Increase settings for dnsmasq and sysctl

* Make a new variable dhcp_lease_max. It increases the number of
  available leases from 1000 to 1800. It allows to provision nodes on
  scale, when Debian Installer or Anaconda looses IP in the middle of
  install.
* Make a new variable lease_time. It increases the default lease size
  to 120m, up from the default 60m.
* Add cache-size to dnsmasq template. dnsmasq will keep more entries in
  case.
* Increased neighbour table on master node to keep more ARP requests
  that come in parallel once deployment is started. This change also
  removes unneed broadcast traffic. New values are:
  net.ipv4.neigh.default.gc_thresh1 = 256
  net.ipv4.neigh.default.gc_thresh2 = 1024
  net.ipv4.neigh.default.gc_thresh3 = 2048
* Fix linting

Related-Bug: #1376680
Related-Bug: #1379917
Related-Bug: #1381997
blueprint 100-nodes-support
DocImpact

Change-Id: I4da8070143e401f7a9246e72eda35e601b8c6386

deployment/puppet/cobbler/manifests/server.pp

@@ -11,14 +11,27 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
-
+#
+# == Class: cobbler::server
+#
+# Installs cobbler package and service
+#
+# == Parameters:
+#
+# [*dhcp_lease_max*]
+# (optional) Sets the maximum number of leases available in dnsmasq.
+#
+# [*lease_time*]
+# (optional) Sets the default lease time for DHCP clients.
 
 class cobbler::server (
-  $production = 'prod',
-  $domain_name = 'local',
-  $dns_search = 'local',
-  $dns_domain = 'local',
-  $dns_upstream = '8.8.8.8',
+  $production     = 'prod',
+  $domain_name    = 'local',
+  $dns_search     = 'local',
+  $dns_domain     = 'local',
+  $dns_upstream   = '8.8.8.8',
+  $dhcp_lease_max = '1800',
+  $lease_time     = '120m',
 ) {
   include cobbler::packages
 
@@ -26,69 +39,74 @@ class cobbler::server (
     path => '/usr/bin:/bin:/usr/sbin:/sbin'
   }
 
-  case $operatingsystem {
+  case $::operatingsystem {
     /(?i)(centos|redhat)/ : {
-      $cobbler_service     = "cobblerd"
-      $cobbler_web_service = "httpd"
-      $dnsmasq_service     = "dnsmasq"
+      $cobbler_service     = 'cobblerd'
+      $cobbler_web_service = 'httpd'
+      $dnsmasq_service     = 'dnsmasq'
 
-      service { "xinetd":
-        enable     => true,
+      service { 'xinetd':
         ensure     => running,
+        enable     => true,
         hasrestart => true,
         require    => Package[$cobbler::packages::cobbler_additional_packages],
       }
 
-      file { "/etc/xinetd.conf":
-        content => template("cobbler/xinetd.conf.erb"),
-        owner   => root,
-        group   => root,
-        mode    => 0600,
+      file { '/etc/xinetd.conf':
+        content => template('cobbler/xinetd.conf.erb'),
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0600',
         require => Package[$cobbler::packages::cobbler_additional_packages],
-        notify  => Service["xinetd"],
+        notify  => Service['xinetd'],
       }
 
     }
     /(?i)(debian|ubuntu)/ : {
-      $cobbler_service     = "cobbler"
-      $cobbler_web_service = "apache2"
-      $dnsmasq_service     = "dnsmasq"
-      $apache_ssl_module   = "ssl"
+      $cobbler_service     = 'cobbler'
+      $cobbler_web_service = 'apache2'
+      $dnsmasq_service     = 'dnsmasq'
+      $apache_ssl_module   = 'ssl'
 
