v2.3.0 (#8)

* WIP * Do it CircleCI! * WIP [skip ci] * Moved circleci config to root. Not currently doing any other script includes etc. [skip ci] * awslogsd their python setup sucks! [skip ci] * awslogsd their python setup sucks! [skip ci] * 2.2.0 - Read Changelog * 2.2.0 - Read Changelog * 2.2.0 - Read Changelog * * Switched boolean inside aws to ec2 deployment. Fits the logic better. * Added OpenJDK Java Install Option for Linux * Cleaned up kitchen config a bit * Added kitchen test suite for installing Java * WIP [skip ci] * WIP [skip ci] * WIP [skip ci] * Workaround for Ohai Virtualization Plugin failing to detect Docker correctly. * Made Rubocop happy * Versioned
bonusbits · Oct 29, 2017 · 501da5a · 501da5a
1 parent 6d365be
commit 501da5a
Show file tree

Hide file tree

Showing 25 changed files with 366 additions and 210 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
diff --git a/Berksfile.lock b/Berksfile.lock
@@ -10,7 +10,7 @@ GRAPH
   apt (6.1.3)
   audit (4.2.0)
     compat_resource (>= 0.0.0)
-  bonusbits_base (2.2.3)
+  bonusbits_base (2.2.5)
     apt (>= 0.0.0)
     audit (>= 0.0.0)
     bonusbits_library (>= 0.0.0)

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 ## CHANGE LOG
 
+## 2.3.0 - 10/28/2017 - Levon Becker
+* Added OpenJDK Java Install Option for Linux
+* Switched boolean inside_aws to ec2_deployment. Fits the logic better.
+* Cleaned up kitchen config a bit
+* Added kitchen test suite for installing Java
+* Added more readme badges
+* Updated Berkshelf lock file
+* Workaround for Ohai Virtualization Plugin failing to detect Docker correctly.
+
 ## 2.2.4 - 08/26/2017 - Levon Becker
 * Bumped ChefDK Version to 1.6.1 in CloudFormation and Dockerfile
 

diff --git a/Gemfile b/Gemfile
@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 
 gem 'berkshelf', '~> 5.6'
-gem 'rake', '~> 10.4'
+gem 'rake', '~> 10.5'
 
 group :style do
   gem 'chef', '12.21.4'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -365,7 +365,7 @@ DEPENDENCIES
   kitchen-ec2 (~> 1.3)
   kitchen-inspec (~> 0.17)
   rainbow (~> 2.2.1)
-  rake (~> 10.4)
+  rake (~> 10.5)
   rspec_junit_formatter (~> 0.2.3)
   rubocop (~> 0.47.1)
   test-kitchen (~> 1.16)

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # Bonus Bits Base Cookbook
-[![Project Release](https://img.shields.io/badge/release-v2.2.4-blue.svg)](https://github.com/bonusbits/bonusbits_base)
+[![Project Release](https://img.shields.io/badge/release-v2.3.0-blue.svg)](https://github.com/bonusbits/bonusbits_base)
 [![Circle CI](https://circleci.com/gh/bonusbits/bonusbits_base/tree/master.svg?style=shield)](https://circleci.com/gh/bonusbits/bonusbits_base/tree/master)
 [![Join the chat at https://gitter.im/bonusbits/bonusbits_base](https://badges.gitter.im/bonusbits/bonusbits_base.svg)](https://gitter.im/bonusbits/bonusbits_base?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![GitHub issues](https://img.shields.io/github/issues/bonusbits/bonusbits_base.svg)](https://github.com/bonusbits/bonusbits_base/issues)

diff --git a/attributes/aws.rb b/attributes/aws.rb
@@ -1,14 +1,7 @@
 default['bonusbits_base']['aws']['install_tools'] = false
 
-default['bonusbits_base']['aws']['inside'] =
-  if node['bonusbits_base']['deployment_location'] == 'aws'
-    true
-  else
-    false
-  end
-
 default['bonusbits_base']['aws']['region'] =
-  if node['bonusbits_base']['aws']['inside']
+  if node['bonusbits_base']['deployment_type'] == 'ec2'
     node['ec2']['placement_availability_zone'].slice(0..-2)
   else
     'us-west-2'
@@ -19,7 +12,7 @@
   '',
   '** AWS **',
   "Region                      (#{node['bonusbits_base']['aws']['region']})",
-  "Inside AWS                  (#{node['bonusbits_base']['aws']['inside']})",
+  "Inside AWS                  (#{node['bonusbits_base']['deployment_type'] == 'ec2'})",
   "Install Tools               (#{node['bonusbits_base']['aws']['install_tools']})"
 ]
 message_list.each do |message|

diff --git a/attributes/backups.rb b/attributes/backups.rb
@@ -21,19 +21,19 @@
 
   # Filename
   backups['filename'] =
-    if node['bonusbits_base']['aws']['inside']
+    if node['bonusbits_base']['deployment_type'] == 'ec2'
       "#{node['ec2']['instance_id']}-backup.tar.gz"
     else
       'backups.tar.gz'
     end
 
