github
/
metasploitable3
mirror of https://github.com/rapid7/metasploitable3
1
Fork 0
Code Releases Activity

WIP: Adding Linux VM using chef solo provisioning

This commit is contained in:
James Barnett 2017-02-13 15:53:51 -06:00
parent ef8fed0fd2
commit c3bf91c693
No known key found for this signature in database
GPG Key ID: 647983861A4EC5EA
66 changed files with 3750 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
Vagrantfile vendored
View File

@ -2,130 +2,156 @@
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# Base configuration for the VM and provisioner
config.vm.box = "metasploitable3"
config.vm.hostname = "metasploitable3"
config.vm.communicator = "winrm"
config.vm.define "win2k8" do |win2k8|
# Base configuration for the VM and provisioner
win2k8.vm.box = "metasploitable3"
win2k8.vm.hostname = "metasploitable3"
win2k8.vm.communicator = "winrm"
config.vm.network "private_network", type: "dhcp"
win2k8.vm.network "private_network", type: "dhcp"
# Install Chocolatey
config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd"
config.vm.provision :reload # Hack to reset environment variables
# Install Chocolatey
config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd"
config.vm.provision :reload # Hack to reset environment variables
# Install BoxStarter
config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Install BoxStarter
config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Install 7zip
config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Install 7zip
config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Adjust password policy
config.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Adjust password policy
win2k8.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Add users and add to groups
config.vm.provision :shell, path: "scripts/configs/create_users.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Add users and add to groups
win2k8.vm.provision :shell, path: "scripts/configs/create_users.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Unpatched IIS and FTP
config.vm.provision :shell, path: "scripts/installs/setup_iis.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_ftp_site.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Unpatched IIS and FTP
win2k8.vm.provision :shell, path: "scripts/installs/setup_iis.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/setup_ftp_site.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Apache Struts
config.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :reload # Hack to reset environment variables
config.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Apache Struts
win2k8.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :reload # Hack to reset environment variables
win2k8.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Glassfish
config.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/start_glassfish_service.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Glassfish
win2k8.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/start_glassfish_service.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Jenkins (1.8)
config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Jenkins (1.8)
win2k8.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Wordpress and phpMyAdmin
# This must run after the WAMP setup.
config.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_wamp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/start_wamp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_wordpress.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Wordpress and phpMyAdmin
# This must run after the WAMP setup.
win2k8.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/install_wamp.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/start_wamp.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/install_wordpress.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - JMX
config.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - JMX
win2k8.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Rails Server
config.vm.provision :shell, path: "scripts/installs/install_ruby.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_devkit.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_rails_server.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_rails_server.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_rails_service.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Rails Server
win2k8.vm.provision :shell, path: "scripts/installs/install_ruby.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/install_devkit.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/install_rails_server.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/setup_rails_server.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
win2k8.vm.provision :shell, path: "scripts/installs/install_rails_service.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - WebDAV
# This must run after the WAMP setup.
config.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - WebDAV
# This must run after the WAMP setup.
win2k8.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - MySQL
config.vm.provision :shell, path: "scripts/installs/setup_mysql.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - MySQL
win2k8.vm.provision :shell, path: "scripts/installs/setup_mysql.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ManageEngine Desktop Central
config.vm.provision :shell, path: "scripts/installs/install_manageengine.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ManageEngine Desktop Central
win2k8.vm.provision :shell, path: "scripts/installs/install_manageengine.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Axis2
# This must run after the Apache Struts setup.
config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Axis2
# This must run after the Apache Struts setup.
win2k8.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Common backdoors
config.vm.provision :shell, path: "scripts/installs/install_backdoors.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Common backdoors
win2k8.vm.provision :shell, path: "scripts/installs/install_backdoors.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - SNMP
config.vm.provision :shell, path: "scripts/installs/setup_snmp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - SNMP
win2k8.vm.provision :shell, path: "scripts/installs/setup_snmp.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure Firewall to open up vulnerable services
case ENV['MS3_DIFFICULTY']
when 'easy'
config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"
else
config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
# Configure Firewall to open up vulnerable services
case ENV['MS3_DIFFICULTY']
when 'easy'
win2k8.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"
else
win2k8.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
end
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ElasticSearch
# This must run after the firewall rules, because it needs to make some HTTP requests in order to
# set up the vulnerable state.
win2k8.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure flags
win2k8.vm.provision :shell, path: "scripts/installs/install_flags.bat"
win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a
end
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.define "trusty" do |trusty|
trusty.vm.box = "ubuntu/trusty64"
trusty.vm.hostname = "metasploitableUB"
# Vulnerability - ElasticSearch
# This must run after the firewall rules, because it needs to make some HTTP requests in order to
# set up the vulnerable state.
config.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
trusty.vm.network "private_network", type: "dhcp"
# Configure flags
config.vm.provision :shell, path: "scripts/installs/install_flags.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a
trusty.vm.provider "virtualbox" do |v|
v.name = "MetasploitableUB"
v.memory = 1024
end
config.omnibus.chef_version = :latest
# Provision with Chef Solo
#
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = [ 'chef/cookbooks' ]
chef.add_recipe "metasploitable::mysql"
chef.add_recipe "metasploitable::users"
end
end
end

21
chef/cookbooks/metasploitable/.delivery/build_cookbook/.kitchen.yml Normal file
View File

@ -0,0 +1,21 @@
---
driver:
name: vagrant
synced_folders:
- [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data']
provisioner:
name: chef_zero
encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton'
data_bags_path: './data_bags'
platforms:
- name: ubuntu-16.04
- name: centos-7.2
suites:
- name: default
run_list:
- recipe[delivery_build::default]
- recipe[test]
attributes:

9
chef/cookbooks/metasploitable/.delivery/build_cookbook/Berksfile Normal file
View File

@ -0,0 +1,9 @@
source 'https://supermarket.chef.io'
metadata
group :delivery do
cookbook 'delivery_build', git: 'https://github.com/chef-cookbooks/delivery_build'
cookbook 'delivery-base', git: 'https://github.com/chef-cookbooks/delivery-base'
cookbook 'test', path: './test/fixtures/cookbooks/test'
end

3
chef/cookbooks/metasploitable/.delivery/build_cookbook/LICENSE Normal file
View File

@ -0,0 +1,3 @@
Copyright 2017 The Authors
All rights reserved, do not redistribute.

146
chef/cookbooks/metasploitable/.delivery/build_cookbook/README.md Normal file
View File

@ -0,0 +1,146 @@
# build_cookbook
A build cookbook for running the parent project through Chef Delivery
This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline.
## .delivery/config.json
In the parent directory to this build_cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration.
## Test Kitchen - Local Verify Testing
This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project.
Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build_cookbook`), and run:
```
kitchen test
```
## Recipes
Each of the recipes in this build_cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section.
## Making Changes - Cookbook Example
When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent.
First, create a new branch for the changes.
```
git checkout -b testing-build-cookbook
```
Next, increment the version in the metadata.rb. This should be in the _parent_, not in this, the build_cookbook. If this is not done, the verify phase will fail.
```
% git diff
<SNIP>
-version '0.1.0'
+version '0.1.1'
```
The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`.
```ruby
require 'spec_helper'
describe 'godzilla::default' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new
runner.converge(described_recipe)
end
it 'installs zsh' do
expect(chef_run).to install_package('zsh')
end
end
end
```
Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository.
```
git add ../..
git commit -m 'WIP: Testing changes'
```
From _this_ directory (`.delivery/build_cookbook`, relative to the parent cookbook project), run
```
cd .delivery/build_cookbook
kitchen converge
```
This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`.
```
cd ../../
$EDITOR/recipes/default.rb
```
It should look like this:
```
package 'zsh'
```
Create another commit.
```
git add .
git commit -m 'WIP: Install zsh in default recipe'
```
Now rerun kitchen from the build_cookbook.
```
cd .delivery/build_cookbook
kitchen converge
```
This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break.
```
Recipe: test::default
- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen
* execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run
- execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen
- execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen
Running handlers:
Running handlers complete
Chef Client finished, 3/32 resources updated in 54.665445968 seconds
Finished converging <default-centos-71> (1m26.83s).
```
Victory is ours! Our verify phase passed on the build nodes.
We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added.
```
cd ../..
delivery review
```
## FAQ
### Why don't I just run rspec and foodcritic/rubocop on my local system?
An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery.
### Why do I have to make a commit every time?
When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery.
### What do I do next?
Make changes in the cookbook project as required for organizational goals and needs. Modify the `build_cookbook` as necessary for the pipeline phases that the cookbook should go through.
### What if I get stuck?
Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck.

107
chef/cookbooks/metasploitable/.delivery/build_cookbook/chefignore Normal file
View File

@ -0,0 +1,107 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
MAINTAINERS.toml
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile

1
chef/cookbooks/metasploitable/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json Normal file
View File

@ -0,0 +1 @@
{"id": "delivery_builder_keys"}

7
chef/cookbooks/metasploitable/.delivery/build_cookbook/metadata.rb Normal file
View File

@ -0,0 +1,7 @@
name 'build_cookbook'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'all_rights'
version '0.1.0'
depends 'delivery-truck'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/default.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::default'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/deploy.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: deploy
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::deploy'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/functional.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: functional
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::functional'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/lint.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: lint
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::lint'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/provision.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: provision
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::provision'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/publish.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: publish
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::publish'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/quality.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: quality
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::quality'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/security.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: security
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::security'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/smoke.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: smoke
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::smoke'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/syntax.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: syntax
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::syntax'

6
chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/unit.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: build_cookbook
# Recipe:: unit
#
# Copyright:: 2017, The Authors, All Rights Reserved.
include_recipe 'delivery-truck::unit'

0
chef/cookbooks/metasploitable/.delivery/build_cookbook/secrets/fakey-mcfakerton Normal file
View File

2
chef/cookbooks/metasploitable/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb vendored Normal file
View File

@ -0,0 +1,2 @@
name 'test'
version '0.1.0'

7
chef/cookbooks/metasploitable/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb vendored Normal file
View File

@ -0,0 +1,7 @@
%w(unit lint syntax).each do |phase|
# TODO: This works on Linux/Unix. Not Windows.
execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do
cwd '/tmp/repo-data'
user 'vagrant'
end
end

12
chef/cookbooks/metasploitable/.delivery/config.json Normal file
View File

@ -0,0 +1,12 @@
{
"version": "2",
"build_cookbook": {
"name": "build_cookbook",
"path": ".delivery/build_cookbook"
},
"skip_phases": [],
"job_dispatch": {
"version": "v2"
},
"dependencies": []
}

36
chef/cookbooks/metasploitable/.delivery/project.toml Normal file
View File

@ -0,0 +1,36 @@
# Delivery Prototype for Local Phases Execution
#
# The purpose of this file is to prototype a new way to execute
# phases locally on your workstation. The delivery-cli will read
# this file and execute the command(s) that are configured for
# each phase. You can customize them by just modifying the phase
# key on this file.
#
# By default these phases are configured for Cookbook Workflow only
#
# As this is still a prototype we are not modifying the current
# config.json file and it will continue working as usual.
[local_phases]
unit = "chef exec rspec spec/"
lint = "chef exec cookstyle"
# Foodcritic includes rules only appropriate for community cookbooks
# uploaded to Supermarket. We turn off any rules tagged "supermarket"
# by default. If you plan to share this cookbook you should remove
# '-t ~supermarket' below to enable supermarket rules.
syntax = "chef exec foodcritic . --exclude spec -f any -t ~supermarket"
provision = "chef exec kitchen create"
deploy = "chef exec kitchen converge"
smoke = "chef exec kitchen verify"
# The functional phase is optional, you can define it by uncommenting
# the line below and running the command: `delivery local functional`
# functional = ""
cleanup = "chef exec kitchen destroy"
# Remote project.toml file
#
# Specify a remote URI location for the `project.toml` file.
# This is useful for teams that wish to centrally manage the behavior
# of the `delivery local` command across many different projects.
#
# remote_file = "https://url/project.toml"

21
chef/cookbooks/metasploitable/.gitignore vendored Normal file
View File

@ -0,0 +1,21 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
bin/*
.bundle/*
# test kitchen
.kitchen/
.kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

26
chef/cookbooks/metasploitable/.kitchen.yml Normal file
View File

@ -0,0 +1,26 @@
---
driver:
name: vagrant
provisioner:
name: chef_zero
# You may wish to disable always updating cookbooks in CI or other testing environments.
# For example:
# always_update_cookbooks: <%= !ENV['CI'] %>
always_update_cookbooks: true
verifier:
name: inspec
platforms:
- name: ubuntu-16.04
- name: centos-7.2
suites:
- name: default
run_list:
- recipe[metasploitable::default]
verifier:
inspec_tests:
- test/smoke/default
attributes:

3
chef/cookbooks/metasploitable/Berksfile Normal file
View File

@ -0,0 +1,3 @@
source 'https://supermarket.chef.io'
metadata

4
chef/cookbooks/metasploitable/README.md Normal file
View File

@ -0,0 +1,4 @@
# metasploitable
TODO: Enter the cookbook description here.