     }
+    default : {
+      fail('Unsupported OS')
+    }
   }
   File['/etc/cobbler/modules.conf'] -> File['/etc/cobbler/settings'] ->
-  Service[$cobbler_service] -> Exec["cobbler_sync"] -> Service[$dnsmasq_service]
+  Service[$cobbler_service] ->
+    Exec['cobbler_sync'] ->
+      Service[$dnsmasq_service]
 
   if $production !~ /docker/ {
     service { $cobbler_service:
-      enable     => true,
       ensure     => running,
+      enable     => true,
       hasrestart => true,
       require    => Package[$cobbler::packages::cobbler_package],
     }
 
     service { $dnsmasq_service:
-      enable     => true,
       ensure     => running,
+      enable     => true,
       hasrestart => true,
       require    => Package[$cobbler::packages::dnsmasq_package],
-      subscribe  => Exec["cobbler_sync"],
+      subscribe  => Exec['cobbler_sync'],
     }
   } else {
     service { $cobbler_service:
-      enable     => true,
       ensure     => running,
+      enable     => true,
       hasrestart => true,
       require    => Package[$cobbler::packages::cobbler_package],
     }
 
     service { $dnsmasq_service:
-      enable     => false,
       ensure     => false,
+      enable     => false,
       hasrestart => true,
       require    => Package[$cobbler::packages::dnsmasq_package],
-      subscribe  => Exec["cobbler_sync"],
+      subscribe  => Exec['cobbler_sync'],
     }
   }
   if $apache_ssl_module {
@@ -107,13 +125,13 @@ class cobbler::server (
   }
 
   service { $cobbler_web_service:
-    enable     => true,
     ensure     => running,
+    enable     => true,
     hasrestart => true,
     require    => Package[$cobbler::packages::cobbler_web_package],
   }
 
-  exec { "wait_for_web_service":
+  exec { 'wait_for_web_service':
     command   => '[ $(curl --connect-timeout 1 -s -w %{http_code} http://127.0.0.1:80/ -o /dev/null) -lt 500 ]',
     require   => Service[$cobbler_web_service],
     subscribe => Service[$cobbler_web_service],
@@ -121,8 +139,8 @@ class cobbler::server (
     try_sleep => 1,
   }
 
-  exec { "cobbler_sync":
-    command     => "cobbler sync",
+  exec { 'cobbler_sync':
+    command     => 'cobbler sync',
     refreshonly => false,
     require     => [
       Service[$cobbler_web_service],
@@ -131,71 +149,71 @@ class cobbler::server (
       Package[$cobbler::packages::dnsmasq_package],
       File['/etc/dnsmasq.upstream']],
     subscribe   => Service[$cobbler_service],
-    notify      => [Service[$dnsmasq_service], Service["xinetd"]],
+    notify      => [Service[$dnsmasq_service], Service['xinetd']],
     tries       => 20,
     try_sleep   => 3,
   }
 
-  file { "/etc/cobbler/modules.conf":
-    content => template("cobbler/modules.conf.erb"),
-    owner   => root,
-    group   => root,
-    mode    => 0644,
-    require => [Package[$cobbler::packages::cobbler_package],],
-    notify  => [Service[$cobbler_service], Exec["cobbler_sync"],],
+  file { '/etc/cobbler/modules.conf':
+    content => template('cobbler/modules.conf.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => [Package[$cobbler::packages::cobbler_package]],
+    notify  => [Service[$cobbler_service], Exec['cobbler_sync']],
   }
 
-  file { "/etc/cobbler/settings":
-    content => template("cobbler/settings.erb"),
-    owner   => root,
-    group   => root,
-    mode    => 0644,
+  file { '/etc/cobbler/settings':
+    content => template('cobbler/settings.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
     require => Package[$cobbler::packages::cobbler_package],
-    notify  => [Service[$cobbler_service], Exec["cobbler_sync"],],
+    notify  => [Service[$cobbler_service], Exec['cobbler_sync']],
   }
 
