chef 18.3.0 → 18.4.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -1
- data/chef.gemspec +2 -2
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/path_utils.rb +7 -9
- data/lib/chef/cookbook/synchronizer.rb +2 -3
- data/lib/chef/delayed_evaluator.rb +4 -0
- data/lib/chef/file_access_control/windows.rb +4 -1
- data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +2 -0
- data/lib/chef/mixin/homebrew_user.rb +6 -3
- data/lib/chef/monkey_patches/net-http.rb +5 -5
- data/lib/chef/node/attribute_collections.rb +2 -1
- data/lib/chef/node/immutable_collections.rb +2 -1
- data/lib/chef/node/mixin/state_tracking_array.rb +41 -0
- data/lib/chef/node.rb +23 -1
- data/lib/chef/provider/package/apt.rb +11 -2
- data/lib/chef/provider/package/chocolatey.rb +228 -24
- data/lib/chef/provider/package/zypper.rb +5 -0
- data/lib/chef/provider/powershell_script.rb +96 -6
- data/lib/chef/provider/service/systemd.rb +23 -8
- data/lib/chef/provider/service/windows.rb +1 -0
- data/lib/chef/provider/service.rb +14 -0
- data/lib/chef/provider/user.rb +5 -1
- data/lib/chef/recipe.rb +3 -11
- data/lib/chef/resource/_rest_resource.rb +1 -1
- data/lib/chef/resource/apt_package.rb +19 -0
- data/lib/chef/resource/apt_repository.rb +2 -1
- data/lib/chef/resource/chef_client_systemd_timer.rb +1 -1
- data/lib/chef/resource/chocolatey_installer.rb +207 -0
- data/lib/chef/resource/chocolatey_package.rb +8 -0
- data/lib/chef/resource/homebrew_package.rb +1 -1
- data/lib/chef/resource/locale.rb +5 -2
- data/lib/chef/resource/macos_pkg.rb +111 -0
- data/lib/chef/resource/powershell_script.rb +5 -1
- data/lib/chef/resource/service.rb +3 -0
- data/lib/chef/resource/sudo.rb +37 -2
- data/lib/chef/resource/support/ulimit.erb +40 -0
- data/lib/chef/resource/user_ulimit.rb +38 -0
- data/lib/chef/resources.rb +2 -0
- data/lib/chef/version.rb +1 -1
- data/spec/data/trusted_certs/example.crt +29 -20
- data/spec/data/trusted_certs/example_no_cn.crt +30 -34
- data/spec/functional/resource/chocolatey_package_spec.rb +2 -2
- data/spec/functional/resource/zypper_package_spec.rb +10 -0
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +1 -1
- data/spec/unit/delayed_evaluator_spec.rb +35 -0
- data/spec/unit/node_spec.rb +6 -0
- data/spec/unit/provider/package/apt_spec.rb +18 -13
- data/spec/unit/provider/package/chocolatey_spec.rb +40 -12
- data/spec/unit/provider/powershell_script_spec.rb +100 -4
- data/spec/unit/provider/service/systemd_service_spec.rb +1 -0
- data/spec/unit/provider/user/linux_spec.rb +10 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +1 -1
- data/spec/unit/resource/chocolatey_installer_spec.rb +151 -0
- data/spec/unit/resource/macos_pkg_spec.rb +38 -0
- data/spec/unit/resource/powershell_script_spec.rb +2 -2
- metadata +22 -10
@@ -52,6 +52,21 @@ class Chef
|
|
52
52
|
options '--no-install-recommends'
|
53
53
|
end
|
54
54
|
```
|
55
|
+
|
56
|
+
**Prevent the apt_package resource from installing packages with pattern matching names**:
|
57
|
+
|
58
|
+
By default, the apt_package resource will install the named package.
|
59
|
+
If it can't find a package with the exact same name, it will treat the package name as regular expression string and match with any package that matches that regular expression.
|
60
|
+
This may lead Chef Infra Client to install one or more packages with names that match that regular expression.
|
61
|
+
|
62
|
+
In this example, `anchor_package_regex true` prevents the apt_package resource from installing matching packages if it can't find the `lua5.3` package.
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
apt_package 'lua5.3' do
|
66
|
+
version '5.3.3-1.1ubuntu2'
|
67
|
+
anchor_package_regex true
|
68
|
+
end
|
69
|
+
```
|
55
70
|
DOC
|
56
71
|
|
57
72
|
description "Use the **apt_package** resource to manage packages on Debian, Ubuntu, and other platforms that use the APT package system."
