Commit 64476a2c authored by Christopher Huhn's avatar Christopher Huhn
Browse files

Merge branch 'master' into travis

parents 0855b160 69391ef3
default_unless['sys']['networkd'] = {}
#!/bin/sh
#!/bin/bash
#
# configure IPMI overheat protection on all IPMI nodes
#
......@@ -56,62 +56,72 @@ while getopts "c:e:h:u:p:s:w:" OPTION; do
esac
done
shift $(($OPTIND - 1))
shift $((OPTIND - 1))
if [ "$REMOTE" ] && ! echo $REMOTE | grep -q " -p "; then
if [ "$REMOTE" ] && ! echo "$REMOTE" | grep -q " -p "; then
# fetch the user's password for all following upload operations - not very
# secure - but better than typing ten times the password!
echo -n "Enter IPMI password for user $USERNAME: "
stty -echo
read PASSWORD
read -r PASSWORD
stty echo
echo
REMOTE="$REMOTE -p $PASSWORD"
fi
if [ -z "$SENSOR" ]; then
if echo $REM_HOST | grep -q "[.*]"; then
# dynamic detection does not work for HOSTRANGE operations
# therefore we hardcode this default:
SENSOR=4_System_Temp
if echo "$REM_HOST" | grep -q "[.*]"; then
# dynamic detection does not work for HOSTRANGE operations
# therefore we hardcode this default:
SENSOR=4_System_Temp
else
# we take the first sensor that suits our naming schema:
SENSOR=`/usr/sbin/ipmi-sensors-config ${REMOTE} --listsections | egrep "^[0-9]+_(Sys(tem)?|Ambient|Baseboard)_Temp\.?$" | head -1`
# we take the first sensor that suits our naming schema:
SENSOR=$(/usr/sbin/ipmi-sensors-config "$REMOTE" --listsections |
egrep "^[0-9]+_(Sys(tem)?|Ambient|Baseboard)_Temp\.?$" |
head -1)
fi
fi
if [ -z "$SENSOR" ]; then
echo "No suitable sensor for overheat protection found, try specifing one with -s" >&2
exit 1
echo "No suitable sensor for overheat protection found, "\
"try specifing one with -s" >&2
exit 1
fi
# The number contained in ipmi-sensors-config's output is the "Sensor Record ID"
# this is not neccessarily the sensor number required for pef-config
# therefore we have to obtain the right number:
SENSOR_NUM=`/usr/sbin/ipmi-sensors -vs ${SENSOR%%_*} | sed -ne "s/^Sensor Number: \([0-9]\+\)/\1/p"`
SENSOR_NUM=$(/usr/sbin/ipmi-sensors -vs "${SENSOR%%_*}" |
sed -ne "s/^Sensor Number: \([0-9]\+\)/\1/p")
# setup sane temperature thresholds
# somtimes these thresholds are volatile and have to be reset after power loss/reset of the BMC
/usr/sbin/ipmi-sensors-config ${REMOTE} --commit -e ${SENSOR}:Upper_Non_Critical_Threshold=${THRESH_WARN}
/usr/sbin/ipmi-sensors-config ${REMOTE} --commit -e ${SENSOR}:Upper_Critical_Threshold=${THRESH_CRIT}
/usr/sbin/ipmi-sensors-config "$REMOTE" --commit -e "${SENSOR}:Upper_Non_Critical_Threshold=${THRESH_WARN}"
/usr/sbin/ipmi-sensors-config "$REMOTE" --commit -e "${SENSOR}:Upper_Critical_Threshold=${THRESH_CRIT}"
PEF_CONFIG="/usr/sbin/pef-config $REMOTE"
# Turn on PEF and power down action globally, no shutdown will happen otherwise
${PEF_CONFIG} --commit -e PEF_Conf:Enable_PEF=Yes
${PEF_CONFIG} --commit -e PEF_Conf:Enable_Power_Down_Action=Yes
# we use rule #16 as the default , because event filters #1 - #15 are
# "Manufacturer_Pre_Configured" on some BMCs and therefore read-only
EVENT_FILTER="Event_Filter_${FILTER_NUM}"
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Sensor_Type=Temperature
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Severity=Critical
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Filter_Action_Power_Off=yes
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Enable_Filter=yes
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Generator_Id_Byte_1=0xFF
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Generator_Id_Byte_2=0xFF
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Sensor_Number=${SENSOR_NUM}