   # S3
   ## Recommended to turn on Versioning and add Lifecycle to bucket
-  env = run_state['detected_environment']
-  backups['s3_path'] = "backup_bucket/backups/#{env}" # !! Required Override !!
+  backups['s3_bucket_name'] = 'backup_bucket' # !! Required Override !!
   filename = node['bonusbits_base']['backups']['filename']
-  s3_path = node['bonusbits_base']['backups']['s3_path']
-  backups['s3_full_path'] = "#{s3_path}/#{filename}"
+  env = run_state['detected_environment']
+  s3_backup_bucket = node['bonusbits_base']['backups']['s3_bucket_name']
+  backups['s3_full_path'] = "#{s3_backup_bucket}/backups/#{env}/#{filename}"
 
   # Cron
   ## Default is Daily at 11PM Server Time
@@ -57,7 +57,6 @@
   "Script Filename             (#{node['bonusbits_base']['backups']['script_filename']})",
   "Script Fullname             (#{node['bonusbits_base']['backups']['script_fullname']})",
   "Local Temp Path             (#{node['bonusbits_base']['backups']['local_tmp_path']})",
-  "S3 Path                     (#{node['bonusbits_base']['backups']['s3_path']})",
   "S3 Full Path                (#{node['bonusbits_base']['backups']['s3_full_path']})",
   "Config Log Rotate           (#{node['bonusbits_base']['backups']['configure_log_rotate']})",
   "Log Path                    (#{node['bonusbits_base']['backups']['log_path']})"

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -7,6 +7,7 @@
     'dev'
   end
 
+# TODO: OHAI PLUGIN STOPPED WORKING! Maybe Newer version of Docker causing problem...
 default['bonusbits_base'].tap do |root|
   # Determine Deployment Type
   root['deployment_type'] =
@@ -21,8 +22,10 @@
       'kvm'
     elsif node['virtualization']['system'] == 'vbox'
       'vbox'
-    elsif BonusBits::Discovery.ec2?(node['fqdn'], node['platform_family'])
+    elsif node['virtualization']['system'] == 'xen' && BonusBits::Discovery.ec2?(node['fqdn'], node['platform_family'])
       'ec2'
+    elsif File.exist?('/.dockerenv') # Workaround for Ohai Virtualization Plugin Failing on Docker now
+      'docker'
     else
       'other'
     end

diff --git a/attributes/java.rb b/attributes/java.rb
@@ -0,0 +1,24 @@
+default['bonusbits_base']['java']['install'] = false
+default['bonusbits_base']['java']['remove_older'] = true
+
+# Java Package Name
+default['bonusbits_base']['java']['package'] = 'java-1.8.0-openjdk' # Example
+
+# Java Package Version (Lock Version Option)
+default['bonusbits_base']['java']['specify_version'] = false # Otherwise Latest will be installed
+default['bonusbits_base']['java']['version'] = '1.8.0.151-1.b12.35.amzn1' # Example
+# RHEL7 '1.8.0.141-1.b16.el7_3'
+
+# Debug
+message_list = [
+  '',
+  '** Java **',
+  "Install                     (#{node['bonusbits_base']['java']['install']})",
+  "Remove Older                (#{node['bonusbits_base']['java']['remove_older']})",
+  "Package                     (#{node['bonusbits_base']['java']['package']})",
+  "Version                     (#{node['bonusbits_base']['java']['version']})",
+  "Specific Version            (#{node['bonusbits_base']['java']['specify_version']})"
+]
+message_list.each do |message|
+  Chef::Log.warn(message)
+end
diff --git a/attributes/kitchen_shutdown.rb b/attributes/kitchen_shutdown.rb
@@ -1,10 +1,9 @@
 # To save money in-case an EC2 Test Kitchen is forgotten and left on the default to terminate at night.
 deployment_method = node['bonusbits_base']['deployment_method']
-deployment_type = node['bonusbits_base']['deployment_type']
 deployment_method_kitchen = deployment_method == 'kitchen'
-deployment_type_ec2 = deployment_type == 'ec2'
+ec2_deployment = node['bonusbits_base']['deployment_type'] == 'ec2'
 default['bonusbits_base']['kitchen_shutdown']['configure'] =
-  if deployment_method_kitchen && deployment_type_ec2
+  if deployment_method_kitchen && ec2_deployment
     true
   else
     false

diff --git a/attributes/node_info.rb b/attributes/node_info.rb
@@ -43,7 +43,7 @@
       "Recipes:           (#{node['recipes']})"
     ]
 
