dust-deploy 0.7.6 → 0.8.0

data/changelog.md

@@ -1,6 +1,34 @@
 Changelog
 =============
 
+0.8.0
+------------
+
+-  adds templates support for sysctl recipe (database, mysql and postgres templates are supported)
+-  removes automatic sysctl configuration from database recipes (mysql and postgres)
+   to preserve the way it was, you have to add the according database template to your sysctl configuration:
+
+    recipes:
+      postgres:
+        <your postgres configuration here>
+
+      sysctl:
+        templates: postgres
+        <your sysctl configuration here>
+
+
+-  iptables: fixes a small issue where custom chains in tables != filter were not cleared correctly
+-  iptables: support custom chains now
+
+    recipes:
+      iptables:
+        input:
+          rule_1: { ..., jump: CUSTOM }
+        custom:
+          custom_1: ...
+
+
+
 0.7.6
 ------------
 

data/lib/dust/recipes/iptables.rb

@@ -1,7 +1,7 @@
 require 'ipaddress'
 
 class Iptables < Recipe
-  
+
   desc 'iptables:deploy', 'configures iptables firewall'
   def deploy
     # list of all tables and chains
@@ -17,22 +17,22 @@ class Iptables < Recipe
     @tables['ipv6']['mangle'] = [ 'INPUT', 'OUTPUT', 'FORWARD', 'PREROUTING', 'POSTROUTING' ]
     @tables['ipv6']['raw'] = [ 'OUTPUT', 'PREROUTING' ]
 
-    
+
     return unless install
-    
+
     [4, 6].each do |v|
-      @script = '' 
+      @script = ''
       @ip_version = v
-      
+
       ::Dust.print_msg "generating ipv#{@ip_version} rules\n"
 
-      clear_all_tables
+      clear_all
       populate_rule_defaults
       generate_all_rules
-        
+
       deploy_script
       apply_rules
-      
+
       puts
     end
   end
@@ -54,18 +54,20 @@ class Iptables < Recipe
     return false unless @node.install_package 'iptables-ipv6' if @node.uses_rpm? and not @node.is_fedora?
     true
   end
-  
+
   # deletes all rules/chains
-  def clear_all_tables
+  def clear_all
     return if @node.uses_rpm?
-    
-    # clear all rules
-    @tables['ipv' + @ip_version.to_s].keys.each { |table| @script.concat "--flush --table #{table}\n" }
-    
-    # delete all custom chains
-    @script.concat "--delete-chain \n" unless @node.uses_rpm?
+
+    @tables['ipv' + @ip_version.to_s].keys.each do |table|
+      # clear all rules
+      @script.concat "--flush --table #{table}\n"
+
+      # delete all custom chains
+      @script.concat "--delete-chain --table #{table}\n" unless @node.uses_rpm?
+    end
   end
-  
+
   # inserts default values to chains, if not given
   # table defaults to filter
   # jump target to ACCEPT
@@ -81,11 +83,11 @@ class Iptables < Recipe
       end
     end
   end
-  
+
   # generates all iptables rules
   def generate_all_rules
     @tables['ipv' + @ip_version.to_s].each do |table, chains|
-      @script.concat "*#{table}\n" if @node.uses_rpm? 
+      @script.concat "*#{table}\n" if @node.uses_rpm?
       set_chain_policies table
       generate_rules_for_table table
     end
@@ -93,21 +95,40 @@ class Iptables < Recipe
 
   # set the chain default policies to DROP/ACCEPT
   # according to whether chain is specified in config file
+  # and create custom chains
   def set_chain_policies table
-    #::Dust.print_msg "#{::Dust.pink}#{table}#{Dust.none} table\n", :indent => 2
-    #::Dust.print_msg "setting default policies\n", :indent => 3
-    
+
+    # build in chains
     @tables['ipv' + @ip_version.to_s][table].each do |chain|
       policy = get_chain_policy table, chain
-      #::Dust.print_msg "#{table}/#{chain} -> #{policy}", :indent => 4
 
