infrataster-plugin-ldap 0.0.1

data/spec/cookbooks/apt/recipes/default.rb

@@ -0,0 +1,98 @@
+#
+# Cookbook Name:: apt
+# Recipe:: default
+#
+# Copyright 2008-2013, Opscode, Inc.
+# Copyright 2009, Bryan McLellan <btm@loftninjas.org>
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# On systems where apt is not installed, the resources in this recipe are not
+# executed. However, they _must_ still be present in the resource collection
+# or other cookbooks which notify these resources will fail on non-apt-enabled
+# systems.
+
+Chef::Log.debug 'apt is not installed. Apt-specific resources will not be executed.' unless apt_installed?
+
+first_run_file = File.join(Chef::Config[:file_cache_path], "apt_compile_time_update_first_run")
+
+# If compile_time_update run apt-get update at compile time
+if node['apt']['compile_time_update'] && ( !::File.exist?('/var/lib/apt/periodic/update-success-stamp') || !::File.exist?(first_run_file) )
+  e = bash 'apt-get-update at compile time' do
+    code <<-EOH
+      apt-get update
+      touch #{first_run_file}
+    EOH
+    ignore_failure true
+    only_if { apt_installed? }
+    action :nothing
+  end
+  e.run_action(:run)
+end
+
+# Run apt-get update to create the stamp file
+execute 'apt-get-update' do
+  command 'apt-get update'
+  ignore_failure true
+  only_if { apt_installed? }
+  not_if { ::File.exist?('/var/lib/apt/periodic/update-success-stamp') }
+end
+
+# For other recipes to call to force an update
+execute 'apt-get update' do
+  command 'apt-get update'
+  ignore_failure true
+  only_if { apt_installed? }
+  action :nothing
+end
+
+# Automatically remove packages that are no longer needed for dependencies
+execute 'apt-get autoremove' do
+  command 'apt-get -y autoremove'
+  only_if { apt_installed? }
+  action :nothing
+end
+
+# Automatically remove .deb files for packages no longer on your system
+execute 'apt-get autoclean' do
+  command 'apt-get -y autoclean'
+  only_if { apt_installed? }
+  action :nothing
+end
+
+# provides /var/lib/apt/periodic/update-success-stamp on apt-get update
+package 'update-notifier-common' do
+  notifies :run, 'execute[apt-get-update]', :immediately
+  only_if { apt_installed? }
+end
+
+execute 'apt-get-update-periodic' do
+  command 'apt-get update'
+  ignore_failure true
+  only_if do
+    apt_installed? &&
+    ::File.exist?('/var/lib/apt/periodic/update-success-stamp') &&
+    ::File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - node['apt']['periodic_update_min_delay']
+  end
+end
+
+%w{/var/cache/local /var/cache/local/preseeding}.each do |dirname|
+  directory dirname do
+    owner 'root'
+    group 'root'
+    mode  00755
+    action :create
+    only_if { apt_installed? }
+  end
+end

data/spec/cookbooks/apt/recipes/unattended-upgrades.rb

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: apt
+# Recipe:: unattended-upgrades
+#
+# Copyright 2014, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# On systems where apt is not installed, the resources in this recipe are not
+# executed. However, they _must_ still be present in the resource collection
+# or other cookbooks which notify these resources will fail on non-apt-enabled
+# systems.
+#
+
+package 'unattended-upgrades' do
+  response_file 'unattended-upgrades.seed.erb'
+  action :install
+end
+
+template '/etc/apt/apt.conf.d/20auto-upgrades' do
+  owner 'root'
+  group 'root'
+  mode '644'
+  source '20auto-upgrades.erb'
+end
+
+template '/etc/apt/apt.conf.d/50unattended-upgrades' do
+  owner 'root'
+  group 'root'
+  mode '644'
+  source '50unattended-upgrades.erb'
+end

