Add support for openstack-common::sysctl
There are a number of sysctl settings in the OpenStack documentation that are not managed by the cookbooks. This approach will iterate over any attributes added to the node['openstack']['sysctl'] hash and write them out to /etc/sysctl.d/60-openstack.conf. The README.md had the recipe description within the Libraries section, separated into new Recipes section. Change-Id: Ic32184b78a0bcf4c3e704c7dcd1e9d009b1d95c6
This commit is contained in:
		| @@ -2,6 +2,10 @@ | |||||||
|  |  | ||||||
| This file is used to list changes made in each version of cookbook-openstack-common. | This file is used to list changes made in each version of cookbook-openstack-common. | ||||||
|  |  | ||||||
|  | ## 0.4.4: | ||||||
|  | * Add support for openstack-common::sysctl and managing sysctl settings via the | ||||||
|  |   node['openstack']['sysctl'] hash, written out to /etc/sysctl.d/60-openstack.conf | ||||||
|  |  | ||||||
| ## 0.4.3: | ## 0.4.3: | ||||||
| * Corrected `#search_for` role and recipe queries. | * Corrected `#search_for` role and recipe queries. | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										49
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										49
									
								
								README.md
									
									
									
									
									
								
							| @@ -24,23 +24,8 @@ of all the settable attributes for this cookbook. | |||||||
|  |  | ||||||
| Note that all attributes are in the `default["openstack"]` "namespace" | Note that all attributes are in the `default["openstack"]` "namespace" | ||||||
|  |  | ||||||
| Libraries | Recipes | ||||||
| ========= | ======= | ||||||
|  |  | ||||||
| This cookbook exposes a set of default library routines: |  | ||||||
|  |  | ||||||
| * `endpoint` -- Used to return a `::URI` object representing the named OpenStack endpoint |  | ||||||
| * `endpoints` -- Useful for operating on all OpenStack endpoints |  | ||||||
| * `db` -- Returns a Hash of information about a named OpenStack database |  | ||||||
| * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database |  | ||||||
| * `db_create_with_user` -- Creates a database and database user for a named OpenStack database |  | ||||||
| * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section |  | ||||||
| * `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database |  | ||||||
| * `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service |  | ||||||
| * `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user |  | ||||||
|  |  | ||||||
| Usage |  | ||||||
| ----- |  | ||||||
|  |  | ||||||
| default | default | ||||||
| ---- | ---- | ||||||
| @@ -64,6 +49,36 @@ Installs/Configures common logging | |||||||
| ] | ] | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | sysctl | ||||||
|  | ---- | ||||||
|  |  | ||||||
|  | Iterates over the contents of the `node['openstack']['sysctl']` hash and writes | ||||||
|  | the entries to `/etc/sysctl.d/60-openstack.conf`. | ||||||
|  |  | ||||||
|  | ```json | ||||||
|  | "run_list": [ | ||||||
|  |     "recipe[openstack-common::sysctl]" | ||||||
|  | ] | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Libraries | ||||||
|  | ========= | ||||||
|  |  | ||||||
|  | This cookbook exposes a set of default library routines: | ||||||
|  |  | ||||||
|  | * `endpoint` -- Used to return a `::URI` object representing the named OpenStack endpoint | ||||||
|  | * `endpoints` -- Useful for operating on all OpenStack endpoints | ||||||
|  | * `db` -- Returns a Hash of information about a named OpenStack database | ||||||
|  | * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database | ||||||
|  | * `db_create_with_user` -- Creates a database and database user for a named OpenStack database | ||||||
|  | * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section | ||||||
|  | * `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database | ||||||
|  | * `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service | ||||||
|  | * `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user | ||||||
|  |  | ||||||
|  | Usage | ||||||
|  | ----- | ||||||
|  |  | ||||||
| The following are code examples showing the above library routines in action. | The following are code examples showing the above library routines in action. | ||||||
| Remember when using the library routines exposed by this library to include | Remember when using the library routines exposed by this library to include | ||||||
| the Openstack routines in your recipe's `::Chef::Recipe` namespace, like so: | the Openstack routines in your recipe's `::Chef::Recipe` namespace, like so: | ||||||
|   | |||||||
| @@ -320,3 +320,7 @@ default["openstack"]["mq"]["service_type"] = "rabbitmq" | |||||||
| default["openstack"]["mq"]["port"] = "5672" | default["openstack"]["mq"]["port"] = "5672" | ||||||
| default["openstack"]["mq"]["user"] = "guest" | default["openstack"]["mq"]["user"] = "guest" | ||||||
| default["openstack"]["mq"]["vhost"] = "/" | default["openstack"]["mq"]["vhost"] = "/" | ||||||
|  |  | ||||||
|  | # Default sysctl settings | ||||||
|  | default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0 | ||||||
|  | default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0 | ||||||
|   | |||||||
| @@ -4,10 +4,11 @@ maintainer_email "cookbooks@lists.tfoundry.com" | |||||||
| license          "Apache 2.0" | license          "Apache 2.0" | ||||||
| description      "Common OpenStack attributes, libraries and recipes." | description      "Common OpenStack attributes, libraries and recipes." | ||||||
| long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | ||||||
| version          "0.4.3" | version          "0.4.4" | ||||||
|  |  | ||||||
| recipe           "openstack-common", "Installs/Configures common recipes" | recipe           "openstack-common", "Installs/Configures common recipes" | ||||||
| recipe           "openstack-common::logging", "Installs/Configures common logging" | recipe           "openstack-common::logging", "Installs/Configures common logging" | ||||||
|  | recipe           "openstack-common::sysctl", "Configures sysctl settings" | ||||||
|  |  | ||||||
| %w{ ubuntu suse }.each do |os| | %w{ ubuntu suse }.each do |os| | ||||||
|   supports os |   supports os | ||||||
|   | |||||||
							
