Initial commit.

.gitignore

@@ -0,0 +1,2 @@
+.rake_test_cache
+

README

@@ -0,0 +1,8 @@
+= Openstack Cookbooks
+
+A set of Chef cookbooks for Openstack.
+
+== Description
+
+Chef cookbooks for nova, glance, mysql, etc. to help setup and configure
+Openstack in Cloud Servers VPC type environments.

Rakefile

@@ -0,0 +1,66 @@
+#
+# Rakefile for Chef Server Repository
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'rubygems'
+require 'chef'
+require 'json'
+
+# Load constants from rake config file.
+require File.join(File.dirname(__FILE__), 'config', 'rake')
+
+# Detect the version control system and assign to $vcs. Used by the update
+# task in chef_repo.rake (below). The install task calls update, so this
+# is run whenever the repo is installed.
+#
+# Comment out these lines to skip the update.
+
+if File.directory?(File.join(TOPDIR, ".svn"))
+  $vcs = :svn
+elsif File.directory?(File.join(TOPDIR, ".git"))
+  $vcs = :git
+end
+
+# Load common, useful tasks from Chef.
+# rake -T to see the tasks this loads.
+
+load 'chef/tasks/chef_repo.rake'
+
+desc "Bundle a single cookbook for distribution"
+task :bundle_cookbook => [ :metadata ]
+task :bundle_cookbook, :cookbook do |t, args|
+  tarball_name = "#{args.cookbook}.tar.gz"
+  temp_dir = File.join(Dir.tmpdir, "chef-upload-cookbooks")
+  temp_cookbook_dir = File.join(temp_dir, args.cookbook)
+  tarball_dir = File.join(TOPDIR, "pkgs")
+  FileUtils.mkdir_p(tarball_dir)
+  FileUtils.mkdir(temp_dir)
+  FileUtils.mkdir(temp_cookbook_dir)
+
+  child_folders = [ "cookbooks/#{args.cookbook}", "site-cookbooks/#{args.cookbook}" ]
+  child_folders.each do |folder|
+    file_path = File.join(TOPDIR, folder, ".")
+    FileUtils.cp_r(file_path, temp_cookbook_dir) if File.directory?(file_path)
+  end
+
+  system("tar", "-C", temp_dir, "-cvzf", File.join(tarball_dir, tarball_name), "./#{args.cookbook}")
+
+  FileUtils.rm_rf temp_dir
+end
+

certificates/README

@@ -0,0 +1 @@
+This directory contains certificates created by the Rakefile.

config/client.rb.example

@@ -0,0 +1,21 @@
+#
+# Example Chef Client Config File
+#
+# We recommend using Opscode's chef cookbook for managing chef itself,
+# instead of using this file. It is provided as an example.
+
+log_level          :info
+log_location       STDOUT
+ssl_verify_mode    :verify_none
+chef_server_url    "http://chef.example.com:4000"
+
+validation_client_name "chef-validator"
+validation_key         "/etc/chef/validation.pem"
+client_key             "/etc/chef/client.pem"
+
+file_store_path    "/srv/chef/file_store"
+file_cache_path    "/srv/chef/cache"
+
+pid_file           "/var/run/chef/chef-client.pid"
+
+Mixlib::Log::Formatter.show_time = true

config/knife.rb.example

@@ -0,0 +1,10 @@
+log_level                :info
+log_location             STDOUT
+node_name                'chef_admin'
+client_key               '/home/chef_admin/.chef/chef_admin.pem'
+validation_client_name   'chef-validator'
+validation_key           '/home/chef_admin/.chef/chef-validator.pem'
+chef_server_url          'http://chef.example.com:4000'
+cache_type               'BasicFile'
+cache_options( :path => '/home/chef_admin/.chef/checksums' )
+cookbook_path [ './cookbooks', './site-cookbooks' ]

config/rake.rb

@@ -0,0 +1,60 @@
+###
+# Company and SSL Details
+###
+
+# The company name - used for SSL certificates, and in srvious other places
+COMPANY_NAME = ""
+
+# The Country Name to use for SSL Certificates
+SSL_COUNTRY_NAME = ""
+
+# The State Name to use for SSL Certificates
+SSL_STATE_NAME = ""
+
+# The Locality Name for SSL - typically, the city
+SSL_LOCALITY_NAME = ""
+
+# What department?
+SSL_ORGANIZATIONAL_UNIT_NAME = ""
+
+# The SSL contact email address
+SSL_EMAIL_ADDRESS = ""
+
+# License for new Cookbooks
+# Can be :apachev2 or :none
+NEW_COOKBOOK_LICENSE = :none
+
+##########################
+# Chef Repository Layout #
+##########################
+
+# Where to install upstream cookbooks for serving
+COOKBOOK_PATH = "/srv/chef/cookbooks"
+
+# Where to install site-local modifications to upstream cookbooks
+SITE_COOKBOOK_PATH = "/srv/chef/site-cookbooks"
+
+# Where to install roles
+ROLE_PATH = "/srv/chef/roles"
+
+# Chef Config Path
+CHEF_CONFIG_PATH = "/etc/chef"
+
+# The location of the Chef Server Config file (on the server)
+CHEF_SERVER_CONFIG = File.join(CHEF_CONFIG_PATH, "server.rb")
+
+# The location of the Chef Client Config file (on the client)
+CHEF_CLIENT_CONFIG = File.join(CHEF_CONFIG_PATH, "client.rb")
+
+###
+# Useful Extras (which you probably don't need to change)
+###
+
+# The top of the repository checkout
+TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), ".."))
+
+# Where to store certificates generated with ssl_cert
+CADIR = File.expand_path(File.join(TOPDIR, "certificates"))
+
+# Where to store the mtime cache for the recipe/template syntax check
+TEST_CACHE = File.expand_path(File.join(TOPDIR, ".rake_test_cache"))

config/server.rb.example

@@ -0,0 +1,42 @@
+#
+# Chef Server Config File
+#
+# We recommend using Opscode's chef cookbook for managing chef itself,
+# instead of using this file. It is provided as an example.
+
+log_level          :info
+log_location       STDOUT
+ssl_verify_mode    :verify_none
+chef_server_url    "http://chef.example.com:4000"
+
+signing_ca_path    "/srv/chef/ca"
+couchdb_database   'chef'
+
+cookbook_path      [ "/srv/chef/cookbooks", "/srv/chef/site-cookbooks" ]
+
+file_cache_path    "/srv/chef/cache"
+node_path          "/srv/chef/nodes"
+openid_store_path  "/srv/chef/openid/store"
+openid_cstore_path "/srv/chef/openid/cstore"
+search_index_path  "/srv/chef/search_index"
+role_path          "/srv/chef/roles"
+
+validation_client_name "chef-validator"
+validation_key         "/etc/chef/validation.pem"
+client_key             "/etc/chef/client.pem"
+web_ui_client_name     "chef-webui"
+web_ui_key             "/etc/chef/webui.pem"
+
+# change this as required.
+#web_ui_admin_user_name "admin"
+#web_ui_admin_default_password "replace_with_something_secure"
+
+supportdir = "/srv/chef/support"
+solr_jetty_path File.join(supportdir, "solr", "jetty")
+solr_data_path  File.join(supportdir, "solr", "data")
+solr_home_path  File.join(supportdir, "solr", "home")
+solr_heap_size  "256M"
+
+umask 0022
+
+Mixlib::Log::Formatter.show_time = false

config/solo.rb.example

@@ -0,0 +1,13 @@
+#
+# Chef Solo Config File
+#
+
+log_level          :info
+log_location       STDOUT
+file_cache_path    "/var/chef/cookbooks"
+
+# Optionally store your JSON data file and a tarball of cookbooks remotely.
+#json_attribs "http://chef.example.com/dna.json"
+#recipe_url   "http://chef.example.com/cookbooks.tar.gz"
+
+Mixlib::Log::Formatter.show_time = false

cookbooks/README

@@ -0,0 +1,2 @@
+Download cookbooks into this directory from the Opscode Cookbooks site
+using knife, or remove this file to clone an upstream Git Repository.

cookbooks/apt/README.md

@@ -0,0 +1,79 @@
+Description
+===========
+
+Configures various APT components on Debian-like systems.  Also includes a LWRP.
+
+Recipes
+=======
+
+default
+-------
+
+The default recipe runs apt-get update during the Compile Phase of the Chef run to ensure that the system's package cache is updated with the latest. It is recommended that this recipe appear first in a node's run list (directly or through a role) to ensure that when installing packages, Chef will be able to download the latest version available on the remote APT repository.
+
+This recipe also sets up a local cache directory for preseeding packages.
+
+cacher
+------
+
+Installs the apt-cacher package and service so the system can be an APT cache.
+
+proxy
+-----
+
+Installs the apt-proxy package and service so the system can be an APT proxy.
+
+Resources/Providers
+===================
+
+This cookbook contains an LWRP, `apt_repository`, which provides the `add` and `remove` actions for managing additional software repositories with entries in the `/etc/apt/sources.list.d/` directory.
+
+* `add` takes a number of attributes and creates a repository file and builds the repository listing.
+* `remove` deletes the `/etc/apt/sources.list.d/#{new_resource.repo_name}-sources.list` file identified by the `repo_name` passed as the resource name.
+
+Usage
+=====
+
+Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:
+
+    template "/etc/apt/sources.list.d/my_apt_sources.list" do
+      notifies :run, resources(:execute => "apt-get update"), :immediately
+    end
+
+The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.
+
+An example of The LWRP `apt_repository` `add` action:
+
+    apt_repository "zenoss" do
+      uri "http://dev.zenoss.org/deb"
+      distribution "main"
+      components ["stable"]
+      action :add
+    end
+
+and the `remove` action:
+
+    apt_repository "zenoss" do
+      action :remove
+    end
+
+License and Author
+==================
+
+Author:: Joshua Timberman (<joshua@opscode.com>)
+Author:: Matt Ray (<matt@opscode.com>)
+
+Copyright 2009, 2010 Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+

cookbooks/apt/files/default/apt-cacher

@@ -0,0 +1,9 @@
+# apt-cacher startup configuration file
+
+# IMPORTANT: check the apt-cacher.conf file before using apt-cacher as daemon.
+
+# set to 1 to start the daemon at boot time
+AUTOSTART=1
+
+# extra settings to override the ones in apt-cacher.conf
+# EXTRAOPT=" daemon_port=3142 limit=30 "

