From 3070f3fa3c6d1b227242fd2a00a7babfc73424f5 Mon Sep 17 00:00:00 2001 From: Sergii Golovatiuk Date: Thu, 16 Oct 2014 16:27:18 +0200 Subject: [PATCH] Increase settings for dnsmasq and sysctl * Make a new variable dhcp_lease_max. It increases the number of available leases from 1000 to 1800. It allows to provision nodes on scale, when Debian Installer or Anaconda looses IP in the middle of install. * Make a new variable lease_time. It increases the default lease size to 120m, up from the default 60m. * Add cache-size to dnsmasq template. dnsmasq will keep more entries in case. * Increased neighbour table on master node to keep more ARP requests that come in parallel once deployment is started. This change also removes unneed broadcast traffic. New values are: net.ipv4.neigh.default.gc_thresh1 = 256 net.ipv4.neigh.default.gc_thresh2 = 1024 net.ipv4.neigh.default.gc_thresh3 = 2048 * Fix linting Related-Bug: #1376680 Related-Bug: #1379917 Related-Bug: #1381997 blueprint 100-nodes-support DocImpact Change-Id: I4da8070143e401f7a9246e72eda35e601b8c6386 --- deployment/puppet/cobbler/manifests/server.pp | 158 ++++++++++-------- .../cobbler/templates/dnsmasq.template.erb | 6 +- deployment/puppet/nailgun/manifests/host.pp | 97 ++++++----- 3 files changed, 143 insertions(+), 118 deletions(-) diff --git a/deployment/puppet/cobbler/manifests/server.pp b/deployment/puppet/cobbler/manifests/server.pp index 5130026e38..89de7d8c9b 100644 --- a/deployment/puppet/cobbler/manifests/server.pp +++ b/deployment/puppet/cobbler/manifests/server.pp @@ -11,14 +11,27 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +# +# == Class: cobbler::server +# +# Installs cobbler package and service +# +# == Parameters: +# +# [*dhcp_lease_max*] +# (optional) Sets the maximum number of leases available in dnsmasq. +# +# [*lease_time*] +# (optional) Sets the default lease time for DHCP clients. class cobbler::server ( - $production = 'prod', - $domain_name = 'local', - $dns_search = 'local', - $dns_domain = 'local', - $dns_upstream = '8.8.8.8', + $production = 'prod', + $domain_name = 'local', + $dns_search = 'local', + $dns_domain = 'local', + $dns_upstream = '8.8.8.8', + $dhcp_lease_max = '1800', + $lease_time = '120m', ) { include cobbler::packages @@ -26,69 +39,74 @@ class cobbler::server ( path => '/usr/bin:/bin:/usr/sbin:/sbin' } - case $operatingsystem { + case $::operatingsystem { /(?i)(centos|redhat)/ : { - $cobbler_service = "cobblerd" - $cobbler_web_service = "httpd" - $dnsmasq_service = "dnsmasq" + $cobbler_service = 'cobblerd' + $cobbler_web_service = 'httpd' + $dnsmasq_service = 'dnsmasq' - service { "xinetd": - enable => true, + service { 'xinetd': ensure => running, + enable => true, hasrestart => true, require => Package[$cobbler::packages::cobbler_additional_packages], } - file { "/etc/xinetd.conf": - content => template("cobbler/xinetd.conf.erb"), - owner => root, - group => root, - mode => 0600, + file { '/etc/xinetd.conf': + content => template('cobbler/xinetd.conf.erb'), + owner => 'root', + group => 'root', + mode => '0600', require => Package[$cobbler::packages::cobbler_additional_packages], - notify => Service["xinetd"], + notify => Service['xinetd'], } } /(?i)(debian|ubuntu)/ : { - $cobbler_service = "cobbler" - $cobbler_web_service = "apache2" - $dnsmasq_service = "dnsmasq" - $apache_ssl_module = "ssl" + $cobbler_service = 'cobbler' + $cobbler_web_service = 'apache2' + $dnsmasq_service = 'dnsmasq' + $apache_ssl_module = 'ssl' } + default : { + fail('Unsupported OS') + } } File['/etc/cobbler/modules.conf'] -> File['/etc/cobbler/settings'] -> - Service[$cobbler_service] -> Exec["cobbler_sync"] -> Service[$dnsmasq_service] + Service[$cobbler_service] -> + Exec['cobbler_sync'] -> + Service[$dnsmasq_service] if $production !