dust-deploy 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/changelog.md CHANGED
@@ -1,6 +1,21 @@
1
1
  Changelog
2
2
  =============
3
3
 
4
+ 0.6.2
5
+ ------------
6
+
7
+ - adds redis recipe, you can now maintain your redis configurations with dust as well:
8
+
9
+ recipes:
10
+ redis:
11
+ port: 6379
12
+ daemonize: yes
13
+
14
+ - fixes hash_check recipe, now works with centos-like machines as well
15
+ - improves mysql recipe: now sets shm sysctls as well (like the postgresql recipe does)
16
+ - small improvements to automatic innodb tuning
17
+
18
+
4
19
  0.6.1
5
20
  ------------
6
21
 
@@ -80,6 +95,7 @@ Changelog
80
95
  ------------
81
96
 
82
97
  sshd recipe
98
+
83
99
  - default PrintMotd to false on apt systems (will be displayed 2 times otherwise)
84
100
  - no and yes can be specified in config file, without getting converted to booleans automatically
85
101
 
@@ -2,16 +2,9 @@ class HashCheck < Recipe
2
2
 
3
3
  desc 'hash_check:deploy', 'checks /etc/shadow for weak hashes'
4
4
  def deploy
5
- # mkpasswd is in the package 'whois' resp. 'expect'
6
- @node.install_package 'whois' if @node.uses_apt?
7
- @node.install_package 'expect' if @node.uses_rpm?
8
-
9
5
  # those keys indicate that no password is set, or login is disabled
10
6
  keys = [ '*', '!', '!!', '', 'LK', 'NP' ]
11
7
 
12
- # mapping the magic numbers to the actual hash algorithms
13
- algorithms = { '1' => 'md5', '2' => 'blowfish', '5' => 'sha-256', '6' => 'sha-512' }
14
-
15
8
  weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
16
9
  shadow = @node.exec('cat /etc/shadow')[:stdout]
17
10
 
@@ -23,17 +16,22 @@ class HashCheck < Recipe
23
16
  user, hash = line.split(':')[0..1]
24
17
  next if keys.include? hash
25
18
  method, salt = hash.split('$')[1..2]
26
-
19
+
27
20
  weak_passwords.each_line do |password|
28
21
  password.chomp!
29
22
 
30
- # generate the hash for this password, according to salt and method
31
- weak_hash = @node.exec("mkpasswd -m #{algorithms[method.to_s]} -S '#{salt}' '#{password}'")[:stdout]
32
- weak_hash.chomp!
23
+ # python was imho the best solution to generate /etc/shadow hashes.
24
+ # mkpasswd doesn't work on centos-like machines :/
25
+ # and python is more likely installed than ruby
26
+ ret = @node.exec("python -c \"import crypt; print crypt.crypt('#{password}', '\\$#{method}\\$#{salt}\\$')\"")
33
27
 
34
- if weak_hash == hash
28
+ unless ret[:exit_code] == 0
29
+ ::Dust.print_failed 'error during hash creation (is python installed?)'
30
+ return false
31
+ end
32
+ if hash == ret[:stdout].chomp
35
33
  ::Dust.print_failed "user #{user} has a weak password! (#{password})", :indent => 2
36
- found_weak= true
34
+ found_weak = true
37
35
  end
38
36
  end
39
37
  end
@@ -9,12 +9,14 @@ class Mysql < Recipe
9
9
  ::Dust.print_msg "configuring mysql\n"
10
10
  ::Dust.print_ok "listen on #{@config['mysqld']['bind-address']}:#{@config['mysqld']['port']}", :indent => 2
11
11
 
12
- @config['mysqld']['innodb_buffer_pool_size'] = get_innodb_buffer_pool_size
12
+ @config['mysqld']['innodb_buffer_pool_size'] ||= get_innodb_buffer_pool_size
13
13
  ::Dust.print_ok "set innodb buffer pool to '#{@config['mysqld']['innodb_buffer_pool_size']}'", :indent => 2
14
14
 
15
15
  @node.write '/etc/mysql/my.cnf', generate_my_cnf
16
16
  @node.chmod '644', '/etc/mysql/my.cnf'
17
-
17
+
18
+ configure_sysctl
19
+
18
20
  @node.restart_service 'mysql' if options.restart?
19
21
  @node.reload_service 'mysql' if options.reload?
20
22
  end
@@ -53,7 +55,9 @@ class Mysql < Recipe
53
55
  'max_binlog_size' => '100M',
54
56
  'innodb_file_per_table' => 1,
55
57
  'innodb_thread_concurrency' => 0,
56
- 'innodb_flush_log_at_trx_commit' => 1
58
+ 'innodb_flush_log_at_trx_commit' => 1,
59
+ 'innodb_additional_mem_pool_size' => '16M',
60
+ 'innodb_log_buffer_size' => '4M'
57
61
  },
58
62
  'mysqldump' => {
59
63
  'quick' => true,
@@ -77,12 +81,12 @@ class Mysql < Recipe
77
81
  # get system memory (in kb)
78
82
  system_mem = ::Dust.convert_size @node['memorysize']
79
83
 
80
- # allocate 70% of the available ram to mysql
81
- buffer_pool = (system_mem * 0.70).to_i / 1024
82
-
84
+ # allocate 80% of the available ram to mysql
85
+ buffer_pool = (system_mem * 0.8).to_i
86
+
83
87
  ::Dust.print_ok
84
- "#{buffer_pool}M"
85
- end
88
+ "#{buffer_pool / 1024}M"
89
+ end
86
90
  end
87
91
 
88
92
  def generate_my_cnf
@@ -97,5 +101,53 @@ class Mysql < Recipe
97
101
  my_cnf.concat "!includedir /etc/mysql/conf.d/\n"
98
102
  my_cnf
99
103
  end
104
+
105
+ # increase shm memory
106
+ def configure_sysctl
107
+ if @node.uses_apt?
108
+ ::Dust.print_msg "setting mysql sysctl keys\n"
109
+ @node.collect_facts :quiet => true
110
+
111
+ # make sure system allows more than innodb_buffer_pool_size of memory ram to be allocated
112
+ # shmmax = (convert_mysql_size(@config['mysqld']['innodb_buffer_pool_size']) * 1.1).to_i # TODO: 1.1?
113
+
114
+ # get pagesize
115
+ pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096
116
+
117
+ # use half of system memory for shmmax
118
+ shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
119
+ shmall = shmmax / pagesize
120
+
121
+ ::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
122
+ ::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
123
+ ::Dust.print_msg "setting shmall to: #{shmall}", :indent => 2
124
+ ::Dust.print_result @node.exec("sysctl -w kernel.shmall=#{shmall}")[:exit_code]
125
+ ::Dust.print_msg 'setting swappiness to 0', :indent => 2
126
+ ::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
127
+
128
+ file = ''
129
+ file += "kernel.shmmax=#{shmmax}\n"
130
+ file += "kernel.shmall=#{shmall}\n"
131
+ file += "vm.swappiness=0\n" # rather shrink cache then use swap as filesystem cache
132
+
133
+ @node.write "/etc/sysctl.d/30-mysql-shm.conf", file
134
+
135
+ else
136
+ ::Dust.print_warning 'sysctl configuration not supported for your os'
137
+ end
138
+ end
139
+
140
+ def convert_mysql_size s
141
+ case s[-1].chr
142
+ when 'K'
143
+ return (s[0..-2].to_f * 1024).to_i
144
+ when 'M'
145
+ return (s[0..-2].to_f * 1024 * 1024).to_i
146
+ when 'G'
147
+ return (s[0..-2].to_f * 1024 * 1024 * 1024).to_i
148
+ else
149
+ return s.to_i
150
+ end
151
+ end
100
152
  end
101
153
 
@@ -93,9 +93,12 @@ class Postgres < Recipe
93
93
  ::Dust.print_msg "setting postgres sysctl keys\n"
94
94
  @node.collect_facts :quiet => true
95
95
 
96
+ # get pagesize
97
+ pagesize = @node.exec('getconf PAGESIZE')[:stdout] || 4096
98
+
96
99
  # use half of system memory for shmmax
97
100
  shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
98
- shmall = shmmax / 4096 # shmmax/pagesize (pagesize = 4096)
101
+ shmall = shmmax / pagesize
99
102
 
