dust-deploy 0.6.1 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
data/changelog.md CHANGED
@@ -1,6 +1,21 @@
1
1
  Changelog
2
2
  =============
3
3
 
4
+ 0.6.2
5
+ ------------
6
+
7
+ - adds redis recipe, you can now maintain your redis configurations with dust as well:
8
+
9
+ recipes:
10
+ redis:
11
+ port: 6379
12
+ daemonize: yes
13
+
14
+ - fixes hash_check recipe, now works with centos-like machines as well
15
+ - improves mysql recipe: now sets shm sysctls as well (like the postgresql recipe does)
16
+ - small improvements to automatic innodb tuning
17
+
18
+
4
19
  0.6.1
5
20
  ------------
6
21
 
@@ -80,6 +95,7 @@ Changelog
80
95
  ------------
81
96
 
82
97
  sshd recipe
98
+
83
99
  - default PrintMotd to false on apt systems (will be displayed 2 times otherwise)
84
100
  - no and yes can be specified in config file, without getting converted to booleans automatically
85
101
 
@@ -2,16 +2,9 @@ class HashCheck < Recipe
2
2
 
3
3
  desc 'hash_check:deploy', 'checks /etc/shadow for weak hashes'
4
4
  def deploy
5
- # mkpasswd is in the package 'whois' resp. 'expect'
6
- @node.install_package 'whois' if @node.uses_apt?
7
- @node.install_package 'expect' if @node.uses_rpm?
8
-
9
5
  # those keys indicate that no password is set, or login is disabled
10
6
  keys = [ '*', '!', '!!', '', 'LK', 'NP' ]
11
7
 
12
- # mapping the magic numbers to the actual hash algorithms
13
- algorithms = { '1' => 'md5', '2' => 'blowfish', '5' => 'sha-256', '6' => 'sha-512' }
14
-
15
8
  weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
16
9
  shadow = @node.exec('cat /etc/shadow')[:stdout]
17
10
 
@@ -23,17 +16,22 @@ class HashCheck < Recipe
23
16
  user, hash = line.split(':')[0..1]
24
17
  next if keys.include? hash
25
18
  method, salt = hash.split('$')[1..2]
26
-
19
+
27
20
  weak_passwords.each_line do |password|
28
21
  password.chomp!
29
22
 
30
- # generate the hash for this password, according to salt and method
31
- weak_hash = @node.exec("mkpasswd -m #{algorithms[method.to_s]} -S '#{salt}' '#{password}'")[:stdout]
32
- weak_hash.chomp!
23
+ # python was imho the best solution to generate /etc/shadow hashes.
24
+ # mkpasswd doesn't work on centos-like machines :/
25
+ # and python is more likely installed than ruby
26
+ ret = @node.exec("python -c \"import crypt; print crypt.crypt('#{password}', '\\$#{method}\\$#{salt}\\$')\"")
33
27
 
34
- if weak_hash == hash
28
+ unless ret[:exit_code] == 0
29
+ ::Dust.print_failed 'error during hash creation (is python installed?)'
30
+ return false
31
+ end
32
+ if hash == ret[:stdout].chomp
35
33
  ::Dust.print_failed "user #{user} has a weak password! (#{password})", :indent => 2
36
- found_weak= true
34
+ found_weak = true
37
35
  end
38
36
  end
39
37
  end
@@ -9,12 +9,14 @@ class Mysql < Recipe
9
9
  ::Dust.print_msg "configuring mysql\n"
10
10
  ::Dust.print_ok "listen on #{@config['mysqld']['bind-address']}:#{@config['mysqld']['port']}", :indent => 2
11
11
 
12
- @config['mysqld']['innodb_buffer_pool_size'] = get_innodb_buffer_pool_size
12
+ @config['mysqld']['innodb_buffer_pool_size'] ||= get_innodb_buffer_pool_size
13
13
  ::Dust.print_ok "set innodb buffer pool to '#{@config['mysqld']['innodb_buffer_pool_size']}'", :indent => 2
14
14
 
