--- /dev/null
+AllCops:
+ Exclude:
+ - vendor/**/*
+
+AlignParameters:
+ Enabled: false
+LineLength:
+ Enabled: false
+Lint/UnusedBlockArgument:
+ Enabled: false
+Metrics/AbcSize:
+ Enabled: false
+Style/BlockComments:
+ Enabled: false
+Style/BlockDelimiters:
+ Enabled: false
+Style/ExtraSpacing:
+ Enabled: false
+Style/FileName:
+ Enabled: false
+Style/LeadingCommentSpace:
+ Enabled: false
+Style/RescueModifier:
+ Enabled: false
+Style/SpaceBeforeFirstArg:
+ Enabled: false
+Style/SpaceInsideBlockBraces:
+ Enabled: false
+Style/SpaceInsidePercentLiteralDelimiters:
+ Enabled: false
+Style/TrailingCommaInLiteral:
+ EnforcedStyleForMultiline: consistent_comma
+Style/WordArray:
+ Enabled: false
+
+#Lint/ShadowingOuterLocalVariable:
+# Enabled: false
+#Metrics/MethodLength:
+# Max: 10
+#Metrics/ModuleLength:
+# Max: 100
+#Metrics/CyclomaticComplexity:
+# Max: 6
+#Metrics/PerceivedComplexity:
+# Max: 7
+#Style/AccessorMethodName:
+# Enabled: false
+#Style/MultilineOperationIndentation:
+# Enabled: false
+#Style/PerlBackrefs:
+# Enabled: false
--- /dev/null
+#
+# Copyright 2017 whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+source 'https://supermarket.chef.io'
+
+metadata
--- /dev/null
+# athenz CHANGELOG
+
+0.1.0
+-----
+- Initial release of athenz
--- /dev/null
+source 'https://rubygems.org'
+
+# with Chef DK
+gem 'stove'
--- /dev/null
+athenz Cookbook
+===============
+
+This cookbook sets up Athenz services.
+
+## Contents
+
+- [Requirements](#requirements)
+ - [platforms](#platforms)
+ - [packages](#packages)
+- [Attributes](#attributes)
+- [Usage](#usage)
+ - [Recipes](#recipes)
+ - [athenz::default](#athenzdefault)
+ - [athenz::docker-compose](#athenzdocker-compose)
+ - [Role Examples](#role-examples)
+- [License and Authors](#license-and-authors)
+
+## Requirements
+
+### platforms
+
+- Debian >= 9.0
+- Ubuntu >= 14.04
+- CentOS, RHEL >= 7.3
+
+### packages
+- none.
+
+## Attributes
+
+|Key|Type|Description, example|Default|
+|:--|:--|:--|:--|
+|`['athenz']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/athenz"`|
+|`['athenz']['docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
+
+## Usage
+
+### Recipes
+
+#### athenz::default
+
+This recipe does nothing.
+
+#### athenz::docker-compose
+
+This recipe generates a `docker-compose.yml` for the Athenz services.
+
+### Role Examples
+
+- `roles/athenz-on-docker.rb`
+
+```ruby
+name 'athenz-on-docker'
+description 'Athenz on Docker'
+
+#athenz_zms_port = '4443' # default: 4443
+#athenz_zts_port = '8443' # default: 8443
+#athenz_ui_port = '9443' # default: 9443
+
+run_list(
+ 'role[docker]',
+ 'recipe[athenz::docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+override_attributes(
+ 'docker-grid' => {
+ 'engine' => {
+ 'skip_setup' => false,
+ },
+ 'compose' => {
+ 'skip_setup' => false,
+ },
+ },
+ 'athenz' => {
+ 'docker-compose' => {
+ 'config' => {
+ 'services' => {
+ 'athenz' => {
+ 'image' => 'athenz/athenz:v1.7.12', # NG: its image fails to start in the version 1.7.20 or later.
+ #'ports' => [
+ # "#{athenz_zms_port}:4443",
+ # "#{athenz_zts_port}:8443",
+ # "#{athenz_ui_port}:9443",
+ #],
+ 'environment' => {
+ },
+ },
+ },
+ },
+ },
+ },
+)
+```
+
+## License and Authors
+
+- Author:: whitestar at osdn.jp
+
+```text
+Copyright 2017, whitestar
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```
--- /dev/null
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'foodcritic'
+require 'stove/rake_task'
+
+namespace :style do
+ desc 'Run Ruby style checks'
+ RuboCop::RakeTask.new(:ruby) do |t|
+ t.options = [
+ '--auto-gen-config', # creates .rubocop_todo.yml
+ ]
+ end
+
+ desc 'Run Chef style checks'
+ FoodCritic::Rake::LintTask.new(:chef) do |t|
+ t.options = {
+ fail_tags: ['any'],
+ }
+ end
+end
+
+desc 'Run all style checks'
+task style: ['style:chef', 'style:ruby']
+
+desc 'Run ChefSpec examples'
+RSpec::Core::RakeTask.new(:spec)
+
+desc 'Publish cookbook'
+Stove::RakeTask.new(:publish) do |t|
+ t.stove_opts = [
+ # `--username` and `--key` are set in ~/.stove typically.
