dust-deploy 0.1.2 → 0.1.3

data/LICENSE

@@ -0,0 +1,5 @@
+this project is released under the gpl version 3.
+it comes with zero warranty.
+
+https://www.gnu.org/copyleft/gpl.html
+

data/README.md

@@ -22,11 +22,8 @@ let's start by creating a new directory skeleton
 
     $ dust new mynetwork
       - spawning new dust directory skeleton into 'mynetwork.dust' [ ok ]
-      - copying example yaml node configuration files   - copying _debian.yaml [ ok ]
-        - copying _default.yaml [ ok ]
-        - copying myhost.yaml [ ok ]
 
-this will create a directory called mynetwork.dust, the nodes, templates and recipes subdirectories and will create some example configuration files in the nodes directory. hop into your new dust directory and see what's going on:
+this will create a directory called mynetwork.dust, the nodes, templates and recipes subdirectories and will copy over example templates and node configurations. hop into your new dust directory and see what's going on:
 
     $ cd mynetwork.dust
 
@@ -141,6 +138,22 @@ you can also overwrite settings in the template with the ones in yourhost.yaml
 
 
 
+filters and proxy
+------------
+
+because that's not awesome enough, you can also filter your hosts using the --filter flag
+     $ dust deploy --filter hostname:myhost-1,otherhost
+
+     $ dust deploy --filter group:debian
+
+
+and even more, it supports socks proxys, so you can maintain your whole infrastructure without setting up a vpn from the outside via ssh
+
+     $ ssh user@gateway.yourcompany.net -D 1080
+
+     $ dust deploy --proxy localhost:1080
+
+
 
 using recipes (and their templates)
 ------------

data/bin/dust

@@ -55,6 +55,7 @@ module  Dust
                    :restart => :boolean, :reload => :boolean
 
     def deploy yaml=''
+      return unless check_dust_dir
       initialize_thorfiles
       Dust.print_failed 'no servers match this filter' if load_servers(yaml).empty?
 
@@ -68,6 +69,7 @@ module  Dust
     method_options :filter => :hash, :recipes => :array, :proxy => :string
 
     def status yaml=''
+      return unless check_dust_dir
       initialize_thorfiles
       Dust.print_failed 'no servers match this filter' if load_servers(yaml).empty?
 
@@ -78,23 +80,29 @@ module  Dust
     # creates directory skeleton for a dust setup
     desc 'new <name>', 'creates a dust directory skeleton for your network'
     def new name
-      Dust.print_msg "spawning new dust directory skeleton into '#{name}.dust'"
-      Dir.mkdir "#{name}.dust"
-      Dir.mkdir "#{name}.dust/nodes"
-      Dir.mkdir "#{name}.dust/recipes"
-      Dir.mkdir "#{name}.dust/templates"
+      Dust.print_msg "spawning new dust directory skeleton with examples into '#{name}.dust'"
+      FileUtils.cp_r File.dirname(__FILE__) + '/../lib/dust/examples', "#{name}.dust"
       Dust.print_ok
-
-      Dust.print_msg "copying example yaml node configuration files\n"
-      Dir[File.dirname(__FILE__) + '/../lib/dust/examples/nodes/*.yaml'].each do |file|
-        Dust.print_msg "copying #{File.basename file}", 2
-        FileUtils.cp file, "#{name}.dust/nodes/#{File.basename file}"
-        Dust.print_ok
-      end
     end
 
+
     private
 
+    def check_dust_dir
+      if Dir.pwd.split('.').last != 'dust'
+        Dust.print_failed 'current directory does not end with .dust, are you in your dust directory?'
+        Dust.print_msg "try running 'dust new mynetwork' to let me create one for you with tons of examples!\n", 0
+        return false
+      end
+
+      unless File.directory? './nodes'
+        Dust.print_failed 'could not find \'nodes\' folder in your dust directory. cannot continue.'
+        return false
+      end
+
+      true
+    end
+
     # run specified recipes in the given context
     def run_recipes context
       @nodes.each do |node|