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Trigger=0xFF
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Data1_Offset_Mask=0xFFFF
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Data1_Compare1=0xFF
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Data2_Compare1=0xFF
/usr/sbin/pef-config ${REMOTE} --commit -e ${EVENT_FILTER}:Event_Data3_Compare1=0xFF
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Sensor_Type=Temperature
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Severity=Critical
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Filter_Action_Power_Off=yes
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Enable_Filter=yes
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Generator_Id_Byte_1=0xFF
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Generator_Id_Byte_2=0xFF
${PEF_CONFIG} --commit -e "${EVENT_FILTER}:Sensor_Number=${SENSOR_NUM}"
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Trigger=0xFF
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Data1_Offset_Mask=0xFFFF
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Data1_Compare1=0xFF
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Data2_Compare1=0xFF
${PEF_CONFIG} --commit -e ${EVENT_FILTER}:Event_Data3_Compare1=0xFF
# clean up
PASSWORD="_____oh_____yes_____this_____once_____was_____a_____password_____"
......
......@@ -13,12 +13,23 @@ module Sys
flags[:separator] ||= '='
flags[:separator].strip!
if flags[:separator].length > 0
flags[:separator].prepend(' ') << ' '
else
if flags[:spaces_around_separator].nil?
flags[:spaces_around_separator] = true
end
if flags[:alignment].nil?
flags[:alignment] = true
end
if flags[:separator].length == 0
flags[:separator] = ' '
end
if flags[:spaces_around_separator]
flags[:separator].prepend(' ') << ' '
end
# Should not be set by user
flags[:align] = ''
file = ''
......@@ -27,12 +38,14 @@ module Sys
max_key_length = section.keys.max_by {|e| e.length}.length
section.each do |k, v|
flags[:align] = ''
(max_key_length - k.length).times { flags[:align] << ' '}
if flags[:alignment]
(max_key_length - k.length).times { flags[:align] << ' '}
end
render_harry_config(file, k, v, indent, flags)
end
file << "\n"
end
return file.chop
return file.strip
end
def render_harry_config(config, key, value, indent, flags)
......@@ -52,7 +65,9 @@ module Sys
config << "#{indentation}#{key}#{flags[:align]}#{flags[:separator]}{\n"
value.each do |k, v|
flags[:align] = ''
(max_key_length - k.length).times { flags[:align] << ' '}
if flags[:alignment]
(max_key_length - k.length).times { flags[:align] << ' '}
end
render_harry_config(config, k, v, indent + 1, flags)
end
config << "#{indentation}}\n"
......
......@@ -6,4 +6,4 @@ description 'System Software configuration and maintenance'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
source_url 'https://github.com/GSI-HPC/sys-chef-cookbook'
issues_url 'https://github.com/GSI-HPC/sys-chef-cookbook/issues'
version '1.27.0'
version '1.29.3'
......@@ -16,76 +16,78 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
if node['platform_version'].to_i < 9
unless node['sys']['network']['vlan_bridges'].empty?
node['sys']['network']['vlan_bridges'].each do |bridge|
sys_network_vlan_bridge bridge do
interface node['network']['default_interface']
unless node['sys']['network']['vlan_bridges'].empty?
node['sys']['network']['vlan_bridges'].each do |bridge|
sys_network_vlan_bridge bridge do
interface node['network']['default_interface']
end
end
end
end
interfaces = node['sys']['network']['interfaces']
unless interfaces.empty?
interfaces = node['sys']['network']['interfaces']
unless interfaces.empty?
