├── saltsrc ├── addon │ └── added ├── salt-hash ├── absent.sls ├── py_render.py ├── update_minion.sh └── init.sls ├── .gitignore ├── files ├── test-file3 ├── testfile ├── testfile2 ├── ext-files-second.sls ├── ext-files.sls ├── absent.sls └── init.sls ├── _modules └── foo.py ├── emacs ├── absent.sls └── init.sls ├── small ├── edit │ ├── emacs.sls │ ├── vim.sls │ └── vimrc ├── pypy │ └── init.sls ├── xcbc │ └── init.sls ├── python │ ├── pymongo.sls │ ├── mako.sls │ ├── init.sls │ └── django.sls ├── rubygems │ ├── pillar │ │ ├── top.sls │ │ └── gems.sls │ └── salt │ │ └── rubygems │ │ └── init.sls ├── tags │ └── init.sls ├── munin │ ├── files │ │ ├── nginx │ │ │ ├── plugin-conf.d │ │ │ │ └── nginx │ │ │ └── plugins │ │ │ │ ├── nginx_request │ │ │ │ ├── nginx_status │ │ │ │ └── nginx_combined_localhost │ │ ├── node │ │ │ ├── checkPermissions.sh │ │ │ └── munin-node.conf │ │ ├── php5-fpm │ │ │ └── plugins │ │ │ │ ├── phpfpm_memory │ │ │ │ ├── phpfpm_processes │ │ │ │ ├── phpfpm_average │ │ │ │ ├── phpfpm_connections │ │ │ │ └── phpfpm_status │ │ └── server │ │ │ └── munin.conf │ ├── server.sls │ ├── nginx.sls │ ├── php5-fpm.sls │ └── node.sls ├── swap │ └── init.sls ├── hosts │ └── init.sls ├── mongodb-10gen │ ├── 10gen.list │ ├── 10gen.repo │ ├── init.sls │ └── mongodb.conf ├── ssh │ ├── server.sls │ └── init.sls ├── redis │ └── init.sls ├── salt │ ├── dirs.sls │ ├── syndic.sls │ ├── master.sls │ ├── init.sls │ ├── minion │ └── master ├── users │ └── init.sls ├── haproxy │ └── init.sls ├── apache │ └── init.sls ├── libpamcracklib │ ├── init.sls │ └── common-password ├── recurse │ ├── linux │ │ ├── Kconfig │ │ ├── virt │ │ │ └── kvm │ │ │ │ ├── Kconfig │ │ │ │ ├── coalesced_mmio.h │ │ │ │ ├── async_pf.h │ │ │ │ ├── iodev.h │ │ │ │ ├── ioapic.h │ │ │ │ ├── coalesced_mmio.c │ │ │ │ ├── async_pf.c │ │ │ │ ├── iommu.c │ │ │ │ └── ioapic.c │ │ ├── .gitignore │ │ ├── Kbuild │ │ ├── REPORTING-BUGS │ │ └── .mailmap │ └── init.sls ├── sudo │ ├── init.sls │ └── sudoers ├── mongodb │ ├── repset.js │ ├── check_mongo_status.sh │ ├── init.sls │ └── mongodb.conf ├── fail2ban │ ├── init.sls │ ├── fail2ban.conf │ └── jail.conf ├── ruby-1.9.2 │ └── init.sls ├── opengeo │ └── init.sls ├── lamp-drupal │ └── init.sls └── ruby │ └── rvm.sls ├── date └── init.sls ├── _grains └── test_grains.py ├── ceph ├── apt.list ├── ufw.rules ├── extras.sls ├── README.rst ├── eval.sls └── eval.conf ├── hosts ├── absent.sls └── init.sls ├── .travis └── minion ├── openstack ├── keystone │ ├── policy.json │ ├── ec2rc │ ├── default_catalog.templates │ └── keystone.conf ├── glance │ ├── policy.json │ ├── glance-scrubber-paste.ini │ ├── glance-cache-paste.ini │ ├── glance-registry-paste.ini │ ├── glance-scrubber.conf │ ├── glance-cache.conf │ ├── glance-registry.conf │ ├── glance-api-paste.ini │ └── glance-api.conf ├── nova │ ├── nova.conf │ ├── policy.json │ └── api-paste.ini └── init.sls ├── absent-core.sls ├── kernel ├── absent.sls └── init.sls ├── ssh ├── server │ ├── absent.sls │ └── init.sls ├── absent.sls └── init.sls ├── python └── init.sls ├── selinux.sls ├── core.sls ├── small-core.sls ├── users ├── absent.sls └── init.sls ├── http ├── php.sls ├── absent.sls └── init.sls ├── ldap ├── ldap.conf └── init.sls ├── absent.sls ├── crons ├── absent.sls └── init.sls ├── iptables ├── init.sls └── iptables ├── epel.sls ├── top.sls ├── vim ├── absent.sls ├── init.sls └── vimrc ├── small.sls ├── .travis.yml └── README.rst /saltsrc/addon/added: -------------------------------------------------------------------------------- 1 | added 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .*sw[op] 2 | *~ 3 | *pyc 4 | -------------------------------------------------------------------------------- /files/test-file3: -------------------------------------------------------------------------------- 1 | eggs 2 | spam 3 | 4 | -------------------------------------------------------------------------------- /_modules/foo.py: -------------------------------------------------------------------------------- 1 | def bar(): 2 | return True 3 | -------------------------------------------------------------------------------- /emacs/absent.sls: -------------------------------------------------------------------------------- 1 | emacs: 2 | pkg: 3 | - absent 4 | -------------------------------------------------------------------------------- /emacs/init.sls: -------------------------------------------------------------------------------- 1 | emacs: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /saltsrc/salt-hash: -------------------------------------------------------------------------------- 1 | md5=e138491e9d5b97023cea823fe17bac22 2 | -------------------------------------------------------------------------------- /small/edit/emacs.sls: -------------------------------------------------------------------------------- 1 | emacs: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /small/pypy/init.sls: -------------------------------------------------------------------------------- 1 | pypy: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /small/xcbc/init.sls: -------------------------------------------------------------------------------- 1 | xcbc: 2 | kmod: 3 | - present 4 | -------------------------------------------------------------------------------- /small/python/pymongo.sls: -------------------------------------------------------------------------------- 1 | pymongo: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /small/rubygems/pillar/top.sls: -------------------------------------------------------------------------------- 1 | base: 2 | '*': 3 | - gems 4 | -------------------------------------------------------------------------------- /files/testfile: -------------------------------------------------------------------------------- 1 | cheese 2 | {{grains['os']}} 3 | {{grains['saltpath']}} 4 | -------------------------------------------------------------------------------- /date/init.sls: -------------------------------------------------------------------------------- 1 | # cmd.run 2 | date > /tmp/date: 3 | cmd: 4 | - run 5 | -------------------------------------------------------------------------------- /_grains/test_grains.py: -------------------------------------------------------------------------------- 1 | def foorbar(): 2 | return {'cheese_grain': 865765} 3 | -------------------------------------------------------------------------------- /files/testfile2: -------------------------------------------------------------------------------- 1 | cheese 2 | {{grains['os']}} 3 | {{grains['saltpath']}} 4 | barr 5 | -------------------------------------------------------------------------------- /small/tags/init.sls: -------------------------------------------------------------------------------- 1 | echo $(date) > /root/tag: 2 | cmd: 3 | - run 4 | 5 | -------------------------------------------------------------------------------- /ceph/apt.list: -------------------------------------------------------------------------------- 1 | deb http://ceph.com/debian/ {{ grains['lsb_distrib_codename'] }} main 2 | -------------------------------------------------------------------------------- /hosts/absent.sls: -------------------------------------------------------------------------------- 1 | eggs.spam: 2 | host: 3 | - absent 4 | - ip: 192.168.42.42 5 | -------------------------------------------------------------------------------- /hosts/init.sls: -------------------------------------------------------------------------------- 1 | eggs.spam: 2 | host: 3 | - present 4 | - ip: 192.168.42.42 5 | -------------------------------------------------------------------------------- /.travis/minion: -------------------------------------------------------------------------------- 1 | file_client: local 2 | file_roots: 3 | base: 4 | - /srv/salt/states 5 | -------------------------------------------------------------------------------- /small/munin/files/nginx/plugin-conf.d/nginx: -------------------------------------------------------------------------------- 1 | [nginx*] 2 | env.url http://localhost/nginx_status -------------------------------------------------------------------------------- /small/swap/init.sls: -------------------------------------------------------------------------------- 1 | vm.swappiness: 2 | sysctl: 3 | - present 4 | - value: 20 5 | -------------------------------------------------------------------------------- /small/hosts/init.sls: -------------------------------------------------------------------------------- 1 | cheeseshop: 2 | host: 3 | - present 4 | - ip: 82.94.164.168 5 | -------------------------------------------------------------------------------- /openstack/keystone/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "admin_required": [["role:admin"], ["is_admin:1"]] 