Initial commit

Opscode standard cookbook +
APT tweak to handle keys without a keyserver
RabbitMQ uses this approach

Author: gerhard

README.md

@@ -0,0 +1,80 @@
+Description
+===========
+
+Configures various APT components on Debian-like systems. Also includes a LWRP.
+
+Recipes
+=======
+
+default
+-------
+The default recipe runs apt-get update during the Compile Phase of the Chef run to ensure that the system's package cache is updated with the latest. It is recommended that this recipe appear first in a node's run list (directly or through a role) to ensure that when installing packages, Chef will be able to download the latest version available on the remote APT repository.
+
+This recipe also sets up a local cache directory for preseeding packages.
+
+cacher
+------
+Installs the apt-cacher package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/report. The cacher recipe includes the `cacher-client` recipe, so it helps seed itself.
+
+cacher-client
+-------------
+Configures the node to use the apt-cacher server as a client.
+
+Resources/Providers
+===================
+
+This cookbook contains an LWRP, `apt_repository`, which provides the `add` and `remove` actions for managing additional software repositories with entries in the `/etc/apt/sources.list.d/` directory. The LWRP also supports passing in a `key` and `keyserver` as attributes.
+
+* `add` takes a number of attributes and creates a repository file and builds the repository listing.
+* `remove` deletes the `/etc/apt/sources.list.d/#{new_resource.repo_name}-sources.list` file identified by the `repo_name` passed as the resource name.
+
+Usage
+=====
+
+Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:
+
+    template "/etc/apt/sources.list.d/my_apt_sources.list" do
+      notifies :run, resources(:execute => "apt-get update"), :immediately
+    end
+
+The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.
+
+Put `recipe[apt::cacher]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server.
+
+An example of The LWRP `apt_repository` `add` action:
+
+    apt_repository "zenoss" do
+      uri "http://dev.zenoss.org/deb"
+      distribution "main"
+      components ["stable"]
+      action :add
+    end
+
+and the `remove` action:
+
+    apt_repository "zenoss" do
+      action :remove
+    end
+
+License and Author
+==================
+
+Author:: Joshua Timberman (<[email protected]>)
+Author:: Matt Ray (<[email protected]>)
+Author:: Gerhard Lazu (<[email protected]>)
+
+Copyright 2009-2011 Opscode, Inc.
+Copyright 2011 Gerhard Lazu
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+

files/default/apt-cacher

@@ -0,0 +1,9 @@
+# apt-cacher startup configuration file
+
+# IMPORTANT: check the apt-cacher.conf file before using apt-cacher as daemon.
+
+# set to 1 to start the daemon at boot time
+AUTOSTART=1
+
+# extra settings to override the ones in apt-cacher.conf
+# EXTRAOPT=" daemon_port=3142 limit=30 "

