dust-deploy 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +5 -0
- data/README.md +17 -4
- data/bin/dust +20 -12
- data/lib/dust/examples/nodes/_default.yaml +15 -0
- data/lib/dust/examples/nodes/_newrelic.yaml +10 -0
- data/lib/dust/examples/nodes/db-staging.yaml +21 -0
- data/lib/dust/examples/nodes/home.yaml +11 -0
- data/lib/dust/examples/nodes/mail.yaml +7 -0
- data/lib/dust/examples/nodes/mysql-production.yaml +10 -0
- data/lib/dust/examples/nodes/proxy-staging.yaml +21 -0
- data/lib/dust/examples/templates/aliases/aliases +4 -0
- data/lib/dust/examples/templates/basic_setup/.your-inputrc +0 -0
- data/lib/dust/examples/templates/basic_setup/.your-vimrc +0 -0
- data/lib/dust/examples/templates/duplicity/cronjob.erb +61 -0
- data/lib/dust/examples/templates/etc_hosts/hosts +1 -0
- data/lib/dust/examples/templates/motd/motd.erb +16 -0
- data/lib/dust/examples/templates/nginx/nginx.conf +11 -0
- data/lib/dust/examples/templates/nginx/sites/othersite.erb +1 -0
- data/lib/dust/examples/templates/nginx/sites/somesite.erb +1 -0
- data/lib/dust/examples/templates/postgres/pacemaker.sh.erb +157 -0
- data/lib/dust/examples/templates/postgres/pg_hba.conf.erb +86 -0
- data/lib/dust/examples/templates/postgres/pg_ident.conf +42 -0
- data/lib/dust/examples/templates/postgres/postgresql.conf.erb +62 -0
- data/lib/dust/examples/templates/postgres/recovery.conf.erb +122 -0
- data/lib/dust/examples/templates/ssh_authorized_keys/users.yaml +13 -0
- data/lib/dust/examples/templates/zabbix_agent/zabbix_agentd.conf.erb +129 -0
- data/lib/dust/version.rb +1 -1
- metadata +26 -3
data/LICENSE
ADDED
data/README.md
CHANGED
@@ -22,11 +22,8 @@ let's start by creating a new directory skeleton
|
|
22
22
|
|
23
23
|
$ dust new mynetwork
|
24
24
|
- spawning new dust directory skeleton into 'mynetwork.dust' [ ok ]
|
25
|
-
- copying example yaml node configuration files - copying _debian.yaml [ ok ]
|
26
|
-
- copying _default.yaml [ ok ]
|
27
|
-
- copying myhost.yaml [ ok ]
|
28
25
|
|
29
|
-
this will create a directory called mynetwork.dust, the nodes, templates and recipes subdirectories and will
|
26
|
+
this will create a directory called mynetwork.dust, the nodes, templates and recipes subdirectories and will copy over example templates and node configurations. hop into your new dust directory and see what's going on:
|
30
27
|
|
31
28
|
$ cd mynetwork.dust
|
32
29
|
|
@@ -141,6 +138,22 @@ you can also overwrite settings in the template with the ones in yourhost.yaml
|
|
141
138
|
|
142
139
|
|
143
140
|
|
141
|
+
filters and proxy
|
142
|
+
------------
|
143
|
+
|
144
|
+
because that's not awesome enough, you can also filter your hosts using the --filter flag
|
145
|
+
$ dust deploy --filter hostname:myhost-1,otherhost
|
146
|
+
|
147
|
+
$ dust deploy --filter group:debian
|
148
|
+
|
149
|
+
|
150
|
+
and even more, it supports socks proxys, so you can maintain your whole infrastructure without setting up a vpn from the outside via ssh
|
151
|
+
|
152
|
+
$ ssh user@gateway.yourcompany.net -D 1080
|
153
|
+
|
154
|
+
$ dust deploy --proxy localhost:1080
|
155
|
+
|
156
|
+
|
144
157
|
|
145
158
|
using recipes (and their templates)
|
146
159
|
------------
|
data/bin/dust
CHANGED
@@ -55,6 +55,7 @@ module Dust
|
|
55
55
|
:restart => :boolean, :reload => :boolean
|
56
56
|
|
57
57
|
def deploy yaml=''
|
58
|
+
return unless check_dust_dir
|
58
59
|
initialize_thorfiles
|
59
60
|
Dust.print_failed 'no servers match this filter' if load_servers(yaml).empty?
|
60
61
|
|
@@ -68,6 +69,7 @@ module Dust
|
|
68
69
|
method_options :filter => :hash, :recipes => :array, :proxy => :string
|
69
70
|
|
70
71
|
def status yaml=''
|
72
|
+
return unless check_dust_dir
|
71
73
|
initialize_thorfiles
|
72
74
|
Dust.print_failed 'no servers match this filter' if load_servers(yaml).empty?
|
73
75
|
|
@@ -78,23 +80,29 @@ module Dust
|
|
78
80
|
# creates directory skeleton for a dust setup
|
79
81
|
desc 'new <name>', 'creates a dust directory skeleton for your network'
|
80
82
|
def new name
|
81
|
-
Dust.print_msg "spawning new dust directory skeleton into '#{name}.dust'"
|
82
|
-
|
83
|
-
Dir.mkdir "#{name}.dust/nodes"
|
84
|
-
Dir.mkdir "#{name}.dust/recipes"
|
85
|
-
Dir.mkdir "#{name}.dust/templates"
|
83
|
+
Dust.print_msg "spawning new dust directory skeleton with examples into '#{name}.dust'"
|
84
|
+
FileUtils.cp_r File.dirname(__FILE__) + '/../lib/dust/examples', "#{name}.dust"
|
86
85
|
Dust.print_ok
|
87
|
-
|
88
|
-
Dust.print_msg "copying example yaml node configuration files\n"
|
89
|
-
Dir[File.dirname(__FILE__) + '/../lib/dust/examples/nodes/*.yaml'].each do |file|
|
90
|
-
Dust.print_msg "copying #{File.basename file}", 2
|
91
|
-
FileUtils.cp file, "#{name}.dust/nodes/#{File.basename file}"
|
92
|
-
Dust.print_ok
|
93
|
-
end
|
94
86
|
end
|
95
87
|
|
88
|
+
|
96
89
|
private
|
97
90
|
|
91
|
+
def check_dust_dir
|
92
|
+
if Dir.pwd.split('.').last != 'dust'
|
93
|
+
Dust.print_failed 'current directory does not end with .dust, are you in your dust directory?'
