From 6fecb56d5feac82c2f6aa10c4e8f61bd516fbfef Mon Sep 17 00:00:00 2001 From: Richard Shade Date: Tue, 21 Mar 2017 13:05:39 -0500 Subject: [PATCH] added selinux for centos7, updated collectd broken plugins, set swap back to MB to match swap cookbook. (#41) * adding in sysctl files closes #36 * adding in sysctl tuning fixes: #36 * adding version into changelog * updating sysctl, ande eph_lvm to 3.0 * updating knife(setting log_level to info), updating spec_helper(adding platforms_method) * adding new chefspec test sysctl * updating to fix selinux issues with default install * changlog upddate * adding socket options * changing module name, and if * updating test on kitchen * trimming down modules to ones that exist * fixes #39 * fixing changelog * fixed: Plugin dfdid not register for value ReportReserved * adding in unlink * updating for baseurl * removing mirrorlist * adding kitchen-dokken, removing ubuntu1204, adding ubuntu1604 * adding kitchen dokken * fixing cookstyle, and loglevel * fixing specs * cutting file by size * converting swap to float * updating full thing to integer * updating kitchen dokken, and pinning swap * removing ruby-version as we use chef-dk * removing coveralls as we really dont use it * deprecations_as_errors: false * adding swap * removing chef and rake as we use chefdk * undoing sysctl as default, as that is to big a change * adding rhel guard * fixing centos6 yum-epel issue * adding hostname to ubuntu1404 * adding collectd hostname * pinning collectd to 2.2.2 * updating readme to match changes Signed-off-by: Richard Shade --- .kitchen.dokken.yml | 87 +++++++++++++++++++ .kitchen.yml | 45 ++++------ .ruby-version | 1 - .travis.yml | 54 ++++++++++-- Berksfile | 5 -- Berksfile.lock | 139 +++++++++++++++---------------- CHANGELOG.md | 13 ++- Gemfile | 4 - README.md | 26 ++++-- Rakefile | 2 +- attributes/default.rb | 1 + attributes/monitoring.rb | 4 +- attributes/swap.rb | 2 +- attributes/sysctl.rb | 15 ++++ metadata.rb | 18 +++- recipes/monitoring_collectd.rb | 54 ++++++++++-- recipes/swap.rb | 11 +-- recipes/sysctl.rb | 12 +++ spec/default_spec.rb | 1 + spec/monitoring_collectd_spec.rb | 1 + spec/spec_helper.rb | 15 +++- spec/swap_spec.rb | 1 + spec/sysctl_spec.rb | 27 ++++++ 23 files changed, 380 insertions(+), 158 deletions(-) create mode 100644 .kitchen.dokken.yml delete mode 100644 .ruby-version create mode 100644 attributes/sysctl.rb create mode 100644 recipes/sysctl.rb create mode 100644 spec/sysctl_spec.rb diff --git a/.kitchen.dokken.yml b/.kitchen.dokken.yml new file mode 100644 index 0000000..d9b2775 --- /dev/null +++ b/.kitchen.dokken.yml @@ -0,0 +1,87 @@ +driver: + name: dokken + privileged: true # because Docker and SystemD/Upstart + chef_version: current + volumes: [ '/mnt' ] + +transport: + name: dokken + +provisioner: + name: dokken + deprecations_as_errors: false + +verifier: + name: inspec + +platforms: + - name: centos-6 + driver: + image: centos:6 + privileged: true + platform: rhel + pid_one_command: /sbin/init + intermediate_instructions: + - RUN yum -y install which initscripts net-tools wget + + - name: centos-7 + driver: + image: centos:7 + privileged: true + platform: rhel + pid_one_command: /usr/lib/systemd/systemd + intermediate_instructions: + - RUN yum -y install lsof which systemd-sysv initscripts wget net-tools + + - name: debian-7 + driver: + image: debian:7 + privileged: true + pid_one_command: /sbin/init + intermediate_instructions: + - RUN /usr/bin/apt-get update + - RUN /usr/bin/apt-get install apt-transport-https lsb-release procps net-tools -y + + - name: debian-8 + driver: + image: debian:8 + privileged: true + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + - RUN /usr/bin/apt-get install apt-transport-https lsb-release procps net-tools -y + + - name: fedora-25 + driver: + image: fedora:25 + privileged: true + pid_one_command: /usr/lib/systemd/systemd + intermediate_instructions: + - RUN dnf -y install yum which systemd-sysv initscripts wget net-tools + + - name: ubuntu-14.04 + driver: + image: ubuntu-upstart:14.04 + privileged: true + hostname: <%= ENV['INSTANCE'].downcase %> + pid_one_command: /sbin/init + intermediate_instructions: + - RUN /usr/bin/apt-get update + - RUN /usr/bin/apt-get install apt-transport-https lsb-release procps net-tools -y + + - name: ubuntu-16.04 + driver: + image: ubuntu:16.04 + privileged: true + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + - RUN /usr/bin/apt-get install apt-transport-https lsb-release procps net-tools -y + + - name: opensuse-leap + driver: + image: opensuse:leap + privileged: true + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN zypper --non-interactive install aaa_base perl-Getopt-Long-Descriptive which hostname diff --git a/.kitchen.yml b/.kitchen.yml index 061ccea..132d6ae 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -23,41 +23,30 @@ platforms: run_list: ['recipe[yum-epel]','recipe[fake::create_secrets]'] driver_config: box: bento/centos-7.2 -- name: rhel-6.5 - run_list: ['recipe[yum-epel]', 'recipe[rhsm]','recipe[fake::create_secrets]'] - attributes: - rhsm: - username: <%= ENV['RHSM_USERNAME'] %> - password: <%= ENV['RHSM_PASSWORD'] %> - driver_config: - box: local-rhel-6.5 - box_url: file://<%= File.expand_path('~') %>/opscode_rhel-6.5_chef-provisionerless.box -- name: rhel-7.0 - run_list: ['recipe[yum-epel]', 'recipe[rhsm]','recipe[fake::create_secrets]'] - attributes: - rhsm: - username: <%= ENV['RHSM_USERNAME'] %> - password: <%= ENV['RHSM_PASSWORD'] %> - driver_config: - box: local-rhel-7.0 - box_url: file://<%= File.expand_path('~') %>/opscode_rhel-7.0_chef-provisionerless.box -- name: ubuntu-12.04 - run_list: ['recipe[apt]','recipe[fake::create_secrets]'] - driver_config: - box: bento/ubuntu-12.04 - name: ubuntu-14.04 - run_list: ['recipe[apt]','recipe[fake::create_secrets]'] + run_list: + - recipe[apt] + - recipe[fake::create_secrets] driver_config: box: bento/ubuntu-14.04 +- name: ubuntu-16.04 + run_list: ['recipe[apt]','recipe[fake::create_secrets]'] + driver_config: + box: bento/ubuntu-16.04 suites: - name: default - run_list: ['recipe[rs-base::default]'] + run_list: + - recipe[rs-base::default] attributes: cloud: provider: vagrant + rightscale: + RS_RLL_PORT: 12345 rs-base: - collectd_server: sketchy1-66.rightscale.com + collectd_hostname: 00-137FE058 + swap: + size: 1 - name: swap run_list: ['recipe[rs-base::swap]'] attributes: @@ -75,9 +64,9 @@ suites: rs-base: rsyslog_server: 192.168.0.1 - name: collectd - run_list: ['recipe[fake::rightscale_software]', 'recipe[fake::tcpdump]', 'recipe[rs-base::collectd]'] + run_list: ['recipe[fake::tcpdump]', 'recipe[rs-base::monitoring_collectd]'] attributes: + rightscale: + RS_RLL_PORT: 12345 cloud: provider: vagrant - rs-base: - collectd_server: sketchy1-66.rightscale.com diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index 