data/lib/dust/examples/nodes/_default.yaml

@@ -2,3 +2,18 @@
 domain: example.com
 port: 22
 user: root
+
+recipes:
+
+  # default duplicity configuration
+  duplicity:
+    default:
+      backend: "--ftp-passive ftp://user:pass@host"
+      interval: daily
+      nice: 10
+      keep-n-full: 5
+      full-if-older-than: 7D
+      archive: /tmp/duplicity
+      include: [ '/etc/', '/root/', '/var/log/' ]
+      exclude: [ "'**'" ]
+      options: [ 'cleanup' ]

data/lib/dust/examples/nodes/_newrelic.yaml

@@ -0,0 +1,10 @@
+recipes:
+  repositories:
+    newrelic:
+      url: "http://apt.newrelic.com/debian/"
+      release: "newrelic"
+      key: "http://download.newrelic.com/548C16BF.gpg"
+      components: "non-free"
+      source: false
+
+  newrelic: "<your new relic key here>"

data/lib/dust/examples/nodes/db-staging.yaml

@@ -0,0 +1,21 @@
+hostname: [ db-1, db-2, db-3-]
+inherits: [ _default, _newrelic ]
+
+recipes:
+  postgres:
+    cluster: main
+    version: 9.1
+    dbuser: 'postgres:postgres'
+
+  iptables:
+    ports:
+      - 22
+      - port: 5432
+        source: 10.13.37.0/24
+        interface: eth1
+        ip-version: 4
+      - port: [ 5404, 5405 ]
+        interface: eth1
+        protocol: udp
+
+  rc_local: blockdev --setra 8192 /dev/vda

data/lib/dust/examples/nodes/home.yaml

@@ -0,0 +1,11 @@
+hostname: home
+inherits: [ _default ]
+
+recipes:
+  duplicity:
+    default:
+      passphrase: 'your duplicity passphrase'
+      include: [ /etc/, /root/, /var/log/, /home/ ]
+      archive: /home/.duplicity-tmp
+
+  iptables: disabled

data/lib/dust/examples/nodes/mail.yaml

@@ -0,0 +1,7 @@
+hostname: 10.0.0.1
+inherits: [ _default, _debian ]
+
+recipes:
+  aliases: true
+  iptables:
+    ports: [ 22, 25 ]

data/lib/dust/examples/nodes/mysql-production.yaml

@@ -0,0 +1,10 @@
+hostname: mysql
+inherits: [ _default, _debian ]
+group: mysql
+
+recipes:
+  iptables:
+    ports: [ 22, 3306 ]
+  rc_local: blockdev --setra 8192 /dev/vdc
+  mysql:
+    bind_address: 0.0.0.0

data/lib/dust/examples/nodes/proxy-staging.yaml

@@ -0,0 +1,21 @@
+hostname: reverse-proxy
+inherits: [ _default, _debian ]
+
+recipes:
+  etc_hosts: dnsmasq
+  nginx:
+    sites-enabled: [ proxy ]
+
+  iptables:
+    ports:
+      - [ 22, 80, 443 ]
+      - port: 53
+        protocol: tcp
+        source: 10.13.37.0/24
+        interface: eth1
+        ip-version: 4
+      - port: 53
+        protocol: udp
+        source: 10.13.37.0/24
+        interface: eth1
+        ip-version: 4

data/lib/dust/examples/templates/aliases/aliases

@@ -0,0 +1,4 @@
+postmaster:		root
+hostmaster:		root
+root:			your-address
+no-reply:		/dev/null