|
@@ -75,6 +90,10 @@ class Chef
|
|
75
90
|
description: "A Hash of response file variables in the form of {'VARIABLE' => 'VALUE'}.",
|
76
91
|
default: {}, desired_state: false
|
77
92
|
|
93
|
+
property :anchor_package_regex, [TrueClass, FalseClass],
|
94
|
+
introduced: "18.3",
|
95
|
+
description: "A Boolean flag that indicates whether the package name, which can be a regular expression, must match the entire name of the package (true) or if the regular expression is allowed to match a subset of the name (false).",
|
96
|
+
default: false
|
78
97
|
end
|
79
98
|
end
|
80
99
|
end
|
@@ -99,6 +99,7 @@ class Chef
|
|
99
99
|
```
|
100
100
|
|
101
101
|
**Add repository that needs custom options**:
|
102
|
+
|
102
103
|
```ruby
|
103
104
|
apt_repository 'corretto' do
|
104
105
|
uri 'https://apt.corretto.aws'
|
@@ -172,7 +173,7 @@ class Chef
|
|
172
173
|
default: true, desired_state: false
|
173
174
|
|
174
175
|
property :options, [String, Array],
|
175
|
-
description: "Additional options to set for the repository",
|
176
|
+
description: "Additional options to set for the repository.",
|
176
177
|
default: [], coerce: proc { |x| Array(x) }
|
177
178
|
|
178
179
|
default_action :add
|
@@ -176,7 +176,7 @@ class Chef
|
|
176
176
|
}
|
177
177
|
|
178
178
|
unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
|
179
|
-
unit["Service"]["CPUQuota"] = new_resource.cpu_quota if new_resource.cpu_quota
|
179
|
+
unit["Service"]["CPUQuota"] = "#{new_resource.cpu_quota}%" if new_resource.cpu_quota
|
180
180
|
unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?
|
181
181
|
unit
|
182
182
|
end
|
@@ -0,0 +1,207 @@
|
|
1
|
+
class Chef
|
2
|
+
class Resource
|
3
|
+
class ChocolateyInstaller < Chef::Resource
|
4
|
+
provides :chocolatey_installer
|
5
|
+
|
6
|
+
description "Use the chocolatey_installer resource to ensure that Chocolatey itself is installed to your specification. Use the Chocolatey Feature resource to customize your install. Then use the Chocolatey Package resource to install packages on Windows via Chocolatey."
|
7
|
+
introduced "18.3"
|
8
|
+
examples <<~DOC
|
9
|
+
**Install Chocolatey**
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
chocolatey_installer 'latest' do
|
13
|
+
action :install
|
14
|
+
end
|
15
|
+
```
|
16
|
+
|
17
|
+
**Uninstall Chocolatey**
|
18
|
+
|
19
|
+
```ruby
|
20
|
+
chocolatey_installer 'Some random verbiage' do
|
21
|
+
action :uninstall
|
22
|
+
end
|
23
|
+
```
|
24
|
+
|
25
|
+
**Install Chocolatey with Parameters**
|
26
|
+
|
27
|
+
```ruby
|
28
|
+
chocolatey_installer 'latest' do
|
29
|
+
action :install
|
30
|
+
download_url "https://www.contoso.com/foo"
|
31
|
+
chocolatey_version '2.12.24'
|
32
|
+
end
|
33
|
+
```
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
chocolatey_installer 'latest' do
|
37
|
+
action :install
|
38
|
+
download_url "c:\\foo\foo.nupkg"
|
39
|
+
chocolatey_version '2.12.24'
|
40
|
+
end
|
41
|
+
```
|
42
|
+
|
43
|
+
**Upgrade Chocolatey with Parameters**
|
44
|
+
|
45
|
+
```ruby
|
46
|
+
chocolatey_installer 'latest' do
|
47
|
+
action :upgrade
|
48
|
+
chocolatey_version '2.12.24'
|
49
|
+
end
|
50
|
+
```
|
51
|
+
DOC
|
52
|
+
|
53
|
+
allowed_actions :install, :uninstall, :upgrade
|
54
|
+
|
55
|
+
property :download_url, String,
|
56
|
+
description: "The URL to download Chocolatey from. This sets the value of $env:ChocolateyDownloadUrl and causes the installer to choose an alternate download location. If this is not set, Chocolatey installs fall back to the official Chocolatey community repository to download Chocolatey from. It can also be used for offline installation by providing a path to a Chocolatey.nupkg."
|
57
|
+
|
58
|
+
property :chocolatey_version, String,
|
59
|
+
description: "Specifies a target version of Chocolatey to install. By default, the latest stable version is installed. This will use the value in $env:ChocolateyVersion by default, if that environment variable is present. This parameter is ignored if download_url is set."
|
60
|
+
|
61
|
+
property :use_native_unzip, [TrueClass, FalseClass], default: false,
|
62
|
+
description: "If set, uses built-in Windows decompression tools instead of 7zip when unpacking the downloaded nupkg. This will be set by default if use_native_unzip is set to a value other than 'false' or '0'. This parameter will be ignored in PS 5+ in favour of using the Expand-Archive built in PowerShell cmdlet directly."
|
63
|
+
|
64
|
+
property :ignore_proxy, [TrueClass, FalseClass], default: false,
|
65
|
+
description: "If set, ignores any configured proxy. This will override any proxy environment variables or parameters. This will be set by default if ignore_proxy is set to a value other than 'false' or '0'."
