How to change files maintained by Chef in Hipchat Server

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

This article uses a specific example: How to make changes to the Nginx config file to block uploads of extension .exe and .bat.

Many other customizations can be made by following the same principle.

目的

Chef is used by Hipchat Server to maintain all the services config files. When chef-solo, templates of config files will be used to generate the actual config used by services such as Nginx, PHP, Crowd, ...

chef-solo is run via cs with every:

  • reboot of the OS
  • アップグレード
  • service restart via hipchat upgrade --restart
  • run of cs

and will overwrite any manual changes made to the config files Chef maintains.

There are cases where admins need to make changes to config files and want them to persist over the events listed above. For example, blocking the upload of *.bat or *.exe files requires a change to /etc/nginx/includes/files-site.

ソリューション

Since the changes will be done when cs is run, they have to be added to a startup script under /home/admin/startup_scripts/:

  1. Create a startup script called for instance block_exe_bat

    The script name should not have an extension.

  2. Add the below code to the script: 

    #!/bin/bash
    
    # See if the change is done already
    count=`sudo dont-blame-hipchat -c 'grep -Fc "location ~* ^/files/(.*)\.(bat|exe)$ { deny all; }" /etc/nginx/includes/files-site'`
    
    # If change is not there, add it
    if [ $count -lt 1 ]; then
      echo `date` "Adding Nginx config to disallow upload and download .bat and .exe files."
      sudo dont-blame-hipchat -c 'echo "# Disallow upload of .bat and .exe files" >> /etc/nginx/includes/files-site'
      sudo dont-blame-hipchat -c 'echo "location ~* ^/files/(.*)\.(bat|exe)$ { deny all; }" >> /etc/nginx/includes/files-site'
      sudo dont-blame-hipchat -c '/etc/init.d/nginx restart'
    else
      echo `date` "Nginx config to disallow upload and download .bat and .exe files is there already, not doing anything."
    fi
     
  3. Place block_exe_bat under /home/admin/startup_scripts/ and make it executable: 

    chmod +x /home/admin/startup_scripts/block_exe_bat
  4. Run the script manually as admin to test it: 

    /home/admin/startup_scripts/block_exe_bat

 

最終更新日: 2018 年 1 月 19 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.