2bf1c1c..0000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.3.1 diff --git a/.travis.yml b/.travis.yml index bbd3387..65ecd4a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,13 +1,49 @@ -language: ruby -rvm: -- 2.3.1 +sudo: required +dist: trusty + +# install the pre-release chef-dk. Use chef-stable-trusty to install the stable release +addons: + apt: + sources: + - chef-stable-trusty + packages: + - chefdk + before_install: -- curl -L https://www.getchef.com/chef/install.sh | sudo bash -s -- -P chefdk -v 1.2.22 -- gem install bundler -v 1.11.2 -install: -- chef exec bundle install --jobs=3 --retry=3 -before_script: chef exec rake setup_test_environment -script: "./.travis_install.sh" + - sudo chef gem install kitchen-dokken +# Don't `bundle install` which takes about 1.5 mins +install: echo "skip bundle install" + +branches: + only: + - master + +services: docker + +env: + matrix: + - INSTANCE=default-ubuntu-1404 + - INSTANCE=default-ubuntu-1604 + - INSTANCE=default-centos-6 + - INSTANCE=default-centos-7 + +before_script: + - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER ) + - eval "$(/opt/chefdk/bin/chef shell-init bash)" + - /opt/chefdk/embedded/bin/chef --version + - /opt/chefdk/embedded/bin/cookstyle --version + - /opt/chefdk/embedded/bin/foodcritic --version + - sudo chef gem install kitchen-dokken + - chef exec bundle install --jobs=3 --retry=3 + +script: KITCHEN_LOCAL_YAML=.kitchen.dokken.yml /opt/chefdk/embedded/bin/chef exec kitchen verify ${INSTANCE} + +matrix: + include: + - script: + - chef exec rake setup_test_environment + - "./.travis_install.sh" + env: UNIT_AND_LINT=1 notifications: slack: secure: FECIJq2s1oCyRiuuQgisiWsKXx5g2WpFxfO3gPCDrzjHbLbdPBFZRd/O5oI/ugWK19hOcAFe2CuSrsE485mmXutL/mQiDehZ1S3++iIsAPYZdnWISEl4IiKJmGrRPqAE4maG8TiBMEV6gt3YPvteWhtmJxE4LEJoXS9r98zA3qA= diff --git a/Berksfile b/Berksfile index 8f14fa9..c1343ce 100644 --- a/Berksfile +++ b/Berksfile @@ -2,11 +2,6 @@ source 'https://supermarket.chef.io' metadata -cookbook 'collectd' -cookbook 'marker', github: 'rightscale-cookbooks/marker' -cookbook 'rightscale_tag', github: 'rightscale-cookbooks/rightscale_tag' -cookbook 'machine_tag', github: 'rightscale-cookbooks/machine_tag' - group :integration do cookbook 'fake', path: './test/cookbooks/fake' end diff --git a/Berksfile.lock b/Berksfile.lock index 917d8da..342ea7a 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -1,73 +1,66 @@ -DEPENDENCIES - collectd - fake - path: test/cookbooks/fake - machine_tag - git: https://github.com/rightscale-cookbooks/machine_tag.git - revision: 581dd0b7ddf2e65939527bb5e6c6c47788d1bf33 - marker - git: https://github.com/rightscale-cookbooks/marker.git - revision: 058e70879408fceceb628c600d487b1ddfa06cdb - rightscale_tag - git: https://github.com/rightscale-cookbooks/rightscale_tag.git - revision: d012cd3486fd9fc4efbf5200885bad521301c4b9 - rs-base - path: . - metadata: true - -GRAPH - apt (5.0.1) - compat_resource (>= 12.16.3) - build-essential (7.0.3) - compat_resource (>= 12.16.3) - mingw (>= 1.1) - seven_zip (>= 0.0.0) - collectd (2.2.2) - poise (~> 2.2) - poise-service (~> 1.0) - collectd_plugins (2.1.3) - collectd (~> 2.0) - compat_resource (12.16.3) - ephemeral_lvm (3.0.0) - lvm (>= 4.0) - now (>= 0.0.0) - fake (0.1.0) - lvm (4.0.5) - machine_tag (2.0.1) - apt (>= 0.0.0) - build-essential (>= 0.0.0) - marker (2.0.0) - mingw (1.2.5) - compat_resource (>= 12.16.3) - seven_zip (>= 0.0.0) - now (1.0.0) - ntp (3.3.1) - ohai (4.2.3) - compat_resource (>= 12.14.7) - poise (2.7.1) - poise-service (1.4.2) - poise (~> 2.0) - rightscale_tag (2.0.0) - machine_tag (~> 2.0) - marker (~> 2.0) - rs-base (2.0.1) - apt (>= 0.0.0) - collectd (~> 2.2.2) - collectd_plugins (~> 2.1.3) - ephemeral_lvm (~> 3.0) - machine_tag (~> 2.0) - marker (>= 0.0.0) - ntp (>= 0.0.0) - rightscale_tag (~> 2.0) - rsyslog (>= 0.0.0) - swap (>= 0.0.0) - yum-epel (>= 0.0.0) - rsyslog (5.1.0) - compat_resource (>= 12.14.6) - seven_zip (2.0.2) - windows (>= 1.2.2) - swap (0.3.8) - windows (2.1.1) - ohai (>= 4.0.0) - yum-epel (2.1.1) - compat_resource (>= 12.16.3) +DEPENDENCIES + fake + path: test/cookbooks/fake + rs-base + path: . + metadata: true + +GRAPH + apt (6.0.1) + build-essential (8.0.0) + mingw (>= 1.1) + seven_zip (>= 0.0.0) + chef-sugar (3.4.0) + collectd (2.2.2) + poise (~> 2.2) + poise-service (~> 1.0) + collectd_plugins (2.1.3) + collectd (~> 2.0) + compat_resource (12.16.3) + ephemeral_lvm (3.0.0) + lvm (>= 4.0) + now (>= 0.0.0) + fake (0.1.0) + lvm (4.0.5) + machine_tag (2.0.4) + apt (>= 0.0.0) + build-essential (>= 0.0.0) + chef-sugar (>= 0.0.0) + marker (2.0.0) + mingw (2.0.0) + seven_zip (>= 0.0.0) + now (1.0.0) + ntp (3.3.1) + ohai (5.0.0) + poise (2.7.2) + poise-service (1.4.2) + poise (~> 2.0) + rightscale_tag (2.0.1) + machine_tag (~> 2.0) + marker (~> 2.0) + rs-base (2.1.0) + apt (>= 0.0.0) + collectd (= 2.2.2) + collectd_plugins (= 2.1.3) + ephemeral_lvm (~> 3.0) + machine_tag (~> 2.0) + marker (>= 0.0.0) + ntp (>= 0.0.0) + rightscale_tag (~> 2.0) + rsyslog (>= 0.0.0) + selinux_policy (>= 0.0.0) + swap (>= 2.0.0) + sysctl (>= 0.0.0) + yum-epel (>= 0.0.0) + rsyslog (6.0.1) + selinux_policy (2.0.0) + compat_resource (>= 12.16.3) + seven_zip (2.0.2) + windows (>= 1.2.2) + swap (2.0.0) + sysctl (0.8.1) + ohai (>= 4.0) + windows (3.0.1) + ohai (>= 4.0.0) + yum-epel (2.1.1) + compat_resource (>= 12.16.3) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75c5038..4b0d42a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,13 +3,22 @@ rs-base Cookbook CHANGELOG This file is used to list changes made in each version of the rs-base cookbook. +v2.1.0 +------ +- adding selinux support for centos7 collectd +- fixing IgnoreSelectd to IgnoreSelected +- fixed: Plugin `df' did not register for value `ReportReserved' +- adding in sysctl-tuning +- making rs-base attributes match rightscale plugin format +- setting swap back to MB + v2.0.1 ------ - - add support for collectd on centos/rhel 7 by enabling epel repo +- add support for collectd on centos/rhel 7 by enabling epel repo v2.0.0 ------ - - adding support for chef12 +- adding support for chef12 v1.3.0 ------ diff --git a/Gemfile b/Gemfile index c113f07..08ecd45 100644 --- a/Gemfile +++ b/Gemfile @@ -1,10 +1,6 @@ # frozen_string_literal: true source 'https://rubygems.org' -gem 'rake' -gem 'chef', '~> 12.16.0' - group :integration do - gem 'coveralls', require: false gem 'machine_tag' end diff --git a/README.md b/README.md index 4865856..189c06d 100644 --- a/README.md +++ b/README.md @@ -12,18 +12,23 @@ Github Repository: [https://github.com/rightscale-cookbooks/rs-base](https://git # Requirements -* Requires Chef 11 or higher +* Requires Chef 12 or higher * Requires [RightLink 10](http://docs.rightscale.com/rl10/) See cookbook version 1.1.7 for RightLink 6 support * Cookbook requirements - * [ntp](http://community.opscode.com/cookbooks/ntp) - * [marker](http://community.opscode.com/cookbooks/marker) - * [rightscale_tag](http://community.opscode.com/cookbooks/rightscale_tag) - * [swap](http://community.opscode.com/cookbooks/swap) - * [rsyslog](http://community.opscode.com/cookbooks/rsyslog) - * [collectd](https://github.com/rightscale-cookbooks-contrib/chef-collectd) + * [ntp](https://supermarket.chef.io/cookbooks/ntp) + * [marker](http://supermarket.chef.io/cookbooks/marker) + * [rightscale_tag](http://supermarket.chef.io/cookbooks/rightscale_tag) + * [swap](http://supermarket.chef.io/cookbooks/swap) + * [rsyslog](http://supermarket.chef.io/cookbooks/rsyslog) + * [collectd](https://supermarket.chef.io/cookbooks/collectd) + * [sysctl](https://supermarket.chef.io/cookbooks/sysctl) + * [selinux_policy](https://supermarket.chef.io/cookbooks/selinux_policy) + * [ephemeral_lvm](https://supermarket.chef.io/cookbooks/ephemeral_lvm) * Platform - * Ubuntu 12.04 + * Ubuntu 14.04 + * Ubuntu 16.04 * CentOS 6 + * CentOS 7 # Usage @@ -39,6 +44,7 @@ Place the `rs-base::default` recipe in the runlist. updating time. Default is `['time.rightscale.com', 'ec2-us-east.time.rightscale.com', 'ec2-us-west.time.rightscale.com']`. * `node['rs-base']['rsyslog_server']` - FQDN or IP address of a remote rsyslog server. Default is `nil`. +* `node['rs-base']['sysctl']['settings']` - see `attributes\sysctl.rb` for defaults # Recipes @@ -68,6 +74,10 @@ used as the remote syslog server. Otherwise local machine is used. Installs the collectd client with some of the basic plugins, syslog, interface, df, disk, memory, load, processes, users, and network. +## rs-base::sysctl + +Set's the sysctl parameters based off netflix tuning page: https://wiki.mikejung.biz/Sysctl_tweaks#Netflix_2014_EC2_sysctl_tweaks(https://wiki.mikejung.biz/Sysctl_tweaks#Netflix_2014_EC2_sysctl_tweaks) + # Author Author:: RightScale, Inc. () diff --git a/Rakefile b/Rakefile index 0705b5f..711f7ca 100644 --- a/Rakefile +++ b/Rakefile @@ -9,7 +9,7 @@ desc 'Sets up knife, and vendors cookbooks' task :setup_test_environment do File.open('knife.rb', 'w+') do |file| file.write <<-EOF - log_level :debug + log_level :info log_location STDOUT cookbook_path ['.', 'berks-cookbooks/' ] EOF diff --git a/attributes/default.rb b/attributes/default.rb index 5ce29ee..8527649 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -17,3 +17,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # +default['rs-base']['sysctl']['enable'] = true diff --git a/attributes/monitoring.rb b/attributes/monitoring.rb index 85f1895..c23d85a 100644 --- a/attributes/monitoring.rb +++ b/attributes/monitoring.rb @@ -18,5 +18,5 @@ # limitations under the License. # default['rs-base']['monitoring_type'] = 'collectd' -default['rs-base']['collectd_server'] = nil -default['rs-base']['collectd_server_port'] = 3011 +default['rs-base']['collectd_server'] = node['rightscale']['monitoring_collector_http'] +default['rs-base']['collectd_server_port'] = node['rightscale']['RS_RLL_PORT'] diff --git a/attributes/swap.rb b/attributes/swap.rb index 4daea68..7ce3438 100644 --- a/attributes/swap.rb +++ b/attributes/swap.rb @@ -18,5 +18,5 @@ # limitations under the License. # -default['rs-base']['swap']['size'] = 1 # GB +default['rs-base']['swap']['size'] = 1024 # MB default['rs-base']['swap']['file'] = '/mnt/ephemeral/swapfile' diff --git a/attributes/sysctl.rb b/attributes/sysctl.rb new file mode 100644 index 0000000..bea8376 --- /dev/null +++ b/attributes/sysctl.