From 257cc5da14acaf5174c85ada5f961ba03a801489 Mon Sep 17 00:00:00 2001 From: Phil Dibowitz Date: Mon, 27 Mar 2023 18:19:18 -0700 Subject: [PATCH] sync fb_motd with upstream Summary: Test Plan: --- cookbooks/fb_motd/README.md | 48 ++++++++++++++++++- cookbooks/fb_motd/attributes/default.rb | 10 ++++ cookbooks/fb_motd/metadata.rb | 3 +- cookbooks/fb_motd/recipes/default.rb | 23 ++++++++- cookbooks/fb_motd/resources/update_motd.rb | 48 +++++++++++++++++++ .../fb_motd/templates/default/motd-news.erb | 13 +++++ 6 files changed, 141 insertions(+), 4 deletions(-) create mode 100644 cookbooks/fb_motd/resources/update_motd.rb create mode 100644 cookbooks/fb_motd/templates/default/motd-news.erb diff --git a/cookbooks/fb_motd/README.md b/cookbooks/fb_motd/README.md index ae321ce..0f79b30 100644 --- a/cookbooks/fb_motd/README.md +++ b/cookbooks/fb_motd/README.md @@ -8,11 +8,57 @@ Requirements Attributes ---------- * node['fb_motd']['extra_lines'] +* node['fb_motd']['motd_news']['enabled'] +* node['fb_motd']['motd_news']['urls'] +* node['fb_motd']['motd_news']['wait'] +* node['fb_motd']['motd_news'][$KEY] +* node['fb_motd']['update_motd']['enabled'] +* node['fb_motd']['update_motd']['whitelist'] +* node['fb_motd']['update_motd']['blacklist'] Usage ----- To add anything to the /etc/motd file, simply add lines to this array: -``` +```ruby node['fb_motd']['extra_lines'] ``` + +### Ubuntu extensions + +We support two Ubuntu extensions to motd: `motd_news` and `update_motd`. + +#### motd_news + +`motd_news` allows `pam_motd` to dynamically retrieve news from a URL and +display it along with the motd. You can enable/disable this with +`node['fb_motd']['motd_news']['enabled']`. The `urls` key is an array of URLs +and the default is `https://motd.ubuntu.com` which is the default Ubuntu +provides. `wait` is simply the max number of seconds before timing out. Note +that any key can be added to this array and it will be added to +`/etc/default/motd-news`. These three were the meaninful ones at time of +writing. + +#### update_motd + +`update_motd` is a directory of scripts run with `run-parts` whose output make +up the motd you see when you login. The whole thing can be disabled by setting +`enabled` to `false`. + +If it is enabled, then we choose which scripts to enable/disable using +`whitelist` and `blacklist`. If a list is empty then it is not considered (in +other words, if you don't want to use a whitelist, leave it empty, you don't +have to populate it with everything). + +If both whitelist and blacklist are in use then blacklisting will win (i.e. is +evaluated last). So for example given the follow scripts: `00-a 00-b 00-c +00-d`, if you had: + +```ruby +node.default['fb_motd']['update_motd']['whitelist'] = ['00-a', '00-c'] +node.default['fb_motd']['update_motd']['blacklist'] = ['00-c'] +``` + +Then the only script to be enabled would be `00-a`. + +Scripts are enabled/disabled by toggling the executable bit on them. diff --git a/cookbooks/fb_motd/attributes/default.rb b/cookbooks/fb_motd/attributes/default.rb index d681540..d8571c6 100644 --- a/cookbooks/fb_motd/attributes/default.rb +++ b/cookbooks/fb_motd/attributes/default.rb @@ -16,4 +16,14 @@ # default['fb_motd'] = { 'extra_lines' => [], + 'motd_news' => { + 'enabled' => true, + 'urls' => ['https://motd.ubuntu.com'], + 'wait' => 5, + }, + 'update_motd' => { + 'enabled' => true, + 'whitelist' => [], + 'blacklist' => [], + }, } diff --git a/cookbooks/fb_motd/metadata.rb b/cookbooks/fb_motd/metadata.rb index d11d637..36fc95c 100644 --- a/cookbooks/fb_motd/metadata.rb +++ b/cookbooks/fb_motd/metadata.rb @@ -5,8 +5,9 @@ license 'Apache-2.0' description 'Installs/Configures motd' source_url 'https://github.com/facebook/chef-cookbooks/' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.0.1' supports 'centos' supports 'debian' supports 'ubuntu' +supports 'mac_os_x' +depends 'fb_helpers' diff --git a/cookbooks/fb_motd/recipes/default.rb b/cookbooks/fb_motd/recipes/default.rb index 78cf94a..96a8119 100644 --- a/cookbooks/fb_motd/recipes/default.rb +++ b/cookbooks/fb_motd/recipes/default.rb @@ -19,8 +19,27 @@ # template '/etc/motd' do - group 'root' + owner node.root_user + group node.root_group mode '0644' - owner 'root' source 'motd.erb' end + +# Ubuntu's motd is heavily modified and consists of a few basic parts: +# * standard /etc/motd (though it's often a symlink to /run/motd.dynamic, +# if it's not, it'll be the last part of the motd shown) +# * /run/motd.dynamic which is a cache of the output of running everything +# in /etc/update-motd.d using `run-parts`. Various packages drop things +# off in here and the accepted way to disable them is to make them +# non-executable +# * motd-news - a live-go-get-something-from-the-internet-and-display- +# it-at-login. This can be disabled in /etc/default/motd-news +if node.ubuntu? + template '/etc/default/motd-news' do + owner node.root_user + group node.root_group + mode '0644' + end + + fb_motd_update_motd 'doit' +end diff --git a/cookbooks/fb_motd/resources/update_motd.rb b/cookbooks/fb_motd/resources/update_motd.rb new file mode 100644 index 0000000..ce3922d --- /dev/null +++ b/cookbooks/fb_motd/resources/update_motd.rb @@ -0,0 +1,48 @@ +# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 +# +# Copyright (c) 2016-present, Facebook, Inc. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :run do + settings = node['fb_motd']['update_motd'] + Dir.glob('/etc/update-motd.d/*').each do |motd| + fname = ::File.basename(motd) + allow = false + if settings['enabled'] + if settings['whitelist'].empty? + # if we're NOT using a whitelist, then the default is allow + allow = true + else + # if we *are* using a whitelist, then we only allow if it's in the + # list + allow = settings['whitelist'].include?(fname) + end + if !settings['blacklist'].empty? && settings['blacklist'].include?(fname) + # if we are using a blacklist, and if it's in the blacklist + # then no matter what, remove it + allow = false + end + else + allow = false + end + + file motd do + owner 'root' + group 'root' + mode allow ? '0755' : '0644' + end + end +end diff --git a/cookbooks/fb_motd/templates/default/motd-news.erb b/cookbooks/fb_motd/templates/default/motd-news.erb new file mode 100644 index 0000000..5821272 --- /dev/null +++ b/cookbooks/fb_motd/templates/default/motd-news.erb @@ -0,0 +1,13 @@ +# This file is generated by Chef, do not modify. +# see cookbooks/fb_motd +<% node['fb_motd']['motd_news'].each do |key, val| %> +<% # it expects 0/1 for booleans %> +<% if [TrueClass, FalseClass].include?(val.class) %> +<% myval = val ? 1 : 0 %> +<% elsif val.is_a?(Array) %> +<% myval = val.join(' ') %> +<% else %> +<% myval = val %> +<% end %> +<%= key.upcase %>="<%= myval %>" +<% end %>