Update dependency cookbooks and gitlab cookbook for 6.3

apt/CHANGELOG.md

@@ -3,6 +3,15 @@ apt Cookbook CHANGELOG
 This file is used to list changes made in each version of the apt cookbook.
+v2.3.0
+------
+### Bug
+- **[COOK-3812](https://tickets.opscode.com/browse/COOK-3812)** - Add a way to bypass the apt existence check
+
+### Improvement
+- **[COOK-3567](https://tickets.opscode.com/browse/COOK-3567)** - Allow users to bypass apt-cache via attributes
+
+
 v2.2.1
 ------
 ### Improvement

apt/README.md

@@ -36,6 +36,35 @@ This recipe also sets up a local cache directory for preseeding packages.
 ### cacher-client
 Configures the node to use the `apt-cacher-ng` server as a client.
+#### Bypassing the cache
+Occasionally you may come across repositories that do not play nicely when the node is using an `apt-cacher-ng` server. You can configure `cacher-client` to bypass the server and connect directly to the repository with the `cache_bypass` attribute.
+
+To do this, you need to override the `cache_bypass` attribute with an array of repositories, with each array key as the repository URL and value as the protocol to use:
+
+```json
+{
+    ...,
+    'apt': {
+        ...,
+        'cache_bypass': {
+            URL: PROTOCOL
+        }
+    }
+}
+```
+
+For example, to prevent caching and directly connect to the repository at `download.oracle.com` via http:
+
+```json
+{
+    'apt': {
+        'cache_bypass': {
+            'download.oracle.com': 'http'
+        }
+    }
+}
+```
+
 ### cacher-ng
 Installs the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html.
@@ -50,6 +79,7 @@ Attributes
 * `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'
 * `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false'
 * `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false'
+* `['apt']['cache_bypass']` - array of URLs to bypass the cache. Accepts the URL and protocol to  fetch directly from the remote repository and not attempt to cache
 Libraries
 ---------

apt/attributes/default.rb

@@ -24,3 +24,4 @@ default['apt']['cacher_port'] = 3142
 default['apt']['caching_server'] = false
 default['apt']['compiletime'] = false
 default['apt']['key_proxy'] = ''
+default['apt']['cache_bypass'] = {}

apt/libraries/helpers.rb

@@ -41,3 +41,7 @@ module Apt
     end
   end
 end
+
+Chef::Recipe.send(:include, ::Apt::Helpers)
+Chef::Resource.send(:include, ::Apt::Helpers)
+Chef::Provider.send(:include, ::Apt::Helpers)