-  file { "/etc/cobbler/dnsmasq.template":
-    content => template("cobbler/dnsmasq.template.erb"),
-    owner   => root,
-    group   => root,
-    mode    => 0644,
+  file { '/etc/cobbler/dnsmasq.template':
+    content => template('cobbler/dnsmasq.template.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
     require => [
       Package[$cobbler::packages::cobbler_package],
-      Package[$cobbler::packages::dnsmasq_package],],
+      Package[$cobbler::packages::dnsmasq_package]],
     notify  => [
       Service[$cobbler_service],
-      Exec["cobbler_sync"],
+      Exec['cobbler_sync'],
       Service[$dnsmasq_service],],
   }
 
-  file { "/etc/cobbler/pxe/pxedefault.template":
-    content => template("cobbler/pxedefault.template.erb"),
-    owner   => root,
-    group   => root,
-    mode    => 0644,
+  file { '/etc/cobbler/pxe/pxedefault.template':
+    content => template('cobbler/pxedefault.template.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
     require => Package[$cobbler::packages::cobbler_package],
-    notify  => [Service[$cobbler_service], Exec["cobbler_sync"],],
+    notify  => [Service[$cobbler_service], Exec['cobbler_sync']],
   }
 
-  file { "/etc/cobbler/pxe/pxelocal.template":
-    content => template("cobbler/pxelocal.template.erb"),
-    owner   => root,
-    group   => root,
-    mode    => 0644,
+  file { '/etc/cobbler/pxe/pxelocal.template':
+    content => template('cobbler/pxelocal.template.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
     require => Package[$cobbler::packages::cobbler_package],
-    notify  => [Service[$cobbler_service], Exec["cobbler_sync"],],
+    notify  => [Service[$cobbler_service], Exec['cobbler_sync']],
   }
 
-  exec { "/var/lib/tftpboot/chain.c32":
-    command => "cp /usr/share/syslinux/chain.c32 /var/lib/tftpboot/chain.c32",
-    unless  => "test -e /var/lib/tftpboot/chain.c32",
+  exec { '/var/lib/tftpboot/chain.c32':
+    command => 'cp /usr/share/syslinux/chain.c32 /var/lib/tftpboot/chain.c32',
+    unless  => 'test -e /var/lib/tftpboot/chain.c32',
     require => [
       Package[$cobbler::packages::cobbler_additional_packages],
       Package[$cobbler::packages::cobbler_package],]
   }
 
   file { '/etc/dnsmasq.upstream':
-    content => template("cobbler/dnsmasq.upstream.erb"),
+    content => template('cobbler/dnsmasq.upstream.erb'),
     owner   => 'root',
     group   => 'root',
     mode    => '0644',

deployment/puppet/cobbler/templates/dnsmasq.template.erb

@@ -8,12 +8,14 @@ log-queries
 log-facility=/var/log/dnsmasq.log
 addn-hosts = /var/lib/cobbler/cobbler_hosts
 domain=<%= @domain_name %>
-dhcp-lease-max=1000
+dhcp-lease-max=<%= @dhcp_lease_max %>
 server=/<%= @domain_name %>/
 resolv-file=/etc/dnsmasq.upstream
 dhcp-match=gpxe,175
 interface=<%= @dhcp_interface %>
 
+cache-size=1024
+
 # This is one of the key options. dnsmasq tries to move out servername
 # and PXE filename from special fields into DHCP options.
 # Some old clients can't understand those DHCP options, so they
@@ -28,7 +30,7 @@ dhcp-sequential-ip
 
 dhcp-option=6,<%= @name_server %>
 
-dhcp-range=internal,<%= @dhcp_start_address %>,<%= @dhcp_end_address %>,<%= @dhcp_netmask %>
+dhcp-range=internal,<%= @dhcp_start_address %>,<%= @dhcp_end_address %>,<%= @dhcp_netmask %>,<%= @lease_time %>
 dhcp-option=net:internal,option:router,<%= @dhcp_gateway %>
 pxe-service=net:#gpxe,x86PC,"Install",pxelinux,<%= @next_server %>
 dhcp-boot=net:internal,pxelinux.0,boothost,<%= @next_server %>

