]> git.openstreetmap.org Git - chef.git/blob - cookbooks/oxidized/recipes/default.rb
Add IPv6 addresses to dulcy
[chef.git] / cookbooks / oxidized / recipes / default.rb
1 #
2 # Cookbook:: oxidized
3 # Recipe:: default
4 #
5 # Copyright:: 2022, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     https://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 include_recipe "git"
21 include_recipe "ruby"
22
23 package %w[
24   gcc
25   g++
26   make
27   cmake
28   libssl-dev
29   libssh2-1-dev
30   zlib1g-dev
31   pkg-config
32   libyaml-dev
33   logrotate
34 ]
35
36 keys = data_bag_item("oxidized", "keys")
37 devices = data_bag_item("oxidized", "devices")
38
39 directory "/etc/oxidized" do
40   owner "root"
41   group "root"
42   mode "755"
43 end
44
45 template "/etc/oxidized/config" do
46   source "config.erb"
47   owner "oxidized"
48   group "oxidized"
49   mode "444"
50   notifies :restart, "service[oxidized]"
51 end
52
53 template "/etc/oxidized/routers.db" do
54   source "routers.db.erb"
55   owner "oxidized"
56   group "oxidized"
57   mode "400"
58   variables :devices => devices
59   notifies :restart, "service[oxidized]"
60 end
61
62 directory "/var/log/oxidized" do
63   owner "oxidized"
64   group "oxidized"
65   mode "755"
66 end
67
68 directory "/opt/oxidized" do
69   owner "oxidized"
70   group "oxidized"
71   mode "755"
72 end
73
74 git "/opt/oxidized/daemon" do
75   action :sync
76   repository "https://github.com/openstreetmap/oxidized.git"
77   depth 1
78   user "oxidized"
79   group "oxidized"
80   notifies :run, "bundle_install[/opt/oxidized/daemon]", :immediately
81 end
82
83 directory "/opt/oxidized/.ssh" do
84   owner "oxidized"
85   group "oxidized"
86   mode "700"
87 end
88
89 # Key is set as a deployment key in github repo
90 file "/opt/oxidized/.ssh/id_ed25519" do
91   content keys["git"].join("\n")
92   owner "oxidized"
93   group "oxidized"
94   mode "400"
95   notifies :delete, "file[/opt/oxidized/.ssh/id_ed25519.pub]", :immediately
96   notifies :restart, "service[oxidized]"
97 end
98
99 # Ensure public key is deleted if private key is changed. Trigged by notify
100 file "/opt/oxidized/.ssh/id_ed25519.pub" do
101   action :nothing
102 end
103
104 execute "/opt/oxidized/.ssh/id_ed25519.pub" do
105   command "ssh-keygen -f /opt/oxidized/.ssh/id_ed25519 -y > /opt/oxidized/.ssh/id_ed25519.pub"
106   user "oxidized"
107   group "oxidized"
108   creates "/opt/oxidized/.ssh/id_ed25519.pub"
109   notifies :restart, "service[oxidized]"
110 end
111
112 ssh_known_hosts_entry "github.com" do
113   action [:create, :flush]
114   file_location "/opt/oxidized/.ssh/known_hosts"
115   owner "oxidized"
116   group "oxidized"
117 end
118
119 directory "/var/lib/oxidized" do
120   owner "oxidized"
121   group "oxidized"
122   mode "750"
123 end
124
125 git "/var/lib/oxidized/configs.git" do
126   action :sync
127   repository "git@github.com:openstreetmap/oxidized-configs.git" # Uses oxidized ssh key
128   checkout_branch "master" # branch is hardcoded in oxidized
129   user "oxidized"
130   group "oxidized"
131 end
132
133 bundle_install "/opt/oxidized/daemon" do
134   action :nothing
135   options "--deployment"
136   user "oxidized"
137   group "oxidized"
138   notifies :restart, "service[oxidized]"
139 end
140
141 # Based on https://github.com/ytti/oxidized/blob/master/extra/oxidized.service
142 systemd_service "oxidized" do
143   description "oxidized network device backup daemon"
144   after "network.target"
145   user "oxidized"
146   working_directory "/opt/oxidized/daemon"
147   runtime_directory "oxidized"
148   exec_start "#{node[:ruby][:bundle]} exec oxidized"
149   environment "OXIDIZED_HOME" => "/etc/oxidized",
150               "OXIDIZED_LOGS" => "/var/log/oxidized"
151   nice 10
152   sandbox :enable_network => true
153   read_write_paths ["/run/oxidized", "/var/lib/oxidized", "/var/log/oxidized"]
154   restart "on-failure"
155   notifies :restart, "service[oxidized]"
156 end
157
158 service "oxidized" do
159   action [:enable, :start]
160 end
161
162 template "/etc/logrotate.d/oxidized" do
163   source "logrotate.erb"
164   owner "root"
165   group "root"
166   mode "644"
167 end