apt/metadata.json

 {
   "name": "apt",
-  "version": "2.2.1",
+  "version": "2.3.0",
   "description": "Configures apt and apt services and LWRPs for managing apt repositories and preferences",
-  "long_description": "apt Cookbook\n============\nThis cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d.\n\n\nRequirements\n------------\n**Version 2.0.0+ of this cookbook requires Chef 11.0.0 or later**. If your Chef version is earlier than 11.0.0, use version 1.10.0 of this cookbook.\n\nVersion 1.8.2 to 1.10.0 of this cookbook requires **Chef 10.16.4** or later.\n\nIf your Chef version is earlier than 10.16.4, use version 1.7.0 of this cookbook.\n\n### Platform\nPlease refer to the [TESTING file](TESTING.md) to see the currently (and passing) tested platforms. The release was tested on:\n\n* Ubuntu 10.04\n* Ubuntu 12.04\n* Ubuntu 13.04\n* Debian 7.1\n* Debian 6.0 (have with manual testing)\n\nMay work with or without modification on other Debian derivatives.\n\n\n-------\n### default\nThis recipe installs the `update-notifier-common` package to provide the timestamp file used to only run `apt-get update` if the cache is more than one day old.\n\nThis recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef.\n\nThis recipe also sets up a local cache directory for preseeding packages.\n\n**Including the default recipe on a node that does not support apt (such as Windows) results in a noop.**\n\n### cacher-client\nConfigures the node to use the `apt-cacher-ng` server as a client.\n\n### cacher-ng\nInstalls the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html.\n\nIf you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`).\n\n\nAttributes\n----------\n* `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search\n* `['apt']['cacher_interface]` - interface to connect to the cacher-ng service, no default.\n* `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142'\n* `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'\n* `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false'\n* `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false'\n\nLibraries\n---------\nThere is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute.\n\nResources/Providers\n-------------------\n### `apt_repository`\nThis LWRP provides an easy way to manage additional APT repositories. Adding a new repository will notify running the `execute[apt-get-update]` resource immediately.\n\n#### Actions\n- :add: creates a repository file and builds the repository listing\n- :remove: removes the repository file\n\n#### Attribute Parameters\n- repo_name: name attribute. The name of the channel to discover\n- uri: the base of the Debian distribution\n- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick`\n- components: package groupings..when it doubt use `main`\n- arch: constrain package to a particular arch like `i386`, `amd64` or even `armhf` or `powerpc`. Defaults to nil.\n- trusted: treat all packages from this repository as authenticated regardless of signature\n- deb_src: whether or not to add the repository as a source repo as well - value can be `true` or `false`, default `false`.\n- keyserver: the GPG keyserver where the key for the repo should be retrieved\n- key: if a `keyserver` is provided, this is assumed to be the fingerprint, otherwise it can be either the URI to the GPG key for the repo, or a cookbook_file.\n- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG.\n- cookbook: if key should be a cookbook_file, specify a cookbook where the key is located for files/default. Defaults to nil, so it will use the cookbook where the resource is used.\n\n#### Examples\n\nAdd the Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n  uri        'http://dev.zenoss.org/deb'\n  components ['main', 'stable']\nend\n```\n\nAdd the Nginx PPA, grabbing the key from keyserver:\n\n```ruby\napt_repository 'nginx-php' do\n  uri          'http://ppa.launchpad.net/nginx/php5/ubuntu'\n  distribution node['lsb']['codename']\n  components   ['main']\n  keyserver    'keyserver.ubuntu.com'\n  key          'C300EE8C'\nend\n```\n\nAdd the Nginx PPA, grab the key from the keyserver, and add source repo:\n\n```ruby\napt_repository 'nginx-php' do\n  uri          'http://ppa.launchpad.net/nginx/php5/ubuntu'\n  distribution node['lsb']['codename']\n  components   ['main']\n  keyserver    'keyserver.ubuntu.com'\n  key          'C300EE8C'\n  deb_src      true\nend\n```\n\nAdd the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64:\n\n```ruby\napt_repository 'cloudera' do\n  uri          'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh'\n  arch         'amd64'\n  distribution 'precise-cdh4'\n  components   ['contrib']\n  key          'http://archive.cloudera.com/debian/archive.key'\nend\n```\n\nRemove Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n  action :remove\nend\n```\n\n### `apt_preference`\nThis LWRP provides an easy way to pin packages in /etc/apt/preferences.d. Although apt-pinning is quite helpful from time to time please note that Debian does not encourage its use without thorough consideration.\n\nFurther information regarding apt-pinning is available via http://wiki.debian.org/AptPreferences.\n\n#### Actions\n- :add: creates a preferences file under /etc/apt/preferences.d\n- :remove: Removes the file, therefore unpin the package\n\n#### Attribute Parameters\n- package_name: name attribute. The name of the package\n- glob: Pin by glob() expression or regexp surrounded by /.\n- pin: The package version/repository to pin\n- pin_priority: The pinning priority aka \"the highest package version wins\"\n\n#### Examples\nPin libmysqlclient16 to version 5.1.49-3:\n\n```ruby\napt_preference 'libmysqlclient16' do\n  pin          'version 5.1.49-3'\n  pin_priority '700'\nend\n```\n\nUnpin libmysqlclient16:\n\n```ruby\napt_preference 'libmysqlclient16' do\n  action :remove\nend\n```\n\nPin all packages from dotdeb.org:\n\n```ruby\napt_preference 'dotdeb' do\n  glob         '*'\n  pin          'origin packages.dotdeb.org'\n  pin_priority '700'\nend\n```\n\n\nUsage\n-----\nPut `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:\n\n```ruby\ntemplate '/etc/apt/sources.list.d/my_apt_sources.list' do\n  notifies :run, 'execute[apt-get update]', :immediately\nend\n```\n\nThe above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.\n\nPut `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server.\n\nIf you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup.\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman (joshua@opscode.com)\n- Author:: Matt Ray (matt@opscode.com)\n- Author:: Seth Chisamore (schisamo@opscode.com)\n\n```text\nCopyright 2009-2013, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n",