~ /docker/ { service { $cobbler_service: - enable => true, ensure => running, + enable => true, hasrestart => true, require => Package[$cobbler::packages::cobbler_package], } service { $dnsmasq_service: - enable => true, ensure => running, + enable => true, hasrestart => true, require => Package[$cobbler::packages::dnsmasq_package], - subscribe => Exec["cobbler_sync"], + subscribe => Exec['cobbler_sync'], } } else { service { $cobbler_service: - enable => true, ensure => running, + enable => true, hasrestart => true, require => Package[$cobbler::packages::cobbler_package], } service { $dnsmasq_service: - enable => false, ensure => false, + enable => false, hasrestart => true, require => Package[$cobbler::packages::dnsmasq_package], - subscribe => Exec["cobbler_sync"], + subscribe => Exec['cobbler_sync'], } } if $apache_ssl_module { @@ -107,13 +125,13 @@ class cobbler::server ( } service { $cobbler_web_service: - enable => true, ensure => running, + enable => true, hasrestart => true, require => Package[$cobbler::packages::cobbler_web_package], } - exec { "wait_for_web_service": + exec { 'wait_for_web_service': command => '[ $(curl --connect-timeout 1 -s -w %{http_code} http://127.0.0.1:80/ -o /dev/null) -lt 500 ]', require => Service[$cobbler_web_service], subscribe => Service[$cobbler_web_service], @@ -121,8 +139,8 @@ class cobbler::server ( try_sleep => 1, } - exec { "cobbler_sync": - command => "cobbler sync", + exec { 'cobbler_sync': + command => 'cobbler sync', refreshonly => false, require => [ Service[$cobbler_web_service], @@ -131,71 +149,71 @@ class cobbler::server ( Package[$cobbler::packages::dnsmasq_package], File['/etc/dnsmasq.upstream']], subscribe => Service[$cobbler_service], - notify => [Service[$dnsmasq_service], Service["xinetd"]], + notify => [Service[$dnsmasq_service], Service['xinetd']], tries => 20, try_sleep => 3, } - file { "/etc/cobbler/modules.conf": - content => template("cobbler/modules.conf.erb"), - owner => root, - group => root, - mode => 0644, - require => [Package[$cobbler::packages::cobbler_package],], - notify => [Service[$cobbler_service], Exec["cobbler_sync"],], + file { '/etc/cobbler/modules.conf': + content => template('cobbler/modules.conf.erb'), + owner => 'root', + group => 'root', + mode => '0644', + require => [Package[$cobbler::packages::cobbler_package]], + notify => [Service[$cobbler_service], Exec['cobbler_sync']], } - file { "/etc/cobbler/settings": - content => template("cobbler/settings.erb"), - owner => root, - group => root, - mode => 0644, + file { '/etc/cobbler/settings': + content => template('cobbler/settings.erb'), + owner => 'root', + group => 'root', + mode => '0644', require => Package[$cobbler::packages::cobbler_package], - notify => [Service[$cobbler_service], Exec["cobbler_sync"],], + notify => [Service[$cobbler_service], Exec['cobbler_sync']], } - file { "/etc/cobbler/dnsmasq.template": - content => template("cobbler/dnsmasq.template.erb"), - owner => root, - group => root, - mode => 