- name: letsencrypt
run_list:
- recipe[letsencrypt::default]
- attributes:
- apt:
- sources:
- - openstreetmap
- name: logstash
run_list:
- recipe[logstash::default]
run_list:
- recipe[logstash::forwarder]
attributes:
- apt:
- sources:
- - elasticsearch8.x
logstash:
forwarder:
filebeat.inputs:
-default[:apt][:sources] = [ "openstreetmap" ]
default[:apt][:unattended_upgrades][:enable] = true
default[:apt][:unattended_upgrades][:remove_unused_dependencies] = true
notifies :update, "apt_update[/etc/apt/sources.list]", :immediately
end
-repository_actions = Hash.new do |_, repository|
- node[:apt][:sources].include?(repository) ? :add : :remove
-end
-
-apt_repository "ubuntugis-stable" do
- action repository_actions["ubuntugis-stable"]
- uri "ppa:ubuntugis/ppa"
-end
-
-apt_repository "ubuntugis-unstable" do
- action repository_actions["ubuntugis-unstable"]
- uri "ppa:ubuntugis/ubuntugis-unstable"
-end
-
-apt_repository "git-core" do
- action repository_actions["git-core"]
- uri "ppa:git-core/ppa"
-end
-
-apt_repository "maxmind" do
- action repository_actions["maxmind"]
- uri "ppa:maxmind/ppa"
-end
-
apt_repository "openstreetmap" do
- action repository_actions["openstreetmap"]
uri "ppa:osmadmins/ppa"
end
-apt_repository "management-component-pack" do
- action repository_actions["management-component-pack"]
- uri "https://downloads.linux.hpe.com/SDR/repo/mcp"
- distribution "bionic/current-gen9"
- components ["non-free"]
- key "C208ADDE26C2B797"
-end
-
-apt_repository "hwraid" do
- action repository_actions["hwraid"]
- uri "https://hwraid.le-vert.net/ubuntu"
- distribution "precise"
- components ["main"]
- key "6005210E23B3D3B4"
-end
-
-apt_repository "nginx" do
- action repository_actions["nginx"]
- arch "amd64"
- uri "https://nginx.org/packages/ubuntu"
- components ["nginx"]
- key "ABF5BD827BD9BF62"
-end
-
-apt_repository "elasticsearch6.x" do
- action repository_actions["elasticsearch6.x"]
- uri "https://artifacts.elastic.co/packages/6.x/apt"
- distribution "stable"
- components ["main"]
- key "D27D666CD88E42B4"
-end
-
-apt_repository "elasticsearch8.x" do
- action repository_actions["elasticsearch8.x"]
- uri "https://artifacts.elastic.co/packages/8.x/apt"
- distribution "stable"
- components ["main"]
- key "D27D666CD88E42B4"
-end
-
-apt_repository "passenger" do
- action repository_actions["passenger"]
- uri "https://oss-binaries.phusionpassenger.com/apt/passenger"
- components ["main"]
- key "561F9B9CAC40B2F7"
-end
-
-apt_repository "postgresql" do
- action repository_actions["postgresql"]
- uri "https://apt.postgresql.org/pub/repos/apt"
- distribution "#{node[:lsb][:codename]}-pgdg"
- components ["main"]
- key "7FCC7D46ACCC4CF8"
-end
-
-apt_repository "docker" do
- action repository_actions["docker"]
- uri "https://download.docker.com/linux/ubuntu"
- arch "amd64"
- components ["stable"]
- key "https://download.docker.com/linux/ubuntu/gpg"
-end
-
-apt_repository "grafana" do
- action repository_actions["grafana"]
- uri "https://packages.grafana.com/enterprise/deb"
- distribution "stable"
- components ["main"]
- key "https://packages.grafana.com/gpg.key"
-end
-
-apt_repository "timescaledb" do
- action repository_actions["timescaledb"]
- uri "https://packagecloud.io/timescale/timescaledb/ubuntu"
- components ["main"]
- key "https://packagecloud.io/timescale/timescaledb/gpgkey"
-end
-
package "unattended-upgrades"
if Dir.exist?("/usr/share/unattended-upgrades")
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: docker
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "docker" do
+ uri "https://download.docker.com/linux/ubuntu"
+ arch "amd64"
+ components ["stable"]
+ key "https://download.docker.com/linux/ubuntu/gpg"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: elasticsearch6