files/default/apt-cacher.conf

@@ -0,0 +1,144 @@
+# This file has been modified by ./apt-proxy-to-apt-cacher
+# Some lines may have been appended at the bottom of this file
+# This file has been modified by /usr/share/apt-cacher/apt-proxy-to-apt-cacher
+# Some lines may have been appended at the bottom of this file
+#################################################################
+# This is the config file for apt-cacher. On most Debian systems
+# you can safely leave the defaults alone.
+#################################################################
+
+# cache_dir is used to set the location of the local cache. This can
+# become quite large, so make sure it is somewhere with plenty of space.
+cache_dir=/var/cache/apt-cacher
+
+# The email address of the administrator is displayed in the info page
+# and traffic reports.
+admin_email=root@localhost
+
+# For the daemon startup settings please edit the file /etc/default/apt-cacher.
+
+# Daemon port setting, only useful in stand-alone mode. You need to run the
+# daemon as root to use privileged ports (<1024).
+daemon_port = 3142
+
+# optional settings, user and group to run the daemon as. Make sure they have
+# sufficient permissions on the cache and log directories. Comment the settings
+# to run apt-cacher as the native user.
+group=www-data
+user=www-data
+
+# optional setting, binds the listening daemon to one specified IP. Use IP
+# ranges for more advanced configuration, see below.
+# daemon_addr=localhost
+
+# If your apt-cacher machine is directly exposed to the Internet and you are
+# worried about unauthorised machines fetching packages through it, you can
+# specify a list of IPv4 addresses which are allowed to use it and another
+# list of IPv4 addresses which aren't.
+# Localhost (127.0.0.1) is always allowed. Other addresses must be matched
+# by allowed_hosts and not by denied_hosts to be permitted to use the cache.
+# Setting allowed_hosts to "*" means "allow all".
+# Otherwise the format is a comma-separated list containing addresses,
+# optionally with masks (like 10.0.0.0/22), or ranges of addresses (two
+# addresses separated by a hyphen, no masks, like '192.168.0.3-192.168.0.56').
+allowed_hosts=*
+denied_hosts=
+
+# And similiarly for IPv6 with allowed_hosts_6 and denied_hosts_6.
+# Note that IPv4-mapped IPv6 addresses (::ffff:w.x.y.z) are truncated to
+# w.x.y.z and are handled as IPv4.
+allowed_hosts_6=fec0::/16
+denied_hosts_6=
+
+# This thing can be done by Apache but is much simplier here - limit access to
+# Debian mirrors based on server names in the URLs
+#allowed_locations=ftp.uni-kl.de,ftp.nerim.net,debian.tu-bs.de
+
+# Apt-cacher can generate usage reports every 24 hours if you set this
+# directive to 1. You can view the reports in a web browser by pointing
+# to your cache machine with '/apt-cacher/report' on the end, like this:
+#      http://yourcache.example.com/apt-cacher/report
+# Generating reports is very fast even with many thousands of logfile
+# lines, so you can safely turn this on without creating much 
+# additional system load.
+generate_reports=1
+
+# Apt-cacher can clean up its cache directory every 24 hours if you set
+# this directive to 1. Cleaning the cache can take some time to run
+# (generally in the order of a few minutes) and removes all package
+# files that are not mentioned in any existing 'Packages' lists. This
+# has the effect of deleting packages that have been superseded by an
+# updated 'Packages' list.
+clean_cache=1
+
+# The directory to use for apt-cacher access and error logs.
+# The access log records every request in the format:
+# date-time|client ip address|HIT/MISS/EXPIRED|object size|object name
+# The error log is slightly more free-form, and is also used for debug
+# messages if debug mode is turned on.
+# Note that the old 'logfile' and 'errorfile' directives are
+# deprecated: if you set them explicitly they will be honoured, but it's
+# better to just get rid of them from old config files.
+logdir=/var/log/apt-cacher
+
+# apt-cacher can use different methods to decide whether package lists need to
+# be updated,
+# A) looking at the age of the cached files
+# B) getting HTTP header from server and comparing that with cached data. This
+# method is more reliable and avoids desynchronisation of data and index files
+# but needs to transfer few bytes from the server every time somebody requests
+# the files ("apt-get update")
+# Set the following value to the maximum age (in hours) for method A or to 0
+# for method B
+expire_hours=0
+
+# Apt-cacher can pass all its requests to an external http proxy like
+# Squid, which could be very useful if you are using an ISP that blocks
+# port 80 and requires all web traffic to go through its proxy. The
+# format is 'hostname:port', eg: 'proxy.example.com:8080'.
+http_proxy=proxy.example.com:8080
+
+# Use of an external proxy can be turned on or off with this flag.
+# Value should be either 0 (off) or 1 (on).
+use_proxy=0
+
+# External http proxy sometimes need authentication to get full access. The
+# format is 'username:password'.
+http_proxy_auth=proxyuser:proxypass
+
+# Use of external proxy authentication can be turned on or off with this flag.
+# Value should be either 0 (off) or 1 (on).
+use_proxy_auth=0
+
+# Rate limiting sets the maximum bandwidth in bytes per second to use
+# for fetching packages. Syntax is fully defined in 'man wget'.
+# Use 'k' or 'm' to use kilobits or megabits / second: eg, 'limit=25k'.
+# Use 0 or a negative value for no rate limiting.
+limit=0
+
+# Debug mode makes apt-cacher spew a lot of extra debug junk to the
+# error log (whose location is defined with the 'logdir' directive).
+# Leave this off unless you need it, or your error log will get very
+# big. Acceptable values are 0 or 1.
+debug=0
+
+# Adapt the line in the usage info web page to match your server configuration
+# example_sources_line=deb&nbsp;http://<b>my.cacher.server:3142/</b>ftp.au.debian.org/debian&nbsp;unstable&nbsp;main&nbsp;contrib&nbsp;non-free
+
+# Print a 410 (Gone) HTTP message with the specified text when accessed via
+# CGI. Useful to tell users to adapt their sources.list files when the
+# apt-cacher server is beeing relocated (via apt-get's error messages while
+# running "update")
+#cgi_advise_to_use = Please use http://cacheserver:3142/ as apt-cacher access URL
+#cgi_advise_to_use = Server relocated. To change sources.list, run perl -pe "s,/apt-cacher\??,:3142," -i /etc/apt/sources.list
+
+# Server mapping - this allows to hide real server names behind virtual paths
+# that appear in the access URL. This method is known from apt-proxy. This is
+# also the only method to use FTP access to the target hosts. The syntax is simple, the part of the beginning to replace, followed by a list of mirror urls, all space separated. Multiple profile are separated by semicolons
+# path_map = debian ftp.uni-kl.de/pub/linux/debian ftp2.de.debian.org/debian ; ubuntu archive.ubuntu.com/ubuntu ; security security.debian.org/debian-security ftp2.de.debian.org/debian-security
+# Note that you need to specify all target servers in the allowed_locations
+# options if you make use of it. Also note that the paths should not overlap
+# each other. FTP access method not supported yet, maybe in the future.
+
+# extra setting from apt-proxy configuration
+path_map =  ubuntu us.archive.ubuntu.com/ubuntu ; ubuntu-security security.ubuntu.com/ubuntu ; debian debian.osuosl.org/debian/ ; security security.debian.org/debian-security

