openstack/fuel-library
Code Issues Proposed changes

Merge "Increase settings for dnsmasq and sysctl"

Browse Source
This commit is contained in:
Jenkins 2014-10-20 13:13:01 +00:00 committed by Gerrit Code Review
commit 8455c8aea5
3 changed files with 143 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
deployment/puppet/cobbler/manifests/server.pp
View File

@ -11,14 +11,27 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
#
# == Class: cobbler::server
#
# Installs cobbler package and service
#
# == Parameters:
#
# [*dhcp_lease_max*]
# (optional) Sets the maximum number of leases available in dnsmasq.
#
# [*lease_time*]
# (optional) Sets the default lease time for DHCP clients.
class cobbler::server ( class cobbler::server (
$production = 'prod', $production = 'prod',
$domain_name = 'local', $domain_name = 'local',
$dns_search = 'local', $dns_search = 'local',
$dns_domain = 'local', $dns_domain = 'local',
$dns_upstream = '8.8.8.8', $dns_upstream = '8.8.8.8',
$dhcp_lease_max = '1800',
$lease_time = '120m',
) { ) {
include cobbler::packages include cobbler::packages
@ -26,69 +39,74 @@ class cobbler::server (
path => '/usr/bin:/bin:/usr/sbin:/sbin' path => '/usr/bin:/bin:/usr/sbin:/sbin'
} }
case $operatingsystem { case $::operatingsystem {
/(?i)(centos|redhat)/ : { /(?i)(centos|redhat)/ : {
$cobbler_service = "cobblerd" $cobbler_service = 'cobblerd'
$cobbler_web_service = "httpd" $cobbler_web_service = 'httpd'
$dnsmasq_service = "dnsmasq" $dnsmasq_service = 'dnsmasq'
service { "xinetd": service { 'xinetd':
enable => true,
ensure => running, ensure => running,
enable => true,
hasrestart => true, hasrestart => true,
require => Package[$cobbler::packages::cobbler_additional_packages], require => Package[$cobbler::packages::cobbler_additional_packages],
} }
file { "/etc/xinetd.conf": file { '/etc/xinetd.conf':
content => template("cobbler/xinetd.conf.erb"), content => template('cobbler/xinetd.conf.erb'),
owner => root, owner => 'root',
group => root, group => 'root',
mode => 0600, mode => '0600',
require => Package[$cobbler::packages::cobbler_additional_packages], require => Package[$cobbler::packages::cobbler_additional_packages],
notify => Service["xinetd"], notify => Service['xinetd'],
} }
} }
/(?i)(debian|ubuntu)/ : { /(?i)(debian|ubuntu)/ : {
$cobbler_service = "cobbler" $cobbler_service = 'cobbler'
$cobbler_web_service = "apache2" $cobbler_web_service = 'apache2'
$dnsmasq_service = "dnsmasq" $dnsmasq_service = 'dnsmasq'
$apache_ssl_module = "ssl" $apache_ssl_module = 'ssl'
} }
default : {
fail('Unsupported OS')
}
} }
File['/etc/cobbler/modules.conf'] -> File['/etc/cobbler/settings'] -> File['/etc/cobbler/modules.conf'] -> File['/etc/cobbler/settings'] ->
Service[$cobbler_service] -> Exec["cobbler_sync"] -> Service[$dnsmasq_service] Service[$cobbler_service] ->
Exec['cobbler_sync'] ->
Service[$dnsmasq_service]
if $production !~ /docker/ { if $production !~ /docker/ {
service { $cobbler_service: service { $cobbler_service:
enable => true,
ensure => running, ensure => running,
enable => true,
hasrestart => true, hasrestart => true,
require => Package[$cobbler::packages::cobbler_package], require => Package[$cobbler::packages::cobbler_package],
} }
service { $dnsmasq_service: service { $dnsmasq_service:
enable => true,
ensure => running, ensure => running,
enable => true,
hasrestart => true, hasrestart => true,
require => Package[$cobbler::packages::dnsmasq_package], require => Package[$cobbler::packages::dnsmasq_package],
subscribe => Exec["cobbler_sync"], subscribe => Exec['cobbler_sync'],
} }
} else { } else {
service { $cobbler_service: service { $cobbler_service:
enable => true,
ensure => running, ensure => running,
enable => true,
hasrestart => true, hasrestart => true,
require => Package[$cobbler::packages::cobbler_package], require => Package[$cobbler::packages::cobbler_package],
} }
service { $dnsmasq_service: service { $dnsmasq_service:
enable => false,
ensure => false, ensure => false,
enable => false,
hasrestart => true, hasrestart => true,
require => Package[$cobbler::packages::dnsmasq_package], require => Package[$cobbler::packages::dnsmasq_package],
subscribe => Exec["cobbler_sync"], subscribe => Exec['cobbler_sync'],
} }
} }
if $apache_ssl_module { if $apache_ssl_module {
@ -107,13 +125,13 @@ class cobbler::server (
} }
service { $cobbler_web_service: service { $cobbler_web_service:
enable => true,
ensure => running, ensure => running,
enable => true,
hasrestart => true, hasrestart => true,
require => Package[$cobbler::packages::cobbler_web_package], require => Package[$cobbler::packages::cobbler_web_package],
} }
exec { "wait_for_web_service": exec { 'wait_for_web_service':
