Commit Graph

267 Commits

Author SHA1 Message Date
Joshua Boniface b90717e25a Make ownership check consistent with cmk-agent 2.1
The new CheckMK agent uses UID 998 (dynamic) for itself. This causes
ownership problems with the old logic of this check. Move instead to a
range, where the UIDs from 200-599 are reserved for administrators, and
check for this range explicitly. Also eliminates the exceptions for ceph
and 2000 from previous iterations.
2022-05-31 22:33:07 -04:00
Joshua Boniface 1a7969b707 Update freshness checks 2022-05-31 22:27:30 -04:00
Joshua Boniface 8f28decfe2 Replace freshness and kernel_version checks
Use an updated plugin from BLSE that uses needrestart instead of manual
parsing of these elements.
2022-05-31 22:27:30 -04:00
Joshua Boniface 0a8b1bfa6e Add method to remove inactive SSH keys 2022-05-18 14:47:27 -04:00
Joshua Boniface dd4825a30a Ensure packages are installed as newhost 2022-04-26 11:10:11 -04:00
Joshua Boniface edcf14a78c Ensure Admin users are in additional groups 2022-01-04 15:13:13 -05:00
Joshua Boniface db77d5fcdd Populate /etc/timezone as well 2022-01-01 16:29:15 -05:00
Joshua Boniface 7b07a81eca Convert default libvirtd to template 2022-01-01 01:50:54 -05:00
Joshua Boniface 4b6fdf301f Make locale generation universal
Don't rely on a notify/handler, just do it every time in the base role.
2021-12-28 14:57:25 -05:00
Joshua Boniface d859e032be Ensure insecure_global_id_reclaim is false 2021-12-28 02:06:38 -05:00
Joshua Boniface e48b6eef3a Fix bugs with Patroni bootstrap 2021-12-20 16:52:53 -05:00
Joshua Boniface 908982e97d Add proper PostgreSQL versioning 2021-12-15 12:11:49 -05:00
Joshua Boniface f8898f22b4 Ensure all zkCli has -server set 2021-12-15 11:29:10 -05:00
Joshua Boniface a9d636dcf5 Fix incorrect postgresql version 2021-12-15 02:22:10 -05:00
Joshua Boniface c7a11ca396 Customize grub distributor 2021-12-09 12:54:52 -05:00
Joshua Boniface 2d2e5aff80 Set postfix to listen on all interfaces
Binding to just localhost was causing problems.
2021-12-01 13:03:16 -05:00
Joshua Boniface e4e084cc5b Fix name of task 2021-11-15 14:46:44 -05:00
Joshua Boniface bea79b5102 Add immutability to PVC subrole
1. Remove the obsolete pvc-vacuum script install.

2. Remove notifies when modifying configs; we do not want to restart the
daemons uncontrolled.

3. Add bootstrap check to package installs so they only happen on
bootstrap.

This ensures this part of the role, on re-runs, will *only* update
configs and not actually touch the running daemon. This makes it safe to
run before a oneshot/update-pvc-daemons.yml playbook run.
2021-11-15 10:51:38 -05:00
Joshua Boniface bb3b7e3922 Fix a few more splits 2021-11-11 17:37:27 -05:00
Joshua Boniface 414678f683 Fix a few more extraneous splits
Just use this_node if applicable, or the raw node.hostname.
2021-11-11 17:35:42 -05:00
Joshua Boniface b24e539252 Remove extraneous splits
The node.hostname should always be short.
2021-11-11 17:31:56 -05:00
Joshua Boniface 243c910d6d Unify and standardize inventory_hostname
This was causing some confusing conflicts, so create a new fact called
"this_node" which is inventory_hostname.split('.')[0], i.e. the short
name, and use that everywhere instead of an FQDN or true inventory
hostname.
2021-11-11 17:19:03 -05:00
Joshua Boniface fed71d7add Add option for setting CPU governor
Allows the administrator to set a CPU frequency governor if they need
to, though the default of ondemand is usually sufficient.
2021-11-08 00:21:58 -05:00
Joshua Boniface dd60b6b9ea Fix name of IPMI check again 2021-11-02 22:21:16 -04:00
Joshua Boniface 99682c16a2 Fix name of ipmi check 2021-11-02 22:16:47 -04:00
Joshua Boniface 319ca891d5 Add IPMI check to tasks 2021-11-02 22:04:51 -04:00
Joshua Boniface b7bca571a8 Adjust headers and add LOM check 2021-11-02 22:04:27 -04:00
Joshua Boniface bd98fdfbd8 Add node list to PVC MOTD 2021-11-02 22:04:27 -04:00
Joshua Boniface 079013dfbc Fix whitespaced manufacturer and bad [[ 2021-10-11 15:08:04 -04:00
Joshua Boniface 8c3b5d7dab Add coordinator state to MOTD 2021-10-11 15:05:01 -04:00
Joshua Boniface cb6199ef0d Support unknown manufacturers in MOTD 2021-10-11 14:59:55 -04:00
Joshua Boniface 34a016bdac Ignore errors restarting libvirtd
This seems to inexplicably fail sometimes. We can just ignore it.
2021-10-11 14:47:04 -04:00
Joshua Boniface 739c60fce0 Add resolv.conf customization 2021-10-11 14:41:29 -04:00
Joshua Boniface 3de777a036 Disable unified cgroup heirarchy on kernel cmdline
This is required on Debian 11 to use the cset tool, since the newer
systemd implementation of a unified cgroup hierarchy is not compatible
with the cset tool.