15
15
  @node.write '/etc/mysql/my.cnf', generate_my_cnf
16
16
  @node.chmod '644', '/etc/mysql/my.cnf'
17
-
17
+
18
+ configure_sysctl
19
+
18
20
  @node.restart_service 'mysql' if options.restart?
19
21
  @node.reload_service 'mysql' if options.reload?
20
22
  end
@@ -53,7 +55,9 @@ class Mysql < Recipe
53
55
  'max_binlog_size' => '100M',
54
56
  'innodb_file_per_table' => 1,
55
57
  'innodb_thread_concurrency' => 0,
56
- 'innodb_flush_log_at_trx_commit' => 1
58
+ 'innodb_flush_log_at_trx_commit' => 1,
59
+ 'innodb_additional_mem_pool_size' => '16M',
60
+ 'innodb_log_buffer_size' => '4M'
57
61
  },
58
62
  'mysqldump' => {
59
63
  'quick' => true,
@@ -77,12 +81,12 @@ class Mysql < Recipe
77
81
  # get system memory (in kb)
78
82
  system_mem = ::Dust.convert_size @node['memorysize']
79
83
 
80
- # allocate 70% of the available ram to mysql
81
- buffer_pool = (system_mem * 0.70).to_i / 1024
82
-
84
+ # allocate 80% of the available ram to mysql
85
+ buffer_pool = (system_mem * 0.8).to_i
86
+
83
87
  ::Dust.print_ok
84
- "#{buffer_pool}M"
85
- end
88
+ "#{buffer_pool / 1024}M"
89
+ end
86
90
  end
87
91
 
88
92
  def generate_my_cnf
@@ -97,5 +101,53 @@ class Mysql < Recipe
97
101
  my_cnf.concat "!includedir /etc/mysql/conf.d/\n"
98
102
  my_cnf
99
103
  end
104
+
105
+ # increase shm memory
106
+ def configure_sysctl
107
+ if @node.uses_apt?
108
+ ::Dust.print_msg "setting mysql sysctl keys\n"
109
+ @node.collect_facts :quiet => true
110
+
111
+ # make sure system allows more than innodb_buffer_pool_size of memory ram to be allocated
112
+ # shmmax = (convert_mysql_size(@config['mysqld']['innodb_buffer_pool_size']) * 1.1).to_i # TODO: 1.1?
113
+
114
+ # get pagesize
115
+ pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096
116
+
117
+ # use half of system memory for shmmax
118
+ shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
119
+ shmall = shmmax / pagesize
120
+
121
+ ::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
122
+ ::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
123
+ ::Dust.print_msg "setting shmall to: #{shmall}", :indent => 2
124
+ ::Dust.print_result @node.exec("sysctl -w kernel.shmall=#{shmall}")[:exit_code]
125
+ ::Dust.print_msg 'setting swappiness to 0', :indent => 2
126
+ ::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
127
+
128
+ file = ''
129
+ file += "kernel.shmmax=#{shmmax}\n"
130
+ file += "kernel.shmall=#{shmall}\n"
131
+ file += "vm.swappiness=0\n" # rather shrink cache then use swap as filesystem cache
132
+
133
+ @node.write "/etc/sysctl.d/30-mysql-shm.conf", file
134
+
135
+ else
136
+ ::Dust.print_warning 'sysctl configuration not supported for your os'
137
+ end
138
+ end
139
+
140
+ def convert_mysql_size s
141
+ case s[-1].chr
142
+ when 'K'
143
+ return (s[0..-2].to_f * 1024).to_i
144
+ when 'M'
145
+ return (s[0..-2].to_f * 1024 * 1024).to_i
146
+ when 'G'
147
+ return (s[0..-2].to_f * 1024 * 1024 * 1024).to_i
148
+ else
149
+ return s.to_i
150
+ end
151
+ end
100
152
  end
101
153
 
@@ -93,9 +93,12 @@ class Postgres < Recipe
93
93
  ::Dust.print_msg "setting postgres sysctl keys\n"
94
94
  @node.collect_facts :quiet => true
95
95
 
96
+ # get pagesize
97
+ pagesize = @node.exec('getconf PAGESIZE')[:stdout] || 4096
98
+
96
99
  # use half of system memory for shmmax
97
100
  shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
98
- shmall = shmmax / 4096 # shmmax/pagesize (pagesize = 4096)
101
+ shmall = shmmax / pagesize
99
102
 
