chef-cookbooks
diff --git a/‎.kitchen.yml
+6 b/‎.kitchen.yml
+6
diff --git a/‎CHEFSTACK.md
+142 b/‎CHEFSTACK.md
+142
diff --git a/‎libraries/helpers.rb
+24 b/‎libraries/helpers.rb
+24
diff --git a/‎resources/automate.rb
+119 b/‎resources/automate.rb
+119
diff --git a/‎resources/backend.rb
+93 b/‎resources/backend.rb
+93
@@ -78,3 +78,9 @@ suites:
       <% end %>
       - recipe[test]
       - recipe[test::inspec]
+
+  - name: chef_server
+    includes: [ 'ubuntu-16.04' ]
+    run_list:
+      - recipe[test]
+      - recipe[test::chef_server]
@@ -0,0 +1,142 @@
+# chef_stack
+
+Chef stack is a library cookbook that provides custom resources to build and manage your Chef infrastructure.
+
+An accompanying project, [Chef-Services](https//github.com/stephenlauck/chef-services) exists as an example implementation of Chef Stack.
+
+## Custom Resources
+
+Below are the custom resources provided by this cookbook.
+
+### General Properties
+
+These properties exist for all resources
+
+| Name  | Type | Default Value  |  Description  |
+|---|---|---|---|
+| name  | String  | N/A | A name for the resource |
+| channel  | Symbol  | stable  | The channel from our package repository to install. Most of the time you want stable.  |
+| version  | [String,  Symbol]  | latest  | The version of Automate you want to install  |
+| config  | String  |  N/A | The configuration that will be written to the appropriate configuration file for the product.  |
+| accept_license  | [TrueClass, FalseClass]  | false | Do you accept Chef's license agreements.  |
+| platform  | String  | Auto-detected | Use only if you need to over-ride the default platform.  |
+| platform_version  | String  | Auto-detected | Use only if you need to over-ride the default platform.  |
+
+
+### chef_automate
+
+Installs Chef Automate.
+
+#### Properties
+| Name  | Type | Default Value  |  Description  |
+|---|---|---|---|
+| enterprise  | [String,  Array]  | chef | The Enterprise to create in Automate|
+| license  | String  | N/A  | Your license file |  we recommend using the chef_file resource |
+| chef_user  | String  | workflow  | The user you will connect to the Chef server as  |
+| chef_user_pem  | String  |  N/A | The private key of the above Chef user   |
+| validation_pem  | String  |  N/A | The validator key of the Chef org we're connecting to   |
+| builder_pem  | String  |  N/A | The private key of the build nodes |
+
+### chef_backend
+
+#### Properties
+
+| Name  | Type | Default Value  |  Description  |
+|---|---|---|---|
+| bootstrap_node  | String  | N/A | The node we'll bootstrap secrets with. |
+| publish_address  | String  | node['ipaddress']  | The address you want Chef-Backend to listen on. |
+| chef_backend_secrets  | String  | nil  | A location where your secrets are |  we recommend using the chef_file resource. |
+
+### chef_org
+
+#### Properties
+
+
+| Name  | Type | Default Value  |  Description  |
+|---|---|---|---|
+| org  | String  | N/A | The short name of the org. |
+| org_full_name  | String  | node['ipaddress']  | The full name of the org you want to create. |
+| admins  | Array  | N/A  | An array of admins for the org. |
+| users  | Array  | []  | An array of users for the org. |
+| remove_users  | Array  | [] | An array of users to remove from  the org. |
+| key_path  | String  | N/A | Where to store the validator key that is created with the org. |
+
+### chef_user
+
+| Name  | Type | Default Value  |  Description  |
+|---|---|---|---|
+| username  | String  | N/A | The username of the user. |
+| first_name  | String  | N/A  | The first name of the user. |
+| last_name  | Array  | N/A  | The last name of the user. |
+| email  | Array  | []  | N/A  | The users e-mail. |