|
94
|
+
Dust.print_msg "try running 'dust new mynetwork' to let me create one for you with tons of examples!\n", 0
|
95
|
+
return false
|
96
|
+
end
|
97
|
+
|
98
|
+
unless File.directory? './nodes'
|
99
|
+
Dust.print_failed 'could not find \'nodes\' folder in your dust directory. cannot continue.'
|
100
|
+
return false
|
101
|
+
end
|
102
|
+
|
103
|
+
true
|
104
|
+
end
|
105
|
+
|
98
106
|
# run specified recipes in the given context
|
99
107
|
def run_recipes context
|
100
108
|
@nodes.each do |node|
|
@@ -2,3 +2,18 @@
|
|
2
2
|
domain: example.com
|
3
3
|
port: 22
|
4
4
|
user: root
|
5
|
+
|
6
|
+
recipes:
|
7
|
+
|
8
|
+
# default duplicity configuration
|
9
|
+
duplicity:
|
10
|
+
default:
|
11
|
+
backend: "--ftp-passive ftp://user:pass@host"
|
12
|
+
interval: daily
|
13
|
+
nice: 10
|
14
|
+
keep-n-full: 5
|
15
|
+
full-if-older-than: 7D
|
16
|
+
archive: /tmp/duplicity
|
17
|
+
include: [ '/etc/', '/root/', '/var/log/' ]
|
18
|
+
exclude: [ "'**'" ]
|
19
|
+
options: [ 'cleanup' ]
|
@@ -0,0 +1,21 @@
|
|
1
|
+
hostname: [ db-1, db-2, db-3-]
|
2
|
+
inherits: [ _default, _newrelic ]
|
3
|
+
|
4
|
+
recipes:
|
5
|
+
postgres:
|
6
|
+
cluster: main
|
7
|
+
version: 9.1
|
8
|
+
dbuser: 'postgres:postgres'
|
9
|
+
|
10
|
+
iptables:
|
11
|
+
ports:
|
12
|
+
- 22
|
13
|
+
- port: 5432
|
14
|
+
source: 10.13.37.0/24
|
15
|
+
interface: eth1
|
16
|
+
ip-version: 4
|
17
|
+
- port: [ 5404, 5405 ]
|
18
|
+
interface: eth1
|
19
|
+
protocol: udp
|
20
|
+
|
21
|
+
rc_local: blockdev --setra 8192 /dev/vda
|
@@ -0,0 +1,21 @@
|
|
1
|
+
hostname: reverse-proxy
|
2
|
+
inherits: [ _default, _debian ]
|
3
|
+
|
4
|
+
recipes:
|
5
|
+
etc_hosts: dnsmasq
|
6
|
+
nginx:
|
7
|
+
sites-enabled: [ proxy ]
|
8
|
+
|
9
|
+
iptables:
|
10
|
+
ports:
|
11
|
+
- [ 22, 80, 443 ]
|
12
|
+
- port: 53
|
13
|
+
protocol: tcp
|
14
|
+
source: 10.13.37.0/24
|
15
|
+
interface: eth1
|
16
|
+
ip-version: 4
|
17
|
+
- port: 53
|
18
|
+
protocol: udp
|
19
|
+
source: 10.13.37.0/24
|
20
|
+
interface: eth1
|
21
|
+
ip-version: 4
|
File without changes
|
File without changes
|
@@ -0,0 +1,61 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
# the duplicity password
|
4
|
+
export PASSPHRASE=<%= config['passphrase'] %>
|
5
|
+
|
6
|
+
mkdir -p <%= config['archive'] %> &> /dev/null
|
7
|
+
|
8
|
+
% if config['options'].include?('cleanup')
|
9
|
+
# remove old backups
|
10
|
+
nice -n <%= config['nice'] %> duplicity remove-all-but-n-full <%= config['keep-n-full'] %> --force \
|
11
|
+
--archive-dir <%= config['archive'] %> \
|
12
|
+
<%= File.join(config['backend'], config['directory']) %> &> /dev/null
|
13
|
+
|
14
|
+
# clean up
|
15
|
+
nice -n <%= config['nice'] %> duplicity cleanup --force \
|
16
|
+
--archive-dir <%= config['archive'] %> \
|
17
|
+
<%= File.join(config['backend'], config['directory']) %> &> /dev/null
|
18
|
+
% end
|
19
|
+
|
20
|
+
% if config['options'].include?('postgres-base-backup')
|
21
|
+
# make a base backup of the database
|
22
|
+
psql -U postgres -c "SELECT pg_start_backup('postgres-base-backup');" &> /dev/null
|
23
|
+
% end
|
24
|
+
|
25
|
+
% if config['options'].include?('postgres-dump')
|
26
|
+
su postgres -c pg_dumpall 2> /dev/null > /root/.postgres-dump-<%= config['interval'] %>
|
27
|
+
% end
|
28
|
+
|
29
|
+
% if config['options'].include?('mysql-locksync')
|
30
|
+
mysql --defaults-file=/etc/mysql/debian.cnf -e "FLUSH TABLES WITH READ LOCK"
|
31
|
+
sync; sync; sync
|
32
|
+
% end
|
33
|
+
|
34
|
+
% if config['options'].include?('ldap-dump')
|
35
|
+
# dump ldap database
|
36
|
+
/etc/init.d/slapd stop &> /dev/null
|
37
|
+
nice -n $NICE slapcat > /root/.ldap-<%= config['interval'] %> &> /dev/null
|
38
|
+
/etc/init.d/slapd start &> /dev/null
|
39
|
+
% end
|
40
|
+
|
41
|
+
# backup selected directories
|
42
|
+
nice -n <%= config['nice'] %> duplicity --archive-dir <%= config['archive'] %> \
|
43
|
+
--full-if-older-than <%= config['full-if-older-than'] %> --exclude-device-files / \