|
66
|
+
|
67
|
+
property :proxy_url, String,
|
68
|
+
description: "Specifies the proxy URL to use during the download."
|
69
|
+
|
70
|
+
property :proxy_user, String,
|
71
|
+
description: "The username to use to build a proxy credential with. Will be consumed by the proxy_credential property if both this property and proxy_password are set"
|
72
|
+
|
73
|
+
property :proxy_password, String,
|
74
|
+
description: "The password to use to build a proxy credential with. Will be consumed by the proxy_credential property if both this property and proxy_user are set"
|
75
|
+
|
76
|
+
load_current_value do
|
77
|
+
current_state = is_choco_installed?
|
78
|
+
current_value_does_not_exist! if current_state == false
|
79
|
+
current_state
|
80
|
+
end
|
81
|
+
|
82
|
+
def is_choco_installed?
|
83
|
+
::File.exist?("#{ENV["ALLUSERSPROFILE"]}\\chocolatey\\bin\\choco.exe")
|
84
|
+
end
|
85
|
+
|
86
|
+
def get_choco_version
|
87
|
+
powershell_exec("choco --version").result
|
88
|
+
end
|
89
|
+
|
90
|
+
def existing_version
|
91
|
+
Gem::Version.new(get_choco_version)
|
92
|
+
end
|
93
|
+
|
94
|
+
def define_resource_requirements
|
95
|
+
requirements.assert(:install, :upgrade).each do |a|
|
96
|
+
a.assertion do
|
97
|
+
# This is an exclusive OR - XOR - we're trying to coax an error out if one, but not both,
|
98
|
+
# parameters are empty.
|
99
|
+
new_resource.proxy_user.nil? != new_resource.proxy_password.nil?
|
100
|
+
end
|
101
|
+
a.failure_message(Chef::Exceptions::ValidationFailed, "You must specify both a proxy_user and a proxy_password")
|
102
|
+
a.whyrun("Assuming that if you have configured a 'proxy_user' you must also supply a 'proxy_password'")
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
action :install, description: "Installs Chocolatey package manager" do
|
107
|
+
if new_resource.download_url
|
108
|
+
powershell_exec("Set-Item -path env:ChocolateyDownloadUrl -Value #{new_resource.download_url}")
|
109
|
+
end
|
110
|
+
|
111
|
+
if new_resource.chocolatey_version
|
112
|
+
powershell_exec("Set-Item -path env:ChocolateyVersion -Value #{new_resource.chocolatey_version}")
|
113
|
+
end
|
114
|
+
|
115
|
+
if new_resource.use_native_unzip
|
116
|
+
powershell_exec("Set-Item -path env:ChocolateyUseWindowsCompression -Value true")
|
117
|
+
end
|
118
|
+
|
119
|
+
if new_resource.ignore_proxy
|
120
|
+
powershell_exec("Set-Item -path env:ChocolateyIgnoreProxy -Value true")
|
121
|
+
end
|
122
|
+
|
123
|
+
if new_resource.proxy_url
|
124
|
+
powershell_exec("Set-Item -path env:ChocolateyProxyLocation -Value #{new_resource.proxy_url}")
|
125
|
+
end
|
126
|
+
|
127
|
+
if new_resource.proxy_user && new_resource.proxy_password
|
128
|
+
powershell_exec("Set-Item -path env:ChocolateyProxyUser -Value #{new_resource.proxy_user}; Set-Item -path env:ChocolateyProxyPassword -Value #{new_resource.proxy_password}")
|
129
|
+
end
|
130
|
+
|
131
|
+
# note that Invoke-Expression is being called on the downloaded script (outer parens),
|
132
|
+
# not triggering the script download (inner parens)
|
133
|
+
converge_if_changed do
|
134
|
+
powershell_exec("Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))").error!
