diff --git a/.github/workflows/brakeman-analysis.yml b/.github/workflows/brakeman-analysis.yml index 494e2f3bb2..9ab0207018 100644 --- a/.github/workflows/brakeman-analysis.yml +++ b/.github/workflows/brakeman-analysis.yml @@ -47,6 +47,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: output.sarif.json diff --git a/.github/workflows/ctl-cookbook-testing.yml b/.github/workflows/ctl-cookbook-testing.yml index 7bf2ba6305..850e7e559f 100644 --- a/.github/workflows/ctl-cookbook-testing.yml +++ b/.github/workflows/ctl-cookbook-testing.yml @@ -15,7 +15,7 @@ jobs: - uses: ruby/setup-ruby@v1 with: working-directory: omnibus/files/server-ctl-cookbooks/infra-server/ - ruby-version: 2.6 + ruby-version: 3.1.7 bundler-cache: true - uses: r7kamura/rubocop-problem-matchers-action@v1 # this shows the failures in the PR - name: run cookstyle @@ -28,7 +28,7 @@ jobs: - uses: ruby/setup-ruby@v1 with: working-directory: omnibus/files/server-ctl-cookbooks/infra-server/ - ruby-version: 2.6 + ruby-version: 3.1.7 bundler-cache: true - uses: r7kamura/rubocop-problem-matchers-action@v1 # this shows the failures in the PR - name: run chefspec diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/attributes/default.rb b/omnibus/files/server-ctl-cookbooks/infra-server/attributes/default.rb index 422e86b306..1a3a0f0b78 100755 --- a/omnibus/files/server-ctl-cookbooks/infra-server/attributes/default.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/attributes/default.rb @@ -25,16 +25,14 @@ # TODO: we don't seem to reference removed_services anywhere. default['private_chef']['removed_services'] = %w( -opscode-webui -opscode-solr -couchdb -opscode-account -opscode-org-creator -opscode-certificate -opscode-chef-mover -) - -### + opscode-webui + opscode-solr + couchdb + opscode-account + opscode-org-creator + opscode-certificate + opscode-chef-mover +)### # High level options ### default['private_chef']['api_version'] = '12.0.0' @@ -894,7 +892,7 @@ # Select whether data_collector affects overall status in _status endpoint default['private_chef']['data_collector']['health_check'] = true -default['private_chef']['ctl_command'] = "#{ChefUtils::Dist::Server::SERVER_CTL}" +default['private_chef']['ctl_command'] = ChefUtils::Dist::Server::SERVER_CTL.to_s default['private_chef']['running_filepath'] = "/etc/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/#{ChefUtils::Dist::Server::SERVER}-running.json" ## # Compliance Profiles diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/ec_postgres.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/ec_postgres.rb index 521c39e2c4..85683b3728 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/ec_postgres.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/ec_postgres.rb @@ -19,12 +19,12 @@ def self.with_connection(node, database = 'template1', opts = {}) end max_retries = retries begin - connection = PG::Connection.open('user' => postgres['db_connection_superuser'] || postgres['db_superuser'], - 'host' => postgres['vip'], + connection = PG::Connection.open('user' => postgres['db_connection_superuser'] || postgres['db_superuser'], + 'host' => postgres['vip'], 'password' => postgres['db_superuser_password'], - 'port' => postgres['port'], - 'sslmode' => postgres['sslmode'], - 'dbname' => database) + 'port' => postgres['port'], + 'sslmode' => postgres['sslmode'], + 'dbname' => database) rescue => e if retries > 0 sleep_time = 2**((max_retries - retries)) diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/haproxy.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/haproxy.rb index 0d7fde7592..aa40a165f2 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/haproxy.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/haproxy.rb @@ -35,7 +35,7 @@ def parse_stats_table(table) def transform_header(line) columns = line.split(',').map(&:strip) - columns[0] = columns[0].gsub('# ', '') + columns.first = columns.first.gsub('# ', '') columns end diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/nginx_erb.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/nginx_erb.rb index efc3e22784..e36999d274 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/nginx_erb.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/nginx_erb.rb @@ -1,4 +1,4 @@ -require_relative './warnings' +require_relative 'warnings' class NginxErb attr_reader :node @@ -59,7 +59,7 @@ def ipv6? def local_ip_addresses ret = [] - node['network']['interfaces'].each do |_name, iface| + node['network']['interfaces'].each_value do |iface| next unless iface['addresses'].respond_to?