diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..6c75cce Binary files /dev/null and b/.DS_Store differ diff --git a/Awesome_Appliance_Repair/AwesomeApplicanceRepair.pptx b/Awesome_Appliance_Repair/AwesomeApplicanceRepair.pptx deleted file mode 100644 index 44a6a9c..0000000 Binary files a/Awesome_Appliance_Repair/AwesomeApplicanceRepair.pptx and /dev/null differ diff --git a/Awesome_Appliance_Repair/README.md b/Awesome_Appliance_Repair/README.md index 540e838..8218f4a 100644 --- a/Awesome_Appliance_Repair/README.md +++ b/Awesome_Appliance_Repair/README.md @@ -2,81 +2,64 @@ [Awesome Appliance Repair](https://github.com/learnchef/Awesome-Appliance-Repair) is a sample web application written in Python. The application includes [instructions for installing and initializing the application](https://github.com/learnchef/Awesome-Appliance-Repair/blob/master/AARinstall.py) on Ubuntu using MySQL as the database and Apache as the web server. -You goal with this project is to transform [AARinstall.py](https://github.com/learnchef/Awesome-Appliance-Repair/blob/master/AARinstall.py) into one or more Chef recipes that will install and initialize the application. - ## Objectives +Your goal with this project is to transform [AARinstall.py](https://github.com/learnchef/Awesome-Appliance-Repair/blob/master/AARinstall.py) into one or more Chef recipes that will install and initialize the application. + After successfully completing this workshop, you will be able to: -* Build something in Chef with very little guidance -* Write custom Chef recipes. -* Use the [Chef Documentation](http://docs.opscode.com) to identify and use resources that will help you model the desired state of your infrastructure. -* Include [guards](http://docs.getchef.com/chef/resources.html#guards) in Chef resources. +* Install and configure the Awesome Appliance Repair site using Chef. +* Use the [Chef Documentation](http://docs.chef.io) to identify and use resources that will help you model the desired state of your infrastructure. + ## Pre-requisites Before beginning you will need: -* A virtual machine or server running Ubuntu 12.04 or later * Some experience using Chef such as: - * completing the exercises on [Learn Chef](http://learn.getchef.com) - * completing a Chef Fundamentals workshop + * completing the exercises on [Learn Chef](http://learn.chef.io/tutorials) + * completing a Chef Essentials workshop * real-world experience working with Chef -* Chef DK or chef-client installed -* A text editor -* A version control system +* Chef DK or chef-client installed on your local workstation to develop and test your Chef code. +* A text editor (i.e. Atom, SublimeTest, VisualStudio Code) +* A version control system (i.e. Github) +* A virtual machine running Ubuntu 12.04 or later + +## Instructions + +* Use the ChefDK and text editor to develop and test your Chef code on your local workstation. +* Use the instructions provided in the file `aar.rb` and `AwesomeApplianceRepair.pdf` to construct your Chef cookbook that mirrors the installation instructions. Use the Chef Resources reference to find the most appropriate Chef Resources to use for each task. [Chef resources reference][https://docs.chef.io/resources.html] + +* There are a couple of ways that you can write, test and run your cookbook. + * Using the steps outlined [here](https://learn.chef.io/tutorials/local-development/ubuntu/), write and test your cookbook locally using Vagrant + Virtualbox + * Use your Ubuntu 12.04 (or later) virtual machine. Write your cookbook in vim, nano or emacs, and run `chef-client` in `--local-mode`. ## Completion Criteria -You'll know this project is complete when: + Store your work in a Github repository. -* You can interact with the Awesome Appliance Repair application in a browser. -* You can run chef-client multiple times without failures. -* Your source code repository shows the history of your work. + You should be able to explain the following: + + * Steps taken to achieve the end result. + * Build and test process of Chef code. + * Tools used in the process. + + You'll know this project is complete when: + + * Your Chef cookbook successfully compiles and executes on a target node. + * You can interact with the Awesome Appliance Repair site in a browser. + * You can run chef-client multiple times without failures. + * Your source code repository shows the history of your work. ## Next steps -You can take expand on this project a number of ways including: - -* Testing - * Use [Test Kitchen](http://kitchen.ci) to validate your chef-client runs. - * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io). - * Add [ChefSpec](http://sethvargo.github.io/chefspec/) tests. - * Add [Serverspec](http://serverspec.org/) tests. - * Add a continuous integration server, such as Jenkins -* Multi-tier implementation - * move the database to a separate node - * add a load balancer and additional web server -* Community Cookbooks - What cookbooks in the [Supermarket](http://supermarket.getchef.com) might help? -* Multi-OS support - what changes are required to deploy the