from-scratch 0.1.0 → 0.1.1

data/cookbooks/apt/recipes/cacher-client.rb

@@ -0,0 +1,83 @@
+#
+# Cookbook Name:: apt
+# Recipe:: cacher-client
+#
+# Copyright 2011-2013 Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class ::Chef::Recipe
+  include ::Apt
+end
+
+# remove Acquire::http::Proxy lines from /etc/apt/apt.conf since we use 01proxy
+# these are leftover from preseed installs
+execute 'Remove proxy from /etc/apt/apt.conf' do
+  command "sed --in-place '/^Acquire::http::Proxy/d' /etc/apt/apt.conf"
+  only_if 'grep Acquire::http::Proxy /etc/apt/apt.conf'
+end
+
+servers = []
+if node['apt']
+  if node['apt']['cacher_ipaddress']
+    cacher = Chef::Node.new
+    cacher.default.name = node['apt']['cacher_ipaddress']
+    cacher.default.ipaddress = node['apt']['cacher_ipaddress']
+    cacher.default.apt.cacher_port = node['apt']['cacher_port']
+    cacher.default.apt.cacher_interface = node['apt']['cacher_interface']
+    cacher.default.apt.cacher_ssl_support = node['apt']['cacher_ssl_support']
+    servers << cacher
+  elsif node['apt']['caching_server']
+    node.override['apt']['compiletime'] = false
+    servers << node
+  end
+end
+
+unless Chef::Config[:solo] || servers.length > 0
+  query = 'apt_caching_server:true'
+  query += " AND chef_environment:#{node.chef_environment}" if node['apt']['cacher-client']['restrict_environment']
+  Chef::Log.debug("apt::cacher-client searching for '#{query}'")
+  servers += search(:node, query)
+end
+
+if servers.length > 0
+  Chef::Log.info("apt-cacher-ng server found on #{servers[0]}.")
+  if servers[0]['apt']['cacher_interface']
+    cacher_ipaddress = interface_ipaddress(servers[0], servers[0]['apt']['cacher_interface'])
+  else
+    cacher_ipaddress = servers[0].ipaddress
+  end
+  t = template '/etc/apt/apt.conf.d/01proxy' do
+    source '01proxy.erb'
+    owner 'root'
+    group 'root'
+    mode 00644
+    variables(
+      proxy: cacher_ipaddress,
+      port: servers[0]['apt']['cacher_port'],
+      proxy_ssl: servers[0]['apt']['cacher_ssl_support'],
+      bypass: node['apt']['cache_bypass']
+    )
+    action(node['apt']['compiletime'] ? :nothing : :create)
+    notifies :run, 'execute[apt-get update]', :immediately
+  end
+  t.run_action(:create) if node['apt']['compiletime']
+else
+  Chef::Log.info('No apt-cacher-ng server found.')
+  file '/etc/apt/apt.conf.d/01proxy' do
+    action :delete
+  end
+end
+
+include_recipe 'apt::default'

data/cookbooks/apt/recipes/cacher-ng.rb

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: apt
+# Recipe:: cacher-ng
+#
+# Copyright 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.set['apt']['caching_server'] = true
+
+package 'apt-cacher-ng' do
+  action :install
+end
+
+directory node['apt']['cacher_dir'] do
+  owner 'apt-cacher-ng'
+  group 'apt-cacher-ng'
+  mode 0755
+end
+
+template '/etc/apt-cacher-ng/acng.conf' do
+  source 'acng.conf.erb'
+  owner 'root'
+  group 'root'
+  mode 00644
+  notifies :restart, 'service[apt-cacher-ng]', :immediately
+end
+
+service 'apt-cacher-ng' do
+  supports restart: true, status: false
+  action [:enable, :start]
+end