command => '[ $(curl --connect-timeout 1 -s -w %{http_code} http://127.0.0.1:80/ -o /dev/null) -lt 500 ]', command => '[ $(curl --connect-timeout 1 -s -w %{http_code} http://127.0.0.1:80/ -o /dev/null) -lt 500 ]',
require => Service[$cobbler_web_service], require => Service[$cobbler_web_service],
subscribe => Service[$cobbler_web_service], subscribe => Service[$cobbler_web_service],
@ -121,8 +139,8 @@ class cobbler::server (
try_sleep => 1, try_sleep => 1,
} }
exec { "cobbler_sync": exec { 'cobbler_sync':
command => "cobbler sync", command => 'cobbler sync',
refreshonly => false, refreshonly => false,
require => [ require => [
Service[$cobbler_web_service], Service[$cobbler_web_service],
@ -131,71 +149,71 @@ class cobbler::server (
Package[$cobbler::packages::dnsmasq_package], Package[$cobbler::packages::dnsmasq_package],
File['/etc/dnsmasq.upstream']], File['/etc/dnsmasq.upstream']],
subscribe => Service[$cobbler_service], subscribe => Service[$cobbler_service],
notify => [Service[$dnsmasq_service], Service["xinetd"]], notify => [Service[$dnsmasq_service], Service['xinetd']],
tries => 20, tries => 20,
try_sleep => 3, try_sleep => 3,
} }
file { "/etc/cobbler/modules.conf": file { '/etc/cobbler/modules.conf':
content => template("cobbler/modules.conf.erb"), content => template('cobbler/modules.conf.erb'),
owner => root, owner => 'root',
group => root, group => 'root',
mode => 0644, mode => '0644',
require => [Package[$cobbler::packages::cobbler_package],], require => [Package[$cobbler::packages::cobbler_package]],
notify => [Service[$cobbler_service], Exec["cobbler_sync"],], notify => [Service[$cobbler_service], Exec['cobbler_sync']],
} }
file { "/etc/cobbler/settings": file { '/etc/cobbler/settings':
content => template("cobbler/settings.erb"), content => template('cobbler/settings.erb'),
owner => root, owner => 'root',
group => root, group => 'root',
mode => 0644, mode => '0644',
require => Package[$cobbler::packages::cobbler_package], require => Package[$cobbler::packages::cobbler_package],
notify => [Service[$cobbler_service], Exec["cobbler_sync"],], notify => [Service[$cobbler_service], Exec['cobbler_sync']],
} }
file { "/etc/cobbler/dnsmasq.template": file { '/etc/cobbler/dnsmasq.template':
content => template("cobbler/dnsmasq.template.erb"), content => template('cobbler/dnsmasq.template.erb'),
owner => root, owner => 'root',
group => root, group => 'root',
mode => 0644, mode => '0644',
require => [ require => [
Package[$cobbler::packages::cobbler_package], Package[$cobbler::packages::cobbler_package],
Package[$cobbler::packages::dnsmasq_package],], Package[$cobbler::packages::dnsmasq_package]],
notify => [ notify => [
Service[$cobbler_service], Service[$cobbler_service],
Exec["cobbler_sync"], Exec['cobbler_sync'],
Service[$dnsmasq_service],], Service[$dnsmasq_service],],
} }
file { "/etc/cobbler/pxe/pxedefault.template": file { '/etc/cobbler/pxe/pxedefault.template':
content => template("cobbler/pxedefault.template.erb"), content => template('cobbler/pxedefault.template.erb'),
owner => root, owner => 'root',
group => root, group => 'root',
mode => 0644, mode => '0644',
require => Package[$cobbler::packages::cobbler_package], require => Package[$cobbler::packages::cobbler_package],
notify => [Service[$cobbler_service], Exec["cobbler_sync"],], notify => [Service[$cobbler_service], Exec['cobbler_sync']],
} }
file { "/etc/cobbler/pxe/pxelocal.template": file { '/etc/cobbler/pxe/pxelocal.template':
content => template("cobbler/pxelocal.template.erb"), content => template('cobbler/pxelocal.template.erb'),
owner => root, owner => 'root',
group => root, group => 'root',
mode => 0644, mode => '0644',
require => Package[$cobbler::packages::cobbler_package], require => Package[$cobbler::packages::cobbler_package],
notify => [Service[$cobbler_service], Exec["cobbler_sync"],], notify => [Service[$cobbler_service], Exec['cobbler_sync']],
} }
exec { "/var/lib/tftpboot/chain.c32": exec { '/var/lib/tftpboot/chain.c32':
command => "cp /usr/share/syslinux/chain.c32 /var/lib/tftpboot/chain.c32", command => 'cp /usr/share/syslinux/chain.c32 /var/lib/tftpboot/chain.c32',
unless => "test -e /var/lib/tftpboot/chain.c32", unless => 'test -e /var/lib/tftpboot/chain.c32',
require => [ require => [
Package[$cobbler::packages::cobbler_additional_packages], Package[$cobbler::packages::cobbler_additional_packages],
Package[$cobbler::packages::cobbler_package],] Package[$cobbler::packages::cobbler_package],]
} }
file { '/etc/dnsmasq.upstream': file { '/etc/dnsmasq.upstream':
content => template("cobbler/dnsmasq.upstream.erb"), content => template('cobbler/dnsmasq.upstream.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',