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
action :upgrade, description: "Upgrades the Chocolatey package manager" do
|
139
|
+
if new_resource.chocolatey_version
|
140
|
+
proposed_version = Gem::Version.new(new_resource.chocolatey_version)
|
141
|
+
else
|
142
|
+
proposed_version = nil
|
143
|
+
end
|
144
|
+
|
145
|
+
if new_resource.download_url
|
146
|
+
powershell_exec("Set-Item -path env:ChocolateyDownloadUrl -Value #{new_resource.download_url}")
|
147
|
+
end
|
148
|
+
|
149
|
+
if new_resource.chocolatey_version
|
150
|
+
powershell_exec("Set-Item -path env:ChocolateyVersion -Value #{new_resource.chocolatey_version}")
|
151
|
+
end
|
152
|
+
|
153
|
+
if new_resource.use_native_unzip
|
154
|
+
powershell_exec("Set-Item -path env:ChocolateyUseWindowsCompression -Value true")
|
155
|
+
end
|
156
|
+
|
157
|
+
if new_resource.ignore_proxy
|
158
|
+
powershell_exec("Set-Item -path env:ChocolateyIgnoreProxy -Value true")
|
159
|
+
end
|
160
|
+
|
161
|
+
if new_resource.proxy_url
|
162
|
+
powershell_exec("Set-Item -path env:ChocolateyProxyLocation -Value #{new_resource.proxy_url}")
|
163
|
+
end
|
164
|
+
|
165
|
+
if new_resource.proxy_user && new_resource.proxy_password
|
166
|
+
powershell_exec("Set-Item -path env:ChocolateyProxyUser -Value #{new_resource.proxy_user}; Set-Item -path env:ChocolateyProxyPassword -Value #{new_resource.proxy_password}")
|
167
|
+
end
|
168
|
+
|
169
|
+
if proposed_version && existing_version < proposed_version
|
170
|
+
powershell_exec("Set-Item -path env:ChocolateyVersion -Value #{proposed_version}")
|
171
|
+
else
|
172
|
+
powershell_exec("Remove-Item -path env:ChocolateyVersion")
|
173
|
+
end
|
174
|
+
|
175
|
+
converge_by("upgrade choco version") do
|
176
|
+
powershell_exec("choco upgrade Chocolatey -y").result
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
action :uninstall, description: "Uninstall Chocolatey package manager" do
|
181
|
+
path = "c:\\programdata\\chocolatey\\bin"
|
182
|
+
if File.exists?(path)
|
183
|
+
converge_by("Uninstall Choco") do
|
184
|
+
powershell_code = <<~CODE
|
185
|
+
Remove-Item $env:ALLUSERSPROFILE\\chocolatey -Recurse -Force
|
186
|
+
[Environment]::SetEnvironmentVariable("ChocolateyLastPathUpdate", $null ,"User")
|
187
|
+
[Environment]::SetEnvironmentVariable("ChocolateyToolsLocation", $null ,"User")
|
188
|
+
[Environment]::SetEnvironmentVariable("ChocolateyInstall", $null ,"Machine")
|
189
|
+
$path = [System.Environment]::GetEnvironmentVariable(
|
190
|
+
'PATH',
|
191
|
+
'Machine'
|
192
|
+
)
|
193
|
+
$path = ($path.Split(';') | Where-Object { $_ -ne "#{path}" }) -join ";"
|
194
|
+
[System.Environment]::SetEnvironmentVariable(
|
195
|
+
'PATH',
|
196
|
+
$path,
|
197
|
+
'Machine'
|
198
|
+
)
|
199
|
+
CODE
|
200
|
+
powershell_exec(powershell_code).error!
|
201
|
+
end
|
202
|
+
end
|
203
|
+
Chef::Log.warn("Chocolatey is already uninstalled.")
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
207
|
+
end
|
@@ -67,6 +67,14 @@ class Chef
|
|
67
67
|
description: "The name of the package. Default value: the name of the resource block.",
|
68
68
|
coerce: proc { |x| [x].flatten }
|
69
69
|
|
70
|
+
property :bulk_query, [TrueClass, FalseClass],
|
71
|
+
description: "Bulk query the chocolatey server? This will cause the provider to list all packages instead of doing individual queries.",
|
72
|
+
default: false
|
73
|
+
|
74
|
+
property :use_choco_list, [TrueClass, FalseClass],
|
75
|
+
description: "Use choco list for getting the locally installed packages, rather than reading the nupkg database directly? This defaults to false, since reading the package data is faster.",
|
76
|
+
default: false
|
77
|
+
|
70
78
|
property :version, [String, Array],
|
71
79
|
description: "The version of a package to be installed or upgraded.",
|
72
80
|
coerce: proc { |x| [x].flatten }
|
@@ -63,7 +63,7 @@ class Chef
|
|
63
63
|
allowed_actions :install, :upgrade, :remove, :purge
|
64
64
|
|
65
65
|
property :homebrew_user, [ String, Integer ],
|
66
|
-
description: "The name or
|
66
|
+
description: "The name or UID of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable on x86_64 machines or `/opt/homebrew/bin/brew` executable on arm64 machines. If that executable doesn't exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable can't be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Couldn't find the 'brew' executable anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
|
67
67
|
|
68
68
|
end
|
69
69
|
end
|
data/lib/chef/resource/locale.rb
CHANGED
@@ -112,8 +112,11 @@ class Chef
|
|
112
112
|
end
|
113
113
|
|
114
114
|
requirements.assert(:all_actions) do |a|
|
115
|
-
|
116
|
-
|
115
|
+
a.assertion do
|
116
|
+
# RHEL/CentOS type platforms don't have locale-gen
|
117
|
+
# Windows has locale-gen as part of the install, but not in the path
|
118
|
+
which("locale-gen") || windows?