3 | } 4 | -------------------------------------------------------------------------------- /saltsrc/absent.sls: -------------------------------------------------------------------------------- 1 | # file.recurse 2 | /saltsrc: 3 | file: 4 | - absent 5 | - force: True 6 | -------------------------------------------------------------------------------- /small/mongodb-10gen/10gen.list: -------------------------------------------------------------------------------- 1 | deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen -------------------------------------------------------------------------------- /openstack/glance/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": [], 3 | "manage_image_cache": [["role:admin"]] 4 | } 5 | -------------------------------------------------------------------------------- /absent-core.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - edit.vim 3 | - date 4 | - crons 5 | - http 6 | - saltsrc 7 | - files 8 | - hosts 9 | -------------------------------------------------------------------------------- /kernel/absent.sls: -------------------------------------------------------------------------------- 1 | wp512: 2 | kmod: 3 | - absent 4 | 5 | vm.swappiness: 6 | sysctl: 7 | - present 8 | - value: 60 9 | -------------------------------------------------------------------------------- /kernel/init.sls: -------------------------------------------------------------------------------- 1 | wp512: 2 | kmod: 3 | - present 4 | 5 | vm.swappiness: 6 | sysctl: 7 | - present 8 | - value: 14 9 | -------------------------------------------------------------------------------- /saltsrc/py_render.py: -------------------------------------------------------------------------------- 1 | def run(): 2 | ''' 3 | Return a string to be added to a file 4 | ''' 5 | return 'foobar!\n' 6 | -------------------------------------------------------------------------------- /small/ssh/server.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - ssh 3 | 4 | sshd: 5 | service: 6 | - running 7 | require: 8 | - pkg: openssh 9 | -------------------------------------------------------------------------------- /ssh/server/absent.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - ssh 3 | 4 | sshd: 5 | service: 6 | - running 7 | require: 8 | - pkg: openssh 9 | -------------------------------------------------------------------------------- /ssh/server/init.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - ssh 3 | 4 | sshd: 5 | service: 6 | - running 7 | require: 8 | - pkg: openssh 9 | -------------------------------------------------------------------------------- /small/redis/init.sls: -------------------------------------------------------------------------------- 1 | redis: 2 | service: 3 | - running 4 | - require: 5 | - pkg: redis 6 | pkg: 7 | - installed 8 | -------------------------------------------------------------------------------- /small/salt/dirs.sls: -------------------------------------------------------------------------------- 1 | /srv/salt: 2 | file: 3 | - directory 4 | - user: bin 5 | - group: wheel 6 | - mode: 777 7 | - makedirs: True 8 | -------------------------------------------------------------------------------- /openstack/glance/glance-scrubber-paste.ini: -------------------------------------------------------------------------------- 1 | [app:glance-scrubber] 2 | paste.app_factory = glance.common.wsgi:app_factory 3 | glance.app_factory = glance.store.scrubber:Scrubber 4 | -------------------------------------------------------------------------------- /python/init.sls: -------------------------------------------------------------------------------- 1 | python-pkgs: 2 | pkg: 3 | - installed 4 | - names: 5 | - python-mako 6 | - python-twisted 7 | - python-twill 8 | - python-typepad 9 | -------------------------------------------------------------------------------- /selinux.sls: -------------------------------------------------------------------------------- 1 | selinux: 2 | pkg.installed: 3 | - names: 4 | - libsemanage 5 | - setools-console 6 | - policycoreutils-python 7 | 8 | 9 | -------------------------------------------------------------------------------- /core.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - vim 3 | - date 4 | - crons 5 | - http 6 | - saltsrc 7 | - ssh 8 | - files 9 | - hosts 10 | 11 | psmisc: 12 | pkg: 13 | - installed 14 | -------------------------------------------------------------------------------- /small-core.