(:each) iface['addresses'].each do |addr, addr_info| @@ -77,7 +77,7 @@ def listen_port(proto, options = {}) listen_opts = '' listen_port = case proto when 'http' - node['private_chef']['nginx']['non_ssl_port'].to_s || '80' + node['private_chef']['nginx']['non_ssl_port'].to_s when 'https' listen_opts << ' ssl' node['private_chef']['nginx']['ssl_port'].to_s diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/pgversion.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/pgversion.rb index 6dec3941db..5393a26d8e 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/pgversion.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/pgversion.rb @@ -45,8 +45,8 @@ def major @major ||= begin segments = self.segments - if segments[0].to_i >= 10 - self.class.new segments[0].to_s + if segments.first.to_i >= 10 + self.class.new segments.first.to_s else self.class.new segments[0..1].join('.') end @@ -71,14 +71,14 @@ def self.new(input) # is at or greater than 8.2, otherwise, zero. def to_i segments = self.segments - if segments[0].to_i >= 10 + if segments.first.to_i >= 10 format('%d%04d', - major: segments[0].to_i, + major: segments.first.to_i, minor: segments[1].to_i ).to_i - elsif segments[0].to_i == 9 || (segments[0].to_i == 8 && segments[1].to_i >= 2) + elsif segments.first.to_i == 9 || (segments.first.to_i == 8 && segments[1].to_i >= 2) format('%d%02d%02d', - major1: segments[0].to_i, + major1: segments.first.to_i, major2: segments[1].to_i, minor: segments[2].to_i ).to_i diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_indexing_validator.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_indexing_validator.rb index 3ba0c316a8..0b4aeb75a4 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_indexing_validator.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_indexing_validator.rb @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -require_relative './preflight_checks' -require_relative './elasticsearch' +require_relative 'preflight_checks' +require_relative 'elasticsearch' class IndexingPreflightValidator < PreflightValidator # The cs_*attr variables hold the user-defined configuration diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_opensearch_validator.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_opensearch_validator.rb index c9faf32580..13f93c91bb 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_opensearch_validator.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_opensearch_validator.rb @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -require_relative './preflight_checks' -require_relative './opensearch' +require_relative 'preflight_checks' +require_relative 'opensearch' class OpensearchPreflightValidator < PreflightValidator # This check used to verify that the external PG version matches the version @@ -171,7 +171,7 @@ def opensearch_enabled? def verify_external_url if cfg_opensearch_attr['external'] && !cfg_opensearch_attr['external_url'] - fail_with err_OPENSEARCH007_bad_external_config() + fail_with err_OPENSEARCH007_bad_external_config end end diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_postgres_validator.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_postgres_validator.rb index 5141e28001..55b4715c65 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_postgres_validator.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_postgres_validator.rb @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -require_relative './warnings' -require_relative './pgversion' +require_relative 'warnings' +require_relative 'pgversion' class PostgresqlPreflightValidator < PreflightValidator # This check used to verify that the external PG version matches the version @@ -187,7 +187,7 @@ def backend_verify_database_access(connection) def backend_verify_postgres_version(connection) # Make sure the server is a supported version. r = connection.exec('SHOW server_version;') - v = PgVersion.new /^([0-9\.]+)/.match(r[0]['server_version'])[0] + v = PgVersion.new /^([0-9\.]+)/.match(r.first['server_version']).first # Note that we're looking for the same major, and using our minor as the minimum version # This provides compatibility with external databases that use < 13 before we make use diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_required_recipe_validator.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_required_recipe_validator.rb index cc2009e66f..d0a7fedaef 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_required_recipe_validator.