+  "long_description": "apt Cookbook\n============\nThis cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d.\n\n\nRequirements\n------------\n**Version 2.0.0+ of this cookbook requires Chef 11.0.0 or later**. If your Chef version is earlier than 11.0.0, use version 1.10.0 of this cookbook.\n\nVersion 1.8.2 to 1.10.0 of this cookbook requires **Chef 10.16.4** or later.\n\nIf your Chef version is earlier than 10.16.4, use version 1.7.0 of this cookbook.\n\n### Platform\nPlease refer to the [TESTING file](TESTING.md) to see the currently (and passing) tested platforms. The release was tested on:\n\n* Ubuntu 10.04\n* Ubuntu 12.04\n* Ubuntu 13.04\n* Debian 7.1\n* Debian 6.0 (have with manual testing)\n\nMay work with or without modification on other Debian derivatives.\n\n\n-------\n### default\nThis recipe installs the `update-notifier-common` package to provide the timestamp file used to only run `apt-get update` if the cache is more than one day old.\n\nThis recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef.\n\nThis recipe also sets up a local cache directory for preseeding packages.\n\n**Including the default recipe on a node that does not support apt (such as Windows) results in a noop.**\n\n### cacher-client\nConfigures the node to use the `apt-cacher-ng` server as a client.\n\n#### Bypassing the cache\nOccasionally you may come across repositories that do not play nicely when the node is using an `apt-cacher-ng` server. You can configure `cacher-client` to bypass the server and connect directly to the repository with the `cache_bypass` attribute.\n\nTo do this, you need to override the `cache_bypass` attribute with an array of repositories, with each array key as the repository URL and value as the protocol to use:\n\n```json\n{\n    ...,\n    'apt': {\n        ...,\n        'cache_bypass': {\n            URL: PROTOCOL\n        }\n    }\n}\n```\n\nFor example, to prevent caching and directly connect to the repository at `download.oracle.com` via http:\n\n```json\n{\n    'apt': {\n        'cache_bypass': {\n            'download.oracle.com': 'http'\n        }\n    }\n}\n```\n\n### cacher-ng\nInstalls the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html.\n\nIf you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`).\n\n\nAttributes\n----------\n* `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search\n* `['apt']['cacher_interface]` - interface to connect to the cacher-ng service, no default.\n* `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142'\n* `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'\n* `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false'\n* `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false'\n* `['apt']['cache_bypass']` - array of URLs to bypass the cache. Accepts the URL and protocol to  fetch directly from the remote repository and not attempt to cache\n\nLibraries\n---------\nThere is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute.\n\nResources/Providers\n-------------------\n### `apt_repository`\nThis LWRP provides an easy way to manage additional APT repositories. Adding a new repository will notify running the `execute[apt-get-update]` resource immediately.\n\n#### Actions\n- :add: creates a repository file and builds the repository listing\n- :remove: removes the repository file\n\n#### Attribute Parameters\n- repo_name: name attribute. The name of the channel to discover\n- uri: the base of the Debian distribution\n- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick`\n- components: package groupings..when it doubt use `main`\n- arch: constrain package to a particular arch like `i386`, `amd64` or even `armhf` or `powerpc`. Defaults to nil.\n- trusted: treat all packages from this repository as authenticated regardless of signature\n- deb_src: whether or not to add the repository as a source repo as well - value can be `true` or `false`, default `false`.\n- keyserver: the GPG keyserver where the key for the repo should be retrieved\n- key: if a `keyserver` is provided, this is assumed to be the fingerprint, otherwise it can be either the URI to the GPG key for the repo, or a cookbook_file.\n- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG.\n- cookbook: if key should be a cookbook_file, specify a cookbook where the key is located for files/default. Defaults to nil, so it will use the cookbook where the resource is used.\n\n#### Examples\n\nAdd the Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n  uri        'http://dev.zenoss.org/deb'\n  components ['main', 'stable']\nend\n```\n\nAdd the Nginx PPA, grabbing the key from keyserver:\n\n```ruby\napt_repository 'nginx-php' do\n  uri          'http://ppa.launchpad.net/nginx/php5/ubuntu'\n  distribution node['lsb']['codename']\n  components   ['main']\n  keyserver    'keyserver.ubuntu.com'\n  key          'C300EE8C'\nend\n```\n\nAdd the Nginx PPA, grab the key from the keyserver, and add source repo:\n\n```ruby\napt_repository 'nginx-php' do\n  uri          'http://ppa.launchpad.net/nginx/php5/ubuntu'\n  distribution node['lsb']['codename']\n  components   ['main']\n  keyserver    'keyserver.ubuntu.com'\n  key          'C300EE8C'\n  deb_src      true\nend\n```\n\nAdd the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64:\n\n```ruby\napt_repository 'cloudera' do\n  uri          'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh'\n  arch         'amd64'\n  distribution 'precise-cdh4'\n  components   ['contrib']\n  key          'http://archive.cloudera.com/debian/archive.key'\nend\n```\n\nRemove Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n  action :remove\nend\n```\n\n### `apt_preference`\nThis LWRP provides an easy way to pin packages in /etc/apt/preferences.d. Although apt-pinning is quite helpful from time to time please note that Debian does not encourage its use without thorough consideration.\n\nFurther information regarding apt-pinning is available via http://wiki.debian.org/AptPreferences.\n\n#### Actions\n- :add: creates a preferences file under /etc/apt/preferences.d\n- :remove: Removes the file, therefore unpin the package\n\n#### Attribute Parameters\n- package_name: name attribute. The name of the package\n- glob: Pin by glob() expression or regexp surrounded by /.\n- pin: The package version/repository to pin\n- pin_priority: The pinning priority aka \"the highest package version wins\"\n\n#### Examples\nPin libmysqlclient16 to version 5.1.49-3:\n\n```ruby\napt_preference 'libmysqlclient16' do\n  pin          'version 5.1.49-3'\n  pin_priority '700'\nend\n```\n\nUnpin libmysqlclient16:\n\n```ruby\napt_preference 'libmysqlclient16' do\n  action :remove\nend\n```\n\nPin all packages from dotdeb.org:\n\n```ruby\napt_preference 'dotdeb' do\n  glob         '*'\n  pin          'origin packages.dotdeb.org'\n  pin_priority '700'\nend\n```\n\n\nUsage\n-----\nPut `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:\n\n```ruby\ntemplate '/etc/apt/sources.list.d/my_apt_sources.list' do\n  notifies :run, 'execute[apt-get update]', :immediately\nend\n```\n\nThe above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.\n\nPut `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server.\n\nIf you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup.\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman (joshua@opscode.com)\n- Author:: Matt Ray (matt@opscode.com)\n- Author:: Seth Chisamore (schisamo@opscode.com)\n\n```text\nCopyright 2009-2013, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n",
   "maintainer": "Opscode, Inc.",
   "maintainer_email": "cookbooks@opscode.com",
   "license": "Apache 2.0",

