initial commit based on df657da

LICENSE

@@ -0,0 +1,13 @@
+Copyright 2012-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License"). You
+may not use this file except in compliance with the License. A copy of
+the License is located at
+
+    http://aws.amazon.com/apache2.0/
+
+or in the "license" file accompanying this file. This file is
+distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+ANY KIND, either express or implied. See the License for the specific
+language governing permissions and limitations under the License.
+

README.md

@@ -1,4 +1,18 @@
 opsworks-cookbooks
 ==================
 
-Chef Cookbooks for the AWS OpsWorks Service
+These are the standard Chef cookbooks used by OpsWorks 
+
+If you want to override any template (like the Rails database.yml or the Apache vhost definition), this is the
+place to look for the originals.
+
+The stable branch is the one deployed on the instances.
+
+See also <http://www.amazonaws.com/opsworks>
+
+Some of these cookbooks rely on functionality included in our [fork of
+Chef](http://github.com/peritor/chef/tree/scalarium-0.8-stable). That involves either changes already merged in
+[Chef upstream](http://github.com/opscode/chef) or something as simple as retrying to install a Rubygem.
+
+LICENSE: Unless otherwise stated, cookbooks/recipes originated by Amazon AWS OpsWorks are licensed under the Apache 2.0
+license.  See the LICENSE file. Some files are just imported and authored by others. Their license will of course apply.

Rakefile

@@ -0,0 +1,79 @@
+desc 'check literal recipe includes'
+task :validate_literal_includes do
+  Dir['**/*.rb'].each do |file|
+    recipes = File.read(file).scan(/(?:include_recipe\s+(['"])([\w:]+)\1)/).reject {|candidate| candidate.last.include?('#{}')}.map(&:last)
+    recipes.each do |recipe|
+      recipe_file = recipe.include?('::') ? recipe.sub('::', '/recipes/') + '.rb' : recipe + '/recipes/default.rb'
+      unless File.exists?(recipe_file)
+        puts "#{file} includes missing recipe #{recipe}"
+        exit 1
+      end
+    end
+  end
+end
+
+KNOWN_COOKBOOK_ATTRIBUTES = {
+  'opsworks_agent' => 'opsworks_initial_setup',
+  'passenger' => 'passenger_apache2',
+  'ganglia' => 'opsworks_ganglia',
+  'sudoers' => 'ssh_users',
+  'opsworks' => :any,
+  'platform' => :any,
+  'platform_version' => :any
+}
+
+desc 'check declared attribute dependencies'
+task :validate_attribute_dependencies do
+  Dir['**/*.rb'].each do |file|
+    next unless file.match(/\/attributes\//)
+    used_cookbook_attributes = []
+    found_trouble = false
+
+    cookbook_name = file.match(/(\w+)\//)[1]
+    loaded_cookbook_attributes = [cookbook_name]
+
+    attribute_file = File.read(file)
+    attribute_file.each do |line|
+
+      # uses other cookbooks attributes
+      if line.match(/node\[\:(\w+)\]/) && $1 != cookbook_name
+        used_cookbook_attributes << $1
+      end
+
+      # loads/includes attributes
+      if line.match(/include_attribute [\'\"](\w+)[\'\"]/) || line.match(/include_attribute [\'\"](\w+)::\w+[\'\"]/)
+        loaded_cookbook_attributes << $1
+      end
+    end
+
+    used_cookbook_attributes.uniq!
+    loaded_cookbook_attributes.uniq!
+
+    used_cookbook_attributes_without_include = used_cookbook_attributes - loaded_cookbook_attributes
+
+    used_cookbook_attributes_without_include.delete_if{|cookbook_attribute| KNOWN_COOKBOOK_ATTRIBUTES[cookbook_attribute] == :any || loaded_cookbook_attributes.include?(KNOWN_COOKBOOK_ATTRIBUTES[cookbook_attribute]) }
+
+    if used_cookbook_attributes_without_include.size > 0
+      puts "#{file} used attributes from #{used_cookbook_attributes.inspect} but does only loads from #{loaded_cookbook_attributes.inspect}"
+      found_trouble = true
+    end
+
+    if found_trouble
+      exit 1
+    end
+  end
+end
+
+desc 'check syntax of ruby files'
+task :validate_syntax do
+  Dir['**/*.rb'].each do |file|
+    `ruby -c #{file}`
+    if $?.exitstatus != 0
+      puts "syntax error in #{file}"
+      exit 1
+    end
+  end
+end
+
+desc 'run all checks'
+task :default => [:validate_literal_includes, :validate_syntax, :validate_attribute_dependencies]

