--- /dev/null
+#
+# Cookbook:: oxidized
+# Recipe:: default
+#
+# Copyright:: 2022, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "git"
+include_recipe "ruby"
+
+package %w[
+ gcc
+ g++
+ make
+ cmake
+ libssl-dev
+ libssh2-1-dev
+ zlib1g-dev
+ pkg-config
+]
+
+keys = data_bag_item("oxidized", "keys")
+devices = data_bag_item("oxidized", "devices")
+
+template "/etc/oxidized/config" do
+ source "config.erb"
+ owner "oxidized"
+ group "oxidized"
+ mode "444"
+ notifies :restart, "service[oxidized]"
+end
+
+template "/etc/oxidized/routers.db" do
+ source "routers.db.erb"
+ owner "oxidized"
+ group "oxidized"
+ mode "400"
+ variables :devices => devices
+ notifies :restart, "service[oxidized]"
+end
+
+directory "/var/log/oxidized" do
+ owner "oxidized"
+ group "oxidized"
+ mode "755"
+end
+
+# Key is set as a deployment key in github repo
+file "/opt/oxidized/.ssh/id_rsa" do
+ content keys["git"]
+ owner "oxidized"
+ group "oxidized"
+ mode "400"
+ notifies :delete, "file[/opt/oxidized/.ssh/id_rsa.pub]", :immediately
+ notifies :restart, "service[oxidized]"
+end
+
+# Ensure public key is deleted if private key is changed. Trigged by notify
+file "/opt/oxidized/.ssh/id_rsa.pub" do
+ action :nothing
+end
+
+exec "/opt/oxidized/.ssh/id_rsa.pub" do
+ command "ssh-keygen -f /opt/oxidized/.ssh/id_rsa -y > /opt/oxidized/.ssh/id_rsa.pub"
+ owner "oxidized"
+ group "oxidized"
+ creates "/opt/oxidized/.ssh/id_rsa.pub"
+ notifies :restart, "service[oxidized]"
+end
+
+git "/opt/oxidized" do
+ action :sync
+ repository "https://github.com/openstreetmap/oxidized.git"
+ depth 1
+ user "oxidized"
+ group "oxidized"
+ notifies :run, "bundle_install[/opt/oxidized]"
+end
+
+git "/var/lib/oxidized/configs.git" do
+ action :sync
+ repository "git@github.com:openstreetmap/oxidized-configs.git" # Uses oxidized ssh key
+ checkout_branch "master" # branch is hardcoded in oxidized
+ user "oxidized"
+ group "oxidized"
+end
+
+bundle_install "/opt/oxidized" do
+ action :nothing
+ options "--deployment"
+ user "oxidized"
+ group "oxidized"
+ notifies :restart, "service[oxidized]"
+end
+
+# Based on https://github.com/ytti/oxidized/blob/master/extra/oxidized.service
+systemd_service "oxidized" do
+ description "oxidized network device backup daemon"
+ after "network.target"
+ user "oxidized"
+ working_directory "/opt/oxidized"
+ exec_start "#{node[:ruby][:bundle]} exec oxidized"
+ environment "OXIDIZED_HOME" => "/etc/oxidized",
+ "OXIDIZED_LOGS" => "/var/log/oxidized"
+ nice 10
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
+ restart "on-failure"
+ notifies :restart, "service[oxidized]"
+end
+
+service "oxidized" do
+ action [:enable, :start]
+end
+
+template "/etc/logrotate.d/oxidized" do
+ source "logrotate.erb"
+ owner "root"
+ group "root"
+ mode "644"
+end
projects / chef.git / commitdiff