       if @node.uses_rpm?
         @script.concat ":#{chain.upcase} #{policy} [0:0]\n"
       else
         @script.concat "--table #{table} --policy #{chain.upcase} #{policy}\n"
       end
-      
-      #::Dust.print_ok
+    end
+
+    # custom chains
+    @config.each do |chain, chain_rules|
+      # filter out build in chains
+      next if @tables['ipv' + @ip_version.to_s][table].include? chain.upcase
+
+      # only continue if this chain is used in this table
+      chain_used_in_table = false
+      chain_rules.each do |name, rule|
+        if rule['table'].include? table
+          chain_used_in_table = true
+          break
+        end
+      end
+      next unless chain_used_in_table
+
+      if @node.uses_rpm?
+        @script.concat ":#{chain.upcase} - [0:0]\n"
+      else
+        @script.concat "--table #{table} --new-chain #{chain.upcase}\n"
+      end
     end
   end
 
@@ -130,12 +151,12 @@ class Iptables < Recipe
     @config.each do |chain, chain_rules|
       rules = get_rules_for_table chain_rules, table
       next if rules.empty?
-      
+
       #::Dust.print_msg "#{::Dust.pink}#{chain}#{::Dust.none} rules\n", :indent => 3
       rules.sort.each do |name, rule|
         next unless rule['table'].include? table
         next unless check_ip_version rule
-        
+
         ::Dust.print_msg "adding rule: #{name}", :indent => 2
         generate_iptables_string chain, rule
         ::Dust.print_ok
@@ -143,11 +164,11 @@ class Iptables < Recipe
     end
     @script.concat "COMMIT\n" if @node.uses_rpm?
   end
-  
+
   def get_rules_for_table rules, table
     rules.select { |name, rule| rule['table'].include? table }
   end
-  
+
   # check if source and destination ip (if given)
   # are valid ips for this ip version
   def check_ip_version rule
@@ -161,8 +182,8 @@ class Iptables < Recipe
       return false unless rule['ip-version'].include? @ip_version if rule['ip-version']
     end
     true
-  end  
-  
+  end
+
   # generates the iptables string out of a rule
   def generate_iptables_string chain, rule
     parse_rule(rule).each do |r|
@@ -175,17 +196,17 @@ class Iptables < Recipe
   def parse_rule r
     with_dashes = {}
     result = []
-    
+
     # map r[key] = value to '--key value'
     r.each do |k, v|
       next if k == 'ip-version' # skip ip-version, since its not iptables option
       next if k == 'table' if @node.uses_rpm? # rpm-firewall takes table argument with *table
-      
+
       with_dashes[k] = r[k].map do |v|
         value = v.to_s
         if value.start_with? '!', '! '
           # map '--key ! value' to '! --key value'
-          value.slice! '!' 
+          value.slice! '!'
           value.lstrip!
           "! --#{k} #{value}"
           else
@@ -194,11 +215,11 @@ class Iptables < Recipe
       end
     end
     with_dashes.values.each { |a| result = result.combine a }
-    
+
     sort_rule_options result
   end
-  
-  # make sure the options are sorted in a way that works.  
+
+  # make sure the options are sorted in a way that works.
   def sort_rule_options rule
     sorted = []
     rule.each do |r|
@@ -228,22 +249,22 @@ class Iptables < Recipe
       end
       sorted.push r
     end
-    
-    sorted    
+
+    sorted
   end
-  
-  def deploy_script 
+
+  def deploy_script
     target = get_target
-    
+
     prepend_cmd
-    prepend_header    
-    
+    prepend_header
+
     @node.write target, @script, :quiet => true
 
     if @node.uses_rpm?
       @node.chmod '600', target
     else
-      @node.chmod '700', target      
+      @node.chmod '700', target
     end
   end
 
@@ -252,17 +273,17 @@ class Iptables < Recipe
     @script.insert 0, "#!/bin/sh\n" unless @node.uses_rpm?
     @script.insert 0, "# automatically generated by dust\n\n"
   end
-  
+
   # prepend iptables command on non-centos-like machines
   def prepend_cmd
     @script.gsub! /^/, "#{cmd} " unless @node.uses_rpm?
   end
-  
+
   # apply newly pushed rules
   def apply_rules
     if @options.restart?
       ::Dust.print_msg "applying ipv#{@ip_version} rules"
-      
+
       if @node.uses_rpm?
         ::Dust.print_result @node.exec("/etc/init.d/#{cmd} restart")[:exit_code]
 