+ #'--username', 'somebody',
+ #'--key', '~/chef/chef.io.example.com/somebody.pem',
+ #'--endpoint', 'https://supermarket.io.example.com/api/v1', # default: supermarket.chef.io
+ #'--no-ssl-verify',
+ '--no-git',
+ '--log-level', 'info',
+ ]
+end
+
+task default: ['style', 'spec']
--- /dev/null
+#
+# Cookbook Name:: athenz
+# Attributes:: default
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+force_override['athenz']['with_ssl_cert_cookbook'] = false
+# If ['athenz']['with_ssl_cert_cookbook'] is true,
+# node['athenz']['docker-compose']['config']
+# are overridden by the following 'common_name' attributes.
+default['athenz']['ssl_cert']['common_name'] = node['fqdn']
+
+default['athenz']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/athenz"
+
+force_override['athenz']['docker-compose']['config_format_version'] = '2'
+version_2_config = {
+ # Version 2 docker-compose format
+ 'version' => '2',
+ 'services' => {
+ 'athenz' => {
+ 'restart' => 'always',
+ 'image' => 'athenz/athenz:v1.7.12', # NG: its image fails to start in the version 1.7.20 or later.
+ 'hostname' => node['fqdn'],
+ 'ports' => [
+ # defaults
+ #'4443:4443', # ZMS
+ #'8443:8443', # ZTS
+ #'9443:9443', # UI
+ ],
+ 'volumes' => [
+ ],
+ 'environment' => {
+ 'ZMS_SERVER' => node['fqdn'],
+ 'UI_SERVER' => node['fqdn'],
+ },
+ },
+ },
+}
+
+default['athenz']['docker-compose']['config'] = version_2_config
--- /dev/null
+---
+# $ fly -t target sp -p athenz-cookbook -c concourse.yml -l fly-vars.yml -l ~/sec/credentials-prod.yml
+resources:
+- name: src-git
+ type: git
+ source:
+ uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git
+ branch: master
+ paths:
+ - cookbooks/((cookbook-name))
+ private_key: ((git-private-key))
+ git_user: ((git-user-osdn))
+ #check_every: 1h # default: 1m
+- name: chefdk-cache
+ type: docker-image
+ source:
+ repository: chef/chefdk
+ tag: ((chefdk-version))
+ # ((param)) style: fly >= 3.2.0
+ registry_mirror: https://((registry-mirror-domain)) # e.g. https://registry.docker.example.com:5000
+ ca_certs:
+ - domain: ((registry-mirror-domain)) # e.g. registry.docker.example.com:5000
+ cert: ((docker-reg-ca-cert))
+ check_every: 12h # default: 1m
+
+jobs:
+- name: test-cookbook
+ plan:
+ - aggregate:
+ - get: src-git
+ params:
+ depth: 5
+ trigger: true
+ - get: chefdk-cache
+ - task: ci-build
+ image: chefdk-cache
+ params:
+ http_proxy: ((http-proxy)) # e.g. http://proxy.example.com:3128
+ #HTTP_PROXY: ((http-proxy))
+ config:
+ platform: linux
+ #image_resource:
+ # type: docker-image
+ # source:
+ # repository: chef/chefdk
+ # tag: ((chefdk-version))
+ # NG, setting disable
+ #registry_mirror: https://((registry-mirror-domain))
+ #ca_certs:
+ #- domain: ((registry-mirror-domain))
+ # cert: ((docker-reg-ca-cert))
+ inputs:
+ - name: src-git
+ run:
+ #dir: ./src-git/cookbooks/((cookbook-name))
+ #path: rake
+ path: /bin/bash
+ args:
+ - -c
+ - |
+ cd ./src-git/cookbooks/((cookbook-name))
+ bundle install
+ rake
+- name: publish-cookbook
+ plan:
+ - aggregate:
+ - get: src-git
+ params:
+ depth: 5
+ trigger: false
+ passed: [test-cookbook]
+ - get: chefdk-cache
+ passed: [test-cookbook]
+ - task: publish
+ image: chefdk-cache
+ params:
+ http_proxy: ((http-proxy))
+ chef_username: ((chef-username))
+ chef_client_key: ((chef-client-key))
+ config:
+ platform: linux
+ inputs:
+ - name: src-git
+ run:
+ path: /bin/bash
+ args:
+ - -c
+ - |
+ echo '{"username":"((chef-username))","key":"/root/chef-client-key.pem"}' > /root/.stove
+ echo "$chef_client_key" > /root/chef-client-key.pem
+ cd ./src-git/cookbooks/((cookbook-name))
+ bundle install
+ rake publish
+ - put: src-git
+ params:
+ repository: src-git
+ tag_prefix: ((cookbook-name))-
+ tag: src-git/cookbooks/((cookbook-name))/version
+ only_tag: true
+ annotate: ../src-git/cookbooks/((cookbook-name))/version
--- /dev/null
+---
+cookbook-name: athenz
+chefdk-version: 1.4.3
--- /dev/null
+name 'athenz'
+maintainer 'whitestar'
+maintainer_email ''
+license 'Apache 2.0'