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - ssh.server 3 | - sudo 4 | - edit.vim 5 | - edit.emacs 6 | - users 7 | - tags 8 | - hosts 9 | - salt.dirs 10 | - xcbc 11 | - swap 12 | -------------------------------------------------------------------------------- /small/munin/server.sls: -------------------------------------------------------------------------------- 1 | # Example Configurations for Munin Server 2 | # Originally for Ubuntu 10.04, package 3 | # name may be different for your dist 4 | 5 | munin: 6 | pkg: 7 | - installed 8 | -------------------------------------------------------------------------------- /openstack/keystone/ec2rc: -------------------------------------------------------------------------------- 1 | ADMIN_ACCESS=ca6a24041b494faeb20c12c4deba3867 2 | ADMIN_SECRET=34a6b6e3804c4a7dacf11dfcbf8497c6 3 | DEMO_ACCESS=c9d4576c4ca04ba8bc490276aeaac01f 4 | DEMO_SECRET=f2d38bd8b5c949de9199294f3f1c4fc7 5 | -------------------------------------------------------------------------------- /small/python/mako.sls: -------------------------------------------------------------------------------- 1 | #!py 2 | 3 | def run(): 4 | ''' 5 | Install the python-mako package 6 | ''' 7 | return {'include': ['python'], 8 | 'python-mako': {'pkg': ['installed']}} 9 | 10 | 11 | -------------------------------------------------------------------------------- /small/rubygems/salt/rubygems/init.sls: -------------------------------------------------------------------------------- 1 | # Install the gems listed in pillar data. 2 | 3 | install-gems: 4 | {% for gems in pillar['rgems'] %} 5 | module.run: 6 | - name: gem.install 7 | - gems: {{ gems }} 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /users/absent.sls: -------------------------------------------------------------------------------- 1 | {% for usr in 'moe','larry','currly' %} 2 | {{ usr }}: 3 | user: 4 | - absent 5 | {% endfor %} 6 | 7 | {% for grp in 'foo','bar','baz' %} 8 | {{ grp }}: 9 | group: 10 | - absent 11 | {% endfor %} 12 | -------------------------------------------------------------------------------- /small/users/init.sls: -------------------------------------------------------------------------------- 1 | {% for usr in 'moe','larry','currly' %} 2 | {{ usr }}: 3 | user: 4 | - present 5 | {% endfor %} 6 | 7 | {% for grp in 'foo','bar','baz' %} 8 | {{ grp }}: 9 | group: 10 | - present 11 | {% endfor %} 12 | -------------------------------------------------------------------------------- /small/munin/files/node/checkPermissions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | num_of_files=$(find /etc/munin/plugins/ -maxdepth 1 -type f \! -perm -o+rx | wc -l) 4 | 5 | if [ "$num_of_files" -ne "0" ] 6 | then 7 | exit 1 8 | else 9 | exit 0 10 | fi -------------------------------------------------------------------------------- /files/ext-files-second.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - files.ext-files 3 | - http 4 | 5 | extend: 6 | /etc/test-file3: 7 | file: 8 | - managed 9 | - source: salt://files/testfile 10 | - watch: 11 | - file: /etc/testfile 12 | -------------------------------------------------------------------------------- /small/salt/syndic.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - salt.master 3 | 4 | salt-syndic: 5 | service: 6 | - running 7 | - require: 8 | - service: salt-master 9 | - watch: 10 | - pkg: salt 11 | - file: /etc/salt/master 12 | 13 | -------------------------------------------------------------------------------- /files/ext-files.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - files 3 | 4 | extend: 5 | /etc/testfile: 6 | file: 7 | - managed 8 | - source: salt://files/testfile2 9 | 10 | /etc/test-file3: 11 | file: 12 | - managed 13 | - source: salt://files/test-file3 14 | -------------------------------------------------------------------------------- /small/haproxy/init.sls: -------------------------------------------------------------------------------- 1 | haproxy: 2 | pkg: 3 | - installed 4 | service: 5 | - running 6 | - require: 7 | - pkg: haproxy 8 | file: 9 | - managed 10 | - name: /etc/haproxy/haproxy.cfg 11 | - source: salt://haproxy/haproxy.cfg 12 | -------------------------------------------------------------------------------- /small/python/init.sls: -------------------------------------------------------------------------------- 