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true +default['rs-base']['sysctl']['settings'] = { + 'vm.swappiness' => 20, + 'vm.dirty_ratio' => 40, + 'vm.dirty_background_ratio' => 10, + 'net.core.somaxconn' => 1000, + 'net.core.netdev_max_backlog' => 5000, + 'net.core.rmem_max' => 16_777_216, + 'net.core.wmem_max' => 16_777_216, + 'net.ipv4.tcp_wmem' => '4096 12582912 16777216', + 'net.ipv4.tcp_rmem' => '4096 12582912 16777216', + 'net.ipv4.tcp_max_syn_backlog' => 8096, + 'net.ipv4.tcp_slow_start_after_idle' => 0, + 'net.ipv4.tcp_tw_reuse' => 1, +} diff --git a/metadata.rb b/metadata.rb index 5f0ef0b..8fdcde1 100644 --- a/metadata.rb +++ b/metadata.rb @@ -5,7 +5,7 @@ license 'Apache 2.0' description 'Installs/Configures rs-base' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '2.0.1' +version '2.1.0' issues_url 'https://github.com/rightscale-cookbooks/rs-base/issues' if respond_to?(:issues_url) source_url 'https://github.com/rightscale-cookbooks/rs-base' if respond_to?(:source_url) chef_version '>= 12.0' if respond_to?(:chef_version) @@ -19,11 +19,13 @@ depends 'marker' depends 'rightscale_tag', '~> 2.0' depends 'machine_tag', '~> 2.0' -depends 'swap' +depends 'swap', '>= 2.0' depends 'rsyslog' -depends 'collectd', '~> 2.2.2' -depends 'collectd_plugins', '~> 2.1.3' +depends 'collectd', '= 2.2.2' +depends 'collectd_plugins', '= 2.1.3' depends 'ephemeral_lvm', '~> 3.0' +depends 'selinux_policy' +depends 'sysctl' recipe 'rs-base::default', 'All-in-one recipe to run all recipes in rs-base cookbook.' recipe 'rs-base::ntp', 'Installs and configures ntp client.' @@ -31,6 +33,7 @@ recipe 'rs-base::rsyslog', 'Install and setup rsyslog.' recipe 'rs-base::monitoring_collectd', 'Install and setup collectd and basic set of plugins' recipe 'rs-base::monitoring_rightlink', 'Configures rightlink default monitoring' +recipe 'rs-base::sysctl', 'installs kernel tuning' attribute 'rs-base/ntp/servers', display_name: 'NTP Servers', @@ -80,3 +83,10 @@ description: 'The hostname of the collectd instance being monitored', recipes: ['rs-base::default', 'rs-base::collectd'], required: 'required' + +attribute 'rs-base/sysctl/enable', + display_name: 'Sysctl Tuning Enable', + description: 'Sysctl Tuning Enable', + recipes: ['rs-base::default'], + default: true, + required: 'optional' diff --git a/recipes/monitoring_collectd.rb b/recipes/monitoring_collectd.rb index 898ce94..8563039 100644 --- a/recipes/monitoring_collectd.rb +++ b/recipes/monitoring_collectd.rb @@ -22,7 +22,47 @@ template 'rightscale_audit_entry.erb' end -include_recipe 'yum-epel' if node['platform_family'] == 'rhel' +if (node['platform_family'] == 'rhel') && (node['platform_version'].to_i >= 7) + yum_repository 'epel' do + baseurl 'https://dl.fedoraproject.org/pub/epel/7/x86_64/' + description 'Extra Packages for Enterprise Linux 7 - $basearch' + enabled true + gpgcheck true + gpgkey 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + end +else + include_recipe 'yum-epel' +end + +include_recipe 'selinux_policy::install' if node['platform_family'] == 'rhel' + +selinux_policy_module 'rightscale_collectd' do + content <<-eos + module rightscale_collectd 1.0; + require { + type unreserved_port_t; + type ephemeral_port_t; + type policykit_t; + type tmp_t; + type collectd_t; + class tcp_socket name_connect; + class dir { create read write open getattr