cookbooks/apt/files/default/apt-cacher.conf

@@ -0,0 +1,144 @@
+# This file has been modified by ./apt-proxy-to-apt-cacher
+# Some lines may have been appended at the bottom of this file
+# This file has been modified by /usr/share/apt-cacher/apt-proxy-to-apt-cacher
+# Some lines may have been appended at the bottom of this file
+#################################################################
+# This is the config file for apt-cacher. On most Debian systems
+# you can safely leave the defaults alone.
+#################################################################
+
+# cache_dir is used to set the location of the local cache. This can
+# become quite large, so make sure it is somewhere with plenty of space.
+cache_dir=/var/cache/apt-cacher
+
+# The email address of the administrator is displayed in the info page
+# and traffic reports.
+admin_email=root@localhost
+
+# For the daemon startup settings please edit the file /etc/default/apt-cacher.
+
+# Daemon port setting, only useful in stand-alone mode. You need to run the
+# daemon as root to use privileged ports (<1024).
+daemon_port = 3142
+
+# optional settings, user and group to run the daemon as. Make sure they have
+# sufficient permissions on the cache and log directories. Comment the settings
+# to run apt-cacher as the native user.
+group=www-data
+user=www-data
+
+# optional setting, binds the listening daemon to one specified IP. Use IP
+# ranges for more advanced configuration, see below.
+# daemon_addr=localhost
+
+# If your apt-cacher machine is directly exposed to the Internet and you are
+# worried about unauthorised machines fetching packages through it, you can
+# specify a list of IPv4 addresses which are allowed to use it and another
+# list of IPv4 addresses which aren't.
+# Localhost (127.0.0.1) is always allowed. Other addresses must be matched
+# by allowed_hosts and not by denied_hosts to be permitted to use the cache.
+# Setting allowed_hosts to "*" means "allow all".
+# Otherwise the format is a comma-separated list containing addresses,
+# optionally with masks (like 10.0.0.0/22), or ranges of addresses (two
+# addresses separated by a hyphen, no masks, like '192.168.0.3-192.168.0.56').
+allowed_hosts=*
+denied_hosts=
+
+# And similiarly for IPv6 with allowed_hosts_6 and denied_hosts_6.
+# Note that IPv4-mapped IPv6 addresses (::ffff:w.x.y.z) are truncated to
+# w.x.y.z and are handled as IPv4.
+allowed_hosts_6=fec0::/16
+denied_hosts_6=
+
+# This thing can be done by Apache but is much simplier here - limit access to
+# Debian mirrors based on server names in the URLs
+#allowed_locations=ftp.uni-kl.de,ftp.nerim.net,debian.tu-bs.de
+
+# Apt-cacher can generate usage reports every 24 hours if you set this
+# directive to 1. You can view the reports in a web browser by pointing
+# to your cache machine with '/apt-cacher/report' on the end, like this:
+#      http://yourcache.example.com/apt-cacher/report
+# Generating reports is very fast even with many thousands of logfile
+# lines, so you can safely turn this on without creating much 
+# additional system load.
+generate_reports=1
+
+# Apt-cacher can clean up its cache directory every 24 hours if you set
+# this directive to 1. Cleaning the cache can take some time to run
+# (generally in the order of a few minutes) and removes all package
+# files that are not mentioned in any existing 'Packages' lists. This
+# has the effect of deleting packages that have been superseded by an
+# updated 'Packages' list.
+clean_cache=1
+
+# The directory to use for apt-cacher access and error logs.
+# The access log records every request in the format:
+# date-time|client ip address|HIT/MISS/EXPIRED|object size|object name
+# The error log is slightly more free-form, and is also used for debug
+# messages if debug mode is turned on.
+# Note that the old 'logfile' and 'errorfile' directives are
+# deprecated: if you set them explicitly they will be honoured, but it's
+# better to just get rid of them from old config files.
+logdir=/var/log/apt-cacher
+
+# apt-cacher can use different methods to decide whether package lists need to
+# be updated,
+# A) looking at the age of the cached files
+# B) getting HTTP header from server and comparing that with cached data. This
+# method is more reliable and avoids desynchronisation of data and index files
+# but needs to transfer few bytes from the server every time somebody requests
+# the files ("apt-get update")
+# Set the following value to the maximum age (in hours) for method A or to 0
+# for method B
+expire_hours=0
+
+# Apt-cacher can pass all its requests to an external http proxy like
+# Squid, which could be very useful if you are using an ISP that blocks
+# port 80 and requires all web traffic to go through its proxy. The
+# format is 'hostname:port', eg: 'proxy.example.com:8080'.
+http_proxy=proxy.example.com:8080
+
+# Use of an external proxy can be turned on or off with this flag.
+# Value should be either 0 (off) or 1 (on).
+use_proxy=0
+
+# External http proxy sometimes need authentication to get full access. The
+# format is 'username:password'.
+http_proxy_auth=proxyuser:proxypass
+
+# Use of external proxy authentication can be turned on or off with this flag.
+# Value should be either 0 (off) or 1 (on).
+use_proxy_auth=0
+
+# Rate limiting sets the maximum bandwidth in bytes per second to use
+# for fetching packages. Syntax is fully defined in 'man wget'.
+# Use 'k' or 'm' to use kilobits or megabits / second: eg, 'limit=25k'.
+# Use 0 or a negative value for no rate limiting.
+limit=0
+
+# Debug mode makes apt-cacher spew a lot of extra debug junk to the
+# error log (whose location is defined with the 'logdir' directive).
+# Leave this off unless you need it, or your error log will get very
+# big. Acceptable values are 0 or 1.
+debug=0
+
+# Adapt the line in the usage info web page to match your server configuration
+# example_sources_line=deb&nbsp;http://<b>my.cacher.server:3142/</b>ftp.au.debian.org/debian&nbsp;unstable&nbsp;main&nbsp;contrib&nbsp;non-free
+
+# Print a 410 (Gone) HTTP message with the specified text when accessed via
+# CGI. Useful to tell users to adapt their sources.list files when the
+# apt-cacher server is beeing relocated (via apt-get's error messages while
+# running "update")
+#cgi_advise_to_use = Please use http://cacheserver:3142/ as apt-cacher access URL
+#cgi_advise_to_use = Server relocated. To change sources.list, run perl -pe "s,/apt-cacher\??,:3142," -i /etc/apt/sources.list
+
+# Server mapping - this allows to hide real server names behind virtual paths
+# that appear in the access URL. This method is known from apt-proxy. This is
+# also the only method to use FTP access to the target hosts. The syntax is simple, the part of the beginning to replace, followed by a list of mirror urls, all space separated. Multiple profile are separated by semicolons
+# path_map = debian ftp.uni-kl.de/pub/linux/debian ftp2.de.debian.org/debian ; ubuntu archive.ubuntu.com/ubuntu ; security security.debian.org/debian-security ftp2.de.debian.org/debian-security
+# Note that you need to specify all target servers in the allowed_locations
+# options if you make use of it. Also note that the paths should not overlap
+# each other. FTP access method not supported yet, maybe in the future.
+
+# extra setting from apt-proxy configuration
+path_map =  ubuntu us.archive.ubuntu.com/ubuntu ; ubuntu-security security.ubuntu.com/ubuntu ; debian debian.osuosl.org/debian/ ; security security.debian.org/debian-security

cookbooks/apt/files/default/apt-proxy-v2.conf

@@ -0,0 +1,50 @@
+[DEFAULT]
+;; All times are in seconds, but you can add a suffix
+;; for minutes(m), hours(h) or days(d)
+
+;; commented out address so apt-proxy will listen on all IPs
+;; address = 127.0.0.1
+port = 9999
+cache_dir = /var/cache/apt-proxy
+
+;; Control files (Packages/Sources/Contents) refresh rate
+min_refresh_delay = 1s
+complete_clientless_downloads = 1
+
+;; Debugging settings.
+debug = all:4 db:0
+
+time = 30
+passive_ftp = on
+
+;;--------------------------------------------------------------
+;; Cache housekeeping
+
+cleanup_freq = 1d
+max_age = 120d
+max_versions = 3
+
+;;---------------------------------------------------------------
+;; Backend servers
+;;
+;; Place each server in its own [section]
+
+[ubuntu]
+; Ubuntu archive
+backends =
+        http://us.archive.ubuntu.com/ubuntu
+
+[ubuntu-security]
+; Ubuntu security updates
+backends = http://security.ubuntu.com/ubuntu
+
+[debian]
+;; Backend servers, in order of preference
+backends = 
+        http://debian.osuosl.org/debian/
+
+[security]
+;; Debian security archive
+backends = 
+        http://security.debian.org/debian-security
+        http://ftp2.de.debian.org/debian-security

cookbooks/apt/metadata.json

@@ -0,0 +1,46 @@
+{
+  "platforms": {
+    "debian": [
+
+    ],
+    "ubuntu": [
+
+    ]
+  },
+  "maintainer": "Opscode, Inc.",
+  "replacing": {
+
+  },
+  "license": "Apache 2.0",
+  "maintainer_email": "cookbooks@opscode.com",
+  "groupings": {
+
+  },
+  "recommendations": {
+
+  },
+  "description": "Configures apt and apt services",
+  "version": "0.9.2",
+  "suggestions": {
+
+  },
+  "attributes": {
+
+  },
+  "conflicting": {
+
+  },
+  "name": "apt",
+  "recipes": {
+    "apt::proxy": "Set up an APT proxy",
+    "apt": "Runs apt-get update during compile phase and sets up preseed directories",
+    "apt::cacher": "Set up an APT cache"
+  },
+  "dependencies": {
+
+  },
+  "long_description": "",
+  "providing": {
+
+  }
+}

cookbooks/apt/metadata.rb

@@ -0,0 +1,12 @@
+maintainer        "Opscode, Inc."
+maintainer_email  "cookbooks@opscode.com"
+license           "Apache 2.0"
+description       "Configures apt and apt services"
+version           "0.9.2"
+recipe            "apt", "Runs apt-get update during compile phase and sets up preseed directories"
+recipe            "apt::cacher", "Set up an APT cache"
+recipe            "apt::proxy", "Set up an APT proxy"
+
+%w{ ubuntu debian }.each do |os|
+  supports os
+end

cookbooks/apt/providers/repository.rb

@@ -0,0 +1,44 @@
+action :add do
+  unless ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list")
+    Chef::Log.info "Adding #{new_resource.repo_name} repository to /etc/apt/sources.list.d/#{new_resource.repo_name}-source.list"
+    # add key
+    if new_resource.key && new_resource.keyserver
+      e = execute "install-key #{new_resource.key}" do
+        command "apt-key adv --keyserver #{new_resource.keyserver} --recv #{new_resource.key}"
+        action :run
+      end
+      e.run_action(:run)
+    end
+    # build our listing
+    repository = "deb"
+    repository = "deb-src" if new_resource.deb_src
+    repository = "# Created by the Chef apt_repository LWRP\n" + repository
+    repository += " #{new_resource.uri}"
+    repository += " #{new_resource.distribution}"
+    new_resource.components.each {|component| repository += " #{component}"}
+    # write out the file, replace it if it already exists
+    file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do
+      owner "root"
+      group "root"
+      mode 0644
+      content repository + "\n"
+      action :create
+    end
+    e = execute "update package index" do
+      command "apt-get update"
+      action :run
+    end
+    e.run_action(:run)
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+action :remove do
+  if ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list")
+    Chef::Log.info "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/"
+    file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do
+      action :delete
+    end
+    new_resource.updated_by_last_action(true)
+  end
+end

cookbooks/apt/recipes/cacher.rb

@@ -0,0 +1,42 @@
+#
+# Cookbook Name:: apt
+# Recipe:: cacher
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+package "apt-cacher" do
+  action :install
+end
+
+service "apt-cacher" do
+  supports :restart => true, :status => false
+  action [ :enable, :start ]
+end
+
+cookbook_file "/etc/apt-cacher/apt-cacher.conf" do
+  source "apt-cacher.conf"
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :restart, resources(:service => "apt-cacher")
+end
+
+cookbook_file "/etc/default/apt-cacher" do
+  source "apt-cacher"
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :restart, resources(:service => "apt-cacher")
+end

cookbooks/apt/recipes/default.rb

@@ -0,0 +1,33 @@
+#
+# Cookbook Name:: apt
+# Recipe:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+e = execute "apt-get update" do
+  action :nothing
+end
+
+e.run_action(:run)
+
+%w{/var/cache/local /var/cache/local/preseeding}.each do |dirname|
+  directory dirname do
+    owner "root"
+    group "root"
+    mode  0755
+    action :create
+  end
+end

cookbooks/apt/recipes/proxy.rb

@@ -0,0 +1,34 @@
+#
+# Cookbook Name:: apt
+# Recipe:: proxy
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+package "apt-proxy" do 
+  action :install
+end
+
+service "apt-proxy" do
+  supports :restart => true, :status => false
+  action [ :enable, :start ]
+end
+
+cookbook_file "/etc/apt-proxy/apt-proxy-v2.conf" do
+  source "apt-proxy-v2.conf"
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :restart, resources(:service => "apt-proxy")
+end

cookbooks/apt/resources/repository.rb

@@ -0,0 +1,11 @@
+actions :add, :remove
+
+#name of the repo, used for source.list filename
+attribute :repo_name, :kind_of => String, :name_attribute => true
+attribute :key, :kind_of => String, :default => nil
+attribute :keyserver, :kind_of => String, :default => nil
+attribute :uri, :kind_of => String
+#whether or not to add the repository as a source repo as well
+attribute :deb_src, :default => false
+attribute :distribution, :kind_of => String
+attribute :components, :kind_of => Array, :default => []

cookbooks/build-essential/metadata.json

@@ -0,0 +1,47 @@
+{
+  "platforms": {
+    "debian": [
+
+    ],
+    "centos": [
+
+    ],
+    "ubuntu": [
+
+    ]
+  },
+  "maintainer": "Opscode, Inc.",
+  "replacing": {
+
+  },
+  "license": "Apache 2.0",
+  "maintainer_email": "cookbooks@opscode.com",
+  "groupings": {
+
+  },
+  "recommendations": {
+
+  },
+  "description": "Installs C compiler / build tools",
+  "version": "0.7.0",
+  "suggestions": {
+
+  },
+  "attributes": {
+
+  },
+  "conflicting": {
+
+  },
+  "name": "build-essential",
+  "recipes": {
+
+  },
+  "dependencies": {
+
+  },
+  "long_description": "",
+  "providing": {
+
+  }
+}

cookbooks/build-essential/metadata.rb

@@ -0,0 +1,9 @@
+maintainer        "Opscode, Inc."
+maintainer_email  "cookbooks@opscode.com"
+license           "Apache 2.0"
+description       "Installs C compiler / build tools"
+version           "0.7"
+
+%w{ centos ubuntu debian }.each do |os|
+  supports os
+end