0644, + file { '/etc/cobbler/dnsmasq.template': + content => template('cobbler/dnsmasq.template.erb'), + owner => 'root', + group => 'root', + mode => '0644', require => [ Package[$cobbler::packages::cobbler_package], - Package[$cobbler::packages::dnsmasq_package],], + Package[$cobbler::packages::dnsmasq_package]], notify => [ Service[$cobbler_service], - Exec["cobbler_sync"], + Exec['cobbler_sync'], Service[$dnsmasq_service],], } - file { "/etc/cobbler/pxe/pxedefault.template": - content => template("cobbler/pxedefault.template.erb"), - owner => root, - group => root, - mode => 0644, + file { '/etc/cobbler/pxe/pxedefault.template': + content => template('cobbler/pxedefault.template.erb'), + owner => 'root', + group => 'root', + mode => '0644', require => Package[$cobbler::packages::cobbler_package], - notify => [Service[$cobbler_service], Exec["cobbler_sync"],], + notify => [Service[$cobbler_service], Exec['cobbler_sync']], } - file { "/etc/cobbler/pxe/pxelocal.template": - content => template("cobbler/pxelocal.template.erb"), - owner => root, - group => root, - mode => 0644, + file { '/etc/cobbler/pxe/pxelocal.template': + content => template('cobbler/pxelocal.template.erb'), + owner => 'root', + group => 'root', + mode => '0644', require => Package[$cobbler::packages::cobbler_package], - notify => [Service[$cobbler_service], Exec["cobbler_sync"],], + notify => [Service[$cobbler_service], Exec['cobbler_sync']], } - exec { "/var/lib/tftpboot/chain.c32": - command => "cp /usr/share/syslinux/chain.c32 /var/lib/tftpboot/chain.c32", - unless => "test -e /var/lib/tftpboot/chain.c32", + exec { '/var/lib/tftpboot/chain.c32': + command => 'cp /usr/share/syslinux/chain.c32 /var/lib/tftpboot/chain.c32', + unless => 'test -e /var/lib/tftpboot/chain.c32', require => [ Package[$cobbler::packages::cobbler_additional_packages], Package[$cobbler::packages::cobbler_package],] } file { '/etc/dnsmasq.upstream': - content => template("cobbler/dnsmasq.upstream.erb"), + content => template('cobbler/dnsmasq.upstream.erb'), owner => 'root', group => 'root', mode => '0644', diff --git a/deployment/puppet/cobbler/templates/dnsmasq.template.erb b/deployment/puppet/cobbler/templates/dnsmasq.template.erb index 136c259bc6..7a96f9598a 100644 --- a/deployment/puppet/cobbler/templates/dnsmasq.template.erb +++ b/deployment/puppet/cobbler/templates/dnsmasq.template.erb @@ -8,12 +8,14 @@ log-queries log-facility=/var/log/dnsmasq.log addn-hosts = /var/lib/cobbler/cobbler_hosts domain=<%= @domain_name %> -dhcp-lease-max=1000 +dhcp-lease-max=<%= @dhcp_lease_max %> server=/<%= @domain_name %>/ resolv-file=/etc/dnsmasq.upstream dhcp-match=gpxe,175 interface=<%= @dhcp_interface %> +cache-size=1024 + # This is one of the key options. dnsmasq tries to move out servername # and PXE filename from special fields into DHCP options. # Some old clients can't understand those DHCP options, so they @@ -28,7 +30,7 @@ dhcp-sequential-ip dhcp-option=6,<%= @name_server %> -dhcp-range=internal,<%= @dhcp_start_address %>,<%= @dhcp_end_address %>,<%= @dhcp_netmask %> +dhcp-range=internal,<%= @dhcp_start_address %>,<%= @dhcp_end_address %>,<%= @dhcp_netmask %>,<%= @lease_time %> dhcp-option=net:internal,option:router,<%= @dhcp_gateway %> pxe-service=net:#gpxe,x86PC,"Install",pxelinux,<%= @next_server %> dhcp-boot=net:internal,pxelinux.0,boothost,<%= @next_server %> diff --git