files/default/apt-proxy-v2.conf

@@ -0,0 +1,50 @@
+[DEFAULT]
+;; All times are in seconds, but you can add a suffix
+;; for minutes(m), hours(h) or days(d)
+
+;; commented out address so apt-proxy will listen on all IPs
+;; address = 127.0.0.1
+port = 9999
+cache_dir = /var/cache/apt-proxy
+
+;; Control files (Packages/Sources/Contents) refresh rate
+min_refresh_delay = 1s
+complete_clientless_downloads = 1
+
+;; Debugging settings.
+debug = all:4 db:0
+
+time = 30
+passive_ftp = on
+
+;;--------------------------------------------------------------
+;; Cache housekeeping
+
+cleanup_freq = 1d
+max_age = 120d
+max_versions = 3
+
+;;---------------------------------------------------------------
+;; Backend servers
+;;
+;; Place each server in its own [section]
+
+[ubuntu]
+; Ubuntu archive
+backends =
+        http://us.archive.ubuntu.com/ubuntu
+
+[ubuntu-security]
+; Ubuntu security updates
+backends = http://security.ubuntu.com/ubuntu
+
+[debian]
+;; Backend servers, in order of preference
+backends = 
+        http://debian.osuosl.org/debian/
+
+[security]
+;; Debian security archive
+backends = 
+        http://security.debian.org/debian-security
+        http://ftp2.de.debian.org/debian-security

metadata.rb

@@ -0,0 +1,13 @@
+maintainer        "Gerhard Lazu"
+maintainer_email  "[email protected]"
+license           "Apache 2.0"
+description       "Configures apt and apt services and an LWRP for managing apt repositories"
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version           "1.1.1"
+recipe            "apt", "Runs apt-get update during compile phase and sets up preseed directories"
+recipe            "apt::cacher", "Set up an APT cache"
+recipe            "apt::cacher-client", "Client for the apt::cacher server"
+
+%w{ ubuntu debian }.each do |os|
+  supports os
+end

providers/repository.rb

@@ -0,0 +1,51 @@
+action :add do
+  unless ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list")
+    Chef::Log.info "Adding #{new_resource.repo_name} repository to /etc/apt/sources.list.d/#{new_resource.repo_name}-source.list"
+    # add key
+    if new_resource.key && new_resource.keyserver
+      execute "install-key #{new_resource.key}" do
+        command "apt-key adv --keyserver #{new_resource.keyserver} --recv #{new_resource.key}"
+      end
+    elsif new_resource.key
+      execute "install-key #{new_resource.key}" do
+        command %{
+          tmp_key=$(mktemp /tmp/key.XXXXX)
+          curl #{new_resource.key} -o $tmp_key
+          apt-key add $tmp_key
+          rm $tmp_key
+        }
+      end
+    end
+    # build our listing
+    repository = "deb"
+    repository = "deb-src" if new_resource.deb_src
+    repository = "# Created by the Chef apt_repository LWRP\n" + repository
+    repository += " #{new_resource.uri}"
+    repository += " #{new_resource.distribution}"
+    new_resource.components.each {|component| repository += " #{component}"}
+    # write out the file, replace it if it already exists
+    file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do
+      owner "root"
+      group "root"
+      mode 0644
+      content repository + "\n"
+      action :create
+    end
+    e = execute "update package index" do
+      command "apt-get update"
+      action :run
+    end
+    e.run_action(:run)
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+action :remove do
+  if ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list")
+    Chef::Log.info "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/"
+    file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do
+      action :delete
+    end
+    new_resource.updated_by_last_action(true)
+  end
+end

recipes/cacher-client.rb

@@ -0,0 +1,37 @@
+#
+# Cookbook Name:: apt
+# Recipe:: cacher-client
+#
+# Copyright 2011, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+servers = search(:node, 'recipes:apt\:\:cacher') || []
+if servers.length > 0
+  Chef::Log.info("apt-cacher server found on #{servers[0]}.")
+  proxy = "Acquire::http::Proxy \"http://#{servers[0].ipaddress}:3142\";"
+  file "/etc/apt/apt.conf.d/01proxy" do
+    owner "root"
+    group "root"
+    mode "0644"
+    content proxy
+    action :create
+  end
+else
+  Chef::Log.info("No apt-cacher server found.")
+  file "/etc/apt/apt.conf.d/01proxy" do
+    action :delete
+    only_if {File.exists?("/etc/apt/apt.conf.d/01proxy")}
+  end
+end