dust-deploy 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- data/changelog.md +16 -0
- data/lib/dust/recipes/hash_check.rb +11 -13
- data/lib/dust/recipes/mysql.rb +60 -8
- data/lib/dust/recipes/postgres.rb +4 -1
- data/lib/dust/recipes/redis.rb +91 -0
- data/lib/dust/version.rb +1 -1
- metadata +4 -3
data/changelog.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Changelog
|
2
2
|
=============
|
3
3
|
|
4
|
+
0.6.2
|
5
|
+
------------
|
6
|
+
|
7
|
+
- adds redis recipe, you can now maintain your redis configurations with dust as well:
|
8
|
+
|
9
|
+
recipes:
|
10
|
+
redis:
|
11
|
+
port: 6379
|
12
|
+
daemonize: yes
|
13
|
+
|
14
|
+
- fixes hash_check recipe, now works with centos-like machines as well
|
15
|
+
- improves mysql recipe: now sets shm sysctls as well (like the postgresql recipe does)
|
16
|
+
- small improvements to automatic innodb tuning
|
17
|
+
|
18
|
+
|
4
19
|
0.6.1
|
5
20
|
------------
|
6
21
|
|
@@ -80,6 +95,7 @@ Changelog
|
|
80
95
|
------------
|
81
96
|
|
82
97
|
sshd recipe
|
98
|
+
|
83
99
|
- default PrintMotd to false on apt systems (will be displayed 2 times otherwise)
|
84
100
|
- no and yes can be specified in config file, without getting converted to booleans automatically
|
85
101
|
|
@@ -2,16 +2,9 @@ class HashCheck < Recipe
|
|
2
2
|
|
3
3
|
desc 'hash_check:deploy', 'checks /etc/shadow for weak hashes'
|
4
4
|
def deploy
|
5
|
-
# mkpasswd is in the package 'whois' resp. 'expect'
|
6
|
-
@node.install_package 'whois' if @node.uses_apt?
|
7
|
-
@node.install_package 'expect' if @node.uses_rpm?
|
8
|
-
|
9
5
|
# those keys indicate that no password is set, or login is disabled
|
10
6
|
keys = [ '*', '!', '!!', '', 'LK', 'NP' ]
|
11
7
|
|
12
|
-
# mapping the magic numbers to the actual hash algorithms
|
13
|
-
algorithms = { '1' => 'md5', '2' => 'blowfish', '5' => 'sha-256', '6' => 'sha-512' }
|
14
|
-
|
15
8
|
weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
|
16
9
|
shadow = @node.exec('cat /etc/shadow')[:stdout]
|
17
10
|
|
@@ -23,17 +16,22 @@ class HashCheck < Recipe
|
|
23
16
|
user, hash = line.split(':')[0..1]
|
24
17
|
next if keys.include? hash
|
25
18
|
method, salt = hash.split('$')[1..2]
|
26
|
-
|
19
|
+
|
27
20
|
weak_passwords.each_line do |password|
|
28
21
|
password.chomp!
|
29
22
|
|
30
|
-
#
|
31
|
-
|
32
|
-
|
23
|
+
# python was imho the best solution to generate /etc/shadow hashes.
|
24
|
+
# mkpasswd doesn't work on centos-like machines :/
|
25
|
+
# and python is more likely installed than ruby
|
26
|
+
ret = @node.exec("python -c \"import crypt; print crypt.crypt('#{password}', '\\$#{method}\\$#{salt}\\$')\"")
|
33
27
|
|
34
|
-
|
28
|
+
unless ret[:exit_code] == 0
|
29
|
+
::Dust.print_failed 'error during hash creation (is python installed?)'
|
30
|
+
return false
|
31
|
+
end
|
32
|
+
if hash == ret[:stdout].chomp
|
35
33
|
::Dust.print_failed "user #{user} has a weak password! (#{password})", :indent => 2
|
36
|
-
found_weak= true
|
34
|
+
found_weak = true
|
37
35
|
end
|
38
36
|
end
|
39
37
|
end
|
data/lib/dust/recipes/mysql.rb
CHANGED
@@ -9,12 +9,14 @@ class Mysql < Recipe
|
|
9
9
|
::Dust.print_msg "configuring mysql\n"
|
10
10
|
::Dust.print_ok "listen on #{@config['mysqld']['bind-address']}:#{@config['mysqld']['port']}", :indent => 2
|
11
11
|
|
12
|
-
@config['mysqld']['innodb_buffer_pool_size']
|
12
|
+
@config['mysqld']['innodb_buffer_pool_size'] ||= get_innodb_buffer_pool_size
|
13
13
|
::Dust.print_ok "set innodb buffer pool to '#{@config['mysqld']['innodb_buffer_pool_size']}'", :indent => 2
|
14
14
|
|
15
15
|
@node.write '/etc/mysql/my.cnf', generate_my_cnf
|
16
16
|
@node.chmod '644', '/etc/mysql/my.cnf'
|
17
|
-
|
17
|
+
|
18
|
+
configure_sysctl
|
19
|
+
|
18
20
|
@node.restart_service 'mysql' if options.restart?
|
19
21
|
@node.reload_service 'mysql' if options.reload?
|
20
22
|
end
|
@@ -53,7 +55,9 @@ class Mysql < Recipe
|
|
53
55
|
'max_binlog_size' => '100M',
|
54
56
|
'innodb_file_per_table' => 1,
|
55
57
|
'innodb_thread_concurrency' => 0,
|
56
|
-
'innodb_flush_log_at_trx_commit' => 1
|
58
|
+
'innodb_flush_log_at_trx_commit' => 1,
|
59
|
+
'innodb_additional_mem_pool_size' => '16M',
|
60
|
+
'innodb_log_buffer_size' => '4M'
|
57
61
|
},
|
58
62
|
'mysqldump' => {
|
59
63
|
'quick' => true,
|
@@ -77,12 +81,12 @@ class Mysql < Recipe
|
|
77
81
|
# get system memory (in kb)
|
78
82
|
system_mem = ::Dust.convert_size @node['memorysize']
|
79
83
|
|
80
|
-
# allocate
|
81
|
-
buffer_pool = (system_mem * 0.
|
82
|
-
|
84
|
+
# allocate 80% of the available ram to mysql
|
85
|
+
buffer_pool = (system_mem * 0.8).to_i
|
86
|
+
|
83
87
|
::Dust.print_ok
|
84
|
-
"#{buffer_pool}M"
|
85
|
-
end
|
88
|
+
"#{buffer_pool / 1024}M"
|
89
|
+
end
|
86
90
|
end
|
87
91
|
|
88
92
|
def generate_my_cnf
|
@@ -97,5 +101,53 @@ class Mysql < Recipe
|
|
97
101
|
my_cnf.concat "!includedir /etc/mysql/conf.d/\n"
|
98
102
|
my_cnf
|
99
103
|
end
|
104
|
+
|
105
|
+
# increase shm memory
|
106
|
+
def configure_sysctl
|
107
|
+
if @node.uses_apt?
|
108
|
+
::Dust.print_msg "setting mysql sysctl keys\n"
|
109
|
+
@node.collect_facts :quiet => true
|
110
|
+
|
111
|
+
# make sure system allows more than innodb_buffer_pool_size of memory ram to be allocated
|
112
|
+
# shmmax = (convert_mysql_size(@config['mysqld']['innodb_buffer_pool_size']) * 1.1).to_i # TODO: 1.1?
|
113
|
+
|
114
|
+
# get pagesize
|
115
|
+
pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096
|
116
|
+
|
117
|
+
# use half of system memory for shmmax
|
118
|
+
shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
|
119
|
+
shmall = shmmax / pagesize
|
120
|
+
|
121
|
+
::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
|
122
|
+
::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
|
123
|
+
::Dust.print_msg "setting shmall to: #{shmall}", :indent => 2
|
124
|
+
::Dust.print_result @node.exec("sysctl -w kernel.shmall=#{shmall}")[:exit_code]
|
125
|
+
::Dust.print_msg 'setting swappiness to 0', :indent => 2
|
126
|
+
::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
|
127
|
+
|
128
|
+
file = ''
|
129
|
+
file += "kernel.shmmax=#{shmmax}\n"
|
130
|
+
file += "kernel.shmall=#{shmall}\n"
|
131
|
+
file += "vm.swappiness=0\n" # rather shrink cache then use swap as filesystem cache
|
132
|
+
|
133
|
+
@node.write "/etc/sysctl.d/30-mysql-shm.conf", file
|
134
|
+
|
135
|
+
else
|
136
|
+
::Dust.print_warning 'sysctl configuration not supported for your os'
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
def convert_mysql_size s
|
141
|
+
case s[-1].chr
|
142
|
+
when 'K'
|
143
|
+
return (s[0..-2].to_f * 1024).to_i
|
144
|
+
when 'M'
|
145
|
+
return (s[0..-2].to_f * 1024 * 1024).to_i
|
146
|
+
when 'G'
|
147
|
+
return (s[0..-2].to_f * 1024 * 1024 * 1024).to_i
|
148
|
+
else
|
149
|
+
return s.to_i
|
150
|
+
end
|
151
|
+
end
|
100
152
|
end
|
101
153
|
|
@@ -93,9 +93,12 @@ class Postgres < Recipe
|
|
93
93
|
::Dust.print_msg "setting postgres sysctl keys\n"
|
94
94
|
@node.collect_facts :quiet => true
|
95
95
|
|
96
|
+
# get pagesize
|
97
|
+
pagesize = @node.exec('getconf PAGESIZE')[:stdout] || 4096
|
98
|
+
|
96
99
|
# use half of system memory for shmmax
|
97
100
|
shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
|
98
|
-
shmall = shmmax /
|
101
|
+
shmall = shmmax / pagesize
|
99
102
|
|
100
103
|
::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
|
101
104
|
::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
|
@@ -0,0 +1,91 @@
|
|
1
|
+
class Redis < Recipe
|
2
|
+
desc 'redis:deploy', 'installs and configures redis key-value store'