cookbooks/build-essential/recipes/default.rb

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: build-essential
+# Recipe:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node[:platform]
+when "ubuntu","debian"
+  %w{build-essential binutils-doc}.each do |pkg|
+    package pkg do
+      action :install
+    end
+  end
+when "centos"
+  package "gcc" do
+    action :install
+  end
+end
+
+package "autoconf" do
+  action :install
+end
+
+package "flex" do
+  action :install
+end
+
+package "bison" do
+  action :install
+end

cookbooks/glance/README.rdoc

@@ -0,0 +1,14 @@
+= DESCRIPTION:
+
+Chef Cookbooks to setup Glance API and Registry.
+
+= REQUIREMENTS:
+
+Requires access to glance packages.
+
+= ATTRIBUTES: 
+
+See attributes/default.rb.
+
+= USAGE:
+

cookbooks/glance/attributes/default.rb

@@ -0,0 +1,21 @@
+default[:glance][:config_file]="/etc/glance/glance.conf"
+default[:glance][:log_dir]="/var/log/glance"
+default[:glance][:working_directory]="/var/lib/glance"
+default[:glance][:pid_directory]="/var/run/glance/"
+
+default[:glance][:verbose] = "True"
+default[:glance][:debug] = "True"
+default[:glance][:api_bind_host] = "0.0.0.0"
+default[:glance][:api_bind_port] = "9292"
+default[:glance][:registry_host] = "0.0.0.0"
+default[:glance][:registry_bind_host] = "0.0.0.0"
+default[:glance][:registry_bind_port] = "9191"
+default[:glance][:sql_connection] = "sqlite:////var/lib/glance/glance.sqlite"
+default[:glance][:sql_idle_timeout] = "3600"
+
+#default_store choices are: file, http, https, swift, s3
+default[:glance][:default_store] = "file"
+default[:glance][:filesystem_store_datadir] = "/var/lib/glance/images"
+
+# automatically glance upload the tty linux image. (glance::setup recipe)
+default[:glance][:tty_linux_image] = "http://images.ansolabs.com/tty.tgz"

cookbooks/glance/definitions/glance_service.rb

@@ -0,0 +1,16 @@
+define :glance_service do
+
+  service_name="glance-#{params[:name]}"
+  pidfile="#{node[:glance][:pid_directory]}/#{service_name}.pid"
+
+  service service_name do
+    start_command "cd #{node[:glance][:working_directory]} && su -c 'glance-control #{params[:name]} start --pid-file=#{pidfile}' glance"
+    stop_command "su -c 'glance-control #{params[:name]} stop --pid-file=#{pidfile}' glance"
+    restart_command "su -c 'glance-control #{params[:name]} restart --pid-file=#{pidfile}' glance"
+    status_command "pgrep #{service_name}"
+    supports :status => true, :restart => true
+    action :start
+    subscribes :restart, resources(:template => "/etc/glance/glance.conf")
+  end
+
+end

cookbooks/glance/metadata.rb

@@ -0,0 +1,6 @@
+maintainer       "Dan Prince"
+maintainer_email "dan.prince@rackspace.com"
+license          "Apache 2.0"
+description      "Installs/Configures Glance"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version          "0.1"

cookbooks/glance/recipes/api.rb

@@ -0,0 +1,9 @@
+#
+# Cookbook Name:: glance
+# Recipe:: api
+#
+#
+
+include_recipe "#{@cookbook_name}::common"
+
+glance_service "api"

cookbooks/glance/recipes/common.rb

@@ -0,0 +1,28 @@
+#
+# Cookbook Name:: glance
+# Recipe:: common
+#
+#
+
+package "glance" do
+  options "--force-yes"
+  action :install
+end
+
+[node[:glance][:log_dir], node[:glance][:working_directory], File::dirname(node[:glance][:config_file]), node[:glance][:pid_directory]].each do |glance_dir|
+
+  directory glance_dir do
+    owner "glance"
+    group "root"
+    mode "0755"
+    action :create
+  end
+
+end
+
+template node[:glance][:config_file] do
+  source "glance.conf.erb"
+  owner "glance"
+  group "root"
+  mode 0644
+end

cookbooks/glance/recipes/default.rb

@@ -0,0 +1,5 @@
+#
+# Cookbook Name:: glance
+# Recipe:: default
+#
+#

cookbooks/glance/recipes/registry.rb

@@ -0,0 +1,9 @@
+#
+# Cookbook Name:: glance
+# Recipe:: registry
+#
+#
+
+include_recipe "#{@cookbook_name}::common"
+
+glance_service "registry"

cookbooks/glance/recipes/setup.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: glance
+# Recipe:: setup
+#
+
+include_recipe "#{@cookbook_name}::common"
+
+bash "tty linux setup" do
+  cwd "/tmp"
+  user "root"
+  code <<-EOH
+	mkdir -p /var/lib/glance/
+	curl #{node[:glance][:tty_linux_image]} | tar xvz -C /tmp/
+	glance-upload --type ramdisk /tmp/ari-tty/image ari-tty
+	glance-upload --type kernel /tmp/aki-tty/image aki-tty
+	glance-upload --type machine /tmp/ami-tty/image ami-tty --ramdisk=1 --kernel=2
+	touch /var/lib/glance/tty_setup
+  EOH
+  not_if do File.exists?("/var/lib/glance/tty_setup") end
+end

cookbooks/glance/templates/default/glance.conf.erb

@@ -0,0 +1,56 @@
+#--working_directory=<%= node[:glance][:working_directory] %>
+#--logdir=<%= node[:glance][:logdir] %>
+
+[DEFAULT]
+# Show more verbose log output (sets INFO log level output)
+verbose = <%= node[:glance][:verbose] %>
+
+# Show debugging output in logs (sets DEBUG log level output)
+debug = <%= node[:glance][:debug] %>
+
+[app:glance-api]
+paste.app_factory = glance.server:app_factory
+
+# Directory that the Filesystem backend store
+# writes image data to
+filesystem_store_datadir=<%= node[:glance][:filesystem_store_datadir] %>
+
+# Which backend store should Glance use by default is not specified
+# in a request to add a new image to Glance? Default: 'file'
+# Available choices are 'file', 'swift', and 's3'
+default_store = <%= node[:glance][:default_store] %>
+
+# Address to bind the API server
+bind_host = <%= node[:glance][:api_bind_host] %>
+
+# Port the bind the API server to
+bind_port = <%= node[:glance][:api_bind_port] %>
+
+# Address to find the registry server
+registry_host = <%= node[:glance][:registry_host] %>
+
+# Port the registry server is listening on
+registry_port = <%= node[:glance][:registry_bind_port] %>
+
+[app:glance-registry]
+paste.app_factory = glance.registry.server:app_factory
+
+# Address to bind the registry server
+bind_host = <%= node[:glance][:registry_bind_host] %>
+
+# Port the bind the registry server to
+bind_port = <%= node[:glance][:registry_bind_port] %>
+
+# SQLAlchemy connection string for the reference implementation
+# registry server. Any valid SQLAlchemy connection string is fine.
+# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
+sql_connection = <%= node[:glance][:sql_connection] %>
+
+# Period in seconds after which SQLAlchemy should reestablish its connection
+# to the database.
+#
+# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
+# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
+# notice this, you can lower this value to ensure that SQLAlchemy reconnects
+# before MySQL can drop the connection.
+sql_idle_timeout = 3600

cookbooks/mysql/README.rdoc

@@ -0,0 +1,143 @@
+= DESCRIPTION:
+
+Installs and configures MySQL client or server.
+
+= REQUIREMENTS:
+
+== Platform:
+
+Best tested on Ubuntu 9.04,9.10. On EC2, requires platform that supports -o bind option for the 'mount' command.
+
+== Cookbooks:
+
+Requires Opscode's openssl cookbook for secure password generation.
+
+Requires a C compiler and Ruby development package in order to build mysql gem with native extensions. On Debian and Ubuntu systems this is satisfied by installing the "build-essential" and "ruby-dev" packages before running Chef. See USAGE below for information on how to handle this during a Chef run.
+
+= RESOURCES AND PROVIDERS
+
+The cookbook contains a LWRP, +mysql_database+ which can be used to manage databases through calls to the MySQL API. The mysql gem is installed to make this usable. The provider currently supports three actions:
+
+* +flush_tables_with_read_lock+ - sends the sql command "flush tables with read lock", used for setting up mysql master/slave replication.
+* +unflush_tables+ - sends the sql command "unflush tables", used for setting up master/slave replication.
+* +create_db+ - specify a database to be created.
+
+For example see the USAGE section below.
+
+= ATTRIBUTES:
+
+* +mysql[:server_root_password]+ - Set the server's root password with this, default is a randomly generated password with +OpenSSL::Random.random_bytes+.
+* +mysql[:server_repl_password]+ - Set the replication user 'repl' password with this, default is a randomly generated password with +OpenSSL::Random.random_bytes+.
+* +mysql[:server_debian_password]+ - Set the debian-sys-maint user password with this, default is a randomly generated password with +OpenSSL::Random.random_bytes+.
+* +mysql[:bind_address]+ - Listen address for MySQLd, default is node's ipaddress.
+* +mysql[:datadir]+ - Location for mysql data directory, default is "/var/lib/mysql"
+* +mysql[:ec2_path]+ - location of mysql datadir on EC2 nodes, default "/mnt/mysql"
+
+Performance tuning attributes, each corresponds to the same-named parameter in my.cnf; default values listed
+
+* +mysql[:tunable][:key_buffer]+          = "250M"
+* +mysql[:tunable][:max_connections]+     = "800"
+* +mysql[:tunable][:wait_timeout]+        = "180"
+* +mysql[:tunable][:net_write_timeout]+   = "30"
+* +mysql[:tunable][:net_write_timeout]+   = "30"
+* +mysql[:tunable][:back_log]+            = "128"
+* +mysql[:tunable][:table_cache]+         = "128"
+* +mysql[:tunable][:max_heap_table_size]+ = "32M"
+
+= USAGE:
+
+On client nodes,
+
+  include_recipe "mysql::client"
+
+This will install the MySQL client libraries and development headers on the system. It will also install the Ruby Gem +mysql+, so that the cookbook's LWRP (above) can be used. This is done during the compile-phase of the Chef run.
+
+  r = package ... do
+    action :nothing
+  end
+
+  r.run_action(:install)
+
+This creates a resource object for the package and does the installation before other recipes are parsed. You'll need to have the C compiler and such (ie, build-essential on Ubuntu) before running the recipes, but we already do that when installing Chef :-). If you want to be able to access a MySQL database via Ruby within another recipe, you could do so, like so:
+
+  Gem.clear_paths # needed for Chef to find the gem...
+  require 'mysql' # requires the mysql gem
+
+  mysql_database "create application_production database" do
+    host "localhost"
+    username "root"
+    password node[:mysql][:server_root_password]
+    database "application_production"
+    action :create_db
+  end
+
+This will connect to the MySQL server running on localhost as "root" and password as +mysql[:server_root_password]+ attribute (see below) and create the database specified with the +database+ parameter. The provider will attempt to determine whether the database exists first.
+
+On server nodes,
+
+  include_recipe "mysql::server"
+
+On Debian and Ubuntu, this will preseed the mysql-server package with the randomly generated root password from the attributes file. On other platforms, it simply installs the required packages. It will also create an SQL file, /etc/mysql/grants.sql, that will be used to set up grants for the root, repl and debian-sys-maint users.
+
+On EC2 nodes,
+
+  include_recipe "mysql::server_ec2"
+
+When the ec2_path doesn't exist we look for a mounted filesystem (eg, EBS) and move the datadir there.
+
+The client recipe is already included by server and 'default' recipes.
+
+To make sure that a C compiler and the Ruby development libraries are installed, use the following run list in the node or in a role:
+
+  {
+    "run_list": [
+      "recipe[build-essential]",
+      "recipe[ruby]",
+      "recipe[mysql::server]"
+    ]
+  }
+
+The build-essential and ruby cookbooks install the packages in question during the "execution" phase of the Chef client run, rather than the compile phase when the MySQL gem is installed. To work around this for now until the build-essential and ruby packages are updated, modify your local copies of the recipes:
+
+In the Opscode build-essential default recipe:
+
+ %w{build-essential binutils-doc}.each do |pkg|
+   p = package pkg do
+     action :nothing
+   end
+   p.run_action(:install)
+ end
+
+And the ruby recipe to have the following:
+
+  extra_packages.each do |pkg|
+   p = package pkg do
+     action :nothing
+   end
+   p.run_action(:install)
+  end
+
+These cookbooks aren't strict dependencies, and not if the installation process already included installing build-essential and ruby1.8-dev (e.g. RubyGems installation).
+
+For more infromation on the compile vs execution phase of a Chef run:
+
+  http://wiki.opscode.com/display/chef/Anatomy+of+a+Chef+Run
+
+= LICENSE and AUTHOR:
+
+Author:: Joshua Timberman (<joshua@opscode.com>)
+Author:: AJ Christensen (<aj@opscode.com>)
+
+Copyright:: 2009, Opscode, Inc
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

