# In the following text, the symbol '#' introduces
# a comment, which continues from that symbol until
# the end of the line. A plain comment line has a
# whitespace character following the comment indicator.
# There are also special comment lines defined below.
# A special comment will always have a non-whitespace
# character in column 2.
#
# A blank line should be ignored.
#
# The following table shows the corrections that must
# be applied to compute International Atomic Time (TAI)
# from the Coordinated Universal Time (UTC) values that
# are transmitted by almost all time services.
#
# The first column shows an epoch as a number of seconds
# since 1900.0 and the second column shows the number of
# seconds that must be added to UTC to compute TAI for
# any timestamp at or after that epoch. The value on
# each line is valid from the indicated initial instant
# until the epoch given on the next one or indefinitely
# into the future if there is no next line.
# (The comment on each line shows the representation of
# the corresponding initial epoch in the usual
# day-month-year format. The epoch always begins at
# 00:00:00 UTC on the indicated day. See Note 5 below.)
#
# Important notes:
#
# 1. Coordinated Universal Time (UTC) is often referred to
# as Greenwich Mean Time (GMT). The GMT time scale is no
# longer used, and the use of GMT to designate UTC is
# discouraged.
#
# 2. The UTC time scale is realized by many national
# laboratories and timing centers. Each laboratory
# identifies its realization with its name: Thus
# UTC(NIST), UTC(USNO), etc. The differences among
# these different realizations are typically on the
# order of a few nanoseconds (i.e., 0.000 000 00x s)
# and can be ignored for many purposes. These differences
# are tabulated in Circular T, which is published monthly
# by the International Bureau of Weights and Measures
# (BIPM). See www.bipm.fr for more information.
#
# 3. The current defintion of the relationship between UTC
# and TAI dates from 1 January 1972. A number of different
# time scales were in use before than epoch, and it can be
# quite difficult to compute precise timestamps and time
# intervals in those "prehistoric" days. For more information,
# consult:
#
# The Explanatory Supplement to the Astronomical
# Ephemeris.
# or
# Terry Quinn, "The BIPM and the Accurate Measurement
# of Time," Proc. of the IEEE, Vol. 79, pp. 894-905,
# July, 1991.
#
# 4. The insertion of leap seconds into UTC is currently the
# responsibility of the International Earth Rotation Service,
# which is located at the Paris Observatory:
#
# Central Bureau of IERS
# 61, Avenue de l'Observatoire
# 75014 Paris, France.
#
# Leap seconds are announced by the IERS in its Bulletin C
#
# See hpiers.obspm.fr or www.iers.org for more details.
#
# All national laboratories and timing centers use the
# data from the BIPM and the IERS to construct their
# local realizations of UTC.
#
# Although the definition also includes the possibility
# of dropping seconds ("negative" leap seconds), this has
# never been done and is unlikely to be necessary in the
# foreseeable future.
#
# 5. If your system keeps time as the number of seconds since
# some epoch (e.g., NTP timestamps), then the algorithm for
# assigning a UTC time stamp to an event that happens during a positive
# leap second is not well defined. The official name of that leap
# second is 23:59:60, but there is no way of representing that time
# in these systems.
# Many systems of this type effectively stop the system clock for
# one second during the leap second and use a time that is equivalent
# to 23:59:59 UTC twice. For these systems, the corresponding TAI
# timestamp would be obtained by advancing to the next entry in the
# following table when the time equivalent to 23:59:59 UTC
# is used for the second time. Thus the leap second which
# occurred on 30 June 1972 at 23:59:59 UTC would have TAI
# timestamps computed as follows:
#
# ...
# 30 June 1972 23:59:59 (2287785599, first time): TAI= UTC + 10 seconds
# 30 June 1972 23:59:60 (2287785599,second time): TAI= UTC + 11 seconds
# 1 July 1972 00:00:00 (2287785600) TAI= UTC + 11 seconds
# ...
#
# If your system realizes the leap second by repeating 00:00:00 UTC twice
# (this is possible but not usual), then the advance to the next entry
# in the table must occur the second time that a time equivlent to
# 00:00:00 UTC is used. Thus, using the same example as above:
#
# ...
# 30 June 1972 23:59:59 (2287785599): TAI= UTC + 10 seconds
# 30 June 1972 23:59:60 (2287785600, first time): TAI= UTC + 10 seconds
# 1 July 1972 00:00:00 (2287785600,second time): TAI= UTC + 11 seconds
# ...
#
# in both cases the use of timestamps based on TAI produces a smooth
# time scale with no discontinuity in the time interval.
