[chef] Re: Re: Re: Re: Re: Re: apt repository cookbook


Chronological Thread 
  • From: Jake Plimack < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Re: Re: apt repository cookbook
  • Date: Thu, 19 Feb 2015 16:15:05 -0700

Douglas,
I took the approach of writing a wrapper-cookbook that sets up all my repos (apt [mirror / private repo], git+gitweb, gems, pypi) since they are all basically doing the exact same thing for each repo type.  While that repository cookbook looks neat, I had the need to both have a mirror of the debian repos, as well as manage my own with a higher apt-priority.  I adapted the apt-mirror cookbook to take an attribute defined data source so I could swap in citadel to grab repo settings instead of using data bags, as well.  The one thing I haven't gotten to work quite right is generating entropy for the GPG key creation without logging in and doing lots of stuff.

Jake
@Eulipion

---Metadata---
name             'myOrg-repos'
maintainer       'eulipion'
license          'All rights reserved'
description      'Installs/Configures myOrg-repos'
long_description 'Installs/Configures myOrg-repos'
version          '0.1.7'

%w{ reprepro gems apt-mirror apache2 geminabox nscd yum gitweb }.each {|dep| depends dep }
%w{ debian }.each do { |os| supports os }


---Berksfile---

metadata
cookbook 'reprepro', path: "~/repos/reprepro"
cookbook 'apt-mirror', '~> 0.1.2', path: "~/repos/apt-mirror"
cookbook 'geminabox', '~> 0.2.0'
cookbook 'myOrg-apt', path: "../myOrg-apt"
cookbook 'gitweb', github: 'kplimack/eulipion-gitweb'

---Files---
├── Berksfile
├── CHANGELOG.md
├── Gemfile
├── LICENSE
├── README.md
├── Thorfile
├── Vagrantfile
├── attributes
│   └── default.rb
├── chefignore
├── metadata.rb
├── myorg-repos-cookbook
├── recipes
│   ├── apt-mirror.rb
│   ├── default.rb
│   ├── gems.rb
│   ├── git.rb
│   └── reprepro.rb
├── templates
│   └── default
│       └── web_app.conf.erb
└── test
    └── integration
        └── default
            ├── bats
            │   ├── deps.bats
            │   └── gitweb.bats
            └── serverspec
                ├── apache_spec.rb
                └── gitweb_spec.rb

On Thu, Feb 19, 2015 at 3:47 PM, Douglas Garstang < " target="_blank"> > wrote:
Well, unfortunately we do not have the expertise on staff. Organisations rarely devote resources to such fundamental things.

On Thu, Feb 19, 2015 at 12:03 PM, AJ Christensen < " target="_blank"> > wrote:
Yeah with expertise on staff you can certainly afford to review and
improve the quality of external 3rd party software, there is a
non-zero cost though; it's often comparable to starting over (with the
requisite expertise, again).

Unfortunately with the pretty much limitless capabilities of
cookbooks, it's seems super hard to build automated Supermarket-based
acceptance criteria - imagine the infrastructure permutation matrix
and cost to ChefSoftwareInc; they already have great systems in place
for official ChefSoftwareInc cookbooks testing/acceptance/regression
testing.

I think my original comment stands: If you understand the code having
CR'd it to appropriate quality level for your organization, feel free
to trust in it, but don't placate yourself. Conversely, if you're
having trouble reasoning through the basic Chef cookbook functionality
in-use in the third-party software; I would probably recommend trying
something simpler, especially with the relevant experience.