-  if node['bonusbits_base']['aws']['inside']
+  if node['bonusbits_base']['deployment_type'] == 'ec2'
     node_info['content'].concat [
       '',
       '-- AWS --',

diff --git a/metadata.rb b/metadata.rb
@@ -4,7 +4,7 @@
 license 'MIT'
 description 'Foundation Wrapper Cookbook for all Nodes'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '2.2.4'
+version '2.3.0'
 chef_version '~> 12.5' if respond_to?(:chef_version)
 source_url 'https://github.com/bonusbits/bonusbits_base'
 issues_url 'https://github.com/bonusbits/bonusbits_base/issues'

diff --git a/recipes/aws.rb b/recipes/aws.rb
@@ -22,7 +22,7 @@
     owner 'root'
     group 'root'
     mode '0644'
-    only_if { node['bonusbits_base']['aws']['inside'] }
+    only_if { node['bonusbits_base']['deployment_type'] == 'ec2' }
     notifies :run, 'ruby_block[source_aws_profile_script]', :immediately
   end
 when 'windows'

diff --git a/recipes/certs.rb b/recipes/certs.rb
@@ -1,34 +1,66 @@
+# !! JUST EXAMPLE CODE - No Real info in Test Data Bag !!
+# TODO: Parameterize Values to make actually work based on overrides
+# TODO: Chain Support?
+
+# Staged Variables to Setup as Attributes TODO: Setup Loop for more than one cert?
+crt_filename = 'internal-ca.crt'
+cert_alias = 'internalca'
+
 # Fetch Data Bag
 data_bag = node['bonusbits_base']['certs']['data_bag']
 data_bag_item = node['bonusbits_base']['certs']['data_bag_item']
 node.run_state['certs_data_bag'] = data_bag_item(data_bag, data_bag_item)
 
 # OS
-template '/etc/pki/tls/certs/internal-ca.crt' do
-  source 'certs/internal-ca.pem.erb'
+template "/etc/pki/tls/certs/#{crt_filename}" do
+  source 'certs/cert.erb'
   owner 'root'
   group 'root'
   mode '0644'
   sensitive true
+  variables(
+    pem: node.run_state['certs_data_bag']['pem']
+  )
 end
 
 link "/etc/pki/tls/certs/#{node.run_state['certs_data_bag']['hash']}" do
-  to '/etc/pki/tls/certs/cof-aws-ldap-ca.crt'
+  to "/etc/pki/tls/certs/#{crt_filename}"
   owner 'root'
   group 'root'
 end
 
 # Chef
-template '/opt/chef/embedded/ssl/certs/internal-ca.crt' do
-  source 'certs/internal-ca.pem.erb'
+template "/opt/chef/embedded/ssl/certs/#{crt_filename}" do
+  source 'certs/cert.erb'
   owner 'root'
   group 'root'
   mode '0664'
   sensitive true
+  variables(
+    pem: node.run_state['certs_data_bag']['pem']
+  )
 end
 
 link "/opt/chef/embedded/ssl/certs/#{node.run_state['certs_data_bag']['hash']}" do
-  to '/opt/chef/embedded/ssl/certs/internal-ca.crt'
+  to "/opt/chef/embedded/ssl/certs/#{crt_filename}"
   owner 'root'
   group 'root'
 end
+
+# Java (Required: Java Installed Prior so keytool is installed...)
+ruby_block 'Install Internal CA Certificate to Java Keystore' do
+  block do
+    deployment_environment = node['bonusbits_base']['deployment_environment']
+    keystore_password = node.run_state['certs_data_bag']['keystore_password'][deployment_environment]
+    # Check if already imported
+    check_command = "keytool -list -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass #{keystore_password} -alias #{cert_alias}"
+    cert_found = BonusBits::Shell.run_command(check_command, true)
+
+    unless cert_found
+      import_command = "keytool -importcert -file /etc/pki/tls/certs/#{crt_filename} -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass #{keystore_password} -alias #{cert_alias}"
+      successful = BonusBits::Shell.run_command(import_command, true)
+      raise 'ERROR: Importing Internal CA Certificate to Java Keystore!' unless successful
+    end
+  end
+  only_if { node['bonusbits_base']['java']['configure'] }
+end
diff --git a/recipes/cloudwatch.rb b/recipes/cloudwatch.rb
@@ -39,7 +39,7 @@
     not_if { ::File.directory?('/opt/aws-scripts-mon') }
   end
 
