Merge pull request #83 from salt-formulas/pr/preinstall-apt-https-tranpsort2
avoid install system pkgs before repo configured
diff --git a/.travis.yml b/.travis.yml
index 3cb3de2..577330b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,6 +2,11 @@
services:
- docker
+addons:
+ apt:
+ packages:
+ - apt-transport-https
+
install:
- pip install PyYAML
- pip install virtualenv
diff --git a/README.rst b/README.rst
index 84ba3e9..856851b 100644
--- a/README.rst
+++ b/README.rst
@@ -1186,6 +1186,32 @@
username: test
password: test
+Netconsole Remote Kernel Logging
+--------------------------------
+
+Netconsole logger could be configured for configfs-enabled kernels
+(`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in
+runtime (if network is already configured), and on-boot after interface
+initialization. Notes:
+
+ * receiver could be located only in same L3 domain
+ (or you need to configure gateway MAC manually)
+ * receiver's MAC is detected only on configuration time
+ * using broadcast MAC is not recommended
+
+.. code-block:: yaml
+
+ parameters:
+ linux:
+ system:
+ netconsole:
+ enabled: true
+ port: 514 (optional)
+ loglevel: debug (optional)
+ target:
+ 192.168.0.1:
+ interface: bond0
+ mac: "ff:ff:ff:ff:ff:ff" (optional)
Usage
=====
diff --git a/linux/files/netconsole b/linux/files/netconsole
new file mode 100644
index 0000000..d7e1e67
--- /dev/null
+++ b/linux/files/netconsole
@@ -0,0 +1,136 @@
+#!/bin/sh
+SYSFS_NETCONSOLE="/sys/kernel/config/netconsole"
+NETCONSOLE_CONF="/etc/default/netconsole.conf"
+NETCONSOLE_PORT="514"
+
+netconsole_remove() {
+ for sysfsnc in "${SYSFS_NETCONSOLE}/${interface:-}-"*
+ do
+ if [ -e "${sysfsnc}" ]
+ then
+ logger -t netconsole "remove ${sysfsnc}"
+ rmdir "${sysfsnc}"
+ fi
+ done
+}
+
+netconsole_remote_mac()
+{
+ neigh()
+ {
+ ip -4 -o neigh show to "${remote_ip}" dev "${interface}" | cut -d\ -f3
+ }
+ remote_mac="$(neigh)"
+ if [ -n "${remote_mac:-}" ] && [ "${remote_mac:-}" != "INCOMPLETE" ]
+ then
+ if [ "${remote_mac:-}" != "FAILED" ]
+ then
+ echo "${remote_mac:-}"
+ return 0
+ fi
+ else
+ if ping -n -q -c 1 -w 1 -I "${interface}" "${remote_ip}" >/dev/null && remote_mac="$(neigh)" && [ -n "${remote_mac:-}" ]
+ then
+ echo "${remote_mac:-}"
+ return 0
+ fi
+ fi
+ return 1
+}
+
+netconsole_add() {
+ netconsole() {
+ iface="${1:-}"
+ remote_ip="${2:-}"
+ remote_mac="${3:-}"
+
+ if [ "${iface:-}" = "${interface:-}" ] && [ -n "${remote_ip:-}" ]
+ then
+ logger -t netconsole "from ${new_ip_address:-}@${interface:-}"
+ else
+ return 1
+ fi
+ if [ -n "${remote_mac}" ] || remote_mac="$(netconsole_remote_mac)"
+ then
+ logger -t netconsole "to ${remote_ip} ${remote_mac}"
+ else
+ return 1
+ fi
+
+ sysfsnc="${SYSFS_NETCONSOLE}/${interface}-${remote_ip}"
+
+ if [ -e "${sysfsnc}" ] && [ -z "${old_ip_address:-}" ]
+ then
+ old_ip_address="$(cat "${sysfsnc}/local_ip")"
+ fi
+
+ if [ "${old_ip_address:-}" != "${new_ip_address:-}" ] || ! [ -e "${sysfsnc}" ]
+ then
+ logger -t netconsole "setup netconsole"
+ else
+ return 1
+ fi
+
+ mkdir -p "${sysfsnc}"
+ if [ "$(cat "${sysfsnc}/enabled")" != "0" ]
+ then
+ echo "0" > "${sysfsnc}/enabled"
+ fi
+
+ if [ -n "${new_ip_address:-}" ]
+ then
+ echo "${new_ip_address}" > "${sysfsnc}/local_ip"
+ fi
+ echo "${interface}" > "${sysfsnc}/dev_name"
+ echo "${remote_mac}" > "${sysfsnc}/remote_mac"
+ echo "${remote_ip}" > "${sysfsnc}/remote_ip"
+ echo "${PORT:-${NETCONSOLE_PORT}}" > "${sysfsnc}/remote_port"
+ echo "1" > "${sysfsnc}/enabled"
+ return 0
+ }
+
+ if [ -f "${NETCONSOLE_CONF}" ]
+ then
+ modprobe netconsole
+ mountpoint -q /sys/kernel/config || mount none -t configfs /sys/kernel/config
+
+ if [ -e "${SYSFS_NETCONSOLE}" ]
+ then
+ (
+ set -x
+ set +e
+ . "${NETCONSOLE_CONF}"
+ ) ||:
+ fi
+ fi
+}
+
+netconsole_setup() {
+ case ${reason:-} in
+ BOUND|RENEW|REBIND|REBOOT)
+ netconsole_add
+ ;;
+ EXPIRE|FAIL|RELEASE|STOP)
+ netconsole_remove
+ ;;
+ PREINIT) : ;;
+ *)
+ if [ "${ADDRFAM:-}" = "inet" ] && [ "${METHOD:-}" = "static" ]
+ then
+ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ interface="${IFACE:-}"
+ new_ip_address="${IF_ADDRESS:-}"
+ case ${MODE:-} in