1 | python2: 2 | pkg: 3 | {% if grains['os'] != 'Arch' %} 4 | - name: python 5 | {% endif %} 6 | - installed 7 | python3: 8 | pkg: 9 | {% if grains['os'] == 'Arch' %} 10 | - name: python 11 | {% endif %} 12 | - installed 13 | -------------------------------------------------------------------------------- /small/apache/init.sls: -------------------------------------------------------------------------------- 1 | apache: 2 | pkg: 3 | {% if grains['os'] == 'RedHat' %} 4 | - name: httpd 5 | {% elif grains['os'] == 'Ubuntu' %} 6 | - name: apache2 7 | {% endif %} 8 | - installed 9 | service: 10 | - name: httpd 11 | - running 12 | -------------------------------------------------------------------------------- /http/php.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - http 3 | 4 | php: 5 | pkg: 6 | - installed 7 | {% if grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' or grains['os'] == 'Gentoo' %} 8 | - name: php5 9 | {% endif %} 10 | - require_in: 11 | - service: httpd 12 | 13 | -------------------------------------------------------------------------------- /small/rubygems/pillar/gems.sls: -------------------------------------------------------------------------------- 1 | rgems: 2 | - sinatra 3 | - rest-client 4 | - haml 5 | - json 6 | - activerecord 7 | - json_pure 8 | - journey 9 | - fastercsv 10 | - geojson 11 | - georuby 12 | - pg 13 | - rdoc 14 | - bcrypt-ruby 15 | - passenger 16 | 17 | 18 | -------------------------------------------------------------------------------- /files/absent.sls: -------------------------------------------------------------------------------- 1 | /etc/testfile: 2 | file: 3 | - absent 4 | - user: root 5 | - group: bin 6 | - mode: 723 7 | - template: jinja 8 | 9 | /cheese/spam/bacon: 10 | file: 11 | - absent 12 | - user: root 13 | - group: bin 14 | - makedirs: True 15 | 16 | 17 | -------------------------------------------------------------------------------- /small/libpamcracklib/init.sls: -------------------------------------------------------------------------------- 1 | libpam-cracklib-install: 2 | pkg.installed: 3 | - name: libpam-cracklib 4 | 5 | libpam-cracklib-config: 6 | file: 7 | - managed 8 | - name: /etc/pam.d/common-password 9 | - source: salt://libpamcracklib/common-password 10 | - require: 11 | - pkg: libpam-cracklib -------------------------------------------------------------------------------- /small/recurse/linux/Kconfig: -------------------------------------------------------------------------------- 1 | # 2 | # For a description of the syntax of this configuration file, 3 | # see Documentation/kbuild/kconfig-language.txt. 4 | # 5 | mainmenu "Linux/$ARCH $KERNELVERSION Kernel Configuration" 6 | 7 | config SRCARCH 8 | string 9 | option env="SRCARCH" 10 | 11 | source "arch/$SRCARCH/Kconfig" 12 | -------------------------------------------------------------------------------- /small/salt/master.sls: -------------------------------------------------------------------------------- 1 | # Turn on a salt master 2 | include: 3 | - salt 4 | 5 | salt-master: 6 | service: 7 | - running 8 | - watch: 9 | - pkg: salt 10 | - file: /etc/salt/master 11 | 12 | /etc/salt/master: 13 | file: 14 | - managed 15 | - source: salt://salt/master 16 | - require: 17 | - pkg: salt 18 | -------------------------------------------------------------------------------- /small/python/django.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - python 3 | - apache 4 | 5 | extend: 6 | apache: 7 | service: 8 | - watch: 9 | - pkg: django 10 | 11 | 12 | django: 13 | pkg: 14 | {% if grains['os'] == 'RedHat' %} 15 | - name: Django 16 | {% endif %} 17 | - installed 18 | - require: 19 | - pkg: python2 20 | -------------------------------------------------------------------------------- /small/mongodb-10gen/10gen.repo: -------------------------------------------------------------------------------- 1 | # 64-Bit Mongodb 2 | 3 | [10gen] 4 | name=10gen Repository 5 | baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64 6 | gpgcheck=0 7 | enabled=1 8 | 9 | #32-Bit Mongodb 10 | #[10gen] 11 | #name=10gen Repository 12 | #baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686 13 | #gpgcheck=0 14 | #enabled=1 -------------------------------------------------------------------------------- /small/recurse/init.sls: -------------------------------------------------------------------------------- 1 | /srv/linux: 2 | file: 3 | - recurse 4 | - source: salt://recurse/linux 5 | /srv/linux/linker: 6 | file: 7 | - symlink 8 | - target: /etc/passwd 9 | /srv/killme: 10 | file: 11 | - absent 12 | echo foobar: 13 | cron: 14 | - present 15 | - user: root 16 | - minute: 7 17 | - hour: 4 18 | 19 | -------------------------------------------------------------------------------- /ldap/ldap.conf: -------------------------------------------------------------------------------- 1 | # 2 | # LDAP Defaults 3 | # 4 | 5 | # See ldap.conf(5) for details 6 | # This file should be world readable but not world writable. 