|
119
|
+
end
|
117
120
|
a.failure_message(Chef::Exceptions::ProviderNotFound, "The locale resource requires the locale-gen tool")
|
118
121
|
end
|
119
122
|
end
|
@@ -0,0 +1,111 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Joshua Timberman (<jtimberman@chef.io>)
|
3
|
+
# Author:: William Theaker (<william.theaker+chef@gusto.com>)
|
4
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require_relative "../resource"
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Resource
|
23
|
+
class MacosPkg < Chef::Resource
|
24
|
+
provides(:macos_pkg) { true }
|
25
|
+
|
26
|
+
description "Use the **macos_pkg** resource to install a macOS `.pkg` file, optionally downloading it from a remote source. A `package_id` property must be provided for idempotency. Either a `file` or `source` property is required."
|
27
|
+
introduced "18.1"
|
28
|
+
examples <<~DOC
|
29
|
+
**Install osquery**:
|
30
|
+
|
31
|
+
```ruby
|
32
|
+
macos_pkg 'osquery' do
|
33
|
+
checksum '1fea8ac9b603851d2e76c5fc73138a468a3075a3002c8cb1fd7fff53b889c4dd'
|
34
|
+
package_id 'io.osquery.agent'
|
35
|
+
source 'https://pkg.osquery.io/darwin/osquery-5.8.2.pkg'
|
36
|
+
action :install
|
37
|
+
end
|
38
|
+
```
|
39
|
+
DOC
|
40
|
+
|
41
|
+
allowed_actions :install
|
42
|
+
default_action :install
|
43
|
+
|
44
|
+
property :checksum, String,
|
45
|
+
description: "The sha256 checksum of the `.pkg` file to download."
|
46
|
+
|
47
|
+
property :file, String,
|
48
|
+
description: "The absolute path to the `.pkg` file on the local system."
|
49
|
+
|
50
|
+
property :headers, Hash,
|
51
|
+
description: "Allows custom HTTP headers (like cookies) to be set on the `remote_file` resource.",
|
52
|
+
desired_state: false
|
53
|
+
|
54
|
+
property :package_id, String,
|
55
|
+
description: "The package ID registered with `pkgutil` when a `pkg` or `mpkg` is installed.",
|
56
|
+
required: true
|
57
|
+
|
58
|
+
property :source, String,
|
59
|
+
description: "The remote URL used to download the `.pkg` file."
|
60
|
+
|
61
|
+
property :target, String,
|
62
|
+
description: "The device to install the package on.",
|
63
|
+
default: "/"
|
64
|
+
|
65
|
+
load_current_value do |new_resource|
|
66
|
+
if shell_out("pkgutil --pkg-info '#{new_resource.package_id}'").exitstatus == 0
|
67
|
+
Chef::Log.debug "#{new_resource.package_id} is already installed. To upgrade, try \"sudo pkgutil --forget '#{new_resource.package_id}'\""
|
68
|
+
else
|
69
|
+
current_value_does_not_exist!
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
action :install, description: "Installs the pkg." do
|
74
|
+
if new_resource.source.nil? && new_resource.file.nil?
|
75
|
+
raise "Must provide either a file or source property for macos_pkg resources."
|
76
|
+
end
|
77
|
+
|
78
|
+
if current_resource.nil?
|
79
|
+
if new_resource.source
|
80
|
+
remote_file pkg_file do
|
81
|
+
source new_resource.source
|
82
|
+
headers new_resource.headers if new_resource.headers
|
83
|
+
checksum new_resource.checksum if new_resource.checksum
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
converge_by "install #{pkg_file}" do
|
88
|
+
install_cmd = "installer -pkg #{pkg_file} -target #{new_resource.target}"
|
89
|
+
|
90
|
+
execute install_cmd do
|
91
|
+
action :run
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
action_class do
|
98
|
+
# @return [String] the path to the pkg file
|
99
|
+
def pkg_file
|
100
|
+
@pkg_file ||= if new_resource.file.nil?