application to CentOS? -* Cloud deployment - * Can you deploy this applicaiton to another infrastructure as a service environment? (AWS, Azure, Rackspace, Digital Ocean, etc.) -* Operationalize - * Add monitoring (nagios, sensu, etc.) - * Add central logging (splunk, logstash, etc.) - * Schedule database backups - * Add an additional database for replication (master / slave) -* Applicaiton Deployments - * How do you deploy updates to the Awesome Appliance Repair application? - -## Examples of this project - -Here are some examples of this project being implemented by other workshop participants. (See the "Contributing" section of the README for details on how to add your example.) - -* Cut-n-paste the AARinstall.py into a recipe, comment everything, add Chef resources. [Nathen Harvey](https://github.com/nathenharvey/awesome_appliance_repair_chef/tree/round_00) -* Another working but not repeatable implementation. [John Fitzpatrick](https://github.com/johnfitzpatrick/aar) -* Chef to manage pre-requisites and then run the AARinstall.py. [Elon Bar-Evan](https://github.com/elon01/aar) -* A start with intentions on refactoring. [Chris Webber](https://github.com/cwebberOps/aar-cookbook) -* Starts from a [working](https://github.com/burtlo/chef-aar), but not repeatable implementation, all the way through to a solution with LWRP. Each further extension is defined on a separate branch and are represented as open [pull requests](https://github.com/burtlo/chef-aar/pulls). [Franklin Webber](https://github.com/burtlo/chef-aar) -* Work in progress from the hack day following the Chef Community Summit in London 2014 - [Nathen Harvey](https://github.com/nathenharvey/london-aar-chef) -* [Jose Luis Salas' work](https://github.com/josacar/chef-hack-day-london) following the Chef Community Summit in London 2014. - -## To Do - -* Add AARinstall.py scripts for additional operating systems - * CentOS - * Windows -* Reimplement Awesome Appliance Repair in different languages - * .NET - * Java - * Ruby on Rails + You can expand on this project a number of ways including: + + * Testing + * Add [Inspec](http://inspec.io/) tests + * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io) + * Add [ChefSpec](http://sethvargo.github.io/chefspec/) unit tests + + * Utilize community cookbooks inside of your cookbook [Community Cookbooks](http://supermarket.chef.io) + + The community has created cookbooks that accomplish similar goals. Select a group of resources, recipe, or cookbook and replace it with the equivalent community cookbook. diff --git a/InSpec/InSpec_Workshop.pdf b/InSpec/InSpec_Workshop.pdf deleted file mode 100644 index a7aa116..0000000 Binary files a/InSpec/InSpec_Workshop.pdf and /dev/null differ diff --git a/InSpec/InSpec_Workshop.pptx b/InSpec/InSpec_Workshop.pptx deleted file mode 100644 index 664846b..0000000 Binary files a/InSpec/InSpec_Workshop.pptx and /dev/null differ diff --git a/InSpec/README.md b/InSpec/README.md deleted file mode 100644 index ea67365..0000000 --- a/InSpec/README.md +++ /dev/null @@ -1,218 +0,0 @@ -# InSpec - -[InSpec](http://github.com/chef/inspec) is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. - -Your goal with this project is to write InSpec controls for a number of the CIS CentOS Linux 6 Benchmark profiles. - -## Objectives - -After successfully completing this workshop, you will be able to: - -* Write InSpec controls for various CIS profiles -* Execute InSpec controls from the command line - -## Process - -* You will need a workstation configured with the latest version of the Chef Development Kit (ChefDK) installed. - -* Please track and share your work in a git repository - -* Download the [CIS CentOS Linux 6 Benchmark](http://bit.ly/1Tanvio) - -* Write and execute InSpec for: - * 1.2.1 Verify CentOS GPG Key is Installed - * 1.2.2 Verify that gpgcheck is Globally Activated - * 1.5.1 Set User/Group Owner on /etc/grub.conf - * 1.5.2 Set Permissions on /etc/grub.conf - * 1.5.3 Set Boot Loader Password - * 1.6.1 Restrict Core Dumps - * 1.6.3 Enable Randomized Virtual Memory Region Placement - * 2.1.1 Remove telnet-server - * 2.1.2 Remove telnet Clients - * 2.1.3 Remove rsh-server - * 2.1.4 Remove rsh - * 2.1.5 Remove NIS Client - * 2.1.6 Remove NIS Server - * 2.1.7 Remove tftp - * 2.1.8 Remove tftp-server - * 2.1.9 Remove talk - * 2.1.10 Remove talk-server - * 2.1.11 Remove xinetd - * 2.1.12 Disable chargen-dgram - * 2.1.13 Disable chargen-stream - * 2.1.14 Disable daytime-dgram - * 2.1.15 Disable daytime-stream - * 2.1.16 Disable echo-dgram - * 2.1.17 Disable echo-stream - * 2.1.18 Disable tcpmux-server - * 3.1 Set Daemon umask - * 3.2 Remove X Windows - * 3.3 Disable Avahi Server - * 3.4 Disable Print Server - CUPS - * 3.5 Remove DHCP Server - * 3.6 Configure Network Time Protocol (NTP) - * 3.7 Remove LDAP - * 3.8 Disable NFS and RPC - * 3.10 Remove FTP Server - * 3.13 Remove Samba - * 4.1.1 Disable IP Forwarding - * 4.1.2 Disable Send Packet Redirects - * 4.2.1 Disable Source Routed Packet Acceptance - * 4.2.2 Disable ICMP Redirect Acceptance - * 4.2.3 Disable Secure ICMP Redirect