deployment/puppet/nailgun/manifests/host.pp

@@ -1,79 +1,84 @@
 class nailgun::host(
 $production,
 $cobbler_host = '127.0.0.1',
-$dns_search = "domain.tld",
-$dns_domain = "domain.tld",
-$nailgun_group = "nailgun",
-$nailgun_user = "nailgun",
-$gem_source = "http://localhost/gems/",
-)
-{
+$dns_search = 'domain.tld',
+$dns_domain = 'domain.tld',
+$nailgun_group = 'nailgun',
+$nailgun_user = 'nailgun',
+$gem_source = 'http://localhost/gems/',
+) {
   #Enable cobbler's iptables rules even if Cobbler not called
   include cobbler::iptables
   Exec  {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
 
   firewall { '002 accept related established rules':
-    proto   => 'all',
-    state   => ['RELATED', 'ESTABLISHED'],
-    action  => 'accept',
+    proto  => 'all',
+    state  => ['RELATED', 'ESTABLISHED'],
+    action => 'accept',
   } ->
-  class { "nailgun::iptables": }
+  class { 'nailgun::iptables': }
 
-  nailgun::sshkeygen { "/root/.ssh/id_rsa":
-    homedir => "/root",
-    username => "root",
-    groupname => "root",
-    keytype => "rsa",
+  nailgun::sshkeygen { '/root/.ssh/id_rsa':
+    homedir   => '/root',
+    username  => 'root',
+    groupname => 'root',
+    keytype   => 'rsa',
   }
 
-  file { "/etc/ssh/sshd_config":
-    content => template("nailgun/sshd_config.erb"),
-    owner => 'root',
-    group => 'root',
-    mode  => '0600',
+  file { '/etc/ssh/sshd_config':
+    content => template('nailgun/sshd_config.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600',
   }
 
-  file { "/root/.ssh/config":
-    content => template("nailgun/root_ssh_config.erb"),
-    owner => 'root',
-    group => 'root',
-    mode  => '0600',
+  file { '/root/.ssh/config':
+    content => template('nailgun/root_ssh_config.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600',
   }
-  file { "/var/log/remote":
+
+  file { '/var/log/remote':
     ensure => directory,
-    owner => 'root', 
-    group => 'root',
-    mode  => '0750',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0750',
   }
-  file { "/var/www/nailgun/dump":
+  file { '/var/www/nailgun/dump':
     ensure => directory,
-    owner => 'root', 
-    group => 'root',
-    mode  => '0755',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0755',
   }
 
-  file { "/etc/dhcp/dhcp-enter-hooks": 
-    content => template("nailgun/dhcp-enter-hooks.erb"), 
-    owner   => 'root', 
-    group   => 'root', 
-    mode    => '0755', 
+  file { '/etc/dhcp/dhcp-enter-hooks':
+    content => template('nailgun/dhcp-enter-hooks.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
   }
 
-  file { "/etc/resolv.conf": 
-    content => template("nailgun/resolv.conf.erb"), 
-    owner   => 'root', 
-    group   => 'root', 
-    mode    => '0644', 
+  file { '/etc/resolv.conf':
+    content => template('nailgun/resolv.conf.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
   }
 
   file { '/etc/dhcp/dhclient.conf':
-    content => template("nailgun/dhclient.conf.erb"),
+    content => template('nailgun/dhclient.conf.erb'),
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
   }
 
   #Suppress kernel messages to console
-  sysctl::value{'kernel.printk': value=>'4 1 1 7'}
+  sysctl::value{'kernel.printk': value => '4 1 1 7'}
+
+  #Increase values for neighbour table
+  sysctl::value{'net.ipv4.neigh.default.gc_thresh1': value => '256'}
+  sysctl::value{'net.ipv4.neigh.default.gc_thresh2': value => '1024'}
+  sysctl::value{'net.ipv4.neigh.default.gc_thresh3': value => '2048'}
 
 }