+description 'Installs/Configures Athenz'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version IO.read(File.join(File.dirname(__FILE__), 'version')).chomp
+source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
+issues_url 'https://osdn.jp/projects/metasearch/ticket'
+
+chef_version '>= 12'
+%w(centos redhat).each do |os|
+ supports os, '>= 7.3'
+end
+supports 'debian', '>= 9.0'
+supports 'ubuntu', '>= 14.04'
+
+depends 'docker-grid', '>= 0.4.0'
+depends 'platform_utils', '>= 0.4.4'
+depends 'ssl_cert', '>= 0.3.9'
--- /dev/null
+#
+# Cookbook Name:: athenz
+# Recipe:: default
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
--- /dev/null
+#
+# Cookbook Name:: athenz
+# Recipe:: docker-compose
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+doc_url = 'https://hub.docker.com/r/athenz/athenz/'
+
+include_recipe 'platform_utils::kernel_user_namespace'
+include_recipe 'docker-grid::compose'
+
+app_dir = node['athenz']['docker-compose']['app_dir']
+
+[
+ app_dir,
+].each {|dir|
+ resources(directory: dir) rescue directory dir do
+ owner 'root'
+ group 'root'
+ mode '0755'
+ recursive true
+ end
+}
+
+config_srvs = node['athenz']['docker-compose']['config']['services']
+override_config_srvs = node.override['athenz']['docker-compose']['config']['services']
+#force_override_config_srvs = node.force_override['athenz']['docker-compose']['config']['services']
+#athenz_envs_org = config_srvs['athenz']['environment']
+#athenz_envs = {}
+athenz_vols = config_srvs['athenz']['volumes'].to_a
+
+ports = config_srvs['athenz']['ports']
+if ports.empty?
+ override_config_srvs['athenz']['ports'] = [
+ '4443:4443',
+ '8443:8443',
+ '9443:9443',
+ ]
+end
+
+# merge environment hash
+#force_override_config_srvs['athenz']['environment'] = athenz_envs unless athenz_envs.empty?
+# reset vlumes array.
+override_config_srvs['athenz']['volumes'] = athenz_vols unless athenz_vols.empty?
+
+config_file = "#{app_dir}/docker-compose.yml"
+template config_file do
+ source 'opt/docker-compose/app/athenz/docker-compose.yml'
+ owner 'root'
+ group 'root'
+ mode '0644'
+end
+
+log <<-"EOM"
+Note: You must execute the following command manually.
+ See #{doc_url}
+ * Start:
+ $ cd #{app_dir}
+ $ docker-compose up -d
+ * Stop
+ $ docker-compose down
+EOM
--- /dev/null
+require_relative '../spec_helper'
+
+describe 'athenz::default' do
+ let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) }
+
+ #it 'does something' do
+ # expect(chef_run).to do_something('...')
+ #end
+end
--- /dev/null
+# Added by ChefSpec
+require 'chefspec'
+
+# Uncomment to use ChefSpec's Berkshelf extension
+# require 'chefspec/berkshelf'
+
+RSpec.configure do |config|
+ # Specify the path for Chef Solo to find cookbooks
+ # config.cookbook_path = '/var/cookbooks'
+
+ # Specify the path for Chef Solo to find roles
+ # config.role_path = '/var/roles'
+
+ # Specify the Chef log_level (default: :warn)
+ # config.log_level = :debug
+
+ # Specify the path to a local JSON file with Ohai data
+ # config.path = 'ohai.json'
+
+ # Specify the operating platform to mock Ohai data from
+ # config.platform = 'ubuntu'
+
+ # Specify the operating version to mock Ohai data from
+ # config.version = '12.04'
+end
--- /dev/null
+<%
+require 'yaml'
+yaml_str = node['athenz']['docker-compose']['config'].to_hash.to_yaml
+-%>
+<%= yaml_str %>
--- /dev/null
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'athenz-on-docker'
+description 'Athenz on Docker'
+
+#athenz_cn = 'athenz.io.example.com' # default: node['fqdn']
+#athenz_zms_port = '4443' # default: 4443
+#athenz_zts_port = '8443' # default: 8443
+#athenz_ui_port = '9443' # default: 9443
+
+run_list(
+ 'role[docker]',
+ 'recipe[athenz::docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+override_attributes(
+ 'docker-grid' => {
+ 'engine' => {
+ 'skip_setup' => false,
+ },
+ 'compose' => {
+ 'skip_setup' => false,
+ },
+ },
+ 'athenz' => {
+ 'docker-compose' => {
+ 'config' => {
+ 'services' => {
+ 'athenz' => {
+ #'ports' => [
+ # "#{athenz_zms_port}:4443",
+ # "#{athenz_zts_port}:8443",
+ # "#{athenz_ui_port}:9443",
+ #],
+ 'environment' => {
+ },
+ },
+ },
+ },
+ },
+ },
+)