data/lib/dust/examples/templates/duplicity/cronjob.erb

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# the duplicity password
+export PASSPHRASE=<%= config['passphrase'] %>
+
+mkdir -p <%= config['archive'] %> &> /dev/null
+
+% if config['options'].include?('cleanup')
+# remove old backups
+nice -n <%= config['nice'] %> duplicity remove-all-but-n-full <%= config['keep-n-full'] %> --force \
+  --archive-dir <%= config['archive'] %> \
+  <%= File.join(config['backend'], config['directory']) %> &> /dev/null
+
+# clean up
+nice -n <%= config['nice'] %> duplicity cleanup --force \
+  --archive-dir <%= config['archive'] %> \
+  <%= File.join(config['backend'], config['directory']) %> &> /dev/null
+% end
+
+% if config['options'].include?('postgres-base-backup')
+# make a base backup of the database
+psql -U postgres -c "SELECT pg_start_backup('postgres-base-backup');" &> /dev/null
+% end
+
+% if config['options'].include?('postgres-dump')
+su postgres -c pg_dumpall 2> /dev/null > /root/.postgres-dump-<%= config['interval'] %>
+% end
+
+% if config['options'].include?('mysql-locksync')
+mysql --defaults-file=/etc/mysql/debian.cnf -e "FLUSH TABLES WITH READ LOCK"
+sync; sync; sync
+% end
+
+% if config['options'].include?('ldap-dump')
+# dump ldap database
+/etc/init.d/slapd stop &> /dev/null
+nice -n $NICE slapcat > /root/.ldap-<%= config['interval'] %> &> /dev/null
+/etc/init.d/slapd start &> /dev/null
+% end
+
+# backup selected directories
+nice -n <%= config['nice'] %> duplicity --archive-dir <%= config['archive'] %> \
+  --full-if-older-than <%= config['full-if-older-than'] %> --exclude-device-files / \
+% config['include'].each do |dir|
+  --include <%= dir %> \
+% end
+% config['exclude'].each do |dir|
+  --exclude <%= dir %> \
+% end
+  <%= File.join(config['backend'], config['directory']) %> &> /dev/null
+
+unset PASSPHRASE
+
+% if config['options'].include?('postgres-base-backup')
+# stop backup
+psql -U postgres -c "SELECT pg_stop_backup();" &> /dev/null
+% end
+
+% if config['options'].include?('mysql-locksync')
+mysql --defaults-file=/etc/mysql/debian.cnf -e "UNLOCK TABLES"
+% end

data/lib/dust/examples/templates/etc_hosts/hosts

@@ -0,0 +1 @@
+127.0.0.1	localhost

data/lib/dust/examples/templates/motd/motd.erb

@@ -0,0 +1,16 @@
+this is <%= Dust.blue %><%= node['hostname'] %><%= Dust.none %>, a <%= node['domain'] %> <%= node['environment'] %> server
+
+% if node['environment'] == 'production'
+just in case you didn't notice the line above, maybe this cow helps:
+
+ ___________________________________ 
+< <%= Dust.red %>YOU ARE ON A PRODUCTION SERVER!<%= Dust.none %> >
+ -----------------------------------
+<%= Dust.yellow %>
+        \   ^__^
+         \  (oo)\_______
+            (__))\/\
+                ||----w |
+                ||     ||
+<%= Dust.none %>
+% end

data/lib/dust/examples/templates/nginx/nginx.conf

@@ -0,0 +1,11 @@
+# your nginx config here
+
+http {
+    access_log	/var/log/nginx/access.log;
+
+    sendfile        on;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}
+