+| password  | Array  | [] | The users password. |
+| key_path  | String  | N/A | Where to store the users private key that is created with the user. |
+| serveradmin  | [TrueClass,  FalseClass]  | F | Is the user a serveradmin? |
+
+### chef_client
+| Name  | Type | Default Value  | Description  |
+|---|---|---|---|
+| node_name |  String | true | The name of the node. |
+| version | [String, Symbol] | latest | The version of chef-client to install. |
+| chefdk |  [TrueClass, FalseClass] | false | Do you want to install chefdk? |
+| chef_server_url |  [String, Symbol] | local | What is hte Chef server URL to connect to. |
+| ssl_verify | [TrueClass, FalseClass] | true | Validate ssl certificates? |
+| log_location | String | 'STDOUT' | Where to log. |
+| log_level |  Symbol | auto | Log level. |
+| config |  String | | Any configuration for client.rb. |
+| run_list |  Array | | The clients runlist. |
+| environment |  String | | Which Chef Environment the client belongs to. |
+| validation_pem |  String | | The validation pem to validate with. |
+| validation_client_name |  String | | The validation client name. |
+| tags |  [String, Array] |   '' | Any tags for the node. |
+| interval |  Integer |   1800 | The interval to run chef-client on. |
+| splay | Integer |   1800 | The randomization to add to the interval. |
+| data_collector_token | String |  '93a49a4f2482c64126f7b6015e6b0f30284287ee4054ff8807fb63d9cbd1c506' | The data collector token to talk to Visibility. |
+| data_collector_url |  String | | The Visibility URL to send data. |
+
+### chef_file
+
+
+| Name  | Type | Default Value  | Description  |
+|---|---|---|---|
+|  filename | String | | The name of the resource. |
+|  source |  String | | The source of the file. |
+|  user |  String |  default 'root' | The owner of the file. |
+|  group |  String |  default 'root' | The group owner of the file. |
+|  mode |  String |  default '0600' | The mode for the file. |
+
+### chef_server
+
+| Name  | Type | Default Value  | Description  |
+|---|---|---|---|
+|  addons |  Hash | | A set of addons to install with the Chef Server. |
+|  data_collector_token | String |  default '93a49a4f2482c64126f7b6015e6b0f30284287ee4054ff8807fb63d9cbd1c506' | The data collector token to authenticate with Chef Visiblity. |
+|  data_collector_url |  String | | The URL to connect to Visibility. |
+
+### chef_supermarket
+
+| Name  | Type | Default Value  | Description  |
+|---|---|---|---|
+| chef_server_url |  String |  Chef::Config['chef_server_url'] | The Chef server's URL. |
+| chef_oauth2_app_id |  String |  | The oauth2 app id from the Chef server. |
+| chef_oauth2_secret |  String |  | The oauth2 secret from the Chef server. |
+| chef_oauth2_verify_ssl |  [TrueClass, FalseClass] |  true | Whether to validate SSL certificates. |
+
+### workflow_builder
+
+| Name  | Type | Default Value  | Description  |
+|---|---|---|---|
+| pj_version | [String, Symbol] | :latest | The version of Push-Jobs to install. |
+| chef_user |  String | 'workflow' | The Chef user to authenticate with the Chef Server. |
+| chef_user_pem |  String |  | The private key of the Chef user to authenticate with the Chef Server. |  
+| builder_pem |  String |  | The builder users private key to communicate with Chef Automate. |  
+| chef_fqdn | String |   URI.parse(Chef::Config['chef_server_url']).host | The FQDN of the Chef server. |
+| automate_fqdn | String | | | The FQDN of the automate server. |
+| supermarket_fqdn | String | | The FQDN of the Supermarket server. |
+| job_dispatch_version | String | 'v2' | Which job dispatch version to use. V1 is push-jobs, V2 is SSH runners. |
+| automate_user |  String | 'admin' | What is the Automate user we're connecting to Automate as. |