107
chef/cookbooks/metasploitable/chefignore Normal file
View File

@ -0,0 +1,107 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
MAINTAINERS.toml
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile

21
chef/cookbooks/metasploitable/metadata.rb Normal file
View File

@ -0,0 +1,21 @@
name 'metasploitable'
maintainer 'Rapid7'
maintainer_email ''
license 'BSD-3-clause'
description 'Installs/Configures metasploitable3'
long_description 'Installs/Configures metasploitable3'
version '0.1.0'
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/metasploitable3/issues' if respond_to?(:issues_url)
# The `source_url` points to the development reposiory for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/metasploitable3' if respond_to?(:source_url)
depends 'mysql'

5
chef/cookbooks/metasploitable/recipes/default.rb Normal file
View File

@ -0,0 +1,5 @@
#
# Cookbook:: metasploitable
# Recipe:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.

16
chef/cookbooks/metasploitable/recipes/mysql.rb Normal file
View File

@ -0,0 +1,16 @@
#
# Cookbook:: metasploitable
# Recipe:: mysql
#
# Copyright:: 2017, The Authors, All Rights Reserved.
mysql_client 'default' do
action :create
end
mysql_service 'default' do
initial_root_password 'sploitme'
bind_address '0.0.0.0'
port '3306'
action [:create, :start]
end

35
chef/cookbooks/metasploitable/recipes/users.rb Normal file
View File

@ -0,0 +1,35 @@
#
# Cookbook:: metasploitable
# Recipe:: users
#
# Copyright:: 2017, Rapid7, All Rights Reserved.
users = {'leah_organa' => { password: '$1$2ny4/xaH$tAFV5fbEqHx2OkOPIQhpx0' },
'luke_skywalker' => { password: '$1$n8tgrGRs$8xaS40CFS1J5iIAEmbnx50' },
'han_solo' => { password: '$1$L/2/AWAh$ZMUulbFhP2IesZ6xwBmaV0' },
'artoo_detoo' => { password: '$1$DlEuqBUm$u71bKO9I603kDCqEphmon1' },
'c_three_pio' => { password: '$1$4JMoAFqs$b5MwsiCfOASdUKktx6wQ7/' },
'ben_kenobi' => { password: '$1$vmHrrI9b$OyLulJjgi18GxgREG5V5c1' },
'darth_vader' => { password: '$1$c7AfQJ86$zvcdz7pPate7GdCQ.yfTf0' },
'anakin_skywalker' => { password: '$1$AvIldIHu$o1s2OCU4n/qSCGQMKMgkH/' },
'jarjar_binks' => { password: '$1$SNokFi0c$F.SvjZQjYRSuoBuobRWMh1' },
'lando_calrissian' => { password: '$1$8aWC7zHq$bz6K2rZVD7XlMNqBIIMGX.' },
'boba_fett' => { password: '$1$TjxlmV4j$k/rG1vb4.pj.z0yFWJ.ZD0' },
'jabba_hutt' => { password: '$1$1q5jRHYC$LIp/8O/g9qg3NaeGOxGSl/' },
'greedo' => { password: '$1$1lmZ0rOJ$GITT5.sX0tvOQeC2/wWQF1' },
'chewbacca' => { password: '$1$AjU5ZLh9$WjO.j9fYh3yms3HSDBKya1' },
'kylo_ren' => { password: '$1$Zcw3AKDA$1Mjgzmr/HpmFXuxUjj2Vv1' }
}
uid = 1111
users.each do |username, opts|
user username do
supports :manage_home => true
password opts[:password]
uid uid
gid '100'
home "/home/#{username}"
shell '/bin/bash'
end
uid += 1
end

2
chef/cookbooks/metasploitable/spec/spec_helper.rb Normal file
View File

@ -0,0 +1,2 @@
require 'chefspec'
require 'chefspec/berkshelf'

20
chef/cookbooks/metasploitable/spec/unit/recipes/default_spec.rb Normal file
View File

@ -0,0 +1,20 @@
#
# Cookbook:: metasploitable
# Spec:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.
require 'spec_helper'
describe 'metasploitable::default' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
end
end

20
chef/cookbooks/metasploitable/spec/unit/recipes/mysql_spec.rb Normal file
View File

@ -0,0 +1,20 @@
#
# Cookbook:: metasploitable
# Spec:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.
require 'spec_helper'
describe 'metasploitable::mysql' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
end
end

18
chef/cookbooks/metasploitable/test/smoke/default/default_test.rb Normal file
View File

@ -0,0 +1,18 @@
# # encoding: utf-8
# Inspec test for recipe metasploitable::default
# The Inspec reference, with examples and extensive documentation, can be
# found at http://inspec.io/docs/reference/resources/
unless os.windows?
describe user('root') do
it { should exist }
skip 'This is an example test, replace with your own test.'
end
end
describe port(80) do
it { should_not be_listening }
skip 'This is an example test, replace with your own test.'
end

18
chef/cookbooks/metasploitable/test/smoke/default/mysql.rb Normal file
View File

@ -0,0 +1,18 @@
# # encoding: utf-8
# Inspec test for recipe metasploitable::mysql
# The Inspec reference, with examples and extensive documentation, can be
# found at http://inspec.io/docs/reference/resources/
unless os.windows?
describe user('root') do
it { should exist }
skip 'This is an example test, replace with your own test.'
end
end
describe port(80) do
it { should_not be_listening }
skip 'This is an example test, replace with your own test.'
end