data/spec/cookbooks/apt/resources/preference.rb

@@ -0,0 +1,32 @@
+#
+# Cookbook Name:: apt
+# Resource:: preference
+#
+# Copyright 2010-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :add, :remove
+default_action :add if defined?(default_action) # Chef > 10.8
+
+# Needed for Chef versions < 0.10.10
+def initialize(*args)
+  super
+  @action = :add
+end
+
+attribute :package_name, :kind_of => String, :name_attribute => true
+attribute :glob, :kind_of => String
+attribute :pin, :kind_of => String
+attribute :pin_priority, :kind_of => String

data/spec/cookbooks/apt/resources/repository.rb

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: apt
+# Resource:: repository
+#
+# Copyright 2010-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :add, :remove
+default_action :add if defined?(default_action) # Chef > 10.8
+
+# Needed for Chef versions < 0.10.10
+def initialize(*args)
+  super
+  @action = :add
+end
+
+# name of the repo, used for source.list filename
+attribute :repo_name, :kind_of => String, :name_attribute => true
+attribute :uri, :kind_of => String
+attribute :distribution, :kind_of => String
+attribute :components, :kind_of => Array, :default => []
+attribute :arch, :kind_of => String, :default => nil
+attribute :trusted, :kind_of => [TrueClass, FalseClass], :default => false
+# whether or not to add the repository as a source repo as well
+attribute :deb_src, :default => false
+attribute :keyserver, :kind_of => String, :default => nil
+attribute :key, :kind_of => String, :default => nil
+attribute :cookbook, :kind_of => String, :default => nil
+# trigger cache rebuild
+# If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}?
+attribute :cache_rebuild, :kind_of => [TrueClass, FalseClass], :default => true