Acceptance - * 4.2.4 Log Suspicious Packets - * 4.2.5 Enable Ignore Broadcast Requests - * 4.5.1 Install TCP Wrappers - * 4.5.2 Create /etc/hosts.allow - * 4.5.3 Verify Permissions on /etc/hosts.allow - * 4.5.4 Create /etc/hosts.deny - * 4.5.5 Verify Permissions on /etc/hosts.deny - * 4.7 Enable IPtables - * 5.1.1 Install the rsyslog package - * 5.1.2 Activate the rsyslog Service - * 5.1.3 Configure /etc/rsyslog.conf - * 5.1.4 Create and Set Permissions on rsyslog Log Files - * 5.2.1.1 Configure Audit Log Storage Size - * 5.2.1.2 Disable System on Audit Log Full - * 5.2.1.3 Keep All Auditing Information - * 5.2.2 Enable auditd Service - * 5.2.3 Enable Auditing for Processes That Start Prior to auditd - * 5.2.4 Record Events That Modify Date and Time Information - * 5.2.5 Record Events That Modify User/Group Information - * 6.1.2 Enable crond Daemon - * 6.1.4 Set User/Group Owner and Permission on /etc/crontab - * 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly - * 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily - * 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly - * 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly - * 6.1.9 Set User/Group Owner and Permission on /etc/cron.d - * 6.2.1 Set SSH Protocol to 2 - * 6.2.2 Set LogLevel to INFO - * 6.2.3 Set Permissions on /etc/ssh/sshd_config - * 6.2.4 Disable SSH X11 Forwarding - * 6.2.5 Set SSH MaxAuthTries to 4 or Less - * 6.2.6 Set SSH IgnoreRhosts to Yes - * 6.2.7 Set SSH HostbasedAuthentication to No - * 6.2.8 Disable SSH Root Login - * 6.2.9 Set SSH PermitEmptyPasswords to No - * 6.2.10 Do Not Allow Users to Set Environment Options - * 6.2.11 Use Only Approved Cipher in Counter Mode - * 6.2.12 Set Idle Timeout Interval for User Login - * 6.2.14 Set SSH Banner - * 6.3.1 Upgrade Password Hashing Algorithm to SHA-512 - * 6.3.2 Set Password Creation Requirement Parameters Using pam_cracklib - * 6.3.3 Set Lockout for Failed Password Attempts - * 6.3.4 Limit Password Reuse - * 7.1.1 Set Password Expiration Days - * 7.1.2 Set Password Change Minimum Number of Days - * 7.1.3 Set Password Expiring Warning Days - * 7.3 Set Default Group for root Account - * 7.4 Set Default umask for Users - * 8.1 Set Warning Banner for Standard Login Services - * 8.2 Remove OS Information from Login Warning Banners - * 9.1.2 Verify Permissions on /etc/passwd - * 9.1.3 Verify Permissions on /etc/shadow - * 9.1.4 Verify Permissions on /etc/gshadow - * 9.1.5 Verify Permissions on /etc/group - * 9.1.6 Verify User/Group Ownership on /etc/passwd - * 9.1.7 Verify User/Group Ownership on /etc/shadow - * 9.1.8 Verify User/Group Ownership on /etc/gshadow - * 9.1.9 Verify User/Group Ownership on /etc/group - * 9.2.5 Verify No UID 0 Accounts Exist Other Than root - * 9.2.14 Check for Duplicate UIDs - ---- - -* Download the [CIS Ubuntu 14.04 LTS Server Benchmark](http://bit.ly/cis-ubuntu1404) - -* Write InSpec for: - * 3.1 Set User/Group Owner on bootloader config - * 3.2 Set Permissions on bootloader config - * 4.1 Restrict Core Dumps - * 4.3 Enable Randomized Virtual Memory Region Placement - * 4.4 Disable Prelink - * 4.5 Activate AppArmor - * 5.1.1 Ensure NIS is not installed - * 5.1.2 Ensure rsh server is not enabled - * 5.1.3 Ensure rsh client is not installed - * 5.1.4 Ensure talk server is not enabled - * 5.1.5 Ensure talk client is not installed - * 5.1.6 Ensure telnet server is not enabled - * 5.1.7 Ensure tftp-server is not enabled - * 5.1.8 Ensure xinetd is not enabled - * 5.2 Ensure chargen is not enabled - * 5.3 Ensure daytime is not enabled - * 5.4 Ensure echo is not enabled - * 5.5 Ensure discard is not enabled - * 5.6 Ensure time is not enabled - * 6.1 Ensure the X Window system is not installed - * 6.2 Ensure Avahi Server is not enabled - * 6.3 Ensure print server is not enabled - * 6.4 Ensure DHCP Server is not enabled - * 6.5 Configure Network Time Protocol (NTP) - * 6.6 Ensure LDAP is not enabled - * 6.7 Ensure NFS and RPC are not enabled - * 6.8 Ensure DNS Server is not enabled - * 6.9 Ensure FTP Server is not enabled - * 6.11 Ensure IMAP and POP server is not enabled - * 6.12 Ensure Samba is not enabled - * 7.1.1 Disable IP Forwarding - * 7.1.2 Disable Send Packet Redirects - * 7.2.1 Disable Source Routed Packet Acceptance - * 7.2.2 Disable ICMP Redirect Acceptance - * 7.2.3 Disable Secure ICMP Redirect Acceptance - * 7.2.4 Log Suspicious Packets - * 7.2.5 Enable Ignore Broadcast Requests - * 7.4.1 Install TCP Wrappers - * 7.4.2 Create /etc/hosts.allow - * 7.4.3 Verify Permissions on /etc/hosts.allow - * 7.4.4 Create /etc/hosts.deny - * 7.4.5 Verify Permissions on /etc/hosts.deny - * 7.5.1 Disable DCCP - * 8.1.1.3 Keep All Auditing Information - * 8.1.2 Install and Enable auditd Service - * 8.1.3 Enable Auditing for Processes That Start Prior to auditd - * 8.1.4 Record Events That Modify Date and Time Information - * 8.2.1 Install the rsyslog package - * 8.2.2 Ensure the rsyslog Service is activated - * 8.2.4 Create and Set Permissions on rsyslog Log Files - * 9.1.1 Enable cron Daemon - * 9.1.2 Set User/Group Owner and Permission on /etc/crontab - * 9.1.3 Set User/Group Owner and Permission on /etc/cron.hourly - * 9.1.7 Set User/Group Owner and Permission on /etc/cron.d - * 9.2.1 Set Password Creation Requirement Parameters Using pam_cracklib - * 9.2.2 Set Lockout for Failed Password Attempts - * 9.2.3 Limit Password Reuse - * 9.3.1 Set SSH Protocol to 2 - * 9.3.2 Set LogLevel to INFO - * 9.3.3 Set Permissions on /etc/ssh/sshd_config - * 9.3.4 Disable SSH X11 Forwarding - * 9.3.5 Set SSH MaxAuthTries to 4 or Less - * 9.3.6 Set SSH IgnoreRhosts to Yes - * 9.3.7 Set SSH HostbasedAuthentication to No - * 9.3.8 Disable SSH Root Login - * 9.3.9 Set SSH PermitEmptyPasswords to No - * 9.3.10 Do Not Allow Users to Set Environment Options - * 9.3.11 Use Only Approved Cipher in Counter Mode - * 9.3.12 Set Idle Timeout Interval for User Login - * 9.3.13 Limit Access via SSH - * 9.3.14 Set SSH Banner - * 9.4 Restrict root Login to System Console - * 10.1.1 Set Password Expiration Days - * 10.1.2 Set Password Change Minimum Number of Days - * 10.1.3 Set Password Expiring Warning Days - * 10.3 Set Default Group for root Account - * 10.4 Set Default umask for Users - * 11.1 Set Warning Banner for Standard Login Services - * 11.2 Remove OS Information from Login Warning Banners - * 12.1 Verify Permissions on /etc/passwd - * 12.2 Verify Permissions on /etc/shadow - * 12.3 Verify Permissions on /etc/group - * 12.4 Verify User/Group Ownership on /etc/passwd - * 12.5 Verify User/Group Ownership on /etc/shadow - * 12.6 Verify User/Group Ownership on /etc/group - * 13.5 Verify No UID 0 Accounts Exist Other Than root - * 13.14 Check for Duplicate UIDs - * 13.15 Check for Duplicate GIDs - * 13.16 Check for Duplicate User Names - * 13.17 Check for Duplicate Group Names diff --git a/Install_MongoDB/README.md b/Install_MongoDB/README.md index 1ee7b47..4971b3e 100644 --- a/Install_MongoDB/README.md +++ b/Install_MongoDB/README.md @@ -1,65 +1,67 @@ # Install MongoDB -MongoDB is an open-source, document-oriented database designed for ease of development and scaling. The MongoDB documentation site includes a [tutorial on how to install MongoDB on Red Hat Enterprise Linux, CentOS Linux, Fedora Linux, or a related system](http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat-centos-or-fedora-linux/). - -You goal with this project is to transform that tutorial into one or more Chef recipes that will install MongoDB. +MongoDB is an open-source, document-oriented database designed for ease of development and scaling. The MongoDB documentation site includes a [tutorial on how to install MongoDB on Red Hat Enterprise Linux, CentOS Linux, Fedora Linux, or a related system](http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat-centos-or-fedora-linux/). ## Objectives +The goal is to transform the installation instructions into one or more Chef recipes that will install and initialize the MongoDB application. + After successfully completing this workshop, you will be able to: -* Build something in Chef with very little guidance -* Write custom Chef recipes. -* Use the [Chef Documentation](http://docs.opscode.com) to identify and use resources that will help you model the desired state of your infrastructure. +* Install and configure a basic Tomcat webpage using Chef. +* Use the [Chef Documentation](http://docs.chef.io) to identify and use resources that will help you model the desired state of your infrastructure. ## Pre-requisites Before beginning you will need: -* A virtual machine or server running Red Hat Enterprise Linux, CentOS Linux, Fedora Linux, or a related system. * Some experience using Chef such as: - * completing the exercises on [Learn Chef](http://learn.getchef.com) - * completing a Chef Fundamentals workshop + * completing the exercises on [Learn Chef](http://learn.chef.io/tutorials) + * completing a Chef Essentials workshop * real-world experience working with Chef -* Chef DK or chef-client installed -* A text editor -* A version control system +* Chef DK or chef-client installed on your local workstation to develop and test your Chef code. +* A text editor (i.e. Atom, SublimeTest, VisualStudio Code) +* A version control system (i.e. Github) +* A virtual machine running Red Hat Enterprise Linux, CentOS Linux, Fedora Linux, or a related system. + +## Instructions + +* Use the ChefDK and text editor to develop and test your Chef code on your local workstation. +* Use the instructions provided in the file `install.rb` to construct your Chef cookbook that mirrors the installation instructions. Use the Chef Resources reference to find the most appropriate Chef Resources to use for each task. [Chef resources reference][https://docs.chef.io/resources.html] + +* There are a couple of ways that you can write, test and run your cookbook. + * Using the steps outlined [here](https://learn.chef.io/tutorials/local-development/), write and test your cookbook locally using Test Kitchen via Vagrant + Virtual Box, or the cloud platform of your choice. + * Use your Red Hat Enterprise Linux, CentOS Linux, Fedora Linux virtual machine. Write your cookbook in vim, nano or