From a1a2e4e96c3773f0fa7522c2a5269c17766ad008 Mon Sep 17 00:00:00 2001
From: Pete Cheslock <petecheslock@gmail.com>
Date: Mon, 19 Jan 2015 23:13:09 -0500
Subject: [PATCH] Initial Commit of the Threat Stack agent cookbook

---
 .gitignore            | 26 ++++++++++++
 .kitchen.yml          | 38 +++++++++++++++++
 Berksfile             |  6 +++
 Gemfile               |  4 ++
 Gemfile.lock          | 92 +++++++++++++++++++++++++++++++++++++++++
 README.md             | 50 +++++++++++++++++++++++
 attributes/default.rb | 25 ++++++++++++
 chefignore            | 95 +++++++++++++++++++++++++++++++++++++++++++
 metadata.rb           | 15 +++++++
 recipes/default.rb    | 39 ++++++++++++++++++
 recipes/repo.rb       | 43 ++++++++++++++++++++
 11 files changed, 433 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .kitchen.yml
 create mode 100644 Berksfile
 create mode 100644 Gemfile
 create mode 100644 Gemfile.lock
 create mode 100644 README.md
 create mode 100644 attributes/default.rb
 create mode 100644 chefignore
 create mode 100644 metadata.rb
 create mode 100644 recipes/default.rb
 create mode 100644 recipes/repo.rb

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..85dfab7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,26 @@
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+*.tmp
+*.bk
+*.bkup
+.DS_Store
+.kitchen.local.yml
+.rspec
+.yardopts
+Berksfile.lock
+
+.bundle/
+.cache/
+.kitchen/
+.vagrant/
+.vagrant.d/
+.yardoc/
+bin/
+doc/
+tmp/
+vendor/
+VERSION
diff --git a/.kitchen.yml b/.kitchen.yml
new file mode 100644
index 0000000..1315f43
--- /dev/null
+++ b/.kitchen.yml
@@ -0,0 +1,38 @@
+---
+driver:
+  name: vagrant
+  require_chef_omnibus: 11.16.4
+
+platforms:
+  - name: ubuntu-10.04
+    run_list:
+      - recipe[apt]
+  - name: ubuntu-10.04-i386
+    run_list:
+      - recipe[apt]
+  - name: ubuntu-12.04
+    run_list:
+      - recipe[apt]
+  - name: ubuntu-12.04-i386
+    run_list:
+      - recipe[apt]
+  - name: ubuntu-14.04
+    run_list:
+      - recipe[apt]
+  - name: ubuntu-14.04-i386
+    run_list:
+      - recipe[apt]
+  - name: centos-6.5
+    run_list:
+      - recipe[yum]
+  - name: centos-6.5-i386
+    run_list:
+      - recipe[yum]
+
+suites:
+  - name: default
+    run_list:
+      - recipe[threatstack::default]
+    attributes:
+      threatstack:
+        deploy_key: <%= ENV['TS_DEPLOY_KEY'] %>
diff --git a/Berksfile b/Berksfile
new file mode 100644
index 0000000..ef330ac
--- /dev/null
+++ b/Berksfile
@@ -0,0 +1,6 @@
+source 'https://supermarket.getchef.com'
+
+cookbook 'apt'
+cookbook 'yum'
+
+metadata
diff --git a/Gemfile b/Gemfile
new file mode 100644
index 0000000..a9e23fc
--- /dev/null
+++ b/Gemfile
@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'chef'
+gem 'test-kitchen'
diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 0000000..b4d0eb6
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,92 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    chef (12.0.3)
+      chef-zero (~> 3.2)
+      diff-lcs (~> 1.2, >= 1.2.4)
+      erubis (~> 2.7)
+      ffi-yajl (~> 1.2)
+      highline (~> 1.6, >= 1.6.9)
+      mixlib-authentication (~> 1.3)
+      mixlib-cli (~> 1.4)
+      mixlib-config (~> 2.0)
+      mixlib-log (~> 1.3)
+      mixlib-shellout (>= 2.0.0.rc.0, < 3.0)
+      net-ssh (~> 2.6)
+      net-ssh-multi (~> 1.1)
+      ohai (~> 8.0)
+      plist (~> 3.1.0)
+      pry (~> 0.9)
+    chef-zero (3.2.1)
+      ffi-yajl (~> 1.1)
+      hashie (~> 2.0)
+      mixlib-log (~> 1.3)
+      rack