data/spec/cookbooks/apt/templates/debian-6.0/acng.conf.erb

@@ -0,0 +1,173 @@
+# Letter case in directive names does not matter. Must be separated with colons.
+# Valid boolean values are a zero number for false, non-zero numbers for true.
+
+CacheDir: <%= node['apt']['cacher_dir'] %>
+
+# set empty to disable logging
+LogDir: /var/log/apt-cacher-ng
+
+# TCP (http) port
+# Set to 9999 to emulate apt-proxy
+Port:<%= node['apt']['cacher_port'] %>
+
+# Addresses or hostnames to listen on. Multiple addresses must be separated by
+# spaces. Each entry must be associated with a local interface. DNS resolution
+# is performed using getaddrinfo(3) for all available protocols (i.e. IPv4 and
+# IPv6 if available).
+#
+# Default: not set, will listen on all interfaces.
+#
+# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
+
+#Proxy: http://www-proxy.example.net:80
+#proxy: http://username:proxypassword@proxy.example.net:3128
+
+# Repository remapping. See manual for details.
+# In this example, backends file is generated during package installation.
+Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
+Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
+Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
+Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file
+
+# Virtual page accessible in a web browser to see statistics and status
+# information, i.e. under http://localhost:3142/acng-report.html
+ReportPage: acng-report.html
+
+# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
+# used with inetd bridge or cron client.
+# SocketPath:/var/run/apt-cacher-ng/socket
+
+# Forces log file to be written to disk after every line when set to 1. Default
+# is 0, buffer flush happens after client disconnects.
+#
+# (technically, this is an alias to the Debug option provided for convenience)
+#
+# UnbufferLogs: 0
+
+# Set to 0 to store only type, time and transfer sizes.
+# 1 -> client IP and relative local path are logged too
+# VerboseLog: 1
+
+# Don't detach from the console
+# ForeGround: 0
+
+# Store the pid of the daemon process therein
+# PidFile: /var/run/apt-cacher-ng/pid
+
+# Forbid outgoing connections, work around them or respond with 503 error
+# offlinemode:0
+
+# Forbid all downloads that don't run through preconfigured backends (.where)
+#ForceManaged: 0
+
+# Days before considering an unreferenced file expired (to be deleted).
+# Warning: if the value is set too low and particular index files are not
+# available for some days (mirror downtime) there is a risk of deletion of
+# still usefull package files.
+ExTreshold: 4
+
+# Stop expiration when a critical problem appeared. Currently only failed
+# refresh of an index file is considered as critical.
+#
+# WARNING: don't touch this option or set to a non-zero number.
+# Anything else is DANGEROUS and may cause data loss.
+#
+# ExAbortOnProblems: 1
+
+# Replace some Windows/DOS-FS incompatible chars when storing
+# StupidFs: 0
+
+# Experimental feature for apt-listbugs: pass-through SOAP requests and
+# responses to/from bugs.debian.org. If not set, default is true if
+# ForceManaged is enabled and false otherwise.
+# ForwardBtsSoap: 1
+
+# The daemon has a small cache for DNS data, to speed up resolution. The
+# expiration time of the DNS entries can be configured in seconds.
+# DnsCacheSeconds: 3600
+
+# Don't touch the following values without good consideration!
+#
+# Max. count of connection threads kept ready (for faster response in the
+# future). Should be a sane value between 0 and average number of connections,
+# and depend on the amount of spare RAM.
+# MaxStandbyConThreads: 8
+#
+# Hard limit of active thread count for incomming connections, i.e. operation
+# is refused when this value is reached (below zero = unlimited).
+# MaxConThreads: -1
+#
+#VfilePattern = (^|.*?/)(Index|Packages\.bz2|Packages\.gz|Packages|Release|Release\.gpg|Sources\.bz2|Sources\.gz|Sources|release|index\.db-.*\.gz|Contents-[^/]*\.gz|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*\.bz2)$
+#PfilePattern = .*(\.deb|\.rpm|\.dsc|\.tar\.gz\.gpg|\.tar\.gz|\.diff\.gz|\.diff\.bz2|\.jigdo|\.template|changelog|copyright|\.udeb|\.diff/.*\.gz|vmlinuz|initrd\.gz|(Devel)?ReleaseAnnouncement(\\?.*)?)$
+# Whitelist for expiration, file types not to be removed even when being
+# unreferenced. Default: same as VfilePattern which is a safe bed. When and
+# only when the only used mirrors are official repositories (with working
+# Release files) then it might be set to something more restrictive, like
+# (^|.*?/)(Release|Release\.gpg|release|meta-release|Translation[^/]*\.bz2)$
+#WfilePattern = (^|.*?/)(Index|Packages\.bz2|Packages\.gz|Packages|Release|Release\.gpg|Sources\.bz2|Sources\.gz|Sources|release|index\.db-.*\.gz|Contents-[^/]*\.gz|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*\.bz2)$
+
+# Higher modes only working with the debug version
+# Warning, writes a lot into apt-cacher.err logfile
+# Value overwrites UnbufferLogs setting (aliased)
+# Debug:3
+
+# Usually, general purpose proxies like Squid expose the IP adress of the
+# client user to the remote server using the X-Forwarded-For HTTP header. This
+# behaviour can be optionally turned on with the Expose-Origin option.
+# ExposeOrigin: 0
+
+# When logging the originating IP address, trust the information supplied by
+# the client in the X-Forwarded-For header.
+# LogSubmittedOrigin: 0
+
+# The version string reported to the peer, to be displayed as HTTP client (and
+# version) in the logs of the mirror.
+# WARNING: some archives use this header to detect/guess capabilities of the
+# client (i.e. redirection support) and change the behaviour accordingly, while
+# ACNG might not support the expected features. Expect side effects.
+#
+# UserAgent: Yet Another HTTP Client/1.2.3p4
+
+# In some cases the Import and Expiration tasks might create fresh volatile
+# data for internal use by reconstructing them using patch files. This
+# by-product might be recompressed with bzip2 and with some luck the resulting
+# file becomes identical to the *.bz2 file on the server, usable for APT
+# clients trying to fetch the full .bz2 compressed version. Injection of the
+# generated files into the cache has however a disadvantage on underpowered
+# servers: bzip2 compession can create high load on the server system and the
+# visible download of the busy .bz2 files also becomes slower.
+#
+# RecompBz2: 0
+
+# Network timeout for outgoing connections.
+# NetworkTimeout: 60
+
+# Sometimes it makes sense to not store the data in cache and just return the
+# package data to client as it comes in. DontCache parameters can enable this
+# behaviour for certain URL types. The tokens are extended regular expressions
+# that URLs are matched against.
+#
+# DontCacheRequested is applied to the URL as it comes in from the client.
+# Example: exclude packages built with kernel-package for x86
+# DontCacheRequested: linux-.*_10\...\.Custo._i386
+# Example usecase: exclude popular private IP ranges from caching
+# DontCacheRequested: 192.168.0 ^10\..* 172.30
+#
+# DontCacheResolved is applied to URLs after mapping to the target server. If
+# multiple backend servers are specified then it's only matched against the
+# download link for the FIRST possible source (due to implementation limits).
+# Example usecase: all Ubuntu stuff comes from a local mirror (specified as
+# backend), don't cache it again:
+# DontCacheResolved: ubuntumirror.local.net
+#
+# DontCache directive sets (overrides) both, DontCacheResolved and
+# DontCacheRequested.  Provided for convenience, see those directives for
+# details.
+#
+# Default permission set of freshly created files and directories, as octal
+# numbers (see chmod(1) for details).
+# Can by limited by the umask value (see umask(2) for details) if it's set in
+# the environment of the starting shell, e.g. in apt-cacher-ng init script or
+# in its configuration file.
+# DirPerms: 00755
+# FilePerms: 00664