apt/metadata.rb

@@ -4,7 +4,7 @@ maintainer_email  "cookbooks@opscode.com"
 license           "Apache 2.0"
 description       "Configures apt and apt services and LWRPs for managing apt repositories and preferences"
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version           "2.2.1"
+version           "2.3.0"
 recipe            "apt", "Runs apt-get update during compile phase and sets up preseed directories"
 recipe            "apt::cacher-ng", "Set up an apt-cacher-ng caching proxy"
 recipe            "apt::cacher-client", "Client for the apt::cacher-ng caching proxy"

apt/recipes/cacher-client.rb

@@ -64,7 +64,8 @@ if servers.length > 0
     mode 00644
     variables(
       :proxy => cacher_ipaddress,
-      :port => servers[0]['apt']['cacher_port']
+      :port => servers[0]['apt']['cacher_port'],
+      :bypass => node['apt']['cache_bypass']
       )
     action( node['apt']['compiletime'] ? :nothing : :create )
     notifies :run, 'execute[apt-get update]', :immediately

apt/recipes/default.rb

@@ -18,20 +18,19 @@
 # limitations under the License.
 #
-class ::Chef::Recipe
-  include Apt::Helpers
-end
-
-# On systems where apt is not installed, this recipe does not execute
+# On systems where apt is not installed, the resources in this recipe are not
+# executed. However, they _must_ still be present in the resource collection
+# or other cookbooks which notify these resources will fail on non-apt-enabled
+# systems.
 unless apt_installed?
-  Chef::Log.debug "apt is not installed. Skipping cache update."
-  return
+  Chef::Log.debug "apt is not installed. Apt-specific resources will not be executed."
 end
 # Run apt-get update to create the stamp file
 execute "apt-get-update" do
   command "apt-get update"
   ignore_failure true
+  only_if { apt_installed? }
   not_if do ::File.exists?('/var/lib/apt/periodic/update-success-stamp') end
 end
@@ -39,30 +38,35 @@ end
 execute "apt-get update" do
   command "apt-get update"
   ignore_failure true
+  only_if { apt_installed? }
   action :nothing
 end
 # Automatically remove packages that are no longer needed for dependencies
 execute "apt-get autoremove" do
   command "apt-get -y autoremove"
+  only_if { apt_installed? }
   action :nothing
 end
 # Automatically remove .deb files for packages no longer on your system
 execute "apt-get autoclean" do
   command "apt-get -y autoclean"
+  only_if { apt_installed? }
   action :nothing
 end
 # provides /var/lib/apt/periodic/update-success-stamp on apt-get update
 package "update-notifier-common" do
   notifies :run, 'execute[apt-get-update]', :immediately
+  only_if { apt_installed? }
 end
 execute "apt-get-update-periodic" do
   command "apt-get update"
   ignore_failure true
   only_if do
+    apt_installed? &&
     ::File.exists?('/var/lib/apt/periodic/update-success-stamp') &&
     ::File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400
   end
@@ -74,5 +78,6 @@ end
     group "root"
     mode  00755
     action :create
+    only_if { apt_installed? }
   end
 end