|
101
|
+
uri = URI.parse(new_resource.source)
|
102
|
+
filename = ::File.basename(uri.path)
|
103
|
+
"#{Chef::Config[:file_cache_path]}/#{filename}"
|
104
|
+
else
|
105
|
+
new_resource.file
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
@@ -21,7 +21,7 @@ class Chef
|
|
21
21
|
class Resource
|
22
22
|
class PowershellScript < Chef::Resource::WindowsScript
|
23
23
|
|
24
|
-
set_guard_inherited_attributes(:interpreter)
|
24
|
+
set_guard_inherited_attributes(:interpreter, :use_inline_powershell)
|
25
25
|
|
26
26
|
provides :powershell_script, os: "windows"
|
27
27
|
|
@@ -39,6 +39,10 @@ class Chef
|
|
39
39
|
equal_to: %w{powershell pwsh},
|
40
40
|
description: "The interpreter type, `powershell` or `pwsh` (PowerShell Core)"
|
41
41
|
|
42
|
+
property :use_inline_powershell, [true, false],
|
43
|
+
default: false,
|
44
|
+
description: "Use inline powershell.dll rather than shelling out - this is faster, but could have different semantics to the traditional method. In particular, it does not allow for streaming output, nor does it allow for passing custom parameters to the interpreter"
|
45
|
+
|
42
46
|
property :convert_boolean_return, [true, false],
|
43
47
|
default: false,
|
44
48
|
description: <<~DESC
|
@@ -93,6 +93,9 @@ class Chef
|
|
93
93
|
# if the service is masked or not
|
94
94
|
property :masked, [ TrueClass, FalseClass ], skip_docs: true
|
95
95
|
|
96
|
+
# if the service is static or not
|
97
|
+
property :static, [ TrueClass, FalseClass ], skip_docs: true
|
98
|
+
|
96
99
|
# if the service is indirect or not
|
97
100
|
property :indirect, [ TrueClass, FalseClass ], skip_docs: true
|
98
101
|
|
data/lib/chef/resource/sudo.rb
CHANGED
@@ -59,6 +59,41 @@ class Chef
|
|
59
59
|
nopasswd true
|
60
60
|
end
|
61
61
|
```
|
62
|
+
|
63
|
+
**Create command aliases and assign them to a group**
|
64
|
+
|
65
|
+
```ruby
|
66
|
+
sudo 'webteam' do
|
67
|
+
command_aliases [
|
68
|
+
{
|
69
|
+
'name': 'WEBTEAM_SYSTEMD_JBOSS',
|
70
|
+
'command_list': [
|
71
|
+
'/usr/bin/systemctl start eap7-standalone.service',
|
72
|
+
'/usr/bin/systemctl start jbcs-httpd24-httpd.service', \
|
73
|
+
'/usr/bin/systemctl stop eap7-standalone.service', \
|
74
|
+
'/usr/bin/systemctl stop jbcs-httpd24-httpd.service', \
|
75
|
+
'/usr/bin/systemctl restart eap7-standalone.service', \
|
76
|
+
'/usr/bin/systemctl restart jbcs-httpd24-httpd.service', \
|
77
|
+
'/usr/bin/systemctl --full edit eap7-standalone.service', \
|
78
|
+
'/usr/bin/systemctl --full edit jbcs-httpd24-httpd.service', \
|
79
|
+
'/usr/bin/systemctl daemon-reload',
|
80
|
+
]
|
81
|
+
},
|
82
|
+
{
|
83
|
+
'name': 'GENERIC_SYSTEMD',
|
84
|
+
'command_list': [
|
85
|
+
'/usr/sbin/systemctl list-unit-files',
|
86
|
+
'/usr/sbin/systemctl list-timers', \
|
87
|
+
'/usr/sbin/systemctl is-active *', \
|
88
|
+
'/usr/sbin/systemctl is-enabled *',
|
89
|
+
]
|
90
|
+
}
|
91
|
+
]
|
92
|
+
nopasswd true
|
93
|
+
users '%webteam'
|
94
|
+
commands [ 'WEBTEAM_SYSTEMD_JBOSS', 'GENERIC_SYSTEMD' ]
|
95
|
+
end
|
96
|
+
```
|
62
97
|
DOC
|
63
98
|
|
64
99
|
# According to the sudo man pages sudo will ignore files in an include dir that have a `.` or `~`
|
@@ -79,7 +114,7 @@ class Chef
|
|
79
114
|
coerce: proc { |x| coerce_groups(x) }
|
80
115
|
|
81
116
|
property :commands, Array,
|
82
|
-
description: "An array of full paths to commands this sudoer can execute.",
|
117
|
+
description: "An array of full paths to commands and/or command aliases this sudoer can execute.",
|
83
118
|
default: ["ALL"]
|
84
119
|
|
85
120
|
property :host, String,
|
@@ -110,7 +145,7 @@ class Chef
|
|
110
145
|
default: []
|
111
146
|
|
112
147
|
property :command_aliases, Array,
|
113
|
-
description: "Command aliases that can be used as allowed commands later in the configuration.",
|
148
|
+
description: "Command aliases that can be used as allowed commands later in the configuration. The object represents an array of hashes in the following format: `[{'name':'ALIAS1','command_list': [ 'command1', 'command2' ] }, {'name':'Alias2','command_list: [ 'command3', 'command4 arg1 arg2' ]}]`",