7 | 8 | #BASE dc=example,dc=com 9 | #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 10 | 11 | #SIZELIMIT 12 12 | #TIMELIMIT 15 13 | #DEREF never 14 | # 15 | {{ ldap_uri }} 16 | {{ ldap_base }} 17 | -------------------------------------------------------------------------------- /small/sudo/init.sls: -------------------------------------------------------------------------------- 1 | sudo: 2 | pkg: 3 | - installed 4 | /etc/sudoers: 5 | file: 6 | - managed 7 | - source: salt://sudo/sudoers 8 | - user: root 9 | {% if grains['os'] == 'FreeBSD'%} 10 | - group: wheel 11 | {% else %} 12 | - group: root 13 | {% endif %} 14 | - mode: 400 15 | - require: 16 | - pkg: sudo 17 | -------------------------------------------------------------------------------- /absent.sls: -------------------------------------------------------------------------------- 1 | # This is the QA environment state tree for testing 2 | # Anyone should be able to run this state tree on any supported platform when 3 | # it is complete 4 | 5 | base: 6 | '*': 7 | - core 8 | - http 9 | - saltsrc 10 | - users 11 | 'os:CentOS': 12 | - match: grain 13 | - redhat 14 | 'kernel:Linux': 15 | - match: grain 16 | - kernel 17 | -------------------------------------------------------------------------------- /small/munin/nginx.sls: -------------------------------------------------------------------------------- 1 | munin-nginx-plugins: 2 | file: 3 | - recurse 4 | - source: salt://munin/files/nginx/plugins 5 | - name: /etc/munin/plugins 6 | - mode: 755 7 | 8 | munin-nginx-plugin-conf: 9 | file: 10 | - recurse 11 | - source: salt://munin/files/nginx/plugin-conf.d 12 | - name: /etc/munin/plugin-conf.d 13 | - mode: 755 -------------------------------------------------------------------------------- /ceph/ufw.rules: -------------------------------------------------------------------------------- 1 | [Ceph monitor] 2 | title=Ceph monitor daemon 3 | description=distributed storage system 4 | ports=6789/tcp 5 | 6 | [Ceph storage] 7 | title=Ceph object and metadata daemons 8 | description=distributed storage system 9 | ports=6800:6810/tcp 10 | 11 | [Ceph full] 12 | title=Ceph storage and monitor daemons 13 | description=distributed storage system 14 | ports=6789,6800:6810/tcp 15 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/Kconfig: -------------------------------------------------------------------------------- 1 | # KVM common configuration items and defaults 2 | 3 | config HAVE_KVM 4 | bool 5 | 6 | config HAVE_KVM_IRQCHIP 7 | bool 8 | 9 | config HAVE_KVM_EVENTFD 10 | bool 11 | select EVENTFD 12 | 13 | config KVM_APIC_ARCHITECTURE 14 | bool 15 | 16 | config KVM_MMIO 17 | bool 18 | 19 | config KVM_ASYNC_PF 20 | bool 21 | -------------------------------------------------------------------------------- /small/munin/php5-fpm.sls: -------------------------------------------------------------------------------- 1 | munin-php5-fpm-plugins: 2 | file: 3 | - recurse 4 | - source: salt://munin/files/php5-fpm/plugins 5 | - name: /etc/munin/plugins 6 | - mode: 755 7 | 8 | munin-php5-fpm-plugin-conf: 9 | file: 10 | - recurse 11 | - source: salt://munin/files/php5-fpm/plugin-conf.d 12 | - name: /etc/munin/plugin-conf.d 13 | - mode: 755 -------------------------------------------------------------------------------- /small/mongodb/repset.js: -------------------------------------------------------------------------------- 1 | rs.initiate({ 2 | _id : "{{grains['host'].split('-')[1]}}", 3 | members : [ 4 | { _id : 0, host : "mongorep1-{{grains['host'].split('-')[1]}}.{{grains['domain']}}" }, 5 | { _id : 1, host : "mongorep2-{{grains['host'].split('-')[1]}}.{{grains['domain']}}" }, 6 | { _id : 2, host : "mongorep3-{{grains['host'].split('-')[1]}}.