100
103
  ::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
101
104
  ::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
@@ -0,0 +1,91 @@
1
+ class Redis < Recipe
2
+ desc 'redis:deploy', 'installs and configures redis key-value store'
3
+ def deploy
4
+ @node.install_package 'redis-server'
5
+ @node.write '/etc/redis/redis.conf', generate_redis_conf
6
+ configure_sysctl
7
+ @node.restart_service 'redis-server' if @options.restart
8
+ end
9
+
10
+ desc 'redis:status', 'displays redis-cli info'
11
+ def status
12
+ return false unless @node.package_installed? 'redis-server'
13
+ puts @node.exec('redis-cli info')[:stdout]
14
+ end
15
+
16
+
17
+ private
18
+
19
+ # default configuration variables for ubuntu
20
+ # if you use a different os, you may adapt these
21
+ # listens on all interfaces per default
22
+ def default_config
23
+ { 'daemonize' => 'yes',
24
+ 'port' => 6379,
25
+ 'timeout' => 300,
26
+ 'loglevel' => 'notice',
27
+ 'databases' => 16,
28
+ 'save' => [ '900 1', '300 10', '60 10000' ],
29
+ 'rdbcompression' => 'yes',
30
+ 'dbfilename' => 'dump.rdb',
31
+ 'slave-serve-stale-data' => 'yes',
32
+ 'appendonly' => 'no',
33
+ 'appendfsync' => 'everysec',
34
+ 'no-appendfsync-on-rewrite' => 'no',
35
+ 'vm-enabled' => 'no',
36
+ 'vm-max-memory' => 0,
37
+ 'vm-page-size' => 32,
38
+ 'vm-pages' => 134217728,
39
+ 'vm-max-threads' => 4,
40
+ 'hash-max-zipmap-entries' => 512,
41
+ 'hash-max-zipmap-value' => 64,
42
+ 'list-max-ziplist-entries' => 512,
43
+ 'list-max-ziplist-value' => 64,
44
+ 'set-max-intset-entries' => 512,
45
+ 'activerehashing' => 'yes',
46
+
47
+ # os specific settings
48
+ 'dir' => '/var/lib/redis',
49
+ 'pidfile' => '/var/run/redis.pid',
50
+ 'logfile' => '/var/log/redis/redis-server.log',
51
+ 'vm-swap-file' => '/var/lib/redis/redis.swap'
52
+ }
53
+ end
54
+
55
+ def generate_redis_conf
56
+ @config.boolean_to_string!
57
+ @config = default_config.merge @config
58
+
59
+ redis_conf = ''
60
+ @config.each do |key, value|
61
+ if value.is_a? Array
62
+ value.each { |v| redis_conf.concat "#{key} #{v}\n" }
63
+ else
64
+ redis_conf.concat "#{key} #{value}\n"
65
+ end
66
+ end
67
+
68
+ redis_conf
69
+ end
70
+
71
+ # redis complains if vm.overcommit_memory != 1
72
+ def configure_sysctl
73
+ if @node.uses_apt?
74
+ ::Dust.print_msg "setting redis sysctl keys\n"
75
+
76
+ ::Dust.print_msg 'setting overcommit memory to 1', :indent => 2
77
+ ::Dust.print_result @node.exec('sysctl -w vm.overcommit_memory=1')[:exit_code]
78
+ ::Dust.print_msg 'setting swappiness to 0', :indent => 2
79
+ ::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
80
+
81
+ file = ''
82
+ file += "vm.overcommit_memory=1\n"
83
+ file += "vm.swappiness=0\n"
84
+
85
+ @node.write "/etc/sysctl.d/30-redis.conf", file
86
+
87
+ else
88
+ ::Dust.print_warning 'sysctl configuration not supported for your os'
89
+ end
90
+ end
91
+ end
data/lib/dust/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dust
2
- VERSION = "0.6.1"
2
+ VERSION = "0.6.2"
3
3
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 6
8
- - 1
9
- version: 0.6.1
8
+ - 2
9
+ version: 0.6.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2012-01-31 00:00:00 +01:00
17
+ date: 2012-02-02 00:00:00 +01:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -139,6 +139,7 @@ files:
139
139
  - lib/dust/recipes/packages.rb
140
140
  - lib/dust/recipes/postgres.rb
141
141
  - lib/dust/recipes/rc_local.rb
142
+ - lib/dust/recipes/redis.rb
142
143
  - lib/dust/recipes/remove_packages.rb
143
144
  - lib/dust/recipes/repositories.rb
144
145
  - lib/dust/recipes/resolv_conf.rb