action :create do
if key
- execute "apt-key-#{key}-clean" do
+ execute "apt-key-#{new_resource.key}-clean" do
command "/usr/bin/apt-key adv --batch --delete-key --yes #key}"
- only_if "/usr/bin/apt-key adv --list-keys #{key} | fgrep expired"
+ only_if "/usr/bin/apt-key adv --list-keys #{new_resource.key} | fgrep expired"
end
if key_url
- execute "apt-key-#{key}-install" do
- command "/usr/bin/apt-key adv --fetch-keys #{key_url}"
- not_if "/usr/bin/apt-key adv --list-keys #{key}"
- notifies :run, "execute[apt-update-#{source_name}]"
+ execute "apt-key-#{new_resource.key}-install" do
+ command "/usr/bin/apt-key adv --fetch-keys #{new_resource.key_url}"
+ not_if "/usr/bin/apt-key adv --list-keys #{new_resource.key}"
+ notifies :run, "execute[apt-update-#{new_resource.source_name}]"
end
else
- execute "apt-key-#{key}-install" do
- command "/usr/bin/apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys #{key}"
- not_if "/usr/bin/apt-key adv --list-keys #{key}"
- notifies :run, "execute[apt-update-#{source_name}]"
+ execute "apt-key-#{new_resource.key}-install" do
+ command "/usr/bin/apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys #{new_resource.key}"
+ not_if "/usr/bin/apt-key adv --list-keys #{new_resource.key}"
+ notifies :run, "execute[apt-update-#{new_resource.source_name}]"
end
end
end
group "root"
mode 0o644
variables :url => url
- notifies :run, "execute[apt-update-#{source_name}]"
+ notifies :run, "execute[apt-update-#{new_resource.source_name}]"
end
- execute "apt-update-#{source_name}" do
+ execute "apt-update-#{new_resource.source_name}" do
action update ? :run : :nothing
command "/usr/bin/apt-get update --no-list-cleanup -o Dir::Etc::sourcelist='#{source_path}' -o Dir::Etc::sourceparts='-'"
end
end
end
-def source_path
- "/etc/apt/sources.list.d/#{source_name}.list"
+action_class do
+ def source_path
+ "/etc/apt/sources.list.d/#{new_resource.source_name}.list"
+ end
end
property :default_layer, [TrueClass, FalseClass], :default => false
action :create do
- file "/srv/imagery/layers/#{site}/#{layer}.yml" do
+ file "/srv/imagery/layers/#{new_resource.site}/#{new_resource.layer}.yml" do
owner "root"
group "root"
mode 0o644
- content YAML.dump(:name => layer,
- :title => title || layer,
- :url => "//{s}.#{site}/layer/#{layer}/{z}/{x}/{y}.png",
- :attribution => copyright,
- :default => default_layer,
- :maxZoom => max_zoom,
- :overlay => overlay)
+ content YAML.dump(:name => new_resource.layer,
+ :title => new_resource.title || new_resource.layer,
+ :url => "//{s}.#{new_resource.site}/layer/#{new_resource.layer}/{z}/{x}/{y}.png",
+ :attribution => new_resource.copyright,
+ :default => new_resource.default_layer,
+ :maxZoom => new_resource.max_zoom,
+ :overlay => new_resource.overlay)
end
- template "/srv/imagery/mapserver/layer-#{layer}.map" do
+ template "/srv/imagery/mapserver/layer-#{new_resource.layer}.map" do
cookbook "imagery"
source "mapserver.map.erb"
owner "root"
variables new_resource.to_hash
end
- systemd_service "mapserv-fcgi-#{layer}" do
- description "Map server for #{layer} layer"
- environment "MS_MAPFILE" => "/srv/imagery/mapserver/layer-#{layer}.map",
+ systemd_service "mapserv-fcgi-#{new_resource.layer}" do
+ description "Map server for #{new_resource.layer} layer"
+ environment "MS_MAPFILE" => "/srv/imagery/mapserver/layer-#{new_resource.layer}.map",
"MS_MAP_PATTERN" => "^/srv/imagery/mapserver/",
"MS_DEBUGLEVEL" => "0",
"MS_ERRORFILE" => "stderr"
limit_nofile 16384
user "imagery"
group "imagery"
- exec_start_pre "/bin/rm -f /run/mapserver-fastcgi/layer-#{layer}.socket"
