gmonfort · June 6, 2011 05:28
diff --git a/debian6-rvm-ree-gems.erb b/debian6-rvm-ree-gems.erb
 # Debian 6 bootstrap template file for chef
 #
 # Installs RVM and ruby enterprise edition (ree) patched to workaround 
 # issues with SSLv2 in debian systems (SSLv2 is deprecated)
 #
 # Also only installs ruby dependencies listed in `rvm notes`
 # 
 # RVM is installed system-wide in /usr/local/rvm
 #
 # Usage:
 # copy this file to ~/.chef/bootstrap
 # then execute the following line where NODE is the FQDN of your target server
 # 
 # knife bootstrap NODE --distro debian6-rvm-ree-gems
 #
 # @zero_padded
 bash -c '
  if [ ! -f /usr/local/bin/chef-client ]; then
  apt-get update
  apt-get install -y git-core curl build-essential

  bash -c "bash < <( curl https://rvm.beginrescueend.com/install/rvm )"

  $(rvm notes | grep "^\s*ruby: " | sed -r '\''s#^\s*ruby: /usr/bin/(.+)$#\1#g'\'')

  (
  cat <<'EOP'
 [[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm" # This loads RVM into a shell session.
 EOP
  ) > /etc/profile.d/rvm.sh

  source /etc/profile

  # patch to fix SSLv2 issues
  (
  cat <<'END'
 diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
 index 664f666..a75e3ad 100644
 --- a/ext/openssl/ossl_ssl.c
 +++ b/ext/openssl/ossl_ssl.c
 @@ -101,9 +101,9 @@ struct {
     OSSL_SSL_METHOD_ENTRY(TLSv1),
     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
 -    OSSL_SSL_METHOD_ENTRY(SSLv2),
 -    OSSL_SSL_METHOD_ENTRY(SSLv2_server),
 -    OSSL_SSL_METHOD_ENTRY(SSLv2_client),
 +    /* OSSL_SSL_METHOD_ENTRY(SSLv2), */
 +    /* OSSL_SSL_METHOD_ENTRY(SSLv2_server), */
 +    /* OSSL_SSL_METHOD_ENTRY(SSLv2_client), */
     OSSL_SSL_METHOD_ENTRY(SSLv3),
     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
 END
  ) > /tmp/sslv2.patch

  rvm install ree --patch /tmp/sslv2.patch
  rvm use --default ree@global
  gem install ohai chef --no-rdoc --no-ri --verbose <%= '--prerelease' if @config[:prerelease] %>
  ln -nfs $(which chef-client) /usr/local/bin/chef-client
 fi

 mkdir -p /etc/chef
 
 (
 cat <<'EOP'
 <%= IO.read(Chef::Config[:validation_key]) %>
 EOP
 ) > /tmp/validation.pem
 awk NF /tmp/validation.pem > /etc/chef/validation.pem
 rm /tmp/validation.pem
 
 (
 cat <<'EOP'
 log_level        :info
 log_location     STDOUT
 chef_server_url  "<%= Chef::Config[:chef_server_url] %>"
 validation_client_name "<%= Chef::Config[:validation_client_name] %>"
 <% if @config[:chef_node_name] == nil %>
 # Using default node name"
 <% else %>
 node_name "<%= @config[:chef_node_name] %>"
 <% end %> 
 EOP
 ) > /etc/chef/client.rb
 
 (
 cat <<'EOP'
 <%= { "run_list" => @run_list }.to_json %>
 EOP
 ) > /etc/chef/first-boot.json
 
 chef-client -j /etc/chef/first-boot.json'
	# Debian 6 bootstrap template file for chef
	#
	# Installs RVM and ruby enterprise edition (ree) patched to workaround
	# issues with SSLv2 in debian systems (SSLv2 is deprecated)
	#
	# Also only installs ruby dependencies listed in `rvm notes`
	#
	# RVM is installed system-wide in /usr/local/rvm
	#
	# Usage:
	# copy this file to ~/.chef/bootstrap
	# then execute the following line where NODE is the FQDN of your target server
	#
	# knife bootstrap NODE --distro debian6-rvm-ree-gems
	#
	# @zero_padded
	bash -c '
	if [ ! -f /usr/local/bin/chef-client ]; then
	apt-get update
	apt-get install -y git-core curl build-essential

	bash -c "bash < <( curl https://rvm.beginrescueend.com/install/rvm )"

	$(rvm notes \| grep "^\sruby: " \| sed -r '\''s#^\sruby: /usr/bin/(.+)$#\1#g'\'')

	(
	cat <<'EOP'
	[[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm" # This loads RVM into a shell session.
	EOP
	) > /etc/profile.d/rvm.sh

	source /etc/profile

	# patch to fix SSLv2 issues
	(
	cat <<'END'
	diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
	index 664f666..a75e3ad 100644
	--- a/ext/openssl/ossl_ssl.c
	+++ b/ext/openssl/ossl_ssl.c
	@@ -101,9 +101,9 @@ struct {
	OSSL_SSL_METHOD_ENTRY(TLSv1),
	OSSL_SSL_METHOD_ENTRY(TLSv1_server),
	OSSL_SSL_METHOD_ENTRY(TLSv1_client),
	- OSSL_SSL_METHOD_ENTRY(SSLv2),
	- OSSL_SSL_METHOD_ENTRY(SSLv2_server),
	- OSSL_SSL_METHOD_ENTRY(SSLv2_client),
	+ /* OSSL_SSL_METHOD_ENTRY(SSLv2), */
	+ /* OSSL_SSL_METHOD_ENTRY(SSLv2_server), */
	+ /* OSSL_SSL_METHOD_ENTRY(SSLv2_client), */
	OSSL_SSL_METHOD_ENTRY(SSLv3),
	OSSL_SSL_METHOD_ENTRY(SSLv3_server),
	OSSL_SSL_METHOD_ENTRY(SSLv3_client),
	END
	) > /tmp/sslv2.patch

	rvm install ree --patch /tmp/sslv2.patch
	rvm use --default ree@global
	gem install ohai chef --no-rdoc --no-ri --verbose <%= '--prerelease' if @config[:prerelease] %>
	ln -nfs $(which chef-client) /usr/local/bin/chef-client
	fi

	mkdir -p /etc/chef

	(
	cat <<'EOP'
	<%= IO.read(Chef::Config[:validation_key]) %>
	EOP
	) > /tmp/validation.pem
	awk NF /tmp/validation.pem > /etc/chef/validation.pem
	rm /tmp/validation.pem

	(
	cat <<'EOP'
	log_level :info
	log_location STDOUT
	chef_server_url "<%= Chef::Config[:chef_server_url] %>"
	validation_client_name "<%= Chef::Config[:validation_client_name] %>"
	<% if @config[:chef_node_name] == nil %>
	# Using default node name"
	<% else %>
	node_name "<%= @config[:chef_node_name] %>"
	<% end %>
	EOP
	) > /etc/chef/client.rb

	(
	cat <<'EOP'
	<%= { "run_list" => @run_list }.to_json %>
	EOP
	) > /etc/chef/first-boot.json

	chef-client -j /etc/chef/first-boot.json'