100
103
  ::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
101
104
  ::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
@@ -0,0 +1,91 @@
1
+ class Redis < Recipe
2
+ desc 'redis:deploy', 'installs and configures redis key-value store'
3
+ def deploy
4
+ @node.install_package 'redis-server'
5
+ @node.write '/etc/redis/redis.conf', generate_redis_conf
6
+ configure_sysctl
7
+ @node.restart_service 'redis-server' if @options.restart
8
+ end
9
+
10
+ desc 'redis:status', 'displays redis-cli info'
11
+ def status
12
+ return false unless @node.package_installed? 'redis-server'
13
+ puts @node.exec('redis-cli info')[:stdout]
14
+ end
15
+
16
+
17
+ private
18
+
19
+ # default configuration variables for ubuntu
20
+ # if you use a different os, you may adapt these
21
+ # listens on all interfaces per default
22
+ def default_config
23
+ { 'daemonize' => 'yes',
24
+ 'port' => 6379,
25
+ 'timeout' => 300,
26
+ 'loglevel' => 'notice',
27
+ 'databases' => 16,
28
+ 'save' => [ '900 1', '300 10', '60 10000' ],
29
+ 'rdbcompression' => 'yes',
30
+ 'dbfilename' => 'dump.rdb',
31
+ 'slave-serve-stale-data' => 'yes',
32
+ 'appendonly' => 'no',
33
+ 'appendfsync' => 'everysec',
34
+ 'no-appendfsync-on-rewrite' => 'no',
35
+ 'vm-enabled' => 'no',
36
+ 'vm-max-memory' => 0,
37
+ 'vm-page-size' => 32,
38
+ 'vm-pages' => 134217728,
39
+ 'vm-max-threads' => 4,
40
+ 'hash-max-zipmap-entries' => 512,
41
+ 'hash-max-zipmap-value' => 64,
42
+ 'list-max-ziplist-entries' => 512,
43
+ 'list-max-ziplist-value' => 64,
44
+ 'set-max-intset-entries' => 512,
45
+ 'activerehashing' => 'yes',
46
+
47
+ # os specific settings
48
+ 'dir' => '/var/lib/redis',
49
+ 'pidfile' => '/var/run/redis.pid',
50
+ 'logfile' => '/var/log/redis/redis-server.log',
51
+ 'vm-swap-file' => '/var/lib/redis/redis.swap'
52
+ }
53
+ end
54
+
55
+ def generate_redis_conf
56
+ @config.boolean_to_string!
57
+ @config = default_config.merge @config
58
+
59
+ redis_conf = ''
60
+ @config.each do |key, value|
61
+ if value.is_a? Array
62
+ value.each { |v| redis_conf.concat "#{key} #{v}\n" }
63
+ else
64
+ redis_conf.concat "#{key} #{value}\n"
65
+ end
66
+ end
67
+
68
+ redis_conf
69
+ end
70
+
71
+ # redis complains if vm.overcommit_memory != 1
72
+ def configure_sysctl
73
+ if @node.uses_apt?
74
+ ::Dust.print_msg "setting redis sysctl keys\n"
75
+
76
+ ::Dust.print_msg 'setting overcommit memory to 1', :indent => 2
77
+ ::Dust.print_result @node.exec('sysctl -w vm.overcommit_memory=1')[:exit_code]
78
+ ::Dust.print_msg 'setting swappiness to 0', :indent => 2
79
+ ::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
80
+
81
+ file = ''
82
+ file += "vm.overcommit_memory=1\n"
83
+ file += "vm.swappiness=0\n"
84
+
85
+ @node.write "/etc/sysctl.d/30-redis.conf", file
86
+
87
+ else
88
+ ::Dust.print_warning 'sysctl configuration not supported for your os'
89
+ end
90
+ end
91
+ end
data/lib/dust/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dust
2
- VERSION = "0.6.1"
2
+ VERSION = "0.6.2"
3
3
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 6
8
- - 1
9
- version: 0.6.1
8
+ - 2
9
+ version: 0.6.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2012-01-31 00:00:00 +01:00
17
+ date: 2012-02-02 00:00:00 +01:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -139,6 +139,7 @@ files:
139
139
  - lib/dust/recipes/packages.rb
140
140
  - lib/dust/recipes/postgres.rb
141
141
  - lib/dust/recipes/rc_local.rb
142
+ - lib/dust/recipes/redis.rb
142
143
  - lib/dust/recipes/remove_packages.rb
143
144
  - lib/dust/recipes/repositories.rb
144
145
  - lib/dust/recipes/resolv_conf.rb