Add support for openstack-common::sysctl

There are a number of sysctl settings in the OpenStack documentation that are not managed by the cookbooks. This approach will iterate over any attributes added to the node['openstack']['sysctl'] hash and write them out to /etc/sysctl.d/60-openstack.conf. The README.md had the recipe description within the Libraries section, separated into new Recipes section. Change-Id: Ic32184b78a0bcf4c3e704c7dcd1e9d009b1d95c6
2013-10-22 14:57:41 -05:00 · 2013-10-22 14:57:41 -05:00 · 1ab483c0eb
commit 1ab483c0eb
parent eb5eed7126
7 changed files with 111 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,10 @@

 This file is used to list changes made in each version of cookbook-openstack-common.

+## 0.4.4:
+* Add support for openstack-common::sysctl and managing sysctl settings via the
+  node['openstack']['sysctl'] hash, written out to /etc/sysctl.d/60-openstack.conf
+
 ## 0.4.3:
 * Corrected `#search_for` role and recipe queries.

--- a/README.md
+++ b/README.md
@ -24,23 +24,8 @@ of all the settable attributes for this cookbook.

 Note that all attributes are in the `default["openstack"]` "namespace"

-Libraries
-=========
-
-This cookbook exposes a set of default library routines:
-
-* `endpoint` -- Used to return a `::URI` object representing the named OpenStack endpoint
-* `endpoints` -- Useful for operating on all OpenStack endpoints
-* `db` -- Returns a Hash of information about a named OpenStack database
-* `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
-* `db_create_with_user` -- Creates a database and database user for a named OpenStack database
-* `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
-* `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
-* `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service
-* `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user
-
-Usage
-----
+Recipes
+=======

 default
 ----
@ -64,6 +49,36 @@ Installs/Configures common logging
 ]
 ```

+sysctl
+----
+
+Iterates over the contents of the `node['openstack']['sysctl']` hash and writes
+the entries to `/etc/sysctl.d/60-openstack.conf`.
+
+```json
+"run_list": [
+    "recipe[openstack-common::sysctl]"
+]
+```
+
+Libraries
+=========
+
+This cookbook exposes a set of default library routines:
+
+* `endpoint` -- Used to return a `::URI` object representing the named OpenStack endpoint
+* `endpoints` -- Useful for operating on all OpenStack endpoints
+* `db` -- Returns a Hash of information about a named OpenStack database
+* `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
+* `db_create_with_user` -- Creates a database and database user for a named OpenStack database
+* `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
+* `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
+* `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service
+* `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user
+
+Usage
+-----
+
 The following are code examples showing the above library routines in action.
 Remember when using the library routines exposed by this library to include
 the Openstack routines in your recipe's `::Chef::Recipe` namespace, like so:
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -320,3 +320,7 @@ default["openstack"]["mq"]["service_type"] = "rabbitmq"
 default["openstack"]["mq"]["port"] = "5672"
 default["openstack"]["mq"]["user"] = "guest"
 default["openstack"]["mq"]["vhost"] = "/"
+
+# Default sysctl settings
+default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0
+default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0
--- a/metadata.rb
+++ b/metadata.rb
@ -4,10 +4,11 @@ maintainer_email "cookbooks@lists.tfoundry.com"
 license          "Apache 2.0"
 description      "Common OpenStack attributes, libraries and recipes."
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "0.4.3"
+version          "0.4.4"

 recipe           "openstack-common", "Installs/Configures common recipes"
 recipe           "openstack-common::logging", "Installs/Configures common logging"
+recipe           "openstack-common::sysctl", "Configures sysctl settings"

 %w{ ubuntu suse }.each do |os|
  supports os
--- a/recipes/sysctl.rb
+++ b/recipes/sysctl.rb
@ -0,0 +1,30 @@
+#
+# Cookbook Name:: openstack-common
+# recipe:: sysctl
+#
+# Copyright 2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+template "/etc/sysctl.d/60-openstack.conf" do
+  source "60-openstack.conf.erb"
+  owner "root"
+  group "root"
+  mode 00644
+end
+
+execute "sysctl -p /etc/sysctl.d/60-openstack.conf" do
+  action :nothing
+  subscribes :run, "template[/etc/sysctl.d/60-openstack.conf]", :immediately
+end
--- a/spec/sysctl_spec.rb
+++ b/spec/sysctl_spec.rb
@ -0,0 +1,34 @@
+require_relative "spec_helper"
+
+describe "openstack-common::sysctl" do
+  describe "ubuntu" do
+    before do
+      @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS
+      @chef_run.converge "openstack-common::sysctl"
+    end
+
+    describe "60-openstack.conf" do
+      before do
+        @file = @chef_run.template "/etc/sysctl.d/60-openstack.conf"
+      end
+
+      it "has proper owner" do
+        expect(@file).to be_owned_by "root", "root"
+      end
+
+      it "has proper modes" do
+        expect(sprintf("%o", @file.mode)).to eq "644"
+      end
+
+      it "sets the all.rp_filter" do
+        expect(@chef_run).to create_file_with_content @file.name,
+          'net.ipv4.conf.all.rp_filter = 0'
+      end
+
+      it "sets the default.rp_filter" do
+        expect(@chef_run).to create_file_with_content @file.name,
+          'net.ipv4.conf.default.rp_filter = 0'
+      end
+    end
+  end
+end
--- a/templates/default/60-openstack.conf.erb
+++ b/templates/default/60-openstack.conf.erb
@ -0,0 +1,5 @@
+# Managed by Chef
+
+<% node['openstack']['sysctl'].sort.each do |k,v| -%>
+<%= k %> = <%= v %>
+<% end -%>