@@ -282,12 +303,12 @@ class Iptables < Recipe
 
   # set the target file depending on distribution
   def get_target
-    target = "/etc/#{cmd}"    
+    target = "/etc/#{cmd}"
     target = "/etc/network/if-pre-up.d/#{cmd}" if @node.uses_apt?
     target = "/etc/sysconfig/#{cmd}" if @node.uses_rpm?
     target
   end
-  
+
   def cmd
     return 'iptables' if @ip_version == 4
     return 'ip6tables' if @ip_version == 6

data/lib/dust/recipes/mysql.rb

@@ -5,7 +5,7 @@ class Mysql < Recipe
     @node.install_package 'mysql-server'
 
     @config = default_config.deep_merge @config
-    
+
     ::Dust.print_msg "configuring mysql\n"
     ::Dust.print_ok "listen on #{@config['mysqld']['bind-address']}:#{@config['mysqld']['port']}", :indent => 2
 
@@ -14,22 +14,20 @@ class Mysql < Recipe
 
     @node.write '/etc/mysql/my.cnf', generate_my_cnf
     @node.chmod '644', '/etc/mysql/my.cnf'
-        
-    configure_sysctl
-    
+
     @node.restart_service 'mysql' if options.restart?
     @node.reload_service 'mysql' if options.reload?
   end
-  
+
   desc 'mysql:status', 'displays status of the mysql daemon'
   def status
     return unless @node.package_installed? 'mysql-server'
     @node.print_service_status 'mysql'
   end
 
-  
+
   private
-  
+
   def default_config
     { 'client' => {
         'port' => 3306,
@@ -45,7 +43,7 @@ class Mysql < Recipe
         'user' => 'mysql',
         'pid-file' => '/var/run/mysqld/mysqld.pid',
         'socket' => '/var/run/mysqld/mysqld.sock',
-        'language' => '/usr/share/mysql/english',        
+        'language' => '/usr/share/mysql/english',
         'basedir' => '/usr',
         'datadir' => '/var/lib/mysql',
         'tmpdir' => '/tmp',
@@ -76,25 +74,25 @@ class Mysql < Recipe
       }
     }
   end
-  
+
   def get_innodb_buffer_pool_size
     # allocate 70% of the available ram to mysql
     # but leave max 1gb to system
     unless @config['mysqld']['innodb_buffer_pool_size']
       ::Dust.print_msg 'autoconfiguring innodb buffer size', :indent => 2
       @node.collect_facts :quiet => true
-  
+
       # get system memory (in kb)
       system_mem = ::Dust.convert_size @node['memorysize']
-  
+
       # allocate 80% of the available ram to mysql
       buffer_pool = (system_mem * 0.7).to_i
-      
+
       ::Dust.print_ok
       "#{buffer_pool / 1024}M"
-    end    
+    end
   end
-  
+
   def generate_my_cnf
     my_cnf = ''
     @config.each do |category, config|
@@ -102,57 +100,9 @@ class Mysql < Recipe
       config.each { |key, value| my_cnf.concat "#{key} = #{value}\n" }
       my_cnf.concat "\n"
     end
-    
+
     # add includedir
     my_cnf.concat "!includedir /etc/mysql/conf.d/\n"
     my_cnf
   end
-  
-  # increase shm memory  
-  def configure_sysctl
-    if @node.uses_apt?
-      ::Dust.print_msg "setting mysql sysctl keys\n"
-      @node.collect_facts :quiet => true
-     
-      # make sure system allows more than innodb_buffer_pool_size of memory ram to be allocated
-      # shmmax = (convert_mysql_size(@config['mysqld']['innodb_buffer_pool_size']) * 1.1).to_i # TODO: 1.1?
-
-      # get pagesize
-      pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096
-
-      # use half of system memory for shmmax
-      shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
-      shmall = shmmax / pagesize
-      
-      ::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
-      ::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
-      ::Dust.print_msg "setting shmall to: #{shmall}", :indent => 2
-      ::Dust.print_result @node.exec("sysctl -w kernel.shmall=#{shmall}")[:exit_code]
-      ::Dust.print_msg 'setting swappiness to 0', :indent => 2
-      ::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
-
-      file = ''
-      file += "kernel.shmmax=#{shmmax}\n"
-      file += "kernel.shmall=#{shmall}\n"
-      file += "vm.swappiness=0\n" # rather shrink cache then use swap as filesystem cache
-      
-      @node.write "/etc/sysctl.d/30-mysql-shm.conf", file
-      
-      else
-      ::Dust.print_warning 'sysctl configuration not supported for your os'
-    end
-  end
-  
-  def convert_mysql_size s
-    case s[-1].chr
-      when 'K'
-      return (s[0..-2].to_f * 1024).to_i
-      when 'M'
-      return (s[0..-2].to_f * 1024 * 1024).to_i
-      when 'G'
-      return (s[0..-2].to_f * 1024 * 1024 * 1024).to_i
-      else
-      return s.to_i
-    end
-  end
 end