-  if node['bonusbits_base']['aws']['inside']
+  if node['bonusbits_base']['deployment_type'] == 'ec2'
     cron_command = node['bonusbits_base']['cloudwatch']['cron_command']
     cron 'Create Cloudwatch Monitoring Cron' do
       minute '*/5'

diff --git a/recipes/cloudwatch_logs.rb b/recipes/cloudwatch_logs.rb
@@ -1,4 +1,4 @@
-inside_aws = node['bonusbits_base']['aws']['inside']
+ec2_deployment = node['bonusbits_base']['deployment_type'] == 'ec2'
 
 case node['os']
 when 'linux'
@@ -25,7 +25,7 @@
         state_file: '/var/lib/awslogs/agent-state'
       )
       notifies :restart, 'service[awslogs]', :delayed
-      only_if { inside_aws } # Template calls ohai ec2
+      only_if { ec2_deployment } # Template calls ohai ec2
     end
   when 'centos', 'redhat' # ~FC024
     package %w(python python-setuptools)
@@ -49,7 +49,7 @@
       owner 'root'
       group 'root'
       mode '0644'
-      notifies :restart, 'service[awslogs]', :delayed if inside_aws
+      notifies :restart, 'service[awslogs]', :delayed if ec2_deployment
     end
 
     # Install CloudWatch Logs Agent
@@ -62,17 +62,18 @@
       end
       action :run
       not_if { ::File.exist?("#{local_download_temp}/awslogs-agent-setup.py") }
+      notifies :run, 'ruby_block[run_cloudwatch_logs_agent_setup]', :immediately
     end
 
     # Run Agent Setup
     ruby_block 'run_cloudwatch_logs_agent_setup' do
       block do
         shell_command = "python #{local_download_temp}/awslogs-agent-setup.py -n -r"
-        shell_command += " #{node['c1_jenkins2x']['aws']['region']} -c #{local_download_temp}/cwlogs.cfg"
+        shell_command += " #{node['bonusbits_base']['aws']['region']} -c #{local_download_temp}/cwlogs.cfg"
         successful = BonusBits::Shell.run_command(shell_command)
         raise 'ERROR: Failed to Run Cloudwatch Logs Agent Setup!' unless successful
       end
-      action :run
+      action :nothing
       not_if { ::File.exist?('/etc/init.d/awslogs') }
     end
 
@@ -96,7 +97,7 @@
         state_file: '/var/awslogs/state/agent-state'
       )
       notifies :restart, 'service[awslogs]', :delayed
-      only_if { inside_aws } # Template calls ohai ec2
+      only_if { ec2_deployment } # Template calls ohai ec2
     end
   else
     return
@@ -108,15 +109,15 @@
     owner 'root'
     group 'root'
     mode '0644'
-    notifies :restart, 'service[awslogs]', :delayed if inside_aws
+    notifies :restart, 'service[awslogs]', :delayed if ec2_deployment
     only_if { node['bonusbits_base']['proxy']['configure'] }
   end
 
   # Define Service
   service 'awslogs' do
     service_name 'awslogs'
     action [:enable, :start]
-    only_if { inside_aws }
+    only_if { ec2_deployment }
   end
 when 'windows'
   return

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -1,5 +1,5 @@
 # Deploy AWS Profile Script & Tools
-include_recipe 'bonusbits_base::aws' if node['bonusbits_base']['aws']['inside']
+include_recipe 'bonusbits_base::aws' if node['bonusbits_base']['deployment_type'] == 'ec2'
 
 # Container Discovery
 case node['platform']
@@ -28,6 +28,9 @@
 # Install Packages
 include_recipe 'bonusbits_base::packages' if node['bonusbits_base']['packages']['install']
 
+# Install Java
+include_recipe 'bonusbits_base::java' if node['bonusbits_base']['java']['install']
+
 # Configure Sudoers on EC2 Instance
 include_recipe 'bonusbits_base::sudoers' if node['bonusbits_base']['sudoers']['configure']
 

diff --git a/recipes/java.rb b/recipes/java.rb
@@ -0,0 +1,23 @@
+# Install Java OpenJDK from Package Repositories
+## (Before Uninstalling older so don't have to install deps)
+if node['bonusbits_base']['java']['specify_version']
+  package node['bonusbits_base']['java']['package'] do
+    action :install
+    version node['bonusbits_base']['java']['version']
+  end
+else
+  package node['bonusbits_base']['java']['package']
+end
+
+if node['bonusbits_base']['java']['remove_older']
+  # Remove Java 1.7.0
+  package 'java-1.7.0-openjdk' do
+    action :remove
+    ignore_failure
+  end
+  # Remove Java 1.6.0
+  package 'java-1.6.0-openjdk' do
+    action :remove
+    ignore_failure
+  end
+end