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_required_recipe_validator.rb @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -require_relative './preflight_checks' +require_relative 'preflight_checks' class RequiredRecipePreflightValidator < PreflightValidator def initialize(node) diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_ssl_validator.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_ssl_validator.rb index 89a9d1e88f..43e879df4b 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_ssl_validator.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/preflight_ssl_validator.rb @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -require_relative './preflight_checks' +require_relative 'preflight_checks' class SslPreflightValidator < PreflightValidator def initialize(node) diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb index 2077257abb..a2844a0f77 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb @@ -21,7 +21,7 @@ require 'chef/json_compat' require 'chef/mixin/deep_merge' require 'veil' -require_relative './warnings' +require_relative 'warnings' module PrivateChef extend(Mixlib::Config) @@ -132,7 +132,7 @@ def from_file(filename) instance_eval(IO.read(filename), filename, 1) rescue - raise "Error loading file: #{$ERROR_INFO.backtrace[0]}: #{$ERROR_INFO.message}" + raise "Error loading file: #{$ERROR_INFO.backtrace.first}: #{$ERROR_INFO.message}" end def import_legacy_service_config(old_service_key, new_service_key, keys) @@ -525,7 +525,7 @@ def gen_ldap end end if ldap_encryption - Chef::Log.warn("Please note that the ldap 'encryption' setting is deprecated as of #{ChefUtils::Dist::Server::PRODUCT} 12.0. Use either "\ + Chef::Log.warn("Please note that the ldap 'encryption' setting is deprecated as of #{ChefUtils::Dist::Server::PRODUCT} 12.0. Use either " \ "ldap['ssl_enabled'] = true or ldap['tls_enabled'] = true.") case ldap_encryption.to_s when 'simple_tls' @@ -535,7 +535,7 @@ def gen_ldap when 'none' Chef::Log.info('Configuring ldap without encryption.') else - raise "Invalid ldap configuration: unknown value #{ldap_encryption} for deprecated ldap['encryption'] option. "\ + raise "Invalid ldap configuration: unknown value #{ldap_encryption} for deprecated ldap['encryption'] option. " \ "Please set ldap['ssl_enabled'] = true or ldap['tls_enabled'] = true instead" end elsif ssl_enabled && tls_enabled diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/statfs.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/statfs.rb index a097ed26b9..068393d8d9 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/statfs.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/statfs.rb @@ -21,18 +21,18 @@ class Statfs # See http://man7.org/linux/man-pages/man2/statvfs.2.html class Statvfs < FFI::Struct spec = [ - :f_bsize, :ulong, # Filesystem block size - :f_frsize, :ulong, # Fragement size - :f_blocks, FSBLKCNT_T, # Size of fs in f_frsize units - :f_bfree, FSBLKCNT_T, # Number of free blocks - :f_bavail, FSBLKCNT_T, # Number of free blocks for unpriviledged users - :f_files, FSBLKCNT_T, # Number of inodes - :f_ffree, FSBLKCNT_T, # Number of free inodes - :f_favail, FSBLKCNT_T, # Number of free inodes for unprivilged users - :f_fsid, :ulong, # Filesystem ID - :f_flag, :ulong, # Mount Flags - :f_namemax, :ulong # Max filename length - ] + :f_bsize, :ulong, # Filesystem block size + :f_frsize, :ulong, # Fragement size + :f_blocks, FSBLKCNT_T, # Size of fs in f_frsize units + :f_bfree, FSBLKCNT_T, # Number of free blocks + :f_bavail, FSBLKCNT_T, # Number of free blocks for unpriviledged users + :f_files, FSBLKCNT_T, # Number of inodes + :f_ffree, FSBLKCNT_T, # Number of free inodes + :f_favail, FSBLKCNT_T, # Number of free inodes for unprivilged users + :f_fsid, :ulong, # Filesystem ID + :f_flag, :ulong, # Mount Flags + :f_namemax, :ulong # Max filename length + ] # Linux has this at the end of the struct and if we don't include # it we end up getting a memory corruption error when th object diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/config.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/config.rb index c19c3b5aa5..cc2d441424 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/config.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/config.rb @@ -1,5 +1,11 @@ # Copyright:: Chef Software, Inc. -# License:: Apache License, Version 2.0 +# Licenseprivate_chef_path = "/etc/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/private-chef.rb" + +if File.exist?(chef_server_json_path) && + !(File.exist?(private_chef_path) || File.exist?(chef_server_path)) + Chef::Log.fatal("Configuration via #{chef_server_json_path} is not supported. Please use #{chef_server_path}") + exit!