# FIXME: we only need these packages if we actually mess with VLANs
package 'vlan'
package 'bridge-utils'
# FIXME: we only need these packages if we actually mess with VLANs
package 'vlan'
package 'bridge-utils'
service 'networking'
service 'networking'
directory '/etc/network/interfaces.d'
directory '/etc/network/interfaces.d'
if node['sys']['network']['keep_interfaces']
cmd = Mixlib::ShellOut.new('grep -q "^source /etc/network/interfaces\.d/*" /etc/network/interfaces')
cmd.run_command
if cmd.status != 0
File.open("/etc/network/interfaces", "a") do |intf|
intf.puts "\n#added by Chef:\nsource /etc/network/interfaces.d/*"
if node['sys']['network']['keep_interfaces']
cmd = Mixlib::ShellOut.new('grep -q "^source /etc/network/interfaces\.d/*" /etc/network/interfaces')
cmd.run_command
if cmd.status != 0
File.open("/etc/network/interfaces", "a") do |intf|
intf.puts "\n#added by Chef:\nsource /etc/network/interfaces.d/*"
end
end
else
cookbook_file '/etc/network/interfaces' do
source 'etc_network_interfaces'
end
end
else
cookbook_file '/etc/network/interfaces' do
source 'etc_network_interfaces'
end
end
interfaces.each do |name,params|
interfaces.each do |name,params|
# set defaults
inet = params.has_key?(:inet) ? params[:inet] : 'manual'
auto = params.has_key?(:auto) ? params[:auto] : true
# set defaults
inet = params.has_key?(:inet) ? params[:inet] : 'manual'
auto = params.has_key?(:auto) ? params[:auto] : true
# merge the configuration
config = Hash.new
params.each do |key,value|
unless ["inet", "auto"].include? key
config[key] = value
# merge the configuration
config = Hash.new
params.each do |key,value|
unless ["inet", "auto"].include? key
config[key] = value
end
end
end
# try to get configuration of the default interface from Ohai
if name == node['network']['default_interface'] and inet == 'static'
config[:address] = node['ipaddress'] unless config.has_key?(:address)
config[:gateway] = node['network']['default_gateway'] unless config.has_key?(:gateway)
config[:broadcast] = node['network']['interfaces'][node['network']['default_interface']]['addresses'][config[:address]]['broadcast'] unless config.has_key?(:broadcast)
config[:netmask] = node['network']['interfaces'][node['network']['default_interface']]['addresses'][config[:address]]['netmask'] unless config.has_key?(:netmask)
end
# try to get configuration of the default interface from Ohai
if name == node['network']['default_interface'] and inet == 'static'
config[:address] = node['ipaddress'] unless config.has_key?(:address)
config[:gateway] = node['network']['default_gateway'] unless config.has_key?(:gateway)
config[:broadcast] = node['network']['interfaces'][node['network']['default_interface']]['addresses'][config[:address]]['broadcast'] unless config.has_key?(:broadcast)
config[:netmask] = node['network']['interfaces'][node['network']['default_interface']]['addresses'][config[:address]]['netmask'] unless config.has_key?(:netmask)
end
template "/etc/network/interfaces.d/#{name}" do
source 'etc_network_interfaces.d_generic.erb'
mode "0644"
variables(
:auto => auto,
:name => name,
:inet => inet,
:config => config
)
if node['sys']['network']['restart']
notifies :restart, 'service[networking]'
template "/etc/network/interfaces.d/#{name}" do
source 'etc_network_interfaces.d_generic.erb'
mode "0644"
variables(
:auto => auto,
:name => name,
:inet => inet,
:config => config
)
if node['sys']['network']['restart']
notifies :restart, 'service[networking]'
end
end
end
end
end
#
# Cookbook Name:: sys
# Recipe:: networkd
#
# Copyright 2017, Matthia Pausch
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if node['platform_version'].to_i >= 9 && !node['sys']['networkd'].empty?