|
114
149
|
default: []
|
115
150
|
|
116
151
|
property :setenv, [TrueClass, FalseClass],
|
@@ -2,6 +2,18 @@
|
|
2
2
|
|
3
3
|
# Limits settings for <%= @ulimit_user %>
|
4
4
|
|
5
|
+
<% unless @as_limit.nil? -%>
|
6
|
+
<%= @ulimit_user -%> - as <%= @as_limit %>
|
7
|
+
<% else -%><% unless @as_soft_limit.nil? -%><%= @ulimit_user -%> soft as <%= @as_soft_limit %><% end -%>
|
8
|
+
<% unless @as_hard_limit.nil? -%><%= @ulimit_user -%> hard as <%= @as_hard_limit %><% end -%>
|
9
|
+
<% end -%>
|
10
|
+
|
11
|
+
<% unless @cpu_limit.nil? -%>
|
12
|
+
<%= @ulimit_user -%> - cpu <%= @cpu_limit %>
|
13
|
+
<% else -%><% unless @cpu_soft_limit.nil? -%><%= @ulimit_user -%> soft cpu <%= @cpu_soft_limit %><% end -%>
|
14
|
+
<% unless @cpu_hard_limit.nil? -%><%= @ulimit_user -%> hard cpu <%= @cpu_hard_limit %><% end -%>
|
15
|
+
<% end -%>
|
16
|
+
|
5
17
|
<% unless @filehandle_limit.nil? -%>
|
6
18
|
<%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
|
7
19
|
<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
|
@@ -14,22 +26,50 @@
|
|
14
26
|
<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
|
15
27
|
<% end -%>
|
16
28
|
|
29
|
+
<% unless @locks_limit.nil? -%>
|
30
|
+
<%= @ulimit_user -%> - locks <%= @locks_limit %>
|
31
|
+
<% end -%>
|
32
|
+
|
17
33
|
<% unless @memory_limit.nil? -%>
|
18
34
|
<%= @ulimit_user -%> - memlock <%= @memory_limit %>
|
19
35
|
<% end -%>
|
20
36
|
|
37
|
+
<% unless @maxlogins_limit.nil? -%>
|
38
|
+
<%= @ulimit_user -%> - maxlogins <%= @maxlogins_limit %>
|
39
|
+
<% else -%><% unless @maxlogins_soft_limit.nil? -%><%= @ulimit_user -%> soft maxlogins <%= @maxlogins_soft_limit %><% end -%>
|
40
|
+
<% unless @maxlogins_hard_limit.nil? -%><%= @ulimit_user -%> hard maxlogins <%= @maxlogins_hard_limit %><% end -%>
|
41
|
+
<% end -%>
|
42
|
+
|
43
|
+
<% unless @msgqueue_limit.nil? -%>
|
44
|
+
<%= @ulimit_user -%> - msgqueue <%= @msgqueue_limit %>
|
45
|
+
<% else -%><% unless @msgqueue_soft_limit.nil? -%><%= @ulimit_user -%> soft msgqueue <%= @msgqueue_soft_limit %><% end -%>
|
46
|
+
<% unless @msgqueue_hard_limit.nil? -%><%= @ulimit_user -%> hard msgqueue <%= @msgqueue_hard_limit %><% end -%>
|
47
|
+
<% end -%>
|
48
|
+
|
21
49
|
<% unless @core_limit.nil? -%>
|
22
50
|
<%= @ulimit_user -%> - core <%= @core_limit %>
|
23
51
|
<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
|
24
52
|
<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
|
25
53
|
<% end -%>
|
26
54
|
|
55
|
+
<% unless @sigpending_limit.nil? -%>
|
56
|
+
<%= @ulimit_user -%> - sigpending <%= @sigpending_limit %>
|
57
|
+
<% else -%><% unless @sigpending_soft_limit.nil? -%><%= @ulimit_user -%> soft sigpending <%= @sigpending_soft_limit %><% end -%>
|
58
|
+
<% unless @sigpending_hard_limit.nil? -%><%= @ulimit_user -%> hard sigpending <%= @sigpending_hard_limit %><% end -%>
|
59
|
+
<% end -%>
|
60
|
+
|
27
61
|
<% unless @stack_limit.nil? -%>
|
28
62
|
<%= @ulimit_user -%> - stack <%= @stack_limit %>
|
29
63
|
<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
|
30
64
|
<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
|
31
65
|
<% end -%>
|
32
66
|
|
67
|
+
<% unless @rss_limit.nil? -%>
|
68
|
+
<%= @ulimit_user -%> - rss <%= @rss_limit %>
|
69
|
+
<% else -%><% unless @rss_soft_limit.nil? -%><%= @ulimit_user -%> soft rss <%= @rss_soft_limit %><% end -%>
|
70
|
+
<% unless @rss_hard_limit.nil? -%><%= @ulimit_user -%> hard rss <%= @rss_hard_limit %><% end -%>
|
71
|
+
<% end -%>
|
72
|
+
|
33
73
|
<% unless @rtprio_limit.nil? -%>
|
34
74
|
<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
|
35
75
|
<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
|
@@ -56,19 +56,38 @@ class Chef
|
|
56
56
|
DOC
|
57
57
|
|
58
58
|
property :username, String, name_property: true
|
59
|
+
property :as_limit, [String, Integer]
|
60
|
+
property :as_soft_limit, [String, Integer]
|
61