- exec_start "/usr/bin/spawn-fcgi -n -s /run/mapserver-fastcgi/layer-#{layer}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{layer}.pid -- /usr/bin/multiwatch -f 6 --signal=TERM -- /usr/lib/cgi-bin/mapserv"
+ exec_start_pre "/bin/rm -f /run/mapserver-fastcgi/layer-#{new_resource.layer}.socket"
+ exec_start "/usr/bin/spawn-fcgi -n -s /run/mapserver-fastcgi/layer-#{new_resource.layer}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{new_resource.layer}.pid -- /usr/bin/multiwatch -f 6 --signal=TERM -- /usr/lib/cgi-bin/mapserv"
private_tmp true
private_devices true
private_network true
protect_home true
no_new_privileges true
restart "always"
- pid_file "/run/mapserver-fastcgi/layer-#{layer}.pid"
+ pid_file "/run/mapserver-fastcgi/layer-#{new_resource.layer}.pid"
end
- service "mapserv-fcgi-#{layer}" do
+ service "mapserv-fcgi-#{new_resource.layer}" do
provider Chef::Provider::Service::Systemd
action [:enable, :start]
supports :status => true, :restart => true, :reload => false
- subscribes :restart, "template[/srv/imagery/mapserver/layer-#{layer}.map]"
- subscribes :restart, "systemd_service[mapserv-fcgi-#{layer}]"
+ subscribes :restart, "template[/srv/imagery/mapserver/layer-#{new_resource.layer}.map]"
+ subscribes :restart, "systemd_service[mapserv-fcgi-#{new_resource.layer}]"
end
- directory "/srv/imagery/nginx/#{site}" do
+ directory "/srv/imagery/nginx/#{new_resource.site}" do
owner "root"
group "root"
mode 0o755
recursive true
end
- template "/srv/imagery/nginx/#{site}/layer-#{layer}.conf" do
+ template "/srv/imagery/nginx/#{new_resource.site}/layer-#{new_resource.layer}.conf" do
cookbook "imagery"
source "nginx_imagery_layer_fragment.conf.erb"
owner "root"
end
action :delete do
- file "/srv/imagery/layers/#{site}/#{layer}.yml" do
+ file "/srv/imagery/layers/#{new_resource.site}/#{new_resource.layer}.yml" do
action :delete
end
- service "mapserv-fcgi-layer-#{layer}" do
+ service "mapserv-fcgi-layer-#{new_resource.layer}" do
action [:stop, :disable]
end
- file "/srv/imagery/mapserver/layer-#{layer}.map" do
+ file "/srv/imagery/mapserver/layer-#{new_resource.layer}.map" do
action :delete
end
- systemd_service "mapserv-fcgi-#{layer}" do
+ systemd_service "mapserv-fcgi-#{new_resource.layer}" do
action :delete
end
- file "/srv/imagery/nginx/#{site}/layer-#{layer}.conf" do
+ file "/srv/imagery/nginx/#{new_resource.site}/layer-#{new_resource.layer}.conf" do
action :delete
end
end
property :bbox, Array, :required => true
action :create do
- directory "/srv/#{site}" do
+ directory "/srv/#{new_resource.site}" do
user "root"
group "root"
mode 0o755
end
- directory "/srv/imagery/layers/#{site}" do
+ directory "/srv/imagery/layers/#{new_resource.site}" do
user "root"
group "root"
mode 0o755
recursive true
end
- directory "/srv/imagery/overlays/#{site}" do
+ directory "/srv/imagery/overlays/#{new_resource.site}" do
user "root"
group "root"
mode 0o755
recursive true
end
- template "/srv/#{site}/index.html" do
+ template "/srv/#{new_resource.site}/index.html" do
source "index.html.erb"
user "root"
group "root"
variables :title => title
end
- cookbook_file "/srv/#{site}/imagery.css" do
+ cookbook_file "/srv/#{new_resource.site}/imagery.css" do
source "imagery.css"
user "root"
group "root"
mode 0o644
end
- cookbook_file "/srv/#{site}/clientaccesspolicy.xml" do
+ cookbook_file "/srv/#{new_resource.site}/clientaccesspolicy.xml" do
source "clientaccesspolicy.xml"
user "root"
group "root"
mode 0o644
end
- cookbook_file "/srv/#{site}/crossdomain.xml" do
+ cookbook_file "/srv/#{new_resource.site}/crossdomain.xml" do
source "crossdomain.xml"
user "root"
group "root"
mode 0o644
end
- layers = Dir.glob("/srv/imagery/layers/#{site}/*.yml").collect do |path|