data/lib/dust/examples/templates/nginx/sites/othersite.erb

@@ -0,0 +1 @@
+and another site

data/lib/dust/examples/templates/nginx/sites/somesite.erb

@@ -0,0 +1 @@
+and this is your sites configuration

data/lib/dust/examples/templates/postgres/pacemaker.sh.erb

@@ -0,0 +1,157 @@
+#!/bin/bash
+
+# user as which postgres runs
+PG_USER=<%= config['dbuser'] %>
+
+# path to postgres directory (data and archives)
+PG_DATA=<%= config['data-dir'] %>
+PG_ARCHIVE=<%= config['archive-dir'] %>
+
+# path to recovery.conf (on slaves)
+RECOVERY=$PG_DATA/recovery.conf
+RECOVERY_DONE=$PG_DATA/recovery.done
+
+# path to postgresql init script
+% if node.is_gentoo? true
+PG_INIT=/etc/init.d/postgresql-<%= config['version'] %>
+% else
+PG_INIT=/etc/init.d/postgresql
+% end
+
+# the clustered IP
+DB_MASTER=db-<%= node['environment'] %>-master.<%= node['domain'] %>
+
+
+start() {
+  # get current status
+  status
+
+  # if configured as slave, touch the trigger file
+  # and promote slave to master
+  if [ $? -eq 3 ]; then
+    TRIGGER=$(grep trigger_file $RECOVERY |cut -d\' -f2)
+
+    if [ "$TRIGGER" = "" ]; then
+      echo "no trigger file configured in recover.conf!"
+      return 1
+    fi
+
+    # check if slave runs postgres
+    $PG_INIT status
+    if [ $? -ne 0 ]; then
+      echo "postgresql not running!"
+      return 1
+    fi
+
+    touch $TRIGGER
+  fi 
+
+  return 0
+}
+
+stop() {
+  # if configured as master, stop postgresql
+  if [ ! -e $RECOVERY_DONE ]; then 
+    $PG_INIT stop
+
+    # always return success, because we want pacemaker
+    # to setup a new master no matter what.
+    # return $?
+    return 0
+  fi
+
+  return 0
+}
+
+status() {
+  if [ -e $RECOVERY ]; then
+    echo "postgresql configured as slave"
+    return 3
+  elif [ -e $RECOVERY_DONE ]; then
+    echo "postgres configured as master"
+
+    # check if postgres status is ok, return
+    $PG_INIT status
+    return $?
+  else
+    echo "couldn't determine configuration status"
+    return 1
+  fi
+}
+
+
+resync() {
+    # check if this is a master
+    status
+
+    if [ $? -eq 0 -a -e $RECOVERY_DONE ]; then
+        echo "found recovery.done file, NOT syncing, because this is probably running a master!"
+	echo "if you want to sync, remove $RECOVERY_DONE and try again."
+	return 1
+    fi
+
+    $PG_INIT stop
+
+    # remove old (x)logs
+    rm -r $PG_DATA/pg_xlog $PG_DATA/pg_log $PG_DATA/postmaster.log $PG_DATA/postmaster.pid &> /dev/null
+
+    # start backup mode, sync files, stop backup mode
+    ssh $DB_MASTER "psql -U postgres -c \"SELECT pg_start_backup('automatic-resync', true)\""
+    rsync -aze 'ssh' $DB_MASTER:/$PG_DATA/ $PG_DATA --delete --progress \
+        --exclude pg_xlog --exclude postmaster.pid --exclude pg_log --exclude postmaster.log
+    ssh $DB_MASTER "psql -U postgres -c \"SELECT pg_stop_backup()\""
+
+    # create missing directories, change user
+    mkdir $PG_DATA/pg_log $PG_DATA/pg_xlog
+    chown $PG_USER -R $PG_DATA
+    chmod 700 -R $PG_DATA
+
+    # actually, only the wal files during backup need to be synced
+    # but parsing this out is complicated.
+    mkdir $PG_ARCHIVE &> /dev/null
+    rsync -aze 'ssh' $DB_MASTER:/$PG_ARCHIVE/ $PG_ARCHIVE --delete --progress
+
+    # remove the trigger file
+    TRIGGER=$(grep trigger_file $RECOVERY_DONE |cut -d\' -f2)
+    rm $TRIGGER &> /dev/null
+
+    # activate slave mode
+    mv $RECOVERY_DONE $RECOVERY
+
+    $PG_INIT start
+}
+
+
+case "$1" in
+  start)
+    start
+    exit $?
+    ;;
+
+  stop)
+    stop
+    exit $?
+    ;;
+
+  status)
+    status
+    exit $?
+    ;;
+
+  restart|reload|force-reload)
+    echo "Error: argument '$1' not supported" >&2
+    exit 3
+    ;;
+
+  resync)
+    resync
+    exit 0
+    ;;
+
+  *)
+    echo "Usage: $0 [start|stop|status]" >&2
+    exit 3
+    ;;
+
+esac
+

data/lib/dust/examples/templates/postgres/pg_hba.conf.erb

@@ -0,0 +1,86 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof.
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# CIDR-ADDRESS specifies the set of hosts the record matches.  It is
+# made up of an IP address and a CIDR mask that is an integer (between
+# 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies the number
+# of significant bits in the mask.  Alternatively, you can write an IP
+# address and netmask in separate columns to specify the set of hosts.
+# Instead of a CIDR-address, you can write "samehost" to match any of
+# the server's own IP addresses, or "samenet" to match any address in
+# any subnet that the server is directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
+# "krb5", "ident", "pam", "ldap", "radius" or "cert".  Note that
+# "password" sends passwords in clear text; "md5" is preferred since
+# it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+# CAUTION: Configuring the system for local "trust" authentication
+# allows any local user to connect as any PostgreSQL user, including
+# the database superuser.  If you do not trust all your local users,
+# use another authentication method.
+
+
+# TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
+
+# IPv4 local connections:
+#host    all             all             127.0.0.1/32            trust
+# IPv6 local connections:
+#host    all             all             ::1/128                 trust
+
+
+# "local" is for Unix domain socket connections only
+local	all		postgres				trust