|
44
|
+
% config['include'].each do |dir|
|
45
|
+
--include <%= dir %> \
|
46
|
+
% end
|
47
|
+
% config['exclude'].each do |dir|
|
48
|
+
--exclude <%= dir %> \
|
49
|
+
% end
|
50
|
+
<%= File.join(config['backend'], config['directory']) %> &> /dev/null
|
51
|
+
|
52
|
+
unset PASSPHRASE
|
53
|
+
|
54
|
+
% if config['options'].include?('postgres-base-backup')
|
55
|
+
# stop backup
|
56
|
+
psql -U postgres -c "SELECT pg_stop_backup();" &> /dev/null
|
57
|
+
% end
|
58
|
+
|
59
|
+
% if config['options'].include?('mysql-locksync')
|
60
|
+
mysql --defaults-file=/etc/mysql/debian.cnf -e "UNLOCK TABLES"
|
61
|
+
% end
|
@@ -0,0 +1 @@
|
|
1
|
+
127.0.0.1 localhost
|
@@ -0,0 +1,16 @@
|
|
1
|
+
this is <%= Dust.blue %><%= node['hostname'] %><%= Dust.none %>, a <%= node['domain'] %> <%= node['environment'] %> server
|
2
|
+
|
3
|
+
% if node['environment'] == 'production'
|
4
|
+
just in case you didn't notice the line above, maybe this cow helps:
|
5
|
+
|
6
|
+
___________________________________
|
7
|
+
< <%= Dust.red %>YOU ARE ON A PRODUCTION SERVER!<%= Dust.none %> >
|
8
|
+
-----------------------------------
|
9
|
+
<%= Dust.yellow %>
|
10
|
+
\ ^__^
|
11
|
+
\ (oo)\_______
|
12
|
+
(__))\/\
|
13
|
+
||----w |
|
14
|
+
|| ||
|
15
|
+
<%= Dust.none %>
|
16
|
+
% end
|
@@ -0,0 +1 @@
|
|
1
|
+
and another site
|
@@ -0,0 +1 @@
|
|
1
|
+
and this is your sites configuration
|
@@ -0,0 +1,157 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
# user as which postgres runs
|
4
|
+
PG_USER=<%= config['dbuser'] %>
|
5
|
+
|
6
|
+
# path to postgres directory (data and archives)
|
7
|
+
PG_DATA=<%= config['data-dir'] %>
|
8
|
+
PG_ARCHIVE=<%= config['archive-dir'] %>
|
9
|
+
|
10
|
+
# path to recovery.conf (on slaves)
|
11
|
+
RECOVERY=$PG_DATA/recovery.conf
|
12
|
+
RECOVERY_DONE=$PG_DATA/recovery.done
|
13
|
+
|
14
|
+
# path to postgresql init script
|
15
|
+
% if node.is_gentoo? true
|
16
|
+
PG_INIT=/etc/init.d/postgresql-<%= config['version'] %>
|
17
|
+
% else
|
18
|
+
PG_INIT=/etc/init.d/postgresql
|
19
|
+
% end
|
20
|
+
|
21
|
+
# the clustered IP
|
22
|
+
DB_MASTER=db-<%= node['environment'] %>-master.<%= node['domain'] %>
|
23
|
+
|
24
|
+
|
25
|
+
start() {
|
26
|
+
# get current status
|
27
|
+
status
|
28
|
+
|
29
|
+
# if configured as slave, touch the trigger file
|
30
|
+
# and promote slave to master
|
31
|
+
if [ $? -eq 3 ]; then
|
32
|
+
TRIGGER=$(grep trigger_file $RECOVERY |cut -d\' -f2)
|
33
|
+
|
34
|
+
if [ "$TRIGGER" = "" ]; then
|
35
|
+
echo "no trigger file configured in recover.conf!"
|
36
|
+
return 1
|
37
|
+
fi
|
38
|
+
|
39
|
+
# check if slave runs postgres
|
40
|
+
$PG_INIT status
|
41
|
+
if [ $? -ne 0 ]; then
|
42
|
+
echo "postgresql not running!"
|
43
|
+
return 1
|
44
|
+
fi
|
45
|
+
|
46
|
+
touch $TRIGGER
|
47
|
+
fi
|
48
|
+
|
49
|
+
return 0
|
50
|
+
}
|
51
|
+
|
52
|
+
stop() {
|
53
|
+
# if configured as master, stop postgresql
|
54
|
+
if [ ! -e $RECOVERY_DONE ]; then
|
55
|
+
$PG_INIT stop
|
56
|
+
|
57
|
+
# always return success, because we want pacemaker
|
58
|
+
# to setup a new master no matter what.
|
59
|
+
# return $?
|
60
|
+
return 0
|
61
|
+
fi
|
62
|
+
|
63
|
+
return 0
|
64
|
+
}
|
65
|
+
|
66
|
+
status() {
|
67
|
+
if [ -e $RECOVERY ]; then
|
68
|
+
echo "postgresql configured as slave"
|
69
|
+
return 3
|
70
|
+
elif [ -e $RECOVERY_DONE ]; then
|
71
|
+
echo "postgres configured as master"
|
72
|
+
|
73
|
+
# check if postgres status is ok, return
|
74
|
+
$PG_INIT status
|
75
|
+
return $?
|
76
|
+
else
|
77
|
+
echo "couldn't determine configuration status"
|
78
|
+
return 1
|
79
|
+
fi
|
80
|
+
}
|
81
|
+
|
82
|
+
|
83
|
+
resync() {
|
84
|
+
# check if this is a master
|
85
|
+
status
|
86
|
+
|
87
|
+
if [ $? -eq 0 -a -e $RECOVERY_DONE ]; then
|
88
|
+
echo "found recovery.done file, NOT syncing, because this is probably running a master!"
|
89
|
+
echo "if you want to sync, remove $RECOVERY_DONE and try again."