cookbooks/mysql/attributes/server.rb

@@ -0,0 +1,56 @@
+#
+# Cookbook Name:: mysql
+# Attributes:: server
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+::Chef::Node.send(:include, Opscode::OpenSSL::Password)
+
+set_unless[:mysql][:server_debian_password] = secure_password
+set_unless[:mysql][:server_root_password] = secure_password
+set_unless[:mysql][:server_repl_password] = secure_password
+default[:mysql][:bind_address]         = ipaddress
+default[:mysql][:datadir]              = "/var/lib/mysql"
+
+if attribute?(:ec2)
+  default[:mysql][:ec2_path]    = "/mnt/mysql"
+  default[:mysql][:ebs_vol_dev] = "/dev/sdi"
+  default[:mysql][:ebs_vol_size] = 50
+end
+
+default[:mysql][:tunable][:back_log]             = "128"
+default[:mysql][:tunable][:key_buffer]           = "256M"
+default[:mysql][:tunable][:max_allowed_packet]   = "16M"
+default[:mysql][:tunable][:max_connections]      = "800"
+default[:mysql][:tunable][:max_heap_table_size]  = "32M"
+default[:mysql][:tunable][:myisam_recover]       = "BACKUP"
+default[:mysql][:tunable][:net_read_timeout]     = "30"
+default[:mysql][:tunable][:net_write_timeout]    = "30"
+default[:mysql][:tunable][:table_cache]          = "128"
+default[:mysql][:tunable][:table_open_cache]     = "128"
+default[:mysql][:tunable][:thread_cache]         = "128"
+default[:mysql][:tunable][:thread_cache_size]    = 8
+default[:mysql][:tunable][:thread_concurrency]   = 10
+default[:mysql][:tunable][:thread_stack]         = "256K"
+default[:mysql][:tunable][:wait_timeout]         = "180"
+
+default[:mysql][:tunable][:query_cache_limit]    = "1M"
+default[:mysql][:tunable][:query_cache_size]     = "16M"
+
+default[:mysql][:tunable][:log_slow_queries]     = "/var/log/mysql/slow.log"
+default[:mysql][:tunable][:long_query_time]      = 2
+
+default[:mysql][:tunable][:innodb_buffer_pool_size] = "256M"

cookbooks/mysql/libraries/database.rb

@@ -0,0 +1,15 @@
+begin
+  require 'mysql'
+rescue LoadError
+  Chef::Log.warn("Missing gem 'mysql'")
+end
+
+module Opscode
+  module Mysql
+    module Database
+      def db
+        @@db ||= ::Mysql.new new_resource.host, new_resource.username, new_resource.password
+      end
+    end
+  end
+end

cookbooks/mysql/metadata.rb

@@ -0,0 +1,78 @@
+maintainer        "Opscode, Inc."
+maintainer_email  "cookbooks@opscode.com"
+license           "Apache 2.0"
+description       "Installs and configures mysql for client or server"
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version           "0.24.4"
+recipe            "mysql", "Includes the client recipe to configure a client"
+recipe            "mysql::client", "Installs packages required for mysql clients using run_action magic"
+recipe            "mysql::server", "Installs packages required for mysql servers w/o manual intervention"
+recipe            "mysql::server_ec2", "Performs EC2-specific mountpoint manipulation"
+
+%w{ debian ubuntu centos suse fedora redhat}.each do |os|
+  supports os
+end
+
+depends "openssl"
+
+attribute "mysql/server_root_password",
+  :display_name => "MySQL Server Root Password",
+  :description => "Randomly generated password for the mysqld root user",
+  :default => "randomly generated"
+
+attribute "mysql/bind_address",
+  :display_name => "MySQL Bind Address",
+  :description => "Address that mysqld should listen on",
+  :default => "ipaddress"
+
+attribute "mysql/datadir",
+  :display_name => "MySQL Data Directory",
+  :description => "Location of mysql databases",
+  :default => "/var/lib/mysql"
+
+attribute "mysql/ec2_path",
+  :display_name => "MySQL EC2 Path",
+  :description => "Location of mysql directory on EC2 instance EBS volumes",
+  :default => "/mnt/mysql"
+
+attribute "mysql/tunable",
+  :display_name => "MySQL Tunables",
+  :description => "Hash of MySQL tunable attributes",
+  :type => "hash"
+
+attribute "mysql/tunable/key_buffer",
+  :display_name => "MySQL Tuntable Key Buffer",
+  :default => "250M"
+
+attribute "mysql/tunable/max_connections",
+  :display_name => "MySQL Tunable Max Connections",
+  :default => "800"
+
+attribute "mysql/tunable/wait_timeout",
+  :display_name => "MySQL Tunable Wait Timeout",
+  :default => "180"
+
+attribute "mysql/tunable/net_read_timeout",
+  :display_name => "MySQL Tunable Net Read Timeout",
+  :default => "30"
+
+attribute "mysql/tunable/net_write_timeout",
+  :display_name => "MySQL Tunable Net Write Timeout",
+  :default => "30"
+
+attribute "mysql/tunable/back_log",
+  :display_name => "MySQL Tunable Back Log",
+  :default => "128"
+
+attribute "mysql/tunable/table_cache",
+  :display_name => "MySQL Tunable Table Cache for MySQL < 5.1.3",
+  :default => "128"
+
+attribute "mysql/tunable/table_open_cache",
+  :display_name => "MySQL Tunable Table Cache for MySQL >= 5.1.3",
+  :default => "128"
+
+attribute "mysql/tunable/max_heap_table_size",
+  :display_name => "MySQL Tunable Max Heap Table Size",
+  :default => "32M"
+

cookbooks/mysql/providers/database.rb

@@ -0,0 +1,28 @@
+include Opscode::Mysql::Database
+
+action :flush_tables_with_read_lock do
+  Chef::Log.info "mysql_database: flushing tables with read lock"
+  db.query "flush tables with read lock"
+  new_resource.updated_by_last_action(true)
+end
+
+action :unflush_tables do
+  Chef::Log.info "mysql_database: unlocking tables"
+  db.query "unlock tables"
+  new_resource.updated_by_last_action(true)
+end
+
+action :create_db do
+  unless @mysqldb.exists
+    Chef::Log.info "mysql_database: Creating database #{new_resource.database}"
+    db.query("create database #{new_resource.database}")
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+def load_current_resource
+  @mysqldb = Chef::Resource::MysqlDatabase.new(new_resource.name)
+  @mysqldb.database(new_resource.database)
+  exists = db.list_dbs.include?(new_resource.database)
+  @mysqldb.exists(exists)
+end

cookbooks/mysql/recipes/client.rb

@@ -0,0 +1,73 @@
+#
+# Cookbook Name:: mysql
+# Recipe:: client
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+p = package "mysql-devel" do
+  package_name value_for_platform(
+    [ "centos", "redhat", "suse", "fedora"] => { "default" => "mysql-devel" },
+    "debian" => {
+      "5.0" => "libmysqlclient15-dev",
+      "5.0.1" => "libmysqlclient15-dev",
+      "5.0.2" => "libmysqlclient15-dev",
+      "5.0.3" => "libmysqlclient15-dev",
+      "5.0.4" => "libmysqlclient15-dev",
+      "5.0.5" => "libmysqlclient15-dev"
+    },
+    "ubuntu" => {
+      "8.04" => "libmysqlclient15-dev",
+      "8.10" => "libmysqlclient15-dev",
+      "9.04" => "libmysqlclient15-dev"
+    },
+    "default" => 'libmysqlclient-dev'
+  )
+  action :nothing
+end
+
+p.run_action(:install)
+
+o = package "mysql-client" do
+  package_name value_for_platform(
+    [ "centos", "redhat", "suse", "fedora"] => { "default" => "mysql" },
+    "default" => "mysql-client"
+  )
+  action :nothing
+end
+
+o.run_action(:install)
+
+r = gem_package "mysql" do
+  action :nothing
+end
+
+case node[:node]
+when "centos",
+  if node[:platform_version].to_f >= 5.0
+    r.run_action(:install)
+  else
+    package "ruby-mysql" do
+      action :install
+    end
+  end
+when "redhat", "suse", "fedora"
+  package "ruby-mysql" do
+    action :install
+  end
+
+else
+  r.run_action(:install)
+end

cookbooks/mysql/recipes/default.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: mysql
+# Recipe:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "mysql::client"

cookbooks/mysql/recipes/server.rb

@@ -0,0 +1,119 @@
+#
+# Cookbook Name:: mysql
+# Recipe:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "mysql::client"
+
+case node[:platform]
+when "debian","ubuntu"
+
+  directory "/var/cache/local/preseeding" do
+    owner "root"
+    group "root"
+    mode 0755
+    recursive true
+  end
+
+  execute "preseed mysql-server" do
+    command "debconf-set-selections /var/cache/local/preseeding/mysql-server.seed"
+    action :nothing
+  end
+
+  template "/var/cache/local/preseeding/mysql-server.seed" do
+    source "mysql-server.seed.erb"
+    owner "root"
+    group "root"
+    mode "0600"
+    notifies :run, resources(:execute => "preseed mysql-server"), :immediately
+  end
+  template "/etc/mysql/debian.cnf" do
+    source "debian.cnf.erb"
+    owner "root"
+    group "root"
+    mode "0600"
+  end
+end
+
+package "mysql-server" do
+  action :install
+end
+
+service "mysql" do
+  service_name value_for_platform([ "centos", "redhat", "suse", "fedora" ] => {"default" => "mysqld"}, "default" => "mysql")
+  if (platform?("ubuntu") && node.platform_version.to_f >= 10.04)
+    restart_command "restart mysql"
+    stop_command "stop mysql"
+    start_command "start mysql"
+  end
+  supports :status => true, :restart => true, :reload => true
+  action :nothing
+end
+
+template value_for_platform([ "centos", "redhat", "suse" , "fedora" ] => {"default" => "/etc/my.cnf"}, "default" => "/etc/mysql/my.cnf") do
+  source "my.cnf.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  notifies :restart, resources(:service => "mysql"), :immediately
+end
+
+unless Chef::Config[:solo]
+  ruby_block "save node data" do
+    block do
+      node.save
+    end
+    action :create
+  end
+end
+
+# set the root password on platforms 
+# that don't support pre-seeding
+unless %w{debian ubuntu}.include?(node[:platform])
+  execute "assign-root-password" do
+    command "/usr/bin/mysqladmin -u root password #{node[:mysql][:server_root_password]}"
+    action :run
+    only_if "/usr/bin/mysql -u root -e 'show databases;'"
+  end
+end
+
+grants_path = value_for_platform(
+  ["centos", "redhat", "suse", "fedora" ] => {
+    "default" => "/etc/mysql_grants.sql"
+  },
+  "default" => "/etc/mysql/grants.sql"
+)
+
+begin
+  t = resources(:template => "/etc/mysql/grants.sql")
+rescue
+  Chef::Log.warn("Could not find previously defined grants.sql resource")
+  t = template "/etc/mysql/grants.sql" do
+    path grants_path
+    source "grants.sql.erb"
+    owner "root"
+    group "root"
+    mode "0600"
+    action :create
+  end
+end
+
+execute "mysql-install-privileges" do
+  command "/usr/bin/mysql -u root #{node[:mysql][:server_root_password].empty? ? '' : '-p' }#{node[:mysql][:server_root_password]} < #{grants_path}"
+  action :nothing
+  subscribes :run, resources(:template => "/etc/mysql/grants.sql"), :immediately
+end

cookbooks/mysql/recipes/server_ec2.rb

@@ -0,0 +1,49 @@
+#
+# Cookbook Name:: mysql
+# Recipe:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+if (node[:ec2] && ! FileTest.directory?(node[:mysql][:ec2_path]))
+
+  service "mysql" do
+    action :stop
+  end
+
+  execute "install-mysql" do
+    command "mv #{node[:mysql][:datadir]} #{node[:mysql][:ec2_path]}"
+    not_if do FileTest.directory?(node[:mysql][:ec2_path]) end
+  end
+
+  directory node[:mysql][:ec2_path] do
+    owner "mysql"
+    group "mysql"
+  end
+
+  mount node[:mysql][:datadir] do
+    device node[:mysql][:ec2_path]
+    fstype "none"
+    options "bind,rw"
+    action :mount
+  end
+
+  service "mysql" do
+    action :start
+  end
+
+end
+