6
deployment/puppet/cobbler/templates/dnsmasq.template.erb
View File

@ -8,12 +8,14 @@ log-queries
log-facility=/var/log/dnsmasq.log log-facility=/var/log/dnsmasq.log
addn-hosts = /var/lib/cobbler/cobbler_hosts addn-hosts = /var/lib/cobbler/cobbler_hosts
domain=<%= @domain_name %> domain=<%= @domain_name %>
dhcp-lease-max=1000 dhcp-lease-max=<%= @dhcp_lease_max %>
server=/<%= @domain_name %>/ server=/<%= @domain_name %>/
resolv-file=/etc/dnsmasq.upstream resolv-file=/etc/dnsmasq.upstream
dhcp-match=gpxe,175 dhcp-match=gpxe,175
interface=<%= @dhcp_interface %> interface=<%= @dhcp_interface %>
cache-size=1024
# This is one of the key options. dnsmasq tries to move out servername # This is one of the key options. dnsmasq tries to move out servername
# and PXE filename from special fields into DHCP options. # and PXE filename from special fields into DHCP options.
# Some old clients can't understand those DHCP options, so they # Some old clients can't understand those DHCP options, so they
@ -28,7 +30,7 @@ dhcp-sequential-ip
dhcp-option=6,<%= @name_server %> dhcp-option=6,<%= @name_server %>
dhcp-range=internal,<%= @dhcp_start_address %>,<%= @dhcp_end_address %>,<%= @dhcp_netmask %> dhcp-range=internal,<%= @dhcp_start_address %>,<%= @dhcp_end_address %>,<%= @dhcp_netmask %>,<%= @lease_time %>
dhcp-option=net:internal,option:router,<%= @dhcp_gateway %> dhcp-option=net:internal,option:router,<%= @dhcp_gateway %>
pxe-service=net:#gpxe,x86PC,"Install",pxelinux,<%= @next_server %> pxe-service=net:#gpxe,x86PC,"Install",pxelinux,<%= @next_server %>
dhcp-boot=net:internal,pxelinux.0,boothost,<%= @next_server %> dhcp-boot=net:internal,pxelinux.0,boothost,<%= @next_server %>