|
90
|
+
return 1
|
91
|
+
fi
|
92
|
+
|
93
|
+
$PG_INIT stop
|
94
|
+
|
95
|
+
# remove old (x)logs
|
96
|
+
rm -r $PG_DATA/pg_xlog $PG_DATA/pg_log $PG_DATA/postmaster.log $PG_DATA/postmaster.pid &> /dev/null
|
97
|
+
|
98
|
+
# start backup mode, sync files, stop backup mode
|
99
|
+
ssh $DB_MASTER "psql -U postgres -c \"SELECT pg_start_backup('automatic-resync', true)\""
|
100
|
+
rsync -aze 'ssh' $DB_MASTER:/$PG_DATA/ $PG_DATA --delete --progress \
|
101
|
+
--exclude pg_xlog --exclude postmaster.pid --exclude pg_log --exclude postmaster.log
|
102
|
+
ssh $DB_MASTER "psql -U postgres -c \"SELECT pg_stop_backup()\""
|
103
|
+
|
104
|
+
# create missing directories, change user
|
105
|
+
mkdir $PG_DATA/pg_log $PG_DATA/pg_xlog
|
106
|
+
chown $PG_USER -R $PG_DATA
|
107
|
+
chmod 700 -R $PG_DATA
|
108
|
+
|
109
|
+
# actually, only the wal files during backup need to be synced
|
110
|
+
# but parsing this out is complicated.
|
111
|
+
mkdir $PG_ARCHIVE &> /dev/null
|
112
|
+
rsync -aze 'ssh' $DB_MASTER:/$PG_ARCHIVE/ $PG_ARCHIVE --delete --progress
|
113
|
+
|
114
|
+
# remove the trigger file
|
115
|
+
TRIGGER=$(grep trigger_file $RECOVERY_DONE |cut -d\' -f2)
|
116
|
+
rm $TRIGGER &> /dev/null
|
117
|
+
|
118
|
+
# activate slave mode
|
119
|
+
mv $RECOVERY_DONE $RECOVERY
|
120
|
+
|
121
|
+
$PG_INIT start
|
122
|
+
}
|
123
|
+
|
124
|
+
|
125
|
+
case "$1" in
|
126
|
+
start)
|
127
|
+
start
|
128
|
+
exit $?
|
129
|
+
;;
|
130
|
+
|
131
|
+
stop)
|
132
|
+
stop
|
133
|
+
exit $?
|
134
|
+
;;
|
135
|
+
|
136
|
+
status)
|
137
|
+
status
|
138
|
+
exit $?
|
139
|
+
;;
|
140
|
+
|
141
|
+
restart|reload|force-reload)
|
142
|
+
echo "Error: argument '$1' not supported" >&2
|
143
|
+
exit 3
|
144
|
+
;;
|
145
|
+
|
146
|
+
resync)
|
147
|
+
resync
|
148
|
+
exit 0
|
149
|
+
;;
|
150
|
+
|
151
|
+
*)
|
152
|
+
echo "Usage: $0 [start|stop|status]" >&2
|
153
|
+
exit 3
|
154
|
+
;;
|
155
|
+
|
156
|
+
esac
|
157
|
+
|
@@ -0,0 +1,86 @@
|
|
1
|
+
# PostgreSQL Client Authentication Configuration File
|
2
|
+
# ===================================================
|
3
|
+
#
|
4
|
+
# Refer to the "Client Authentication" section in the PostgreSQL
|
5
|
+
# documentation for a complete description of this file. A short
|
6
|
+
# synopsis follows.
|
7
|
+
#
|
8
|
+
# This file controls: which hosts are allowed to connect, how clients
|
9
|
+
# are authenticated, which PostgreSQL user names they can use, which
|
10
|
+
# databases they can access. Records take one of these forms:
|
11
|
+
#
|
12
|
+
# local DATABASE USER METHOD [OPTIONS]
|
13
|
+
# host DATABASE USER CIDR-ADDRESS METHOD [OPTIONS]
|
14
|
+
# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTIONS]
|
15
|
+
# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTIONS]