data/lib/dust/examples/templates/postgres/pg_ident.conf

@@ -0,0 +1,42 @@
+# PostgreSQL User Name Maps
+# =========================
+#
+# Refer to the PostgreSQL documentation, chapter "Client
+# Authentication" for a complete description.  A short synopsis
+# follows.
+#
+# This file controls PostgreSQL user name mapping.  It maps external
+# user names to their corresponding PostgreSQL user names.  Records
+# are of the form:
+#
+# MAPNAME  SYSTEM-USERNAME  PG-USERNAME
+#
+# (The uppercase quantities must be replaced by actual values.)
+#
+# MAPNAME is the (otherwise freely chosen) map name that was used in
+# pg_hba.conf.  SYSTEM-USERNAME is the detected user name of the
+# client.  PG-USERNAME is the requested PostgreSQL user name.  The
+# existence of a record specifies that SYSTEM-USERNAME may connect as
+# PG-USERNAME.
+#
+# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
+# regular expression.  Optionally this can contain a capture (a
+# parenthesized subexpression).  The substring matching the capture
+# will be substituted for \1 (backslash-one) if present in
+# PG-USERNAME.
+#
+# Multiple maps may be specified in this file and used by pg_hba.conf.
+#
+# No map names are defined in the default configuration.  If all
+# system user names and PostgreSQL user names are the same, you don't
+# need anything in this file.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+
+# MAPNAME       SYSTEM-USERNAME         PG-USERNAME

data/lib/dust/examples/templates/postgres/postgresql.conf.erb

@@ -0,0 +1,62 @@
+data_directory = '<%= config['data-dir'] %>'
+hba_file = '<%= config['conf-dir'] %>/pg_hba.conf'
+ident_file = '<%= config['conf-dir'] %>/pg_ident.conf'
+
+listen_addresses = '*'
+port = 5432
+ssl = on
+
+% if node['environment'] == 'production'
+max_connections = 200
+% else
+max_connections = 100
+% end
+
+
+% if node['environment'] == 'production'
+shared_buffers = 1152MB			# min 128kB
+work_mem = 12MB				# min 64kB
+maintenance_work_mem = 288MB		# min 1MB
+% else
+shared_buffers = 24MB			# min 128kB
+work_mem = 16MB				# min 64kB
+maintenance_work_mem = 128MB		# min 1MB
+% end
+
+full_page_writes = yes                  # make xfs usage safe
+
+wal_level = hot_standby			# minimal, archive, or hot_standby
+
+% if node['environment'] == 'production'
+wal_buffers = 8MB			# min 32kB
+checkpoint_segments = 16		# in logfile segments, min 1, 16MB each
+checkpoint_completion_target = 0.9	# checkpoint target duration, 0.0 - 1.0
+% else
+#wal_buffers = 64kB			# min 32kB
+#checkpoint_segments = 3		# in logfile segments, min 1, 16MB each
+#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
+% end
+
+
+archive_mode = yes
+archive_command = 'cp -i %p <%= config['archive-dir'] %>/%f < /dev/null'
+
+max_wal_senders = 5
+wal_keep_segments = 32
+hot_standby = on
+
+% if node['environment'] == 'production'
+effective_cache_size = 3584MB
+% else
+#effective_cache_size = 128MB
+% end
+
+default_statistics_target = 50		# range 1-10000
+constraint_exclusion = on		# on, off, or partition
+
+datestyle = 'iso, mdy'
+lc_messages = 'en_US.UTF-8'			# locale for system error message
+lc_monetary = 'en_US.UTF-8'			# locale for monetary formatting
+lc_numeric = 'en_US.UTF-8'			# locale for number formatting
+lc_time = 'en_US.UTF-8'				# locale for time formatting
+default_text_search_config = 'pg_catalog.english'