data/lib/dust/recipes/postgres.rb

@@ -3,21 +3,20 @@ class Postgres < Recipe
   def deploy
     return ::Dust.print_failed 'no version specified' unless @config['version']
     return unless install_postgres
-    
+
     # default cluster on debian-like systems is 'main'
     @config['cluster'] ||= 'main' if @node.uses_apt?
-    
+
     set_default_directories
     deploy_config
     deploy_recovery
     deploy_certificates if @config['server.crt'] and @config['server.key']
     create_archive
     set_permissions
-    configure_sysctl
-    
+
     deploy_pacemaker_script if @node.package_installed? 'pacemaker', :quiet => true
     configure_for_zabbix if zabbix_installed?
-    
+
     # reload/restart postgres if command line option is given
     @node.restart_service @config['service_name'] if options.restart?
     @node.reload_service @config['service_name'] if options.reload?
@@ -29,22 +28,22 @@ class Postgres < Recipe
     set_default_directories
     @node.print_service_status @config['service_name']
   end
-  
+
   private
-  
+
   def install_postgres
-    if @node.uses_apt?      
+    if @node.uses_apt?
       package = "postgresql-#{@config['version']}"
-    elsif @node.uses_emerge?    
+    elsif @node.uses_emerge?
       package = 'postgresql-server'
     else
       return ::Dust.print_failed 'os not supported'
     end
-    
+
     @node.install_package package
 
     # also install the postgresql meta package
-    @node.install_package 'postgresql' if @node.uses_apt?
+    # @node.install_package 'postgresql' if @node.uses_apt?
   end
 
   # set conf-dir, archive-dir and data-dir as well as service-name
@@ -54,19 +53,19 @@ class Postgres < Recipe
       @config['conf_directory'] ||= "/etc/postgresql-#{@config['version']}"
       @config['archive_directory'] ||= "/var/lib/postgresql/#{@config['version']}/archive"
       @config['service_name'] ||= "postgresql-#{@config['version']}"
-      @config['postgresql.conf']['data_directory'] ||= "/var/lib/postgresql/#{@config['version']}/data"    
-      
+      @config['postgresql.conf']['data_directory'] ||= "/var/lib/postgresql/#{@config['version']}/data"
+
     elsif @node.uses_apt?
       @config['postgresql.conf']['data_directory'] ||= "/var/lib/postgresql/#{@config['version']}/#{@config['cluster']}"
       @config['conf_directory'] ||= "/etc/postgresql/#{@config['version']}/#{@config['cluster']}"
       @config['archive_directory'] ||= "/var/lib/postgresql/#{@config['version']}/#{@config['cluster']}-archive"
       @config['service_name'] ||= 'postgresql'
     end
-    
+
     @config['postgresql.conf']['hba_file'] ||= "#{@config['conf_directory']}/pg_hba.conf"
-    @config['postgresql.conf']['ident_file'] ||= "#{@config['conf_directory']}/pg_ident.conf"    
+    @config['postgresql.conf']['ident_file'] ||= "#{@config['conf_directory']}/pg_ident.conf"
   end
-  
+
   # deploy postgresql.conf, pg_hba.conf and pg_ident.conf
   def deploy_config
     @node.write "#{@config['conf_directory']}/postgresql.conf", generate_postgresql_conf
@@ -76,7 +75,7 @@ class Postgres < Recipe
     @node.chmod '644', "#{@config['conf_directory']}/pg_hba.conf"
     @node.chmod '644', "#{@config['conf_directory']}/pg_ident.conf"
   end
-  
+
   # copy recovery.conf to either recovery.conf or recovery.done
   # depending on which file already exists.
   def deploy_recovery
@@ -86,48 +85,13 @@ class Postgres < Recipe
       @node.write "#{@config['postgresql.conf']['data_directory']}/recovery.done", generate_recovery_conf
     end
   end
-    
-  # deploy certificates to data-dir  
+
+  # deploy certificates to data-dir
   def deploy_certificates
     @node.deploy_file "#{@template_path}/#{@config['server.crt']}", "#{@config['postgresql.conf']['data_directory']}/server.crt", :binding => binding
     @node.deploy_file "#{@template_path}/#{@config['server.key']}", "#{@config['postgresql.conf']['data_directory']}/server.key", :binding => binding
   end
 