1
chef/cookbooks/mysql/.foodcritic Normal file
View File

@ -0,0 +1 @@
~FC005

665
chef/cookbooks/mysql/CHANGELOG.md Normal file
View File

@ -0,0 +1,665 @@
# mysql Cookbook CHANGELOG
This file is used to list changes made in each version of the mysql cookbook.
## 8.2.0 (2016-12-03)
- Include client development packages on RHEL/SUSE platforms
## 8.1.1 (2016-10-31)
- Fixing CVE-2016-6662 - Reverting execure bit on mysql config
## 8.1.0 (2016-10-29)
- Drop hardcoded, specific package version logic that broke many users
## 8.0.4 (2016-09-26)
- Bump debian version
- Updated packages for 12.04 and 14.04 too
- Add chef_version metadata
- Update platforms in the kitchen file
- Add selinux to the Berksfile for testing
- Make sure yum repos are setup in local Test Kitchen
## 8.0.3 (2016-09-14)
- [GH-390] Fix #390 incorrect escaping of initial_root_password
- Updated package versions for Ubuntu 16.04
- Testing updates
# v8.0.2 (2016-08-25)
- Various bug fixed and updates to package version strings
# v8.0.1 (2016-07-20)
- Fixed a regression in the mysql_client resource where the action was changed from create to install in the 8.0 release
- Added oracle, opensuse, and opensuseleap as supported platforms in the metadata
# v8.0.0 (2016-07-11)
- Converting from LWRP to custom resources
- Removing yum-mysql and other dependencies.
- ^ BREAKING CHANGE: RHELish users are now responsible
for including a recipe from the "yum-mysql" or equivalent
cookbook before utilizing the mysql_* resources.
- More thoughtful ChefSpec
- Renaming "replication" test suite to "smoke"
- Moving to Inspec
## v7.2.0 (2016-06-30)
- Support openeSUSE leap
- Support Fedora 24
## v7.1.2 (2016-06-30)
- Avoid deprecation warnings on the upcoming Chef 12.12 release
## v7.1.1 (2016-06-03)
- Fix apparmor blocking writes to non-default tmp_dirs
- Updated apparmor config to allow read & write to sock.lock file
- Use cookstyle instead of Rubocop directly
## v7.1.0 (2016-05-11)
- Added support for Ubuntu 16.04
## v7.0.0 (2016-04-19)
- Removed support for legacy distros: Ubuntu 10.04/13.04/14.10/15.04, Fedora 20/21, OmniOS r151006, opensuse 11.3/12.0
- Added support for Fedora 23, suse 13.X, and Ubuntu 16.04
- Updated the systemd support to create unit files in /etc/systemd and not /usr/lib/systemd
- Adding umask to bash resource that sets root password PR #386 @gziskind
- Cleaned up the Test Kitchen config to test the right platform version + mysql pairings
- Added Travis CI Test Kitchen testing on Fedora 22/23 and removed Fedora 21
- Updated the platforms used in the specs
## v6.1.3 (2016-03-14)
- Added support for Ubuntu 15.10
- Added support for Amazon Linux 2016-03
- Updated Kitchen testing configs
## v6.1.2 (2015-10-05)
- Added support for Amazon Linux 2015.09
## v6.1.1 (2015-09-24)
- Completing ChefSpec matchers
## v6.1.0 (2015-07-17)
- Adding tunables for tmp_dir, error_log, and pid_file
- Adding mysqld_options hash interface for main my.cnf template
## v6.0.31 (2015-07-13)
- Reverting create_stop_system_service checks
## v6.0.30 (2015-07-13)
- Ubuntu 15.04 support
- Check for scripts and unit files during create_stop_system_service
## v6.0.29 (2015-07-12)
- Patch to allow blank root password
- Adding package information for Suse 12.0
## v6.0.28 (2015-07-10)
- Fixes for 12.4.x
## v6.0.27 (2015-07-09)
- Allowing integer value for port number
## v6.0.26 (2015-07-07)
- Reverting breaking changes introduced in 6.0.25
## v6.0.25 (2015-07-06)
- Fixes for 12.4.1
## v6.0.24 (2015-06-27)
- 341 - Changing default GRANT for root from '%' to 'localhost' and '127.0.0.1'
## v6.0.23 (2015-06-21)
- 354 Better handling of long MySQL startup times
## v6.0.22 (2015-05-07)
- Debian 8 (Jessie) support
## v6.0.21 (2015-04-08)
- Fix to Upstart prestart script when using custom socket
- Adding --explicit_defaults_for_timestamp mysql_install_db_cmd for
- 5.6 and above
## v6.0.20 (2015-03-27)
- 318 - Fixing Upstart pre-start script to handle custom socket paths
## v6.0.19 (2015-03-25)
- Adding support for Amazon Linux 2015.03
## v6.0.18 (2015-03-24)
- Adding support for 5.6 and 5.7 packages from dotdeb repos on Debian 7
## v6.0.17 (2015-03-13)
- Updated for MySQL 5.7.6.
- Handing removal of mysql_install_db and mysqld_safe
## v6.0.16 (2015-03-10)
- Moved --defaults-file as first option to mysql_install_db_script
## v6.0.15 (2015-02-26)
- Updating docker detection fix to pass specs
## v6.0.14 (2015-02-26)
- Fixed debian system service :disable action. Now survives reboot
- Fixing centos-7 instance :enable action. Now survives
- Not applying Apparmor policy if running in a Docker container
## v6.0.13 (2015-02-15)
- Adding support for special characters in initial_root_password
- Fixing failure status bug in sysvinit script
## v6.0.12 (2015-02-30)
- No changes. Released a 6.0.11 that was identical to 6.0.10.
- Git before coffee.
## v6.0.11 (2015-02-30)
- Adding support for configurable socket files
## v6.0.10 (2015-01-19)
- Fix #282 - Fixing up data_dir template variable
## v6.0.9 (2015-01-19)
- Fix #282 - undefined method `parsed_data_dir' bug
## v6.0.8 (2015-01-19)
- Refactoring helper methods out of resource classes
## v6.0.7 (2015-01-14)
- Fixing timing issue with Upstart provider :restart and :reload
- actions where service returns before being available
## v6.0.6 (2014-12-26)
- Fixing subtle bug where MysqlCookbook::Helper methods were polluting Chef::Resource
## v6.0.5 (2014-12-25)
- Using 'include_recipe' instead of 'recipe_eval' in LWRP
- Fixing type checking on package_name attribute in mysql_client resource.
## v6.0.4 (2014-12-21)
- Suggest available versions if current is not available for current platform.
## v6.0.3 (2014-12-17)
- Adding bind_address parameter to mysql_service resource
## v6.0.2 (2014-12-17)
- Fixing sysvinit provider to survive reboots
## v6.0.1 (2014-12-16)
- Fixing Upstart template to survive reboots
## v6.0.0 (2014-12-15)
- Major version update
- Cookbook now provides LWRPs instead of recipes
- Platform providers re-factored into init system providers
- Separated :create and :start actions for use in recipes that build containers
- mysql_service now supports multiple instances on the same machine
- mysql_service no longer attempts to manage user records
- Removal of debian-sys-maint
- Unified Sysvinit script that works on all platforms
- mysql_config resource introduced
- mysql_client fixed up
- Refactored acceptance tests
- Temporarily dropped FreeBSD support
## v5.6.1 (2014-10-29)
- Use Gem::Version instead of Chef::Version
## v5.6.0 (2014-10-29)
- Changing default charset to utf8
- Quoting passwords in debian.cnf.erb
- Amazon 2014.09 support
- Ubuntu 14.10 support
- Only hide passwords from STDOUT via "sensitive true" in chef-client higher than 11.14
- Updating test harness
## v5.5.4 (2014-10-07)
- Adding sensitive flag to execute resources to protect passwords from logs
## v5.5.3 (2014-09-24)
- Reverting back to Upstart on Ubuntu 14.04
## v5.5.2 (2014-09-8)
- Reverting commit that broke Debian pass_string
## v5.5.1 (2014-09-2)
- Switching Ubuntu service provider to use SysVinit instead of Upstart
## v5.5.0 (2014-08-27)
- Adding package version and action parameters to mysql_service resource
- Fixing Debian pass_string
## v5.4.4 (2014-08-27)
- Changing module namespace to MysqlCookbook
## v5.4.3 (2014-08-25)
- More refactoring. Moving helper function bits into resource parsed_parameters
## v5.4.2 (2014-08-25)
- Moving provider local variables into definitions for RHEL provider
## v5.4.1 (2014-08-25)
- Refactoring resources into the LWRP style with parsed parameters
- Moving provider local variables into definitions
## v5.4.0 (2014-08-25)
- 212 - support for centos-7 (mysql55 and mysql56)
- Adding (untested) Debian-6 support
- Adding Suse support to metadata.rb
- Adding ability to change MySQL root password
- Added libmysqlclient-devel package to SuSE client provider
- Appeasing AppArmor
- Reducing duplication in client provider
## v5.3.6 (2014-06-18)
- Fixing pid path location. Updating tests to include real RHEL
## v5.3.4 (2014-06-16)
- Fixing specs for Amazon Linux server package names
## v5.3.2 (2014-06-16)
- Fixing Amazon Linux support
## v5.3.0 (2014-06-11)
- 189 - Fix server_repl_password description
- 191 - Adding support for server55 and server56 on el-6
- 193 - Fix syntax in mysql_service example
- 199 - Adding Suse support
## v5.2.12 (2014-05-19)
PR #192 - recipes/server.rb should honor parameter node['mysql']['version']
## v5.2.10 (2014-05-15)
- COOK-4394 - restore freebsd support
## v5.2.8 (2014-05-15)
- [COOK-4653] - Missing mySQL 5.6 support for Ubuntu 14.04
## v5.2.6 (2014-05-07)
- [COOK-4625] - Fix password resource parameter consumption on Debian and Ubuntu
- Fix up typos and version numbers in PLATFORMS.md
- Fix up specs from COOK-4613 changes
## v5.2.4 (2014-05-02)
- [COOK-4613] - Fix permissions on mysql data_dir to allow global access to mysql.sock
## v5.2.2 (2014-04-24)
- [COOK-4564] - Using positive tests for datadir move
## v5.2.0 (2014-04-22)
- [COOK-4551] - power grants.sql from resource parameters
## v5.1.12 (2014-04-21)
- [COOK-4554] - Support for Debian Sid
## v5.1.10 (2014-04-21)
- [COOK-4565] Support for Ubuntu 14.04
- [COOK-4565] Adding Specs and TK platform
- Removing non-LTS 13.10 specs and TK platform
## v5.1.8 (2014-04-12)
Adding Ubuntu 13.04 to Platforminfo
## v5.1.6 (2014-04-11)
- [COOK-4548] - Add template[/etc/mysql/debian.cnf] to Ubuntu provider
## v5.1.4 (2014-04-11)
- [COOK-4547] - Shellescape server_root_password
## v5.1.2 (2014-04-09)
- [COOK-4519] - Fix error in run_dir for Ubuntu
- [COOK-4531] - Fix pid and run_dir for Debian
## v5.1.0 (2014-04-08)
[COOK-4523] - Allow for both :restart and :reload
## v5.0.6 (2014-04-07)
- [COOK-4519] - Updating specs to reflect pid file change on Ubuntu
## v5.0.4 (2014-04-07)
- [COOK-4519] - Fix path to pid file on Ubuntu
## v5.0.2 (2014-04-01)
- Moving server_deprecated into recipes directory
## v5.0.0 (2014-03-31)
- Rewriting as a library cookbook
- Exposing mysql_service and mysql_client resources
- User now needs to supply configuration
- Moving attribute driven recipe to server-deprecated
## v4.1.2 (2014-02-28)
- [COOK-4349] - Fix invalid platform check
- [COOK-4184] - Better handling of Ubuntu upstart service
- [COOK-2100] - Changing innodb_log_file_size tunable results in inability to start MySQL
## v4.1.1 (2014-02-25)
- **[COOK-2966] - Address foodcritic failures'
- **[COOK-4182] - Template parse failure in /etc/init/mysql.conf (data_dir)'
- **[COOK-4198] - Added missing tunable'
- **[COOK-4206] - create root@127.0.0.1, as well as root@localhost'
## v4.0.20 (2014-01-18)
- [COOK-3931] - MySQL Server Recipe Regression for Non-LTS Ubuntu Versions
- [COOK-3945] - MySQL cookbook fails on Ubuntu 13.04/13.10
- [COOK-3966] - mysql::server recipe can't find a template with debian 7.x
- [COOK-3985] - Missing /etc/mysql/debian.cnf template on mysql::_server_debian.rb recipe (mysql 4.0.4)
- [COOK-3974] - debian.cnf not updated
- [COOK-4001] - Pull request: Fixes for broken mysql::server on Debian
- [COOK-4071] - Mysql cookbook doesn't work on debian 7.2
## v4.0.14
Fixing style cops
## v4.0.12
### Bug
- **[COOK-4068](https://tickets.chef.io/browse/COOK-4068)** - rework MySQL Windows recipe
### Improvement
- **[COOK-3801](https://tickets.chef.io/browse/COOK-3801)** - Add innodb_adaptive_flushing_method and innodb_adaptive_checkpoint
## v4.0.10
fixing metadata version error. locking to 3.0
## v4.0.8
Locking yum dependency to '< 3'
## v4.0.6
# Bug
- [COOK-3943] Notifying service restart on grants update
## v4.0.4
[COOK-3952] - Adding 'recursive true' to directory resources
## v4.0.2
### BUGS
- Adding support for Amazon Linux in attributes/server_rhel.rb
- Fixing bug where unprivileged users cannot connect over a local socket. Adding integration test.
- Fixing bug in mysql_grants_cmd generation
## v4.0.0
- [COOK-3928] Heavily refactoring for readability. Moving platform implementation into separate recipes
- Moving integration tests from minitest to serverspec, removing "improper" tests
- Moving many attributes into the ['mysql']['server']['whatever'] namespace
- [COOK-3481] - Merged Lucas Welsh's Windows bits and moved into own recipe
- [COOK-3697] - Adding security hardening attributes
- [COOK-3780] - Fixing data_dir on Debian and Ubuntu
- [COOK-3807] - Don't use execute[assign-root-password] on Debian and Ubuntu
- [COOK-3881] - Fixing /etc being owned by mysql user
## v3.0.12
### Bug
- **[COOK-3752](https://tickets.chef.io/browse/COOK-3752)** - mysql service fails to start in mysql::server recipe
## v3.0.10
- Fix a failed release attempt for v3.0.8
## v3.0.8
### Bug
- **[COOK-3749](https://tickets.chef.io/browse/COOK-3749)** - Fix a regression with Chef 11-specific features
## v3.0.6
### Bug
- **[COOK-3674](https://tickets.chef.io/browse/COOK-3674)** - Fix an issue where the MySQL server fails to set the root password correctly when `data_dir` is a non-default value
- **[COOK-3647](https://tickets.chef.io/browse/COOK-3647)** - Fix README typo (databas => database)
- **[COOK-3477](https://tickets.chef.io/browse/COOK-3477)** - Fix log-queries-not-using-indexes not working
- **[COOK-3436](https://tickets.chef.io/browse/COOK-3436)** - Pull percona repo in compilation phase
- **[COOK-3208](https://tickets.chef.io/browse/COOK-3208)** - Fix README typo (LitenPort => ListenPort)
- **[COOK-3149](https://tickets.chef.io/browse/COOK-3149)** - Create my.cnf before installing
- **[COOK-2681](https://tickets.chef.io/browse/COOK-2681)** - Fix log_slow_queries for 5.5+
- **[COOK-2606](https://tickets.chef.io/browse/COOK-2606)** - Use proper bind address on cloud providers
### Improvement
- **[COOK-3498](https://tickets.chef.io/browse/COOK-3498)** - Add support for replicate_* variables in my.cnf
## v3.0.4
### Bug
- **[COOK-3310](https://tickets.chef.io/browse/COOK-3310)** - Fix missing `GRANT` option
- **[COOK-3233](https://tickets.chef.io/browse/COOK-3233)** - Fix escaping special characters
- **[COOK-3156](https://tickets.chef.io/browse/COOK-3156)** - Fix GRANTS file when `remote_root_acl` is specified
- **[COOK-3134](https://tickets.chef.io/browse/COOK-3134)** - Fix Chef 11 support
- **[COOK-2318](https://tickets.chef.io/browse/COOK-2318)** - Remove redundant `if` block around `node.mysql.tunable.log_bin`
## v3.0.2
### Bug
- [COOK-2158]: apt-get update is run twice at compile time
- [COOK-2832]: mysql grants.sql file has errors depending on attrs
- [COOK-2995]: server.rb is missing a platform_family comparison value
### Sub-task
- [COOK-2102]: `innodb_flush_log_at_trx_commit` value is incorrectly set based on CPU count
## v3.0.0
**Note** This is a backwards incompatible version with previous versions of the cookbook. Tickets that introduce incompatibility are COOK-2615 and COOK-2617.
- [COOK-2478] - Duplicate 'read_only' server attribute in base and tunable
- [COOK-2471] - Add tunable to set slave_compressed_protocol for reduced network traffic
- [COOK-1059] - Update attributes in mysql cookbook to support missing options for my.cnf usable by Percona
- [COOK-2590] - Typo in server recipe to do with conf_dir and confd_dir
- [COOK-2602] - Add `lower_case_table_names` tunable
- [COOK-2430] - Add a tunable to create a network ACL when allowing `remote_root_access`
- [COOK-2619] - mysql: isamchk deprecated
- [COOK-2515] - Better support for SUSE distribution for mysql cookbook
- [COOK-2557] - mysql::percona_repo attributes missing and key server typo
- [COOK-2614] - Duplicate `innodb_file_per_table`
- [COOK-2145] - MySQL cookbook should remove anonymous and password less accounts
- [COOK-2553] - Enable include directory in my.cnf template for any platform
- [COOK-2615] - Rename `key_buffer` to `key_buffer_size`
- [COOK-2626] - Percona repo URL is being constructed incorrectly
- [COOK-2616] - Unneeded attribute thread_cache
- [COOK-2618] - myisam-recover not using attribute value
- [COOK-2617] - open-files is a duplicate of open-files-limit
## v2.1.2
- [COOK-2172] - Mysql cookbook duplicates `binlog_format` configuration
## v2.1.0
- [COOK-1669] - Using platform("ubuntu") in default attributes always returns true
- [COOK-1694] - Added additional my.cnf fields and reorganized cookbook to avoid race conditions with mysql startup and sql script execution
- [COOK-1851] - Support server-id and binlog_format settings
- [COOK-1929] - Update msyql server attributes file because setting attributes without specifying a precedence is deprecated
- [COOK-1999] - Add read_only tunable useful for replication slave servers
## v2.0.2
- [COOK-1967] - mysql: trailing comma in server.rb platform family
## v2.0.0
**Important note for this release**
Under Chef Solo, you must set the node attributes for the root, debian and repl passwords or the run will completely fail. See COOK-1737 for background on this.
- [COOK-1390] - MySQL service cannot start after reboot
- [COOK-1610] - Set root password outside preseed (blocker for drop-in mysql replacements)
- [COOK-1624] - Mysql cookbook fails to even compile on windows
- [COOK-1669] - Using platform("ubuntu") in default attributes always returns true
- [COOK-1686] - Add mysql service start
- [COOK-1687] - duplicate `innodb_buffer_pool_size` attribute
- [COOK-1704] - mysql cookbook fails spec tests when minitest-handler cookbook enabled
- [COOK-1737] - Fail a chef-solo run when `server_root_password`, `server_debian_password`, and/or `server_repl_password` is not set
- [COOK-1769] - link to database recipe in mysql README goes to old chef/cookbooks repo instead of chef-cookbook organization
- [COOK-1963] - use `platform_family`
## v1.3.0
**Important note for this release**
This version no longer installs Ruby bindings in the client recipe by default. Use the ruby recipe if you'd like the RubyGem. If you'd like packages from your distribution, use them in your application's specific cookbook/recipe, or modify the client packages attribute. This resolves the following tickets:
- COOK-932
- COOK-1009
- COOK-1384
Additionally, this cookbook now has tests (COOK-1439) for use under test-kitchen.
The following issues are also addressed in this release.
- [COOK-1443] - MySQL (>= 5.1.24) does not support `innodb_flush_method` = fdatasync
- [COOK-1175] - Add Mac OS X support
- [COOK-1289] - handle additional tunable attributes
- [COOK-1305] - add auto-increment-increment and auto-increment-offset attributes
- [COOK-1397] - make the port an attribute
- [COOK-1439] - Add MySQL cookbook tests for test-kitchen support
- [COOK-1236] - Move package names into attributes to allow percona to free-ride
- [COOK-934] - remove deprecated mysql/libraries/database.rb, use the database cookbook instead.
- [COOK-1475] - fix restart on config change
## v1.2.6
- [COOK-1113] - Use an attribute to determine if upstart is used
- [COOK-1121] - Add support for Windows
- [COOK-1140] - Fix conf.d on Debian
- [COOK-1151] - Fix server_ec2 handling /var/lib/mysql bind mount
- [COOK-1321] - Document setting password attributes for solo
## v1.2.4
- [COOK-992] - fix FATAL nameerror
- [COOK-827] - `mysql:server_ec2` recipe can't mount `data_dir`
- [COOK-945] - FreeBSD support
## v1.2.2
- [COOK-826] mysql::server recipe doesn't quote password string
- [COOK-834] Add 'scientific' and 'amazon' platforms to mysql cookbook
## v1.2.1
- [COOK-644] Mysql client cookbook 'package missing' error message is confusing
- [COOK-645] RHEL6/CentOS6 - mysql cookbook contains 'skip-federated' directive which is unsupported on MySQL 5.1
## v1.2.0
- [COOK-684] remove mysql_database LWRP
## v1.0.8
- [COOK-633] ensure "cloud" attribute is available
## v1.0.7
- [COOK-614] expose all mysql tunable settings in config
- [COOK-617] bind to private IP if available
## v1.0.6
- [COOK-605] install mysql-client package on ubuntu/debian
## v1.0.5
- [COOK-465] allow optional remote root connections to mysql
- [COOK-455] improve platform version handling
- externalize conf_dir attribute for easier cross platform support
- change datadir attribute to data_dir for consistency
## v1.0.4
- fix regressions on debian platform
- [COOK-578] wrap root password in quotes
- [COOK-562] expose all tunables in my.cnf

2
chef/cookbooks/mysql/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,2 @@
Please refer to
https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD

16
chef/cookbooks/mysql/MAINTAINERS.md Normal file
View File

@ -0,0 +1,16 @@
<!-- This is a generated file. Please do not edit directly -->
# Maintainers
This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead.
# Project Maintainer
* [Tim Smith](https://github.com/tas50)
# Maintainers
* [Jennifer Davis](https://github.com/sigje)
* [Sean OMeara](https://github.com/someara)
* [Tim Smith](https://github.com/tas50)
* [Thom May](https://github.com/thommay)

444
chef/cookbooks/mysql/README.md Normal file
View File

@ -0,0 +1,444 @@
# MySQL Cookbook
[![Build Status](https://travis-ci.org/chef-cookbooks/mysql.svg?branch=master)](https://travis-ci.org/chef-cookbooks/mysql) [![Cookbook Version](https://img.shields.io/cookbook/v/mysql.svg)](https://supermarket.chef.io/cookbooks/mysql)
The Mysql Cookbook is a library cookbook that provides resource primitives (LWRPs) for use in recipes. It is designed to be a reference example for creating highly reusable cross-platform cookbooks.
## Scope
This cookbook is concerned with the "MySQL Community Server", particularly those shipped with F/OSS Unix and Linux distributions. It does not address forks or value-added repackaged MySQL distributions like Drizzle, MariaDB, or Percona.
## Requirements
- Chef 12.5 or higher
- Network accessible package repositories
- 'recipe[selinux::disabled]' on RHEL platforms
## Platform Support
The following platforms have been tested with Test Kitchen:
```
|----------------+-----+-----+-----+-----+-----|
| | 5.0 | 5.1 | 5.5 | 5.6 | 5.7 |
|----------------+-----+-----+-----+-----+-----|
| debian-7 | | | X | | |
|----------------+-----+-----+-----+-----+-----|
| debian-8 | | | X | | |
|----------------+-----+-----+-----+-----+-----|
| ubuntu-12.04 | | | X | | |
|----------------+-----+-----+-----+-----+-----|
| ubuntu-14.04 | | | X | X | |
|----------------+-----+-----+-----+-----+-----|
| ubuntu-16.04 | | | | | X |
|----------------+-----+-----+-----+-----+-----|
| centos-5 | X | X | X | X | X |
|----------------+-----+-----+-----+-----+-----|
| centos-6 | | X | X | X | X |
|----------------+-----+-----+-----+-----+-----|
| centos-7 | | | X | X | X |
|----------------+-----+-----+-----+-----+-----|
| fedora | | | | X | X |
|----------------+-----+-----+-----+-----+-----|
| openSUSE 13.2 | | | | X | |
|----------------+-----+-----+-----+-----+-----|
| openSUSE 42.1 | | | | X | |
|----------------+-----+-----+-----+-----+-----|
```
## Cookbook Dependencies
There are no hard coupled dependencies.
However, there is a loose dependency on `yum-mysql-community` for RHEL/Centos platforms.
As of the 8.0 version of this cookbook, configuration of the package repos is now the
responsibility of the user.
## Usage
Place a dependency on the mysql cookbook in your cookbook's metadata.rb
```ruby
depends 'mysql', '~> 8.0'
```
Then, in a recipe:
```ruby
mysql_service 'foo' do
port '3306'
version '5.5'
initial_root_password 'change me'
action [:create, :start]
end
```
The service name on the OS is `mysql-foo`. You can manually start and stop it with `service mysql-foo start` and `service mysql-foo stop`.
The configuration file is at `/etc/mysql-foo/my.cnf`. It contains the minimum options to get the service running. It looks like this.
```
# Chef generated my.cnf for instance mysql-foo
[client]
default-character-set = utf8
port = 3306
socket = /var/run/mysql-foo/mysqld.sock
[mysql]
default-character-set = utf8
[mysqld]
user = mysql
pid-file = /var/run/mysql-foo/mysqld.pid
socket = /var/run/mysql-foo/mysqld.sock
port = 3306
datadir = /var/lib/mysql-foo
tmpdir = /tmp
log-error = /var/log/mysql-foo/error.log
!includedir /etc/mysql-foo/conf.d
[mysqld_safe]
socket = /var/run/mysql-foo/mysqld.sock
```
You can put extra configuration into the conf.d directory by using the `mysql_config` resource, like this:
```ruby
mysql_service 'foo' do
port '3306'
version '5.5'
initial_root_password 'change me'
action [:create, :start]
end
mysql_config 'foo' do
source 'my_extra_settings.erb'
notifies :restart, 'mysql_service[foo]'
action :create
end
```
You are responsible for providing `my_extra_settings.erb` in your own cookbook's templates folder.
## Connecting with the mysql CLI command
Logging into the machine and typing `mysql` with no extra arguments will fail. You need to explicitly connect over the socket with `mysql -S /var/run/mysql-foo/mysqld.sock`, or over the network with `mysql -h 127.0.0.1`
## Upgrading from older version of the mysql cookbook
- It is strongly recommended that you rebuild the machine from scratch. This is easy if you have your `data_dir` on a dedicated mount point. If you _must_ upgrade in-place, follow the instructions below.
- The 6.x series supports multiple service instances on a single machine. It dynamically names the support directories and service names. `/etc/mysql becomes /etc/mysql-instance_name`. Other support directories in `/var` `/run` etc work the same way. Make sure to specify the `data_dir` property on the `mysql_service` resource to point to the old `/var/lib/mysql` directory.
## Resources Overview
### mysql_service
The `mysql_service` resource manages the basic plumbing needed to get a MySQL server instance running with minimal configuration.
The `:create` action handles package installation, support directories, socket files, and other operating system level concerns. The internal configuration file contains just enough to get the service up and running, then loads extra configuration from a conf.d directory. Further configurations are managed with the `mysql_config` resource.
- If the `data_dir` is empty, a database will be initialized, and a
- root user will be set up with `initial_root_password`. If this
- directory already contains database files, no action will be taken.
The `:start` action starts the service on the machine using the appropriate provider for the platform. The `:start` action should be omitted when used in recipes designed to build containers.
#### Example
```ruby
mysql_service 'default' do
version '5.7'
bind_address '0.0.0.0'
port '3306'
data_dir '/data'
initial_root_password 'Ch4ng3me'
action [:create, :start]
end
```
Please note that when using `notifies` or `subscribes`, the resource to reference is `mysql_service[name]`, not `service[mysql]`.
#### Parameters
- `charset` - specifies the default character set. Defaults to `utf8`.
- `data_dir` - determines where the actual data files are kept on the machine. This is useful when mounting external storage. When omitted, it will default to the platform's native location.
- `error_log` - Tunable location of the error_log
- `initial_root_password` - allows the user to specify the initial root password for mysql when initializing new databases. This can be set explicitly in a recipe, driven from a node attribute, or from data_bags. When omitted, it defaults to `ilikerandompasswords`. Please be sure to change it.
- `instance` - A string to identify the MySQL service. By convention, to allow for multiple instances of the `mysql_service`, directories and files on disk are named `mysql-<instance_name>`. Defaults to the resource name.
- `package_action` - Defaults to `:install`.
- `package_name` - Defaults to a value looked up in an internal map.
- `package_version` - Specific version of the package to install,passed onto the underlying package manager. Defaults to `nil`.
- `bind_address` - determines the listen IP address for the mysqld service. When omitted, it will be determined by MySQL. If the address is "regular" IPv4/IPv6address (e.g 127.0.0.1 or ::1), the server accepts TCP/IP connections only for that particular address. If the address is "0.0.0.0" (IPv4) or "::" (IPv6), the server accepts TCP/IP connections on all IPv4 or IPv6 interfaces.
- `mysqld_options` - A key value hash of options to be rendered into the main my.cnf. WARNING - It is highly recommended that you use the `mysql_config` resource instead of sending extra config into a `mysql_service` resource. This will allow you to set up notifications and subscriptions between the service and its configuration. That being said, this can be useful for adding extra options needed for database initialization at first run.
- `port` - determines the listen port for the mysqld service. When omitted, it will default to '3306'.
- `run_group` - The name of the system group the `mysql_service` should run as. Defaults to 'mysql'.
- `run_user` - The name of the system user the `mysql_service` should run as. Defaults to 'mysql'.
- `pid_file` - Tunable location of the pid file.
- `socket` - determines where to write the socket file for the `mysql_service` instance. Useful when configuring clients on the same machine to talk over socket and skip the networking stack. Defaults to a calculated value based on platform and instance name.
- `tmp_dir` - Tunable location of the tmp_dir
- `version` - allows the user to select from the versions available for the platform, where applicable. When omitted, it will install the default MySQL version for the target platform. Available version numbers are `5.0`, `5.1`, `5.5`, `5.6`, and `5.7`, depending on platform.
#### Actions
- `:create` - Configures everything but the underlying operating system service.
- `:delete` - Removes everything but the package and data_dir.
- `:start` - Starts the underlying operating system service
- `:stop`- Stops the underlying operating system service
- `:restart` - Restarts the underlying operating system service
- `:reload` - Reloads the underlying operating system service
#### Providers
Chef selects the appropriate provider based on platform and version, but you can specify one if your platform support it.
```ruby
mysql_service[instance-1] do
port '1234'
data_dir '/mnt/lottadisk'
provider Chef::Provider::MysqlServiceSysvinit
action [:create, :start]
end
```
- `Chef::Provider::MysqlServiceBase` - Configures everything needed to run a MySQL service except the platform service facility. This provider should never be used directly. The `:start`, `:stop`, `:restart`, and `:reload` actions are stubs meant to be overridden by the providers below.
- `Chef::Provider::MysqlServiceSmf` - Starts a `mysql_service` using the Service Management Facility, used by Solaris and Illumos. Manages the FMRI and method script.
- `Chef::Provider::MysqlServiceSystemd` - Starts a `mysql_service` using SystemD. Manages the unit file and activation state
- `Chef::Provider::MysqlServiceSysvinit` - Starts a `mysql_service` using SysVinit. Manages the init script and status.
- `Chef::Provider::MysqlServiceUpstart` - Starts a `mysql_service` using Upstart. Manages job definitions and status.
### mysql_config
The `mysql_config` resource is a wrapper around the core Chef `template` resource. Instead of a `path` parameter, it uses the `instance` parameter to calculate the path on the filesystem where file is rendered.
#### Example
```ruby
mysql_config[default] do
source 'site.cnf.erb'
action :create
end
```
#### Parameters
- `config_name` - The base name of the configuration file to be rendered into the conf.d directory on disk. Defaults to the resource name.
- `cookbook` - The name of the cookbook to look for the template source. Defaults to nil
- `group` - System group for file ownership. Defaults to 'mysql'.
- `instance` - Name of the `mysql_service` instance the config is meant for. Defaults to 'default'.
- `owner` - System user for file ownership. Defaults to 'mysql'.
- `source` - Template in cookbook to be rendered.
- `variables` - Variables to be passed to the underlying `template` resource.
- `version` - Version of the `mysql_service` instance the config is meant for. Used to calculate path. Only necessary when using packages with unique configuration paths, such as RHEL Software Collections or OmniOS. Defaults to 'nil'
#### Actions
- `:create` - Renders the template to disk at a path calculated using the instance parameter.
- `:delete` - Deletes the file from the conf.d directory calculated using the instance parameter.
#### More Examples
```ruby
mysql_service 'instance-1' do
action [:create, :start]
end
mysql_service 'instance-2' do
action [:create, :start]
end
mysql_config 'logging' do
instance 'instance-1'
source 'logging.cnf.erb'
action :create
notifies :restart, 'mysql_service[instance-1]'
end
mysql_config 'security settings for instance-2' do
config_name 'security'
instance 'instance-2'
source 'security_stuff.cnf.erb'
variables(:foo => 'bar')
action :create
notifies :restart, 'mysql_service[instance-2]'
end
```
### mysql_client
The `mysql_client` resource manages the MySQL client binaries and development libraries.
It is an example of a "singleton" resource. Declaring two `mysql_client` resources on a machine usually won't yield two separate copies of the client binaries, except for platforms that support multiple versions (RHEL SCL, OmniOS).
#### Example
```ruby
mysql_client 'default' do
action :create
end
```
#### Properties
- `package_name` - An array of packages to be installed. Defaults to a value looked up in an internal map.
- `package_version` - Specific versions of the package to install, passed onto the underlying package manager. Defaults to `nil`.
- `version` - Major MySQL version number of client packages. Only valid on for platforms that support multiple versions, such as RHEL via Software Collections and OmniOS.
#### Actions
- `:create` - Installs the client software
- `:delete` - Removes the client software
## Advanced Usage Examples
There are a number of configuration scenarios supported by the use of resource primitives in recipes. For example, you might want to run multiple MySQL services, as different users, and mount block devices that contain pre-existing databases.
### Multiple Instances as Different Users
```ruby
# instance-1
user 'alice' do
action :create
end
directory '/mnt/data/mysql/instance-1' do
owner 'alice'
action :create
end
mount '/mnt/data/mysql/instance-1' do
device '/dev/sdb1'
fstype 'ext4'
action [:mount, :enable]
end
mysql_service 'instance-1' do
port '3307'
run_user 'alice'
data_dir '/mnt/data/mysql/instance-1'
action [:create, :start]
end
mysql_config 'site config for instance-1' do
instance 'instance-1'
source 'instance-1.cnf.erb'
notifies :restart, 'mysql_service[instance-1]'
end
# instance-2
user 'bob' do
action :create
end
directory '/mnt/data/mysql/instance-2' do
owner 'bob'
action :create
end
mount '/mnt/data/mysql/instance-2' do
device '/dev/sdc1'
fstype 'ext3'
action [:mount, :enable]
end
mysql_service 'instance-2' do
port '3308'
run_user 'bob'
data_dir '/mnt/data/mysql/instance-2'
action [:create, :start]
end
mysql_config 'site config for instance-2' do
instance 'instance-2'
source 'instance-2.cnf.erb'
notifies :restart, 'mysql_service[instance-2]'
end
```
### Replication Testing
Use multiple `mysql_service` instances to test a replication setup. This particular example serves as a smoke test in Test Kitchen because it exercises different resources and requires service restarts.
<https://github.com/chef-cookbooks/mysql/blob/master/test/fixtures/cookbooks/mysql_replication_test/recipes/default.rb>
## Frequently Asked Questions
### How do I run this behind my firewall?
On Linux, the `mysql_service` resource uses the platform's underlying package manager to install software. For this to work behind firewalls, you'll need to either:
- Configure the system yum/apt utilities to use a proxy server that
- can reach the Internet
- Host a package repository on a network that the machine can talk to
On the RHEL platform_family, applying the `yum::default` recipe will allow you to drive the `yum_globalconfig` resource with attributes to change the global yum proxy settings.
If hosting repository mirrors, applying one of the following recipes and adjust the settings with node attributes.
- `recipe[yum-centos::default]` from the Supermarket
<https://supermarket.chef.io/cookbooks/yum-centos>
<https://github.com/chef-cookbooks/yum-centos>
- `recipe[yum-mysql-community::default]` from the Supermarket
<https://supermarket.chef.io/cookbooks/yum-mysql-community>
<https://github.com/chef-cookbooks/yum-mysql-community>
### The mysql command line doesn't work
If you log into the machine and type `mysql`, you may see an error like this one:
`Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'`
This is because MySQL is hardcoded to read the defined default my.cnf file, typically at /etc/my.cnf, and this LWRP deletes it to prevent overlap among multiple MySQL configurations.
To connect to the socket from the command line, check the socket in the relevant my.cnf file and use something like this:
`mysql -S /var/run/mysql-foo/mysqld.sock -Pwhatever`
Or to connect over the network, use something like this: connect over the network..
`mysql -h 127.0.0.1 -Pwhatever`
These network or socket ssettings can also be put in you $HOME/.my.cnf, if preferred.
### What about MariaDB, Percona, Drizzle, WebScaleSQL, etc.
MySQL forks are purposefully out of scope for this cookbook. This is mostly to reduce the testing matrix to a manageable size. Cookbooks for these technologies can easily be created by copying and adapting this cookbook. However, there will be differences.
Package repository locations, package version names, software major version numbers, supported platform matrices, and the availability of software such as XtraDB and Galera are the main reasons that creating multiple cookbooks to make sense.
## Warnings
## Hacking / Testing / TODO
Please refer to the HACKING.md
## License & Authors
- Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io))
- Author:: AJ Christensen ([aj@chef.io](mailto:aj@chef.io))
- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))
- Author:: Brian Bianco ([brian.bianco@gmail.com](mailto:brian.bianco@gmail.com))
- Author:: Jesse Howarth ([him@jessehowarth.com](mailto:him@jessehowarth.com))
- Author:: Andrew Crump ([andrew@kotirisoftware.com](mailto:andrew@kotirisoftware.com))
- Author:: Christoph Hartmann ([chris@lollyrock.com](mailto:chris@lollyrock.com))
- Author:: Sean OMeara ([sean@sean.io](mailto:sean@sean.io))
```text
Copyright:: 2009-2014 Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

336
chef/cookbooks/mysql/libraries/helpers.rb Normal file
View File

@ -0,0 +1,336 @@
module MysqlCookbook
module HelpersBase
require 'shellwords'
def el5?
return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 5
false
end
def el6?
return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 6
false
end
def el7?
return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7
false
end
def fc23?
return true if node['platform'] == 'fedora' && node['platform_version'].to_i == 23
false
end
def fc24?
return true if node['platform'] == 'fedora' && node['platform_version'].to_i == 24
false
end
def squeeze?
return true if node['platform'] == 'debian' && node['platform_version'].to_i == 6
false
end
def wheezy?
return true if node['platform'] == 'debian' && node['platform_version'].to_i == 7
false
end
def jessie?
return true if node['platform'] == 'debian' && node['platform_version'].to_i == 8
false
end
def precise?
return true if node['platform'] == 'ubuntu' && node['platform_version'] == '12.04'
false
end
def trusty?
return true if node['platform'] == 'ubuntu' && node['platform_version'] == '14.04'
return true if node['platform'] == 'linuxmint' && node['platform_version'] =~ /^17\.[0-9]$/
false
end
def xenial?
return true if node['platform'] == 'ubuntu' && node['platform_version'] == '16.04'
false
end
def amazon?
return true if node['platform'] == 'amazon'
end
def opensuse?
return true if node['platform'] == 'opensuse'
end
def opensuseleap?
return true if node['platform'] == 'opensuseleap'
end
def defaults_file
"#{etc_dir}/my.cnf"
end
def default_data_dir
return "/opt/local/lib/#{mysql_name}" if node['os'] == 'solaris2'
return "/var/lib/#{mysql_name}" if node['os'] == 'linux'
return "/var/db/#{mysql_name}" if node['os'] == 'freebsd'
end
def default_error_log
"#{log_dir}/error.log"
end
def default_pid_file
"#{run_dir}/mysqld.pid"
end
def default_major_version
# rhelish
return '5.0' if el5?
return '5.1' if el6?
return '5.6' if el7?
return '5.5' if amazon?
# debian
return '5.1' if squeeze?
return '5.5' if wheezy?
return '5.5' if jessie?
# ubuntu
return '5.5' if precise?
return '5.5' if trusty?
return '5.7' if xenial?
# misc
return '5.6' if node['platform'] == 'freebsd'
return '5.6' if node['platform'] == 'fedora'
return '5.6' if node['platform_family'] == 'suse'
end
def major_from_full(v)
v.split('.').shift(2).join('.')
end
def mysql_name
"mysql-#{instance}"
end
def default_socket_file
"#{run_dir}/mysqld.sock"
end
def default_client_package_name
return ['mysql', 'mysql-devel'] if major_version == '5.0' && el5?
return ['mysql51-mysql', 'mysql51-mysql-libs'] if major_version == '5.1' && el5?
return ['mysql', 'mysql-devel'] if major_version == '5.1' && el6?
return ['mysql55-mysql', 'mysql55-mysql-devel'] if major_version == '5.5' && el5?
return ['mysql-client-5.5', 'libmysqlclient-dev'] if major_version == '5.5' && node['platform_family'] == 'debian'
return ['mysql-client-5.6', 'libmysqlclient-dev'] if major_version == '5.6' && node['platform_family'] == 'debian'
return ['mysql-client-5.7', 'libmysqlclient-dev'] if major_version == '5.7' && node['platform_family'] == 'debian'
return 'mysql-community-server-client' if major_version == '5.6' && node['platform_family'] == 'suse'
['mysql-community-client', 'mysql-community-devel']
end
def default_server_package_name
return 'mysql-server' if major_version == '5.0' && el5?
return 'mysql51-mysql-server' if major_version == '5.1' && el5?
return 'mysql-server' if major_version == '5.1' && el6?
return 'mysql55-mysql-server' if major_version == '5.5' && el5?
return 'mysql-server-5.5' if major_version == '5.5' && node['platform_family'] == 'debian'
return 'mysql-server-5.6' if major_version == '5.6' && node['platform_family'] == 'debian'
return 'mysql-server-5.7' if major_version == '5.7' && node['platform_family'] == 'debian'
return 'mysql-community-server' if major_version == '5.6' && node['platform_family'] == 'suse'
'mysql-community-server'
end
def socket_dir
File.dirname(socket)
end
def run_dir
return "#{prefix_dir}/var/run/#{mysql_name}" if node['platform_family'] == 'rhel'
return "/run/#{mysql_name}" if node['platform_family'] == 'debian'
"/var/run/#{mysql_name}"
end
def prefix_dir
return "/opt/mysql#{pkg_ver_string}" if node['platform_family'] == 'omnios'
return '/opt/local' if node['platform_family'] == 'smartos'
return "/opt/rh/#{scl_name}/root" if scl_package?
end
def scl_name
return unless node['platform_family'] == 'rhel'
return 'mysql51' if version == '5.1' && node['platform_version'].to_i == 5
return 'mysql55' if version == '5.5' && node['platform_version'].to_i == 5
end
def scl_package?
return unless node['platform_family'] == 'rhel'
return true if version == '5.1' && node['platform_version'].to_i == 5
return true if version == '5.5' && node['platform_version'].to_i == 5
false
end
def etc_dir
return "/opt/mysql#{pkg_ver_string}/etc/#{mysql_name}" if node['platform_family'] == 'omnios'
return "#{prefix_dir}/etc/#{mysql_name}" if node['platform_family'] == 'smartos'
"#{prefix_dir}/etc/#{mysql_name}"
end
def base_dir
prefix_dir || '/usr'
end
def system_service_name
return 'mysql51-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql51'
return 'mysql55-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql55'
return 'mysqld' if node['platform_family'] == 'rhel'
return 'mysqld' if node['platform_family'] == 'fedora'
return 'mysql' if node['platform_family'] == 'debian'
return 'mysql' if node['platform_family'] == 'suse'
return 'mysql' if node['platform_family'] == 'omnios'
return 'mysql' if node['platform_family'] == 'smartos'
end
def v56plus
return false if version.split('.')[0].to_i < 5
return false if version.split('.')[1].to_i < 6
true
end
def v57plus
return false if version.split('.')[0].to_i < 5
return false if version.split('.')[1].to_i < 7
true
end
def default_include_dir
"#{etc_dir}/conf.d"
end
def log_dir
