From 7b551539453c3f57d3a7d827aab970b193050c81 Mon Sep 17 00:00:00 2001 From: Kristian Van Der Vliet Date: Mon, 23 May 2016 21:53:48 +0100 Subject: [PATCH 1/3] Don't use set_unless set_unless doesn't really do what you might think it does, and makes it difficult to set the various attributes in a wrapper cookbook, so change set_unless to a guard that checks if the attribute has been set instead. Change is_local_host? to check for sockets in the form "host:/path/to/socket" and return false (although I admit that symantic might be wrong) --- attributes/default.rb | 9 +++++++++ libraries/helpers.rb | 2 ++ recipes/app.rb | 16 ++++++++-------- recipes/database.rb | 2 +- recipes/nginx.rb | 4 ++-- 5 files changed, 22 insertions(+), 11 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 873753d..51fbdee 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -101,3 +101,12 @@ end default['wordpress']['php_options'] = { 'php_admin_value[upload_max_filesize]' => '50M', 'php_admin_value[post_max_size]' => '55M' } + +default['wordpress']['keys']['auth'] = nil +default['wordpress']['keys']['secure_auth'] = nil +default['wordpress']['keys']['logged_in'] = nil +default['wordpress']['keys']['nonce'] = nil +default['wordpress']['salt']['auth'] = nil +default['wordpress']['salt']['secure_auth'] = nil +default['wordpress']['salt']['logged_in'] = nil +default['wordpress']['salt']['nonce'] = nil diff --git a/libraries/helpers.rb b/libraries/helpers.rb index ce6e3fb..260ab4d 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -24,6 +24,8 @@ module Helpers def is_local_host?(host) if host == 'localhost' || host == '127.0.0.1' || host == '::1' true + elsif host =~ /\A\w*:.*\z/ + false else require 'socket' require 'resolv' diff --git a/recipes/app.rb b/recipes/app.rb index b3d9f41..0a1f7e4 100644 --- a/recipes/app.rb +++ b/recipes/app.rb @@ -20,14 +20,14 @@ include_recipe "wordpress::database" ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) -node.set_unless['wordpress']['keys']['auth'] = secure_password -node.set_unless['wordpress']['keys']['secure_auth'] = secure_password -node.set_unless['wordpress']['keys']['logged_in'] = secure_password -node.set_unless['wordpress']['keys']['nonce'] = secure_password -node.set_unless['wordpress']['salt']['auth'] = secure_password -node.set_unless['wordpress']['salt']['secure_auth'] = secure_password -node.set_unless['wordpress']['salt']['logged_in'] = secure_password -node.set_unless['wordpress']['salt']['nonce'] = secure_password +node.default['wordpress']['keys']['auth'] = secure_password unless node['wordpress']['keys']['auth'] +node.default['wordpress']['keys']['secure_auth'] = secure_password unless node['wordpress']['keys']['secure_auth'] +node.default['wordpress']['keys']['logged_in'] = secure_password unless node['wordpress']['keys']['logged_in'] +node.default['wordpress']['keys']['nonce'] = secure_password unless node['wordpress']['keys']['nonce'] +node.default['wordpress']['salt']['auth'] = secure_password unless node['wordpress']['salt']['auth'] +node.default['wordpress']['salt']['secure_auth'] = secure_password unless node['wordpress']['salt']['secure_auth'] +node.default['wordpress']['salt']['logged_in'] = secure_password unless node['wordpress']['salt']['logged_in'] +node.default['wordpress']['salt']['nonce'] = secure_password unless node['wordpress']['salt']['nonce'] node.save unless Chef::Config[:solo] directory node['wordpress']['dir'] do diff --git a/recipes/database.rb b/recipes/database.rb index 3f61d78..3405b4f 100644 --- a/recipes/database.rb +++ b/recipes/database.rb @@ -32,7 +32,7 @@ ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) ::Chef::Recipe.send(:include, Wordpress::Helpers) -node.set_unless['wordpress']['db']['pass'] = secure_password +node.default['wordpress']['db']['pass'] = secure_password unless node['wordpress']['db']['pass'] node.save unless Chef::Config[:solo] db = node['wordpress']['db'] diff --git a/recipes/nginx.rb b/recipes/nginx.rb index 7820a2b..7d9ded4 100644 --- a/recipes/nginx.rb +++ b/recipes/nginx.rb @@ -17,7 +17,7 @@ # limitations under the License. # -node.set_unless['php-fpm']['pools'] = [] +node.default['php-fpm']['pools'] = [] unless node['php-fpm']['pools'] include_recipe "php-fpm" @@ -36,7 +36,7 @@ include_recipe "php::module_mysql" -node.set_unless['nginx']['default_site_enabled'] = false +node.default['nginx']['default_site_enabled'] = false unless node['nginx']['default_site_enabled'] include_recipe "nginx" include_recipe "wordpress::app" From 3834a79a0f0d5bff4e7301e5d208f8ff4ee3cbf0 Mon Sep 17 00:00:00 2001 From: Kristian Van Der Vliet Date: Tue, 24 May 2016 17:51:37 +0000 Subject: [PATCH 2/3] Use normal attributes If the passwords & keys *are* generated, store them in normal attributes so that they persist across Chef runs. --- recipes/app.rb | 16 ++++++++-------- recipes/database.rb | 2 +- recipes/nginx.rb | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/recipes/app.rb b/recipes/app.rb