data/cookbooks/apt/recipes/default.rb

@@ -0,0 +1,112 @@
+#
+# Cookbook Name:: apt
+# Recipe:: default
+#
+# Copyright 2008-2013, Chef Software, Inc.
+# Copyright 2009, Bryan McLellan <btm@loftninjas.org>
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# On systems where apt is not installed, the resources in this recipe are not
+# executed. However, they _must_ still be present in the resource collection
+# or other cookbooks which notify these resources will fail on non-apt-enabled
+# systems.
+
+Chef::Log.debug 'apt is not installed. Apt-specific resources will not be executed.' unless apt_installed?
+
+first_run_file = File.join(Chef::Config[:file_cache_path], 'apt_compile_time_update_first_run')
+
+file '/var/lib/apt/periodic/update-success-stamp' do
+  owner 'root'
+  group 'root'
+  only_if { apt_installed? }
+  action :nothing
+end
+
+# If compile_time_update run apt-get update at compile time
+if node['apt']['compile_time_update'] && (!apt_up_to_date? || !::File.exist?(first_run_file))
+  e = bash 'apt-get-update at compile time' do
+    code <<-EOH
+      apt-get update
+      touch #{first_run_file}
+    EOH
+    ignore_failure true
+    only_if { apt_installed? }
+    action :nothing
+    notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
+  end
+  e.run_action(:run)
+end
+
+# Updates 'apt-get update' timestamp after each update success
+directory '/etc/apt/apt.conf.d' do
+  recursive true
+end
+
+cookbook_file '/etc/apt/apt.conf.d/15update-stamp' do
+  source '15update-stamp'
+end
+
+# For other recipes to call to force an update
+execute 'apt-get update' do
+  command 'apt-get update'
+  ignore_failure true
+  only_if { apt_installed? }
+  action :nothing
+  notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
+end
+
+# Automatically remove packages that are no longer needed for dependencies
+execute 'apt-get autoremove' do
+  command 'apt-get -y autoremove'
+  only_if { apt_installed? }
+  action :nothing
+end
+
+# Automatically remove .deb files for packages no longer on your system
+execute 'apt-get autoclean' do
+  command 'apt-get -y autoclean'
+  only_if { apt_installed? }
+  action :nothing
+end
+
+execute 'apt-get-update-periodic' do
+  command 'apt-get update'
+  ignore_failure true
+  only_if { apt_installed? }
+  not_if { apt_up_to_date? }
+  notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
+end
+
+%w(/var/cache/local /var/cache/local/preseeding).each do |dirname|
+  directory dirname do
+    owner 'root'
+    group 'root'
+    mode 00755
+    action :create
+    only_if { apt_installed? }
+  end
+end
+
+template '/etc/apt/apt.conf.d/10recommends' do
+  owner 'root'
+  group 'root'
+  mode '644'
+  source '10recommends.erb'
+end
+
+package 'apt-transport-https' do
+  only_if { apt_installed? }
+  action :install
+end

data/cookbooks/apt/recipes/unattended-upgrades.rb

@@ -0,0 +1,47 @@
+#
+# Cookbook Name:: apt
+# Recipe:: unattended-upgrades
+#
+# Copyright 2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# On systems where apt is not installed, the resources in this recipe are not
+# executed. However, they _must_ still be present in the resource collection
+# or other cookbooks which notify these resources will fail on non-apt-enabled
+# systems.
+#
+
+package 'unattended-upgrades' do
+  response_file 'unattended-upgrades.seed.erb'
+  action :install
+end
+
+package 'bsd-mailx' do
+  only_if { node['apt']['unattended_upgrades']['mail'] }
+end
+
+template '/etc/apt/apt.conf.d/20auto-upgrades' do
+  owner 'root'
+  group 'root'
+  mode '644'
+  source '20auto-upgrades.erb'
+end
+
+template '/etc/apt/apt.conf.d/50unattended-upgrades' do
+  owner 'root'
+  group 'root'
+  mode '644'
+  source '50unattended-upgrades.erb'
+end

data/cookbooks/apt/resources/preference.rb

@@ -0,0 +1,37 @@
+#
+# Cookbook Name:: apt
+# Resource:: preference
+#
+# Copyright 2010-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :add, :remove
+default_action :add if defined?(default_action) # Chef > 10.8
+
+# Needed for Chef versions < 0.10.10
+def initialize(*args)
+  super
+  @action = :add
+end
+
+state_attrs :glob,
+            :package_name,
+            :pin,
+            :pin_priority
+
+attribute :package_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*)+$/]
+attribute :glob, kind_of: String
+attribute :pin, kind_of: String
+attribute :pin_priority, kind_of: String