emacs, and run `chef-client` in `--local-mode`. ## Completion Criteria -You'll know this project is complete when: + Store your work in a Github repository. -* You can login to MongoDB by typing `mongo` on the target system. -* You can run chef-client multiple times without failures. -* Your source code repository shows the history of your work. + You should be able to explain the following: -## Next steps + * Steps taken to achieve the end result. + * Build and test process of Chef code. + * Tools used in the process. -You can take expand on this project a number of ways including: + You should be able to demonstrate the following: -* Testing - * Use [Test Kitchen](http://kitchen.ci) to validate your chef-client runs. - * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io). - * Add [ChefSpec](http://sethvargo.github.io/chefspec/) tests. - * Add [Serverspec](http://serverspec.org/) tests. - * Add a continuous integration server, such as Jenkins -* Community Cookbooks - Use the [yum cookbook](https://supermarket.getchef.com/cookbooks/yum) from the Supermarket. -* Multi-OS support - what changes are required to [install MongoDB on Ubuntu](http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/)? -* Cloud deployment - * Can you install MongoDB in another infrastructure as a service environment? (AWS, Azure, Rackspace, Digital Ocean, etc.) -* Operationalize - * Add a [replica set](http://docs.mongodb.org/manual/administration/replica-sets/) - * Add monitoring (nagios, sensu, etc.) - * Add central logging (splunk, logstash, etc.) - * Schedule database backups + * Your Chef cookbook successfully compiles and executes on your target node + * You can login to MongoDB by typing `mongo` on the target system. + * You can run chef-client multiple times without failures + * Your source code repository shows the history of your work. -## Examples of this project +## Next steps -Here are some examples of this project being implemented by other workshop participants. (See the "Contributing" section of the README for details on how to add your example.) + You can expand on this project a number of ways including: -* a working solution [Nathen Harvey](https://github.com/nathenharvey/install_mongo) + * Testing + * Add [Inspec](http://inspec.io/) tests + * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io) + * Add [ChefSpec](http://sethvargo.github.io/chefspec/) unit tests + * Utilize community cookbooks inside of your cookbook [Community Cookbooks](http://supermarket.chef.io) -## To Do + The community has created cookbooks that accomplish similar goals. Select a group of resources, recipe, or cookbook and replace it with the equivalent community cookbook. -* + +* a working solution [Nathen Harvey](https://github.com/nathenharvey/install_mongo) diff --git a/Install_MongoDB/install.rb b/Install_MongoDB/install.rb index 7212468..25848ad 100644 --- a/Install_MongoDB/install.rb +++ b/Install_MongoDB/install.rb @@ -14,31 +14,31 @@ # # Create a /etc/yum.repos.d/mongodb.repo file to hold the following configuration information for the MongoDB repository: -# +# # If you are running a 64-bit system, use the following configuration: -# +# # [mongodb] # name=MongoDB Repository # baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ # gpgcheck=0 # enabled=1 # If you are running a 32-bit system, which is not recommended for production deployments, use the following configuration: -# +# # [mongodb] # name=MongoDB Repository # baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686/ # gpgcheck=0 # enabled=1 -# +# # Install the MongoDB packages and associated tools. -# +# # sudo yum install mongodb-org -# -# +# +# # Start MongoDB. -# +# # sudo service mongod start -# +# # ensure that MongoDB will start following a system reboot by issuing the following command: -# -# sudo chkconfig mongod on# \ No newline at end of file +# +# sudo chkconfig mongod on# diff --git a/Middleman/README.md b/Middleman/README.md index 94c6766..f4865c8 100644 --- a/Middleman/README.md +++ b/Middleman/README.md @@ -6,77 +6,63 @@ You goal is to transform the installation instructions into one or more Chef rec ## Objectives +The goal is to transform the installation instructions into one or more Chef recipes that will install and initialize the Middleman application. + After successfully completing this workshop, you will be able to: -* Build something in Chef with very little guidance -* Write custom Chef recipes. -* Use the [Chef Documentation](http://docs.opscode.com) to identify and use resources that will help you model the desired state of your infrastructure. -* Include [guards](http://docs.getchef.com/chef/resources.html#guards) in Chef resources. +* Install and configure the Middleman site using Chef. +* Use the [Chef Documentation](http://docs.chef.io) to identify and use resources that will help you model the desired state of your infrastructure. +* Include [guards](https://docs.chef.io/resources.html#guards) in Chef resources. ## Pre-requisites Before beginning you will need: -* A virtual machine or server running Ubuntu 12.04 or later * Some experience using Chef such as: - * completing the exercises on [Learn Chef](http://learn.getchef.com) - * completing a Chef Fundamentals workshop + * completing the exercises on [Learn Chef](http://learn.chef.io/tutorials) + * completing a Chef Essentials workshop * real-world experience working with Chef -* Chef DK or chef-client installed -* A text editor -* A version control system +* Chef DK or chef-client installed on your local workstation to develop and test your Chef code. +* A text editor (i.e. Atom, SublimeTest, VisualStudio Code) +* A version control system (i.e. Github) +* A virtual machine running Ubuntu 12.04 or later + +## Instructions + +* Use the ChefDK and text editor to develop and test your Chef code on your local workstation. +* Use the instructions provided in the file `INSTRUCTIONS.md` to construct your Chef cookbook that mirrors the installation instructions. Use the Chef Resources reference to find the most appropriate Chef Resources to use for each task. [Chef resources reference][https://docs.chef.io/resources.html] + +* There are a couple of ways that you can write, test and run your cookbook. + * Using the steps outlined [here](https://learn.chef.io/tutorials/local-development/ubuntu/), write and test your cookbook locally using Vagrant + Virtualbox + * Use your Ubuntu 12.04 (or later) virtual machine. Write your cookbook in vim, nano or emacs, and run `chef-client` in `--local-mode`. + ## Completion Criteria +Store your work in a Github repository. + +You should be able to explain the following: + +* Steps taken to achieve the end result. +* Build and test process of Chef code. +* Tools used in the process. + You'll know this project is complete when: +* Your Chef cookbook successfully compiles and executes on a target node * You can interact with the middleman site in a browser. * You can run chef-client multiple times without failures. * Your source code repository shows the history of your work. ## Next steps -You can take expand on this project a number of ways including: +You can expand on this project a number of ways including: * Testing - * Use [Test Kitchen](http://kitchen.ci) to validate your chef-client runs + * Add [Inspec](http://inspec.io/) tests * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io) - * Add [ChefSpec](http://sethvargo.github.io/chefspec/) tests - * Add [Serverspec](http://serverspec.org/) tests - * Add a continuous integration server, such as Jenkins - -* Refactoring Recipes - -Typically recipes perform installation and configuration for a single application or a service of an application. Separate your single cookbook recipe into different recipes that focus on each of the different applications (e.g. installing ruby, installing apache, cloning the repo, installing dependencies, configuring/enabling the thin service). - -Use the [include_recipe](https://docs.getchef.com/essentials_cookbook_recipes.html#include-recipes) directive to ensure you load your dependencies. - -* Cookbook Extraction + * Add [ChefSpec](http://sethvargo.github.io/chefspec/) unit tests -Cookbooks are best when they map 1:1 to a piece of software. The cookbook created here contains so much awesomeness across so many pieces of software. Separate the recipes in your single cookbook into multiple cookbooks (e.g. Apt-Get, Apache, Ruby, Git, Bundler) - -* Replace with [Community Cookbooks](http://supermarket.getchef.com) +* Utilize community cookbooks inside of your cookbook [Community Cookbooks](http://supermarket.chef.io) The community has created cookbooks that accomplish similar goals. Select a group of resources, recipe, or cookbook and replace it with the equivalent community cookbook. - -* [Light-Weight Resource Provider](https://docs.getchef.com/lwrp.html) - -Within your cookbook several resources that act in concert together can be grouped together as a recipe. Sometimes it makes sense to use a series of resources as a template. Light-Weight Resource Providers (LWRP) grant you that ability. - -Update your current resources, recipes, and cookbooks to implement a LWRP where it feels like you may want to use that same series of resources again with a different set of parameters. - -* Multi-OS support - -The installation instructions were defined for a CentOS Operating System (OS). Attempt a deployment on a node with a different OS. Update the resources, recipes, and cookbooks so that you can deploy on Ubuntu? Redhat? Amazon? - -## Examples - -Here are some examples of this project being implemented by other workshop participants. (See the "Contributing" section of the README for details on how to add your example.) - -* Link to a repo with a description of the implementation details -* Link to a repo with a description of the implementation details -* Link to a repo with a description of the implementation details - -## To Do - -Create a presentation to illustrate learning goals, objectives, and discussions created by this content. \ No newline at end of file diff --git a/README.md b/README.md index e410f2f..5f08816 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,9 @@ Great projects: * Awesome Appliance Repair - A simple, python-based web application that utilizes Apache for a web server and MySQL for a database. * Install MongoDB - A starter project for MongoDB. This simply installs the software on the target system. +* Middleman - A static site generator using all the shortcuts and tools in modern web development. It is a ruby (sinatra) application. +* Remediation Workshop - Use [Chef Inspec](inspec.io) to test and remediate a system. +* Tomcat - A simple installation and configuration of an Apache web page. ## Contributing @@ -23,6 +26,7 @@ Pull requests are merged via Github, you can find the documentation about how to ## License & Authors Author:: Nathen Harvey () +Author:: Nicole Johnson () Copyright:: 2014 Chef Software, Inc. diff --git a/Tomcat/INSTRUCTIONS.md b/Tomcat/INSTRUCTIONS.md index 90c9234..d71cf9b 100644 --- a/Tomcat/INSTRUCTIONS.md +++ b/Tomcat/INSTRUCTIONS.md @@ -15,11 +15,11 @@ $ sudo useradd -g chef chef * Download the Tomcat Binary -> NOTE: A specific binary will be mentioned below but it will likely be out of date. You can find the binaries for Tomcat 8 here at http://mirror.sdunix.com/apache/tomcat/tomcat-8/ +> NOTE: A specific binary will be mentioned below but it will likely be out of date. You can find the binaries for Tomcat 8 here at https://archive.apache.org/dist/tomcat/tomcat-8/ ``` $ cd /tmp -$ wget http://mirror.sdunix.com/apache/tomcat/tomcat-8/v8.0.33/bin/apache-tomcat-8.0.33.tar.gz +$ wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.33/ ``` * Extract the Tomcat Binary diff --git a/Tomcat/README.md b/Tomcat/README.md index b66a48a..09cdd08 100644 --- a/Tomcat/README.md +++ b/Tomcat/README.md @@ -4,73 +4,63 @@ The [Apache Tomcat®](http://tomcat.apache.org/) software is an open source impl ## Objectives -The goal is to transform the installation instructions into one or more Chef recipes that will install and initialize the application. +The goal is to transform the installation instructions into one or more Chef recipes that will install and initialize the Tomcat application. After successfully completing this workshop, you will be able to: -* Build something in Chef with very little guidance -* Write custom Chef recipes. -* Use the [Chef Documentation](http://docs.opscode.com) to identify and use resources that will help you model the desired state of your infrastructure. -* Include [guards](http://docs.getchef.com/chef/resources.html#guards) in Chef resources. +* Install and configure a basic Tomcat webpage using Chef. +* Use the [Chef Documentation](http://docs.chef.io) to identify and use resources that will help you model the desired state of your infrastructure. +* Include [guards](https://docs.chef.io/resources.html#guards) in Chef resources. ## Pre-requisites Before beginning you will need: -* A virtual machine or server running CentOS 7.0 or later * Some experience using Chef such as: - * completing the exercises on [Learn Chef](http://learn.chef.io) + * completing the exercises on [Learn Chef](http://learn.chef.io/tutorials) * completing a Chef Essentials workshop * real-world experience working with Chef -* Chef DK or chef-client installed -* A text editor -* A version control system +* Chef DK or chef-client installed on your local workstation to develop and test your Chef code. +* A text editor (i.e. Atom, SublimeTest, VisualStudio Code) +* A version control system (i.e. Github) +* A virtual machine running CentOS 7.0 or later -## Completion Criteria - -You'll know this project is complete when: - -* You can interact with the tomcat site in a browser -* You can run chef-client multiple times without failures -* Your source code repository shows the history of your work - -## Next steps - -You can take expand on this project a number of ways including: - -* Testing - * Use [Test Kitchen](http://kitchen.ci) to validate your chef-client runs - * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io) - * Add [ChefSpec](http://sethvargo.github.io/chefspec/) tests - * Add [Serverspec](http://serverspec.org/) tests - * Add a continuous integration server, such as Jenkins +## Instructions -* Refactoring Recipes +* Use the ChefDK and text editor to develop and test your Chef code on your local workstation. +* Use the instructions provided in the file `INSTRUCTIONS.md` and/or to construct your Chef cookbook that mirrors the installation instructions. Use the Chef Resources reference to find the most appropriate Chef Resources to use for each task. [Chef resources reference][https://docs.chef.io/resources.html] -Typically recipes perform installation and configuration for a single application or a service of an application. Separate your single cookbook recipe into different recipes that focus on each of the different applications (e.g. installing ruby, installing apache, cloning the repo, installing dependencies, configuring/enabling the thin service). +* There are a couple of ways that you can write, test and run your cookbook. + * Using the steps outlined [here](https://learn.chef.io/tutorials/local-development/rhel/), write