server_maint 0.0.3 → 0.0.4

data/lib/cookbooks/database/LICENSE

@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/lib/cookbooks/database/README.md

@@ -0,0 +1,468 @@
+Database Cookbook
+=================
+
+The main highlight of this cookbook is the `database` and
+`database_user` resources for managing databases and database users in
+a RDBMS. Providers for MySQL, PostgreSQL and SQL Server are also
+provided, see usage documentation below.
+
+This cookbook also contains recipes to configure mysql database
+masters and slaves and uses EBS for storage, integrating together with
+the application cookbook utilizing data bags for application related
+information. These recipes are written primarily to use MySQL and the
+Opscode mysql cookbook. Other RDBMS may be supported at a later date.
+This cookbook does not automatically restore database dumps, but does
+install tools to help with that.
+
+Requirements
+============
+
+Chef version 0.10.10+.
+
+Platform
+--------
+
+* Debian, Ubuntu
+* Red Hat, CentOS, Scientific, Fedora, Amazon
+
+Cookbooks
+---------
+
+The following Opscode cookbooks are dependencies:
+
+* mysql
+* postgresql
+* xfs
+* aws
+
+Resources/Providers
+===================
+
+These resources aim to expose an abstraction layer for interacting
+with different RDBMS in a general way. Currently the cookbook ships
+with providers for MySQL, PostgreSQL and SQL Server. Please see
+specific usage in the __Example__ sections below. The providers use
+specific Ruby gems installed under Chef's Ruby environment to execute
+commands and carry out actions. These gems will need to be installed
+before the providers can operate correctly. Specific notes for each
+RDBS flavor:
+
+- MySQL: leverages the `mysql` gem which is installed as part of the
+  `mysql::ruby` recipe. You can use `database::mysql` to include this,
+  too.
+- PostgreSQL: leverages the `pg` gem which is installed as part of the
+  `postgresql::ruby` recipe. You can use `database::postgresql` to
+  include this, too.
+  Currently does not work in Chef "omnibus" full stack installs, see COOK-1406.
+- SQL Server: leverages the `tiny_tds` gem which is installed as part
+  of the `sql_server::client` recipe.
+
+`database`
+----------
+
+Manage databases in a RDBMS. Use the proper shortcut resource
+depending on your RDBMS: `mysql_database`, `postgresql_database` or
+`sql_server_database`.
+
+### Actions
+
+- :create: create a named database
+- :drop: drop a named database
+- :query: execute an arbitrary query against a named database
+
+### Attribute Parameters
+
+- database_name: name attribute. Name of the database to interact with
+- connection: hash of connection info. valid keys include :host,
+  :port, :username, :password
+- sql: string of sql or a block that executes to a string of sql,
+  which will be executed against the database. used by :query action
+  only
+
+### Providers
+
+- **Chef::Provider::Database::Mysql**: shortcut resource `mysql_database`
+- **Chef::Provider::Database::Postgresql**: shortcut resource `postgresql_database`
+- **Chef::Provider::Database::SqlServer**: shortcut resource `sql_server_database`
+
+### Examples
+
+    # create a mysql database
+    mysql_database 'oracle_rules' do
+      connection ({:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']})
+      action :create
+    end
+
+    # create a sql server database
+    sql_server_database 'mr_softie' do
+      connection ({:host => "127.0.0.1", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']})
+      action :create
+    end
+
+    # create a postgresql database
+    postgresql_database 'mr_softie' do
+      connection ({:host => "127.0.0.1", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']})
+      action :create
+    end
+
+    # create a postgresql database with additional parameters
+    postgresql_database 'mr_softie' do
+      connection ({:host => "127.0.0.1", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']})
+      template 'DEFAULT'
+      encoding 'DEFAULT'
+      tablespace 'DEFAULT'
+      connection_limit '-1'
+      owner 'postgres'
+      action :create
+    end
+
+    # externalize conection info in a ruby hash
+    mysql_connection_info = {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']}
+    sql_server_connection_info = {:host => "localhost", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']}
+    postgresql_connection_info = {:host => "127.0.0.1", :port => 5432, :username => 'postgres', :password => node['postgresql']['password']['postgres']}
+
+    # same create commands, connection info as an external hash
+    mysql_database 'foo' do
+      connection mysql_connection_info
+      action :create
+    end
+    sql_server_database 'foo' do
+      connection sql_server_connection_info
+      action :create
+    end
+    postgresql_database 'foo' do
+      connection postgresql_connection_info
+      action :create
+    end
+
+    # create database, set provider in resource parameter
+    database 'bar' do
+       connection mysql_connection_info
+       provider Chef::Provider::Database::Mysql
+       action :create
+    end
+    database 'bar' do
+      connection sql_server_connection_info
+      provider Chef::Provider::Database::SqlServer
+      action :create
+    end
+    database 'bar' do
+      connection postgresql_connection_info
+      provider Chef::Provider::Database::Postgresql
+      action :create
+    end
+
+    # drop a database
+    mysql_database "baz" do
+      connection mysql_connection_info
+      action :drop
+    end
+
+    # query a database
+    mysql_database "flush the privileges" do
+      connection mysql_connection_info
+      sql "flush privileges"
+      action :query
+    end
+
+    # query a database from a sql script on disk
+    mysql_database "run script" do
+      connection mysql_connection_info
+      sql { ::File.open("/path/to/sql_script.sql").read }
+      action :query
+    end
+
+    # vacuum a postgres database
+    postgres_database "vacuum databases" do
+      connection postgresql_connection_info
+      database_table "template1"
+      sql "VACUUM FULL VERBOSE ANALYZE"
+      action :query
+    end
+
+`database_user`
+---------------
+
+Manage users and user privileges in a RDBMS. Use the proper shortcut
+resource depending on your RDBMS: `mysql_database_user` or
+`sql_server_database_user`.