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "elasticsearch6.x" do
+ uri "https://artifacts.elastic.co/packages/6.x/apt"
+ distribution "stable"
+ components ["main"]
+ key "D27D666CD88E42B4"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: elasticsearch8
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "elasticsearch8.x" do
+ uri "https://artifacts.elastic.co/packages/8.x/apt"
+ distribution "stable"
+ components ["main"]
+ key "D27D666CD88E42B4"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: git-core
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "git-core" do
+ uri "ppa:git-core/ppa"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: grafana
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "grafana" do
+ uri "https://packages.grafana.com/enterprise/deb"
+ distribution "stable"
+ components ["main"]
+ key "https://packages.grafana.com/gpg.key"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: hwraid
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "hwraid" do
+ uri "https://hwraid.le-vert.net/ubuntu"
+ distribution "precise"
+ components ["main"]
+ key "6005210E23B3D3B4"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: management-component-pack
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "management-component-pack" do
+ uri "https://downloads.linux.hpe.com/SDR/repo/mcp"
+ distribution "bionic/current-gen9"
+ components ["non-free"]
+ key "C208ADDE26C2B797"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: maxmind
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "maxmind" do
+ uri "ppa:maxmind/ppa"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: nginx
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "nginx" do
+ arch "amd64"
+ uri "https://nginx.org/packages/ubuntu"
+ components ["nginx"]
+ key "ABF5BD827BD9BF62"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: passenger
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "passenger" do
+ uri "https://oss-binaries.phusionpassenger.com/apt/passenger"
+ components ["main"]
+ key "561F9B9CAC40B2F7"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: postgresql
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "postgresql" do
+ uri "https://apt.postgresql.org/pub/repos/apt"
+ distribution "#{node[:lsb][:codename]}-pgdg"
+ components ["main"]
+ key "7FCC7D46ACCC4CF8"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: timescaledb
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+include_recipe "apt::postgresql"
+
+apt_repository "timescaledb" do
+ uri "https://packagecloud.io/timescale/timescaledb/ubuntu"
+ components ["main"]
+ key "https://packagecloud.io/timescale/timescaledb/gpgkey"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: ubuntugis-stable
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "ubuntugis-stable" do
+ uri "ppa:ubuntugis/ppa"
+end
--- /dev/null
+#
+# Cookbook:: apt
+# Recipe:: ubuntugis-unstable
+#
+# Copyright:: 2022, Tom Hughes
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+apt_repository "ubuntugis-unstable" do
+ uri "ppa:ubuntugis/ubuntugis-unstable"
+end
-# Add the opscode APT source for chef
-default[:apt][:sources] = node[:apt][:sources] | ["opscode"]
-
# Set the default server version
default[:chef][:server][:version] = "12.17.33"
+++ /dev/null
-# Add the docker APT source
-default[:apt][:sources] = node[:apt][:sources] | ["docker"]
# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::docker"
package %w[
docker-ce
default[:elasticsearch][:cluster][:routing][:allocation][:disk][:watermark][:high] = "90%"
default[:elasticsearch][:cluster][:routing][:allocation][:disk][:watermark][:flood_stage] = "95%"
default[:elasticsearch][:path][:data] = "/var/lib/elasticsearch"
-
-default[:apt][:sources] |= ["elasticsearch#{node[:elasticsearch][:version]}"]