-  # increase shm memory  
-  def configure_sysctl
-    if @node.uses_apt?
-      ::Dust.print_msg "setting postgres sysctl keys\n"
-      @node.collect_facts :quiet => true
-
-      # get pagesize
-      pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096
-
-      # use half of system memory for shmmax
-      shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
-      shmall = shmmax / pagesize
-
-      ::Dust.print_msg "setting shmmax to: #{shmmax}", :indent => 2
-      ::Dust.print_result @node.exec("sysctl -w kernel.shmmax=#{shmmax}")[:exit_code]
-      ::Dust.print_msg "setting shmall to: #{shmall}", :indent => 2
-      ::Dust.print_result @node.exec("sysctl -w kernel.shmall=#{shmall}")[:exit_code]
-      ::Dust.print_msg 'setting overcommit memory to 2', :indent => 2
-      ::Dust.print_result @node.exec('sysctl -w vm.overcommit_memory=2')[:exit_code]
-      ::Dust.print_msg 'setting swappiness to 0', :indent => 2
-      ::Dust.print_result @node.exec('sysctl -w vm.swappiness=0')[:exit_code]
-
-      file = ''
-      file += "kernel.shmmax=#{shmmax}\n"
-      file += "kernel.shmall=#{shmall}\n"
-      file += "vm.overcommit_memory=2\n" # don't allocate memory that's not there
-      file += "vm.swappiness=0\n" # rather shrink cache then use swap as filesystem cache
-
-      @node.write "/etc/sysctl.d/30-postgresql-shm.conf", file
-      
-    else
-      ::Dust.print_warning 'sysctl configuration not supported for your os'
-    end
-  end
-  
   # default settings for postgresql.conf
   def default_postgres_conf
     { 'max_connections' => 100,
@@ -138,33 +102,33 @@ class Postgres < Recipe
       'lc_time' => 'en_US.UTF-8',
       'default_text_search_config' => 'pg_catalog.english' }
   end
-  
+
   def generate_postgresql_conf
     @config['postgresql.conf'] = default_postgres_conf.merge @config['postgresql.conf']
-    
+
     calculate_values
-    
+
     postgresql_conf = ''
     @config['postgresql.conf'].each do |key, value|
       value = "'#{value}'" if value.is_a? String # enclose strings in ''
       postgresql_conf.concat "#{key} = #{value}\n"
     end
-    
+
     postgresql_conf
   end
-  
+
   def generate_recovery_conf
     @config['recovery.conf'] ||= []
-    
+
     recovery_conf = ''
     @config['recovery.conf'].each do |key, value|
       value = "'#{value}'" if value.is_a? String # enclose strings in ''
       recovery_conf.concat "#{key} = #{value}\n"
     end
-    
+
     recovery_conf
   end
-  
+
   def generate_pg_hba_conf
     @config['pg_hba.conf'] ||= [ 'local   all         postgres                trust' ]
     @config['pg_hba.conf'].join "\n"
@@ -174,64 +138,64 @@ class Postgres < Recipe
     @config['pg_ident.conf'] ||= []
     @config['pg_ident.conf'].join "\n"
   end
-  
+
   # try to find good values (but don't overwrite if set in config file) for
   # shared_buffers, work_mem and maintenance_work_mem, effective_cache_size and wal_buffers
   def calculate_values
     @node.collect_facts :quiet => true
     system_mem = ::Dust.convert_size(@node['memorysize']).to_f
-    
+
     ::Dust.print_msg "calculating recommended settings for #{kb2mb system_mem} ram\n"
-  
+
     # every connection uses up to work_mem memory, so make sure that even if
     # max_connections is reached, there's still a bit left.
     # total available memory / (2 * max_connections)
     @config['postgresql.conf']['work_mem'] ||= kb2mb(system_mem * 0.9 / @config['postgresql.conf']['max_connections'])
     ::Dust.print_ok "work_mem: #{@config['postgresql.conf']['work_mem']}", :indent => 2
-    
+
     # shared_buffers should be 0.2 - 0.3 of system ram
-    # unless ram is lower than 1gb, then less (32mb maybe)    
+    # unless ram is lower than 1gb, then less (32mb maybe)
     @config['postgresql.conf']['shared_buffers'] ||= kb2mb(system_mem * 0.25)
     ::Dust.print_ok "shared_buffers: #{@config['postgresql.conf']['shared_buffers']}", :indent => 2
-    
-    # maintenance_work_mem, should be a lot higher than work_mem 
+
+    # maintenance_work_mem, should be a lot higher than work_mem
     # recommended value: 50mb for each 1gb of system ram
     @config['postgresql.conf']['maintenance_work_mem'] ||= kb2mb(system_mem / 1024 * 50)
     ::Dust.print_ok "maintenance_work_mem: #{@config['postgresql.conf']['maintenance_work_mem']}", :indent => 2
-    
+
     # effective_cache_size between 0.6 and 0.8 of system ram
     @config['postgresql.conf']['effective_cache_size'] ||= kb2mb(system_mem * 0.75)
     ::Dust.print_ok "effective_cache_size: #{@config['postgresql.conf']['effective_cache_size']}", :indent => 2
-    
+
     # wal_buffers should be between 2-16mb
     @config['postgresql.conf']['wal_buffers'] ||= '12MB'
-    ::Dust.print_ok "wal_buffers: #{@config['postgresql.conf']['wal_buffers']}", :indent => 2    
+    ::Dust.print_ok "wal_buffers: #{@config['postgresql.conf']['wal_buffers']}", :indent => 2
   end
-  
+
   # converts plain kb value to "1234MB"
   def kb2mb value
     "#{(value / 1024).to_i}MB"
   end
-  
+
   # give the configured dbuser the data_directory
   def set_permissions
     @node.chown @config['dbuser'], @config['postgresql.conf']['data_directory'] if @config['dbuser']
     @node.chmod 'u+Xrw,g-rwx,o-rwx', @config['postgresql.conf']['data_directory']
   end
-  
+
   # create archive dir
   def create_archive
     @node.mkdir @config['archive_directory']
     @node.chown @config['dbuser'], @config['archive_directory'] if @config['dbuser']
     @node.chmod 'u+Xrw,g-rwx,o-rwx', @config['archive_directory']
   end
-  
+
   # deploy the pacemaker script
   def deploy_pacemaker_script
     @node.deploy_file "#{@template_path}/pacemaker.sh", "#{@config['conf_directory']}/pacemaker.sh", :binding => binding
     @node.chmod '755', "#{@config['conf_directory']}/pacemaker.sh"
-  end  
-  
+  end
+
   # check if zabbix is installed
   def zabbix_installed?
     if @node.uses_emerge?
@@ -240,7 +204,7 @@ class Postgres < Recipe
       return @node.package_installed? 'zabbix-agent', :quiet => true
     end
   end
-  
+
   # configures postgres for zabbix monitoring:
   # adds zabbix user to postgres group
   # creates zabbix user in postgres and grant access to postgres database
@@ -248,24 +212,24 @@ class Postgres < Recipe
     ::Dust.print_msg "configuring postgres for zabbix monitoring\n"
     ::Dust.print_msg 'adding zabbix user to postgres group', :indent => 2
     ::Dust.print_result @node.exec('usermod -a -G postgres zabbix')[:exit_code]
-    
+
     if is_master? :indent => 2
       ::Dust.print_msg 'checking if zabbix user exists in postgres', :indent => 3
       ret = ::Dust.print_result @node.exec('psql -U postgres -c ' +
                                            '  "SELECT usename FROM pg_user WHERE usename = \'zabbix\'"' +
                                            '  postgres |grep -q zabbix')[:exit_code]
-      
+
       # if user was not found, create him
       unless ret
         ::Dust.print_msg 'create zabbix user in postgres', :indent => 4
         ::Dust.print_result @node.exec('createuser -U postgres zabbix -RSD')[:exit_code]
       end
-      
+
       ::Dust.print_msg 'GRANT zabbix user access to postgres database', :indent => 3
       ::Dust.print_result( @node.exec('psql -U postgres -c "GRANT SELECT ON pg_stat_database TO zabbix" postgres')[:exit_code] )
     end
-  end  
-  
+  end
+
   # checks if this server is a postgres master
   def is_master? options = {}
     ::Dust.print_msg 'checking if this host is the postgres master: ', options
@@ -276,5 +240,5 @@ class Postgres < Recipe
       ::Dust.print_ok 'no', :indent => 0
       return false
     end
-  end  
+  end
 end