|
16
|
+
#
|
17
|
+
# (The uppercase items must be replaced by actual values.)
|
18
|
+
#
|
19
|
+
# The first field is the connection type: "local" is a Unix-domain
|
20
|
+
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
|
21
|
+
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
|
22
|
+
# plain TCP/IP socket.
|
23
|
+
#
|
24
|
+
# DATABASE can be "all", "sameuser", "samerole", "replication", a
|
25
|
+
# database name, or a comma-separated list thereof.
|
26
|
+
#
|
27
|
+
# USER can be "all", a user name, a group name prefixed with "+", or a
|
28
|
+
# comma-separated list thereof. In both the DATABASE and USER fields
|
29
|
+
# you can also write a file name prefixed with "@" to include names
|
30
|
+
# from a separate file.
|
31
|
+
#
|
32
|
+
# CIDR-ADDRESS specifies the set of hosts the record matches. It is
|
33
|
+
# made up of an IP address and a CIDR mask that is an integer (between
|
34
|
+
# 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies the number
|
35
|
+
# of significant bits in the mask. Alternatively, you can write an IP
|
36
|
+
# address and netmask in separate columns to specify the set of hosts.
|
37
|
+
# Instead of a CIDR-address, you can write "samehost" to match any of
|
38
|
+
# the server's own IP addresses, or "samenet" to match any address in
|
39
|
+
# any subnet that the server is directly connected to.
|
40
|
+
#
|
41
|
+
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
|
42
|
+
# "krb5", "ident", "pam", "ldap", "radius" or "cert". Note that
|
43
|
+
# "password" sends passwords in clear text; "md5" is preferred since
|
44
|
+
# it sends encrypted passwords.
|
45
|
+
#
|
46
|
+
# OPTIONS are a set of options for the authentication in the format
|
47
|
+
# NAME=VALUE. The available options depend on the different
|
48
|
+
# authentication methods -- refer to the "Client Authentication"
|
49
|
+
# section in the documentation for a list of which options are
|
50
|
+
# available for which authentication methods.
|
51
|
+
#
|
52
|
+
# Database and user names containing spaces, commas, quotes and other
|
53
|
+
# special characters must be quoted. Quoting one of the keywords
|
54
|
+
# "all", "sameuser", "samerole" or "replication" makes the name lose
|
55
|
+
# its special character, and just match a database or username with
|
56
|
+
# that name.
|
57
|
+
#
|
58
|
+
# This file is read on server startup and when the postmaster receives
|
59
|
+
# a SIGHUP signal. If you edit the file on a running system, you have
|
60
|
+
# to SIGHUP the postmaster for the changes to take effect. You can
|
61
|
+
# use "pg_ctl reload" to do that.
|
62
|
+
|
63
|
+
# Put your actual configuration here
|
64
|
+
# ----------------------------------
|
65
|
+
#
|
66
|
+
# If you want to allow non-local connections, you need to add more
|
67
|
+
# "host" records. In that case you will also need to make PostgreSQL
|
68
|
+
# listen on a non-local interface via the listen_addresses
|
69
|
+
# configuration parameter, or via the -i or -h command line switches.
|
70
|
+
|
71
|
+
# CAUTION: Configuring the system for local "trust" authentication
|
72
|
+
# allows any local user to connect as any PostgreSQL user, including
|
73
|
+
# the database superuser. If you do not trust all your local users,
|
74
|
+
# use another authentication method.
|
75
|
+
|
76
|
+
|
77
|
+
# TYPE DATABASE USER CIDR-ADDRESS METHOD
|
78
|
+
|
79
|
+
# IPv4 local connections:
|
80
|
+
#host all all 127.0.0.1/32 trust
|
81
|
+
# IPv6 local connections:
|
82
|
+
#host all all ::1/128 trust
|
83
|
+
|
84
|
+
|
85
|
+
# "local" is for Unix domain socket connections only
|
86
|
+
local all postgres trust
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# PostgreSQL User Name Maps
|
2
|
+
# =========================
|
3
|
+
#
|
4
|
+
# Refer to the PostgreSQL documentation, chapter "Client
|
5
|
+
# Authentication" for a complete description. A short synopsis
|
6
|
+
# follows.
|
7
|
+
#
|
8
|
+
# This file controls PostgreSQL user name mapping. It maps external
|
9
|
+
# user names to their corresponding PostgreSQL user names. Records
|
10
|
+
# are of the form:
|
11
|
+
#
|
12
|
+
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
13
|
+
#
|
14
|
+
# (The uppercase quantities must be replaced by actual values.)
|
15
|
+
#
|
16
|
+
# MAPNAME is the (otherwise freely chosen) map name that was used in
|
17
|
+
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
|
18
|
+
# client. PG-USERNAME is the requested PostgreSQL user name. The
|
19
|
+
# existence of a record specifies that SYSTEM-USERNAME may connect as
|
20
|
+
# PG-USERNAME.
|
21
|
+
#
|
22
|
+
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
|
23
|
+
# regular expression. Optionally this can contain a capture (a
|
24
|
+
# parenthesized subexpression). The substring matching the capture
|
25
|
+
# will be substituted for \1 (backslash-one) if present in
|
26
|
+
# PG-USERNAME.
|
27
|
+
#
|
28
|
+
# Multiple maps may be specified in this file and used by pg_hba.conf.
|
29
|
+
#
|
30
|
+
# No map names are defined in the default configuration. If all
|
31
|
+
# system user names and PostgreSQL user names are the same, you don't
|
32
|
+
# need anything in this file.
|
33
|
+
#
|
34
|
+
# This file is read on server startup and when the postmaster receives
|
35
|
+
# a SIGHUP signal. If you edit the file on a running system, you have
|
36
|
+
# to SIGHUP the postmaster for the changes to take effect. You can
|
37
|
+
# use "pg_ctl reload" to do that.
|
38
|
+
|
39
|
+
# Put your actual configuration here
|
40
|
+
# ----------------------------------
|
41
|
+
|
42
|
+
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
@@ -0,0 +1,62 @@
|
|
1
|
+
data_directory = '<%= config['data-dir'] %>'
|
2
|
+
hba_file = '<%= config['conf-dir'] %>/pg_hba.conf'
|
3
|
+
ident_file = '<%= config['conf-dir'] %>/pg_ident.conf'
|
4
|
+
|
5
|
+
listen_addresses = '*'
|
6
|
+
port = 5432
|
7
|
+
ssl = on
|
8
|
+
|
9
|
+
% if node['environment'] == 'production'
|
10
|
+
max_connections = 200
|
11
|
+
% else
|
12
|
+
max_connections = 100
|
13
|
+
% end
|
14
|
+
|
15
|
+
|
16
|
+
% if node['environment'] == 'production'
|
17
|
+
shared_buffers = 1152MB # min 128kB
|
18
|
+
work_mem = 12MB # min 64kB
|
19
|
+
maintenance_work_mem = 288MB # min 1MB
|
20
|
+
% else
|
21
|
+
shared_buffers = 24MB # min 128kB
|
22
|
+
work_mem = 16MB # min 64kB
|
23
|
+
maintenance_work_mem = 128MB # min 1MB
|
24
|
+
% end
|
25
|
+
|
26
|
+
full_page_writes = yes # make xfs usage safe
|
27
|
+
|
28
|
+
wal_level = hot_standby # minimal, archive, or hot_standby
|
29
|
+
|
30
|
+
% if node['environment'] == 'production'
|
31
|
+
wal_buffers = 8MB # min 32kB
|
32
|
+
checkpoint_segments = 16 # in logfile segments, min 1, 16MB each
|
33
|
+
checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
|
34
|
+
% else
|
35
|
+
#wal_buffers = 64kB # min 32kB
|
36
|
+
#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each
|
37
|
+
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
|
38
|
+
% end
|
39
|
+
|
40
|
+
|
41
|
+
archive_mode = yes
|
42
|
+
archive_command = 'cp -i %p <%= config['archive-dir'] %>/%f < /dev/null'
|
43
|
+
|
44
|
+
max_wal_senders = 5
|
45
|
+
wal_keep_segments = 32
|
46
|
+
hot_standby = on
|
47
|
+
|
48
|
+
% if node['environment'] == 'production'
|
49
|
+
effective_cache_size = 3584MB
|
50
|
+
% else
|
51
|
+
#effective_cache_size = 128MB
|
52
|
+
% end
|
53
|
+
|
54
|
+
default_statistics_target = 50 # range 1-10000
|
55
|
+
constraint_exclusion = on # on, off, or partition
|
56
|
+
|
57
|
+
datestyle = 'iso, mdy'
|
58
|
+
lc_messages = 'en_US.UTF-8' # locale for system error message
|
59
|
+
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
|
60
|
+
lc_numeric = 'en_US.UTF-8' # locale for number formatting
|
61
|
+
lc_time = 'en_US.UTF-8' # locale for time formatting
|
62
|
+
default_text_search_config = 'pg_catalog.english'
|
@@ -0,0 +1,122 @@
|
|
1
|
+
# -------------------------------
|
2
|
+
# PostgreSQL recovery config file
|
3
|
+
# -------------------------------
|
4
|
+
#
|
5
|
+
# Edit this file to provide the parameters that PostgreSQL needs to
|
6
|
+
# perform an archive recovery of a database, or to act as a log-streaming
|
7
|
+
# replication standby.
|
8
|
+
#
|
9
|
+
# If "recovery.conf" is present in the PostgreSQL data directory, it is
|
10
|
+
# read on postmaster startup. After successful recovery, it is renamed
|
11
|
+
# to "recovery.done" to ensure that we do not accidentally re-enter
|
12
|
+
# archive recovery or standby mode.
|
13
|
+
#
|
14
|
+
# This file consists of lines of the form:
|
15
|
+
#
|
16
|
+
# name = 'value'
|
17
|
+
#
|
18
|
+
# (The quotes around the value are NOT optional, but the "=" is.)
|
19
|
+
#
|
20
|
+
# Comments are introduced with '#'.
|
21
|
+
#
|
22
|
+
# The complete list of option names and allowed values can be found
|
23
|
+
# in the PostgreSQL documentation.
|
24
|
+
#
|
25
|
+
#---------------------------------------------------------------------------
|
26
|
+
# ARCHIVE RECOVERY PARAMETERS
|
27
|
+
#---------------------------------------------------------------------------
|
28
|
+
#
|
29
|
+
# restore_command
|
30
|
+
#
|
31
|
+
# specifies the shell command that is executed to copy log files
|
32
|
+
# back from archival storage. The command string may contain %f,
|
33
|
+
# which is replaced by the name of the desired log file, and %p,
|
34
|
+
# which is replaced by the absolute path to copy the log file to.
|
35
|
+
#
|
36
|
+
# This parameter is *required* for an archive recovery, but optional
|
37
|
+
# for streaming replication.
|
38
|
+
#
|
39
|
+
# It is important that the command return nonzero exit status on failure.
|
40
|
+
# The command *will* be asked for log files that are not present in the
|
41
|
+
# archive; it must return nonzero when so asked.
|
42
|
+
#
|
43
|
+
# NOTE that the basename of %p will be different from %f; do not
|
44
|
+
# expect them to be interchangeable.
|
45
|
+
#
|
46
|
+
restore_command = 'cp -i <%= config['archive-dir'] %>/%f %p < /dev/null'
|
47
|
+
#
|
48
|
+
#
|
49
|
+
# archive_cleanup_command
|
50
|
+
#
|
51
|
+
# specifies an optional shell command to execute at every restartpoint.
|
52
|
+
# This can be useful for cleaning up the archive of a standby server.
|
53
|
+
#
|
54
|
+
#archive_cleanup_command = ''
|
55
|
+
#
|
56
|
+
# recovery_end_command
|
57
|
+
#
|
58
|
+
# specifies an optional shell command to execute at completion of recovery.
|
59
|
+
# This can be useful for cleaning up after the restore_command.
|
60
|
+
#
|
61
|
+
#recovery_end_command = ''
|
62
|
+
#
|
63
|
+
#---------------------------------------------------------------------------
|
64
|
+
# RECOVERY TARGET PARAMETERS
|
65
|
+
#---------------------------------------------------------------------------
|
66
|
+
#
|
67
|
+
# By default, recovery will rollforward to the end of the WAL log.
|
68
|
+
# If you want to stop rollforward at a specific point, you
|
69
|
+
# must set a recovery target.
|
70
|
+
#
|
71
|
+
# You may set a recovery target either by transactionId, or
|
72
|
+
# by timestamp. Recovery may either include or exclude the
|
73
|
+
# transaction(s) with the recovery target value (ie, stop either
|
74
|
+
# just after or just before the given target, respectively).
|
75
|
+
#
|
76
|
+
#recovery_target_time = '2011-07-25 14:10:00 CEST' # e.g. '2004-07-14 22:39:00 EST'
|
77
|
+
#
|
78
|
+
#recovery_target_xid = ''
|
79
|
+
#
|
80
|
+
#recovery_target_inclusive = 'true'
|
81
|
+
#
|
82
|
+
#
|
83
|
+
# If you want to recover into a timeline other than the "main line" shown in
|
84
|
+
# pg_control, specify the timeline number here, or write 'latest' to get
|
85
|
+
# the latest branch for which there's a history file.
|
86
|
+
#
|
87
|
+
#recovery_target_timeline = 'latest'
|
88
|
+
#
|
89
|
+
#---------------------------------------------------------------------------
|
90
|
+
# STANDBY SERVER PARAMETERS
|
91
|
+
#---------------------------------------------------------------------------
|
92
|
+
#
|
93
|
+
# When standby_mode is enabled, the PostgreSQL server will work as
|
94
|
+
# a standby. It tries to connect to the primary according to the
|
95
|
+
# connection settings primary_conninfo, and receives XLOG records
|
96
|
+
# continuously.
|
97
|
+
#
|
98
|
+
standby_mode = 'on'
|
99
|
+
#
|
100
|
+
% if node['environment'] == 'production'
|
101
|
+
primary_conninfo = '<your pg connection string here>'
|
102
|
+
% elsif node['environment'] == 'staging'
|
103
|
+
primary_conninfo = '<your pg connection string here>'
|
104
|
+
% end
|
105
|
+
|
106
|
+
#
|
107
|
+
#
|
108
|
+
# By default, a standby server keeps streaming XLOG records from the
|
109
|
+
# primary indefinitely. If you want to stop streaming and finish recovery,
|
110
|
+
# opening up the system in read/write mode, specify path to a trigger file.
|
111
|
+
# Server will poll the trigger file path periodically and stop streaming
|
112
|
+
# when it's found.
|
113
|
+
#
|
114
|
+
trigger_file = '/var/lib/postgresql/<%= config['version'] %>/master_trigger'
|
115
|
+
#
|
116
|
+
#---------------------------------------------------------------------------
|
117
|
+
# HOT STANDBY PARAMETERS
|
118
|
+
#---------------------------------------------------------------------------
|
119
|
+
#
|
120
|
+
# Hot Standby related parameters are listed in postgresql.conf
|
121
|
+
#
|
122
|
+
#---------------------------------------------------------------------------
|
@@ -0,0 +1,129 @@
|
|
1
|
+
# This is config file for zabbix_agentd
|
2
|
+
# in case the agent is started standalone from init.d (not via inetd).
|
3
|
+
#
|
4
|
+
# To get more information about ZABBIX, go http://www.zabbix.com
|
5
|
+
|
6
|
+
############ GENERAL PARAMETERS #################
|
7
|
+
|
8
|
+
# List of comma delimited IP addresses (or hostnames) of ZABBIX servers.
|
9
|
+
# No spaces allowed. First entry is used for sending active checks.
|
10
|
+
# Note that hostnames must resolve hostname->IP address and
|
11
|
+
# IP address->hostname.
|
12
|
+
|
13
|
+
Server=zabbix.<%= node['domain'] %>
|
14
|
+
|
15
|
+
# Server port for sending active checks
|
16
|
+
|
17
|
+
#ServerPort=10051
|
18
|
+
|
19
|
+
# Unique hostname. Required for active checks.
|
20
|
+
|
21
|
+
Hostname=<%= node['fqdn'] %>
|
22
|
+
|
23
|
+
# Listen port. Default is 10050
|
24
|
+
|
25
|
+
#ListenPort=10050
|
26
|
+
|
27
|
+
# IP address to bind agent
|
28
|
+
# If missing, bind to all available IPs
|
29
|
+
|
30
|
+
#ListenIP=127.0.0.1
|
31
|
+
|
32
|
+
# Number of pre-forked instances of zabbix_agentd.
|
33
|
+
# Default value is 5
|
34
|
+
# This parameter must be between 1 and 16
|
35
|
+
|
36
|
+
StartAgents=5
|
37
|
+
|
38
|
+
# How often refresh list of active checks. 2 minutes by default.
|
39
|
+
|
40
|
+
#RefreshActiveChecks=120
|
41
|
+
|
42
|
+
# Disable active checks. The agent will work in passive mode listening server.
|
43
|
+
|
44
|
+
#DisableActive=1
|
45
|
+
|
46
|
+
# Enable remote commands for ZABBIX agent. By default remote commands disabled.
|
47
|
+
|
48
|
+
#EnableRemoteCommands=1
|
49
|
+
|
50
|
+
# Specifies debug level
|
51
|
+
# 0 - debug is not created
|
52
|
+
# 1 - critical information
|
53
|
+
# 2 - error information
|
54
|
+
# 3 - warnings
|
55
|
+
# 4 - information (default)
|
56
|
+
# 5 - for debugging (produces lots of information)
|
57
|
+
|
58
|
+
DebugLevel=3
|
59
|
+
|
60
|
+
# Name of PID file
|
61
|
+
|
62
|
+
% if node.uses_apt? true
|
63
|
+
PidFile=/var/run/zabbix-agent/zabbix_agentd.pid
|
64
|
+
% elsif node.uses_emerge? true
|
65
|
+
PidFile=/var/run/zabbix/zabbix_agentd.pid
|
66
|
+
% elsif node.uses_rpm? true
|
67
|
+
PidFile=/var/run/zabbix/zabbix_agentd.pid
|
68
|
+
% end
|
69
|
+
|
70
|
+
# Name of log file.
|
71
|
+
# If not set, syslog will be used
|
72
|
+
|
73
|
+
% if node.uses_apt? true
|
74
|
+
LogFile=/var/log/zabbix-agent/zabbix_agentd.log
|
75
|
+
% elsif node.uses_emerge? true
|
76
|
+
LogFile=/var/log/zabbix/zabbix_agentd.log
|
77
|
+
% elsif node.uses_emerge? true
|
78
|
+
LogFile=/var/log/zabbix/zabbix_agentd.log
|
79
|
+
% end
|
80
|
+
|
81
|
+
# Maximum size of log file in MB. Set to 0 to disable automatic log rotation.
|
82
|
+
#LogFileSize=1
|
83
|
+
|
84
|
+
# Spend no more than Timeout seconds on processing
|
85
|
+
# Must be between 1 and 30
|
86
|
+
|
87
|
+
Timeout=30
|
88
|
+
|
89
|
+
####### USER-DEFINED MONITORED PARAMETERS #######
|
90
|
+
# Format: UserParameter=<key>,<shell command>
|
91
|
+
# Note that shell command must not return empty string or EOL only
|
92
|
+
|
93
|
+
# system updates
|
94
|
+
% if node.uses_apt? true
|
95
|
+
UserParameter=debian.updates,aptitude search '~U' |wc -l
|
96
|
+
UserParameter=debian.security,debsecan --suite squeeze --only-fixed --format packages |wc -l
|
97
|
+
|
98
|
+
% elsif node.uses_emerge? true
|
99
|
+
UserParameter=gentoo.security,glsa-check -t all 2>/dev/null | wc -l
|
100
|
+
UserParameter=gentoo.updates,emerge -uNDp @world | grep ebuild|wc -l
|
101
|
+
UserParameter=gentoo.portage,emerge --info| grep 'Timestamp of tree' | sed -e s/'Timestamp of tree':// -e 's/\n//' | xargs -I {} date --date={} +%s |xargs -I {} expr $(date +%s) - {}
|
102
|
+
UserParameter=gentoo.config,find /etc/ -name '._cfg*' 2>/dev/null|wc -l
|
103
|
+
|
104
|
+
% elsif node.uses_rpm? true
|
105
|
+
UserParameter=centos.updates,yum check-update -q |wc -l
|
106
|
+
% end
|
107
|
+
|
108
|
+
% if node.package_installed?( [ 'postgresql-server', 'postgresql' ], true )
|
109
|
+
# postgres
|
110
|
+
UserParameter=psql.version,psql --version|head -n1
|
111
|
+
UserParameter=psql.server_processes,psql -U zabbix -t -c "select sum(numbackends) from pg_stat_database" postgres
|
112
|
+
UserParameter=psql.db_connections,psql -U zabbix -t -c "select count(*) from pg_stat_activity" postgres
|
113
|
+
UserParameter=psql.db_fetched,psql -U zabbix -t -c "select sum(tup_fetched) from pg_stat_database" postgres
|
114
|
+
UserParameter=psql.db_deleted,psql -U zabbix -t -c "select sum(tup_deleted) from pg_stat_database" postgres
|
115
|
+
UserParameter=psql.db_inserted,psql -U zabbix -t -c "select sum(tup_inserted) from pg_stat_database" postgres
|
116
|
+
UserParameter=psql.db_returned,psql -U zabbix -t -c "select sum(tup_returned) from pg_stat_database" postgres
|
117
|
+
UserParameter=psql.db_updated,psql -U zabbix -t -c "select sum(tup_updated) from pg_stat_database" postgres
|
118
|
+
UserParameter=psql.tx_commited,psql -U zabbix -t -c "select sum(xact_commit) from pg_stat_database" postgres
|
119
|
+
UserParameter=psql.tx_rolledback,psql -U zabbix -t -c "select sum(xact_rollback) from pg_stat_database" postgres
|
120
|
+
UserParameter=psql.blks_hit,psql -U zabbix -t -c "select sum(blks_hit) from pg_stat_database" postgres
|
121
|
+
UserParameter=psql.blks_read,psql -U zabbix -t -c "select sum(blks_read) from pg_stat_database" postgres
|
122
|
+
% end
|
123
|
+
|
124
|
+
% if node.package_installed?('arcconf', true)
|
125
|
+
# adaptec raid
|
126
|
+
UserParameter=raid.smart_warnings,/sbin/arcconf getconfig 1 pd |grep "S.M.A.R.T. warnings" | awk '{SMART += $4} END {print SMART}'
|
127
|
+
UserParameter=raid.disk_rpm,/sbin/arcconf getconfig 1 pd |grep "Power State" |grep -v "Full rpm" |wc -l
|
128
|
+
UserParameter=raid.disk_state,/sbin/arcconf getconfig 1 pd |grep "\s\sState" |grep -v "Online" |wc -l
|
129
|
+
% end
|
data/lib/dust/version.rb
CHANGED
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
8
|
+
- 3
|
9
|
+
version: 0.1.3
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- kris kechagia
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-12-
|
17
|
+
date: 2011-12-20 00:00:00 +01:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -77,6 +77,7 @@ extra_rdoc_files: []
|
|
77
77
|
files:
|
78
78
|
- .gitignore
|
79
79
|
- Gemfile
|
80
|
+
- LICENSE
|
80
81
|
- README.md
|
81
82
|
- Rakefile
|
82
83
|
- bin/dust
|
@@ -85,7 +86,29 @@ files:
|
|
85
86
|
- lib/dust/convert_size.rb
|
86
87
|
- lib/dust/examples/nodes/_debian.yaml
|
87
88
|
- lib/dust/examples/nodes/_default.yaml
|
89
|
+
- lib/dust/examples/nodes/_newrelic.yaml
|
90
|
+
- lib/dust/examples/nodes/db-staging.yaml
|
91
|
+
- lib/dust/examples/nodes/home.yaml
|
92
|
+
- lib/dust/examples/nodes/mail.yaml
|
88
93
|
- lib/dust/examples/nodes/myhost.yaml
|
94
|
+
- lib/dust/examples/nodes/mysql-production.yaml
|
95
|
+
- lib/dust/examples/nodes/proxy-staging.yaml
|
96
|
+
- lib/dust/examples/templates/aliases/aliases
|
97
|
+
- lib/dust/examples/templates/basic_setup/.your-inputrc
|
98
|
+
- lib/dust/examples/templates/basic_setup/.your-vimrc
|
99
|
+
- lib/dust/examples/templates/duplicity/cronjob.erb
|
100
|
+
- lib/dust/examples/templates/etc_hosts/hosts
|
101
|
+
- lib/dust/examples/templates/motd/motd.erb
|
102
|
+
- lib/dust/examples/templates/nginx/nginx.conf
|
103
|
+
- lib/dust/examples/templates/nginx/sites/othersite.erb
|
104
|
+
- lib/dust/examples/templates/nginx/sites/somesite.erb
|
105
|
+
- lib/dust/examples/templates/postgres/pacemaker.sh.erb
|
106
|
+
- lib/dust/examples/templates/postgres/pg_hba.conf.erb
|
107
|
+
- lib/dust/examples/templates/postgres/pg_ident.conf
|
108
|
+
- lib/dust/examples/templates/postgres/postgresql.conf.erb
|
109
|
+
- lib/dust/examples/templates/postgres/recovery.conf.erb
|
110
|
+
- lib/dust/examples/templates/ssh_authorized_keys/users.yaml
|
111
|
+
- lib/dust/examples/templates/zabbix_agent/zabbix_agentd.conf.erb
|
89
112
|
- lib/dust/print_status.rb
|
90
113
|
- lib/dust/recipes/aliases.rb
|
91
114
|
- lib/dust/recipes/basic_setup.rb
|