#
# This complexity would not be needed for negative leap seconds (if they
# are ever used). The UTC time would skip 23:59:59 and advance from
# 23:59:58 to 00:00:00 in that case. The TAI offset would decrease by
# 1 second at the same instant. This is a much easier situation to deal
# with, since the difficulty of unambiguously representing the epoch
# during the leap second does not arise.
#
# Questions or comments to:
# Jeff Prillaman
# Time Service Department
# US Naval Observatory
# Washington, DC
# jeffrey.prillaman@usno.navy.mil
#
# Last Update of leap second values: 18 Apr 2017
#
# The following line shows this last update date in NTP timestamp
# format. This is the date on which the most recent change to
# the leap second data was added to the file. This line can
# be identified by the unique pair of characters in the first two
# columns as shown below.
#
#$ 3701462400
#
# The data in this file will be updated periodically as new leap
# seconds are announced. In addition to being entered on the line
# above, the update time (in NTP format) will be added to the basic
# file name leap-seconds to form the name leap-seconds.<NTP TIME>.
# In addition, the generic name leap-seconds.list will always point to
# the most recent version of the file.
#
# This update procedure will be performed only when a new leap second
# is announced.
#
# The following entry specifies the expiration date of the data
# in this file in units of seconds since 1900.0. This expiration date
# will be changed at least twice per year whether or not a new leap
# second is announced. These semi-annual changes will be made no
# later than 1 June and 1 December of each year to indicate what
# action (if any) is to be taken on 30 June and 31 December,
# respectively. (These are the customary effective dates for new
# leap seconds.) This expiration date will be identified by a
# unique pair of characters in columns 1 and 2 as shown below.
# In the unlikely event that a leap second is announced with an
# effective date other than 30 June or 31 December, then this
# file will be edited to include that leap second as soon as it is
# announced or at least one month before the effective date
# (whichever is later).
# If an announcement by the IERS specifies that no leap second is
# scheduled, then only the expiration date of the file will
# be advanced to show that the information in the file is still
# current -- the update time stamp, the data and the name of the file
# will not change.
#
# Updated through IERS Bulletin C 53
# File expires on: 1 Dec 2017
#
#@ 3721075200
#
2272060800 10 # 1 Jan 1972
2287785600 11 # 1 Jul 1972
2303683200 12 # 1 Jan 1973
2335219200 13 # 1 Jan 1974
2366755200 14 # 1 Jan 1975
2398291200 15 # 1 Jan 1976
2429913600 16 # 1 Jan 1977
2461449600 17 # 1 Jan 1978
2492985600 18 # 1 Jan 1979
2524521600 19 # 1 Jan 1980
2571782400 20 # 1 Jul 1981
2603318400 21 # 1 Jul 1982
2634854400 22 # 1 Jul 1983
2698012800 23 # 1 Jul 1985
2776982400 24 # 1 Jan 1988
2840140800 25 # 1 Jan 1990
2871676800 26 # 1 Jan 1991
2918937600 27 # 1 Jul 1992
2950473600 28 # 1 Jul 1993
2982009600 29 # 1 Jul 1994
3029443200 30 # 1 Jan 1996
3076704000 31 # 1 Jul 1997
3124137600 32 # 1 Jan 1999
3345062400 33 # 1 Jan 2006
3439756800 34 # 1 Jan 2009
3550089600 35 # 1 Jul 2012
3644697600 36 # 1 Jul 2015
3692217600 37 # 1 Jan 2017
#
# the following special comment contains the
# hash value of the data in this file computed
# use the secure hash algorithm as specified
# by FIPS 180-1. See the files in ~/sha for
# the details of how this hash value is
# computed. Note that the hash computation
# ignores comments and whitespace characters
# in data lines. It includes the NTP values
# of both the last modification time and the
# expiration time of the file, but not the
# white space on those lines.
# the hash line is also ignored in the
# computation.
#
#h 3f004255 91f969f7 252361e5 27aa6754 eb6b7c72
#
cookbooks/ntp-centos7/recipes }-> cat centos07.rb
#
# Cookbook Name:: ntp-systemd
# Recipe:: default
#
# Copyright (c) 2017 The Authors, All Rights Reserved.
node['ntp']['packages'].each do |pkg|
package pkg
end
template node['ntp']['conffile'] do
source 'ntp.conf.erb'
owner node['ntp']['conf_owner']
group node['ntp']['conf_group']
mode '0644'
end
[node['ntp']['varlibdir'], node['ntp']['statsdir']].each do |ntpdir|
directory ntpdir do
owner node['ntp']['var_owner']
group node['ntp']['var_group']
mode '0755'
end
end
cookbook_file node['ntp']['leapfile'] do
owner node['ntp']['conf_owner']
group node['ntp']['conf_group']
mode '0644'
source 'ntp.leapseconds'
notifies :restart, "service[#{node['ntp']['service']}]"
end
service node['ntp']['service'] do
supports status: true, restart: true
action [:enable, :start]
end
execute 'Change the timezone to NewYork for EDT' do
command "timedatectl set-timezone America/New_York"
only_if "test -z $( date | grep -i EDT | cut -d ' ' -f 6 )"