+ layers = Dir.glob("/srv/imagery/layers/#{new_resource.site}/*.yml").collect do |path|
YAML.safe_load(::File.read(path), [Symbol])
end
- template "/srv/#{site}/imagery.js" do
+ template "/srv/#{new_resource.site}/imagery.js" do
source "imagery.js.erb"
user "root"
group "root"
mode 0o644
- variables :bbox => bbox, :layers => layers
+ variables :bbox => new_resource.bbox, :layers => layers
end
- base_domains = [site] + Array(aliases)
+ base_domains = [new_resource.site] + Array(new_resource.aliases)
tile_domains = base_domains.flat_map { |d| [d, "a.#{d}", "b.#{d}", "c.#{d}"] }
- ssl_certificate site do
+ ssl_certificate new_resource.site do
domains tile_domains
end
IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
end
- nginx_site site do
+ nginx_site new_resource.site do
template "nginx_imagery.conf.erb"
- directory "/srv/imagery/#{site}"
+ directory "/srv/imagery/#{new_resource.site}"
restart_nginx false
variables new_resource.to_hash.merge(:resolvers => resolvers)
end
property :domains, [String, Array], :required => true
action :create do
- node.default[:letsencrypt][:certificates][certificate] = {
+ node.default[:letsencrypt][:certificates][new_resource.certificate] = {
:domains => Array(domains)
}
if letsencrypt
- certificate_content = letsencrypt["certificate"]
- key_content = letsencrypt["key"]
+ certificate = letsencrypt["certificate"]
+ key = letsencrypt["key"]
end
- if certificate_content
- file "/etc/ssl/certs/#{certificate}.pem" do
+ if certificate
+ file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
owner "root"
group "root"
mode 0o444
- content certificate_content
+ content certificate
backup false
manage_symlink_source false
force_unlink true
end
- file "/etc/ssl/private/#{certificate}.key" do
+ file "/etc/ssl/private/#{new_resource.certificate}.key" do
owner "root"
group "ssl-cert"
mode 0o440
- content key_content
+ content key
backup false
manage_symlink_source false
force_unlink true
end
else
- template "/tmp/#{certificate}.ssl.cnf" do
+ template "/tmp/#{new_resource.certificate}.ssl.cnf" do
cookbook "ssl"
source "ssl.cnf.erb"
owner "root"
group "root"
mode 0o644
- variables :domains => Array(domains)
+ variables :domains => Array(new_resource.domains)
not_if do
- ::File.exist?("/etc/ssl/certs/#{certificate}.pem") && ::File.exist?("/etc/ssl/private/#{certificate}.key")
+ ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key")
end
end
- execute "/etc/ssl/certs/#{certificate}.pem" do
- command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{certificate}.key -out /etc/ssl/certs/#{certificate}.pem -days 365 -nodes -config /tmp/#{certificate}.ssl.cnf"
+ execute "/etc/ssl/certs/#{new_resource.certificate}.pem" do
+ command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{new_resource.certificate}.key -out /etc/ssl/certs/#{new_resource.certificate}.pem -days 365 -nodes -config /tmp/#{new_resource.certificate}.ssl.cnf"
user "root"
group "ssl-cert"
not_if do
- ::File.exist?("/etc/ssl/certs/#{certificate}.pem") && ::File.exist?("/etc/ssl/private/#{certificate}.key")
+ ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key")
end
end
end
end
action :delete do
- file "/etc/ssl/certs/#{certificate}.pem" do
+ file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
action :delete
end
- file "/etc/ssl/private/#{certificate}.key" do
+ file "/etc/ssl/private/#{new_resource.certificate}.key" do
action :delete
end
end
-def letsencrypt
- @letsencrypt ||= search(:letsencrypt, "id:#{certificate}").first
+action_class do
+ def letsencrypt
+ @letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first
+ end
end
projects / chef.git / commitdiff