+      uuidtools (~> 2.1)
+    coderay (1.1.0)
+    diff-lcs (1.2.5)
+    erubis (2.7.0)
+    ffi (1.9.6)
+    ffi-yajl (1.3.1)
+      ffi (~> 1.5)
+      libyajl2 (~> 1.2)
+    hashie (2.1.2)
+    highline (1.6.21)
+    ipaddress (0.8.0)
+    libyajl2 (1.2.0)
+    method_source (0.8.2)
+    mime-types (1.25.1)
+    mixlib-authentication (1.3.0)
+      mixlib-log
+    mixlib-cli (1.5.0)
+    mixlib-config (2.1.0)
+    mixlib-log (1.6.0)
+    mixlib-shellout (2.0.1)
+    net-dhcp (1.3.2)
+    net-scp (1.2.1)
+      net-ssh (>= 2.6.5)
+    net-ssh (2.9.2)
+    net-ssh-gateway (1.2.0)
+      net-ssh (>= 2.6.5)
+    net-ssh-multi (1.2.0)
+      net-ssh (>= 2.6.5)
+      net-ssh-gateway (>= 1.2.0)
+    ohai (8.0.1)
+      ffi (~> 1.9)
+      ffi-yajl (~> 1.1)
+      ipaddress
+      mime-types (~> 1.16)
+      mixlib-cli
+      mixlib-config (~> 2.0)
+      mixlib-log
+      mixlib-shellout (~> 2.0)
+      net-dhcp
+      rake (~> 10.1)
+      systemu (~> 2.6.4)
+      wmi-lite (~> 1.0)
+    plist (3.1.0)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rack (1.6.0)
+    rake (10.4.2)
+    safe_yaml (1.0.4)
+    slop (3.6.0)
+    systemu (2.6.4)
+    test-kitchen (1.3.0)
+      mixlib-shellout (>= 1.2, < 3.0)
+      net-scp (~> 1.1)
+      net-ssh (~> 2.7)
+      safe_yaml (~> 1.0)
+      thor (~> 0.18)
+    thor (0.19.1)
+    uuidtools (2.1.5)
+    wmi-lite (1.0.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  chef
+  test-kitchen
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..89d179f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,50 @@
+Threat Stack Cookbook
+================
+
+Chef recipes to deploy the Threat Stack server agent
+
+Requirements
+============
+- chef >= 10.14
+
+Platforms
+---------
+
+* Amazon Linux
+* CentOS
+* RedHat
+* Ubuntu
+
+Cookbooks
+---------
+
+The following Opscode cookbooks are dependencies:
+
+* `apt`
+* `yum`
+
+
+Recipes
+=======
+
+default
+-------
+Installs the Threat Stack agent package and register the agent with the service
+
+repo
+--------
+Sets up the Apt or Yum repo for installing the Threat Stack agent package
+
+Usage
+=====
+
+1. Add this cookbook to your Chef Server or add to your Berksfile
+  ```
+  cookbook 'threatstack', '~> 1.0.0'
+  ```
+
+2. Add your deploy api key to the `node['threatstack']['deploy_key']` attribute at a higher precedence level. Using either a wrapper cookbook or role or databag
+
+3. (Optional) Set the `node['threatstack']['policy']` to define which policy will apply to this node (defaults to 'Default Policy')
+
+4. Add this recipe to your runlist or include in another recipe
diff --git a/attributes/default.rb b/attributes/default.rb
new file mode 100644
index 0000000..fd5daf4
--- /dev/null
+++ b/attributes/default.rb
@@ -0,0 +1,25 @@
+#
+# Cookbook Name:: threatstack
+# Attributes:: default
+#
+# Copyright 2014-2015, Threat Stack
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['threatstack']['repo'] = 'https://pkg.threatstack.com'
+default['threatstack']['url'] = 'https://app.threatstack.com'
+default['threatstack']['version'] = nil
+default['threatstack']['pkg_action'] = :install
+default['threatstack']['deploy_key'] = nil
+default['threatstack']['policy'] = 'Default Policy'
diff --git a/chefignore b/chefignore
new file mode 100644
index 0000000..80dc2d2
--- /dev/null
+++ b/chefignore
@@ -0,0 +1,95 @@
+# Put files/directories that should be ignored in this file when uploading
+# or sharing to the community site.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+Icon?
+nohup.out
+ehthumbs.db
+Thumbs.db
+
+# SASS #
+########
+.sass-cache
+
+# EDITORS #
+###########
+\#*
+.#*
+*~
+*.sw[a-z]
+*.bak
+REVISION
+TAGS*
+tmtags
+*_flymake.*
+*_flymake
+*.tmproj
+.project
+.settings
+mkmf.log
+
+## COMPILED ##
+##############
+a.out
+*.o
+*.pyc
+*.so
+*.com
+*.class
+*.dll
+*.exe
+*/rdoc/
+
+# Testing #
+###########
+.watchr
+.rspec
+spec/*
+spec/fixtures/*
+test/*
+features/*
+Guardfile
+Procfile
+
+# SCM #
+#######
+.git
+*/.git
+.gitignore
+.gitmodules
+.gitconfig
+.gitattributes
+.svn
+*/.bzr/*
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Cookbooks #
+#############
+CONTRIBUTING
+
+# Strainer #
+############
+Colanderfile
+Strainerfile
+.colander
+.strainer
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile
+
+# Travis #
+##########
+.travis.yml
diff --git a/metadata.rb b/metadata.rb
new file mode 100644
index 0000000..5f45dcb
--- /dev/null
+++ b/metadata.rb
@@ -0,0 +1,15 @@
+name             'threatstack'
+maintainer       'Threat Stack'
+maintainer_email 'support@threatstack.com'
+license          'Apache 2.0'
+description      'Installs/Configures Threat Stack cloudsight components'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          '1.0.0'
+
+supports 'amazon'
+supports 'centos'
+supports 'redhat'
+supports 'ubuntu'
+
+depends  'apt'
+depends  'yum'
diff --git a/recipes/default.rb b/recipes/default.rb
new file mode 100644
index 0000000..c326e2b
--- /dev/null
+++ b/recipes/default.rb
@@ -0,0 +1,39 @@
+#
+# Cookbook Name:: threatstack
+# Recipe:: repo
+#
+# Copyright 2014-2015, Threat Stack
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'threatstack::repo'
+
+package 'threatstack-agent' do
+  version node['threatstack']['version'] if node['threatstack']['version']
+  action node['threatstack']['pkg_action']
+end
+
+# Register the Threat Stack agent - Policy is not required
+# and if it's omitted then the agent will need to be approved
+# in the Threat Stack UI
+
+cmd = "cloudsight setup --deploy-key=#{node['threatstack']['deploy_key']} "
+cmd += "--policy='#{node['threatstack']['policy']}' " if node['threatstack']['policy']
+cmd += "--url='#{node['threatstack']['url']}'" if node['threatstack']['url']
+
+execute 'cloudsight setup' do
+  command cmd
+  action :run
+  not_if { ::File.exist?('/opt/threatstack/cloudsight/config/.secret') }
+end
diff --git a/recipes/repo.rb b/recipes/repo.rb
new file mode 100644
index 0000000..3214c21
--- /dev/null
+++ b/recipes/repo.rb
@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: threatstack
+# Recipe:: repo
+#
+# Copyright 2014-2015, Threat Stack
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node['platform_family']
+when 'debian'
+  apt_repository 'threatstack' do
+    uri "#{node['threatstack']['repo']}/Ubuntu"
+    distribution node['lsb']['codename']
+    components ['main']
+    key 'https://www.threatstack.com/APT-GPG-KEY-THREATSTACK'
+    action :add
+  end
+
+when 'rhel'
+  if node['platform'] == 'amazon'
+    path = 'Amazon'
+  else
+    path = 'CentOS'
+  end
+
+  yum_repository 'threatstack' do
+    description 'Threat Stack'
+    baseurl "#{node['threatstack']['repo']}/#{path}"
+    gpgkey 'https://www.threatstack.com/RPM-GPG-KEY-THREATSTACK'
+    action :add
+  end
+end