# limitations under the License.
#
-include_recipe "apt"
+case node[:elasticsearch][:version]
+when "6.x" then include_recipe "apt::elasticsearch6"
+when "8.x" then include_recipe "apt::elasticsearch8"
+end
package "default-jre-headless"
package "elasticsearch"
default[:geoipupdate][:account] = "149244"
default[:geoipupdate][:editions] = %w[GeoLite2-ASN GeoLite2-City GeoLite2-Country]
default[:geoipupdate][:directory] = "/usr/share/GeoIP"
-
-default[:apt][:sources] |= ["maxmind"]
# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::maxmind"
license_keys = data_bag_item("geoipupdate", "license-keys")
default[:git][:private_user] = "git"
default[:git][:private_group] = "git"
default[:git][:private_nodes] = "fqdn:*"
-
-default[:apt][:sources] |= ["git-core"]
# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::git-core"
package "git"
if node[:dmi] && node[:dmi][:system]
case node[:dmi][:system][:manufacturer]
when "HP"
- default[:apt][:sources] |= ["management-component-pack"]
-
case node[:dmi][:system][:product_name]
when "ProLiant DL360 G6", "ProLiant DL360 G7", "ProLiant SE326M1R2"
default[:hardware][:sensors][:"power_meter-*"][:power][:power1] = { :ignore => true }
end
end
-if node[:kernel] && node[:kernel][:modules]
- raidmods = node[:kernel][:modules].keys & %w[cciss hpsa mptsas mpt2sas mpt3sas megaraid_mm megaraid_sas aacraid]
-
- default[:apt][:sources] |= ["hwraid"] unless raidmods.empty?
-end
-
if node[:kernel][:modules].include?("ipmi_si")
default[:hardware][:modules] |= ["ipmi_devintf"]
# limitations under the License.
#
-include_recipe "apt"
include_recipe "git"
include_recipe "munin"
include_recipe "prometheus"
case manufacturer
when "HP"
+ include_recipe "apt::management-component-pack"
+
package "hponcfg"
execute "update-ilo" do
end
end
+include_recipe "apt::hwraid" unless status_packages.empty?
+
if status_packages.include?("cciss-vol-status")
template "/usr/local/bin/cciss-vol-statusd" do
source "cciss-vol-statusd.erb"
require "yaml"
-include_recipe "apt"
+include_recipe "apt::elasticsearch8"
package "filebeat"
default[:nginx][:cache][:proxy][:keys_zone] = "proxy_cache_zone:128M"
default[:nginx][:cache][:proxy][:inactive] = "45d"
default[:nginx][:cache][:proxy][:max_size] = "16384M"
-
-# Enable nginx repository
-default[:apt][:sources] = node[:apt][:sources] | ["nginx"]
# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::nginx"
include_recipe "munin"
include_recipe "prometheus"
include_recipe "ssl"
default[:passenger][:max_pool_size] = 6
default[:passenger][:pool_idle_time] = 300
default[:passenger][:instance_registry_dir] = "/run/passenger"
-
-default[:apt][:sources] = node[:apt][:sources] | ["passenger"]
#
include_recipe "apache"
-include_recipe "apt"
+include_recipe "apt::passenger"
include_recipe "munin"
include_recipe "prometheus"
include_recipe "ruby"
default[:postgresql][:settings][:defaults][:early_authentication_rules] = []
default[:postgresql][:settings][:defaults][:late_authentication_rules] = []
default[:postgresql][:settings][:defaults][:standby_mode] = "off"
-
-default[:apt][:sources] = node[:apt][:sources] | ["postgresql"]
# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::postgresql"
include_recipe "munin"
include_recipe "prometheus"
default[:prometheus][:metrics] = {}
default[:prometheus][:files] = []
default[:prometheus][:promscale] = true
-
-if node[:recipes].include?("prometheus::server")
- default[:apt][:sources] |= %w[grafana timescaledb]
-end
#
include_recipe "apache"
-include_recipe "apt"
+include_recipe "apt::grafana"
+include_recipe "apt::timescaledb"
include_recipe "networking"
include_recipe "timescaledb"
default[:timescaledb][:database_version] = "14"
default[:timescaledb][:max_background_workers] = 8
-
-default[:apt][:sources] |= ["timescaledb"]
# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::timescaledb"
database_version = node[:timescaledb][:database_version]
description "Role applied to all OSMF servers"
default_attributes(
- :apt => {
- :sources => ["passenger"]
- },
:elasticsearch => {
:version => "6.x",
:cluster => {
description "Master role applied to ironbelly"
default_attributes(
- :apt => {
- :sources => ["ubuntugis-unstable"]
- },
:bind => {
:clients => "equinix-ams"
},
name "logstash-forwarder"
description "Role applied to all logstash forwarders"
-default_attributes(
- :apt => {
- :sources => ["elasticsearch8.x"]
- }
-)
-
run_list(
"recipe[logstash::forwarder]"
)