data/lib/dust/examples/templates/postgres/recovery.conf.erb

@@ -0,0 +1,122 @@
+# -------------------------------
+# PostgreSQL recovery config file
+# -------------------------------
+#
+# Edit this file to provide the parameters that PostgreSQL needs to
+# perform an archive recovery of a database, or to act as a log-streaming
+# replication standby.
+#
+# If "recovery.conf" is present in the PostgreSQL data directory, it is
+# read on postmaster startup.  After successful recovery, it is renamed
+# to "recovery.done" to ensure that we do not accidentally re-enter
+# archive recovery or standby mode.
+#
+# This file consists of lines of the form:
+#
+#   name = 'value'
+#
+# (The quotes around the value are NOT optional, but the "=" is.)
+#
+# Comments are introduced with '#'.
+#
+# The complete list of option names and allowed values can be found
+# in the PostgreSQL documentation.
+#
+#---------------------------------------------------------------------------
+# ARCHIVE RECOVERY PARAMETERS
+#---------------------------------------------------------------------------
+#
+# restore_command
+#
+# specifies the shell command that is executed to copy log files
+# back from archival storage.  The command string may contain %f,
+# which is replaced by the name of the desired log file, and %p,
+# which is replaced by the absolute path to copy the log file to.
+#
+# This parameter is *required* for an archive recovery, but optional
+# for streaming replication.
+#
+# It is important that the command return nonzero exit status on failure.
+# The command *will* be asked for log files that are not present in the
+# archive; it must return nonzero when so asked.
+#
+# NOTE that the basename of %p will be different from %f; do not
+# expect them to be interchangeable.
+#
+restore_command = 'cp -i <%= config['archive-dir'] %>/%f %p < /dev/null'
+#
+#
+# archive_cleanup_command
+#
+# specifies an optional shell command to execute at every restartpoint.
+# This can be useful for cleaning up the archive of a standby server.
+#
+#archive_cleanup_command = ''
+#
+# recovery_end_command
+#
+# specifies an optional shell command to execute at completion of recovery.
+# This can be useful for cleaning up after the restore_command.
+#
+#recovery_end_command = ''
+#
+#---------------------------------------------------------------------------
+# RECOVERY TARGET PARAMETERS
+#---------------------------------------------------------------------------
+#
+# By default, recovery will rollforward to the end of the WAL log.
+# If you want to stop rollforward at a specific point, you
+# must set a recovery target.
+#
+# You may set a recovery target either by transactionId, or
+# by timestamp. Recovery may either include or exclude the
+# transaction(s) with the recovery target value (ie, stop either
+# just after or just before the given target, respectively).
+#
+#recovery_target_time = '2011-07-25 14:10:00 CEST'	# e.g. '2004-07-14 22:39:00 EST'
+#
+#recovery_target_xid = ''
+#
+#recovery_target_inclusive = 'true'
+#
+#
+# If you want to recover into a timeline other than the "main line" shown in
+# pg_control, specify the timeline number here, or write 'latest' to get
+# the latest branch for which there's a history file.
+#
+#recovery_target_timeline = 'latest'
+#
+#---------------------------------------------------------------------------
+# STANDBY SERVER PARAMETERS
+#---------------------------------------------------------------------------
+#
+# When standby_mode is enabled, the PostgreSQL server will work as
+# a standby. It tries to connect to the primary according to the
+# connection settings primary_conninfo, and receives XLOG records
+# continuously.
+#
+standby_mode = 'on'
+#
+% if node['environment'] == 'production'
+primary_conninfo = '<your pg connection string here>'
+% elsif node['environment'] == 'staging'
+primary_conninfo = '<your pg connection string here>'
+% end
+
+#
+#
+# By default, a standby server keeps streaming XLOG records from the
+# primary indefinitely. If you want to stop streaming and finish recovery,
+# opening up the system in read/write mode, specify path to a trigger file.
+# Server will poll the trigger file path periodically and stop streaming
+# when it's found.
+#
+trigger_file = '/var/lib/postgresql/<%= config['version'] %>/master_trigger'
+#
+#---------------------------------------------------------------------------
+# HOT STANDBY PARAMETERS
+#---------------------------------------------------------------------------
+#
+# Hot Standby related parameters are listed in postgresql.conf
+#
+#---------------------------------------------------------------------------