|
+
property :as_hard_limit, [String, Integer]
|
59
62
|
property :filehandle_limit, [String, Integer]
|
60
63
|
property :filehandle_soft_limit, [String, Integer]
|
61
64
|
property :filehandle_hard_limit, [String, Integer]
|
62
65
|
property :process_limit, [String, Integer]
|
63
66
|
property :process_soft_limit, [String, Integer]
|
64
67
|
property :process_hard_limit, [String, Integer]
|
68
|
+
property :locks_limit, [String, Integer]
|
65
69
|
property :memory_limit, [String, Integer]
|
70
|
+
property :maxlogins_limit, [String, Integer]
|
71
|
+
property :maxlogins_soft_limit, [String, Integer]
|
72
|
+
property :maxlogins_hard_limit, [String, Integer]
|
73
|
+
property :msgqueue_limit, [String, Integer]
|
74
|
+
property :msgqueue_soft_limit, [String, Integer]
|
75
|
+
property :msgqueue_hard_limit, [String, Integer]
|
66
76
|
property :core_limit, [String, Integer]
|
67
77
|
property :core_soft_limit, [String, Integer]
|
68
78
|
property :core_hard_limit, [String, Integer]
|
79
|
+
property :cpu_limit, [String, Integer]
|
80
|
+
property :cpu_soft_limit, [String, Integer]
|
81
|
+
property :cpu_hard_limit, [String, Integer]
|
82
|
+
property :sigpending_limit, [String, Integer]
|
83
|
+
property :sigpending_soft_limit, [String, Integer]
|
84
|
+
property :sigpending_hard_limit, [String, Integer]
|
69
85
|
property :stack_limit, [String, Integer]
|
70
86
|
property :stack_soft_limit, [String, Integer]
|
71
87
|
property :stack_hard_limit, [String, Integer]
|
88
|
+
property :rss_limit, [String, Integer]
|
89
|
+
property :rss_soft_limit, [String, Integer]
|
90
|
+
property :rss_hard_limit, [String, Integer]
|
72
91
|
property :rtprio_limit, [String, Integer]
|
73
92
|
property :rtprio_soft_limit, [String, Integer]
|
74
93
|
property :rtprio_hard_limit, [String, Integer]
|
@@ -85,19 +104,38 @@ class Chef
|
|
85
104
|
sensitive new_resource.sensitive
|
86
105
|
variables(
|
87
106
|
ulimit_user: new_resource.username,
|
107
|
+
as_limit: new_resource.as_limit,
|
108
|
+
as_soft_limit: new_resource.as_soft_limit,
|
109
|
+
as_hard_limit: new_resource.as_hard_limit,
|
88
110
|
filehandle_limit: new_resource.filehandle_limit,
|
89
111
|
filehandle_soft_limit: new_resource.filehandle_soft_limit,
|
90
112
|
filehandle_hard_limit: new_resource.filehandle_hard_limit,
|
91
113
|
process_limit: new_resource.process_limit,
|
92
114
|
process_soft_limit: new_resource.process_soft_limit,
|
93
115
|
process_hard_limit: new_resource.process_hard_limit,
|
116
|
+
locks_limit: new_resource.locks_limit,
|
94
117
|
memory_limit: new_resource.memory_limit,
|
118
|
+
maxlogins_limit: new_resource.maxlogins_limit,
|
119
|
+
maxlogins_soft_limit: new_resource.maxlogins_soft_limit,
|
120
|
+
maxlogins_hard_limit: new_resource.maxlogins_hard_limit,
|
121
|
+
msgqueue_limit: new_resource.msgqueue_limit,
|
122
|
+
msgqueue_soft_limit: new_resource.msgqueue_soft_limit,
|
123
|
+
msgqueue_hard_limit: new_resource.msgqueue_hard_limit,
|
95
124
|
core_limit: new_resource.core_limit,
|
96
125
|
core_soft_limit: new_resource.core_soft_limit,
|
97
126
|
core_hard_limit: new_resource.core_hard_limit,
|
127
|
+
cpu_limit: new_resource.cpu_limit,
|
128
|
+
cpu_soft_limit: new_resource.cpu_soft_limit,
|
129
|
+
cpu_hard_limit: new_resource.cpu_hard_limit,
|
130
|
+
sigpending_limit: new_resource.sigpending_limit,
|
131
|
+
sigpending_soft_limit: new_resource.sigpending_soft_limit,
|
132
|
+
sigpending_hard_limit: new_resource.sigpending_hard_limit,
|
98
133
|
stack_limit: new_resource.stack_limit,
|
99
134
|
stack_soft_limit: new_resource.stack_soft_limit,
|
100
135
|
stack_hard_limit: new_resource.stack_hard_limit,
|
136
|
+
rss_limit: new_resource.rss_limit,
|
137
|
+
rss_soft_limit: new_resource.rss_soft_limit,
|
138
|
+
rss_hard_limit: new_resource.rss_hard_limit,
|
101
139
|
rtprio_limit: new_resource.rtprio_limit,
|
102
140
|
rtprio_soft_limit: new_resource.rtprio_soft_limit,
|
103
141
|
rtprio_hard_limit: new_resource.rtprio_hard_limit,
|