+ start)
+ netconsole_add
+ ;;
+ stop)
+ netconsole_remove
+ ;;
+ *) : ;;
+ esac
+ fi
+ esac
+}
+
+netconsole_setup
diff --git a/linux/files/netconsole.conf b/linux/files/netconsole.conf
new file mode 100644
index 0000000..01b2ced
--- /dev/null
+++ b/linux/files/netconsole.conf
@@ -0,0 +1,22 @@
+{%- from "linux/map.jinja" import system with context %}
+# default port is 514
+#PORT=6666
+{%- if system.netconsole is mapping and system.netconsole.port is defined %}
+PORT="{{ system.netconsole.port }}"
+{%- endif %}
+
+# unicast, could be multiline
+#netconsole ens3 192.168.1.32 fa:16:3e:8d:f6:d0
+{%- if system.netconsole is mapping and system.netconsole.target is mapping %}
+{%- for target, data in system.netconsole.target.iteritems() %}
+{%- if data is mapping %}
+netconsole "{{ data.get('interface', '${interface}') }}" "{{ target }}" "{{ data.get('mac', '') }}"
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+
+# set up dmesg log level
+# dmesg -n info
+{%- if system.netconsole is mapping and system.netconsole.loglevel is defined %}
+dmesg -n "{{ system.netconsole.loglevel }}"
+{%- endif %}
diff --git a/linux/map.jinja b/linux/map.jinja
index a0b6112..8ed9533 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -185,3 +185,29 @@
},
},
}, grain='os_family', merge=salt['pillar.get']('linux:storage')) %}
+
+
+{% set monitoring = salt['grains.filter_by']({
+ 'default': {
+ 'zombie': {
+ 'warn': 3,
+ 'crit': 7,
+ },
+ 'procs': {
+ 'warn': 5000,
+ 'crit': 10000,
+ },
+ 'load': {
+ 'warn': '6,4,2',
+ 'crit': '12,8,4',
+ },
+ 'swap': {
+ 'warn': '50%',
+ 'crit': '20%',
+ },
+ 'disk': {
+ 'warn': '15%',
+ 'crit': '5%',
+ },
+ },
+}, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}
diff --git a/linux/meta/sensu.yml b/linux/meta/sensu.yml
index 06a3775..596538b 100644
--- a/linux/meta/sensu.yml
+++ b/linux/meta/sensu.yml
@@ -1,33 +1,33 @@
-{%- from "linux/map.jinja" import system,network,storage with context -%}
+{%- from "linux/map.jinja" import system,network,storage,monitoring with context -%}
check:
local_linux_system_zombie_procs:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -w 3 -c 7 -s Z"
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -w {{ monitoring.zombie.warn }} -c {{ monitoring.zombie.crit }} -s Z"
interval: 60
occurrences: 3
subscribers:
- local-linux-system
local_linux_system_total_procs:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -w 5000 -c 10000"
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -w {{ monitoring.procs.warn }} -c {{ monitoring.procs.crit }}"
interval: 60
occurrences: 5
subscribers:
- local-linux-system
local_linux_system_load:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_load -r -w 6,4,2 -c 12,8,4"
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_load -r -w {{ monitoring.load.warn }} -c {{ monitoring.load.crit }}"
interval: 60
occurrences: 1
subscribers:
- local-linux-system
{%- if storage.swap is defined %}
local_linux_storage_swap_usage_{{ system.name|replace('.', '-') }}-{{ system.domain|replace('.', '-') }}:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_swap -a -w 50% -c 20%"
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_swap -a -w {{ monitoring.swap.warn }} -c {{ monitoring.swap.crit }}"
interval: 60
occurrences: 1
subscribers:
- {{ system.name|replace('.', '-') }}-{{ system.domain|replace('.', '-') }}
{%- endif %}
local_linux_storage_disk_usage:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_disk -w 15% -c 5% -p / -p /var -p /usr -p /tmp -p /var/log"
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_disk -w {{ monitoring.disk.warn }} -c {{ monitoring.disk.crit }} -p / -p /var -p /usr -p /tmp -p /var/log"
interval: 60
occurrences: 1
subscribers:
diff --git a/linux/system/init.sls b/linux/system/init.sls
index 84c2365..45700f0 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls
@@ -80,3 +80,6 @@
{%- if system.sudo is defined %}
- linux.system.sudo
{%- endif %}
+{%- if system.netconsole is defined %}
+- linux.system.netconsole
+{%- endif %}
diff --git a/linux/system/kernel.sls b/linux/system/kernel.sls
index 11d5a38..0c352ef 100644