data/spec/cookbooks/apt/templates/default/01proxy.erb

@@ -0,0 +1,5 @@
+Acquire::http::Proxy "http://<%= @proxy %>:<%= @port %>";
+Acquire::https::Proxy "DIRECT";
+<% @bypass.each do |bypass, type| %>
+Acquire::<%= type %>::Proxy::<%= bypass %> "DIRECT";
+<% end %>

data/spec/cookbooks/apt/templates/default/20auto-upgrades.erb

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "<%= node['apt']['unattended_upgrades']['update_package_lists'] ? 1 : 0 %>";
+APT::Periodic::Unattended-Upgrade "<%= node['apt']['unattended_upgrades']['enabled'] ? 1 : 0 %>";

data/spec/cookbooks/apt/templates/default/50unattended-upgrades.erb

@@ -0,0 +1,62 @@
+// Automatically upgrade packages from these (origin:archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+<% unless node['apt']['unattended_upgrades']['allowed_origins'].empty? -%>
+<% node['apt']['unattended_upgrades']['allowed_origins'].each do |origin| -%>
+	"<%= origin %>";
+<% end -%>
+<% end -%>
+};
+
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+<% unless node['apt']['unattended_upgrades']['package_blacklist'].empty? -%>
+<% node['apt']['unattended_upgrades']['package_blacklist'].each do |package| -%>
+	"<%= package %>";
+<% end -%>
+<% end -%>
+};
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run 
+//   dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+Unattended-Upgrade::AutoFixInterruptedDpkg "<%= node['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] ? 'true' : 'false' %>";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+Unattended-Upgrade::MinimalSteps "<%= node['apt']['unattended_upgrades']['minimal_steps'] ? 'true' : 'false' %>";
+
+// Install all unattended-upgrades when the machine is shuting down
+// instead of doing it in the background while the machine is running
+// This will (obviously) make shutdown slower
+Unattended-Upgrade::InstallOnShutdown "<%= node['apt']['unattended_upgrades']['install_on_shutdown'] ? 'true' : 'false' %>";
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed.
+<% if node['apt']['unattended_upgrades']['mail'] -%>
+Unattended-Upgrade::Mail "<%= node['apt']['unattended_upgrades']['mail'] %>";
+<% end -%>
+
+// Set this value to "true" to get emails only on errors. Default
+// is to always send a mail if Unattended-Upgrade::Mail is set
+Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mail_only_on_error'] ? 'true' : 'false' %>";
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgrades']['remove_unused_dependencies'] ? 'true' : 'false' %>";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a 
+// the file /var/run/reboot-required is found after the upgrade 
+Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>";
+
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+<% if node['apt']['unattended_upgrades']['dl_limit'] -%>
+Acquire::http::Dl-Limit "<%= node['apt']['unattended_upgrades']['dl_limit'] %>";
+<% end -%>