|
3
|
+
def deploy
|
4
|
+
@node.install_package 'redis-server'
|
5
|
+
@node.write '/etc/redis/redis.conf', generate_redis_conf
|
6
|
+
configure_sysctl
|
7
|
+
@node.restart_service 'redis-server' if @options.restart
|
8
|
+
end
|
9
|
+
|
10
|
+
desc 'redis:status', 'displays redis-cli info'
|
11
|
+
def status
|
12
|
+
return false unless @node.package_installed? 'redis-server'
|
13
|
+
puts @node.exec('redis-cli info')[:stdout]
|
14
|
+
end
|
15
|
+
|
16
|
+
|
17
|
+
private
|
18
|
+
|
19
|
+
# default configuration variables for ubuntu
|
20
|
+
# if you use a different os, you may adapt these
|
21
|
+
# listens on all interfaces per default
|
22
|
+
def default_config
|
23
|
+
{ 'daemonize' => 'yes',
|
24
|
+
'port' => 6379,
|
25
|
+
'timeout' => 300,
|
26
|
+
'loglevel' => 'notice',
|
27
|
+
'databases' => 16,
|
28
|
+
'save' => [ '900 1', '300 10', '60 10000' ],
|
29
|
+
'rdbcompression' => 'yes',
|
30
|
+
'dbfilename' => 'dump.rdb',
|
31
|
+
'slave-serve-stale-data' => 'yes',
|
32
|
+
'appendonly' => 'no',
|
33
|
+
'appendfsync' => 'everysec',
|
34
|
+
'no-appendfsync-on-rewrite' => 'no',
|
35
|
+
'vm-enabled' => 'no',
|
36
|
+
'vm-max-memory' => 0,
|
37
|
+
'vm-page-size' => 32,
|
38
|
+
'vm-pages' => 134217728,
|
39
|
+
'vm-max-threads' => 4,
|
40
|
+
'hash-max-zipmap-entries' => 512,
|
41
|
+
'hash-max-zipmap-value' => 64,
|
42
|
+
'list-max-ziplist-entries' => 512,
|
43
|
+
'list-max-ziplist-value' => 64,
|
44
|
+
'set-max-intset-entries' => 512,
|
45
|
+
'activerehashing' => 'yes',
|
46
|
+
|
47
|
+
# os specific settings
|
48
|
+
'dir' => '/var/lib/redis',
|
49
|
+
'pidfile' => '/var/run/redis.pid',
|
50
|
+
'logfile' => '/var/log/redis/redis-server.log',
|
51
|
+
'vm-swap-file' => '/var/lib/redis/redis.swap'
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
def generate_redis_conf
|
56
|
+
@config.boolean_to_string!
|
57
|
+
@config = default_config.merge @config
|
58
|
+
|
59
|
+
redis_conf = ''
|
60
|
+
@config.each do |key, value|
|
61
|
+
if value.is_a? Array
|
62
|
+
value.each { |v| redis_conf.concat "#{key} #{v}\n" }
|
63
|
+
else
|
64
|
+
redis_conf.concat "#{key} #{value}\n"
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
redis_conf
|
69
|
+
end
|
70
|
+
|
71
|
+
# redis complains if vm.overcommit_memory != 1
|
72
|
+
def configure_sysctl
|
73
|
+
if @node.uses_apt?
|
74
|
+
::Dust.print_msg "setting redis sysctl keys\n"
|
75
|
+
|
76
|
+
::Dust.print_msg 'setting overcommit memory to 1', :indent => 2
|
77
|
+
::Dust.print_result @node.exec('sysctl -w vm.overcommit_memory=1')[:exit_code]
|
78
|
+
::Dust.print_msg 'setting swappiness to 0', :indent => 2
|
79
|
+
::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
|
80
|
+
|
81
|
+
file = ''
|
82
|
+
file += "vm.overcommit_memory=1\n"
|
83
|
+
file += "vm.swappiness=0\n"
|
84
|
+
|
85
|
+
@node.write "/etc/sysctl.d/30-redis.conf", file
|
86
|
+
|
87
|
+
else
|
88
|
+
::Dust.print_warning 'sysctl configuration not supported for your os'
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
data/lib/dust/version.rb
CHANGED
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 6
|
8
|
-
-
|
9
|
-
version: 0.6.
|
8
|
+
- 2
|
9
|
+
version: 0.6.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- kris kechagia
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2012-
|
17
|
+
date: 2012-02-02 00:00:00 +01:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -139,6 +139,7 @@ files:
|
|
139
139
|
- lib/dust/recipes/packages.rb
|
140
140
|
- lib/dust/recipes/postgres.rb
|
141
141
|
- lib/dust/recipes/rc_local.rb
|
142
|
+
- lib/dust/recipes/redis.rb
|
142
143
|
- lib/dust/recipes/remove_packages.rb
|
143
144
|
- lib/dust/recipes/repositories.rb
|
144
145
|
- lib/dust/recipes/resolv_conf.rb
|