search remove_name add_name rmdir }; + class file read; + class udp_socket name_bind; + class sock_file { create read write open getattr setattr unlink }; + } + + #============= collectd_t ============== + allow collectd_t ephemeral_port_t:tcp_socket name_connect; + allow collectd_t tmp_t:dir { create read write open getattr search remove_name add_name rmdir }; + allow collectd_t tmp_t:sock_file { create read write open getattr setattr unlink }; + allow collectd_t unreserved_port_t:udp_socket name_bind; + eos + action :deploy + only_if do + (node['platform_family'] == 'rhel') && (node['platform_version'].to_i >= 7) + end +end Chef::Log.info 'setting collectd defaults' node.default['collectd']['service']['configuration']['Hostname'] = node['rs-base']['collectd_hostname'] @@ -30,12 +70,9 @@ node.default['collectd']['service']['configuration']['interval'] = 20 include_recipe 'collectd::default' -raise 'No sketchy server set' unless node['rs-base']['collectd_server'] - Chef::Log.info 'Setting DF Plugin Options' -node.default['collectd-plugins']['df']['report_reserved'] = false node.default['collectd-plugins']['df']['FSType'] = %w(proc sysfs fusectl debugfs securityfs devtmpfs devpts tmpfs) -node.default['collectd-plugins']['df']['ignore_selectd'] = true +node.default['collectd-plugins']['df']['ignore_selected'] = true Chef::Log.info 'Setting UnixSock Plugin Options' node.default['collectd-plugins']['unixsock']['SocketFile'] = '/tmp/collectd.sock' @@ -55,18 +92,17 @@ include_recipe 'collectd_plugins::disk' include_recipe 'collectd_plugins::processes' -# include_recipe 'collectd_plugins::users' if ::File.exist?('/var/run/rightlink/secret') File.read('/var/run/rightlink/secret').each_line do |line| k, v = line.strip.split('=') - node.default['rs-base']['rightscale'][k] = v + node.default['rightscale'][k] = v end else raise 'rs-base needs rl10 secrets to operate' -end +end if node['rightscale']['RS_RLL_PORT'].nil? -node.default['collectd-plugins']['write_http']['U_R_L'] = "http://127.0.0.1:#{node['rs-base']['rightscale']['RS_RLL_PORT']}/rll/tss/collectdv5" +node.default['collectd-plugins']['write_http']['U_R_L'] = "http://127.0.0.1:#{node['rightscale']['RS_RLL_PORT']}/rll/tss/collectdv5" include_recipe 'collectd_plugins::write_http' include_recipe 'rightscale_tag::monitoring' diff --git a/recipes/swap.rb b/recipes/swap.rb index e0a5474..37fe3e2 100644 --- a/recipes/swap.rb +++ b/recipes/swap.rb @@ -34,15 +34,8 @@ action :create end -# The swap cookbook expects the size to be in MB. So convert the size in GB to MB. -size_mb = node['rs-base']['swap']['size'].to_i * 1024 - -# RHEL|CentOS 7.* currently fails using an 'fallocate' file as swap which is what is -# done by the 'swap' community cookbook. Following is a workaround to create the file first with 'dd'. -# 'dd' command generated from https://github.com/sethvargo-cookbooks/swap/blob/v0.3.8/libraries/swapfile_provider.rb#L141 -if platform_family?('rhel') && node['platform_version'] =~ /^7\./ - execute "dd if=/dev/zero of=#{node['rs-base']['swap']['file']} bs=1048576 count=#{size_mb}" -end +# The swap cookbook expects the size to be in MB. +size_mb = node['rs-base']['swap']['size'].to_i swap_file node['rs-base']['swap']['file'] do size size_mb diff --git a/recipes/sysctl.rb b/recipes/sysctl.rb new file mode 100644 index 0000000..07b7bc9 --- /dev/null +++ b/recipes/sysctl.