end
cookbooks/ntp-centos7/templates/default }-> cat ntp.conf.erb Generated by Chef
# Local modifications will be overwritten.
tinker panic 0 allan 1500 dispersion 15 step 0.128 stepout 900
statsdir /var/log/ntpstats/
leapfile /etc/ntp.leapseconds
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
disable monitor
server 0.pool.ntp.org iburst minpoll 6 maxpoll 10
restrict 0.pool.ntp.org nomodify notrap noquery
server 1.pool.ntp.org iburst minpoll 6 maxpoll 10
restrict 1.pool.ntp.org nomodify notrap noquery
server 2.pool.ntp.org iburst minpoll 6 maxpoll 10
restrict 2.pool.ntp.org nomodify notrap noquery
server 3.pool.ntp.org iburst minpoll 6 maxpoll 10
restrict 3.pool.ntp.org nomodify notrap noquery
restrict default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict -6 default kod notrap nomodify nopeer noquery
restrict -6 ::1
=========================================================
docker-ce
vi attributes/default.rb
# Cookbook Name:: docker-ce
# Attributes:: default
# Copyright 2016, whitestar
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['docker-grid']['CE']['version_on_centos'] = '17.09.0.ce-1'
default['docker-grid']['CE']['version_on_ubuntu'] = '17.09.0-ce'
default['docker-grid']['yum_repo'] = {
'baseurl' => 'https://download.docker.com/linux/centos/7/x86_64/stable/',
'gpgcheck' => '1',
'gpgkey' => 'https://download.docker.com/linux/centos/gpg',
}
default['docker-grid']['CE']['version'] = node.value_for_platform(
['centos', 'redhat'] => {
'default' => "#{node['docker-grid']['CE']['version_on_centos']}.el#{node['platform_version'].to_i}.#{node['platform']}",
},
'ubuntu' => {
'default' => "#{node['docker-grid']['CE']['version_on_ubuntu']}~#{node['lsb']['codename']}",
}
)
default['docker-grid']['CE']['storage-driver_on_centos'] = 'overlay'
default['docker-grid']['CE']['storage-driver_on_ubuntu'] = 'aufs'
default['docker-grid']['CE']['storage-driver'] = node.value_for_platform(
ash 'systemctl_daemon-reload' do
code <<-EOH
systemctl daemon-reload
EOH
action :nothing
en
if node['docker-grid']['CE']['storage-driver'] == 'overlay'
bash 'load_overlayfs_kernel_module' do
code <<-EOH
modprobe overlay
EOH
not_if 'lsmod | grep overlay'
end
template '/etc/modules-load.d/overlay.conf' do
source 'etc/modules-load.d/overlay.conf'
owner 'root'
group 'root'
=====
recipes/default.rb
# https://dcos.io/docs/1.8/administration/installing/custom/system-requirements/
bash 'systemctl_daemon-reload' do
code <<-EOH
systemctl daemon-reload
EOH
action :nothing
end
if node['docker-grid']['CE']['storage-driver'] == 'overlay'
bash 'load_overlayfs_kernel_module' do
code <<-EOH
modprobe overlay
EOH
not_if 'lsmod | grep overlay'
end
template '/etc/modules-load.d/overlay.conf' do
source 'etc/modules-load.d/overlay.conf'
owner 'root'
group 'root'
mode '0644'
end
end
log 'reboot_message' do
message 'Please reboot this machine because of kernel boot option modified.'
level :warn
action :nothing
end
userns_remap = node['docker-grid']['CE']['userns-remap']
if !userns_remap.nil? && !userns_remap.empty?
unless Gem::Version.create(node['docker-grid']['CE']['version'].tr('~', '-')) >= Gem::Version.create('17.06')
# tr('~', '-') for Ubuntu.
Chef::Application.fatal!('Docker version must be 1.10 or later for userns-remap.') # and exit.
end
# By default user namespace feature is inactive in RHEL family (>= 7.2).
if node['platform_family'] == 'rhel'
unless Gem::Version.create(node['platform_version']) >= Gem::Version.create('7.2')
Chef::Application.fatal!('Platform version must be 7.2 or later for kernel user namespace feature.') # and exit.