data/cookbooks/apt/resources/repository.rb

@@ -0,0 +1,60 @@
+#
+# Cookbook Name:: apt
+# Resource:: repository
+#
+# Copyright 2010-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :add, :remove
+default_action :add if defined?(default_action) # Chef > 10.8
+
+# Needed for Chef versions < 0.10.10
+def initialize(*args)
+  super
+  @action = :add
+end
+
+state_attrs :arch,
+            :cache_rebuild,
+            :components,
+            :cookbook,
+            :deb_src,
+            :distribution,
+            :key,
+            :keyserver,
+            :key_proxy,
+            :repo_name,
+            :trusted,
+            :uri,
+            :sensitive
+
+# name of the repo, used for source.list filename
+attribute :repo_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/]
+attribute :uri, kind_of: String
+attribute :distribution, kind_of: String
+attribute :components, kind_of: Array, default: []
+attribute :arch, kind_of: String, default: nil
+attribute :trusted, kind_of: [TrueClass, FalseClass], default: false
+# whether or not to add the repository as a source repo as well
+attribute :deb_src, default: false
+attribute :keyserver, kind_of: String, default: nil
+attribute :key, kind_of: String, default: nil
+attribute :key_proxy, kind_of: String, default: node['apt']['key_proxy']
+attribute :cookbook, kind_of: String, default: nil
+# trigger cache rebuild
+# If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}?
+attribute :cache_rebuild, kind_of: [TrueClass, FalseClass], default: true
+# Hide content of the source file, don't show output for commands being run, etc.
+attribute :sensitive, kind_of: [TrueClass, FalseClass], default: false

data/cookbooks/apt/templates/debian-6.0/acng.conf.erb

@@ -0,0 +1,173 @@
+# Letter case in directive names does not matter. Must be separated with colons.
+# Valid boolean values are a zero number for false, non-zero numbers for true.
+
+CacheDir: <%= node['apt']['cacher_dir'] %>
+
+# set empty to disable logging
+LogDir: /var/log/apt-cacher-ng
+
+# TCP (http) port
+# Set to 9999 to emulate apt-proxy
+Port:<%= node['apt']['cacher_port'] %>
+
+# Addresses or hostnames to listen on. Multiple addresses must be separated by
+# spaces. Each entry must be associated with a local interface. DNS resolution
+# is performed using getaddrinfo(3) for all available protocols (i.e. IPv4 and
+# IPv6 if available).
+#
+# Default: not set, will listen on all interfaces.
+#
+# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
+
+#Proxy: http://www-proxy.example.net:80
+#proxy: http://username:proxypassword@proxy.example.net:3128
+
+# Repository remapping. See manual for details.
+# In this example, backends file is generated during package installation.
+Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
+Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
+Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
+Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file
+
+# Virtual page accessible in a web browser to see statistics and status
+# information, i.e. under http://localhost:3142/acng-report.html
+ReportPage: acng-report.html
+
+# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
+# used with inetd bridge or cron client.
+# SocketPath:/var/run/apt-cacher-ng/socket
+
+# Forces log file to be written to disk after every line when set to 1. Default
+# is 0, buffer flush happens after client disconnects.
+#
+# (technically, this is an alias to the Debug option provided for convenience)
+#
+# UnbufferLogs: 0
+
+# Set to 0 to store only type, time and transfer sizes.
+# 1 -> client IP and relative local path are logged too
+# VerboseLog: 1
+
+# Don't detach from the console
+# ForeGround: 0
+
+# Store the pid of the daemon process therein
+# PidFile: /var/run/apt-cacher-ng/pid
+
+# Forbid outgoing connections, work around them or respond with 503 error
+# offlinemode:0
+
+# Forbid all downloads that don't run through preconfigured backends (.where)
+#ForceManaged: 0
+
+# Days before considering an unreferenced file expired (to be deleted).
+# Warning: if the value is set too low and particular index files are not
+# available for some days (mirror downtime) there is a risk of deletion of
+# still usefull package files.
+ExTreshold: 4
+
+# Stop expiration when a critical problem appeared. Currently only failed
+# refresh of an index file is considered as critical.
+#
+# WARNING: don't touch this option or set to a non-zero number.
+# Anything else is DANGEROUS and may cause data loss.
+#
+# ExAbortOnProblems: 1
+
+# Replace some Windows/DOS-FS incompatible chars when storing
+# StupidFs: 0
+
+# Experimental feature for apt-listbugs: pass-through SOAP requests and
+# responses to/from bugs.debian.org. If not set, default is true if
+# ForceManaged is enabled and false otherwise.
+# ForwardBtsSoap: 1
+
+# The daemon has a small cache for DNS data, to speed up resolution. The
+# expiration time of the DNS entries can be configured in seconds.
+# DnsCacheSeconds: 3600
+
+# Don't touch the following values without good consideration!
+#
+# Max. count of connection threads kept ready (for faster response in the
+# future). Should be a sane value between 0 and average number of connections,
+# and depend on the amount of spare RAM.
+# MaxStandbyConThreads: 8
+#
+# Hard limit of active thread count for incomming connections, i.e. operation
+# is refused when this value is reached (below zero = unlimited).
+# MaxConThreads: -1
+#
+#VfilePattern = (^|.*?/)(Index|Packages\.bz2|Packages\.gz|Packages|Release|Release\.gpg|Sources\.bz2|Sources\.gz|Sources|release|index\.db-.*\.gz|Contents-[^/]*\.gz|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*\.bz2)$
+#PfilePattern = .*(\.deb|\.rpm|\.dsc|\.tar\.gz\.gpg|\.tar\.gz|\.diff\.gz|\.diff\.bz2|\.jigdo|\.template|changelog|copyright|\.udeb|\.diff/.*\.gz|vmlinuz|initrd\.gz|(Devel)?ReleaseAnnouncement(\\?.*)?)$
+# Whitelist for expiration, file types not to be removed even when being
+# unreferenced. Default: same as VfilePattern which is a safe bed. When and
+# only when the only used mirrors are official repositories (with working
+# Release files) then it might be set to something more restrictive, like
+# (^|.*?/)(Release|Release\.gpg|release|meta-release|Translation[^/]*\.bz2)$
+#WfilePattern = (^|.*?/)(Index|Packages\.bz2|Packages\.gz|Packages|Release|Release\.gpg|Sources\.bz2|Sources\.gz|Sources|release|index\.db-.*\.gz|Contents-[^/]*\.gz|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*\.bz2)$
+
+# Higher modes only working with the debug version
+# Warning, writes a lot into apt-cacher.err logfile
+# Value overwrites UnbufferLogs setting (aliased)
+# Debug:3
+
+# Usually, general purpose proxies like Squid expose the IP adress of the
+# client user to the remote server using the X-Forwarded-For HTTP header. This
+# behaviour can be optionally turned on with the Expose-Origin option.
+# ExposeOrigin: 0
+
+# When logging the originating IP address, trust the information supplied by
+# the client in the X-Forwarded-For header.
+# LogSubmittedOrigin: 0
+
+# The version string reported to the peer, to be displayed as HTTP client (and
+# version) in the logs of the mirror.
+# WARNING: some archives use this header to detect/guess capabilities of the
+# client (i.e. redirection support) and change the behaviour accordingly, while
+# ACNG might not support the expected features. Expect side effects.
+#
+# UserAgent: Yet Another HTTP Client/1.2.3p4
+
+# In some cases the Import and Expiration tasks might create fresh volatile
+# data for internal use by reconstructing them using patch files. This
+# by-product might be recompressed with bzip2 and with some luck the resulting
+# file becomes identical to the *.bz2 file on the server, usable for APT
+# clients trying to fetch the full .bz2 compressed version. Injection of the
+# generated files into the cache has however a disadvantage on underpowered
+# servers: bzip2 compession can create high load on the server system and the
+# visible download of the busy .bz2 files also becomes slower.
+#
+# RecompBz2: 0
+
+# Network timeout for outgoing connections.
+# NetworkTimeout: 60
+
+# Sometimes it makes sense to not store the data in cache and just return the
+# package data to client as it comes in. DontCache parameters can enable this
+# behaviour for certain URL types. The tokens are extended regular expressions
+# that URLs are matched against.
+#
+# DontCacheRequested is applied to the URL as it comes in from the client.
+# Example: exclude packages built with kernel-package for x86
+# DontCacheRequested: linux-.*_10\...\.Custo._i386
+# Example usecase: exclude popular private IP ranges from caching
+# DontCacheRequested: 192.168.0 ^10\..* 172.30
+#
+# DontCacheResolved is applied to URLs after mapping to the target server. If
+# multiple backend servers are specified then it's only matched against the
+# download link for the FIRST possible source (due to implementation limits).
+# Example usecase: all Ubuntu stuff comes from a local mirror (specified as
+# backend), don't cache it again:
+# DontCacheResolved: ubuntumirror.local.net
+#
+# DontCache directive sets (overrides) both, DontCacheResolved and
+# DontCacheRequested.  Provided for convenience, see those directives for
+# details.
+#
+# Default permission set of freshly created files and directories, as octal
+# numbers (see chmod(1) for details).
+# Can by limited by the umask value (see umask(2) for details) if it's set in
+# the environment of the starting shell, e.g. in apt-cacher-ng init script or
+# in its configuration file.
+# DirPerms: 00755
+# FilePerms: 00664