diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb index 79f3b5b..1da4a80 100644 --- a/resources/attributes/default.rb +++ b/resources/attributes/default.rb @@ -1,2 +1,2 @@ -#Flags -default["nginx"]["registered"] = false +# Flags +default['nginx']['registered'] = false diff --git a/resources/libraries/helper.rb b/resources/libraries/helper.rb index 4555dc5..7ac32cc 100644 --- a/resources/libraries/helper.rb +++ b/resources/libraries/helper.rb @@ -4,59 +4,63 @@ module Helper require 'resolv' require 'base64' - def create_cert(cn) # Return a hash with private key and certificate in x509 format - key = OpenSSL::PKey::RSA.new 4096 - name = OpenSSL::X509::Name.parse "CN=#{cn}/DC=redborder" - cert = OpenSSL::X509::Certificate.new - cert.version = 2 - cert.serial = 0 - cert.not_before = Time.now - cert.not_after = Time.now + (3600 *24 *365 *10) - cert.public_key = key.public_key - cert.subject = name - cert.issuer = name - if cn.start_with?("s3.") + key = OpenSSL::PKey::RSA.new 4096 + name = OpenSSL::X509::Name.parse "CN=#{cn}/DC=redborder" + cert = OpenSSL::X509::Certificate.new + cert.version = 2 + cert.serial = 0 + cert.not_before = Time.now + cert.not_after = Time.now + (3600 * 24 * 365 * 10) + cert.public_key = key.public_key + cert.subject = name + cert.issuer = name + if cn.start_with?('s3.') extension_factory = OpenSSL::X509::ExtensionFactory.new nil, cert - cert.add_extension extension_factory.create_extension("subjectAltName","DNS:redborder.#{cn}",false) - cert.add_extension extension_factory.create_extension("subjectAltName","DNS:rbookshelf.#{cn}",false) - cert.add_extension extension_factory.create_extension("subjectAltName","DNS:#{cn}",false) + cert.add_extension extension_factory.create_extension('subjectAltName', "DNS:redborder.#{cn}", false) + cert.add_extension extension_factory.create_extension('subjectAltName', "DNS:rbookshelf.#{cn}", false) + cert.add_extension extension_factory.create_extension('subjectAltName', "DNS:#{cn}", false) end - cert.sign key, OpenSSL::Digest::SHA1.new - { :key => key, :crt => cert} + cert.sign key, OpenSSL::Digest.new('SHA1') + { key: key, crt: cert } end - def create_json_cert(app,cdomain) - ret_json = { "id" => app } + def create_json_cert(app, cdomain) + ret_json = { 'id' => app } cert_hash = create_cert("#{app}.#{cdomain}") ret_json["#{app}_crt"] = Base64.urlsafe_encode64(cert_hash[:crt].to_pem) ret_json["#{app}_key"] = Base64.urlsafe_encode64(cert_hash[:key].to_pem) ret_json end - def nginx_certs(app,cdomain) + def nginx_certs(app, cdomain) ret_json = {} - #Check if certs exists in a data bag - nginx_cert_item = data_bag_item("certs",app) rescue nginx_cert_item = {} + + # Check if certs exists in a data bag + begin + nginx_cert_item = data_bag_item('certs', app) + rescue + nginx_cert_item = {} + end + if nginx_cert_item.empty? - if !File.exists?("/var/chef/data/data_bag/certs/#{app}.json") + unless File.exist?("/var/chef/data/data_bag/certs/#{app}.json") # Create S3 certificate - ret_json = create_json_cert(app,cdomain) - system("mkdir -p /var/chef/data/data_bag/certs") - File.open("/var/chef/data/data_bag/certs/#{app}.json", 'w') { |file| file.write(ret_json.to_json) } + ret_json = create_json_cert(app, cdomain) + system('mkdir -p /var/chef/data/data_bag/certs') + File.write("/var/chef/data/data_bag/certs/#{app}.json", ret_json.to_json) end # Upload cert to data bag - if File.exists?("/root/.chef/knife.rb") + if File.exist?('/root/.chef/knife.rb') system("knife data bag from file certs /var/chef/data/data_bag/certs/#{app}.json") else - Chef::Log.warn("knife command not available, certs databag wont be uploaded") + Chef::Log.warn('knife command not available, certs databag wont be uploaded') end else ret_json = nginx_cert_item end ret_json end - end end diff --git a/resources/providers/config.rb b/resources/providers/config.rb index a90f5e1..aa02cd6 100644 --- a/resources/providers/config.rb +++ b/resources/providers/config.rb @@ -1,8 +1,5 @@ - -# Cookbook Name:: nginx -# +# Cookbook:: nginx # Provider:: config -# include Nginx::Helper @@ -10,49 +7,48 @@ begin user = new_resource.user - dnf_package "nginx" do + dnf_package 'nginx' do action :upgrade flush_cache [:before] end - execute "create_user" do - command "/usr/sbin/useradd -r nginx" + execute 'create_user' do + command '/usr/sbin/useradd -r nginx' ignore_failure true - not_if "getent passwd nginx" + not_if 'getent passwd nginx' end - %w[ /var/www /var/www/cache /var/log/nginx /etc/nginx/ssl /etc/nginx/conf.d ].each do |path| + %w( /var/www /var/www/cache /var/log/nginx /etc/nginx/ssl /etc/nginx/conf.d ).each do |path| directory path do owner user group user - mode 0755 + mode '0755' action :create end end # generate nginx config - template "/etc/nginx/nginx.conf" do - source "nginx.conf.erb" + template '/etc/nginx/nginx.conf' do + source 'nginx.conf.erb' owner user group user - mode 0644 - cookbook "nginx" - variables(:user => user) - notifies :restart, "service[nginx]" + mode '0644' + cookbook 'nginx' + variables(user: user) + notifies :restart, 'service[nginx]' end - service "nginx" do - service_name "nginx" + service 'nginx' do + service_name 'nginx' ignore_failure true - supports :status => true, :reload => true, :restart => true, :enable => true + supports status: true, reload: true, restart: true, enable: true action [:start, :enable] end - Chef::Log.info("Nginx cookbook has been processed") + Chef::Log.info('Nginx cookbook has been processed') rescue => e - Chef::Log.error(e.message) + Chef::Log.error(e.message) end - end action :configure_certs do @@ -61,29 +57,29 @@ cdomain = new_resource.cdomain service_name = new_resource.service_name - json_cert = nginx_certs(service_name,cdomain) + json_cert = nginx_certs(service_name, cdomain) template "/etc/nginx/ssl/#{service_name}.crt" do - source "cert.crt.erb" + source 'cert.crt.erb' owner user group user - mode 0644 + mode '0644' retries 2 - cookbook "nginx" - not_if {json_cert.empty?} - variables(:crt => json_cert["#{service_name}_crt"]) + cookbook 'nginx' + not_if { json_cert.empty? } + variables(crt: json_cert["#{service_name}_crt"]) action :create end template "/etc/nginx/ssl/#{service_name}.key" do - source "cert.key.erb" + source 'cert.key.erb' owner user group user - mode 0644 + mode '0644' retries 2 - cookbook "nginx" - not_if {json_cert.empty?} - variables(:key => json_cert["#{service_name}_key"]) + cookbook 'nginx' + not_if { json_cert.empty? } + variables(key: json_cert["#{service_name}_key"]) action :create end @@ -97,49 +93,47 @@ begin erchef_port = new_resource.erchef_port - template "/etc/nginx/conf.d/erchef.conf" do - source "erchef.conf.erb" + template '/etc/nginx/conf.d/erchef.conf' do + source 'erchef.conf.erb' owner user group user - mode 0644 - cookbook "nginx" - variables(:erchef_port => erchef_port) - notifies :restart, "service[nginx]" + mode '0644' + cookbook 'nginx' + variables(erchef_port: erchef_port) + notifies :restart, 'service[nginx]' end - service "nginx" do - service_name "nginx" + service 'nginx' do + service_name 'nginx' ignore_failure true - supports :status => true, :reload => true, :restart => true, :enable => true + supports status: true, reload: true, restart: true, enable: true action [:nothing] end - rescue => e Chef::Log.error(e.message) end end -action :add_s3 do #TODO: Create this resource in minio cookbook +action :add_s3 do # TODO: Create this resource in minio cookbook begin s3_port = new_resource.s3_port - template "/etc/nginx/conf.d/s3.conf" do - source "s3.conf.erb" + template '/etc/nginx/conf.d/s3.conf' do + source 's3.conf.erb' owner user group user - mode 0644 - cookbook "nginx" - variables(:s3_port => s3_port) - notifies :restart, "service[nginx]" + mode '0644' + cookbook 'nginx' + variables(s3_port: s3_port) + notifies :restart, 'service[nginx]' end - service "nginx" do - service_name "nginx" + service 'nginx' do + service_name 'nginx' ignore_failure true - supports :status => true, :reload => true, :restart => true, :enable => true + supports status: true, reload: true, restart: true, enable: true action [:nothing] end - rescue => e Chef::Log.error(e.message) end @@ -149,23 +143,22 @@ begin aioutliers_port = new_resource.aioutliers_port - template "/etc/nginx/conf.d/aioutliers.conf" do - source "aioutliers.conf.erb" + template '/etc/nginx/conf.d/aioutliers.conf' do + source 'aioutliers.conf.erb' owner user group user - mode 0644 - cookbook "nginx" - variables(:aioutliers_port => aioutliers_port) - notifies :restart, "service[nginx]" + mode '0644' + cookbook 'nginx' + variables(aioutliers_port: aioutliers_port) + notifies :restart, 'service[nginx]' end - service "nginx" do - service_name "nginx" + service 'nginx' do + service_name 'nginx' ignore_failure true - supports :status => true, :reload => true, :restart => true, :enable => true + supports status: true, reload: true, restart: true, enable: true action [:nothing] end - rescue => e Chef::Log.error(e.message) end @@ -174,14 +167,14 @@ action :remove do begin - service "nginx" do - service_name "nginx" + service 'nginx' do + service_name 'nginx' ignore_failure true - supports :status => true, :enable => true + supports status: true, enable: true action [:stop, :disable] end - Chef::Log.info("Nginx cookbook has been processed") + Chef::Log.info('Nginx cookbook has been processed') rescue => e Chef::Log.error(e.message) end @@ -190,23 +183,23 @@ action :register do begin consul_servers = system('serf members -tag consul=ready | grep consul=ready &> /dev/null') - if !node["nginx"]["registered"] and consul_servers + unless node['nginx']['registered'] && consul_servers query = {} - query["ID"] = "nginx-#{node["hostname"]}" - query["Name"] = "nginx" - query["Address"] = "#{node["ipaddress"]}" - query["Port"] = 443 + query['ID'] = "nginx-#{node['hostname']}" + query['Name'] = 'nginx' + query['Address'] = "#{node['ipaddress']}" + query['Port'] = 443 json_query = Chef::JSONCompat.to_json(query) execute 'Register service in consul' do - command "curl -X PUT http://localhost:8500/v1/agent/service/register -d '#{json_query}' &>/dev/null" - retries 3 - retry_delay 2 - action :nothing + command "curl -X PUT http://localhost:8500/v1/agent/service/register -d '#{json_query}' &>/dev/null" + retries 3 + retry_delay 2 + action :nothing end.run_action(:run) - node.normal["nginx"]["registered"] = true - Chef::Log.info("Nginx service has been registered to consul") + node.normal['nginx']['registered'] = true + Chef::Log.info('Nginx service has been registered to consul') end rescue => e Chef::Log.error(e.message) @@ -216,14 +209,14 @@ action :deregister do begin consul_servers = system('serf members -tag consul=ready | grep consul=ready &> /dev/null') - if node["nginx"]["registered"] and consul_servers + if node['nginx']['registered'] && consul_servers execute 'Deregister service in consul' do - command "curl -X PUT http://localhost:8500/v1/agent/service/deregister/nginx-#{node["hostname"]} &>/dev/null" + command "curl -X PUT http://localhost:8500/v1/agent/service/deregister/nginx-#{node['hostname']} &>/dev/null" action :nothing end.run_action(:run) - node.normal["nginx"]["registered"] = false - Chef::Log.info("Nginx service has been deregistered from consul") + node.normal['nginx']['registered'] = false + Chef::Log.info('Nginx service has been deregistered from consul') end rescue => e Chef::Log.error(e.message) diff --git a/resources/recipes/configure_solo.rb b/resources/recipes/configure_solo.rb index 3408f52..7ad6cc2 100644 --- a/resources/recipes/configure_solo.rb +++ b/resources/recipes/configure_solo.rb @@ -1,13 +1,9 @@ -# -# Cookbook Name:: nginx +# Cookbook:: nginx # Recipe:: default -# -# Copyright 2017, redborder -# -# All rights reserved - Do Not Redistribute -# +# Copyright:: 2024, redborder +# License:: Affero General Public License, Version 3 -nginx_config "config" do - service_name "s3" +nginx_config 'config' do + service_name 's3' action [:add, :configure_certs, :add_s3] end diff --git a/resources/recipes/default.rb b/resources/recipes/default.rb index 5a58084..e18a8b3 100644 --- a/resources/recipes/default.rb +++ b/resources/recipes/default.rb @@ -1,12 +1,8 @@ -# -# Cookbook Name:: nginx +# Cookbook:: nginx # Recipe:: default -# -# Copyright 2017, redborder -# -# All rights reserved - Do Not Redistribute -# +# Copyright:: 2024, redborder +# License:: Affero General Public License, Version 3 -nginx_config "config" do +nginx_config 'config' do action :add end diff --git a/resources/resources/config.rb b/resources/resources/config.rb index e0fcf08..1ffe3a6 100644 --- a/resources/resources/config.rb +++ b/resources/resources/config.rb @@ -1,14 +1,12 @@ -# Cookbook Name:: nginx -# +# Cookbook:: nginx # Resource:: config -# actions :add, :add_s3, :add_erchef, :add_aioutliers, :configure_certs, :remove, :register, :deregister default_action :add -attribute :user, :kind_of => String, :default => "nginx" -attribute :s3_port, :kind_of => Integer, :default => 9000 -attribute :erchef_port, :kind_of => Integer, :default => 4443 -attribute :aioutliers_port, :kind_of => Integer, :default => 39091 -attribute :cdomain, :kind_of => String, :default => "redborder.cluster" -attribute :service_name, :kind_of => String +attribute :user, kind_of: String, default: 'nginx' +attribute :s3_port, kind_of: Integer, default: 9000 +attribute :erchef_port, kind_of: Integer, default: 4443 +attribute :aioutliers_port, kind_of: Integer, default: 39091 +attribute :cdomain, kind_of: String, default: 'redborder.cluster' +attribute :service_name, kind_of: String