+| automate_password |  String | | The password for the user above. |
+| automate_enterprise |  String | 'chef' | The Enterprise to connect to. |
+| chef_config_path |  String | '/etc/chef/client.rb' | The config path for chef-client. |
+
+## Contributers
@@ -300,3 +300,27 @@ def installer
     end
   end
 end
+
+#
+# Chef Stack Helpers
+#
+def prefix
+  (platform_family?('windows') ? 'C:/Chef/' : '/etc/chef/')
+end
+
+def ensurekv(config, hash)
+  hash.each do |k, v|
+    if v.is_a?(Symbol)
+      v = v.to_s
+      str = v
+    else
+      str = "'#{v}'"
+    end
+    if config =~ /^ *#{v}.*$/
+      config.sub(/^ *#{v}.*$/, "#{k} #{str}")
+    else
+      config << "\n#{k} #{str}"
+    end
+  end
+  config
+end
@@ -0,0 +1,119 @@
+#
+# Author:: Nathan Cerny <[email protected]>
+#
+# Cookbook Name:: chef_stack
+# Resource:: automate
+#
+# Copyright 2017 Chef Software Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource_name 'chef_automate'
+default_action :create
+
+property :name, String, name_property: true
+property :channel, Symbol, default: :stable
+property :version, [String, Symbol], default: :latest
+property :config, String, required: true
+property :accept_license, [TrueClass, FalseClass], default: false
+property :enterprise, [String, Array], default: 'chef'
+property :license, String
+property :chef_user, String, default: 'workflow'
+property :chef_user_pem, String, required: true
+property :validation_pem, String, required: true
+property :builder_pem, String, required: true
+property :platform, String
+property :platform_version, String
+
+load_current_value do
+  # node.run_state['chef-users'] ||= Mixlib::ShellOut.new('chef-server-ctl user-list').run_command.stdout
+  # node.run_state['chef-orgs'] ||= Mixlib::ShellOut.new('chef-server-ctl org-list').run_command.stdout
+  # current_value_does_not_exist! unless node.run_state['chef-orgs'].index(/^#{org}$/)
+end
+
+action :create do
+  # https://github.com/chef/delivery/issues/469
+  new_resource.config << "\ndelivery['chef_server_proxy'] = false" unless new_resource.config.include?('chef_server_proxy')
+
+  # Always make sure user and key provided to resource is at the bottom of the config, overriding duplicates.
+  new_resource.config << "\ndelivery['chef_username'] = '#{new_resource.chef_user}'"
+  new_resource.config << "\ndelivery['chef_private_key'] = '/etc/delivery/#{new_resource.chef_user}.pem'"
+
+  # Hardcode v1 runner search to automate-build-node
+  new_resource.config << "\ndelivery['default_search'] = 'tags:delivery-build-node'"
+
+  chef_ingredient 'automate' do
+    action :upgrade
+    channel new_resource.channel
+    version new_resource.version
+    config new_resource.config
+    accept_license new_resource.accept_license
+    platform new_resource.platform if new_resource.platform
+    platform_version new_resource.platform_version if new_resource.platform_version
+  end
+
+  directory '/etc/delivery'
+  directory '/etc/chef'
+
+  directory '/var/opt/delivery/license/' do
+    recursive true
+  end
+
+  {
+    '/var/opt/delivery/license/delivery.license' => new_resource.license,
+    "/etc/delivery/#{new_resource.chef_user}.pem" => new_resource.chef_user_pem,
+    '/etc/chef/validation.pem' => new_resource.validation_pem,
+    '/etc/delivery/builder_key' => new_resource.builder_pem,
+  }.each do |file, src|
+    chef_file file do
+      source src
+      user 'root'
+      group 'root'
+      mode '0600'
+    end
+  end
+
+  file '/etc/delivery/builder_key.pub' do
+    content lazy { "ssh-rsa #{[OpenSSL::PKey::RSA.new(::File.read('/etc/delivery/builder_key')).to_blob].pack('m0')}" }
+    user 'root'
+    group 'root'
