Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

config-driven-helper (26) Versions 3.1.1

enable driving cookbooks that are not normally config driven to be so

Policyfile
Berkshelf
Knife
cookbook 'config-driven-helper', '= 3.1.1', :supermarket
cookbook 'config-driven-helper', '= 3.1.1'
knife supermarket install config-driven-helper
knife supermarket download config-driven-helper
README
Dependencies
Changelog
Quality 50%

Config driven helper cookbook

Usage

The config driven helper cookbook is a simple catchall cookbook designed to drive other cookbooks that are not normally config driven.

Enabling this ability means that there is less duplication and therefore less scope for error across projects which utilize this cookbook.

Apache sites

The apache sites helper enables you to create an apache vhost simply by defining it as node attributes.

Add config-driven-helper::apache-sites to enable it.

Here is a simple example:

{
  "apache": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com"
      }
    }
  }
}

The above, when integrated in to your chef attributes will create a vhost called inviqa that responds to the vhost inviqa.com and has a document root of /var/www/inviqa.com.

Internally the contents of the 'inviqa' site attribute will be proxied to the apache2 cookbook web_app resource. This means that any configuration that is valid for web_app is valid here too!

As an example, consider changing the template to a custom one that you have created in a project cookbook called project.

{
  "apache": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com",
        "template": "my-custom-template.conf.erb",
        "cookbook": "my-project-cookbook"
      }
    }
  }
}

We recommend that you use an abstract name for the key of the site (and not the hostname). This is to allow you to share site attributes across environments with minimal duplication.

SSL

The apache sites helper also provides a means to create https vhosts. To do this you must set the 'protocols' array.

{
  "apache": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com",
        "protocols": [ "http", "https" ]
      }
    }
  }
}

This example will create two vhosts; inviqa and inviqa.ssl. inviqa.ssl will be configured to respond on port 443 with some sensible SSL default settings (including limiting to secure protocols and ciphersuites).

The defaults for a site are defined here: https://github.com/inviqa/chef-config-driven-helper/blob/master/attributes/default.rb#L14

These default will be merged in to any given site.

Therefore, by default the SSL vhost template will use /etc/pki/tls/certs/cert.pem as the certfile and /etc/pki/tls/private/key.pem as the keyfile.

The apache sites helper will populate these keys for you by looking at the node['ssl_certs']['/etc/pki/tls/certs/cert.pem'] and node['ssl_certs']['/etc/pki/tls/private/key.pem'] attributes.

You can override any of these values by simply defining them in your site attributes. For a (contrived) example, to change the keyfile path:

{
  "apache": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com",
        "protocols": [ "http", "https" ],
        "keyfile": "/tmp/my-super-insecure-keyfile.pem"
      }
    }
  }
}

It is assumed that projects that use this cookbook also use the data-bag-merge cookbook from https://cookbooks.opscode.com/cookbooks/data-bag-merge. This cookbook merges encrypted data bags in to your chef attributes to enabled encrypted attributes for cookbooks that do not directly support them.

Server params

To add fastcgi_param for Nginx or SetEnv for Apache use php_server_variables under sites key, like in this example for apache (it's similiar for nginx):

{
  "apache": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com",
        "protocols": [ "http", "https" ],
        "php_server_variables": {
          "FOO": "bar",
          "ANOTHER": "value"
        }
      }
    }
  }
}

Capistrano

The apache sites helper also additionally set up Capistrano application targets,
configuring the folder structure and permissions of shared folders

{
  "apache": {
    "sites": {
      "inviqa": {
        "capistrano": {
          "deploy_to": "/var/www/sites/inviqa.com",
          "owner": "deploy",
          "group": "deploy",
          "shared_folders": {
            "readable": {
              "folders": [
                "app"
              ]
            },
            "writeable": {
              "owner": "apache",
              "group": "apache",
              "folders": [
                "uploads",
                "app/./cache/disk"
              ]
            }
          }
        }
      }
    }
  }
}

A shared_folders folder containing a '.' will apply permissions recursively
from the dot onwards, and not preceding directory names. A shared_folder section
that doesn't have owner or group will inherit the top-level owner and group.

This creates the following folder structure:

deploy deploy /var/www/sites/inviqa.com
deploy deploy /var/www/sites/inviqa.com/releases
deploy deploy /var/www/sites/inviqa.com/shared
deploy deploy /var/www/sites/inviqa.com/shared/app
apache apache /var/www/sites/inviqa.com/shared/app/cache
apache apache /var/www/sites/inviqa.com/shared/app/cache/disk
apache apache /var/www/sites/inviqa.com/shared/uploads

Nginx sites

The nginx sites helper is very similar to the apache sites helper with the exception that it does not proxy to any kind of web_app helper and uses the nginx top level attribute instead.

Add config-driven-helper::nginx-sites to enable it.