end
bash 'enable_user_namespace_feature_of_kernerl' do
code <<-"EOH"
grubby --args='user_namespace.enable=1' --update-kernel=/boot/vmlinuz-#{node['kernel']['release']}
EOH
not_if "grubby --info=/boot/vmlinuz-#{node['kernel']['release']} | grep 'user_namespace.enable=1'"
notifies :write, 'log[reboot_message]'
end
end
subid_files = [
'/etc/subuid',
'/etc/subgid',
]
subid_files.each {|subid_file|
file subid_file do
owner 'root'
group 'root'
mode '0644'
action :touch
not_if { File.exist?(subid_file) }
end
}
this_recipe = self
remap_user = userns_remap == 'default' ? 'dockremap' : userns_remap
ruby_block 'adds_subid_entries' do
action :run
not_if "cat /etc/subuid | grep #{remap_user}"
not_if "cat /etc/subgid | grep #{remap_user}"
notifies :restart, 'service[docker]'
block do
subid_files.each {|subid_file|
max_start_id = 100_000
offset = 0
already_exist = false
begin
File.open(subid_file) {|file|
file.each_line {|line|
entry = line.split(':')
if entry[0] == remap_user
already_exist = true
break
end
if entry[1].to_i >= max_start_id
max_start_id = entry[1].to_i
offset = entry[2].to_i
end
}
}
if already_exist
this_recipe.log "#{remap_user} already exists in #{subid_file}"
else
File.open(subid_file, 'a') {|file|
entry_str = "#{remap_user}:#{max_start_id + offset}:65536"
this_recipe.log "#{remap_user} (#{entry_str}) is added in #{subid_file}"
file.puts entry_str
}
end
rescue IOError => e
puts e
end
}
end
end
end
directory '/etc/systemd/system/docker.service.d' do
owner 'root'
group 'root'
mode '0755'
action :create
end
template '/etc/systemd/system/docker.service.d/override.conf' do
source 'etc/systemd/system/docker.service.d/override.conf'
owner 'root'
group 'root'
mode '0644'
notifies :run, 'bash[systemctl_daemon-reload]'
notifies :restart, 'service[docker]'
end
case node['platform_family']
when 'rhel'
[
'yum-utils',
'device-mapper-persistent-data',
'lvm2'
].each {|pkg|
package pkg do
action :install
end
}
execute "docker-ce repository adding" do
command "yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo"
end
execute " enable docker-ce-edge" do
command "yum-config-manager --enable docker-ce-edge"
end
[
'docker-ce'
].each {|pkg|
package pkg do
action :install
version node['docker-grid']['CE']['version']
#options '--enablerepo=dockerrepo'
end
}
execute " disable docker-ce-edge" do
command "yum-config-manager --disable docker-ce-edge"
end
when 'debian'
end
service 'docker' do
action [:start, :enable]
end
cat .kitchen.aws.yml
---
driver:
name: ec2
aws_ssh_key_id: xxxxxxxxxxxx
security_group_ids: ["sg-xxxxxxxxxxxx”]
region: us-xxxxxxxxx
availability_zone: x
require_chef_omnibus: true
subnet_id: subnet-xxxxxxxx
instance_type: t2.small
associate_public_ip: true
interface: private
tags:
Name: test-docker-cce-demo
application_name: chef-testing
block_device_mappings:
- device_name: /dev/sda1
ebs:
volume_size: 20
delete_on_termination: true
transport:
# username: centos
ssh_key: ~/.ssh/xxxxxxxxxxxxxxxxxx.pem
connection_timeout: 10
connection_retries: 5
verifier:
name: inspec
provisioner:
name: chef_solo
roles_path: ../../roles
data_bags_path: ../../data_bags
environments_path: ../../environments
cookbook_path: ../../cookbooks
always_update_cookbooks: true
platforms:
- name: centos-7
suites:
- name: default
run_list:
- recipe[docker-ce::default]
verifier:
inspec_tests:
- test/smoke/default
attributes:
============================================================
Netscalercpx
#
# Cookbook Name::netscaler
# Recipe:: default
#
# Copyright (c) 2017 The Authors, All Rights Reserved.
docker_service 'default' do
action [:create, :start]
end
docker_image 'store/citrix/netscalercpx' do
tag '11.1-53.11'
action :pull
read_timeout 6000
write_timeout 6000
end
directory '/var/cpx' do
owner 'root'
group 'root'
mode '0755'
action :create
end
docker_container 'mycpx' do
repo 'store/citrix/netscalercpx'
tag '11.1-53.11'
restart_policy 'unless-stopped'
volumes '/var/cpx:/cpx'
env ['EULA=yes']
privileged true
ulimits [
{ 'Name' => 'core', 'Soft' => -1, 'Hard' => -1}
]
publish_all_ports true
tty true
command "/bin/sh -c 'bash -C '/var/netscaler/bins/docker_startup.sh''"
# open_stdin true
action :run
end
#bash 'running the netscalercpx conatiner' do
#code 'docker run -dt -p 22 -p 80 -p 161/udp --privileged=true -e EULA=yes --name mycpx -v /var/cpx:/cpx --ulimit core=-1 store/citrix/netscalercpx:11.1-53.11'
#only_if "test -z $(docker ps | grep mycpx | cut -d ' ' -f 1)"
#end
============================================================