Ref for future use:
  https://github.com/lpechacek/cpuset/issues/40
2021-10-10 03:44:13 -04:00
Joshua Boniface f0f3960250 Use inventory_hostname in IPMI fragment 2021-10-10 02:57:54 -04:00
Joshua Boniface 5ab40fa15f Update bondX configuration 2021-10-10 02:31:47 -04:00
Joshua Boniface 2c0e09f657 Add setting bridge_mtu to config 2021-10-09 19:29:22 -04:00
Joshua Boniface 859cfbb51e Add smartmontools to base package list 2021-10-07 15:18:45 -04:00
Joshua Boniface 5797535997 Adjust documentation and behaviour of cpuset
1. Detail the caveats and specific situations and ref the documentation
which will provide more details.

2. Always install the configs, but use /etc/default/ceph-osd-cpuset to
control if the script does anything or not (so, the "osd" cset set is
always active just not set in a special way.
2021-09-29 20:49:00 -04:00
Joshua Boniface 81cf341c32 Install cset configs even if disabled
The setup script handles this instead.
2021-09-29 10:23:01 -04:00
Joshua Boniface 645249b57e Allow dynamic enabling/disabling of cset
Add a separate config to handle enable/disable on the system itself.
2021-09-29 10:21:47 -04:00
Joshua Boniface 8ac2a5ea0c Adjust default ceph.conf parameters
1. Remove an explicit OSD journal size, especially such a small one (no
clue why I ever added that...)

2. Add max scrubs, disable scrub during recovery, and set scrub sleep.

3. Add max backfills, tune recovery sleep to 0 to prioritize recovery.
2021-09-28 02:09:50 -04:00
Joshua Boniface 732bfe732c Add Ceph OSD cpuset tuning options
Allows an administrator to set CPU pinning with the cpuset tool for Ceph
OSDs, in situations where CPU contention with VMs or other system tasks
may be negatively affecting OSD performance. This is optional, advanced
tuning and is disabled by default.
2021-09-27 00:27:57 -04:00
Joshua Boniface d7b07925bb Fix bad flag 2021-09-09 13:07:15 -04:00
Joshua Boniface 77c84cec52 Add package installs for different Debian versions 2021-09-09 12:59:18 -04:00
Joshua Boniface a91112fa71 Move paths and keys to defaults 2021-08-24 15:25:42 -04:00
Joshua Boniface 2e9d02ab52 Add additional CMK checks 2021-08-21 15:41:44 -04:00
Joshua Boniface b37d6c3009 Wait longer when restarting services
From 15 -> 30 seconds to ensure more time for stabilization before
proceeding with the next.
2021-07-30 11:46:49 -04:00
Joshua Boniface b62731199f Add default features flag to ceph.conf generator
Coupled with the removal of explicit --image-features flags to the RBD
command in PVC itself, this ensures that only the two features supported
on kernel 4.19 are enabled by default.
2021-07-30 11:39:24 -04:00
Joshua Boniface 2cc4548af6 Fix sources.list for Bullseye 2021-07-26 00:36:39 -04:00