cheers,

--aj

On Fri, Feb 20, 2015 at 8:54 AM, Daniel Condomitti
< " target="_blank"> > wrote:
> There’s no official process for vetting cookbooks or publishing that they
> have been through any kind of audit process. It’s just good practice in
> general to audit anything you’re using in your infrastructure; just like
> you’d do with an internal review of a codebase within your organization.
>
> Has anything like that been proposed? Obviously there’s no way to warranty
> it saying that a specific cookbook isn’t going to break something in your
> infrastructure or work properly. Some sort of review process to ensure that
> a cookbook isn’t doing anything malicious or pulling in un-signed
> dependencies would probably be really helpful to the community.
>
> On Thursday, February 19, 2015 at 2:48 PM, Douglas Garstang wrote:
>
> Thanks AJ. I'll check that out, but ...
>
> "I wouldn't really recommend using any community cookbooks (not even
> mine), especially if you don't know what the code is doing. You are
> effectively backdoor/root shelling all of your machines with
> ignorance.".
>
> ... your pretty much poo-pooing the entire chef community cookbook approach
> there aren't you?
>
> Doug.
>
> On Thu, Feb 19, 2015 at 11:42 AM, AJ Christensen
> < > wrote:
>
> No need to use a cookbook. Try aptly, it's stand-alone
> http://www.aptly.info/ -- packagecloud.io is similar, but a hosted
> SaaS.
>
> You might be able to use the LWRPs from that Heavy Water repository
> cookbook without using the recipes.
>
> It looks like the resource declaration at line 34-37 is the wrong type
> of resource. It looks as though you want a
> Chef::Resource::RepositoryPackage (repository_package), which has the
> repository parameter/argument:
> https://github.com/hw-cookbooks/repository/blob/master/resources/package.rb
>
> The repository resource is special 'default' LWRP.
>
> I wouldn't really recommend using any community cookbooks (not even
> mine), especially if you don't know what the code is doing. You are
> effectively backdoor/root shelling all of your machines with
> ignorance.
>
> cheers,
>
> --aj
>
> On Fri, Feb 20, 2015 at 8:32 AM, Douglas Garstang
> < " target="_blank"> > wrote:
>> I'm trying to set up an apt repository with chef. Trying to use a
>> community
>> cookbook, I found this one: https://github.com/hw-cookbooks/repository
>>
>> It's readme says to drop new deb files into the /srv/repository_incoming
>> directory and then run the chef-client. Doing that gets me this error:
>>
>> ==> default: NoMethodError
>> ==> default: -------------
>> ==> default: undefined method `repository' for Chef::Resource::Repository
>> ==> default:
>> ==> default:
>> ==> default: Cookbook Trace:
>> ==> default: ---------------
>> ==> default:
>>
>> /tmp/vagrant-chef/8c7b6c4971128a90594d5194827546c6/cookbooks/repository/recipes/incoming.rb:36:in
>> `block (3 levels) in from_file'
>> ==> default:
>>
>> /tmp/vagrant-chef/8c7b6c4971128a90594d5194827546c6/cookbooks/repository/recipes/incoming.rb:33:in
>> `each'
>> ==> default:
>>
>> /tmp/vagrant-chef/8c7b6c4971128a90594d5194827546c6/cookbooks/repository/recipes/incoming.rb:33:in
>> `block (2 levels) in from_file'
>> ==> default:
>> ==> default:
>> ==> default:
>> ==> default: Resource Declaration:
>> ==> default: ---------------------
>> ==> default: # In
>>
>> /tmp/vagrant-chef/8c7b6c4971128a90594d5194827546c6/cookbooks/repository/recipes/incoming.rb
>> ==> default:
>> ==> default:  30: ruby_block 'Repository - Process incoming' do
>> ==> default:  31:   action :nothing
>> ==> default:  32:   block do
>> ==> default:  33:
>> Dir.glob(File.join(node[:repository][:incoming][:directory],
>> '*.deb')).each
>> do |deb_file|
>> ==> default:  34:       r = Chef::Resource::Repository.new(deb_file,
>> run_context)
>> ==> default:  35:       r.action :nothing
>> ==> default:  36:       r.repository node[:repository][:incoming][:name]
>> ==> default:  37:       r.run_action(:add)
>> ==> default:  38:     end
>> ==> default:  39:   end
>> ==> default:  40:   only_if do
>> ==> default:  41:
>> File.directory?(node[:repository][:incoming][:directory])
>> ==> default:  42:   end
>> ==> default:  43: end
>>
>> I've been digging around and I can't even find the
>> Chef::Resource::Repository resource, so I have no idea what's going on.
>> Any
>> idea? Or, is there a better community cookbook for managing a private apt
>> repository?
>>
>> Doug
>>
>
>
>
>
> --
> Regards,
>
> Douglas Garstang
> http://www.linkedin.com/in/garstang
> Email: " target="_blank">
> Cell: +1-805-340-5627
>
>



--




Archive powered by MHonArc 2.6.16.

§