index 0a1f7e4..1043298 100644 --- a/recipes/app.rb +++ b/recipes/app.rb @@ -20,14 +20,14 @@ include_recipe "wordpress::database" ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) -node.default['wordpress']['keys']['auth'] = secure_password unless node['wordpress']['keys']['auth'] -node.default['wordpress']['keys']['secure_auth'] = secure_password unless node['wordpress']['keys']['secure_auth'] -node.default['wordpress']['keys']['logged_in'] = secure_password unless node['wordpress']['keys']['logged_in'] -node.default['wordpress']['keys']['nonce'] = secure_password unless node['wordpress']['keys']['nonce'] -node.default['wordpress']['salt']['auth'] = secure_password unless node['wordpress']['salt']['auth'] -node.default['wordpress']['salt']['secure_auth'] = secure_password unless node['wordpress']['salt']['secure_auth'] -node.default['wordpress']['salt']['logged_in'] = secure_password unless node['wordpress']['salt']['logged_in'] -node.default['wordpress']['salt']['nonce'] = secure_password unless node['wordpress']['salt']['nonce'] +node.normal['wordpress']['keys']['auth'] = secure_password unless node['wordpress']['keys']['auth'] +node.normal['wordpress']['keys']['secure_auth'] = secure_password unless node['wordpress']['keys']['secure_auth'] +node.normal['wordpress']['keys']['logged_in'] = secure_password unless node['wordpress']['keys']['logged_in'] +node.normal['wordpress']['keys']['nonce'] = secure_password unless node['wordpress']['keys']['nonce'] +node.normal['wordpress']['salt']['auth'] = secure_password unless node['wordpress']['salt']['auth'] +node.normal['wordpress']['salt']['secure_auth'] = secure_password unless node['wordpress']['salt']['secure_auth'] +node.normal['wordpress']['salt']['logged_in'] = secure_password unless node['wordpress']['salt']['logged_in'] +node.normal['wordpress']['salt']['nonce'] = secure_password unless node['wordpress']['salt']['nonce'] node.save unless Chef::Config[:solo] directory node['wordpress']['dir'] do diff --git a/recipes/database.rb b/recipes/database.rb index 3405b4f..9debb64 100644 --- a/recipes/database.rb +++ b/recipes/database.rb @@ -32,7 +32,7 @@ ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) ::Chef::Recipe.send(:include, Wordpress::Helpers) -node.default['wordpress']['db']['pass'] = secure_password unless node['wordpress']['db']['pass'] +node.normal['wordpress']['db']['pass'] = secure_password unless node['wordpress']['db']['pass'] node.save unless Chef::Config[:solo] db = node['wordpress']['db'] diff --git a/recipes/nginx.rb b/recipes/nginx.rb index 7d9ded4..e66b359 100644 --- a/recipes/nginx.rb +++ b/recipes/nginx.rb @@ -17,7 +17,7 @@ # limitations under the License. # -node.default['php-fpm']['pools'] = [] unless node['php-fpm']['pools'] +node.normal['php-fpm']['pools'] = [] unless node['php-fpm']['pools'] include_recipe "php-fpm" @@ -36,7 +36,7 @@ include_recipe "php::module_mysql" -node.default['nginx']['default_site_enabled'] = false unless node['nginx']['default_site_enabled'] +node.normal['nginx']['default_site_enabled'] = false unless node['nginx']['default_site_enabled'] include_recipe "nginx" include_recipe "wordpress::app" From 4a19554d4ad1853ce0934b82b9d035c5884cd8a2 Mon Sep 17 00:00:00 2001 From: Kristian Van Der Vliet Date: Tue, 24 May 2016 17:57:21 +0000 Subject: [PATCH 3/3] Attribute to control DB installation Add the node['db']['install'] attribute and add it to the guard on the db installation process so that a wrapper cookbook can choose to entirely disable the DB setup if it wishes. Fix the helper to return true on localhost sockets (E.g. 'localhost:/path/to/socket'). --- attributes/default.rb | 1 + libraries/helpers.rb | 4 +--- recipes/database.rb | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 51fbdee..a7b45af 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -35,6 +35,7 @@ default['wordpress']['db']['port'] = '3306' # Must be a string default['wordpress']['db']['charset'] = 'utf8' default['wordpress']['db']['collate'] = '' +default['wordpress']['db']['install'] = true case node['platform'] when 'ubuntu' case node['platform_version'] diff --git a/libraries/helpers.rb b/libraries/helpers.rb index 260ab4d..e9d4c58 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -22,10 +22,8 @@ module Wordpress module Helpers def is_local_host?(host) - if host == 'localhost' || host == '127.0.0.1' || host == '::1' + if host == 'localhost' || host == '127.0.0.1' || host == '::1' || host =~ /\Alocalhost:.*\z/ true - elsif host =~ /\A\w*:.*\z/ - false else require 'socket' require 'resolv' diff --git a/recipes/database.rb b/recipes/database.rb index 9debb64..131296a 100644 --- a/recipes/database.rb +++ b/recipes/database.rb @@ -37,7 +37,7 @@ db = node['wordpress']['db'] -if is_local_host? db['host'] +if is_local_host? db['host'] and db['install'] # The following is required for the mysql community cookbook to work properly include_recipe 'selinux::disabled' if node['platform_family'] == 'rhel'