data/lib/dust/recipes/sysctl.rb

@@ -3,18 +3,65 @@ class Sysctl < Recipe
   def deploy
     # only debian derivatives are supported at the moment, since we need support for /etc/sysctl.d/
     return ::Dust.print_warning 'sysctl configuration not supported for your linux distribution' unless @node.uses_apt?
-    
-    ::Dust.print_msg "setting sysctl keys\n"
-    
+
+    # seperate templates from sysctls
+    sysctls = @config.clone
+    templates = sysctls.delete 'templates'
+
+    # apply template sysctls
+    if templates
+      templates.to_array.each do |template|
+        ::Dust.print_msg "configuring sysctls for template #{template}\n"
+        apply template, self.send(template)
+        puts
+      end
+    end
+
+    # apply plain sysctls
+    ::Dust.print_msg "configuring plain sysctls\n"
+    apply 'dust', sysctls
+  end
+
+
+  private
+
+  def apply name, sysctl
     sysctl_conf = ''
-    @config.each do |key, value|
-      ::Dust.print_msg "setting #{key} to: #{value}", :indent => 2
+    sysctl.each do |key, value|
+      ::Dust.print_msg "setting #{key} = #{value}", :indent => 2
       ::Dust.print_result @node.exec("sysctl -w #{key}=#{value}")[:exit_code]
-      
       sysctl_conf.concat "#{key} = #{value}\n"
     end
-    
-    ::Dust.print_msg 'saving settings to /etc/sysctl.d/10-dust.conf', :indent => 2
-    ::Dust.print_result @node.write("/etc/sysctl.d/10-dust.conf", sysctl_conf, :quiet => true)
+
+    ::Dust.print_msg "saving settings to /etc/sysctl.d/10-#{name}.conf", :indent => 2
+    ::Dust.print_result @node.write("/etc/sysctl.d/10-#{name}.conf", sysctl_conf, :quiet => true)
+  end
+
+
+  ### templates ###
+
+  # disable allocation of more ram than actually there for postgres
+  def postgres
+    database.merge 'vm.overcommit_memory' => 2
+  end
+
+  def mysql
+    database
+  end
+
+  # use half of the system memory for shmmax
+  # and set shmall according to pagesize
+  def database
+    @node.collect_facts :quiet => true
+
+    # get pagesize
+    pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096
+
+    # use half of system memory for shmmax
+    shmmax = ::Dust.convert_size(@node['memorysize']) * 1024 / 2
+    shmall = shmmax / pagesize
+
+    { 'kernel.shmmax' => shmmax, 'kernel.shmall' => shmall }
   end
-end
+
+end

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.7.6"
+  VERSION = "0.8.0"
 end

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 7
-  - 6
-  version: 0.7.6
+  - 8
+  - 0
+  version: 0.8.0
 platform: ruby
 authors: 
 - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-02-27 00:00:00 +01:00
+date: 2012-03-07 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency