cookbooks/mu-tools/attributes/default.rb
#
# Cookbook Name:: mu-tools
# Attributes:: default
#
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
#
# Licensed under the BSD-3 license (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License in the root of the project or at
#
# http://egt-labs.com/mu/LICENSE.html
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
disk_name_str = Chef::Config[:node_name]
if disk_name_str == "CAP-MASTER" or disk_name_str == "MU-MASTER" and !node['hostname'].nil?
disk_name_str = node['hostname']
end rescue NoMethodError
diskdevs = :xvd
if !platform_family?("windows")
if default['kernel']['modules'].keys.include?("nvme")
diskdevs = :nvme
end
end
default['os_updates_using_chef'] = false
default['application_attributes']['application_volume']['mount_directory'] = '/apps'
default['application_attributes']['application_volume']['mount_device'] = '/dev/xvdf'
default['application_attributes']['application_volume']['label'] = "#{disk_name_str} /apps"
default['application_attributes']['application_volume']['volume_size_gb'] = 1
default['application_attributes']['ebs_snapshots']['boto_path'] = '/usr/lib/python2.6/site-packages/boto'
default['application_attributes']['ebs_snapshots']['minute'] = '10'
default['application_attributes']['ebs_snapshots']['hour'] = '6'
default['application_attributes']['ebs_snapshots']['days_to_keep'] = '7'
default['application_attributes']['skip_recipes'] = []
default['nagios']['server_role'] = "mu-master"
default['nagios']['multi_environment_monitoring'] = true
# no idea why this attribute isn't set on MU-MASTER, but it isn't.
default['chef_node_name'] = Chef::Config[:node_name]
if node.has_key?("deployment")
if node['deployment'].has_key?("admins")
default['admins'] = []
node['deployment']['admins'].each_value { |data|
default['admins'] << data['email']
}
end
if node['deployment'].has_key?("mu_public_ip")
default['nagios']['allowed_hosts'] = [node['deployment']['mu_public_ip']]
end
end
if (!node.has_key?("admins") or node['admins'].size == 0) and node['tags'].is_a?(Hash)
if node['tags'].has_key?("MU-OWNER")
default['admins'] = []
default['admins'] << node['tags']['MU-OWNER']+"@localhost"
elsif node['tags'].has_key?("MU-ADMINS")
default['admins'] = node['tags']['MU-ADMINS'].split(/\s+/)
end
end
begin
default['splunk']['receiver_ip'] = node['ec2']['public_ip_address']
rescue NoMethodError
default['splunk']['receiver_ip'] = node['ipaddress']
end
# Set this to a path to store Splunk's big databases somewhere besides
# /opt/splunk/var/lib/splunk
default['splunk']['splunkdb']['dev'] = nil
default['splunk']['splunkdb']['path'] = "/opt/splunk/var/lib/splunk"
default['splunk']['minfreespace'] = 733
default['splunk']['inputs_conf']['host'] = Chef::Config[:node_name]
default['splunk']['accept_license'] = true
default['splunk']['auth'] = {
'data_bag' => 'splunk',
'data_bag_item' => 'admin_user'
}
default['splunk']['ssl_options'] = {
'enable_ssl' => true,
'data_bag' => Chef::Config[:node_name],
'data_bag_item' => 'ssl_cert',
'keyfile' => 'node.key',
'crtfile' => 'node.crt'
}
default['maldet']['install'] = true
default['sec']['root_login_disabled'] = false
default['sec']['accnt_lckout'] = 5
default['sec']['accnt_lckout_duration'] = 900
default['sec']['pwd'] = {
'min_length' => 14,
'numeric' => -1,
'uppercase' => -1,
'lowercase' => -1,
'special' => -1,
'retry' => 3,
'remember' => 5
}
# dumb hack, or dumbest hack?
["s", "t", "u", "v", "w", "x", "y", "z"].reverse_each { |drive|
if File.exist?("/dev/xvd#{drive}")
default['tmp_dev'] = "/dev/xvd#{drive}"
break
end
}
default['application_attributes']['swap']["volume_size_gb"] = 4
default['application_attributes']['swap']['mount_device'] = "/dev/xvdm"
default['application_attributes']['swap']['label'] = "#{disk_name_str} swap"
default['application_attributes']['swap']['mount_directory'] = "swap"
default['application_attributes']['home']["volume_size_gb"] = 2
default['application_attributes']['home']['mount_device'] = "/dev/xvdn"
default['application_attributes']['home']['label'] = "#{disk_name_str} /home"
default['application_attributes']['home']['mount_directory'] = "/home"
default['application_attributes']['var']["volume_size_gb"] = 7
default['application_attributes']['var']['mount_device'] = "/dev/xvdo"
default['application_attributes']['var']['label'] = "#{disk_name_str} /var"
default['application_attributes']['var']['mount_directory'] = "/var"
default['application_attributes']['var_log']["volume_size_gb"] = 7
default['application_attributes']['var_log']['mount_device'] = "/dev/xvdp"
default['application_attributes']['var_log']['label'] = "#{disk_name_str} /var/log"
default['application_attributes']['var_log']['mount_directory'] = "/var/log"
default['application_attributes']['var_log_audit']["volume_size_gb"] = 2
default['application_attributes']['var_log_audit']['mount_device'] = "/dev/xvdq"
default['application_attributes']['var_log_audit']['label'] = "#{disk_name_str} /var/log/audit"
default['application_attributes']['var_log_audit']['mount_directory'] = "/var/log/audit"
default['banner']['path'] = "etc/BANNER-FEDERAL"
# firewalld support in the firewall cookbook is too stupid to breathe
default['firewall']['redhat7_iptables'] = true
#if node['platform'] == 'amazon'
# override['firewall']['redhat7_iptables'] = true
#end
# We probably don't want to set java defaults here. This may cause issues with attribute precedence when other cookbooks try to install a different version of Java (JDK 7 is not supported/patched)
# if platform_family?("windows")
# override['java']['install_flavor'] = 'windows'
# override["java"]["jdk_version"] = 7
# override["java"]["oracle"]["accept_oracle_download_terms"] = true
# end