sync fb_motd with upstream

cookbooks/fb_motd/README.md

@@ -8,11 +8,57 @@ Requirements
 Attributes
 ----------
 * node['fb_motd']['extra_lines']
+* node['fb_motd']['motd_news']['enabled']
+* node['fb_motd']['motd_news']['urls']
+* node['fb_motd']['motd_news']['wait']
+* node['fb_motd']['motd_news'][$KEY]
+* node['fb_motd']['update_motd']['enabled']
+* node['fb_motd']['update_motd']['whitelist']
+* node['fb_motd']['update_motd']['blacklist']
 
 Usage
 -----
 To add anything to the /etc/motd file, simply add lines to this array:
 
-```
+```ruby
 node['fb_motd']['extra_lines']
 ```
+
+### Ubuntu extensions
+
+We support two Ubuntu extensions to motd: `motd_news` and `update_motd`.
+
+#### motd_news
+
+`motd_news` allows `pam_motd` to dynamically retrieve news from a URL and
+display it along with the motd. You can enable/disable this with
+`node['fb_motd']['motd_news']['enabled']`. The `urls` key is an array of URLs
+and the default is `https://motd.ubuntu.com` which is the default Ubuntu
+provides. `wait` is simply the max number of seconds before timing out. Note
+that any key can be added to this array and it will be added to
+`/etc/default/motd-news`. These three were the meaninful ones at time of
+writing.
+
+#### update_motd
+
+`update_motd` is a directory of scripts run with `run-parts` whose output make
+up the motd you see when you login. The whole thing can be disabled by setting
+`enabled` to `false`.
+
+If it is enabled, then we choose which scripts to enable/disable using
+`whitelist` and `blacklist`. If a list is empty then it is not considered (in
+other words, if you don't want to use a whitelist, leave it empty, you don't
+have to populate it with everything).
+
+If both whitelist and blacklist are in use then blacklisting will win (i.e. is
+evaluated last). So for example given the follow scripts: `00-a 00-b 00-c
+00-d`, if you had:
+
+```ruby
+node.default['fb_motd']['update_motd']['whitelist'] = ['00-a', '00-c']
+node.default['fb_motd']['update_motd']['blacklist'] = ['00-c']
+```
+
+Then the only script to be enabled would be `00-a`.
+
+Scripts are enabled/disabled by toggling the executable bit on them.

cookbooks/fb_motd/attributes/default.rb

@@ -16,4 +16,14 @@
 #
 default['fb_motd'] = {
   'extra_lines' => [],
+  'motd_news' => {
+    'enabled' => true,
+    'urls' => ['https://motd.ubuntu.com'],
+    'wait' => 5,
+  },
+  'update_motd' => {
+    'enabled' => true,
+    'whitelist' => [],
+    'blacklist' => [],
+  },
 }

cookbooks/fb_motd/metadata.rb

@@ -5,8 +5,9 @@
 license 'Apache-2.0'
 description 'Installs/Configures motd'
 source_url 'https://github.com/facebook/chef-cookbooks/'
-long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version '0.0.1'
 supports 'centos'
 supports 'debian'
 supports 'ubuntu'
+supports 'mac_os_x'
+depends 'fb_helpers'

cookbooks/fb_motd/recipes/default.rb

@@ -19,8 +19,27 @@
 #
 
 template '/etc/motd' do
-  group 'root'
+  owner node.root_user
+  group node.root_group
   mode '0644'
-  owner 'root'
   source 'motd.erb'
 end
+
+# Ubuntu's motd is heavily modified and consists of a few basic parts:
+# * standard /etc/motd (though it's often a symlink to /run/motd.dynamic,
+#   if it's not, it'll be the last part of the motd shown)
+# * /run/motd.dynamic which is a cache of the output of running everything
+#   in /etc/update-motd.d using `run-parts`. Various packages drop things
+#   off in here and the accepted way to disable them is to make them
+#   non-executable
+# * motd-news - a live-go-get-something-from-the-internet-and-display-
+#   it-at-login. This can be disabled in /etc/default/motd-news
+if node.ubuntu?
+  template '/etc/default/motd-news' do
+    owner node.root_user
+    group node.root_group
+    mode '0644'
+  end
+
+  fb_motd_update_motd 'doit'
+end

cookbooks/fb_motd/resources/update_motd.rb

@@ -0,0 +1,48 @@
+# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2
+#
+# Copyright (c) 2016-present, Facebook, Inc.
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+action :run do
+  settings = node['fb_motd']['update_motd']
+  Dir.glob('/etc/update-motd.d/*').each do |motd|
+    fname = ::File.basename(motd)
+    allow = false
+    if settings['enabled']
+      if settings['whitelist'].empty?
+        # if we're NOT using a whitelist, then the default is allow
+        allow = true
+      else
+        # if we *are* using a whitelist, then we only allow if it's in the
+        # list
+        allow = settings['whitelist'].include?(fname)
+      end
+      if !settings['blacklist'].empty? && settings['blacklist'].include?(fname)
+        # if we are using a blacklist, and if it's in the blacklist
+        # then no matter what, remove it
+        allow = false
+      end
+    else
+      allow = false
+    end
+
+    file motd do
+      owner 'root'
+      group 'root'
+      mode allow ? '0755' : '0644'
+    end
+  end
+end

cookbooks/fb_motd/templates/default/motd-news.erb

@@ -0,0 +1,13 @@
+# This file is generated by Chef, do not modify.
+# see cookbooks/fb_motd
+<% node['fb_motd']['motd_news'].each do |key, val| %>
+<%   # it expects 0/1 for booleans %>
+<%   if [TrueClass, FalseClass].include?(val.class) %>
+<%     myval = val ? 1 : 0 %>
+<%   elsif val.is_a?(Array) %>
+<%     myval = val.join(' ') %>
+<%   else %>
+<%     myval = val %>
+<%   end %>
+<%=  key.upcase %>="<%= myval %>"
+<% end %>