From 6cf8de94a71404d68bae98c9f014746f47dcbaa7 Mon Sep 17 00:00:00 2001
From: Raphael Sofaer <raphael@joindiaspora.com>
Date: Wed, 16 Feb 2011 22:42:59 -0500
Subject: [PATCH] take secret token stuff out of chef scripts

---
 chef/cookbooks/centos/recipes/bootstrap.rb       |  6 +++---
 chef/cookbooks/centos/recipes/java.rb            |  3 +++
 chef/cookbooks/centos/recipes/main.rb            | 16 ----------------
 chef/cookbooks/centos/recipes/post_bootstrap.rb  |  1 +
 chef/cookbooks/common/recipes/daemontools.rb     | 12 ------------
 chef/cookbooks/common/recipes/main.rb            |  1 -
 chef/cookbooks/common/recipes/secret_token.rb    |  5 -----
 chef/cookbooks/common/recipes/splunk.rb          |  8 ++++----
 .../common/templates/default/secret_token.rb.erb |  1 -
 config/initializers/check_session_secret.rb      |  1 -
 10 files changed, 11 insertions(+), 43 deletions(-)
 create mode 100644 chef/cookbooks/centos/recipes/java.rb
 create mode 100644 chef/cookbooks/centos/recipes/post_bootstrap.rb
 delete mode 100644 chef/cookbooks/common/recipes/secret_token.rb
 delete mode 100644 chef/cookbooks/common/templates/default/secret_token.rb.erb

diff --git a/chef/cookbooks/centos/recipes/bootstrap.rb b/chef/cookbooks/centos/recipes/bootstrap.rb
index 0458df3fa8..b5c8608766 100644
--- a/chef/cookbooks/centos/recipes/bootstrap.rb
+++ b/chef/cookbooks/centos/recipes/bootstrap.rb
@@ -13,9 +13,7 @@ end
 execute "htop" do
   command "yum install -y htop psmisc screen"
 end
-execute "JAVA!! for Jammit" do
-  command "yum install -y java"
-end
+
 execute "rvm deps" do
   command "yum install -y bzip2"
 end
@@ -35,3 +33,5 @@ def harden_ruby(ruby_string)
 end
 
 harden_ruby("ree-1.8.7-2010.02")
+
+include_recipe "centos::post_bootstrap"
diff --git a/chef/cookbooks/centos/recipes/java.rb b/chef/cookbooks/centos/recipes/java.rb
new file mode 100644
index 0000000000..ca94b42fd2
--- /dev/null
+++ b/chef/cookbooks/centos/recipes/java.rb
@@ -0,0 +1,3 @@
+execute "JAVA!! for Jammit" do
+  command "yum install -y java"
+end
diff --git a/chef/cookbooks/centos/recipes/main.rb b/chef/cookbooks/centos/recipes/main.rb
index f5455876a0..c7688a7e4d 100644
--- a/chef/cookbooks/centos/recipes/main.rb
+++ b/chef/cookbooks/centos/recipes/main.rb
@@ -1,19 +1,3 @@
-def harden_ruby(ruby_string)
-  Dir.glob("/usr/local/rvm/wrappers/#{ruby_string}/*").each do |file|
-    link "/usr/local/bin/#{file.split('/').last}" do
-      to file
-    end
-  end
-  Dir.glob("/usr/local/rvm/gems/#{ruby_string}/bin/*").each do |file|
-    link "/usr/local/bin/#{file.split('/').last}" do
-      to file
-    end
-  end
-
-end
-
-harden_ruby("ree-1.8.7-2010.02")
-
 include_recipe "centos::image_magick"
 include_recipe "centos::mysql"
 include_recipe "common::main"
diff --git a/chef/cookbooks/centos/recipes/post_bootstrap.rb b/chef/cookbooks/centos/recipes/post_bootstrap.rb
new file mode 100644
index 0000000000..9d100269b5
--- /dev/null
+++ b/chef/cookbooks/centos/recipes/post_bootstrap.rb
@@ -0,0 +1 @@
+include_recipe "centos::java"
diff --git a/chef/cookbooks/common/recipes/daemontools.rb b/chef/cookbooks/common/recipes/daemontools.rb
index 4f1509b65e..c3af1cc519 100644
--- a/chef/cookbooks/common/recipes/daemontools.rb
+++ b/chef/cookbooks/common/recipes/daemontools.rb
@@ -6,13 +6,6 @@ execute "compile daemontools" do
   command "cd /package/admin/daemontools-0.76 && ./package/install"
 end
 