--- a/linux/system/kernel.sls
+++ b/linux/system/kernel.sls
@@ -10,7 +10,7 @@
/etc/default/grub.d/90-isolcpu.cfg:
file.managed:
- - contents: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT isolcpu={{ system.kernel.isolcpu }}"'
+ - contents: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT isolcpus={{ system.kernel.isolcpu }}"'
- require:
- file: grub_d_directory
- watch_in:
diff --git a/linux/system/netconsole.sls b/linux/system/netconsole.sls
new file mode 100644
index 0000000..92dab5d
--- /dev/null
+++ b/linux/system/netconsole.sls
@@ -0,0 +1,45 @@
+{% from "linux/map.jinja" import system with context %}
+{% if system.enabled and system.netconsole is mapping and system.netconsole.enabled %}
+
+/etc/dhcp/dhclient-exit-hooks.d/netconsole:
+ file.managed:
+ - source: salt://linux/files/netconsole
+ - makedirs: True
+
+/etc/network/if-up.d/netconsole:
+ file.managed:
+ - source: salt://linux/files/netconsole
+ - mode: 755
+ - makedirs: True
+
+/etc/network/if-down.d/netconsole:
+ file.managed:
+ - source: salt://linux/files/netconsole
+ - mode: 755
+ - makedirs: True
+
+/etc/default/netconsole.conf:
+ file.managed:
+ - source: salt://linux/files/netconsole.conf
+ - template: jinja
+
+{% if system.netconsole is mapping and system.netconsole.target is mapping %}
+{% for target, data in system.netconsole.target.iteritems() %}
+{% if data is mapping and data.interface is defined %}
+/etc/network/if-up.d/netconsole {{ target }} {{ data.interface }}:
+ cmd.run:
+ - name: /etc/network/if-up.d/netconsole
+ - env:
+ - IFACE: {{ data.interface }}
+ - METHOD: static
+ - ADDRFAM: inet
+ - MODE: start
+ - onchanges:
+ - file: /etc/default/netconsole.conf
+ - require:
+ - file: /etc/network/if-up.d/netconsole
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% endif %}
diff --git a/linux/system/repo.sls b/linux/system/repo.sls
index cb9c8bd..f7ab24c 100644
--- a/linux/system/repo.sls
+++ b/linux/system/repo.sls
@@ -29,6 +29,15 @@
{% set default_repos = {} %}
+{%- if system.purge_repos|default(False) %}
+
+purge_sources_list_d_repos:
+ file.directory:
+ - name: /etc/apt/sources.list.d/
+ - clean: True
+
+{%- endif %}
+
{%- for name, repo in system.repo.iteritems() %}
{%- if grains.os_family == 'Debian' %}
@@ -113,6 +122,9 @@
{%- if system.proxy.get('pkg', {}).get('enabled', False) %}
- file: /etc/apt/apt.conf.d/99proxies-salt
{%- endif %}
+ {%- if system.purge_repos|default(False) %}
+ - file: purge_sources_list_d_repos
+ {%- endif %}
{%- endif %}
@@ -159,6 +171,9 @@
- user: root
- group: root
- mode: 0644
+{%- if system.purge_repos %}
+ - replace: True
+{%- endif %}
- defaults:
default_repos: {{ default_repos }}
- require:
diff --git a/metadata/service/system/init.yml b/metadata/service/system/init.yml
index 2c4cc9c..e75718a 100644
--- a/metadata/service/system/init.yml
+++ b/metadata/service/system/init.yml
@@ -13,6 +13,7 @@
home: /root
timezone: Europe/Prague
cluster: default
+ purge_repos: false
network:
enabled: true
hostname: ${linux:system:name}
diff --git a/tests/integration/system/netconsole_spec.rb b/tests/integration/system/netconsole_spec.rb
new file mode 100644
index 0000000..f517508
--- /dev/null
+++ b/tests/integration/system/netconsole_spec.rb
@@ -0,0 +1,14 @@
+
+## NETCONSOLE
+#
+describe file('/etc/default/netconsole.conf') do
+ it('should exist')
+ its('content') { should match /^PORT="514"/}
+ its('content') { should match /^netconsole "bond0" "192.168.0.1" "ff:ff:ff:ff:ff:ff"/}
+ its('content') { should match /^dmesg -n "debug"/}
+end
+
+describe file('/etc/dhcp/dhclient-exit-hooks.d/netconsole') do
+ it('should exist')
+ its('content') { should match /netconsole_setup/}
+end
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 216bca5..4775253 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -6,6 +6,7 @@
domain: local
environment: prd
hostname: system.pillar.local
+ purge_repos: true
apparmor:
enabled: false
haveged:
@@ -265,3 +266,13 @@
- host1
- host2
- .local
+
+ # pillars for netconsole setup
+ netconsole:
+ enabled: true
+ port: 514
+ loglevel: debug
+ target:
+ 192.168.0.1:
+ mac: "ff:ff:ff:ff:ff:ff"
+ interface: bond0