apt/templates/default/01proxy.erb

 Acquire::http::Proxy "http://<%= @proxy %>:<%= @port %>";
 Acquire::https::Proxy "DIRECT";
+<% @bypass.each do |bypass, type| %>
+Acquire::<%= type %>::Proxy::<%= bypass %> "DIRECT";
+<% end %>

aws/CHANGELOG.md

@@ -3,6 +3,13 @@ aws Cookbook CHANGELOG
 This file is used to list changes made in each version of the aws cookbook.
+v1.0.0
+------
+### Improvement
+- [COOK-2829] -Expose AWS credentials for ebs_raid LWRP as parameters
+- Changing attribute defaults begs a major version bump
+
+
 v0.101.6
 --------
 ### Bug

aws/README.md

@@ -139,6 +139,8 @@ Manage Elastic Block Store (EBS) raid devices with this resource.
 Attribute Parameters:
+* `aws_secret_access_key`, `aws_access_key` - passed to
+  `Opscode::AWS:Ec2` to authenticate, required.
 * `mount_point` - where to mount the RAID volume
 * `mount_point_owner` - the owner of the mount point (default root)
 * `mount_point_group` - the group of the mount point (default root)

aws/attributes/default.rb

@@ -18,5 +18,5 @@
 #
 default['aws']['right_aws_version'] = "3.0.5"
-default['aws']['databag_name'] = "aws"
-default['aws']['databag_entry'] = "main"
+default['aws']['databag_name'] = nil
+default['aws']['databag_entry'] = nil

aws/metadata.rb

@@ -4,5 +4,5 @@ maintainer_email  "cookbooks@opscode.com"
 license           "Apache 2.0"
 description       "LWRPs for managing AWS resources"
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version           "0.101.6"
+version           "1.0.0"
 recipe            "aws", "Installs the right_aws gem during compile time"

aws/providers/ebs_raid.rb

@@ -295,13 +295,12 @@ end
 def attach_volume(disk_dev, volume_id)
   disk_dev_path = "/dev/#{disk_dev}"
-  aws = data_bag_item(node['aws']['databag_name'], node['aws']['databag_entry'])
-
   Chef::Log.info("Attaching existing ebs volume id #{volume_id} for device #{disk_dev_path}")
+  creds = aws_creds() # cannot be invoked inside the block
   aws_ebs_volume disk_dev_path do
-    aws_access_key          aws['aws_access_key_id']
-    aws_secret_access_key   aws['aws_secret_access_key']
+    aws_access_key          creds['aws_access_key_id']
+    aws_secret_access_key   creds['aws_secret_access_key']
     device                  disk_dev_path
     name                    disk_dev
     volume_id               volume_id
@@ -337,12 +336,11 @@ def create_raid_disks(mount_point, mount_point_owner, mount_point_group, mount_p
     disk_dev_path = "#{disk_dev}#{i}"
-    aws = data_bag_item(node['aws']['databag_name'], node['aws']['databag_entry'])
-
     Chef::Log.info "Snapshot array is #{snapshots[i-1]}"
+    creds = aws_creds() # cannot be invoked inside the block
     aws_ebs_volume disk_dev_path do
-      aws_access_key          aws['aws_access_key_id']
-      aws_secret_access_key   aws['aws_secret_access_key']
+      aws_access_key          creds['aws_access_key_id']
+      aws_secret_access_key   creds['aws_secret_access_key']
       size                    disk_size
       volume_type             disk_type
       piops                   disk_piops
@@ -433,3 +431,16 @@ def create_raid_disks(mount_point, mount_point_owner, mount_point_group, mount_p
   end
 end
+
+def aws_creds
+  h = {}
+  if new_resource.aws_access_key && new_resource.aws_secret_access_key
+    h['aws_access_key_id'] = new_resource.aws_access_key
+    h['aws_secret_access_key'] = new_resource.aws_secret_access_key
+  elsif node['aws']['databag_name'] && node['aws']['databag_entry']
+    Chef::Log.warning "DEPRECATED: node['aws']['databag_name'] and node['aws']['databag_entry'] are deprecated. Use LWRP parameters instead."
+    h = data_bag_item(node['aws']['databag_name'], node['aws']['databag_entry'])
+  end
+  h
+end
+