agent_version/attributes/default.rb

@@ -0,0 +1 @@
+include_attribute 'opsworks_initial_setup::default'

agent_version/recipes/default.rb

@@ -0,0 +1,9 @@
+template "#{node[:opsworks_agent][:shared_dir]}/TARGET_VERSION" do
+  Chef::Log.info "Updating agent TARGET_VERSION to #{node.opsworks.agent_version}"
+  source 'TARGET_VERSION.erb'
+  backup false
+  owner node[:opsworks_agent][:user]
+  group node[:opsworks_agent][:group]
+  mode 0600
+  variables :version => node.opsworks.agent_version
+end

agent_version/specs/default_spec.rb

@@ -0,0 +1,15 @@
+require 'minitest/spec'
+
+describe_recipe 'agent_version::default' do
+  include MiniTest::Chef::Resources
+  include MiniTest::Chef::Assertions
+
+  it 'should write the file with the correct permissions' do
+    file("#{node[:opsworks_agent][:shared_dir]}/TARGET_VERSION").must_exist.with(:mode, '600').and(
+         :owner, "#{node[:opsworks_agent][:user]}").and(:group, "#{node[:opsworks_agent][:group]}")
+  end
+
+  it 'should have the correct version in the file' do
+    file("#{node[:opsworks_agent][:shared_dir]}/TARGET_VERSION").must_include node.opsworks.agent_version
+  end
+end

agent_version/templates/default/TARGET_VERSION.erb

@@ -0,0 +1 @@
+<%= @version %>

apache2/README.rdoc

@@ -0,0 +1,64 @@
+= DESCRIPTION:
+
+Complete Debian/Ubuntu style Apache2 configuration.
+
+= REQUIREMENTS:
+
+Debian or Ubuntu preferred.
+
+Red Hat/CentOS and Fedora can be used but will be converted to a Debian/Ubuntu style Apache as it's far easier to manage with chef. 
+
+= ATTRIBUTES:
+
+The file attributes/apache.rb contains the following attribute types:
+
+* platform specific locations and settings.
+* general settings
+* prefork attributes
+* worker attributes
+
+General settings and prefork/worker attributes are tunable.
+
+= USAGE:
+
+Include the apache2 recipe to install Apache2 and get 'sane' default settings. Configuration is modularized through Apache vhost sites a la Debian style configuration.
+
+For Red Hat, CentOS and Fedora you should first disable selinux as it's not supported (yet), then remove the stock httpd and all it's dependencies prior to attempting to use this recipe. Many packages in these distributions drop conflicting configs into conf.d, all of which haven't been accounted for yet. Starting from scratch will also make it far easier to debug.
+
+== Defines:
+
+* apache_module: sets up an Apache module.
+* apache_conf: sets up a config file for an apache module.
+* apache_site: sets up a vhost site. The conf file must be available.
+* web_app: copies the template for a web app and enables it as a site via apache_site.
+
+== Web Apps:
+
+Various applications that can be set up with Apache as the front end, such as PHP, Django, Rails and others can use the web_app define to set up the template and the Apache site. The define is kind of dumb, so the template needs have the application implementation settings, since we don't know what your app is or what is needed from Apache.
+
+We only prototype one parameter for the web_app define, "template". This is used to specify the name of the template to use in the current cookbook. When you use web_app, you can set up any parameters you want to use in your template. They will get passed to the template through the params hash. For example, the sample web_app.conf.erb template in this cookbook makes use of these.
+
+* docroot
+* server_name
+* server_aliases
+
+These are available as @params[:docroot], @params[:server_name], @params[:server_aliases] within the template. 
+
+If 'cookbook' and 'template' are not specified, the current cookbook's templates/default/web_app.conf.erb will be used. If this template is not suitable for your application, copy it to your cookbook and customize as needed.
+
+= LICENSE & AUTHOR:
+
+Author:: Joshua Timberman (<[email protected]>)
+Copyright:: 2009, Opscode, Inc
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