-#execute "mongo run" do
-#  command "mkdir -p /service/mongo && echo '#!/bin/sh' > /service/mongo/run && echo 'exec /usr/bin/mongod' >> /service/mongo/run"
-#end
-#execute "executable" do
-#  command "chmod -R 755 /service/mongo"
-#end
-
 execute "mysql run" do
   command "mkdir -p /service/mysql && echo '#!/bin/sh' > /service/mysql/run && echo 'exec /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --user=mysql'  >> /service/mysql/run"
 end
@@ -37,11 +30,6 @@ config['thins'].each do |thin|
   end
 end
 
-#service for mongo tunnel
-#execute "mongo ssh tunnel" do
-  #command "mkdir -p /service/mongo_ssh_tunnel && echo '#!/bin/sh' > /service/mongo_ssh_tunnel/run && echo 'exec ssh -N -f -L 27017:localhost:27017 caesar@184.106.233.43' >> /service/websocket/run"
-#end
-
 execute "websocket run" do
   command "mkdir -p /service/websocket && echo '#!/bin/sh' > /service/websocket/run && echo 'cd /usr/local/app/diaspora && RAILS_ENV=production exec /usr/local/bin/ruby /usr/local/app/diaspora/script/websocket_server.rb' >> /service/websocket/run"
 end
diff --git a/chef/cookbooks/common/recipes/main.rb b/chef/cookbooks/common/recipes/main.rb
index cbaf76f9ed..7d35db472c 100644
--- a/chef/cookbooks/common/recipes/main.rb
+++ b/chef/cookbooks/common/recipes/main.rb
@@ -1,5 +1,4 @@
 include_recipe "common::iptables"
 include_recipe "common::daemontools"
-include_recipe "common::secret_token"
 include_recipe "common::splunk"
 include_recipe "common::backup"
diff --git a/chef/cookbooks/common/recipes/secret_token.rb b/chef/cookbooks/common/recipes/secret_token.rb
deleted file mode 100644
index 948f59f07f..0000000000
--- a/chef/cookbooks/common/recipes/secret_token.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-require 'active_support'
-template "/usr/local/app/diaspora/config/initializers/secret_token.rb" do
-  source "secret_token.rb.erb"
-  variables :secret_token => ActiveSupport::SecureRandom.hex(40)
-end
diff --git a/chef/cookbooks/common/recipes/splunk.rb b/chef/cookbooks/common/recipes/splunk.rb
index e2ec2a4987..04d6354a4d 100644
--- a/chef/cookbooks/common/recipes/splunk.rb
+++ b/chef/cookbooks/common/recipes/splunk.rb
@@ -34,10 +34,10 @@ execute "Add monitor for diaspora" do
   not_if "splunk list monitor | grep diaspora"
 end
 
-#execute "Add monitor for nginx" do
-  #command "mkdir -p /usr/local/nginx/logs && splunk add monitor /usr/local/nginx/logs"
-  #not_if "splunk list monitor | grep nginx"
-#end
+execute "Add monitor for nginx" do
+  command "mkdir -p /usr/local/nginx/logs && splunk add monitor /usr/local/nginx/logs"
+  not_if "splunk list monitor | grep nginx"
+end
 
 execute 'Splunk Restart' do
   command "splunk restart"
diff --git a/chef/cookbooks/common/templates/default/secret_token.rb.erb b/chef/cookbooks/common/templates/default/secret_token.rb.erb
deleted file mode 100644
index ef4543b33e..0000000000
--- a/chef/cookbooks/common/templates/default/secret_token.rb.erb
+++ /dev/null
@@ -1 +0,0 @@
-Rails.application.config.secret_token = '<%= @secret_token %>'
diff --git a/config/initializers/check_session_secret.rb b/config/initializers/check_session_secret.rb
index 1970c5078b..32a1907d70 100644
--- a/config/initializers/check_session_secret.rb
+++ b/config/initializers/check_session_secret.rb
@@ -2,4 +2,3 @@ unless File.exists?( File.join(Rails.root, 'config', 'initializers', 'secret_tok
   `rake generate:secret_token`
    require  File.join(Rails.root, 'config', 'initializers', 'secret_token.rb')
 end
-
-- 
GitLab