(1) +elsehe License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,7 +50,7 @@ private_chef_path = "/etc/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/private-chef.rb" if File.exist?(chef_server_json_path) && - !(File.exist?(private_chef_path) || File.exist?()) + !(File.exist?(private_chef_path) || File.exist?) Chef::Log.fatal("Configuration via #{chef_server_json_path} is not supported. Please use #{chef_server_path}") exit!(1) else @@ -54,7 +60,7 @@ chef_server_rb_exists = File.exist?(chef_server_path) if chef_server_rb_exists - chef_server_rb_not_empty = !File.zero?(chef_server_path) + chef_server_rb_not_empty = !File.empty?(chef_server_path) end # Things are a bit tricky here, because there are multiple scenarios. But the diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/haproxy.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/haproxy.rb index 99ea995363..2b4487dc82 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/haproxy.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/haproxy.rb @@ -138,8 +138,8 @@ def get_chef_backend_cluster_members # We expect the status checks to fail on all but 1 backend # (the current leader) thus we wait for that to be the case. - if active_servers['chef_backend_elasticsearch'].count == 1 && - active_servers['chef_backend_postgresql'].count == 1 + if active_servers['chef_backend_elasticsearch'].one? && + active_servers['chef_backend_postgresql'].one? stable = true break else diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/nginx.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/nginx.rb index 3776510c00..1c16ee7930 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/nginx.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/nginx.rb @@ -267,8 +267,8 @@ # Fix permissions for nginx directories, if required, based on nginx_no_root flag [ "/opt/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/embedded/nginx", - "#{node['private_chef']['nginx']['dir']}", - "#{node['private_chef']['nginx']['log_directory']}", + node['private_chef']['nginx']['dir'].to_s, + node['private_chef']['nginx']['log_directory'].to_s, ].each do |nginx_no_root_perms_fix_path| execute "find #{nginx_no_root_perms_fix_path} -user 'root' -exec chown #{node['private_chef']['user']['username']} {} \\;" do user 'root' diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc-chef-pedant.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc-chef-pedant.rb index d7d9641a99..6c0c075855 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc-chef-pedant.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc-chef-pedant.rb @@ -72,8 +72,8 @@ ssl_version: ssl_version, reindex_endpoint: reindex_endpoint, required_recipe_enabled: node['private_chef']['required_recipe']['enable'], - chef_pgsql_collector: (node['private_chef']['postgresql']['enable'] && - !node['private_chef']['postgresql']['external']), + chef_pgsql_collector: node['private_chef']['postgresql']['enable'] && + !node['private_chef']['postgresql']['external'], topology: node['private_chef']['topology'], role: node['private_chef']['role'], }.merge(node['private_chef']['oc-chef-pedant'].to_hash)) diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/sysctl-updates.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/sysctl-updates.rb index 55285500f0..264085405e 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/sysctl-updates.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/sysctl-updates.rb @@ -37,6 +37,6 @@ echo 'net.ipv6.bindv6only = 0' >> /etc/sysctl.conf EOF notifies :run, 'execute[sysctl-reload]', :immediately - not_if "egrep '^net\.ipv6\.bindv6only = 0' /etc/sysctl.conf" + not_if "egrep '^net.ipv6.bindv6only = 0' /etc/sysctl.conf" only_if { PrivateChef['use_ipv6'] == true } end diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/spec/libraries/preflight_indexing_validator_spec.rb b/omnibus/files/server-ctl-cookbooks/infra-server/spec/libraries/preflight_indexing_validator_spec.rb index 047a7822a2..a996f3e7d8 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/spec/libraries/preflight_indexing_validator_spec.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/spec/libraries/preflight_indexing_validator_spec.rb @@ -20,11 +20,11 @@ describe IndexingPreflightValidator do let(:indexing_preflight) do s = IndexingPreflightValidator.new('private_chef' => { - 'opscode-erchef' => { - 'reindex_sleep_min_ms' => 500, - 'reindex_sleep_max_ms' => 2000, - }, - 'postgresql' => {} }) + 'opscode-erchef' => { + 'reindex_sleep_min_ms' => 500, + 'reindex_sleep_max_ms' => 2000, + }, + 'postgresql' => {} }) allow(s).to receive(:fail_with).and_return(:i_failed) s end