apache2/attributes/apache.rb

@@ -0,0 +1,95 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: apache
+#
+# Copyright 2008, OpsCode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Where the various parts of apache are
+case node[:platform]
+when 'redhat','centos','fedora','amazon'
+  default[:apache][:dir]         = '/etc/httpd'
+  default[:apache][:log_dir]     = '/var/log/httpd'
+  default[:apache][:user]        = 'apache'
+  default[:apache][:group]       = 'apache'
+  default[:apache][:binary]      = '/usr/sbin/httpd'
+  default[:apache][:icondir]     = '/var/www/icons/'
+  default[:apache][:init_script] = '/etc/init.d/httpd'
+  if node['platform_version'].to_f >= 6 then
+    default[:apache][:pid_file] = '/var/run/httpd/httpd.pid'
+  else
+    default[:apache][:pid_file] = '/var/run/httpd.pid'
+  end
+  default[:apache][:lib_dir]    = node[:kernel][:machine] =~ /^i[36']86$/ ? '/usr/lib/httpd' : '/usr/lib64/httpd'
+  default[:apache][:libexecdir] = "#{node[:apache][:lib_dir]}/modules"
+  default[:apache][:document_root] = '/var/www/html'
+when 'debian','ubuntu'
+  default[:apache][:dir]         = '/etc/apache2'
+  default[:apache][:log_dir]     = '/var/log/apache2'
+  default[:apache][:user]        = 'www-data'
+  default[:apache][:group]       = 'www-data'
+  default[:apache][:binary]      = '/usr/sbin/apache2'
+  default[:apache][:icondir]     = '/usr/share/apache2/icons'
+  default[:apache][:init_script] = '/etc/init.d/apache2'
+  default[:apache][:pid_file]    = '/var/run/apache2.pid'
+  default[:apache][:lib_dir]     = '/usr/lib/apache2'
+  default[:apache][:libexecdir]  = "#{node[:apache][:lib_dir]}/modules"
+  default[:apache][:document_root] = '/var/www'
+else
+  raise 'Bailing out, unknown platform.'
+end
+
+###
+# These settings need the unless, since we want them to be tunable,
+# and we don't want to override the tunings.
+###
+
+# General settings
+default[:apache][:listen_ports] = [ '80','443' ]
+default[:apache][:contact] = '[email protected]'
+default[:apache][:timeout] = 120
+default[:apache][:keepalive] = 'Off'
+default[:apache][:keepaliverequests] = 100
+default[:apache][:keepalivetimeout] = 3
+
+# Security
+default[:apache][:servertokens] = 'Prod'
+default[:apache][:serversignature] = 'Off'
+default[:apache][:traceenable] = 'Off'
+default[:apache][:hide_info_headers] = true
+
+# Prefork Attributes
+default[:apache][:prefork][:startservers] = 16
+default[:apache][:prefork][:minspareservers] = 16
+default[:apache][:prefork][:maxspareservers] = 32
+default[:apache][:prefork][:serverlimit] = 400
+default[:apache][:prefork][:maxclients] = 400
+default[:apache][:prefork][:maxrequestsperchild] = 10000
+
+# Worker Attributes
+default[:apache][:worker][:startservers] = 4
+default[:apache][:worker][:maxclients] = 1024
+default[:apache][:worker][:minsparethreads] = 64
+default[:apache][:worker][:maxsparethreads] = 192
+default[:apache][:worker][:threadsperchild] = 64
+default[:apache][:worker][:maxrequestsperchild] = 10000
+
+# logrotate
+default[:apache][:logrotate][:schedule] = 'daily'
+default[:apache][:logrotate][:rotate] = '30'
+default[:apache][:logrotate][:delaycompress] = true
+default[:apache][:logrotate][:mode] = '640'
+default[:apache][:logrotate][:owner] = 'root'
+default[:apache][:logrotate][:group] = 'adm'

apache2/definitions/apache_conf.rb

@@ -0,0 +1,25 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_conf
+#
+# Copyright 2008, OpsCode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_conf do
+  template "#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf" do
+    source "mods/#{params[:name]}.conf.erb"
+    notifies :restart, resources(:service => 'apache2')
+  end
+end

apache2/definitions/apache_module.rb

@@ -0,0 +1,53 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_module
+#
+# Copyright 2008, OpsCode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, :enable => true, :conf => false do
+  include_recipe 'apache2'
+
+  params[:filename] ||= "mod_#{params[:name]}.so"
+  params[:module_path] ||= "#{node['apache']['libexecdir']}/#{params[:filename]}"
+
+  if params[:conf]
+    apache_conf params[:name]
+  end
+
+  if platform?('redhat', 'centos', 'fedora', 'amazon')
+    file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do
+      content "LoadModule #{params[:name]}_module #{params[:module_path]}\n"
+      mode 0644
+    end
+  end
+
+  if params[:enable]
+    execute "a2enmod #{params[:name]}" do
+      command "/usr/sbin/a2enmod #{params[:name]}"
+      notifies :restart, resources(:service => 'apache2')
+      not_if do (::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") and
+                 ((::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf"))?
+                  (::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf")):(true)))
+      end
+    end
+  else
+    execute "a2dismod #{params[:name]}" do
+      command "/usr/sbin/a2dismod #{params[:name]}"
+      notifies :restart, resources(:service => 'apache2')
+      only_if do ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") end
+    end
+  end
+end