{
  "nginx": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com",
        "protocols": [ "http", "https" ],
        "keyfile": "/tmp/my-super-insecure-keyfile.pem"
      }
    }
  }
}

http_realip

Enable nginx_http_realip module to be used in conjunction with HTTP_AUTH
to be able to match the real ip of a visitor even if it comes
from a Proxied connection (i.e. Varis, CloudFlare, others)

It can be used together with Inviqa's cookbook cloudflare-ips

Default values:

default['nginx']['real_ip_header'] = "X-Forwarded-For"
default['nginx']['real_ip_from'] = []
default['nginx']['real_ip_recursive'] = "on"

Add config-driven-helper::nginx-http-realip to enable it.
```json
{
"nginx": {
"real_ip_from": [
"1.2.3.4",
"5.6.7.8"
]
}
}


#### HTTP2
Support HTTP2 in Nginx by adding "http2" to the end of the listen line.

You can enable this by adding `enable_http2_tls` to your site definition like so:
```json
{
  "nginx": {
    "sites": {
      "inviqa": {
        "server_name": "inviqa.com",
        "docroot": "/var/www/inviqa.com",
        "protocols": [ "http", "https" ],
        "keyfile": "/tmp/my-super-insecure-keyfile.pem"
        "enable_http2_tls": true
      }
    }
  }
}

enable_http2_plaintext_disabling_http1 is also available to enable
http2 on the insecure port, however as Nginx doesn't support h2c for plain HTTP protocol so will not support HTTP 1.1/1.0 if enabled.

Mysql users

The mysql users helper enables you to create mysql users from attributes. It proxies the attributes to the mysql_database_user resource defined by the database cookbook here: https://github.com/opscode-cookbooks/database#database_user. This means that any attributes valid there are valid here.

Add config-driven-helper::mysql-users to enable it.

The following example creates the user my_username with the defined password and with GRANT ALL PRIVELEGES applied to database-to-grant.

{
  "mysql": {
    "users": {
      "my_username": {
        "password": "my-password-from-data-bag-merge",
        "database_name": "database-to-grant"
      }
    }
  }
}

Firewall

The iptables-standard recipe defines a standard ipv4 + ipv6 firewall, allowing
all loopback/imcp traffic, listening incoming port traffic for services
accessible externally, and related/established traffic for TCP traffic after
connections are established.

By default, it will allow only http, https and ssh traffic, however you can
override this by defining more ports in attributes.

{
  "iptables-standard": {
    "allowed_incoming_ports": {
      "rsync": "rsync",
      "non-standard-software": "12345"
    }
  }
}

The ports for each item in the array are internally mapped by iptables to those
defined in /etc/services if not port numbers.

If you want to remap the port numbers of existing ports, you can do so via:

{
  "iptables-standard": {
    "allowed_incoming_ports": {"http": "8080", "https": false}
  }
}

This will create a firewall with http port 8080, along with the default ssh port
as inherited from the cookbook attributes, leaving the https port blocked.

Mysql databases

The mysql database helper enables you to create mysql databases from attributes. It proxies the attributes to the mysql_database resource defined by the database cookbook here: https://github.com/opscode-cookbooks/database#database. This means that any attributes valid there are valid here.

Add config-driven-helper::mysql-databases to enable it.

The following example creates the database my_database with no additional options.

{
  "mysql": {
    "databases": {
      "my_database": { }
    }
  }
}

Additional Packages

The packages helper simply enables you to define a list of packages to install. Due to the way that chef merges array attributes you should take care to define all packages at the same precedence level. We may in the future support hash lists to enable purges too.

Add config-driven-helper::packages-additional to enable it.

The following example installs both git and java packages.

{
  "packages-additional": {
    "git": "install",
    "java": "install"
  }
}

Services

The services helper enables you to perform simple actions on pre-defined services such as start / stop / enable / disable them. Note that the service name should be name used by chef, not that of the underlying OS (though they are often the same).

Add config-driven-helper::services to enable it.

The following example shows how to make sure that the mysql service is both enabled and started.

  "services": {
    "mysql": [ "enable", "start" ]
  }

Mysql ruby

This recipe is primarily for internal use by the mysql helpers. It forces the install of the mysql gem in to the chef ruby. This is provided because chef_gem is not an appropriate solution where mysql is installed in the same run and depends on a different version of mysql-libs (or your OS equivalent) to the version of MySQL being installed. A simple example of this is installing Percona on CentOS 6.5.

Add config-driven-helper::mysql-ruby to enable it (although it is explicitly included by the mysql helpers so this should only be necessary if used standalone).

Contributing

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

Supermarket share

stove is used to create git tags and
publish the cookbook on supermarket.chef.io.