+
+### Actions
+
+- :create: create a user
+- :drop: drop a user
+- :grant: manipulate user privileges on database objects
+
+### Attribute Parameters
+
+- username: name attribute. Name of the database user
+- password: password for the user account
+- database_name: Name of the database to interact with
+- connection: hash of connection info. valid keys include :host,
+  :port, :username, :password
+- privileges: array of database privileges to grant user. used by the
+  :grant action. default is :all
+- host: host where user connections are allowed from. used by MySQL
+  provider only. default is 'localhost'
+- table: table to grant privileges on. used by :grant action and MySQL
+  provider only. default is '*' (all tables)
+
+### Providers
+
+- **Chef::Provider::Database::MysqlUser**: shortcut resource
+    `mysql_database_user`
+- **Chef::Provider::Database::SqlServerUser**: shortcut resource
+    `sql_server_database_user`
+
+### Examples
+
+    # create connection info as an external ruby hash
+    mysql_connection_info = {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']}
+    sql_server_connection_info = {:host => "localhost", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']}
+
+    # create a mysql user but grant no priveleges
+    mysql_database_user 'disenfranchised' do
+      connection mysql_connection_info
+      password 'super_secret'
+      action :create
+    end
+
+    # do the same but pass the provider to the database resource
+    database_user 'disenfranchised' do
+      connection mysql_connection_info
+      password 'super_secret'
+      provider Chef::Provider::Database::MysqlUser
+      action :create
+    end
+
+    # create a sql server user but grant no priveleges
+    sql_server_database_user 'disenfranchised' do
+      connection sql_server_connection_info
+      password 'super_secret'
+      action :create
+    end
+
+    # drop a mysql user
+    mysql_database_user "foo_user" do
+      connection mysql_connection_info
+      action :drop
+    end
+
+    # bulk drop sql server users
+    %w{ disenfranchised foo_user }.each do |user|
+      sql_server_database_user user do
+        connection sql_server_connection_info
+        action :drop
+      end
+    end
+
+    # grant select,update,insert privileges to all tables in foo db from all hosts
+    mysql_database_user 'foo_user' do
+      connection mysql_connection_info
+      password 'super_secret'
+      database_name 'foo'
+      host '%'
+      privileges [:select,:update,:insert]
+      action :grant
+    end
+
+    # grant all privelages on all databases/tables from localhost
+    mysql_database_user 'super_user' do
+      connection mysql_connection_info
+      password 'super_secret'
+      action :grant
+    end
+
+    # grant select,update,insert privileges to all tables in foo db
+    sql_server_database_user 'foo_user' do
+      connection sql_server_connection_info
+      password 'super_secret'
+      database_name 'foo'
+      privileges [:select,:update,:insert]
+      action :grant
+    end
+
+Recipes
+=======
+
+ebs\_volume
+-----------
+
+*Note*: This recipe does not currently work on RHEL platforms due to
+ the xfs cookbook not supporting RHEL yet.
+
+Loads the aws information from the data bag. Searches the applications
+data bag for the database master or slave role and checks that role is
+applied to the node. Loads the EBS information and the master
+information from data bags. Uses the aws cookbook LWRP,
+`aws_ebs_volume` to manage the volume.
+
+On a master node:
+* if we have an ebs volume already as stored in a data bag, attach it.