cookbooks/mysql/resources/database.rb

@@ -0,0 +1,7 @@
+actions :flush_tables_with_read_lock, :unflush_tables, :create_db
+
+attribute :host, :kind_of => String
+attribute :username, :kind_of => String
+attribute :password, :kind_of => String
+attribute :database, :kind_of => String
+attribute :exists, :default => false

cookbooks/mysql/templates/centos/my.cnf.erb

@@ -0,0 +1,12 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Default to using old password format for compatibility with mysql 3.x
+# clients (those using the mysqlclient10 compatibility package).
+old_passwords=1
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
+

cookbooks/mysql/templates/debian/my.cnf.erb

@@ -0,0 +1,156 @@
+#
+# Generated by Chef for <%= node[:hostname] %>
+#
+# Local modifications will be overwritten.
+# 
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+
+#
+# * IMPORTANT
+#   If you make changes to these settings and your system uses apparmor, you may
+#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = <%= node[:mysql][:datadir] %>
+tmpdir          = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = <%= node[:mysql][:bind_address] %>
+#
+# * Fine Tuning
+#
+key_buffer              = <%= node[:mysql][:tunable][:key_buffer] %>
+max_allowed_packet      = 16M
+thread_stack            = 128K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover          = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+wait_timeout            = <%= node[:mysql][:tunable][:wait_timeout] %>
+net_read_timeout        = <%= node[:mysql][:tunable][:net_read_timeout] %>
+net_write_timeout       = <%= node[:mysql][:tunable][:net_write_timeout] %>
+back_log                = <%= node[:mysql][:tunable][:back_log] %>
+table_cache             = <%= node[:mysql][:tunable][:table_cache] %>
+max_heap_table_size     = <%= node[:mysql][:tunable][:max_heap_table_size] %>
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries       = /var/log/mysql/mysql-slow.log
+long_query_time = 2
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+<%= "!includedir /etc/mysql/conf.d/" unless ["centos", "redhat","suse"].include?(node[:platform]) %>

cookbooks/mysql/templates/default/debian.cnf.erb

@@ -0,0 +1,11 @@
+[client]
+host     = localhost
+user     = debian-sys-maint
+password = <%= node[:mysql][:server_debian_password] %>
+socket   = /var/run/mysqld/mysqld.sock
+[mysql_upgrade]
+host     = localhost
+user     = debian-sys-maint
+password = <%= node[:mysql][:server_debian_password] %>
+socket   = /var/run/mysqld/mysqld.sock
+basedir  = /usr

cookbooks/mysql/templates/default/grants.sql.erb

@@ -0,0 +1,12 @@
+# Generated by Chef for <%= node[:fqdn] %>.
+# Local modifications will be overwritten.
+
+<% case node[:platform] -%>
+<% when "debian","ubuntu" -%>
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '<%= node[:mysql][:server_debian_password] %>' WITH GRANT OPTION;
+<% end -%>
+# Grant replication for a slave user.
+GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%' identified by '<%= node[:mysql][:server_repl_password] %>';
+
+# Set the server root password. This should be preseeded by the package installation.
+SET PASSWORD FOR 'root'@'localhost' = PASSWORD('<%= node[:mysql][:server_root_password] %>');

cookbooks/mysql/templates/default/my.cnf.erb

@@ -0,0 +1,163 @@
+#
+# Generated by Chef for <%= node[:hostname] %>
+#
+# Local modifications will be overwritten.
+# 
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+
+#
+# * IMPORTANT
+#   If you make changes to these settings and your system uses apparmor, you may
+#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = <%= node[:mysql][:datadir] %>
+tmpdir          = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = <%= node[:mysql][:bind_address] %>
+#
+# * Fine Tuning
+#
+key_buffer              = <%= node[:mysql][:tunable][:key_buffer] %>
+max_allowed_packet      = 16M
+thread_stack            = 128K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover          = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+wait_timeout            = <%= node[:mysql][:tunable][:wait_timeout] %>
+net_read_timeout        = <%= node[:mysql][:tunable][:net_read_timeout] %>
+net_write_timeout       = <%= node[:mysql][:tunable][:net_write_timeout] %>
+back_log                = <%= node[:mysql][:tunable][:back_log] %>
+table_cache             = <%= node[:mysql][:tunable][:table_cache] %>
+max_heap_table_size     = <%= node[:mysql][:tunable][:max_heap_table_size] %>
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries       = /var/log/mysql/mysql-slow.log
+long_query_time = 2
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+#
+# * Federated
+#
+# The FEDERATED storage engine is disabled since 5.0.67 by default in the .cnf files
+# shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so forth).
+#
+skip-federated
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+<%= "!includedir /etc/mysql/conf.d/" unless ["centos", "redhat","suse"].include?(node[:platform]) %>

cookbooks/mysql/templates/default/mysql-server.seed.erb

@@ -0,0 +1,10 @@
+mysql-server-5.0        mysql-server/root_password_again        select <%= node[:mysql][:server_root_password] %>
+mysql-server-5.0        mysql-server/root_password      select <%= node[:mysql][:server_root_password] %>
+mysql-server-5.0        mysql-server-5.0/really_downgrade       boolean false
+mysql-server-5.0        mysql-server-5.0/need_sarge_compat      boolean false
+mysql-server-5.0        mysql-server-5.0/start_on_boot  boolean true
+mysql-server-5.0        mysql-server/error_setting_password     boolean false
+mysql-server-5.0        mysql-server-5.0/nis_warning    note
+mysql-server-5.0        mysql-server-5.0/postrm_remove_databases        boolean false
+mysql-server-5.0        mysql-server/password_mismatch  boolean false
+mysql-server-5.0        mysql-server-5.0/need_sarge_compat_done boolean true

cookbooks/mysql/templates/default/port_mysql.erb

@@ -0,0 +1,3 @@
+# MySQL
+-A FWR -p tcp -m tcp --dport 3306 -j ACCEPT
+-A FWR -p udp -m udp --dport 3306 -j ACCEPT

cookbooks/mysql/templates/redhat/my.cnf.erb

@@ -0,0 +1,12 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Default to using old password format for compatibility with mysql 3.x
+# clients (those using the mysqlclient10 compatibility package).
+old_passwords=1
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
+

cookbooks/mysql/templates/ubuntu-10.04/my.cnf.erb

@@ -0,0 +1,158 @@
+#
+# Generated by Chef for <%= node[:hostname] %>
+#
+# Local modifications will be overwritten.
+# 
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+
+#
+# * IMPORTANT
+#   If you make changes to these settings and your system uses apparmor, you may
+#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = <%= node[:mysql][:datadir] %>
+tmpdir          = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = <%= node[:mysql][:bind_address] %>
+#
+# * Fine Tuning
+#
+key_buffer              = <%= node[:mysql][:tunable][:key_buffer] %>
+max_allowed_packet      = <%= node[:mysql][:tunable][:max_allowed_packet] %>
+thread_stack            = <%= node[:mysql][:tunable][:thread_stack] %>
+thread_cache_size       = <%= node[:mysql][:tunable][:thread_cache_size] %>
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover          = <%= node[:mysql][:tunable][:myisam_recover] %>
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+table_open_cache        = <%= node[:mysql][:tunable][:table_open_cache] %>
+thread_concurrency      = <%= node[:mysql][:tunable][:thread_concurrency] %>
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+wait_timeout            = <%= node[:mysql][:tunable][:wait_timeout] %>
+net_read_timeout        = <%= node[:mysql][:tunable][:net_read_timeout] %>
+net_write_timeout       = <%= node[:mysql][:tunable][:net_write_timeout] %>
+back_log                = <%= node[:mysql][:tunable][:back_log] %>
+max_heap_table_size     = <%= node[:mysql][:tunable][:max_heap_table_size] %>
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = <%= node[:mysql][:tunable][:query_cache_limit] %>
+query_cache_size        = <%= node[:mysql][:tunable][:query_cache_size] %>
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries       = <%= node[:mysql][:tunable][:log_slow_queries] %>
+long_query_time = <%= node[:mysql][:tunable][:long_query_time] %>
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+innodb_buffer_pool_size = <%= node[:mysql][:tunable][:innodb_buffer_pool_size] %>
+#
+# * Federated
+#
+# The FEDERATED storage engine is disabled since 5.0.67 by default in the .cnf files
+# shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so forth).
+#
+skip-federated
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+<%= "!includedir /etc/mysql/conf.d/" unless ["centos", "redhat","suse", "fedora"].include?(node[:platform]) %>

cookbooks/mysql/templates/ubuntu-10.10/my.cnf.erb

@@ -0,0 +1,158 @@
+#
+# Generated by Chef for <%= node[:hostname] %>
+#
+# Local modifications will be overwritten.
+# 
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+
+#
+# * IMPORTANT
+#   If you make changes to these settings and your system uses apparmor, you may
+#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = <%= node[:mysql][:datadir] %>
+tmpdir          = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = <%= node[:mysql][:bind_address] %>
+#
+# * Fine Tuning
+#
+key_buffer              = <%= node[:mysql][:tunable][:key_buffer] %>
+max_allowed_packet      = <%= node[:mysql][:tunable][:max_allowed_packet] %>
+thread_stack            = <%= node[:mysql][:tunable][:thread_stack] %>
+thread_cache_size       = <%= node[:mysql][:tunable][:thread_cache_size] %>
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover          = <%= node[:mysql][:tunable][:myisam_recover] %>
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+table_open_cache        = <%= node[:mysql][:tunable][:table_open_cache] %>
+thread_concurrency      = <%= node[:mysql][:tunable][:thread_concurrency] %>
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+wait_timeout            = <%= node[:mysql][:tunable][:wait_timeout] %>
+net_read_timeout        = <%= node[:mysql][:tunable][:net_read_timeout] %>
+net_write_timeout       = <%= node[:mysql][:tunable][:net_write_timeout] %>
+back_log                = <%= node[:mysql][:tunable][:back_log] %>
+max_heap_table_size     = <%= node[:mysql][:tunable][:max_heap_table_size] %>
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = <%= node[:mysql][:tunable][:query_cache_limit] %>
+query_cache_size        = <%= node[:mysql][:tunable][:query_cache_size] %>
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries       = <%= node[:mysql][:tunable][:log_slow_queries] %>
+long_query_time = <%= node[:mysql][:tunable][:long_query_time] %>
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+innodb_buffer_pool_size = <%= node[:mysql][:tunable][:innodb_buffer_pool_size] %>
+#
+# * Federated
+#
+# The FEDERATED storage engine is disabled since 5.0.67 by default in the .cnf files
+# shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so forth).
+#
+skip-federated
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+<%= "!includedir /etc/mysql/conf.d/" unless ["centos", "redhat","suse", "fedora"].include?(node[:platform]) %>

cookbooks/mysql/templates/ubuntu-8.04/my.cnf.erb

@@ -0,0 +1,156 @@
+#
+# Generated by Chef for <%= node[:hostname] %>
+#
+# Local modifications will be overwritten.
+# 
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+
+#
+# * IMPORTANT
+#   If you make changes to these settings and your system uses apparmor, you may
+#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = <%= node[:mysql][:datadir] %>
+tmpdir          = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = <%= node[:mysql][:bind_address] %>
+#
+# * Fine Tuning
+#
+key_buffer              = <%= node[:mysql][:tunable][:key_buffer] %>
+max_allowed_packet      = 16M
+thread_stack            = 128K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover          = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+wait_timeout            = <%= node[:mysql][:tunable][:wait_timeout] %>
+net_read_timeout        = <%= node[:mysql][:tunable][:net_read_timeout] %>
+net_write_timeout       = <%= node[:mysql][:tunable][:net_write_timeout] %>
+back_log                = <%= node[:mysql][:tunable][:back_log] %>
+table_cache             = <%= node[:mysql][:tunable][:table_cache] %>
+max_heap_table_size     = <%= node[:mysql][:tunable][:max_heap_table_size] %>
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries       = /var/log/mysql/mysql-slow.log
+long_query_time = 2
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+<%= "!includedir /etc/mysql/conf.d/" unless ["centos", "redhat","suse", "fedora"].include?(node[:platform]) %>

cookbooks/mysql/templates/ubuntu-9.10/my.cnf.erb

@@ -0,0 +1,158 @@
+#
+# Generated by Chef for <%= node[:hostname] %>
+#
+# Local modifications will be overwritten.
+# 
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+
+#
+# * IMPORTANT
+#   If you make changes to these settings and your system uses apparmor, you may
+#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = <%= node[:mysql][:datadir] %>
+tmpdir          = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = <%= node[:mysql][:bind_address] %>
+#
+# * Fine Tuning
+#
+key_buffer              = <%= node[:mysql][:tunable][:key_buffer] %>
+max_allowed_packet      = 16M
+thread_stack            = 192K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover          = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+max_connections         = <%= node[:mysql][:tunable][:max_connections] %>
+wait_timeout            = <%= node[:mysql][:tunable][:wait_timeout] %>
+net_read_timeout        = <%= node[:mysql][:tunable][:net_read_timeout] %>
+net_write_timeout       = <%= node[:mysql][:tunable][:net_write_timeout] %>
+back_log                = <%= node[:mysql][:tunable][:back_log] %>
+table_cache             = <%= node[:mysql][:tunable][:table_cache] %>
+max_heap_table_size     = <%= node[:mysql][:tunable][:max_heap_table_size] %>
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries       = /var/log/mysql/mysql-slow.log
+long_query_time = 2
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+#
+# * Federated
+#
+# The FEDERATED storage engine is disabled since 5.0.67 by default in the .cnf files
+# shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so forth).
+#
+skip-federated
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+<%= "!includedir /etc/mysql/conf.d/" unless ["centos", "redhat","suse", "fedora"].include?(node[:platform]) %>

cookbooks/nova/README.rdoc

@@ -0,0 +1,8 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES: 
+
+= USAGE:
+

cookbooks/nova/attributes/default.rb

@@ -0,0 +1,46 @@
+#
+# Cookbook Name:: nova
+# Attributes:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+::Chef::Node.send(:include, Opscode::OpenSSL::Password)
+
+default[:nova][:hostname] = "nova"
+default[:nova][:install_type] = "binary"
+default[:nova][:compute_connection_type] = "qemu"
+default[:nova][:creds][:user] = "nova"
+default[:nova][:creds][:group] = "nogroup"
+default[:nova][:creds][:dir] = "/var/lib/nova"
+default[:nova][:my_ip] = ipaddress
+default[:nova][:public_interface] = "eth1"
+default[:nova][:vlan_interface] = "eth1"
+default[:nova][:mysql] = true
+default[:nova][:images] = []
+default[:nova][:network] = "10.0.0.0/24 8 32"
+default[:nova][:floating_range] = "10.128.0.0/24"
+default[:nova][:user] = "admin"
+default[:nova][:project] = "admin"
+set_unless[:nova][:access_key] = secure_password
+set_unless[:nova][:secret_key] = secure_password
+default[:nova][:default_project] = "admin"
+default[:nova][:network_manager] = "nova.network.manager.VlanManager"
+#default[:nova][:flat_interface] = "tun0"
+default[:nova][:flat_network_dhcp_start] = "10.0.0.2"
+default[:nova][:image_service] = "nova.image.s3.S3ImageService"
+default[:nova][:glance_host] = "localhost"
+default[:nova][:glance_port] = "9292"
+default[:nova][:lock_path] = "/var/lib/nova/tmp"

cookbooks/nova/attributes/mysql.rb

@@ -0,0 +1,24 @@
+#
+# Cookbook Name:: nova
+# Attributes:: mysql
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+::Chef::Node.send(:include, Opscode::OpenSSL::Password)
+
+set_unless[:nova][:db][:password] = secure_password
+default[:nova][:db][:user] = "nova"
+default[:nova][:db][:database] = "nova"
+default[:nova][:db][:sql_idle_timeout] = "60"

cookbooks/nova/attributes/rabbit.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: nova
+# Attributes:: mysql
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+::Chef::Node.send(:include, Opscode::OpenSSL::Password)
+
+set_unless[:nova][:rabbit][:password] = secure_password
+default[:nova][:rabbit][:user] = "nova"
+default[:nova][:rabbit][:vhost] = "/nova"

cookbooks/nova/attributes/source.rb

@@ -0,0 +1,6 @@
+default[:nova][:bzr_branch] = "lp:nova"
+default[:nova][:services_base_dir] = "/srv"
+default[:nova][:nova_base_dir]  = File.join(node[:nova][:services_base_dir], "nova")
+default[:nova][:local_branch_name] = "running"
+default[:nova][:local_branch_dir] = File.join(node[:nova][:nova_base_dir], node[:nova][:local_branch_name])
+

cookbooks/nova/definitions/nova_package.rb

@@ -0,0 +1,21 @@
+define :nova_package do
+
+  nova_name="nova-#{params[:name]}"
+  package nova_name do
+    options "--force-yes"
+    action :install
+  end
+
+  service nova_name do
+    if (platform?("ubuntu") && node.platform_version.to_f >= 10.04)
+      restart_command "restart #{nova_name}"
+      stop_command "stop #{nova_name}"
+      start_command "start #{nova_name}"
+      status_command "status #{nova_name} | cut -d' ' -f2 | cut -d'/' -f1 | grep start"
+    end
+    supports :status => true, :restart => true
+    action :start
+    subscribes :restart, resources(:template => "/etc/nova/nova.conf")
+  end
+
+end

cookbooks/nova/files/default/base.ldif

@@ -0,0 +1,68 @@
+# This is the root of the directory tree
+dn: dc=example,dc=com
+description: Example.Com, your trusted non-existent corporation.
+dc: example
+o: Example.Com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+
+# Subtree for users
+dn: ou=Users,dc=example,dc=com
+ou: Users
+description: Users
+objectClass: organizationalUnit
+
+# Subtree for groups
+dn: ou=Groups,dc=example,dc=com
+ou: Groups
+description: Groups
+objectClass: organizationalUnit
+
+# Subtree for system accounts
+dn: ou=System,dc=example,dc=com
+ou: System
+description: Special accounts used by software applications.
+objectClass: organizationalUnit
+
+# Special Account for Authentication:
+dn: uid=authenticate,ou=System,dc=example,dc=com
+uid: authenticate
+ou: System
+description: Special account for authenticating users
+userPassword: {MD5}TLnIqASP0CKUR3/LGkEZGg==
+objectClass: account
+objectClass: simpleSecurityObject
+
+# create the sysadmin entry
+
+dn: cn=developers,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: developers
+description: IT admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=sysadmins,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: sysadmins
+description: IT admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=netadmins,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: netadmins
+description: Network admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=cloudadmins,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: cloudadmins
+description: Cloud admin group
+member: uid=admin,ou=Users,dc=example,dc=com
+
+dn: cn=itsec,ou=Groups,dc=example,dc=com
+objectclass: groupOfNames
+cn: itsec
+description: IT security users group
+member: uid=admin,ou=Users,dc=example,dc=com
+

cookbooks/nova/files/default/default-rsync

@@ -0,0 +1,42 @@
+# defaults file for rsync daemon mode
+
+# start rsync in daemon mode from init.d script?
+#  only allowed values are "true", "false", and "inetd"
+#  Use "inetd" if you want to start the rsyncd from inetd,
+#  all this does is prevent the init.d script from printing a message
+#  about not starting rsyncd (you still need to modify inetd's config yourself).
+RSYNC_ENABLE=true
+
+# which file should be used as the configuration file for rsync.
+# This file is used instead of the default /etc/rsyncd.conf
+# Warning: This option has no effect if the daemon is accessed
+#          using a remote shell. When using a different file for
+#          rsync you might want to symlink /etc/rsyncd.conf to
+#          that file.
+# RSYNC_CONFIG_FILE=
+
+# what extra options to give rsync --daemon?
+#  that excludes the --daemon; that's always done in the init.d script
+#  Possibilities are:
+#   --address=123.45.67.89		(bind to a specific IP address)
+#   --port=8730				(bind to specified port; default 873)
+RSYNC_OPTS=''
+
+# run rsyncd at a nice level?
+#  the rsync daemon can impact performance due to much I/O and CPU usage,
+#  so you may want to run it at a nicer priority than the default priority.
+#  Allowed values are 0 - 19 inclusive; 10 is a reasonable value.
+RSYNC_NICE=''
+
+# run rsyncd with ionice?
+#  "ionice" does for IO load what "nice" does for CPU load.
+#  As rsync is often used for backups which aren't all that time-critical,
+#  reducing the rsync IO priority will benefit the rest of the system.
+#  See the manpage for ionice for allowed options.
+#  -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment
+#  the next line to activate this.
+# RSYNC_IONICE='-c3'
+
+# Don't forget to create an appropriate config file,
+# else the daemon will not start.
+

cookbooks/nova/files/default/iscsidev.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# NOTE(vish): This script helps udev create  common names for discovered iscsi
+#             volumes under /dev/iscsi.  To use it, create /dev/iscsi and add
+#             a file to /etc/udev/rules.d like so:
+#             mkdir /dev/iscsi
+#             echo 'KERNEL=="sd*", BUS=="scsi", PROGRAM="/path/to/iscsidev.sh
+#             %b",SYMLINK+="iscsi/%c%n"' > /etc/udev/rules.d/55-openiscsi.rules
+
+BUS=${1}
+HOST=${BUS%%:*}
+
+if [ ! -e /sys/class/iscsi_host ]; then
+    exit 1
+fi
+
+file="/sys/class/iscsi_host/host${HOST}/device/session*/iscsi_session*/session*/targetname"
+
+target_name=$(cat ${file})
+
+if [ -z "${target_name}" ]; then
+   exit 1
+fi
+
+echo "${target_name##*:}"

cookbooks/nova/files/default/nova.schema

@@ -0,0 +1,85 @@
+#
+# Person object for Nova
+# inetorgperson with extra attributes
+# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
+#
+#
+
+# using internet experimental oid arc as per BP64 3.1
+objectidentifier novaSchema 1.3.6.1.3.1.666.666
+objectidentifier novaAttrs novaSchema:3
+objectidentifier novaOCs novaSchema:4
+
+attributetype (
+    novaAttrs:1
+    NAME 'accessKey'
+    DESC 'Key for accessing data'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:2
+    NAME 'secretKey'
+    DESC 'Secret key'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:3
+    NAME 'keyFingerprint'
+    DESC 'Fingerprint of private key'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:4
+    NAME 'isAdmin'
+    DESC 'Is user an administrator?'
+    EQUALITY booleanMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:5
+    NAME 'projectManager'
+    DESC 'Project Managers of a project'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+objectClass (
+    novaOCs:1
+    NAME 'novaUser'
+    DESC 'access and secret keys'
+    AUXILIARY
+    MUST ( uid )
+    MAY  ( accessKey $ secretKey $ isAdmin )
+    )
+
+objectClass (
+    novaOCs:2
+    NAME 'novaKeyPair'
+    DESC 'Key pair for User'
+    SUP top
+    STRUCTURAL
+    MUST ( cn $ sshPublicKey $ keyFingerprint )
+    )
+
+objectClass (
+    novaOCs:3
+    NAME 'novaProject'
+    DESC 'Container for project'
+    SUP groupOfNames
+    STRUCTURAL
+    MUST ( cn $ projectManager )
+    )
+

cookbooks/nova/files/default/openssh-lpk_openldap.schema

@@ -0,0 +1,20 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <eau@phear.org>
+#
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
+	DESC 'MANDATORY: OpenSSH Public key'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+	DESC 'MANDATORY: OpenSSH LPK objectclass'
+	MAY ( sshPublicKey $ uid )
+	)
+

cookbooks/nova/metadata.json

@@ -0,0 +1,62 @@
+{
+  "platforms": {
+
+  },
+  "maintainer": "Opscode, Inc.",
+  "replacing": {
+
+  },
+  "license": "Apache 2.0",
+  "maintainer_email": "oss@opscode.com",
+  "groupings": {
+
+  },
+  "recommendations": {
+
+  },
+  "description": "Installs/Configures nova",
+  "version": "0.1.0",
+  "suggestions": {
+
+  },
+  "attributes": {
+
+  },
+  "conflicting": {
+
+  },
+  "name": "nova",
+  "recipes": {
+
+  },
+  "dependencies": {
+    "runit": [
+
+    ],
+    "mysql": [
+
+    ],
+    "openssl": [
+
+    ],
+    "apt": [
+
+    ],
+    "python-ldap": [
+
+    ],
+    "openldap": [
+
+    ],
+    "build-essential": [
+
+    ],
+    "rabbitmq": [
+
+    ]
+  },
+  "long_description": "= DESCRIPTION:\n\n= REQUIREMENTS:\n\n= ATTRIBUTES: \n\n= USAGE:\n\n",
+  "providing": {
+
+  }
+}

cookbooks/nova/metadata.rb

@@ -0,0 +1,15 @@
+maintainer       "Opscode, Inc."
+maintainer_email "oss@opscode.com"
+license          "Apache 2.0"
+description      "Installs/Configures nova"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version          "0.1"
+
+depends "apt"
+depends "build-essential"
+depends "mysql"
+depends "openldap"
+depends "openssl"
+depends "python-ldap"
+depends "rabbitmq"
+depends "runit"

cookbooks/nova/recipes/all.rb

@@ -0,0 +1,28 @@
+#
+# Cookbook Name:: nova
+# Recipe:: all
+#
+# Copyright 2011, Anso Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::mysql"
+include_recipe "nova::rabbit"
+include_recipe "nova::common"
+include_recipe "nova::api"
+include_recipe "nova::scheduler"
+include_recipe "nova::network"
+include_recipe "nova::objectstore"
+include_recipe "nova::compute"
+include_recipe "nova::volume"

cookbooks/nova/recipes/api.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: nova
+# Recipe:: api
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::common"
+nova_package("api")

cookbooks/nova/recipes/common.rb

@@ -0,0 +1,87 @@
+#
+# Cookbook Name:: nova
+# Recipe:: common
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+package "nova-common" do
+  options "--force-yes -o Dpkg::Options::=\"--force-confdef\""
+  action :install
+end
+
+directory "/etc/nova" do
+  owner "root"
+  group "root"
+  mode 0755
+  action :create
+end
+
+env_filter = ''
+if node[:app_environment]
+  env_filter = " AND app_environment:#{node[:app_environment]}"
+end
+
+sql_connection = nil
+if node[:nova][:mysql]
+  Chef::Log.info("Using mysql")
+  package "python-mysqldb"
+  mysqls = nil
+
+  unless Chef::Config[:solo]
+    mysqls = search(:node, "recipes:nova\\:\\:mysql#{env_filter}")
+  end
+  if mysqls and mysqls[0]
+    mysql = mysqls[0]
+    Chef::Log.info("Mysql server found at #{mysql[:mysql][:bind_address]}")
+  else
+    mysql = node
+    Chef::Log.info("Using local mysql at  #{mysql[:mysql][:bind_address]}")
+  end
+  sql_connection = "mysql://#{mysql[:nova][:db][:user]}:#{mysql[:nova][:db][:password]}@#{mysql[:mysql][:bind_address]}/#{mysql[:nova][:db][:database]}"
+end
+
+rabbits = nil
+unless Chef::Config[:solo]
+  rabbits = search(:node, "recipes:nova\\:\\:rabbit#{env_filter}")
+end
+if rabbits and rabbits[0]
+  rabbit = rabbits[0]
+  Chef::Log.info("Rabbit server found at #{rabbit[:rabbitmq][:address]}")
+else
+  rabbit = node
+  Chef::Log.info("Using local rabbit at #{rabbit[:rabbitmq][:address]}")
+end
+
+rabbit_settings = {
+  :address => rabbit[:rabbitmq][:address],
+  :port => rabbit[:rabbitmq][:port],
+  :user => rabbit[:nova][:rabbit][:user],
+  :password => rabbit[:nova][:rabbit][:password],
+  :vhost => rabbit[:nova][:rabbit][:vhost]
+}
+
+template "/etc/nova/nova.conf" do
+  source "nova.conf.erb"
+  owner "root"
+  group "root"
+  mode 0644
+  variables(
+    :sql_connection => sql_connection,
+    :rabbit_settings => rabbit_settings
+  )
+end

cookbooks/nova/recipes/compute.rb

@@ -0,0 +1,36 @@
+#
+# Cookbook Name:: nova
+# Recipe:: compute
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::common"
+nova_package("compute")
+
+if node[:nova][:compute_connection_type] == "kvm"
+  service "libvirt-bin" do
+    notifies :restart, resources(:service => "nova-compute"), :immediately
+  end
+
+  execute "modprobe kvm" do
+    action :run
+    notifies :restart, resources(:service => "libvirt-bin"), :immediately
+  end
+end
+
+execute "modprobe nbd" do
+  action :run
+end

cookbooks/nova/recipes/creds.rb

@@ -0,0 +1,51 @@
+#
+# Cookbook Name:: nova
+# Recipe:: creds
+#
+# Copyright 2011, Anso Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+group node[:nova][:creds][:group] do
+  action :create
+  group_name node[:nova][:creds][:group]
+end
+
+user node[:nova][:creds][:user] do
+  group node[:nova][:creds][:group]
+  comment "Nova User"
+  home node[:nova][:creds][:dir]
+  shell "/bin/bash"
+  not_if "grep #{node[:nova][:creds][:user]} /etc/passwd"
+end
+
+directory node[:nova][:creds][:dir] do
+  owner node[:nova][:creds][:user]
+  group node[:nova][:creds][:group]
+  mode "0700"
+  action :create
+end
+
+package "unzip"
+
+execute "nova-manage project zipfile #{node[:nova][:project]} #{node[:nova][:user]} /var/lib/nova/nova.zip" do
+  user 'nova'
+  not_if { File.exists?("/var/lib/nova/nova.zip") }
+end
+
+execute "unzip /var/lib/nova/nova.zip -d #{node[:nova][:creds][:dir]}/" do
+  user node[:nova][:creds][:user]
+  group node[:nova][:creds][:group]
+  not_if { File.exists?("#{node[:nova][:creds][:dir]}/novarc") }
+end

cookbooks/nova/recipes/default.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: nova
+# Recipe:: default
+#
+# Copyright 2010, Opscode, Inc.
+# Copyright 2011, Anso Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::all"
+include_recipe "nova::setup"

cookbooks/nova/recipes/filevg.rb

@@ -0,0 +1,40 @@
+#
+# Cookbook Name:: nova
+# Recipe:: vagrant
+#
+# Copyright 2011, Anso Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+include_recipe "apt"
+
+%w{lvm2}.each do |pkg|
+  package pkg do
+    options "--force-yes"
+  end
+end
+
+execute "truncate -s 10G /root/nova-volumes" do
+  user "root"
+  not_if { File.exists?("/root/nova-volumes/") }
+end
+
+execute "losetup /dev/loop0 /root/nova-volumes" do
+  user "root"
+  not_if "losetup -a | grep /dev/loop0 || vgs --noheadings -o name | grep nova-volumes"
+end
+
+execute "vgcreate nova-volumes /dev/loop0" do
+  user "root"
+  not_if "vgs --noheadings -o name | grep nova-volumes"
+end

cookbooks/nova/recipes/hostname.rb

@@ -0,0 +1,41 @@
+#
+# Cookbook Name:: nova
+# Recipe:: hostname
+#
+# Copyright 2011, Anso Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+unless Chef::Config[:solo]
+  node[:nova][:hostname] = node.name
+end
+
+execute "/root/hostname.sh" do
+  action :nothing
+end
+
+domain = node[:fqdn].split('.')[1..-1].join('.')
+
+template "/root/hostname.sh" do
+  source "hostname.erb"
+  owner "root"
+  group "root"
+  mode 0755
+  variables(
+    :ip => node[:nova][:my_ip],
+    :hostname => node[:nova][:hostname],
+    :domain => domain
+  )
+  notifies :run, resources(:execute => "/root/hostname.sh"), :immediately
+end

cookbooks/nova/recipes/mysql.rb

@@ -0,0 +1,60 @@
+#
+# Cookbook Name:: nova
+# Recipe:: mysql
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+execute "mysql-install-nova-privileges" do
+  command "/usr/bin/mysql -u root -p#{node[:mysql][:server_root_password]} < /etc/mysql/nova-grants.sql"
+  action :nothing
+end
+
+node[:mysql][:bind_address] = node[:nova][:my_ip]
+
+Chef::Log.info("Mysql recipe included")
+
+include_recipe "mysql::server"
+require 'rubygems'
+Gem.clear_paths
+require 'mysql'
+
+template "/etc/mysql/nova-grants.sql" do
+  path "/etc/mysql/nova-grants.sql"
+  source "grants.sql.erb"
+  owner "root"
+  group "root"
+  mode "0600"
+  variables(
+    :user     => node[:nova][:db][:user],
+    :password => node[:nova][:db][:password],
+    :database => node[:nova][:db][:database]
+  )
+  notifies :run, resources(:execute => "mysql-install-nova-privileges"), :immediately
+end
+
+execute "create #{node[:nova][:db][:database]} database" do
+  command "/usr/bin/mysqladmin -u root -p#{node[:mysql][:server_root_password]} create #{node[:nova][:db][:database]}"
+  not_if do
+    m = Mysql.new("localhost", "root", node[:mysql][:server_root_password])
+    m.list_dbs.include?(node[:nova][:db][:database])
+  end
+end
+
+# save data so it can be found by search
+unless Chef::Config[:solo]
+  Chef::Log.info("Saving node data")
+  node.save
+end

cookbooks/nova/recipes/network.rb

@@ -0,0 +1,34 @@
+#
+# Cookbook Name:: nova
+# Recipe:: network
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::common"
+nova_package("network")
+
+execute "sysctl -p" do
+  user "root"
+  action :nothing
+end
+
+template "/etc/sysctl.conf" do
+  source "sysctl.conf.erb"
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :run, resources(:execute => "sysctl -p"), :immediately
+end

cookbooks/nova/recipes/objectstore.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: nova
+# Recipe:: objectstore
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::common"
+nova_package("objectstore")

cookbooks/nova/recipes/openldap.rb

@@ -0,0 +1,72 @@
+#
+# Cookbook Name:: nova
+# Recipe:: openldap
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "openldap::server"
+include_recipe "python-ldap"
+
+##
+# Nova includes special templates for this resources, so we override them.
+##
+r = resources(:template => "#{node[:openldap][:dir]}/slapd.conf")
+r.cookbook("nova")
+
+template "#{node[:openldap][:dir]}/ldap.conf" do
+  owner "root"
+  group "root"
+  source "ldap.conf.erb"
+  mode "0644"
+end
+
+cookbook_file "/etc/ldap/schema/openssh-lpk_openldap.schema" do
+  source "openssh-lpk_openldap.schema"
+  owner "root"
+  group "root"
+  mode "0644"
+end
+
+cookbook_file "/etc/ldap/schema/nova.schema" do
+  source "nova.schema"
+  owner "root"
+  group "root"
+  mode "0644"
+end
+
+cookbook_file "/etc/ldap/base.ldif" do
+  source "base.ldif"
+  owner "root"
+  group "root"
+  mode "0644"
+end
+
+bash "bootstrap_ldap" do
+  code <<-EOH
+    /etc/init.d/slapd stop
+    rm -rf /var/lib/ldap/*
+    rm -rf /etc/ldap/slapd.d/*
+    slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
+    cp /usr/share/slapd/DB_CONFIG /var/lib/ldap/DB_CONFIG
+    slapadd -v -l /etc/ldap/base.ldif
+    chown -R openldap:openldap /etc/ldap/slapd.d
+    chown -R openldap:openldap /var/lib/ldap
+    /etc/init.d/slapd start
+  EOH
+  action :nothing
+  subscribes :execute, resources(:cookbook_file => "/etc/ldap/base.ldif")
+end
+

cookbooks/nova/recipes/rabbit.rb

@@ -0,0 +1,52 @@
+#
+# Cookbook Name:: nova
+# Recipe:: rabbit
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+node[:rabbitmq][:address] = node[:nova][:my_ip]
+
+include_recipe "rabbitmq"
+
+# add a vhost to the queue
+execute "rabbitmqctl add_vhost #{node[:nova][:rabbit][:vhost]}" do
+  not_if "rabbitmqctl list_vhosts | grep #{node[:nova][:rabbit][:vhost]}"
+  subscribes :run, resources(:service => "rabbitmq-server"), :immediately
+  #action :nothing
+end
+
+# create user for the queue
+execute "rabbitmqctl add_user #{node[:nova][:rabbit][:user]} #{node[:nova][:rabbit][:password]}" do
+  not_if "rabbitmqctl list_users | grep #{node[:nova][:rabbit][:user]}"
+  subscribes :run, resources(:service => "rabbitmq-server"), :immediately
+  #action :nothing
+end
+
+# grant the mapper user the ability to do anything with the vhost
+# the three regex's map to config, write, read permissions respectively
+execute "rabbitmqctl set_permissions -p #{node[:nova][:rabbit][:vhost]}  #{node[:nova][:rabbit][:user]} \".*\" \".*\" \".*\"" do
+  not_if "rabbitmqctl list_user_permissions #{node[:nova][:rabbit][:user]} | grep #{node[:nova][:rabbit][:vhost]}"
+  subscribes :run, resources(:service => "rabbitmq-server"), :immediately
+  #action :nothing
+end
+
+# save data so it can be found by search
+unless Chef::Config[:solo]
+  Chef::Log.info("Saving node data")
+  node.save
+end
+

cookbooks/nova/recipes/scheduler.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: nova
+# Recipe:: scheduler
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::common"
+nova_package("scheduler")

cookbooks/nova/recipes/setup.rb

@@ -0,0 +1,57 @@
+#
+# Cookbook Name:: nova
+# Recipe:: setup
+#
+# Copyright 2010, Opscode, Inc.
+# Copyright 2011, Anso Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+package "euca2ools"
+package "curl"
+
+execute "nova-manage db sync" do
+  user "nova"
+end
+
+execute "nova-manage user admin #{node[:nova][:user]} #{node[:nova][:access_key]} #{node[:nova][:secret_key]}" do
+  user 'nova'
+  not_if "nova-manage user list | grep #{node[:nova][:user]}"
+end
+
+execute "nova-manage project create #{node[:nova][:project]} #{node[:nova][:user]}" do
+  user 'nova'
+  not_if "nova-manage project list | grep #{node[:nova][:project]}"
+end
+
+execute "nova-manage network create #{node[:nova][:network]}" do
+  user 'nova'
+  not_if { File.exists?("/var/lib/nova/setup") }
+end
+
+execute "nova-manage floating create #{node[:nova][:hostname]} #{node[:nova][:floating_range]}" do
+  user 'nova'
+  not_if { File.exists?("/var/lib/nova/setup") }
+end
+
+(node[:nova][:images] or []).each do |image|
+  execute "curl #{image} | tar xvz -C /var/lib/nova/images" do
+    user 'nova'
+    not_if { File.exists?("/var/lib/nova/setup") }
+  end
+end
+
+execute "touch /var/lib/nova/setup"

cookbooks/nova/recipes/source.rb

@@ -0,0 +1,68 @@
+#
+# Cookbook Name:: nova
+# Recipe:: source
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "runit"
+
+execute "easy_install virtualenv"
+
+package "bzr"
+
+execute "bzr init-repo nova" do
+  cwd node[:nova][:services_base_dir]
+  not_if { File.directory?(node[:nova][:nova_base_dir]) }
+end
+
+execute "bzr branch #{node[:nova][:bzr_branch]} #{node[:nova][:local_branch_name]}" do
+  cwd node[:nova][:nova_base_dir]
+  not_if { File.directory?(node[:nova][:local_branch_dir]) }
+end
+
+execute "python tools/install_venv.py" do
+  cwd node[:nova][:local_branch_dir]
+  not_if { File.exists?(File.join(node[:nova][:local_branch_dir], ".nova-venv/bin/activate")) }
+end
+
+file File.join(node[:nova][:local_branch_dir], "/.nova-venv/lib/python2.6/site-packages/nova.pth") do
+  content node[:nova][:local_branch_dir]
+end
+
+bash "install nova user" do
+  code "./tools/with_venv.sh ./bin/nova-manage user admin admin"
+  cwd node[:nova][:local_branch_dir]
+  not_if "#{node[:nova][:local_branch_dir]}/tools/with_venv.sh #{node[:nova][:local_branch_dir]}/bin/nova-manage user list | grep admin"
+end
+
+
+bash "create project" do
+  code "./tools/with_venv.sh ./bin/nova-manage project create admin admin"
+  cwd node[:nova][:local_branch_dir]
+  not_if "#{node[:nova][:local_branch_dir]}/tools/with_venv.sh #{node[:nova][:local_branch_dir]}/bin/nova-manage project list | grep admin"
+end
+
+bash "create project zipfile" do
+  code "./tools/with_venv.sh ./bin/nova-manage project zip admin admin"
+  cwd node[:nova][:local_branch_dir]
+  not_if { File.exists?(File.join(node[:nova][:local_branch_dir], "nova.zip")) }
+end
+
+execute "unzip nova.zip" do
+  cwd node[:nova][:local_branch_dir]
+  not_if { File.exists?(File.join(node[:nova][:local_branch_dir], "novarc")) }
+end
+

cookbooks/nova/recipes/volume.rb

@@ -0,0 +1,57 @@
+#
+# Cookbook Name:: nova
+# Recipe:: volume
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::common"
+nova_package("volume")
+
+service "iscsitarget" do
+  supports :status => true, :restart => true, :reload => true
+  action :nothing
+end
+
+file "/etc/default/iscsitarget" do
+  content <<-EOH
+ISCSITARGET_ENABLE=true
+EOH
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :restart, resources(:service => "iscsitarget"), :immediately
+end
+
+directory "/var/lib/nova/scripts" do
+    owner "nova"
+    mode 0755
+    action :create
+end
+
+cookbook_file "/var/lib/nova/scripts/iscsidev.sh" do
+  source "iscsidev.sh"
+  owner "nova"
+  mode 0644
+end
+
+file "/etc/udev/rules.d/55-openiscsi.rules" do
+  content <<-EOH
+KERNEL=="sd*", BUS=="scsi", PROGRAM="/var/lib/nova/scripts/iscsidev.sh %b",SYMLINK+="iscsi/%c%n"
+EOH
+  owner "root"
+  group "root"
+  mode 0644
+end

cookbooks/nova/templates/default/grants.sql.erb

@@ -0,0 +1,5 @@
+GRANT ALL ON <%= @database %>.* TO '<%= @user %>'@'%' IDENTIFIED BY '<%= @password %>';
+
+SET PASSWORD FOR 'root'@'localhost' = PASSWORD('<%= node[:mysql][:server_root_password] %>');
+
+FLUSH PRIVILEGES;

cookbooks/nova/templates/default/hostname.erb

@@ -0,0 +1,5 @@
+#!/bin/bash
+HOSTNAME="<%= @hostname %>"
+hostname $HOSTNAME
+echo $HOSTNAME > /etc/hostname
+sed -i "s/127.0.1.1.*/<%= @ip %> $HOSTNAME.<%= @domain %> $HOSTNAME/g" /etc/hosts

cookbooks/nova/templates/default/ldap.conf.erb

@@ -0,0 +1,7 @@
+# LDAP Client Settings
+URI ldap://localhost
+BASE dc=example,dc=com
+BINDDN cn=Manager,dc=example,dc=com
+SIZELIMIT  0
+TIMELIMIT  0
+

cookbooks/nova/templates/default/nova.conf.erb

@@ -0,0 +1,28 @@
+--dhcpbridge_flagfile=/etc/nova/nova.conf
+--dhcpbridge=/usr/bin/nova-dhcpbridge
+--logdir=/var/log/nova
+--state_path=/var/lib/nova
+--verbose
+--my_ip=<%= node[:nova][:my_ip] %>
+--public_interface=<%= node[:nova][:public_interface] %>
+--vlan_interface=<%= node[:nova][:vlan_interface] %>
+--iscsi_ip_prefix=<%= node[:nova][:my_ip].split('.')[0..2].join('.') %>
+<% if @sql_connection %>--sql_connection=<%= @sql_connection %><% end %>
+<% if node[:nova][:libvirt_type] %>--libvirt_type=<%= node[:nova][:libvirt_type] %><% end %>
+<% if @rabbit_settings %>
+--rabbit_host=<%= @rabbit_settings[:address] %>
+--rabbit_port=<%= @rabbit_settings[:port] %>
+--rabbit_userid=<%= @rabbit_settings[:user] %>
+--rabbit_password=<%= @rabbit_settings[:password] %>
+--rabbit_virtual_host=<%= @rabbit_settings[:vhost] %>
+<% end %>
+--network_manager=<%= node[:nova][:network_manager] %>
+--default_project=<%= node[:nova][:default_project] %>
+<% if node[:nova][:flat_network_bridge] %>--flat_network_bridge=<%= node[:nova][:flat_network_bridge] %><% end %>
+<% if node[:nova][:flat_interface] %>--flat_interface=<%= node[:nova][:flat_interface] %><% end %>
+<% if node[:nova][:flat_network_dhcp_start] %>--flat_network_dhcp_start=<%= node[:nova][:flat_network_dhcp_start] %><% end %>
+--glance_host=<%= node[:nova][:glance_host] %>
+--glance_port=<%= node[:nova][:glance_port] %>
+--image_service=<%= node[:nova][:image_service] %>
+--lock_path=<%= node[:nova][:lock_path] %>
+--sql_idle_timeout=<%= node[:nova][:db][:sql_idle_timeout] %>

cookbooks/nova/templates/default/slapd.conf.erb

@@ -0,0 +1,36 @@
+# slapd.conf - Configuration file for LDAP SLAPD
+##########
+# Basics #
+##########
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/inetorgperson.schema
+include /etc/ldap/schema/openssh-lpk_openldap.schema
+include /etc/ldap/schema/nova.schema
+pidfile /var/run/slapd/slapd.pid
+argsfile /var/run/slapd/slapd.args
+loglevel none
+modulepath /usr/lib/ldap
+# modulepath /usr/local/libexec/openldap
+moduleload back_hdb
+##########################
+# Database Configuration #
+##########################
+database hdb
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw changeme
+directory /var/lib/ldap
+# directory /usr/local/var/openldap-data
+index objectClass,cn eq
+########
+# ACLs #
+########
+access to attrs=userPassword
+       by anonymous auth
+       by self write
+       by * none
+access to *
+       by self write
+       by * none
+

cookbooks/nova/templates/default/sv-nova-api-log-run.erb

@@ -0,0 +1,3 @@
+#!/bin/sh
+exec svlogd -tt ./main
+

cookbooks/nova/templates/default/sv-nova-api-run.erb

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+cd <%= File.join(node[:nova][:local_branch_dir]) %>
+source <%= File.join(node[:nova][:local_branch_dir], "novarc") %>
+exec 2>&1
+exec <%= File.join(node[:nova][:local_branch_dir], "tools", "with_venv.sh") %> <%= File.join(node[:nova][:local_branch_dir], "bin", "nova-api") %> --verbose --nodaemonize
+

cookbooks/nova/templates/default/sv-nova-compute-log-run.erb

@@ -0,0 +1,3 @@
+#!/bin/sh
+exec svlogd -tt ./main
+

cookbooks/nova/templates/default/sv-nova-compute-run.erb

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+cd <%= File.join(node[:nova][:local_branch_dir]) %>
+source <%= File.join(node[:nova][:local_branch_dir], "novarc") %>
+exec 2>&1
+exec <%= File.join(node[:nova][:local_branch_dir], "tools", "with_venv.sh") %> <%= File.join(node[:nova][:local_branch_dir], "bin", "nova-compute") %> --verbose --nodaemon --connection_type=<%= node[:nova][:compute_connection_type] %>
+
+
+

cookbooks/nova/templates/default/sv-nova-objectstore-log-run.erb

@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt ./main

cookbooks/nova/templates/default/sv-nova-objectstore-run.erb

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cd <%= File.join(node[:nova][:local_branch_dir]) %>
+source <%= File.join(node[:nova][:local_branch_dir], "novarc") %>
+exec 2>&1
+exec <%= File.join(node[:nova][:local_branch_dir], "tools", "with_venv.sh") %> <%= File.join(node[:nova][:local_branch_dir], "bin", "nova-objectstore") %> --verbose --nodaemon
+
+

cookbooks/nova/templates/default/sysctl.conf.erb

@@ -0,0 +1,60 @@
+
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#

cookbooks/nscd/metadata.json

@@ -0,0 +1,52 @@
+{
+  "platforms": {
+    "debian": [
+
+    ],
+    "centos": [
+
+    ],
+    "ubuntu": [
+
+    ],
+    "redhat": [
+
+    ]
+  },
+  "maintainer": "Opscode, Inc.",
+  "replacing": {
+
+  },
+  "license": "Apache 2.0",
+  "maintainer_email": "cookbooks@opscode.com",
+  "groupings": {
+
+  },
+  "recommendations": {
+
+  },
+  "description": "Installs and configures nscd",
+  "version": "0.7.0",
+  "suggestions": {
+    "openldap": [
+
+    ]
+  },
+  "attributes": {
+
+  },
+  "conflicting": {
+
+  },
+  "name": "nscd",
+  "recipes": {
+
+  },
+  "dependencies": {
+
+  },
+  "long_description": "",
+  "providing": {
+
+  }
+}