return "/var/adm/log/#{mysql_name}" if node['platform_family'] == 'omnios'
"#{prefix_dir}/var/log/#{mysql_name}"
end
def lc_messages_dir
end
def init_records_script
# Note: shell-escaping passwords in a SQL file may cause corruption - eg
# mysql will read \& as &, but \% as \%. Just escape bare-minimum \ and '
sql_escaped_password = root_password.gsub('\\') { '\\\\' }.gsub("'") { '\\\'' }
<<-EOS
set -e
rm -rf /tmp/#{mysql_name}
mkdir /tmp/#{mysql_name}
cat > /tmp/#{mysql_name}/my.sql <<-'EOSQL'
UPDATE mysql.user SET #{password_column_name}=PASSWORD('#{sql_escaped_password}')#{password_expired} WHERE user = 'root';
DELETE FROM mysql.user WHERE USER LIKE '';
DELETE FROM mysql.user WHERE user = 'root' and host NOT IN ('127.0.0.1', 'localhost');
FLUSH PRIVILEGES;
DELETE FROM mysql.db WHERE db LIKE 'test%';
DROP DATABASE IF EXISTS test ;
EOSQL
#{db_init}
#{record_init}
while [ ! -f #{pid_file} ] ; do sleep 1 ; done
kill `cat #{pid_file}`
while [ -f #{pid_file} ] ; do sleep 1 ; done
rm -rf /tmp/#{mysql_name}
EOS
end
def password_column_name
return 'authentication_string' if v57plus
'password'
end
def root_password
if initial_root_password == ''
Chef::Log.info('Root password is empty')
return ''
end
initial_root_password
end
def password_expired
return ", password_expired='N'" if v57plus
''
end
def db_init
return mysqld_initialize_cmd if v57plus
mysql_install_db_cmd
end
def mysql_install_db_bin
return "#{base_dir}/scripts/mysql_install_db" if node['platform_family'] == 'omnios'
return "#{prefix_dir}/bin/mysql_install_db" if node['platform_family'] == 'smartos'
'mysql_install_db'
end
def mysql_install_db_cmd
cmd = mysql_install_db_bin
cmd << " --defaults-file=#{etc_dir}/my.cnf"
cmd << " --datadir=#{data_dir}"
cmd << ' --explicit_defaults_for_timestamp' if v56plus
return "scl enable #{scl_name} \"#{cmd}\"" if scl_package?
cmd
end
def mysqladmin_bin
return "#{prefix_dir}/bin/mysqladmin" if node['platform_family'] == 'smartos'
return 'mysqladmin' if scl_package?
"#{prefix_dir}/usr/bin/mysqladmin"
end
def mysqld_bin
return "#{prefix_dir}/libexec/mysqld" if node['platform_family'] == 'smartos'
return "#{base_dir}/bin/mysqld" if node['platform_family'] == 'omnios'
return '/usr/sbin/mysqld' if node['platform_family'] == 'fedora' && v56plus
return '/usr/libexec/mysqld' if node['platform_family'] == 'fedora'
return 'mysqld' if scl_package?
"#{prefix_dir}/usr/sbin/mysqld"
end
def mysqld_initialize_cmd
cmd = mysqld_bin
cmd << " --defaults-file=#{etc_dir}/my.cnf"
cmd << ' --initialize'
cmd << ' --explicit_defaults_for_timestamp' if v56plus
return "scl enable #{scl_name} \"#{cmd}\"" if scl_package?
cmd
end
def mysqld_safe_bin
return "#{prefix_dir}/bin/mysqld_safe" if node['platform_family'] == 'smartos'
return "#{base_dir}/bin/mysqld_safe" if node['platform_family'] == 'omnios'
return 'mysqld_safe' if scl_package?
"#{prefix_dir}/usr/bin/mysqld_safe"
end
def record_init
cmd = v56plus ? mysqld_bin : mysqld_safe_bin
cmd << " --defaults-file=#{etc_dir}/my.cnf"
cmd << " --init-file=/tmp/#{mysql_name}/my.sql"
cmd << ' --explicit_defaults_for_timestamp' if v56plus
cmd << ' &'
return "scl enable #{scl_name} \"#{cmd}\"" if scl_package?
cmd
end
def sensitive_supported?
Gem::Version.new(Chef::VERSION) >= Gem::Version.new('11.14.0')
end
end
end

71
chef/cookbooks/mysql/libraries/matchers.rb Normal file
View File

@ -0,0 +1,71 @@
if defined?(ChefSpec)
ChefSpec.define_matcher :mysql_config
ChefSpec.define_matcher :mysql_service
ChefSpec.define_matcher :mysql_client
# mysql_client_client_installation_package
def install_mysql_client_installation_package(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_client_installation_package, :create, resource_name)
end
def remove_mysql_client_installation_package(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_client_installation_package, :remove, resource_name)
end
# mysql_server_server_installation_package
def install_mysql_server_installation_package(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_server_installation_package, :install, resource_name)
end
def remove_mysql_server_installation_package(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_server_installation_package, :remove, resource_name)
end
#####
# old
#####
# client
def create_mysql_client(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :create, resource_name)
end
def delete_mysql_client(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :delete, resource_name)
end
# mysql_config
def create_mysql_config(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_config, :create, resource_name)
end
def delete_mysql_config(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_config, :delete, resource_name)
end
# service
def create_mysql_service(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :create, resource_name)
end
def delete_mysql_service(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :delete, resource_name)
end
def start_mysql_service(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :start, resource_name)
end
def stop_mysql_service(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :stop, resource_name)
end
def restart_mysql_service(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :restart, resource_name)
end
def reload_mysql_service(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :reload, resource_name)
end
end

30
chef/cookbooks/mysql/libraries/mysql_base.rb Normal file
View File

@ -0,0 +1,30 @@
module MysqlCookbook
class MysqlBase < Chef::Resource
require_relative 'helpers'
# All resources are composites
def whyrun_supported?
true
end
################
# Type Constants
################
Boolean = property_type(
is: [true, false],
default: false
) unless defined?(Boolean)
###################
# Common Properties
###################
property :run_group, String, default: 'mysql', desired_state: false
property :run_user, String, default: 'mysql', desired_state: false
property :version, String, default: lazy { default_major_version }, desired_state: false
property :include_dir, String, default: lazy { default_include_dir }, desired_state: false
property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false
declare_action_class
end
end

31
chef/cookbooks/mysql/libraries/mysql_client_installation_package.rb Normal file
View File

@ -0,0 +1,31 @@
module MysqlCookbook
class MysqlClientInstallationPackage < MysqlBase
# helper methods
require_relative 'helpers'
include MysqlCookbook::HelpersBase
# Resource properties
resource_name :mysql_client_installation_package
provides :mysql_client_installation, os: 'linux'
provides :mysql_client, os: 'linux'
property :package_name, [String, Array], default: lazy { default_client_package_name }, desired_state: false
property :package_options, [String, nil], desired_state: false
property :package_version, [String, nil], default: nil, desired_state: false
# Actions
action :create do
package package_name do
version package_version if package_version
options package_options if package_options
action :install
end
end
action :delete do
package package_name do
action :remove
end
end
end
end

56
chef/cookbooks/mysql/libraries/mysql_config.rb Normal file
View File

@ -0,0 +1,56 @@
module MysqlCookbook
class MysqlConfig < MysqlBase
resource_name :mysql_config
property :config_name, String, name_property: true, desired_state: false
property :cookbook, String, desired_state: false
property :group, String, default: 'mysql', desired_state: false
property :instance, String, default: 'default', desired_state: false
property :owner, String, default: 'mysql', desired_state: false
property :source, String, desired_state: false
property :variables, [Hash], desired_state: false
property :version, String, default: lazy { default_major_version }, desired_state: false
require_relative 'helpers'
include MysqlCookbook::HelpersBase
provides :mysql_config
action :create do
# hax because group property
g = Chef::Resource::Group.new(new_resource.group, run_context)
g.system true if name == 'mysql'
resource_collection.insert g
user owner do
gid owner
system true if name == 'mysql'
action :create
end
directory include_dir do
owner new_resource.owner
group new_resource.group
mode '0750'
recursive true
action :create
end
template "#{include_dir}/#{config_name}.cnf" do
owner new_resource.owner
group new_resource.group
mode '0640'
variables(new_resource.variables)
source new_resource.source
cookbook cookbook
action :create
end
end
action :delete do
file "#{include_dir}/#{config_name}.cnf" do
action :delete
end
end
end
end

42
chef/cookbooks/mysql/libraries/mysql_server_installation_package.rb Normal file
View File

@ -0,0 +1,42 @@
module MysqlCookbook
class MysqlServerInstallationPackage < MysqlBase
# Resource properties
resource_name :mysql_server_installation_package
provides :mysql_server_installation, os: 'linux'
property :package_name, String, default: lazy { default_server_package_name }, desired_state: false
property :package_options, [String, nil], desired_state: false
property :package_version, [String, nil], default: nil, desired_state: false
# helper methods
require_relative 'helpers'
include MysqlCookbook::HelpersBase
# Actions
action :install do
package package_name do
version package_version if package_version
options package_options if package_options
notifies :install, 'package[perl-Sys-Hostname-Long]', :immediately if platform_family?('suse')
notifies :run, 'execute[Initial DB setup script]', :immediately if platform_family?('suse')
action :install
end
package 'perl-Sys-Hostname-Long' do
action :nothing
end
execute 'Initial DB setup script' do
environment 'INSTANCE' => new_resource.name
command '/usr/lib/mysql/mysql-systemd-helper install'
action :nothing
end
end
action :delete do
package package_name do
action :remove
end
end
end
end

105
chef/cookbooks/mysql/libraries/mysql_service.rb Normal file
View File

@ -0,0 +1,105 @@
module MysqlCookbook
require_relative 'mysql_service_base'
class MysqlService < MysqlServiceBase
resource_name :mysql_service
# installation type and service_manager
property :install_method, %w(package auto), default: 'auto', desired_state: false
property :service_manager, %w(sysvinit upstart systemd auto), default: 'auto', desired_state: false
# mysql_server_installation
property :version, String, default: lazy { default_major_version }, desired_state: false
property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false
property :package_name, String, default: lazy { default_package_name }, desired_state: false
property :package_options, [String, nil], desired_state: false
property :package_version, [String, nil], default: nil, desired_state: false
################
# Helper Methods
################
def copy_properties_to(to, *properties)
properties = self.class.properties.keys if properties.empty?
properties.each do |p|
# If the property is set on from, and exists on to, set the
# property on to
if to.class.properties.include?(p) && property_is_set?(p)
to.send(p, send(p))
end
end
end
action_class.class_eval do
def installation(&block)
case install_method
when 'auto'
install = mysql_server_installation(name, &block)
when 'package'
install = mysql_server_installation_package(name, &block)
when 'none'
Chef::Log.info('Skipping Mysql installation. Assuming it was handled previously.')
return
end
copy_properties_to(install)
install
end
def svc_manager(&block)
case service_manager
when 'auto'
svc = mysql_service_manager(name, &block)
when 'sysvinit'
svc = mysql_service_manager_sysvinit(name, &block)
when 'upstart'
svc = mysql_service_manager_upstart(name, &block)
when 'systemd'
svc = mysql_service_manager_systemd(name, &block)
end
copy_properties_to(svc)
svc
end
end
#########
# Actions
#########
action :create do
installation do
action :install
end
svc_manager do
action :create
end
end
action :start do
svc_manager do
action :start
end
end
action :delete do
svc_manager do
action :delete
end
installation do
action :delete
end
end
action :restart do
svc_manager do
action :restart
end
end
action :stop do
svc_manager do
action :stop
end
end
end
end

205
chef/cookbooks/mysql/libraries/mysql_service_base.rb Normal file
View File

@ -0,0 +1,205 @@
module MysqlCookbook
class MysqlServiceBase < MysqlBase
property :bind_address, String, desired_state: false
property :charset, String, default: 'utf8', desired_state: false
property :data_dir, String, default: lazy { default_data_dir }, desired_state: false
property :error_log, String, default: lazy { default_error_log }, desired_state: false
property :initial_root_password, String, default: 'ilikerandompasswords', desired_state: false
property :instance, String, name_property: true, desired_state: false
property :mysqld_options, Hash, default: {}, desired_state: false
property :pid_file, String, default: lazy { default_pid_file }, desired_state: false
property :port, [String, Integer], default: '3306', desired_state: false
property :socket, String, default: lazy { default_socket_file }, desired_state: false
property :tmp_dir, String, desired_state: false
alias socket_file socket
require_relative 'helpers'
include MysqlCookbook::HelpersBase
# FIXME: comment about what this does
declare_action_class.class_eval do
def create_system_user
group 'mysql' do
action :create
end
user 'mysql' do
gid 'mysql'
action :create
end
end
def create_config
# require 'pry' ; binding.pry
# Yak shaving secion. Account for random errata.
#
# Turns out that mysqld is hard coded to try and read
# /etc/mysql/my.cnf, and its presence causes problems when
# setting up multiple services.
file "#{prefix_dir}/etc/mysql/my.cnf" do
action :delete
end
file "#{prefix_dir}/etc/my.cnf" do
action :delete
end
# mysql_install_db is broken on 5.6.13
link "#{prefix_dir}/usr/share/my-default.cnf" do
to "#{etc_dir}/my.cnf"
not_if { ::File.exist? "#{prefix_dir}/usr/share/my-default.cnf" } # FIXME: Chef bug?
action :create
end
# Support directories
directory etc_dir do
owner run_user
group run_group
mode '0750'
recursive true
action :create
end
directory include_dir do
owner run_user
group run_group
mode '0750'
recursive true
action :create
end
directory run_dir do
owner run_user
group run_group
mode '0755'
recursive true
action :create
end
directory log_dir do
owner run_user
group run_group
mode '0750'
recursive true
action :create
end
directory data_dir do
owner run_user
group run_group
mode '0750'
recursive true
action :create
end
# Main configuration file
template "#{etc_dir}/my.cnf" do
source 'my.cnf.erb'
cookbook 'mysql'
owner run_user
group run_group
mode '0600'
variables(config: new_resource)
action :create
end
end
def initialize_database
# initialize database and create initial records
bash "#{name} initial records" do
code init_records_script
umask '022'
returns [0, 1, 2] # facepalm
not_if "/usr/bin/test -f #{data_dir}/mysql/user.frm"
action :run
end
end
def delete_support_directories
# Stop the service before removing support directories
delete_stop_service
directory etc_dir do
recursive true
action :delete
end
directory run_dir do
recursive true
action :delete
end
directory log_dir do
recursive true
action :delete
end
end
#
# Platform specific bits
#
def configure_apparmor
# Do not add these resource if inside a container
# Only valid on Ubuntu
unless ::File.exist?('/.dockerenv') || ::File.exist?('/.dockerinit')
if node['platform'] == 'ubuntu'
# Apparmor
package 'apparmor' do
action :install
end
directory '/etc/apparmor.d/local/mysql' do
owner 'root'
group 'root'
mode '0755'
recursive true
action :create
end
template '/etc/apparmor.d/local/usr.sbin.mysqld' do
cookbook 'mysql'
source 'apparmor/usr.sbin.mysqld-local.erb'
owner 'root'
group 'root'
mode '0644'
action :create
notifies :restart, "service[#{instance} apparmor]", :immediately
end
template '/etc/apparmor.d/usr.sbin.mysqld' do
cookbook 'mysql'
source 'apparmor/usr.sbin.mysqld.erb'
owner 'root'
group 'root'
mode '0644'
action :create
notifies :restart, "service[#{instance} apparmor]", :immediately
end
template "/etc/apparmor.d/local/mysql/#{instance}" do
cookbook 'mysql'
source 'apparmor/usr.sbin.mysqld-instance.erb'
owner 'root'
group 'root'
mode '0644'
variables(
config: new_resource,
mysql_name: mysql_name
)
action :create
notifies :restart, "service[#{instance} apparmor]", :immediately
end
service "#{instance} apparmor" do
service_name 'apparmor'
action :nothing
end
end
end
end
end
end
end

160
chef/cookbooks/mysql/libraries/mysql_service_manager_systemd.rb Normal file
View File

@ -0,0 +1,160 @@
module MysqlCookbook
class MysqlServiceManagerSystemd < MysqlServiceBase
resource_name :mysql_service_manager_systemd
provides :mysql_service_manager, platform: 'fedora'
provides :mysql_service_manager, platform: %w(redhat centos scientific) do |node| # ~FC005
node['platform_version'].to_f >= 7.0
end
provides :mysql_service_manager, platform: 'debian' do |node|
node['platform_version'].to_f >= 8.0
end
provides :mysql_service_manager, platform: 'ubuntu' do |node|
node['platform_version'].to_f >= 15.04
end
provides :mysql_service_manager, platform: 'opensuse' do |node|
node['platform_version'].to_f >= 13.0
end
provides :mysql_service_manager, platform: 'opensuseleap' do |node|
node['platform_version'].to_f >= 42.0
end
action :create do
# from base
create_system_user
stop_system_service
create_config
configure_apparmor
initialize_database
end
action :start do
# Needed for Debian / Ubuntu
directory '/usr/libexec' do
owner 'root'
group 'root'
mode '0755'
action :create
end
# this script is called by the main systemd unit file, and
# spins around until the service is actually up and running.
template "/usr/libexec/#{mysql_name}-wait-ready" do
path "/usr/libexec/#{mysql_name}-wait-ready"
source 'systemd/mysqld-wait-ready.erb'
owner 'root'
group 'root'
mode '0755'
variables(socket_file: socket_file)
cookbook 'mysql'
action :create
end
# this is the main systemd unit file
template "/etc/systemd/system/#{mysql_name}.service" do
path "/etc/systemd/system/#{mysql_name}.service"
source 'systemd/mysqld.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
config: new_resource,
etc_dir: etc_dir,
base_dir: base_dir,
mysqld_bin: mysqld_bin
)
cookbook 'mysql'
notifies :run, "execute[#{instance} systemctl daemon-reload]", :immediately
action :create
end
# avoid 'Unit file changed on disk' warning
execute "#{instance} systemctl daemon-reload" do
command '/bin/systemctl daemon-reload'
action :nothing
end
# tmpfiles.d config so the service survives reboot
template "/usr/lib/tmpfiles.d/#{mysql_name}.conf" do
path "/usr/lib/tmpfiles.d/#{mysql_name}.conf"
source 'tmpfiles.d.conf.erb'
owner 'root'
group 'root'
mode '0644'
variables(
run_dir: run_dir,
run_user: run_user,
run_group: run_group
)
cookbook 'mysql'
action :create
end
# service management resource
service mysql_name.to_s do
service_name mysql_name
provider Chef::Provider::Service::Systemd
supports restart: true, status: true
action [:enable, :start]
end
end
action :stop do
# service management resource
service mysql_name.to_s do
service_name mysql_name
provider Chef::Provider::Service::Systemd
supports status: true
action [:disable, :stop]
only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") }
end
end
action :restart do
# service management resource
service mysql_name.to_s do
service_name mysql_name
provider Chef::Provider::Service::Systemd
supports restart: true
action :restart
end
end
action :reload do
# service management resource
service mysql_name.to_s do
service_name mysql_name
provider Chef::Provider::Service::Systemd
action :reload
end
end
declare_action_class.class_eval do
def stop_system_service
# service management resource
service 'mysql' do
service_name system_service_name
provider Chef::Provider::Service::Systemd
supports status: true
action [:stop, :disable]
end
end
def delete_stop_service
# service management resource
service mysql_name.to_s do
service_name mysql_name
provider Chef::Provider::Service::Systemd
supports status: true
action [:disable, :stop]
only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") }
end
end
end
end
end

96
chef/cookbooks/mysql/libraries/mysql_service_manager_sysvinit.rb Normal file
View File

@ -0,0 +1,96 @@
module MysqlCookbook
class MysqlServiceManagerSysvinit < MysqlServiceBase
resource_name :mysql_service_manager_sysvinit
provides :mysql_service_manager, platform: %w(redhat centos scientific oracle) do |node| # ~FC005
node['platform_version'].to_f <= 7.0
end
provides :mysql_service_manager, platform: 'suse'
provides :mysql_service_manager, platform: 'debian'
action :create do
# from base
create_system_user
stop_system_service
create_config
initialize_database
configure_apparmor
end
action :start do
template "/etc/init.d/#{mysql_name}" do
source 'sysvinit/mysqld.erb'
owner 'root'
group 'root'
mode '0755'
variables(
config: new_resource,
defaults_file: defaults_file,
error_log: error_log,
mysql_name: mysql_name,
mysqladmin_bin: mysqladmin_bin,
mysqld_safe_bin: mysqld_safe_bin,
pid_file: pid_file,
scl_name: scl_name
)
cookbook 'mysql'
action :create
end
service mysql_name do
provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat'
provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian'
supports restart: true, status: true
action [:enable, :start]
end
end
action :stop do
service mysql_name do
provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat'
provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian'
supports restart: true, status: true
action [:stop]
end
end
action :restart do
service mysql_name do
provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat'
provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian'
supports restart: true
action :restart
end
end
action :reload do
service mysql_name do
provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat'
provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian'
action :reload
end
end
declare_action_class.class_eval do
def stop_system_service
service system_service_name do
provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat'
provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian'
supports status: true
action [:stop, :disable]
end
end
def delete_stop_service
service mysql_name do
provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat'
provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian'
supports status: true
action [:disable, :stop]
only_if { ::File.exist?("#{etc_dir}/init.d/#{mysql_name}") }
end
end
end
end
end

107
chef/cookbooks/mysql/libraries/mysql_service_manager_upstart.rb Normal file
View File

@ -0,0 +1,107 @@
module MysqlCookbook
class MysqlServiceManagerUpstart < MysqlServiceBase
resource_name :mysql_service_manager_upstart
provides :mysql_service_manager, platform: 'ubuntu'
action :create do
# from base
create_system_user
stop_system_service
create_config
configure_apparmor
initialize_database
end
action :start do
template "/usr/sbin/#{mysql_name}-wait-ready" do
source 'upstart/mysqld-wait-ready.erb'
owner 'root'
group 'root'
mode '0755'
variables(socket_file: socket_file)
cookbook 'mysql'
action :create
end
template "/etc/init/#{mysql_name}.conf" do
source 'upstart/mysqld.erb'
owner 'root'
group 'root'
mode '0644'
variables(
defaults_file: defaults_file,
mysql_name: mysql_name,
run_group: run_group,
run_user: run_user,
socket_dir: socket_dir
)
cookbook 'mysql'
action :create
end
service mysql_name do
provider Chef::Provider::Service::Upstart
supports status: true
action [:start]
end
end
action :stop do
service mysql_name do
provider Chef::Provider::Service::Upstart
supports restart: true, status: true
action [:stop]
end
end
action :restart do
# With Upstart, restarting the service doesn't behave "as expected".
# We want the post-start stanzas, which wait until the
# service is available before returning
#
# http://upstart.ubuntu.com/cookbook/#restart
service mysql_name do
provider Chef::Provider::Service::Upstart
action :stop
end
service mysql_name do
provider Chef::Provider::Service::Upstart
action :start
end
end
action :reload do
# With Upstart, reload just sends a HUP signal to the process.
# As far as I can tell, this doesn't work the way it's
# supposed to, so we need to actually restart the service.
service mysql_name do
provider Chef::Provider::Service::Upstart
action :stop
end
service mysql_name do
provider Chef::Provider::Service::Upstart
action :start
end
end
declare_action_class.class_eval do
def stop_system_service
service system_service_name do
provider Chef::Provider::Service::Upstart
supports status: true
action [:stop, :disable]
end
end
def delete_stop_service
service mysql_name do
provider Chef::Provider::Service::Upstart
action [:disable, :stop]
only_if { ::File.exist?("#{etc_dir}/init/#{mysql_name}") }
end
end
end
end
end

1
chef/cookbooks/mysql/metadata.json Normal file
View File

@ -0,0 +1 @@
{"name":"mysql","version":"8.2.0","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","fedora":">= 0.0.0","debian":">= 0.0.0","ubuntu":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}}

14
chef/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb Normal file
View File

@ -0,0 +1,14 @@
/etc/<%= @mysql_name %>/*.pem r,
/etc/<%= @mysql_name %>/conf.d/ r,
/etc/<%= @mysql_name %>/conf.d/* r,
/etc/<%= @mysql_name %>/my.cnf r,
<%= @config.log_dir %>/ r,
<%= @config.log_dir %>/* rw,
<%= @config.data_dir %>/ r,
<%= @config.data_dir %>/** rwk,
<%= @config.run_dir %>/** rw,
<%= @config.pid_file %> rw,
<%= @config.socket_file %> rw,
/tmp/<%= @mysql_name %>/ r,
/tmp/<%= @mysql_name %>/my.sql r,
<%= @config.tmp_dir %>/* rw,

1
chef/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb Normal file
View File

@ -0,0 +1 @@
#include <local/mysql>

47
chef/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld.erb Normal file
View File

@ -0,0 +1,47 @@
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>
/usr/sbin/mysqld {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/mysql>
#include <abstractions/winbind>
capability dac_override,
capability sys_resource,
capability setgid,
capability setuid,
network tcp,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/mysql/*.pem r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/*.cnf r,
/usr/lib/mysql/plugin/ r,
/usr/lib/mysql/plugin/*.so* mr,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid rw,
/var/run/mysqld/mysqld.sock w,
/var/run/mysqld/mysqld.sock.lock rw,
/run/mysqld/mysqld.pid rw,
/run/mysqld/mysqld.sock w,
/run/mysqld/mysqld.sock.lock rw,
/sys/devices/system/cpu/ r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.mysqld>
}

57
chef/cookbooks/mysql/templates/default/my.cnf.erb Normal file
View File

@ -0,0 +1,57 @@
# Chef generated my.cnf for instance mysql-<%= @config.name %>
[client]
<% if @config.charset %>
default-character-set = <%= @config.charset %>
<% end %>
<% if @config.port %>
port = <%= @config.port %>
<% end %>
<% if @config.socket_file %>
socket = <%= @config.socket_file %>
<% end %>
[mysql]
<% if @config.charset %>
default-character-set = <%= @config.charset %>
<% end %>
[mysqld]
<% if @config.run_user %>
user = <%= @config.run_user %>
<% end %>
<% if @config.pid_file %>
pid-file = <%= @config.pid_file %>
<% end %>
<% if @config.socket_file %>
socket = <%= @config.socket_file %>
<% end %>
<% if @config.bind_address %>
bind-address = <%= @config.bind_address %>
<% end %>
<% if @config.port %>
port = <%= @config.port %>
<% end %>
<% if @config.data_dir %>
datadir = <%= @config.data_dir %>
<% end %>
<% if @config.tmp_dir %>
tmpdir = <%= @config.tmp_dir %>
<% end %>
<% @config.mysqld_options.each do |option,value| %>
<%= option %> = <%= value %>
<% end %>
<% if @config.lc_messages_dir %>
lc-messages-dir = <%= @config.lc_messages_dir %>
<% end %>
<% if @config.error_log %>
log-error = <%= @config.error_log %>
<% end %>
<% if @config.include_dir %>
!includedir <%= @config.include_dir %>
<% end %>
[mysqld_safe]
<% if @config.socket_file %>
socket = <%= @config.socket_file %>
<% end %>

28
chef/cookbooks/mysql/templates/default/smf/svc.method.mysqld.erb Normal file
View File

@ -0,0 +1,28 @@
#!/sbin/sh
#
# Generated by Chef
#
. /lib/svc/share/smf_include.sh
ulimit -n 10240
case "$1" in
start)
<%= @mysqld_bin %> \
--defaults-file=<%= @defaults_file %> \
--basedir=<%= @base_dir %> \
--datadir=<%= @data_dir %> \
--pid-file=<%= @pid_file %> \
--log-error=<%= @error_log %> &
;;
stop)
[ -f <%= @pid_file %> ] && kill `/usr/bin/head -1 <%= @pid_file %>`
;;
*)
echo "Usage: $0 {start|stop}" >&2
exit 1
;;
esac
exit $SMF_EXIT_OK

30
chef/cookbooks/mysql/templates/default/systemd/mysqld-wait-ready.erb Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
daemon_pid="$1"
# Wait for the server to come up or for the mysqld process to disappear
ret=0
while /bin/true; do
RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="<%= @socket_file %>" --user=UNKNOWN_MYSQL_USER ping 2>&1`
mret=$?
if [ $mret -eq 0 ]; then
break
fi
# exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected,
# anything else suggests a configuration error
if [ $mret -ne 1 -a $mret -ne 11 ]; then
ret=1
break
fi
# "Access denied" also means the server is alive
echo "$RESPONSE" | grep -q "Access denied for user" && break
# Check process still exists
if ! /bin/kill -0 $daemon_pid 2>/dev/null; then
ret=1
break
fi
sleep 1
done
exit $ret

16
chef/cookbooks/mysql/templates/default/systemd/mysqld.service.erb Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=mysql_service[mysql-<%= @config.instance %>]
After=syslog.target
After=network.target
[Service]
Type=simple
User=<%= @config.run_user %>
Group=<%= @config.run_group %>
ExecStart=<%= @mysqld_bin %> --defaults-file=<%= @etc_dir %>/my.cnf --basedir=<%= @base_dir %>
ExecStartPost=/usr/libexec/mysql-<%= @config.instance %>-wait-ready $MAINPID
TimeoutSec=300
PrivateTmp=true
[Install]
WantedBy=multi-user.target

279
chef/cookbooks/mysql/templates/default/sysvinit/mysqld.erb Normal file
View File

@ -0,0 +1,279 @@
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: <%= @mysql_name %>
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start: $network $time
# Should-Stop: $network $time
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop the mysql database server daemon
# Description: Controls the main MySQL database server daemon "mysqld"
# and its wrapper script "mysqld_safe".
### END INIT INFO
# set -e
# set -u
### Exit code reference
# http://fedoraproject.org/wiki/Packaging:SysVInitScript
# http://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
# Source functions
<% if node['platform_family'] == 'rhel' %>
# Source RHEL function library.
. /etc/rc.d/init.d/functions
<% end %>
####
# Variables
####
STARTTIMEOUT=900
STOPTIMEOUT=900
PID_DELAY=60
####
# Helper functions
###
# Boolean function to see if MYSQL_PID exists and is a number
pid_exists() {
PID_EXISTS=1
if [ -f <%= @pid_file %> ]; then
MYSQLD_PID=`cat <%= @pid_file %> 2>/dev/null`
if [ -n "$MYSQLD_PID" ] && [ -d "/proc/$MYSQLD_PID" ] ; then
PID_EXISTS=0
fi
fi
return $PID_EXISTS
}
# Use mysqladmin to ping the service as an invalid user over a socket
running() {
RUNNING=1
RESPONSE=`<%= @mysqladmin_bin %> --defaults-file=<%= @defaults_file %> --user=UNKNOWN_MYSQL_USER ping 2>&1`
local mret=$?
if pid_exists \
&& [ $mret -eq 0 ] \
|| [ `echo $RESPONSE | grep -q "Access denied for user"` ]; then
RUNNING=0
fi
return $RUNNING
}
writable_error_log() {
WRITABLE_ERROR_LOG=1
touch "<%= @error_log %>" 2>/dev/null
touchret=$?
if [ $touchret -eq 0 ]; then
chown <%= @config.run_user %>:<%= @config.run_group %> <%= @error_log %>
return 0
else
return $WRITABLE_ERROR_LOG
fi
}
print_start_success() {
<% if node['platform_family'] == 'rhel' %>
action $"Starting <%= @mysql_name %>: " /bin/true
<% else %>
echo "Staring MySQL instance <%= @mysql_name %>"
<% end %>
return 0;
}
print_start_failure() {
<% if node['platform_family'] == 'rhel' %>
action $"Starting <%= @mysql_name %>: " /bin/false
<% else %>
echo "Could not start MySQL instance <%= @mysql_name %>"
<% end %>
return 0;
}
print_reload_success() {
<% if node['platform_family'] == 'rhel' %>
action $"Reloading <%= @mysql_name %>" /bin/true
<% else %>
echo "Reload success for <%= @mysql_name %>"
<% end %>
return 0;
}
print_reload_failure() {
<% if node['platform_family'] == 'rhel' %>
action $"Reloading <%= @mysql_name %>" /bin/false
<% else %>
echo "Reload failed for <%= @mysql_name %>"
<% end %>
return 0;
}
print_stop_success() {
<% if node['platform_family'] == 'rhel' %>
action $"Stopping <%= @mysql_name %>: " /bin/true
<% else %>
echo "Stopping MySQL instance <%= @mysql_name %>"
<% end %>
return 0;
}
print_stop_failure() {
<% if node['platform_family'] == 'rhel' %>
action $"Stopping <%= @mysql_name %>: " /bin/false
<% else %>
echo "Could not stop MySQL instance <%= @mysql_name %>"
<% end %>
return 0;
}
start_command() {
# Attempt to start <%= @mysql_name %>
echo "Starting MySQL instance <%= @mysql_name %>"
local scl_name="<%= @scl_name %>"
if [ -z $scl_name ]; then
<%= @mysqld_safe_bin %> \
--defaults-file=<%= @defaults_file %> \
>/dev/null 2>&1 &
local pid=$!
else
scl enable $scl_name "<%= @mysqld_safe_bin %> \
--defaults-file=<%= @defaults_file %> \
>/dev/null 2>&1 &"
local pid=$!
fi
return $pid
}
####
# Init script actions
###
# Start <%= @mysql_name %>
start() {
# exit 0 if already running.
if running; then
print_start_success
return 0;
fi
# exit 4 if we can't write to error_log
if ! writable_error_log; then
print_start_failure
return 4
fi
# run program
start_command;
start_pid=$?
# Timeout loop
local TIMEOUT=$STARTTIMEOUT
while [ $TIMEOUT -gt 0 ]; do
if running; then
break
fi
let CURRENT_DELAY=${STARTTIMEOUT}-${TIMEOUT}
if [ $CURRENT_DELAY -gt $PID_DELAY ] \
&& ! pid_exists; then
break
fi
sleep 1
let TIMEOUT=${TIMEOUT}-1
done
if running; then
# successbaby.gif
print_start_success
return 0
elif ! pid_exists; then
# Handle startup failure
print_start_failure
return 3
elif [ $TIMEOUT -eq 0 ]; then
# Handle timeout
print_start_failure
# clean up
kill $start_pid 2>/dev/null
return 1
fi
}
# Reload <%= @mysql_name %>
reload() {
<%= @mysqladmin_bin %> reload
local ret=$?
if [ $ret -eq 0 ]; then
print_reload_success;
else
print_reload_failure;
fi
return $ret
}
# Status of <%= @mysql_name %>
status() {
if running; then
echo "<%= @mysql_name %> is running"
return 0
else
echo "<%= @mysql_name %> is not running"
return 1
fi
}
# Stop <%= @mysql_name %>
stop() {
if running; then
echo "Stopping MySQL instance <%= @mysql_name %>"
if [ -f <%= @pid_file %> ]; then
/bin/kill `cat <%= @pid_file %> 2>/dev/null`
kstat=$?
fi
# Timeout loop
local TIMEOUT=$STARTTIMEOUT
while [ $TIMEOUT -gt 0 ]; do
if [ -e <%= @pid_file %> ]; then
sleep 1
fi
let TIMEOUT=${TIMEOUT}-1
done
return $kstat
else
echo "MySQL instance <%= @mysql_name %> Stopped."
return 0
fi
}
# main()
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
stop ; start
;;
reload)
reload
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 2
esac
exit $?

1
chef/cookbooks/mysql/templates/default/tmpfiles.d.conf.erb Normal file
View File

@ -0,0 +1 @@
d <%= @run_dir %> 0755 <%= @run_user %> <%= @run_group %> -

22
chef/cookbooks/mysql/templates/default/upstart/mysqld-wait-ready.erb Normal file
View File

@ -0,0 +1,22 @@
#!/bin/sh
# Wait for the server to come up
ret=0
while /bin/true; do
RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="<%= @socket_file %>" --user=UNKNOWN_MYSQL_USER ping 2>&1`
mret=$?
if [ $mret -eq 0 ]; then
break
fi
# exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected,
# anything else suggests a configuration error
if [ $mret -ne 1 -a $mret -ne 11 ]; then
ret=1
break
fi
# "Access denied" also means the server is alive
echo "$RESPONSE" | grep -q "Access denied for user" && break
sleep 1
done
exit $ret

26
chef/cookbooks/mysql/templates/default/upstart/mysqld.erb Normal file
View File

@ -0,0 +1,26 @@
# <%= @mysql_name %> Service
description "MySQL service <%= @mysql_name %>"
author "chef-client"
start on runlevel [2345]
stop on starting rc RUNLEVEL=[016]
respawn
respawn limit 2 5
env HOME=/etc/<%= @mysql_name %>
umask 007
kill timeout 300
pre-start script
[ -d /run/<%= @mysql_name %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d /run/<%= @mysql_name %>
[ -d <%= @socket_dir %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d <%= @socket_dir %>
end script
exec /usr/sbin/mysqld --defaults-file=<%= @defaults_file %>
post-start script
/usr/sbin/<%= @mysql_name %>-wait-ready
end script