From 8a54693dae62574b9fd10ca5010c4dfd8bda0ab5 Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Thu, 18 Jun 2015 10:58:18 -0700 Subject: [PATCH 1/8] Fix tomcat service name Starting with Tomcat v7, the version number is no longer included in the service name --- recipes/default.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes/default.rb b/recipes/default.rb index c618a25..e694663 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -86,19 +86,19 @@ } restart proc { - service "tomcat#{node['tomcat']['base_version']}" do + service node['tomcat']['base_instance'] do action :restart end } end # Configure logrotate -logrotate_app "tomcat#{node['tomcat']['base_version']}" do +logrotate_app node['tomcat']['base_instance'] do cookbook 'logrotate' - path "/var/log/tomcat#{node['tomcat']['base_version']}/catalina.out" + path "#{node['tomcat']['log_dir']}/catalina.out" frequency node['ice']['logrotate_frequency'] rotate node['ice']['logrotate_rotate'] - create "640 tomcat#{node['tomcat']['base_version']} adm" + create "640 #{node['tomcat']['base_instance']} adm" options %w( copytruncate compress missingok ) end From 108c2e4c0f1b81bb0b7a2e2180250a3a4d1d3d98 Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Thu, 18 Jun 2015 12:50:26 -0700 Subject: [PATCH 2/8] Update testing structure --- .kitchen.yml | 4 ++-- Berksfile | 3 ++- Gemfile | 19 +++++++++++++------ Rakefile | 29 +++++++++++++++++++++++++++++ 4 files changed, 46 insertions(+), 9 deletions(-) create mode 100644 Rakefile diff --git a/.kitchen.yml b/.kitchen.yml index 027f589..880f719 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -19,14 +19,14 @@ provisioner: platforms: - name: ubuntu-14.04 - name: ubuntu-12.04 - - name: centos-6.4 + - name: centos-7.1 + - name: centos-6.6 suites: - name: default run_list: - recipe[minitest-handler] - recipe[ice] - - recipe[ice_cookbook_test] attributes: ice: version: 0.0.4 diff --git a/Berksfile b/Berksfile index 2cdb975..3402602 100644 --- a/Berksfile +++ b/Berksfile @@ -1,5 +1,6 @@ -source 'https://supermarket.getchef.com' +source 'https://supermarket.chef.io' metadata cookbook 'nginx', '~> 2.7.4' +cookbook 'minitest-handler' diff --git a/Gemfile b/Gemfile index a39ba07..640e700 100644 --- a/Gemfile +++ b/Gemfile @@ -1,9 +1,16 @@ source 'https://rubygems.org' gem 'berkshelf' -gem 'test-kitchen', group: :integration -gem 'kitchen-vagrant', group: :integration -gem 'kitchen-ec2', group: :integration -gem 'foodcritic', group: :integration -gem 'chef', '~> 11.4.2' -gem 'knife-ec2', '~> 0.6.4' +gem 'chef' +gem 'knife-ec2' + +group :integration do + gem 'test-kitchen' + gem 'kitchen-vagrant' + gem 'kitchen-ec2' + gem 'foodcritic' +end + +group :testing do + gem 'rubocop' +end diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..48401e7 --- /dev/null +++ b/Rakefile @@ -0,0 +1,29 @@ +require 'rubocop/rake_task' +require 'foodcritic' + +desc 'RuboCop compliancy checks' +RuboCop::RakeTask.new(:rubocop) + +FoodCritic::Rake::LintTask.new do |t| + t.options = { + tags: %w( + ~solo + ~FC019 + ), + fail_tags: ['any'] + } +end + +desc 'Install berkshelf cookbooks locally' +task :berkshelf do + require 'berkshelf' + require 'berkshelf/berksfile' + current_dir = File.expand_path('../', __FILE__) + berksfile_path = File.join(current_dir, 'Berksfile') + cookbooks_path = File.join(current_dir, 'vendor') + FileUtils.rm_rf(cookbooks_path) + berksfile = Berkshelf::Berksfile.from_file(berksfile_path) + berksfile.vendor(cookbooks_path) +end + +task default: [:foodcritic, :rubocop] From e68f71e184e46a15d6b4d2f2774f5d62f28256b0 Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Thu, 18 Jun 2015 18:25:54 -0700 Subject: [PATCH 3/8] Update testing with CentOS7 --- .kitchen.yml | 55 ++++++++++++++++++- README.md | 3 +- .../default/serverspec/ice_spec.rb | 10 ++-- 3 files changed, 60 insertions(+), 8 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 880f719..f974926 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -1,6 +1,6 @@ <% # To keep the YAML as simple as possible, some values are computed here -AWS_ACCESS_KEY_ID = ENV['ICE_AWS_ACCESS_KEY_ID'] ||'ice_billing_aws_access_key_id' +AWS_ACCESS_KEY_ID = ENV['ICE_AWS_ACCESS_KEY_ID'] || 'ice_billing_aws_access_key_id' AWS_ACCESS_KEY_SECRET = ENV['ICE_AWS_ACCESS_KEY_SECRET'] || 'ice_billing_aws_secret_key' %> --- @@ -23,11 +23,14 @@ platforms: - name: centos-6.6 suites: -- name: default +- name: tomcat6 run_list: - recipe[minitest-handler] - recipe[ice] attributes: + tomcat: + base_version: 6 + keytool: /usr/lib/jvm/default-java/bin/keytool ice: version: 0.0.4 war_url: https://s3.amazonaws.com/dl.imedidata.net/ice @@ -40,4 +43,50 @@ suites: work_s3_bucket_name: kitchen-tests billing_s3_bucket_prefix: ice-cookbook-tests-billing-<%= ENV['USER'] %>/ work_s3_bucket_prefix: ice-cookbook-tests-work-<%= ENV['USER'] %>/ - start_millis: 1369886400000 + includes: + - ubuntu-12.04 + - ubuntu-14.04 +- name: tomcat6 + run_list: + - recipe[minitest-handler] + - recipe[ice] + attributes: + tomcat: + base_version: 6 + keytool: /usr/lib/jvm/java-1.6.0/bin/keytool + ice: + version: 0.0.4 + war_url: https://s3.amazonaws.com/dl.imedidata.net/ice + skip_manifest_check: true + checksum: eb9e7503585553bdebf9d93016bcbe7dc033c21e2b1b2f0df0978ca2968df047 + company_name: Your Company + billing_aws_access_key_id: <%= AWS_ACCESS_KEY_ID %> + billing_aws_secret_key: <%= AWS_ACCESS_KEY_SECRET %> + billing_s3_bucket_name: kitchen-tests + work_s3_bucket_name: kitchen-tests + billing_s3_bucket_prefix: ice-cookbook-tests-billing-<%= ENV['USER'] %>/ + work_s3_bucket_prefix: ice-cookbook-tests-work-<%= ENV['USER'] %>/ + includes: + - centos-6.6 +- name: tomcat7 + run_list: + - recipe[minitest-handler] + - recipe[ice] + attributes: + tomcat: + base_version: 7 + keytool: /usr/lib/jvm/java-1.6.0/bin/keytool + ice: + version: 0.0.4 + war_url: https://s3.amazonaws.com/dl.imedidata.net/ice + skip_manifest_check: true + checksum: eb9e7503585553bdebf9d93016bcbe7dc033c21e2b1b2f0df0978ca2968df047 + company_name: Your Company + billing_aws_access_key_id: <%= AWS_ACCESS_KEY_ID %> + billing_aws_secret_key: <%= AWS_ACCESS_KEY_SECRET %> + billing_s3_bucket_name: kitchen-tests + work_s3_bucket_name: kitchen-tests + billing_s3_bucket_prefix: ice-cookbook-tests-billing-<%= ENV['USER'] %>/ + work_s3_bucket_prefix: ice-cookbook-tests-work-<%= ENV['USER'] %>/ + includes: + - centos-7.1 diff --git a/README.md b/README.md index 6f27b57..738b1d9 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,8 @@ Tested on * Ubuntu 14.04 * Ubuntu 12.04 -* Centos 6.4 +* Centos 7.1 +* Centos 6.6 Other Debian and RHEL family distributions are assumed to work but YMMV. diff --git a/test/integration/default/serverspec/ice_spec.rb b/test/integration/default/serverspec/ice_spec.rb index c18da39..6f25b0d 100644 --- a/test/integration/default/serverspec/ice_spec.rb +++ b/test/integration/default/serverspec/ice_spec.rb @@ -1,7 +1,9 @@ require_relative '../../../kitchen/data/spec_helper' +suffix = node['tomcat']['base_version'].to_i < 7 ? node['tomcat']['base_version'] : "" + describe 'should be running tomcat6 on port 8080' do - describe service('tomcat6') do + describe service("tomcat#{suffix}") do it { should be_enabled } it { should be_running } end @@ -23,19 +25,19 @@ end describe 'should be configured to run a processer' do - describe file('/var/lib/tomcat6/webapps/releases/0.0.4/WEB-INF/classes/ice.properties') do + describe file("/var/lib/tomcat#{suffix}/webapps/releases/0.0.4/WEB-INF/classes/ice.properties") do its(:content) { should match(/ice\.processor=true/) } end end describe 'should be configured to run a reader' do - describe file('/var/lib/tomcat6/webapps/releases/0.0.4/WEB-INF/classes/ice.properties') do + describe file("/var/lib/tomcat#{suffix}/webapps/releases/0.0.4/WEB-INF/classes/ice.properties") do its(:content) { should match(/ice\.reader=true/) } end end describe 'should be configured to pull billing files from 90 days back' do - describe file('/var/lib/tomcat6/webapps/releases/0.0.4/WEB-INF/classes/ice.properties') do + describe file("/var/lib/tomcat#{suffix}/webapps/releases/0.0.4/WEB-INF/classes/ice.properties") do processing_start_millis = (Date.today - 90).strftime('%Q')[0..-6] # drop last 6 digits its(:content) { should match(/ice\.startmillis=#{processing_start_millis}\d+{5,5}/) } end From 4029e2ab731aa65fcbb7d84334a6b8792138a169 Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Thu, 18 Jun 2015 18:26:24 -0700 Subject: [PATCH 4/8] Optional nginx and default site disable This allows the cookbook to be used to install ice with tomcat but still allow other nginx configs in a wrapper cookbook. --- attributes/default.rb | 6 ++++++ recipes/default.rb | 40 +--------------------------------------- recipes/nginx.rb | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 39 deletions(-) create mode 100644 recipes/nginx.rb diff --git a/attributes/default.rb b/attributes/default.rb index dc5b699..e0872ff 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -137,6 +137,12 @@ # proxy on Ice readers/UI nodes. node.default['ice']['public_hostname'] = nil +# Setup Nginx. +node.default['ice']['nginx_enabled'] = true + +# Disable Nginx default site. +node.default['ice']['nginx_disable_default_site'] = true + # Nginx port configuration. node.default['ice']['nginx_port'] = 80 diff --git a/recipes/default.rb b/recipes/default.rb index e694663..ced67ad 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -28,7 +28,6 @@ java_options = "#{node['tomcat']['java_options']} -Dice.s3AccessKeyId=#{node['ice']['billing_aws_access_key_id']} -Dice.s3SecretKey=#{node['ice']['billing_aws_secret_key']}" node.override['tomcat']['java_options'] = java_options -node.override['nginx']['default_site_enabled'] = false artifact_deploy 'ice' do version node['ice']['version'] @@ -102,41 +101,4 @@ options %w( copytruncate compress missingok ) end -if node['ice']['reader']['enabled'] == true - # Ugly hack to fix this issue: https://github.com/miketheman/nginx/issues/248 - node.default['nginx']['pid'] = '/run/nginx.pid' if ubuntu_trusty? - - include_recipe 'nginx::default' - - # Configure nginx site reverse proxy - if node['ice']['public_hostname'].nil? - if node.attribute?('ec2') - node.override['ice']['public_hostname'] = node['ec2']['public_hostname'] - elsif node.attribute?('cloud') - node.override['ice']['public_hostname'] = node['cloud']['public_hostname'] - else - node.override['ice']['public_hostname'] = node['fqdn'] - end - - if node['ice']['nginx_port'] != 80 - node.override['ice']['public_hostname'] += ":#{node['ice']['nginx_port']}" - end - end - - # Disable default site first - nginx_site 'default' do - enable false - end - - # Generate nginx ice site - template "#{node['nginx']['dir']}/sites-available/ice" do - cookbook node['ice']['nginx_config_cookbook'] - source node['ice']['nginx_config'] - mode 0644 - owner node['nginx']['user'] - group node['nginx']['group'] - end - - # Enable ice site - nginx_site 'ice' -end +include_recipe 'ice::nginx' if node['ice']['reader']['enabled'] == true and node['ice']['nginx_enabled'] diff --git a/recipes/nginx.rb b/recipes/nginx.rb new file mode 100644 index 0000000..e14475e --- /dev/null +++ b/recipes/nginx.rb @@ -0,0 +1,41 @@ +# +# Cookbook Name:: ice +# Recipe:: nginx +# + +node.override['nginx']['default_site_enabled'] = false + +include_recipe 'nginx::default' + +# Configure nginx site reverse proxy +if node['ice']['public_hostname'].nil? + if node.attribute?('ec2') + node.override['ice']['public_hostname'] = node['ec2']['public_hostname'] + elsif node.attribute?('cloud') + node.override['ice']['public_hostname'] = node['cloud']['public_hostname'] + else + node.override['ice']['public_hostname'] = node['fqdn'] + end + + if node['ice']['nginx_port'] != 80 + node.override['ice']['public_hostname'] += ":#{node['ice']['nginx_port']}" + end +end + +# Disable default site first +nginx_site 'default' do + enable false + only_if node['ice']['nginx_disable_default_site'] +end + +# Generate nginx ice site +template "#{node['nginx']['dir']}/sites-available/ice" do + cookbook node['ice']['nginx_config_cookbook'] + source node['ice']['nginx_config'] + mode 0644 + owner node['nginx']['user'] + group node['nginx']['group'] +end + +# Enable ice site +nginx_site 'ice' From 7bbb984a2dd2247ad5b77116682fad3a934ca49e Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Fri, 19 Jun 2015 12:38:57 -0700 Subject: [PATCH 5/8] Config selinux to allow nginx to connect to tomcat --- recipes/default.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/recipes/default.rb b/recipes/default.rb index ced67ad..4be89d8 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -91,6 +91,13 @@ } end +# Allow httpd to connect to tomcat for proxy +execute 'selinux httpd_can_network_connect' do + command '/usr/sbin/setsebool httpd_can_network_connect true' + only_if ['rhel', 'fedora'].include?(node['platform_family']) +end + + # Configure logrotate logrotate_app node['tomcat']['base_instance'] do cookbook 'logrotate' From 553df311fc340c8187beab2ae3648153cf4d267a Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Fri, 19 Jun 2015 23:58:31 -0700 Subject: [PATCH 6/8] Fix tomcat6 tests --- .kitchen.yml | 4 ++-- recipes/default.rb | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index f974926..34a4fe6 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -46,7 +46,7 @@ suites: includes: - ubuntu-12.04 - ubuntu-14.04 -- name: tomcat6 +- name: tomcat6-rhel run_list: - recipe[minitest-handler] - recipe[ice] @@ -68,7 +68,7 @@ suites: work_s3_bucket_prefix: ice-cookbook-tests-work-<%= ENV['USER'] %>/ includes: - centos-6.6 -- name: tomcat7 +- name: tomcat7-rhel run_list: - recipe[minitest-handler] - recipe[ice] diff --git a/recipes/default.rb b/recipes/default.rb index 4be89d8..620cb15 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -91,10 +91,11 @@ } end + # Allow httpd to connect to tomcat for proxy execute 'selinux httpd_can_network_connect' do command '/usr/sbin/setsebool httpd_can_network_connect true' - only_if ['rhel', 'fedora'].include?(node['platform_family']) + only_if { ['rhel', 'fedora'].include?(node['platform_family']) } end From 6ca6213b43b49cf48255b29603f9965f78fb0639 Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Sat, 20 Jun 2015 00:01:13 -0700 Subject: [PATCH 7/8] Add TravisCI --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..a08a4f4 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,7 @@ +language: ruby +cache: bundler +rvm: + - 2.2.0 +branches: + only: + - master From c60ad3fd9277db160f40779eed19688ad24bec13 Mon Sep 17 00:00:00 2001 From: Grant Ridder Date: Sat, 20 Jun 2015 00:07:11 -0700 Subject: [PATCH 8/8] Fix syntax per rubocop --- recipes/default.rb | 6 ++---- test/integration/default/serverspec/ice_spec.rb | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/recipes/default.rb b/recipes/default.rb index 620cb15..f232c83 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -91,14 +91,12 @@ } end - # Allow httpd to connect to tomcat for proxy execute 'selinux httpd_can_network_connect' do command '/usr/sbin/setsebool httpd_can_network_connect true' - only_if { ['rhel', 'fedora'].include?(node['platform_family']) } + only_if { %w(rhel fedora).include?(node['platform_family']) } end - # Configure logrotate logrotate_app node['tomcat']['base_instance'] do cookbook 'logrotate' @@ -109,4 +107,4 @@ options %w( copytruncate compress missingok ) end -include_recipe 'ice::nginx' if node['ice']['reader']['enabled'] == true and node['ice']['nginx_enabled'] +include_recipe 'ice::nginx' if node['ice']['reader']['enabled'] == true && node['ice']['nginx_enabled'] diff --git a/test/integration/default/serverspec/ice_spec.rb b/test/integration/default/serverspec/ice_spec.rb index 6f25b0d..1a56928 100644 --- a/test/integration/default/serverspec/ice_spec.rb +++ b/test/integration/default/serverspec/ice_spec.rb @@ -1,6 +1,6 @@ require_relative '../../../kitchen/data/spec_helper' -suffix = node['tomcat']['base_version'].to_i < 7 ? node['tomcat']['base_version'] : "" +suffix = node['tomcat']['base_version'].to_i < 7 ? node['tomcat']['base_version'] : '' describe 'should be running tomcat6 on port 8080' do describe service("tomcat#{suffix}") do