delete = Dir.glob('/etc/systemd/network/*')
keep = []
node['sys']['networkd']['rename'].each do |_, name|
keep << "00-#{name}.link"
end
node['sys']['networkd']['netdev'].each do |name, config|
number_prefix = ''
unless name.match(/^[0-9]{2}-/)
number_prefix = '10-'
end
keep << "#{number_prefix}#{name}.netdev"
end
node['sys']['networkd']['network'].each do |name, config|
number_prefix = ''
unless name.match(/^[0-9]{2}-/)
number_prefix = '20-'
end
keep << "#{number_prefix}#{name}.network"
end
keep.map!{|e| "/etc/systemd/network/#{e}"}
(delete - keep).each do |f|
file f do
action :delete
end
end
node['sys']['networkd']['rename'].each do |mac, name|
template "/etc/systemd/network/00-#{name}.link" do
source "systemd_networkd_generic.erb"
helpers(Sys::Harry)
mode "0644"
variables(:sections => {'Match' => {'MACAddress' => mac}, 'Link' => {'Name' => name}})
notifies :reload, 'service[systemd-networkd]'
# initramfs needs to be updated, when systemd.link-files change.
notifies :run, 'execute[update-initramfs]'
end
end
node['sys']['networkd']['netdev'].each do |name, config|
number_prefix = ''
unless name.match(/^[0-9]{2}-/)
number_prefix = '10-'
end
template "/etc/systemd/network/#{number_prefix}#{name}.netdev" do
source "systemd_networkd_generic.erb"
helpers(Sys::Harry)
mode "0644"
variables(:sections => config)
notifies :reload, "service[systemd-networkd]"
end
end
node['sys']['networkd']['network'].each do |name, config|
number_prefix = ''
unless name.match(/^[0-9]{2}-/)
number_prefix = '20-'
end
template "/etc/systemd/network/#{number_prefix}#{name}.network" do
source "systemd_networkd_generic.erb"
helpers(Sys::Harry)
mode "0644"
variables(:sections => config)
notifies :reload, "service[systemd-networkd]"
end
end
service 'systemd-networkd' do
supports :status => true, :restart => true, :reload => true
action [:enable, :start]
end
# initramfs needs to be updated, when systemd.link-files change.
execute 'update-initramfs' do
action :nothing
command 'update-initramfs -u'
end
end
......@@ -48,5 +48,3 @@ unless node['sys']['nis']['servers'].empty?
end
end
package 'nscd' if node['sys']['nscd']['enable']
......@@ -4,7 +4,7 @@
#
# This file is managed by the Chef `sys` cookbook.
node_name '<%= node.fqdn %>'
node_name '<%= node['fqdn'] %>'
chef_server_url '<%= @server_url %>'
client_key "<%= @client_key %>"
......
......@@ -4,6 +4,10 @@
#
# This file is managed by the Chef `sys::autofs` cookbook.
<% if @maps.empty? -%>
+dir:/etc/auto.master.d
<% else -%>
<% @maps.each_pair do |path, conf| -%>
<%= path %> <%= conf[:map] %> <%= conf[:options] %>
<% end -%>
<% end -%>
......@@ -4,7 +4,7 @@
#
# This file is managed by the Chef `sys` cookbook.
node_name '<%= node.fqdn %>'
node_name '<%= node['fqdn'] %>'
chef_server_url '<%= @server_url %>'
client_key "<%= @client_key %>"
......
......@@ -3,7 +3,7 @@
# for the NEED_ options are "yes" and "no".
# Do you want to start the statd daemon? It is not needed for NFSv4.
<%= node.sys.nfs.krb5 ? 'NEED_STATD="no"' : 'NEED_IDMAPD="yes"' %>
<%= node['sys']['nfs']['krb5'] ? 'NEED_STATD="no"' : 'NEED_IDMAPD="yes"' %>
# Options for rpc.statd.
# Should rpc.statd listen on a specific port? This is especially useful
......@@ -13,7 +13,7 @@
STATDOPTS=
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
<%= node.sys.nfs.krb5 ? 'NEED_IDMAPD="yes"' : "NEED_IDMAPD=" %>
<%= node['sys']['nfs']['krb5'] ? 'NEED_IDMAPD="yes"' : "NEED_IDMAPD=" %>
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
<%= node.sys.nfs.krb5 ? 'NEED_GSSD="yes"' : "NEED_GSSD=" %>
<%= node['sys']['nfs']['krb5'] ? 'NEED_GSSD="yes"' : "NEED_GSSD=" %>
......@@ -10,5 +10,5 @@ K5START_START="yes"
# Options for k5start.
K5START_KEYTAB=/etc/nslcd.keytab
K5START_CCREFRESH=60
K5START_PRINCIPAL='nslcd/<%= node.fqdn %>'
K5START_PRINCIPAL='nslcd/<%= node['fqdn'] %>'
K5START_CCFILE='/tmp/krb5cc_nslcd'
......@@ -3,7 +3,7 @@
# Configuration file for ferm(1), created by Chef cookbook sys::ferm
#
<% node.sys.ferm.rules.each do |domain, tables| -%>
<% node['sys']['ferm']['rules'].each do |domain, tables| -%>
domain <%= domain %> {
<% tables.each do |table, chains| -%>
table <%= table %> {
......@@ -18,4 +18,3 @@ domain <%= domain %> {
<% end -%>
}
<% end -%>
<%= generate_harry_config(@sections) %>
\ No newline at end of file
<%= generate_harry_config(@sections) %>
<% node.sys.nscd.each do |map, config| -%>
<% node['sys']['nscd'].each do |map, config| -%>
<% max = config.keys.max { |a, b| a.length <=> b.length }.length %>
<% config.each do |k,v| -%>
<% spaces = ""; (max + 1 - k.length).times { spaces << " " } -%>
......@@ -8,5 +8,4 @@
<%= "#{k}#{spaces}#{map} #{v}" %>
<% end -%>
<% end -%>
<% end -%>
......@@ -19,6 +19,6 @@ base <%= @searchbase -%>
sasl_mech GSSAPI
sasl_realm <%= @realm %>
sasl_authcid nslcd/<%= node.fqdn %>@<%= @realm %>
sasl_authzid u:nslcd/<%= node.fqdn %>
sasl_authcid nslcd/<%= node['fqdn'] %>@<%= @realm %>
sasl_authzid u:nslcd/<%= node['fqdn'] %>
krb5_ccname /tmp/krb5cc_nslcd
......@@ -4,5 +4,5 @@
#
# This file is managed by the Chef `sys` cookbook.
@<%= node.fqdn %> @gsi.de
@<%= node.hostname%> @gsi.de
@<%= node['fqdn'] %> @gsi.de
@<%= node['hostname'] %> @gsi.de
......@@ -32,12 +32,12 @@ readme_directory = no
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = <%= node.fqdn %>
myhostname = <%= node['fqdn'] %>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = <%= @virtual_alias_maps %>
myorigin = /etc/mailname
mydestination = <%= node.fqdn %>, localhost.<%= node.domain %>, localhost <%= @mydestination ? ", #{@mydestination}" : '' %>
mydestination = <%= node['fqdn'] %>, localhost.<%= node['domain'] %>, localhost <%= @mydestination ? ", #{@mydestination}" : '' %>
<%# TODO: no MX lookups as long as brackets are hard-coded here -%>
relayhost = [<%= @relay %>]
<%= "relay_domains = #{@relay_domains.join(', ')}" if @relay_domains %>
......
......@@ -32,14 +32,14 @@ mem_free_perc=$(free | grep Mem | awk '{printf "%.2f%%" , $4/$2 * 100.0}')
mem_free_perccc=$(free | grep "buffers/cache" | awk '{printf "%.2f%%" , $4/($3+$4) * 100.0}')
echo "
Node: <%= node.fqdn %> (<%= node.ipaddress %>)
Platform: <%= node.lsb.description if node.lsb.has_key? 'description' %>
Node: <%= node['fqdn'] %> (<%= node['ipaddress'] %>)
Platform: <%= node['lsb']['description'] if node['lsb'].has_key? 'description' %>
<% unless Chef::Config[:solo] %>
Chef-Server: <%= Chef::Config.chef_server_url %>
<% else %>
Chef-Solo: <%= Time.now %>
<% end %>
Run-list: <%= node.run_list %>
Run-list: <%= node['run_list'] %>
Tasks: $procs
Load: $(cat /proc/loadavg | cut -d' ' -f1-3)
CPU(s)%: $cpus
......
......@@ -9,7 +9,7 @@ Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
Host_Alias LOCAL = <%= node.fqdn %>
Host_Alias LOCAL = <%= node['fqdn'] %>
# User alias specification
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment