/lib/chef/resource/habitat_install.rb +247 -0
  78. data/lib/chef/resource/habitat_service.rb +451 -0
  79. data/lib/chef/resource/habitat_user_toml.rb +92 -0
  80. data/lib/chef/resource/homebrew_cask.rb +1 -1
  81. data/lib/chef/resource/inspec_input.rb +128 -0
  82. data/lib/chef/resource/inspec_waiver.rb +185 -0
  83. data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -2
  84. data/lib/chef/resource/launchd.rb +3 -3
  85. data/lib/chef/resource/lwrp_base.rb +1 -1
  86. data/lib/chef/resource/mount.rb +1 -1
  87. data/lib/chef/resource/registry_key.rb +36 -48
  88. data/lib/chef/resource/remote_file.rb +99 -3
  89. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  90. data/lib/chef/resource/ruby_block.rb +100 -0
  91. data/lib/chef/resource/scm/subversion.rb +1 -1
  92. data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
  93. data/lib/chef/resource/support/client.erb +8 -1
  94. data/lib/chef/resource/support/sup.toml.erb +179 -0
  95. data/lib/chef/resource/sysctl.rb +2 -2
  96. data/lib/chef/resource/systemd_unit.rb +3 -3
  97. data/lib/chef/resource/timezone.rb +2 -2
  98. data/lib/chef/resource/user_ulimit.rb +1 -0
  99. data/lib/chef/resource/windows_defender.rb +163 -0
  100. data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
  101. data/lib/chef/resource/windows_printer.rb +78 -44
  102. data/lib/chef/resource/windows_printer_port.rb +1 -1
  103. data/lib/chef/resource/windows_uac.rb +3 -1
  104. data/lib/chef/resource/windows_update_settings.rb +259 -0
  105. data/lib/chef/resource/windows_user_privilege.rb +1 -1
  106. data/lib/chef/resource/yum_package.rb +1 -5
  107. data/lib/chef/resource.rb +13 -17
  108. data/lib/chef/resource_inspector.rb +6 -2
  109. data/lib/chef/resources.rb +14 -1
  110. data/lib/chef/run_context/cookbook_compiler.rb +112 -28
  111. data/lib/chef/run_context.rb +31 -1
  112. data/lib/chef/secret_fetcher/akeyless_vault.rb +57 -0
  113. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
  114. data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
  115. data/lib/chef/secret_fetcher/base.rb +76 -0
  116. data/lib/chef/secret_fetcher/example.rb +46 -0
  117. data/lib/chef/secret_fetcher/hashi_vault.rb +100 -0
  118. data/lib/chef/secret_fetcher.rb +61 -0
  119. data/lib/chef/version.rb +1 -1
  120. data/spec/data/archive_file/test_archive.tar.gz +0 -0
  121. data/spec/functional/mixin/from_file_spec.rb +1 -1
  122. data/spec/functional/resource/archive_file_spec.rb +87 -0
  123. data/spec/functional/resource/group_spec.rb +5 -1
  124. data/spec/functional/resource/link_spec.rb +8 -0
  125. data/spec/integration/compliance/compliance_spec.rb +61 -0
  126. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  127. data/spec/integration/recipes/resource_action_spec.rb +6 -6
  128. data/spec/spec_helper.rb +3 -0
  129. data/spec/support/platform_helpers.rb +4 -0
  130. data/spec/support/ruby_installer.rb +51 -0
  131. data/spec/support/shared/unit/provider/file.rb +2 -8
  132. data/spec/unit/compliance/input_spec.rb +104 -0
  133. data/spec/unit/compliance/profile_spec.rb +120 -0
  134. data/spec/unit/compliance/runner_spec.rb +46 -2
  135. data/spec/unit/compliance/waiver_spec.rb +104 -0
  136. data/spec/unit/data_bag_item_spec.rb +2 -2
  137. data/spec/unit/data_bag_spec.rb +1 -1
  138. data/spec/unit/dsl/render_helpers_spec.rb +102 -0
  139. data/spec/unit/dsl/secret_spec.rb +71 -0
  140. data/spec/unit/formatters/doc_spec.rb +1 -1
  141. data/spec/unit/http/basic_client_spec.rb +30 -0
  142. data/spec/unit/http_spec.rb +8 -2
  143. data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
  144. data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
  145. data/spec/unit/provider/apt_update_spec.rb +3 -1
  146. data/spec/unit/provider/link_spec.rb +13 -7
  147. data/spec/unit/provider/mount/aix_spec.rb +1 -1
  148. data/spec/unit/provider/package/powershell_spec.rb +74 -12
  149. data/spec/unit/provider/remote_file/http_spec.rb +10 -0
  150. data/spec/unit/provider/template_spec.rb +2 -2
  151. data/spec/unit/provider_spec.rb +23 -0
  152. data/spec/unit/resource/archive_file_spec.rb +414 -3
  153. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +69 -0
  154. data/spec/unit/resource/file/verification/json_spec.rb +72 -0
  155. data/spec/unit/resource/file/verification/yaml_spec.rb +67 -0
  156. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  157. data/spec/unit/resource/inspec_input_spec.rb +300 -0
  158. data/spec/unit/resource/inspec_waiver_spec.rb +312 -0
  159. data/spec/unit/resource/mount_spec.rb +10 -0
  160. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  161. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  162. data/spec/unit/resource/user_ulimit_spec.rb +14 -1
  163. data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
  164. data/spec/unit/resource/windows_defender_spec.rb +71 -0
  165. data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
  166. data/spec/unit/resource_spec.rb +19 -8
  167. data/spec/unit/secret_fetcher/akeyless_vault_spec.rb +37 -0
  168. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  169. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
  170. data/spec/unit/secret_fetcher/hashi_vault_spec.rb +80 -0
  171. data/spec/unit/secret_fetcher_spec.rb +82 -0
  172. data/tasks/rspec.rb +2 -1
  173. metadata +106 -7
@@ -0,0 +1,329 @@
1
+ #
2
+ # Copyright:: Chef Software, Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require_relative "../../resource"
19
+
20
+ class Chef
21
+ class Resource
22
+ class HabitatSup < Chef::Resource
23
+ unified_mode true
24
+
25
+ provides :habitat_sup do |_node|
26
+ false
27
+ end
28
+
29
+ description "Use the **habitat_sup** resource to runs a Chef Habitat supervisor for one or more Chef Habitat services. The resource is commonly used in conjunction with `habitat_service` which will manage the services loaded and started within the supervisor."
30
+ introduced "17.3"
31
+ examples <<~DOC
32
+ **Set up with just the defaults**
33
+
34
+ ```ruby
35
+ habitat_sup 'default'
36
+ ```
37
+
38
+ **Update listen ports and use Supervisor toml config**
39
+
40
+ ```ruby
41
+ habitat_sup 'test-options' do
42
+ listen_http '0.0.0.0:9999'
43
+ listen_gossip '0.0.0.0:9998'
44
+ toml_config true
45
+ end
46
+ ```
47
+
48
+ **Use with an on-prem Habitat Builder. Note: Access to public builder may not be available due to your company policies**
49
+
50
+ ```ruby
51
+ habitat_sup 'default' do
52
+ bldr_url 'https://bldr.private.net'
53
+ end
54
+ ```
55
+
56
+ **Using update_condition**
57
+
58
+ ```ruby
59
+ habitat_sup 'default' do
60
+ bldr_url 'https://bldr.private.net'
61
+ habitat_channel 'dev'
62
+ update_condition 'track-channel'
63
+ end
64
+ ```
65
+
66
+ **Provide event_stream_* information**
67
+
68
+ ```ruby
69
+ habitat_sup 'default' do
70
+ license 'accept'
71
+ event_stream_application 'myapp'
72
+ event_stream_environment 'production'
73
+ event_stream_site 'MySite'
74
+ event_stream_url 'automate.private.net:4222'
75
+ event_stream_token 'myawesomea2clitoken='
76
+ event_stream_cert '/hab/cache/ssl/mycert.crt'
77
+ end
78
+ ```
79
+
80
+ **Provide specific versions**
81
+
82
+ ```ruby
83
+ habitat_sup 'default' do
84
+ bldr_url 'https://bldr.private.net'
85
+ sup_version '1.5.50'
86
+ launcher_version '13458'
87
+ service_version '0.6.0' # WINDOWS ONLY
88
+ end
89
+ ```
90
+
91
+ **Set latest version of packages to retain**
92
+
93
+ habitat_sup 'default' do
94
+ bldr_url 'https://bldr.private.net'
95
+ sup_version '1.5.86'
96
+ launcher_version '13458'
97
+ service_version '0.6.0' # WINDOWS ONLY
98
+ keep_latest '2'
99
+ end
100
+ ```
101
+ DOC
102
+
103
+ property :bldr_url, String,
104
+ description: "The Habitat Builder URL for the `habitat_package` resource, if needed."
105
+
106
+ property :permanent_peer, [true, false], default: false,
107
+ description: "Only valid for `:run` action, passes `--permanent-peer` to the hab command."
108
+
109
+ property :listen_ctl, String,
110
+ description: "Only valid for `:run` action, passes `--listen-ctl` with the specified address and port, e.g., `0.0.0.0:9632`, to the hab command."
111
+
112
+ property :listen_gossip, String,
113
+ description: "Only valid for `:run` action, passes `--listen-gossip` with the specified address and port, e.g., `0.0.0.0:9638`, to the hab command."
114
+
115
+ property :listen_http, String,
116
+ description: "Only valid for `:run` action, passes `--listen-http` with the specified address and port, e.g., `0.0.0.0:9631`, to the hab command."
117
+
118
+ property :org, String, default: "default",
119
+ description: "Only valid for `:run` action, passes `--org` with the specified org name to the hab command."
120
+
121
+ property :peer, [String, Array], coerce: proc { |b| b.is_a?(String) ? [b] : b },
122
+ description: "Only valid for `:run` action, passes `--peer` with the specified initial peer to the hab command."
123
+
124
+ property :ring, String,
125
+ description: "Only valid for `:run` action, passes `--ring` with the specified ring key name to the hab command."
126
+
127
+ property :hab_channel, String,
128
+ description: "The channel to install Habitat from. Defaults to stable"
129
+
130
+ property :auto_update, [true, false], default: false,
131
+ description: "Passes `--auto-update`. This will set the Habitat supervisor to automatically update itself any time a stable version has been released."
132
+
133
+ property :auth_token, String,
134
+ description: "Auth token for accessing a private organization on bldr. This value is templated into the appropriate service file."
135
+
136
+ property :gateway_auth_token, String,
137
+ description: "Auth token for accessing the supervisor's HTTP gateway. This value is templated into the appropriate service file."
138
+
139
+ property :update_condition, String,
140
+ description: "Passes `--update-condition` dictating when this service should updated. Defaults to `latest`. Options are `latest` or `track-channel` **_Note: This requires a minimum habitat version of 1.5.71_**
141
+ - `latest`: Runs the latest package that can be found in the configured channel and local packages.
142
+ - `track-channel`: Always run what is at the head of a given channel. This enables service rollback where demoting a package from a channel will cause the package to rollback to an older version of the package. A ramification of enabling this condition is packages newer than the package at the head of the channel will be automatically uninstalled during a service rollback."
143
+
144
+ property :limit_no_files, String,
145
+ description: "allows you to set LimitNOFILE in the systemd service when used Note: Linux Only."
146
+
147
+ property :license, String, equal_to: ["accept"],
148
+ description: "Specifies acceptance of habitat license when set to `accept`."
149
+
150
+ property :health_check_interval, [String, Integer], coerce: proc { |h| h.is_a?(String) ? h : h.to_s },
151
+ description: "The interval (seconds) on which to run health checks."
152
+
153
+ property :event_stream_application, String,
154
+ description: "The name of your application that will be displayed in the Chef Automate Applications Dashboard."
155
+
156
+ property :event_stream_environment, String,
157
+ description: "The application environment for the supervisor, this is for grouping in the Applications Dashboard."
158
+
159
+ property :event_stream_site, String,
160
+ description: "Application Dashboard label for the 'site' of the application - can be filtered in the dashboard."
161
+
162
+ property :event_stream_url, String,
163
+ description: "`AUTOMATE_HOSTNAME:4222` - the Chef Automate URL with port 4222 specified Note: The port can be changed if needed."
164
+
165
+ property :event_stream_token, String,
166
+ description: "Chef Automate token for sending application event stream data."
167
+
168
+ property :event_stream_cert, String,
169
+ description: "With `Intermediary Certificates` or, Automate 2 being set to use TLS with a valid cert, you will need to provide `Habitat` with your certificate for communication with Automate to work. [Follow these steps!](https://automate.chef.io/docs/applications-setup/#share-the-tls-certificate-with-chef-habitat)."
170
+
171
+ property :sup_version, String,
172
+ description: "Allows you to choose which version of supervisor you would like to install. Note: If a version is provided, it will also install that version of habitat if not previously installed."
173
+
174
+ property :launcher_version, String,
175
+ description: "Allows you to choose which version of launcher to install."
176
+
177
+ property :service_version, String, # Windows only
178
+ description: "Allows you to choose which version of the **_Windows Service_** to install."
179
+
180
+ property :keep_latest, String,
181
+ description: "Automatically cleans up old packages. If this flag is enabled, service startup will initiate an uninstall of all previous versions of the associated package. This also applies when a service is restarted due to an update. If a number is passed to this argument, that number of latest versions will be kept. The same logic applies to the Supervisor package `env:HAB_KEEP_LATEST_PACKAGES=1` Note: This requires Habitat version `1.5.86+`"
182
+
183
+ property :toml_config, [true, false], default: false,
184
+ description: "Supports using the Supervisor toml configuration instead of passing exec parameters to the service, [reference](https://www.habitat.sh/docs/reference/#supervisor-config)."
185
+
186
+ action :run, description: "The `run` action handles installing Habitat using the `habitat_install` resource, ensures that the appropriate versions of the `core/hab-sup` and `core/hab-launcher` packages are installed using `habitat_package`, and then drops off the appropriate init system definitions and manages the service." do
187
+ habitat_install new_resource.name do
188
+ license new_resource.license
189
+ hab_version new_resource.sup_version if new_resource.sup_version
190
+ not_if { ::File.exist?("/bin/hab") }
191
+ not_if { ::File.exist?("/usr/bin/hab") }
192
+ not_if { ::File.exist?("c:/habitat/hab.exe") }
193
+ not_if { ::File.exist?("c:/ProgramData/Habitat/hab.exe") }
194
+ end
195
+
196
+ habitat_package "core/hab-sup" do
197
+ bldr_url new_resource.bldr_url if new_resource.bldr_url
198
+ version new_resource.sup_version if new_resource.sup_version
199
+ end
200
+
201
+ habitat_package "core/hab-launcher" do
202
+ bldr_url new_resource.bldr_url if new_resource.bldr_url
203
+ version new_resource.launcher_version if new_resource.launcher_version
204
+ end
205
+
206
+ if windows?
207
+ directory "C:/hab/sup/default/config" do
208
+ recursive true
209
+ only_if { ::Dir.exist?("C:/hab") }
210
+ only_if { use_toml_config }
211
+ action :create
212
+ end
213
+
214
+ template "C:/hab/sup/default/config/sup.toml" do
215
+ source ::File.expand_path("../support/sup.toml.erb", __dir__)
216
+ local true
217
+ sensitive true
218
+ variables(
219
+ bldr_url: new_resource.bldr_url,
220
+ permanent_peer: new_resource.permanent_peer,
221
+ listen_ctl: new_resource.listen_ctl,
222
+ listen_gossip: new_resource.listen_gossip,
223
+ listen_http: new_resource.listen_http,
224
+ organization: new_resource.org,
225
+ peer: peer_list_with_port,
226
+ ring: new_resource.ring,
227
+ auto_update: new_resource.auto_update,
228
+ update_condition: new_resource.update_condition,
229
+ health_check_interval: new_resource.health_check_interval,
230
+ event_stream_application: new_resource.event_stream_application,
231
+ event_stream_environment: new_resource.event_stream_environment,
232
+ event_stream_site: new_resource.event_stream_site,
233
+ event_stream_url: new_resource.event_stream_url,
234
+ event_stream_token: new_resource.event_stream_token,
235
+ event_stream_server_certificate: new_resource.event_stream_cert,
236
+ keep_latest_packages: new_resource.keep_latest
237
+ )
238
+ only_if { use_toml_config }
239
+ only_if { ::Dir.exist?("C:/hab/sup/default/config") }
240
+ end
241
+ else
242
+ directory "/hab/sup/default/config" do
243
+ mode "0755"
244
+ recursive true
245
+ only_if { use_toml_config }
246
+ only_if { ::Dir.exist?("/hab") }
247
+ action :create
248
+ end
249
+
250
+ template "/hab/sup/default/config/sup.toml" do
251
+ source ::File.expand_path("../support/sup.toml.erb", __dir__)
252
+ local true
253
+ sensitive true
254
+ variables(
255
+ bldr_url: new_resource.bldr_url,
256
+ permanent_peer: new_resource.permanent_peer,
257
+ listen_ctl: new_resource.listen_ctl,
258
+ listen_gossip: new_resource.listen_gossip,
259
+ listen_http: new_resource.listen_http,
260
+ organization: new_resource.org,
261
+ peer: peer_list_with_port,
262
+ ring: new_resource.ring,
263
+ auto_update: new_resource.auto_update,
264
+ update_condition: new_resource.update_condition,
265
+ health_check_interval: new_resource.health_check_interval,
266
+ event_stream_application: new_resource.event_stream_application,
267
+ event_stream_environment: new_resource.event_stream_environment,
268
+ event_stream_site: new_resource.event_stream_site,
269
+ event_stream_url: new_resource.event_stream_url,
270
+ event_stream_token: new_resource.event_stream_token,
271
+ event_stream_server_certificate: new_resource.event_stream_cert,
272
+ keep_latest_packages: new_resource.keep_latest
273
+ )
274
+ only_if { use_toml_config }
275
+ only_if { ::Dir.exist?("/hab/sup/default/config") }
276
+ end
277
+ end
278
+ end
279
+
280
+ action_class do
281
+ use "habitat_shared"
282
+ # validate that peers have been passed with a port # for toml file
283
+ def peer_list_with_port
284
+ if new_resource.peer
285
+ peer_list = []
286
+ new_resource.peer.each do |p|
287
+ peer_list << if p !~ /.*:.*/
288
+ p + ":9632"
289
+ else
290
+ p
291
+ end
292
+ end
293
+ peer_list
294
+ end
295
+ end
296
+
297
+ # Specify whether toml configuration should be used in place of service arguments.
298
+ def use_toml_config
299
+ new_resource.toml_config
300
+ end
301
+
302
+ def exec_start_options
303
+ # Populate exec_start_options which will pass to 'hab sup run' for platforms if use_toml_config is not 'true'
304
+ unless use_toml_config
305
+ opts = []
306
+ opts << "--permanent-peer" if new_resource.permanent_peer
307
+ opts << "--listen-ctl #{new_resource.listen_ctl}" if new_resource.listen_ctl
308
+ opts << "--listen-gossip #{new_resource.listen_gossip}" if new_resource.listen_gossip
309
+ opts << "--listen-http #{new_resource.listen_http}" if new_resource.listen_http
310
+ opts << "--org #{new_resource.org}" unless new_resource.org == "default"
311
+ opts.push(*new_resource.peer.map { |b| "--peer #{b}" }) if new_resource.peer
312
+ opts << "--ring #{new_resource.ring}" if new_resource.ring
313
+ opts << "--auto-update" if new_resource.auto_update
314
+ opts << "--update-condition #{new_resource.update_condition}" if new_resource.update_condition
315
+ opts << "--health-check-interval #{new_resource.health_check_interval}" if new_resource.health_check_interval
316
+ opts << "--event-stream-application #{new_resource.event_stream_application}" if new_resource.event_stream_application
317
+ opts << "--event-stream-environment #{new_resource.event_stream_environment}" if new_resource.event_stream_environment
318
+ opts << "--event-stream-site #{new_resource.event_stream_site}" if new_resource.event_stream_site
319
+ opts << "--event-stream-url #{new_resource.event_stream_url}" if new_resource.event_stream_url
320
+ opts << "--event-stream-token #{new_resource.event_stream_token}" if new_resource.event_stream_token
321
+ opts << "--event-stream-server-certificate #{new_resource.event_stream_cert}" if new_resource.event_stream_cert
322
+ opts << "--keep-latest-packages #{new_resource.keep_latest}" if new_resource.keep_latest
323
+ opts.join(" ")
324
+ end
325
+ end
326
+ end
327
+ end
328
+ end
329
+ end
@@ -0,0 +1,67 @@
1
+ #
2
+ # Copyright:: Chef Software, Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require_relative "habitat_sup"
19
+
20
+ class Chef
21
+ class Resource
22
+ class HabitatSupSystemd < HabitatSup
23
+ provides :habitat_sup, os: "linux"
24
+ provides :habitat_sup_systemd
25
+
26
+ action :run do
27
+ super()
28
+
29
+ service_environment = []
30
+ service_environment.push("HAB_BLDR_URL=#{new_resource.bldr_url}") if new_resource.bldr_url
31
+ service_environment.push("HAB_AUTH_TOKEN=#{new_resource.auth_token}") if new_resource.auth_token
32
+ service_environment.push("HAB_SUP_GATEWAY_AUTH_TOKEN=#{new_resource.gateway_auth_token}") if new_resource.gateway_auth_token
33
+ systemd_unit "hab-sup.service" do
34
+ content(Unit: {
35
+ Description: "The Habitat Supervisor",
36
+ },
37
+ Service: {
38
+ LimitNOFILE: new_resource.limit_no_files,
39
+ Environment: service_environment,
40
+ ExecStart: "/bin/hab sup run #{exec_start_options}",
41
+ ExecStop: "/bin/hab sup term",
42
+ Restart: "on-failure",
43
+ }.compact,
44
+ Install: {
45
+ WantedBy: "default.target",
46
+ })
47
+ action :create
48
+ end
49
+
50
+ service "hab-sup" do
51
+ subscribes :restart, "systemd_unit[hab-sup.service]"
52
+ subscribes :restart, "habitat_package[core/hab-sup]"
53
+ subscribes :restart, "habitat_package[core/hab-launcher]"
54
+ subscribes :restart, "template[/hab/sup/default/config/sup.toml]"
55
+ action %i{enable start}
56
+ not_if { node["chef_packages"]["chef"]["chef_root"].include?("/pkgs/chef/chef-infra-client") }
57
+ end
58
+ end
59
+
60
+ action :stop do
61
+ service "hab-sup" do
62
+ action :stop
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,90 @@
1
+ #
2
+ # Copyright:: Chef Software, Inc.
3
+ # License:: Apache License, Version 2.0
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+ #
17
+
18
+ require "win32/service" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
19
+ require_relative "habitat_sup"
20
+
21
+ class Chef
22
+ class Resource
23
+ class HabitatSupWindows < HabitatSup
24
+ provides :habitat_sup, os: "windows"
25
+ provides :habitat_sup_windows
26
+
27
+ service_file = ::File.expand_path("../support/HabService.dll.config.erb")
28
+ win_service_config = "C:/hab/svc/windows-service/HabService.dll.config"
29
+
30
+ action :run do
31
+ super()
32
+
33
+ # TODO: There has to be a better way to handle auth token on windows
34
+ # than the system wide environment variable
35
+ auth_action = new_resource.auth_token ? :create : :delete
36
+ env "HAB_AUTH_TOKEN" do
37
+ value new_resource.auth_token if new_resource.auth_token
38
+ action auth_action
39
+ end
40
+
41
+ gateway_auth_action = new_resource.gateway_auth_token ? :create : :delete
42
+ env "HAB_SUP_GATEWAY_AUTH_TOKEN" do
43
+ value new_resource.gateway_auth_token if new_resource.gateway_auth_token
44
+ action gateway_auth_action
45
+ end
46
+
47
+ bldr_action = new_resource.bldr_url ? :create : :delete
48
+ env "HAB_BLDR_URL" do
49
+ value new_resource.bldr_url if new_resource.bldr_url
50
+ action bldr_action
51
+ end
52
+
53
+ habitat_package "core/windows-service" do
54
+ bldr_url new_resource.bldr_url if new_resource.bldr_url
55
+ version new_resource.service_version if new_resource.service_version
56
+ end
57
+
58
+ execute "hab pkg exec core/windows-service install" do
59
+ not_if { ::Win32::Service.exists?("Habitat") }
60
+ end
61
+
62
+ # win_version = `dir /D /B C:\\hab\\pkgs\\core\\hab-launcher`.split().last
63
+
64
+ template win_service_config.to_s do
65
+ source ::File.expand_path("../support/HabService.dll.config.erb", __dir__)
66
+ local true
67
+ cookbook "habitat"
68
+ variables exec_start_options: exec_start_options,
69
+ bldr_url: new_resource.bldr_url,
70
+ auth_token: new_resource.auth_token,
71
+ gateway_auth_token: new_resource.gateway_auth_token
72
+ # win_launcher: win_version
73
+ action :touch
74
+ end
75
+
76
+ service "Habitat" do
77
+ subscribes :restart, "env[HAB_AUTH_TOKEN]"
78
+ subscribes :restart, "env[HAB_SUP_GATEWAY_AUTH_TOKEN]"
79
+ subscribes :restart, "env[HAB_BLDR_URL]"
80
+ subscribes :restart, "template[#{win_service_config}]"
81
+ subscribes :restart, "habitat_package[core/hab-sup]"
82
+ subscribes :restart, "habitat_package[core/hab-launcher]"
83
+ subscribes :restart, "template[C:/hab/sup/default/config/sup.toml]"
84
+ action %i{enable start}
85
+ not_if { node["chef_packages"]["chef"]["chef_root"].include?("/pkgs/chef/chef-infra-client") }
86
+ end
87
+ end
88
+ end
89
+ end
90
+ end
@@ -0,0 +1,107 @@
1
+ # Copyright:: Chef Software Inc.