data/lib/dust/examples/templates/ssh_authorized_keys/users.yaml

@@ -0,0 +1,13 @@
+user1:
+  name: Some User
+  email: some.user@gmail.com
+  keys: 
+    - ssh-rsa AAAA....
+
+
+user2:
+  email: otheruser@otherdomain.org
+  keys: 
+    - ssh-rsa AAAA
+    - ssh-rsa AAAA
+

data/lib/dust/examples/templates/zabbix_agent/zabbix_agentd.conf.erb

@@ -0,0 +1,129 @@
+# This is config file for zabbix_agentd
+# in case the agent is started standalone from init.d (not via inetd).
+#
+# To get more information about ZABBIX, go http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+# List of comma delimited IP addresses (or hostnames) of ZABBIX servers. 
+# No spaces allowed. First entry is used for sending active checks.
+# Note that hostnames must resolve hostname->IP address and
+# IP address->hostname.
+
+Server=zabbix.<%= node['domain'] %>
+
+# Server port for sending active checks
+
+#ServerPort=10051
+
+# Unique hostname. Required for active checks.
+
+Hostname=<%= node['fqdn'] %>
+
+# Listen port. Default is 10050
+
+#ListenPort=10050
+
+# IP address to bind agent
+# If missing, bind to all available IPs
+
+#ListenIP=127.0.0.1
+
+# Number of pre-forked instances of zabbix_agentd.
+# Default value is 5
+# This parameter must be between 1 and 16
+
+StartAgents=5
+
+# How often refresh list of active checks. 2 minutes by default.
+
+#RefreshActiveChecks=120
+
+# Disable active checks. The agent will work in passive mode listening server.
+
+#DisableActive=1
+
+# Enable remote commands for ZABBIX agent. By default remote commands disabled.
+
+#EnableRemoteCommands=1
+
+# Specifies debug level
+# 0 - debug is not created
+# 1 - critical information
+# 2 - error information
+# 3 - warnings
+# 4 - information (default)
+# 5 - for debugging (produces lots of information)
+
+DebugLevel=3
+
+# Name of PID file
+
+% if node.uses_apt? true
+PidFile=/var/run/zabbix-agent/zabbix_agentd.pid
+% elsif node.uses_emerge? true
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+% elsif node.uses_rpm? true
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+% end
+
+# Name of log file.
+# If not set, syslog will be used
+
+% if node.uses_apt? true
+LogFile=/var/log/zabbix-agent/zabbix_agentd.log
+% elsif node.uses_emerge? true
+LogFile=/var/log/zabbix/zabbix_agentd.log
+% elsif node.uses_emerge? true
+LogFile=/var/log/zabbix/zabbix_agentd.log
+% end
+
+# Maximum size of log file in MB. Set to 0 to disable automatic log rotation.
+#LogFileSize=1
+
+# Spend no more than Timeout seconds on processing
+# Must be between 1 and 30
+
+Timeout=30
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+# Format: UserParameter=<key>,<shell command>
+# Note that shell command must not return empty string or EOL only
+
+# system updates
+% if node.uses_apt? true
+UserParameter=debian.updates,aptitude search '~U' |wc -l
+UserParameter=debian.security,debsecan --suite squeeze --only-fixed --format packages |wc -l
+
+% elsif node.uses_emerge? true
+UserParameter=gentoo.security,glsa-check -t all 2>/dev/null | wc -l
+UserParameter=gentoo.updates,emerge -uNDp @world | grep ebuild|wc -l
+UserParameter=gentoo.portage,emerge --info| grep 'Timestamp of tree' | sed -e s/'Timestamp of tree':// -e 's/\n//' | xargs -I {} date --date={} +%s |xargs -I {} expr $(date +%s) - {}
+UserParameter=gentoo.config,find /etc/ -name '._cfg*' 2>/dev/null|wc -l
+
+% elsif node.uses_rpm? true
+UserParameter=centos.updates,yum check-update -q |wc -l
+% end
+
+% if node.package_installed?( [ 'postgresql-server', 'postgresql' ], true )
+# postgres
+UserParameter=psql.version,psql --version|head -n1
+UserParameter=psql.server_processes,psql -U zabbix -t -c "select sum(numbackends) from pg_stat_database" postgres
+UserParameter=psql.db_connections,psql -U zabbix -t -c "select count(*) from pg_stat_activity" postgres
+UserParameter=psql.db_fetched,psql -U zabbix -t -c "select sum(tup_fetched) from pg_stat_database" postgres
+UserParameter=psql.db_deleted,psql -U zabbix -t -c "select sum(tup_deleted) from pg_stat_database" postgres
+UserParameter=psql.db_inserted,psql -U zabbix -t -c "select sum(tup_inserted) from pg_stat_database" postgres
+UserParameter=psql.db_returned,psql -U zabbix -t -c "select sum(tup_returned) from pg_stat_database" postgres
+UserParameter=psql.db_updated,psql -U zabbix -t -c "select sum(tup_updated) from pg_stat_database" postgres
+UserParameter=psql.tx_commited,psql -U zabbix -t -c "select sum(xact_commit) from pg_stat_database" postgres
+UserParameter=psql.tx_rolledback,psql -U zabbix -t -c "select sum(xact_rollback) from pg_stat_database" postgres
+UserParameter=psql.blks_hit,psql -U zabbix -t -c "select sum(blks_hit) from pg_stat_database" postgres
+UserParameter=psql.blks_read,psql -U zabbix -t -c "select sum(blks_read) from pg_stat_database" postgres
+% end
+
+% if node.package_installed?('arcconf', true)
+# adaptec raid
+UserParameter=raid.smart_warnings,/sbin/arcconf getconfig 1 pd |grep "S.M.A.R.T. warnings" | awk '{SMART += $4} END {print SMART}'
+UserParameter=raid.disk_rpm,/sbin/arcconf getconfig 1 pd |grep "Power State" |grep -v "Full rpm" |wc -l
+UserParameter=raid.disk_state,/sbin/arcconf getconfig 1 pd |grep "\s\sState" |grep -v "Online" |wc -l
+% end