97
deployment/puppet/nailgun/manifests/host.pp
View File

@ -1,79 +1,84 @@
class nailgun::host( class nailgun::host(
$production, $production,
$cobbler_host = '127.0.0.1', $cobbler_host = '127.0.0.1',
$dns_search = "domain.tld", $dns_search = 'domain.tld',
$dns_domain = "domain.tld", $dns_domain = 'domain.tld',
$nailgun_group = "nailgun", $nailgun_group = 'nailgun',
$nailgun_user = "nailgun", $nailgun_user = 'nailgun',
$gem_source = "http://localhost/gems/", $gem_source = 'http://localhost/gems/',
) ) {
{
#Enable cobbler's iptables rules even if Cobbler not called #Enable cobbler's iptables rules even if Cobbler not called
include cobbler::iptables include cobbler::iptables
Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'} Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
firewall { '002 accept related established rules': firewall { '002 accept related established rules':
proto => 'all', proto => 'all',
state => ['RELATED', 'ESTABLISHED'], state => ['RELATED', 'ESTABLISHED'],
action => 'accept', action => 'accept',
} -> } ->
class { "nailgun::iptables": } class { 'nailgun::iptables': }
nailgun::sshkeygen { "/root/.ssh/id_rsa": nailgun::sshkeygen { '/root/.ssh/id_rsa':
homedir => "/root", homedir => '/root',
username => "root", username => 'root',
groupname => "root", groupname => 'root',
keytype => "rsa", keytype => 'rsa',
} }
file { "/etc/ssh/sshd_config": file { '/etc/ssh/sshd_config':
content => template("nailgun/sshd_config.erb"), content => template('nailgun/sshd_config.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} }
file { "/root/.ssh/config": file { '/root/.ssh/config':
content => template("nailgun/root_ssh_config.erb"), content => template('nailgun/root_ssh_config.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} }
file { "/var/log/remote":
file { '/var/log/remote':
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0750', mode => '0750',
} }
file { "/var/www/nailgun/dump": file { '/var/www/nailgun/dump':
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
file { "/etc/dhcp/dhcp-enter-hooks": file { '/etc/dhcp/dhcp-enter-hooks':
content => template("nailgun/dhcp-enter-hooks.erb"), content => template('nailgun/dhcp-enter-hooks.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
file { "/etc/resolv.conf": file { '/etc/resolv.conf':
content => template("nailgun/resolv.conf.erb"), content => template('nailgun/resolv.conf.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} }
file { '/etc/dhcp/dhclient.conf': file { '/etc/dhcp/dhclient.conf':
content => template("nailgun/dhclient.conf.erb"), content => template('nailgun/dhclient.conf.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} }
#Suppress kernel messages to console #Suppress kernel messages to console
sysctl::value{'kernel.printk': value=>'4 1 1 7'} sysctl::value{'kernel.printk': value => '4 1 1 7'}
#Increase values for neighbour table
sysctl::value{'net.ipv4.neigh.default.gc_thresh1': value => '256'}
sysctl::value{'net.ipv4.neigh.default.gc_thresh2': value => '1024'}
sysctl::value{'net.ipv4.neigh.default.gc_thresh3': value => '2048'}
} }