2
+ # License:: Apache License, Version 2.0
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+ #
16
+ require_relative "../http"
17
+ require_relative "../json_compat"
18
+ require_relative "../resource"
19
+
20
+ class Chef
21
+ class Resource
22
+ class HabitatConfig < Chef::Resource
23
+ unified_mode true
24
+
25
+ provides :habitat_config
26
+
27
+ description "Use the **habitat_config** resource to apply a configuration to a Chef Habitat service."
28
+ introduced "17.3"
29
+ examples <<~DOC
30
+ **Configure your nginx defaults**
31
+
32
+ ```ruby
33
+ habitat_config 'nginx.default' do
34
+ config({
35
+ worker_count: 2,
36
+ http: {
37
+ keepalive_timeout: 120
38
+ }
39
+ })
40
+ end
41
+ ```
42
+ DOC
43
+
44
+ property :config, Mash, required: true, coerce: proc { |m| m.is_a?(Hash) ? Mash.new(m) : m },
45
+ description: "The configuration to apply as a ruby hash, for example, `{ worker_count: 2, http: { keepalive_timeout: 120 } }`."
46
+
47
+ property :service_group, String, name_property: true, desired_state: false,
48
+ description: "The service group to apply the configuration to. For example, `nginx.default`"
49
+
50
+ property :remote_sup, String, default: "127.0.0.1:9632", desired_state: false,
51
+ description: "Address to a remote supervisor's control gateway."
52
+
53
+ # Http port needed for querying/comparing current config value
54
+ property :remote_sup_http, String, default: "127.0.0.1:9631", desired_state: false,
55
+ description: "Address for remote supervisor http port. Used to pull existing."
56
+
57
+ property :gateway_auth_token, String, desired_state: false,
58
+ description: "Auth token for accessing the remote supervisor's http port."
59
+
60
+ property :user, String, desired_state: false,
61
+ description: "Name of user key to use for encryption. Passes `--user` to `hab config apply`."
62
+
63
+ load_current_value do
64
+ http_uri = "http://#{remote_sup_http}"
65
+
66
+ begin
67
+ headers = {}
68
+ headers["Authorization"] = "Bearer #{gateway_auth_token}" if property_is_set?(:gateway_auth_token)
69
+ census = Mash.new(Chef::HTTP::SimpleJSON.new(http_uri).get("/census", headers))
70
+ sc = census["census_groups"][service_group]["service_config"]["value"]
71
+ rescue
72
+ # Default to a blank config if anything (http error, json parsing, finding
73
+ # the config object) goes wrong
74
+ sc = {}
75
+ end
76
+ config sc
77
+ end
78
+
79
+ action :apply, description: "applies the given configuration" do
80
+ converge_if_changed do
81
+ # Use the current timestamp as the serial number/incarnation
82
+ incarnation = Time.now.tv_sec
83
+
84
+ opts = []
85
+ # opts gets flattened by shell_out_compact later
86
+ opts << ["--remote-sup", new_resource.remote_sup] if new_resource.remote_sup
87
+ opts << ["--user", new_resource.user] if new_resource.user
88
+
89
+ tempfile = Tempfile.new(["habitat_config", ".toml"])
90
+ begin
91
+ tempfile.write(render_toml(new_resource.config))
92
+ tempfile.close
93
+
94
+ hab("config", "apply", opts, new_resource.service_group, incarnation, tempfile.path)
95
+ ensure
96
+ tempfile.close
97
+ tempfile.unlink
98
+ end
99
+ end
100
+ end
101
+
102
+ action_class do
103
+ use "../resource/habitat/habitat_shared"
104
+ end
105
+ end
106
+ end
107
+ end