To tag/publish you need to be a contributor to the cookbook on Supermarket and
run:

$ stove login --username  --key ~/.chef/.pem
$ rake publish

It will take the version defined in metadata.rb, create a tag, and push the
cookbook to http://supermarket.chef.io/cookbooks/config-driven-helper

License and Authors

  • Author:: Mike Simons
  • Author:: Andy Thompson
  • Author:: Kieran Evans
Copyright:: 2014-2015 The Inviqa Group Ltd

See LICENSE file

3.1.1 (17 Aug 2018)

CHANGES:

  • #95 Fix missing semicolon in NGINX template

3.1.0 (17 Aug 2018)

NEW FEATURES:

  • #88 Optionally set the HTTPS environment variable to "on" if X-Forwarded-Proto is "https"
  • #94 Support HTTP2 in NGINX

3.0.0 (21 Feb 2018)

CHANGES:

  • Remove RSA encryption and 3DES TLS ciphers as defaults

2.8.0 (22 Feb 2018)

NEW FEATURES:
* #92 Ability to remove weak RSA and 3DES ciphers without fully copying the strong ones
* Order ECDSA certificate ciphers ahead of RSA certificate ciphers

2.7.0 (04 Apr 2016)

NEW FEATURES:

  • #91 Add support for Nginx http_realip

2.6.1 (06 Oct 2016)

BUG FIXES:

  • #87 Fix issue with basic auth requiring allow_from to be set

2.6.0 (06 Sep 2016)

NEW FEATURES:

  • #64 Add basic auth ability to nginx, to match apache.

2.5.1 (25 Aug 2016)

CHANGES:

  • #84 Change capistrano definition usage to use site name rather than :deploy_to as this is more unique.

2.5.0 (04 Aug 2016)

CHANGES:

  • #82 Self signed ssl fixes

2.4.0 (03 Aug 2016)

NEW FEATURES:

  • #80 Ensure pre-existing ssl files don't get overwritten by this cookbook
  • #81 Add recipe to generate self signed ssl

2.3.0 (22 Jul 2016)

NEW FEATURES:

  • #62 Add ability to proxy via NGINX

BUG FIXES:

  • #79 Fix issue with un-declared packages-additional error

2.2.2 (20 Jul 2016)

SECURITY FIXES:

  • #78 Httpoxy fix for cookbook version 2.2

1.5.3 (20 Jul 2016)

SECURITY FIXES:

  • #79 Httpoxy fix for cookbook version 1.5

2.2.1 (13 Jul 2016)

BUG FIXES:

  • #75 Reverse <Directory /> deny in Httpd 2.4 if no restrictions
  • #77 Fix issue with apache2 cookbook < 2 apache_site enable

2.2.0 (06 Jul 2016)

NEW FEATURES:

  • #76 Add packages-additional recipe to replace package recipe for Chef 12.9+

CHANGES:

  • #76 Provide more detailed error information when packages recipe can't be used

2.1.0 (28 Jun 2016)

NEW FEATURES:

  • Apache 2.4 compatibility in the apache virtual host. Comprising of:
    • #66 - Fix name of vhost template resource so the apache2 cookbook can enable the vhost
    • #68 - Fix incompatible vhost configuration so that it works under apache 2.2 and 2.4
  • #73 - Support for http digest auth in apache_site and more attributes

BUG FIXES:

* #67 - Ubuntu compatibility for logs directory location
* #72 - Fix issues with combinations of apache_site allow_from and basic_username

2.0.3 (23 May 2016)

BUG FIXES:

  • #60 Delete any allowed_incoming_ports marked false

2.0.2 (06 May 2016)

IMPROVEMENTS:

  • Pin build-essential cookbook to ~> 1.4 to speed up dependency resolution

2.0.1 (06 May 2016)

BUG FIXES:

  • #59 Pin database cookbook to 2.0.x to fix mysql-* recipes

2.0.0 (04 May 2016)

IMPROVEMENTS:

  • #56 Loosen cookbook constraints to support httpd 2.4

CHANGES:

  • #57 Disable nginx https variable emulation by default
  • #58 Fork off deploy user work from capistrano recipe to new cookbook

1.5.0 (10 November 2015)

IMPROVEMENTS:

  • Add locations configuration to replace static_dirs and restricted_dirs
  • Separate includes into includes_first and include_last for greater control

1.4.3 (8 September 2015)

IMPROVEMENTS:

  • Fix specs/tests
  • Add Chef 12 compatibility for nginx-sites/apache-sites

BUG FIXES:

  • Remove obsolete chef-solo-search and users dependencies

1.4.2 (9 August 2015)

BUG FIXES:

  • Retag due to 1.4.1 missing metadata version update

1.4.1 (9 July 2015)

BUG FIXES:

  • Fix issue with custom user databag name not working

1.4.0 (3 July 2015)

IMPROVEMENTS:

  • Add support for encrypted user databags on chef-solo

Collaborator Number Metric
            

3.1.1 passed this metric

Contributing File Metric
            

3.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

3.1.1 failed this metric

FC122: Use the build_essential resource instead of the recipe: config-driven-helper/recipes/mysql-ruby.rb:2
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

3.1.1 passed this metric

Testing File Metric
            

3.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

3.1.1 passed this metric