								
								
									
										30
									
								
								recipes/sysctl.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								recipes/sysctl.rb
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,30 @@ | |||||||
|  | # | ||||||
|  | # Cookbook Name:: openstack-common | ||||||
|  | # recipe:: sysctl | ||||||
|  | # | ||||||
|  | # Copyright 2013, Opscode, Inc. | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  | # | ||||||
|  |  | ||||||
|  | template "/etc/sysctl.d/60-openstack.conf" do | ||||||
|  |   source "60-openstack.conf.erb" | ||||||
|  |   owner "root" | ||||||
|  |   group "root" | ||||||
|  |   mode 00644 | ||||||
|  | end | ||||||
|  |  | ||||||
|  | execute "sysctl -p /etc/sysctl.d/60-openstack.conf" do | ||||||
|  |   action :nothing | ||||||
|  |   subscribes :run, "template[/etc/sysctl.d/60-openstack.conf]", :immediately | ||||||
|  | end | ||||||
							
								
								
									
										34
									
								
								spec/sysctl_spec.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								spec/sysctl_spec.rb
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | |||||||
|  | require_relative "spec_helper" | ||||||
|  |  | ||||||
|  | describe "openstack-common::sysctl" do | ||||||
|  |   describe "ubuntu" do | ||||||
|  |     before do | ||||||
|  |       @chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS | ||||||
|  |       @chef_run.converge "openstack-common::sysctl" | ||||||
|  |     end | ||||||
|  |  | ||||||
|  |     describe "60-openstack.conf" do | ||||||
|  |       before do | ||||||
|  |         @file = @chef_run.template "/etc/sysctl.d/60-openstack.conf" | ||||||
|  |       end | ||||||
|  |  | ||||||
|  |       it "has proper owner" do | ||||||
|  |         expect(@file).to be_owned_by "root", "root" | ||||||
|  |       end | ||||||
|  |  | ||||||
|  |       it "has proper modes" do | ||||||
|  |         expect(sprintf("%o", @file.mode)).to eq "644" | ||||||
|  |       end | ||||||
|  |  | ||||||
|  |       it "sets the all.rp_filter" do | ||||||
|  |         expect(@chef_run).to create_file_with_content @file.name, | ||||||
|  |           'net.ipv4.conf.all.rp_filter = 0' | ||||||
|  |       end | ||||||
|  |  | ||||||
|  |       it "sets the default.rp_filter" do | ||||||
|  |         expect(@chef_run).to create_file_with_content @file.name, | ||||||
|  |           'net.ipv4.conf.default.rp_filter = 0' | ||||||
|  |       end | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | end | ||||||
							
								
								
									
										5
									
								
								templates/default/60-openstack.conf.erb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								templates/default/60-openstack.conf.erb
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | |||||||
|  | # Managed by Chef | ||||||
|  |  | ||||||
|  | <% node['openstack']['sysctl'].sort.each do |k,v| -%> | ||||||
|  | <%= k %> = <%= v %> | ||||||
|  | <% end -%> | ||||||
		Reference in New Issue
	
	Block a user
	 Matt Ray
					Matt Ray