and test your cookbook locally using Test Kitchen via Vagrant + Virtual Box, or the cloud platform of your choice. + * Use your CentOS 7.0 (or later) virtual machine. Write your cookbook in vim, nano or emacs, and run `chef-client` in `--local-mode`. -Use the [include_recipe](https://docs.getchef.com/essentials_cookbook_recipes.html#include-recipes) directive to ensure you load your dependencies. -* Cookbook Extraction +## Completion Criteria -Cookbooks are best when they map 1:1 to a piece of software. The cookbook created here contains so much awesomeness across so many pieces of software. Separate the recipes in your single cookbook into multiple cookbooks (e.g. Apt-Get, Apache, Ruby, Git, Bundler) +Store your work in a Github repository. -* Replace with [Community Cookbooks](http://supermarket.getchef.com) +You should be able to explain the following: -The community has created cookbooks that accomplish similar goals. Select a group of resources, recipe, or cookbook and replace it with the equivalent community cookbook. +* Steps taken to achieve the end result. +* Build and test process of Chef code. +* Tools used in the process. -* [Light-Weight Resource Provider](https://docs.getchef.com/lwrp.html) +You should be able to demonstrate the following: -Within your cookbook several resources that act in concert together can be grouped together as a recipe. Sometimes it makes sense to use a series of resources as a template. Light-Weight Resource Providers (LWRP) grant you that ability. - -Update your current resources, recipes, and cookbooks to implement a LWRP where it feels like you may want to use that same series of resources again with a different set of parameters. +* Your Chef cookbook successfully compiles and executes on your target node +* You can interact with the tomcat site in a browser or successfully `curl localhost` +* You can run chef-client multiple times without failures +* Your source code repository shows the history of your work -* Multi-OS support +## Next steps -The installation instructions were defined for a CentOS Operating System (OS). Attempt a deployment on a node with a different OS. Update the resources, recipes, and cookbooks so that you can deploy on Ubuntu? Redhat? Amazon? +You can expand on this project a number of ways including: -## Examples +* Testing + * Add [Inspec](http://inspec.io/) tests + * Add static code analysis using [Rubocop](https://github.com/bbatsov/rubocop) and [Food Critic](foodcritic.io) + * Add [ChefSpec](http://sethvargo.github.io/chefspec/) unit tests -Here are some examples of this project being implemented by other workshop participants. (See the "Contributing" section of the README for details on how to add your example.) +* Utilize community cookbooks inside of your cookbook [Community Cookbooks](http://supermarket.chef.io) -* Submit your link to a repo with a description of the implementation details +The community has created cookbooks that accomplish similar goals. Select a group of resources, recipe, or cookbook and replace it with the equivalent community cookbook. diff --git a/Tomcat/commands.sh b/Tomcat/commands.sh index 75f094c..8a399b7 100644 --- a/Tomcat/commands.sh +++ b/Tomcat/commands.sh @@ -14,7 +14,7 @@ user 'chef' do end # remote_file '/tmp/apache-tomcat-8.0.33.tar.gz' do -# source 'http://mirror.sdunix.com/apache/tomcat/tomcat-8/v8.0.33/bin/apache-tomcat-8.0.33.tar.gz' +# source 'https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.33/' # end directory '/opt/tomcat' do diff --git a/Tomcat/workshop.pptx b/Tomcat/workshop.pptx deleted file mode 100644 index 2fde356..0000000 Binary files a/Tomcat/workshop.pptx and /dev/null differ diff --git a/remediation_workshop/README.md b/remediation_workshop/README.md index 837f893..7755be9 100644 --- a/remediation_workshop/README.md +++ b/remediation_workshop/README.md @@ -1,6 +1,7 @@ # Remediation -[Chef Compliance](https://www.chef.io/compliance/) provides a number of Compliance Profiles that can be used to check a number of controls across your infrastructure. +[Chef Inspec](inspec.io) provides a number of Compliance Profiles that can be used to check a number of controls across your infrastructure. +You can find a guide for this process [here](https://learn.chef.io/tutorials/compliance-assess/) Your goal with this project is to scan a node using one or more profiles and remediate any violations using Chef. @@ -23,10 +24,10 @@ After successfully completing this workshop, you will be able to: * Please track and share your work in a git repository -1. Login to the Chef Compliance server -1. Add the node to be scanned -1. Scan the node and note the failing controls -1. Write cookbooks to remediate the failing controls -1. Execute the cookbooks on the node -1. Scan to verify remediation -1. Fix one thing at a time +* Login to the Chef Compliance server +* Add the node to be scanned +* Scan the node and note the failing controls +* Write cookbooks to remediate the failing controls +* Execute the cookbooks on the node +* Scan to verify remediation +* Fix one thing at a time