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true +if node['rs-base']['sysctl']['enable'] + # https://wiki.mikejung.biz/Sysctl_tweaks + include_recipe 'sysctl::default' + node['rs-base']['sysctl']['settings'].each do |k, v| + sysctl_param k do + value v + end + end + + execute 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' +end diff --git a/spec/default_spec.rb b/spec/default_spec.rb index fc50be2..3c5a221 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -6,6 +6,7 @@ ChefSpec::SoloRunner.new do |node| node.set['rightscale']['instance_uuid'] = 'abcd1234' node.set['rs-base']['collectd_server'] = 'tss-4.rightscale.com' + node.set['rightscale']['monitoring_collector_http'] = 'tss4.rightscale.com' end.converge(described_recipe) end diff --git a/spec/monitoring_collectd_spec.rb b/spec/monitoring_collectd_spec.rb index 46c2270..9a44d05 100644 --- a/spec/monitoring_collectd_spec.rb +++ b/spec/monitoring_collectd_spec.rb @@ -6,6 +6,7 @@ ChefSpec::SoloRunner.new do |node| node.set['rightscale']['instance_uuid'] = 'abcd1234' node.set['rs-base']['collectd_server'] = 'tss-4.rightscale.com' + node.set['rightscale']['monitoring_collector_http'] = 'tss4.rightscale.com' end.converge(described_recipe) end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index bbe952b..1920858 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -21,12 +21,11 @@ libraries_path = File.expand_path('../../libraries', __FILE__) $LOAD_PATH.unshift(libraries_path) unless $LOAD_PATH.include?(libraries_path) +require 'pp' require 'chefspec' require 'chefspec/berkshelf' require 'chefspec/cacher' -require 'coveralls' require 'rspec/support' -Coveralls.wear! ChefSpec::Coverage.start! @@ -36,3 +35,15 @@ config.version = '12.04' config.log_level = :error end + +def platforms? + platforms = { + 'ubuntu' => ['14.04', '16.04'], + 'debian' => ['7.0', '7.4'], + 'fedora' => %w(18 23), + 'redhat' => ['6.5', '7.0'], + 'centos' => ['6.5', '7.0'], + 'suse' => ['11.2', '12.0'], + } + platforms +end diff --git a/spec/swap_spec.rb b/spec/swap_spec.rb index 1e8320c..fe69883 100644 --- a/spec/swap_spec.rb +++ b/spec/swap_spec.rb @@ -5,6 +5,7 @@ let(:chef_run) do ChefSpec::SoloRunner.new do |node| node.set['rs-base']['swap']['file'] = '/mnt/ephemeral/swapfile' + node.set['rightscale']['monitoring_collector_http'] = 'tss4.rightscale.com' end.converge(described_recipe) end diff --git a/spec/sysctl_spec.rb b/spec/sysctl_spec.rb new file mode 100644 index 0000000..8c1ec98 --- /dev/null +++ b/spec/sysctl_spec.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true +require_relative 'spec_helper.rb' + +describe 'rs-base::sysctl' do + platforms?.each do |platform, versions| + versions.each do |version| + context "sysctl tuning is enabled on #{platform.capitalize} #{version}" do + cached(:chef_run) do + ChefSpec::SoloRunner.new(platform: platform, version: version) do |node| + node.set['rs-base']['sysctl']['enabled'] = true + node.set['rightscale']['monitoring_collector_http'] = 'tss4.rightscale.com' + end.converge(described_recipe) + end + + it 'sets the following sysctl settings' do + chef_run.node['rs-base']['sysctl']['settings'].each do |k, v| + pp "setting sysctl param(#{k}) with value(#{v})" + expect(chef_run).to apply_sysctl_param(k).with(value: v) + end + end + it 'sets \'echo never > /sys/kernel/mm/transparent_hugepage/enabled\'' do + expect(chef_run).to run_execute('echo never > /sys/kernel/mm/transparent_hugepage/enabled') + end + end + end + end +end