+    mode '0644'
+  end
+
+  directory '/var/opt/delivery/nginx/etc/addon.d/' do
+    recursive true
+  end
+
+  file '/var/opt/delivery/nginx/etc/addon.d/99-installer_internal.conf' do
+    content <<-EOF
+      location /installer {
+        alias /opt/delivery/embedded/service/omnibus-ctl/installer;
+      }
+      EOF
+  end
+
+  ingredient_config 'automate' do
+    notifies :reconfigure, 'chef_ingredient[automate]', :immediately
+  end
+
+  if new_resource.enterprise.is_a?(String)
+    new_resource.enterprise = [new_resource.enterprise]
+    new_resource.enterprise.each do |ent|
+      execute "create enterprise #{ent}" do
+        command "delivery-ctl create-enterprise #{ent} --ssh-pub-key-file=/etc/delivery/builder_key.pub > /etc/delivery/#{ent}.creds"
+        not_if "delivery-ctl list-enterprises --ssh-pub-key-file=/etc/delivery/builder_key.pub | grep -w #{ent}"
+        only_if 'delivery-ctl status'
+      end
+    end
+  end
+end
@@ -0,0 +1,93 @@
+#
+# Author:: Nathan Cerny <[email protected]>
+#
+# Cookbook Name:: chef_stack
+# Resource:: backend
+#
+# Copyright 2017 Chef Software Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource_name 'chef_backend'
+default_action :create
+
+property :name, String, name_property: true
+property :channel, Symbol, default: :stable
+property :version, [String, Symbol], default: :latest
+property :config, String, default: ''
+property :accept_license, [TrueClass, FalseClass], default: false
+property :peers, [String, Array], required: true
+property :publish_address, String, default: node['ipaddress']
+property :chef_backend_secrets, String, default: ''
+property :platform, String
+property :platform_version, String
+
+alias :bootstrap_node :peers
+
+load_current_value do
+  # node.run_state['chef-users'] ||= Mixlib::ShellOut.new('chef-server-ctl user-list').run_command.stdout
+  # current_value_does_not_exist! unless node.run_state['chef-users'].index(/^#{username}$/)
+end
+
+action :create do
+  raise 'Must accept the Chef License agreement before continuing.' unless new_resource.accept_license
+
+  new_resource.config = ensurekv(new_resource.config, publish_address: new_resource.publish_address)
+  chef_ingredient 'chef-backend' do
+    action :upgrade
+    channel new_resource.channel
+    version new_resource.version
+    config new_resource.config # TODO: Figure out why this isn't working in chef-ingredient
+    accept_license new_resource.accept_license
+    platform new_resource.platform if new_resource.platform
+    platform_version new_resource.platform_version if new_resource.platform_version
+  end
+
+  file '/etc/chef-backend/chef-backend.rb' do
+    content new_resource.config
+  end
+
+  chef_file '/etc/chef-backend/chef-backend-secrets.json' do
+    source new_resource.chef_backend_secrets
+    user 'root'
+    group 'root'
+    mode '0600'
+    not_if { new_resource.chef_backend_secrets.empty? }
+  end
+
+  http_retry_count = Chef::Config['http_retry_count']
+  Chef::Config['http_retry_count'] = 0
+  existing_peer = false
+  peers = (new_resource.peers.is_a?(Array) ? new_resource.peers : [new_resource.peers])
+
+  peers.each do |peer|
+    begin
+      Chef::HTTP.new("http://#{peer}:2379").get('/version')
+      existing_peer = peer
+      break
+    rescue
+      next
+    end
+  end
+  Chef::Config['http_retry_count'] = http_retry_count
+
+  execute 'chef-backend-ctl create-cluster --accept-license --yes' do
+    not_if 'chef-backend-ctl cluster-status &> /dev/null'
+    not_if { existing_peer }
+  end
+
+  execute "chef-backend-ctl join-cluster #{existing_peer} --accept-license --yes" do
+    not_if 'chef-backend-ctl cluster-status &> /dev/null'
+    only_if { existing_peer }
+  end
+end