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 1
-  - 2
-  version: 0.1.2
+  - 3
+  version: 0.1.3
 platform: ruby
 authors: 
 - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-12-19 00:00:00 +01:00
+date: 2011-12-20 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -77,6 +77,7 @@ extra_rdoc_files: []
 files: 
 - .gitignore
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - bin/dust
@@ -85,7 +86,29 @@ files:
 - lib/dust/convert_size.rb
 - lib/dust/examples/nodes/_debian.yaml
 - lib/dust/examples/nodes/_default.yaml
+- lib/dust/examples/nodes/_newrelic.yaml
+- lib/dust/examples/nodes/db-staging.yaml
+- lib/dust/examples/nodes/home.yaml
+- lib/dust/examples/nodes/mail.yaml
 - lib/dust/examples/nodes/myhost.yaml
+- lib/dust/examples/nodes/mysql-production.yaml
+- lib/dust/examples/nodes/proxy-staging.yaml
+- lib/dust/examples/templates/aliases/aliases
+- lib/dust/examples/templates/basic_setup/.your-inputrc
+- lib/dust/examples/templates/basic_setup/.your-vimrc
+- lib/dust/examples/templates/duplicity/cronjob.erb
+- lib/dust/examples/templates/etc_hosts/hosts
+- lib/dust/examples/templates/motd/motd.erb
+- lib/dust/examples/templates/nginx/nginx.conf
+- lib/dust/examples/templates/nginx/sites/othersite.erb
+- lib/dust/examples/templates/nginx/sites/somesite.erb
+- lib/dust/examples/templates/postgres/pacemaker.sh.erb
+- lib/dust/examples/templates/postgres/pg_hba.conf.erb
+- lib/dust/examples/templates/postgres/pg_ident.conf
+- lib/dust/examples/templates/postgres/postgresql.conf.erb
+- lib/dust/examples/templates/postgres/recovery.conf.erb
+- lib/dust/examples/templates/ssh_authorized_keys/users.yaml
+- lib/dust/examples/templates/zabbix_agent/zabbix_agentd.conf.erb
 - lib/dust/print_status.rb
 - lib/dust/recipes/aliases.rb
 - lib/dust/recipes/basic_setup.rb