+* if we don't have the ebs information then create a new one and
+  attach it.
+* store the volume information in a data bag via a ruby block.
+
+On a slave node:
+* use the master volume information to generate a snapshot.
+* create the new volume from the snapshot and attach it.
+
+Also on a master node, generate some configuration for running a
+snapshot via `chef-solo` from cron.
+
+On a new filesystem volume, create as XFS, then mount it in /mnt, and
+also bind-mount it to the mysql data directory (default
+/var/lib/mysql).
+
+master
+------
+
+This recipe no longer loads AWS specific information, and the database
+position for replication is no longer stored in a databag because the
+client might not have permission to write to the databag item. This
+may be handled in a different way at a future date.
+
+Searches the apps databag for applications, and for each one it will
+check that the specified database master role is set in both the
+databag and applied to the node's run list. Then, retrieves the
+passwords for `root`, `repl` and `debian` users and saves them to the
+node attributes. If the passwords are not found in the databag, it
+prints a message that they'll be generated by the mysql cookbook.
+
+Then it adds the application databag database settings to a hash, to
+use later.
+
+Then it will iterate over the databases and create them with the
+`mysql_database` resource while adding privileges for application
+specific database users using the `mysql_database_user` resource.
+
+slave
+-----
+
+_TODO_: Retrieve the master status from a data bag, then start
+replication using a ruby block. The replication status needs to be
+handled in some other way for now since the master recipe above
+doesn't actually set it in the databag anymore.
+
+snapshot
+--------
+
+Run via Chef Solo. Retrieves the db snapshot configuration from the
+specified JSON file. Uses the `mysql_database` resource to lock and
+unlock tables, and does a filesystem freeze and EBS snapshot.
+
+Deprecated Recipes
+==================
+
+The following recipe is considered deprecated. It is kept for
+reference purposes.
+
+ebs\_backup
+-----------
+
+Older style of doing mysql snapshot and replication using Adam Jacob's
+[ec2_mysql](http://github.com/adamhjk/ec2_mysql) script and library.
+
+Data Bags
+=========
+
+This cookbook uses the apps data bag item for the specified
+application; see the `application` cookbook's README.md. It also
+creates data bag items in a bag named 'aws' for storing volume
+information. In order to interact with EC2, it expects aws to have a
+main item:
+
+    {
+      "id": "main",
+      "ec2_private_key": "private key as a string",
+      "ec2_cert": "certificate as a string",
+      "aws_account_id": "",
+      "aws_secret_access_key": "",
+      "aws_access_key_id": ""
+    }
+
+Note: with the Open Source Chef Server, the server using the database
+recipes must be an admin client or it will not be able to create data
+bag items. You can modify whether the client is admin by editing it
+with knife.
+
+    knife client edit <client_name>
+    {
+      ...
+      "admin": true
+      ...
+    }
+
+This is not required if the Chef Server is Opscode Hosted Chef,
+instead use the ACL feature to modify access for the node to be able
+to update the data bag.
+
+Usage
+=====
+
+Aside from the application data bag (see the README in the application
+cookbook), create a role for the database master. Use a role.rb in
+your chef-repo, or create the role directly with knife.
+
+    % knife role show my_app_database_master -Fj
+    {
+      "name": "my_app_database_master",
+      "chef_type": "role",
+      "json_class": "Chef::Role",
+      "default_attributes": {
+      },
+      "description": "",
+      "run_list": [
+        "recipe[mysql::server]",
+        "recipe[database::master]"
+      ],
+      "override_attributes": {
+      }
+    }
+
+Create a `production` environment. This is also used in the
+`application` cookbook.
+
+    % knife environment show production -Fj
+    {
+      "name": "production",
+      "description": "",
+      "cookbook_versions": {
+      },
+      "json_class": "Chef::Environment",
+      "chef_type": "environment",
+      "default_attributes": {
+      },
+      "override_attributes": {
+      }
+    }
+
+
+The cookbook `my_app_database` is recommended to set up any
+application specific database resources such as configuration
+templates, trending monitors, etc. It is not required, but you would
+need to create it separately in `site-cookbooks`. Add it to the
+`my_app_database_master` role.
+
+License and Author
+==================
+
+- Author:: Adam Jacob (<adam@opscode.com>)
+- Author:: Joshua Timberman (<joshua@opscode.com>)
+- Author:: AJ Christensen (<aj@opscode.com>)
+- Author:: Seth Chisamore (<schisamo@opscode.com>)
+- Author:: Lamont Granquist (<lamont@opscode.com>)
+
+Copyright 2009-2012, Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.