diff options
Diffstat (limited to 'kitchen-tests/cookbooks/base')
| -rw-r--r-- | kitchen-tests/cookbooks/base/Berksfile | 5 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/base/README.md | 3 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/base/attributes/default.rb | 80 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/base/metadata.rb | 23 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/base/recipes/default.rb | 40 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/base/recipes/packages.rb | 9 |
6 files changed, 160 insertions, 0 deletions
diff --git a/kitchen-tests/cookbooks/base/Berksfile b/kitchen-tests/cookbooks/base/Berksfile new file mode 100644 index 0000000000..4b6079016e --- /dev/null +++ b/kitchen-tests/cookbooks/base/Berksfile @@ -0,0 +1,5 @@ +source "https://api.berkshelf.com" + +metadata + +cookbook "apt" diff --git a/kitchen-tests/cookbooks/base/README.md b/kitchen-tests/cookbooks/base/README.md new file mode 100644 index 0000000000..f19ab46735 --- /dev/null +++ b/kitchen-tests/cookbooks/base/README.md @@ -0,0 +1,3 @@ +# webapp + +TODO: Enter the cookbook description here. diff --git a/kitchen-tests/cookbooks/base/attributes/default.rb b/kitchen-tests/cookbooks/base/attributes/default.rb new file mode 100644 index 0000000000..d4e5d1ee5a --- /dev/null +++ b/kitchen-tests/cookbooks/base/attributes/default.rb @@ -0,0 +1,80 @@ +# +# ubuntu cookbook overrides +# + +default["ubuntu"]["archive_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt" +default["ubuntu"]["security_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt" +default["ubuntu"]["include_source_packages"] = true +default["ubuntu"]["components"] = "main restricted universe multiverse" + +# +# openssh cookbook overrides +# + +# turn off old protocols client-side +default["openssh"]["client"]["rsa_authentication"] = "no" +default["openssh"]["client"]["host_based_authentication"] = "no" +# allow typical ssh v2 rsa/dsa/ecdsa key auth client-side +default["openssh"]["client"]["pubkey_authentication"] = "yes" +# allow password auth client-side (we can ssh 'to' hosts that require passwords) +default["openssh"]["client"]["password_authentication"] = "yes" +# turn off kerberos client-side +default["openssh"]["client"]["gssapi_authentication"] = "no" +default["openssh"]["client"]["check_host_ip"] = "no" +# everone turns strict host key checking off anyway +default["openssh"]["client"]["strict_host_key_checking"] = "no" +# force protocol 2 +default["openssh"]["client"]["protocol"] = "2" + +# it is mostly important that the aes*-ctr ciphers appear first in this list, the cbc ciphers are for compatibility +default["openssh"]["server"]["ciphers"] = "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc" +# DNS causes long timeouts when connecting clients have busted DNS +default["openssh"]["server"]["use_dns"] = "no" +default["openssh"]["server"]["syslog_facility"] = "AUTH" +# only allow access via ssh pubkeys, all other mechanisms including passwords are turned off for all users +default["openssh"]["server"]["pubkey_authentication"] = "yes" +default["openssh"]["server"]["rhosts_rsa_authentication"] = "no" +default["openssh"]["server"]["rsa_authentication"] = "no" +default["openssh"]["server"]["password_authentication"] = "no" +default["openssh"]["server"]["host_based_authentication"] = "no" +default["openssh"]["server"]["gssapi_authentication"] = "no" +default["openssh"]["server"]["permit_root_login"] = "without-password" +default["openssh"]["server"]["ignore_rhosts"] = "yes" +default["openssh"]["server"]["permit_empty_passwords"] = "no" +default["openssh"]["server"]["challenge_response_authentication"] = "no" +default["openssh"]["server"]["kerberos_authentication"] = "no" +# tcp keepalives are useful to keep connections up through VPNs and firewalls +default["openssh"]["server"]["tcp_keepalive"] = "yes" +default["openssh"]["server"]["use_privilege_separation"] = "yes" +default["openssh"]["server"]["max_start_ups"] = "10" +# PAM (i think) already prints the motd on login +default["openssh"]["server"]["print_motd"] = "no" +# force only protocol 2 connections +default["openssh"]["server"]["protocol"] = "2" +# allow tunnelling x-applications back to the client +default["openssh"]["server"]["x11_forwarding"] = "yes" + +# +# chef-client cookbook overrides +# + +# always wait at least 30 mins (1800 secs) between daemonized chef-client runs +default["chef_client"]["interval"] = 1800 +# wait an additional random interval of up to 30 mins (1800 secs) between daemonized runs +default["chef_client"]["splay"] = 1800 +# only log what we change +default["chef_client"]["config"]["verbose_logging"] = false + +# +# resolver cookbook overrides +# + +default["resolver"]["nameservers"] = [ "8.8.8.8", "8.8.4.4" ] +default["resolver"]["search"] = "chef.io" + +# +# sudo cookbook overrides +# + +default["authorization"]["sudo"]["passwordless"] = true +default["authorization"]["sudo"]["users"] = %w{vagrant centos ubuntu} diff --git a/kitchen-tests/cookbooks/base/metadata.rb b/kitchen-tests/cookbooks/base/metadata.rb new file mode 100644 index 0000000000..9e5e792f89 --- /dev/null +++ b/kitchen-tests/cookbooks/base/metadata.rb @@ -0,0 +1,23 @@ +name "base" +maintainer "" +maintainer_email "" +license "" +description "Installs/Configures base" +long_description "Installs/Configures base" +version "0.1.0" + +depends "apt" +depends "build-essential" +depends "chef-client" +depends "fail2ban" +depends "logrotate" +depends "multipackage" +depends "nscd" +depends "ntp" +depends "openssh" +depends "resolver" +depends "selinux" +depends "sudo" +depends "ubuntu" +depends "users" +depends "yum-epel" diff --git a/kitchen-tests/cookbooks/base/recipes/default.rb b/kitchen-tests/cookbooks/base/recipes/default.rb new file mode 100644 index 0000000000..4ddd7a7b04 --- /dev/null +++ b/kitchen-tests/cookbooks/base/recipes/default.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: webapp +# Recipe:: default +# +# Copyright (C) 2014 +# + +if node[:platform_family] == "debian" + include_recipe "apt" + include_recipe "ubuntu" +end + +if %w{rhel fedora}.include?(node[:platform_family]) + include_recipe "selinux::disabled" + include_recipe "yum-epel" +end + +include_recipe "build-essential" + +include_recipe "#{cookbook_name}::packages" + +include_recipe "ntp" + +include_recipe "resolver" + +include_recipe "users::sysadmins" + +include_recipe "sudo" + +include_recipe "chef-client::delete_validation" +include_recipe "chef-client::config" +include_recipe "chef-client" + +include_recipe "openssh" + +include_recipe "fail2ban" + +include_recipe "nscd" + +include_recipe "logrotate" diff --git a/kitchen-tests/cookbooks/base/recipes/packages.rb b/kitchen-tests/cookbooks/base/recipes/packages.rb new file mode 100644 index 0000000000..f242951a4c --- /dev/null +++ b/kitchen-tests/cookbooks/base/recipes/packages.rb @@ -0,0 +1,9 @@ + + +pkgs = %w{lsof tcpdump strace zsh dmidecode ltrace bc curl wget telnet subversion git traceroute htop iptraf tmux s3cmd sysbench } + +# this deliberately calls the multipackage API N times in order to do one package installation in order to exercise the +# multipackage cookbook. +pkgs.each do |pkg| + multipackage pkgs +end |