aws/resources/ebs_raid.rb

@@ -2,16 +2,18 @@ actions :auto_attach
 default_action :auto_attach
-attribute :mount_point,        :kind_of => String
-attribute :mount_point_owner,  :kind_of => String, :default => 'root'
-attribute :mount_point_group,  :kind_of => String, :default => 'root'
-attribute :mount_point_mode,   :kind_of => String, :default => 00755
-attribute :disk_count,         :kind_of => Integer
-attribute :disk_size,          :kind_of => Integer
-attribute :level,              :default => 10
-attribute :filesystem,         :default => "ext4"
-attribute :filesystem_options, :default => "rw,noatime,nobootwait"
-attribute :snapshots,          :default => []
-attribute :disk_type,          :kind_of => String, :default => 'standard'
-attribute :disk_piops,         :kind_of => Integer, :default => 0
+attribute :aws_access_key,        :kind_of => String
+attribute :aws_secret_access_key, :kind_of => String
+attribute :mount_point,           :kind_of => String
+attribute :mount_point_owner,     :kind_of => String, :default => 'root'
+attribute :mount_point_group,     :kind_of => String, :default => 'root'
+attribute :mount_point_mode,      :kind_of => String, :default => 00755
+attribute :disk_count,            :kind_of => Integer
+attribute :disk_size,             :kind_of => Integer
+attribute :level,                 :default => 10
+attribute :filesystem,            :default => "ext4"
+attribute :filesystem_options,    :default => "rw,noatime,nobootwait"
+attribute :snapshots,             :default => []
+attribute :disk_type,             :kind_of => String, :default => 'standard'
+attribute :disk_piops,            :kind_of => Integer, :default => 0

aws/resources/resource_tag.rb

@@ -5,7 +5,7 @@ end
 actions :add, :update, :remove, :force_remove
-attribute :aws_access_key, :kind_of => String, :required => true
-attribute :aws_secret_access_key, :kind_of => String, :required => true
+attribute :aws_access_key, :kind_of => String
+attribute :aws_secret_access_key, :kind_of => String
 attribute :resource_id,  :kind_of => [ String, Array ], :regex => /(i|snap|vol)-[a-zA-Z0-9]+/
 attribute :tags, :kind_of => Hash, :required => true

gitlab/Berksfile

@@ -2,4 +2,4 @@ site :opscode
 metadata
-cookbook 'magic_shell', git: 'git://github.com/customink-webops/magic_shell.git'
+cookbook 'magic_shell', git: 'git://github.com/customink-webops/magic_shell.git', ref: '447b4b67420d3a7a749d2dd3b13a7f9aceb54c36'

gitlab/Berksfile.lock

@@ -12,16 +12,16 @@
       "locked_version": "1.7.0"
     },
     "ulimit": {
-      "locked_version": "0.3.1"
+      "locked_version": "0.3.2"
     },
     "ruby_build": {
       "locked_version": "0.8.0"
     },
     "postgresql": {
-      "locked_version": "3.1.0"
+      "locked_version": "3.3.4"
     },
     "apt": {
-      "locked_version": "2.2.1"
+      "locked_version": "2.3.0"
     },
     "build-essential": {
       "locked_version": "1.4.2"
@@ -30,22 +30,22 @@
       "locked_version": "1.1.0"
     },
     "mysql": {
-      "locked_version": "3.0.12"
+      "locked_version": "2.1.2"
     },
     "database": {
       "locked_version": "1.5.2"
     },
     "aws": {
-      "locked_version": "0.101.6"
+      "locked_version": "1.0.0"
     },
     "xfs": {
       "locked_version": "1.1.0"
     },
     "postfix": {
-      "locked_version": "3.0.2"
+      "locked_version": "3.0.4"
     },
     "yum": {
-      "locked_version": "2.3.4"
+      "locked_version": "2.4.2"
     },
     "phantomjs": {
       "locked_version": "1.0.3"

gitlab/LICENSE

+Copyright (c) 2011 Dmitriy Zaporozhets
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.