a/deployment/puppet/nailgun/manifests/host.pp b/deployment/puppet/nailgun/manifests/host.pp index 9c3e18c6d5..418e348392 100644 --- a/deployment/puppet/nailgun/manifests/host.pp +++ b/deployment/puppet/nailgun/manifests/host.pp @@ -1,79 +1,84 @@ class nailgun::host( $production, $cobbler_host = '127.0.0.1', -$dns_search = "domain.tld", -$dns_domain = "domain.tld", -$nailgun_group = "nailgun", -$nailgun_user = "nailgun", -$gem_source = "http://localhost/gems/", -) -{ +$dns_search = 'domain.tld', +$dns_domain = 'domain.tld', +$nailgun_group = 'nailgun', +$nailgun_user = 'nailgun', +$gem_source = 'http://localhost/gems/', +) { #Enable cobbler's iptables rules even if Cobbler not called include cobbler::iptables Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'} firewall { '002 accept related established rules': - proto => 'all', - state => ['RELATED', 'ESTABLISHED'], - action => 'accept', + proto => 'all', + state => ['RELATED', 'ESTABLISHED'], + action => 'accept', } -> - class { "nailgun::iptables": } + class { 'nailgun::iptables': } - nailgun::sshkeygen { "/root/.ssh/id_rsa": - homedir => "/root", - username => "root", - groupname => "root", - keytype => "rsa", + nailgun::sshkeygen { '/root/.ssh/id_rsa': + homedir => '/root', + username => 'root', + groupname => 'root', + keytype => 'rsa', } - file { "/etc/ssh/sshd_config": - content => template("nailgun/sshd_config.erb"), - owner => 'root', - group => 'root', - mode => '0600', + file { '/etc/ssh/sshd_config': + content => template('nailgun/sshd_config.erb'), + owner => 'root', + group => 'root', + mode => '0600', } - file { "/root/.ssh/config": - content => template("nailgun/root_ssh_config.erb"), - owner => 'root', - group => 'root', - mode => '0600', + file { '/root/.ssh/config': + content => template('nailgun/root_ssh_config.erb'), + owner => 'root', + group => 'root', + mode => '0600', } - file { "/var/log/remote": + + file { '/var/log/remote': ensure => directory, - owner => 'root', - group => 'root', - mode => '0750', + owner => 'root', + group => 'root', + mode => '0750', } - file { "/var/www/nailgun/dump": + file { '/var/www/nailgun/dump': ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', + owner => 'root', + group => 'root', + mode => '0755', } - file { "/etc/dhcp/dhcp-enter-hooks": - content => template("nailgun/dhcp-enter-hooks.erb"), - owner => 'root', - group => 'root', - mode => '0755', + file { '/etc/dhcp/dhcp-enter-hooks': + content => template('nailgun/dhcp-enter-hooks.erb'), + owner => 'root', + group => 'root', + mode => '0755', } - file { "/etc/resolv.conf": - content => template("nailgun/resolv.conf.erb"), - owner => 'root', - group => 'root', - mode => '0644', + file { '/etc/resolv.conf': + content => template('nailgun/resolv.conf.erb'), + owner => 'root', + group => 'root', + mode => '0644', } file { '/etc/dhcp/dhclient.conf': - content => template("nailgun/dhclient.conf.erb"), + content => template('nailgun/dhclient.conf.erb'), owner => 'root', group => 'root', mode => '0644', } #Suppress kernel messages to console - sysctl::value{'kernel.printk': value=>'4 1 1 7'} + sysctl::value{'kernel.printk': value => '4 1 1 7'} + + #Increase values for neighbour table + sysctl::value{'net.ipv4.neigh.default.gc_thresh1': value => '256'} + sysctl::value{'net.ipv4.neigh.default.gc_thresh2': value => '1024'} + sysctl::value{'net.ipv4.neigh.default.gc_thresh3': value => '2048'} }