{{grains['domain']}}" }, 7 | ] 8 | }) 9 | -------------------------------------------------------------------------------- /crons/absent.sls: -------------------------------------------------------------------------------- 1 | # include 2 | include: 3 | - users 4 | 5 | # cron.absent 6 | date > /tmp/croncheck: 7 | cron: 8 | - absent 9 | - user: root 10 | - minute: '*/5' 11 | - hour: 4 12 | - daymonth: 2 13 | - month: 7 14 | 15 | # cron.absent 16 | lscpi > /tmp/lspcicron: 17 | cron: 18 | - absent 19 | - user: root 20 | - minute: '*/5' 21 | - hour: 4 22 | - dayweek: 2 23 | - month: 7 24 | -------------------------------------------------------------------------------- /crons/init.sls: -------------------------------------------------------------------------------- 1 | # include 2 | include: 3 | - users 4 | 5 | # cron.present 6 | date > /tmp/croncheck: 7 | cron: 8 | - present 9 | - user: root 10 | - minute: '*/5' 11 | - hour: 4 12 | - daymonth: 2 13 | - month: 7 14 | 15 | # cron.present 16 | lspci > /tmp/lspcicron: 17 | cron: 18 | - present 19 | - user: root 20 | - minute: '*/5' 21 | - hour: 4 22 | - dayweek: 2 23 | - month: 7 24 | -------------------------------------------------------------------------------- /small/fail2ban/init.sls: -------------------------------------------------------------------------------- 1 | fail2ban-pkg: 2 | pkg.installed: 3 | - name: fail2ban 4 | 5 | fail2ban-config: 6 | file: 7 | - managed 8 | - name: /etc/fail2ban/fail2ban.conf 9 | - source: salt://fail2ban/fail2ban.conf 10 | - require: 11 | - pkg: fail2ban 12 | file: 13 | - managed 14 | - name: /etc/fail2ban/jail.conf 15 | - source: salt://fail2ban/jail.conf 16 | - require: 17 | - pkg: fail2ban -------------------------------------------------------------------------------- /iptables/init.sls: -------------------------------------------------------------------------------- 1 | iptables: 2 | pkg: 3 | - installed 4 | service: 5 | - running 6 | - watch: 7 | - pkg: iptables 8 | - file: iptables 9 | file: 10 | - managed 11 | - source: salt://iptables/iptables 12 | {% if grains['os'] == 'CentOS' or grains['os'] == 'Fedora' %} 13 | - name: /etc/sysconfig/iptables 14 | {% elif grains['os'] == 'Arch' %} 15 | - name: /etc/conf.d/iptables 16 | {% endif %} 17 | -------------------------------------------------------------------------------- /epel.sls: -------------------------------------------------------------------------------- 1 | epel: 2 | cmd: 3 | - run 4 | {% if grains['osrelease'].startswith('5') %} 5 | - name: rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm 6 | {% elif grains['osrelease'].startswith('6') %} 7 | - name: rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm 8 | {% endif %} 9 | - unless: test -e /etc/yum.repos.d/epel.repo 10 | 11 | -------------------------------------------------------------------------------- /users/init.sls: -------------------------------------------------------------------------------- 1 | {% for usr in 'moe','larry','currly' %} 2 | {{ usr }}: 3 | user: 4 | - present 5 | {% endfor %} 6 | 7 | {% for grp in 'foo','bar','baz' %} 8 | {{ grp }}: 9 | group: 10 | - present 11 | {% endfor %} 12 | 13 | jdoe: 14 | user.present: 15 | - fullname: John Doe 16 | - shell: /bin/bash 17 | - home: /home/jdoe 18 | - uid: 1001 19 | - gid: 1001 20 | - groups: 21 | - wheel 22 | - storage 23 | - games 24 | -------------------------------------------------------------------------------- /small/edit/vim.sls: -------------------------------------------------------------------------------- 1 | vim: 2 | pkg: 3 | {% if grains['os'] == 'RedHat' %} 4 | - name: vim-enhanced 5 | {% endif %} 6 | - installed 7 | 8 | /etc/vimrc: 9 | file: 10 | - managed 11 | - source: salt://edit/vimrc 12 | - user: root 13 | {% if grains['os'] == 'FreeBSD'%} 14 | - group: wheel 15 | {% else %} 16 | - group: root 17 | {% endif %} 18 | - mode: 644 19 | - makedirs: True 20 | - require: 21 | - pkg: vim 22 | -------------------------------------------------------------------------------- /top.sls: -------------------------------------------------------------------------------- 1 | # This is the QA environment state tree for testing 2 | # Anyone should be able to run this state tree on any supported platform when 3 | # it is complete 4 | 5 | base: 6 | '*': 7 | - core 8 | - http 9 | - saltsrc 10 | - users 11 | - python 12 | - files 13 | - ldap 14 | - files.ext-files-second 15 | 'os:CentOS': 16 | - match: grain 17 | - redhat 18 | - iptables 19 | 'kernel:Linux': 20 | - match: grain 21 | - kernel 22 | -------------------------------------------------------------------------------- /ceph/extras.sls: -------------------------------------------------------------------------------- 1 | # these extra packages are not required to run ceph 2 | # 3 | # ceph-fuse: FUSE-based client for the Ceph distributed file system 4 | # gceph: Graphical ceph cluster status utility 5 | # python-ceph: Python libraries for interacting with RADOS and RBD 6 | 7 | ceph-extras: 8 | pkg.installed: 9 | - names: 10 | {% if grains['os'] == 'Ubuntu' %} 11 | - python-ceph 12 | - ceph-fuse 13 | - gceph 14 | {% endif %} 15 | - require: 16 | - pkg: ceph 17 | -------------------------------------------------------------------------------- /saltsrc/update_minion.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd /root/git/salt 4 | git checkout develop 5 | git pull 6 | {% if grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' %} 7 | python setup.py install --install-layout=deb 8 | {% elif grains['os'] == 'CentOS' and grains['osrelease'] == '5.7'%} 9 | python26 setup.py install 10 | {% elif grains['os'] == 'Arch' %} 11 | python2 setup.py install 12 | {% else %} 13 | python setup.py install 14 | {% endif %} 15 | 16 | killall salt-minion 17 | salt-minion -d 18 | -------------------------------------------------------------------------------- /vim/absent.sls: -------------------------------------------------------------------------------- 1 | # pkg.install 2 | vim: 3 | pkg: 4 | {% if grains['os'] == 'CentOS' or grains['os'] == 'Fedora' %} 5 | - name: vim-enhanced 6 | {% elif grains['os'] == 'Debian' %} 7 | - name: vim-runtime 8 | {% endif %} 9 | - purged 10 | 11 | {% if grains['os'] == 'Arch'%} 12 | /etc/vimrc: 13 | file: 14 | - absent 15 | - user: root 16 | - group: root 17 | - mode: 644 18 | - template: jinja 19 | - makedirs: True 20 | - require: 21 | - pkg: vim 22 | {% endif %} 23 | -------------------------------------------------------------------------------- /small/salt/init.sls: -------------------------------------------------------------------------------- 1 | # Ensure that the salt minion is running and on 2 | 3 | salt: 4 | pkg: 5 | - installed 6 | 7 | salt-minion: 8 | service: 9 | - running 10 | - require: 11 | - pkg: salt 12 | - file: /etc/salt/minion 13 | host: 14 | - present 15 | - ip: 10.10.10.1 16 | 17 | /etc/salt/minion: 18 | file: 19 | - managed 20 | - source: salt://salt/minion 21 | - user: root 22 | - group: root 23 | - mode: 644 24 | echo $(date) > /root/tag: 25 | cmd: 26 | - run 27 | 28 | -------------------------------------------------------------------------------- /vim/init.sls: -------------------------------------------------------------------------------- 1 | # pkg.install 2 | vim: 3 | pkg: 4 | - installed 5 | {% if grains['os_family'] == 'RedHat' %} 6 | - name: vim-enhanced 7 | {% elif grains['os'] == 'Debian' %} 8 | - name: vim-nox 9 | {% endif %} 10 | 11 | {% if grains['os'] == 'Arch'%} 12 | /etc/vimrc: 13 | file: 14 | - managed 15 | - source: salt://vim/vimrc 16 | - user: root 17 | - group: root 18 | - mode: 644 19 | - template: jinja 20 | - makedirs: True 21 | - require: 22 | - pkg: vim 23 | {% endif %} 24 | -------------------------------------------------------------------------------- /small/mongodb/check_mongo_status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo -n "Testing that mongo connection is available" 4 | echo exit | mongo > /dev/null 2>&1 5 | 6 | while [ $? -ne 0 ]; do 7 | echo -n "." 8 | sleep 1 9 | echo exit | mongo > /dev/null 2>&1 10 | done 11 | 12 | echo 13 | echo "Mongo connection available, and checking the replica status." 14 | 15 | if [ `mongo --quiet --eval "rs.status()['ok']"` == "1" ]; then 16 | echo "Mongo replica set is initialized properly" 17 | exit 0 18 | else 19 | echo "Mongo replica set is not initialized, and needs config object" 20 | exit 1 21 | fi 22 | 23 | -------------------------------------------------------------------------------- /openstack/glance/glance-cache-paste.ini: -------------------------------------------------------------------------------- 1 | [app:glance-pruner] 2 | paste.app_factory = glance.common.wsgi:app_factory 3 | glance.app_factory = glance.image_cache.pruner:Pruner 4 | 5 | [app:glance-prefetcher] 6 | paste.app_factory = glance.common.wsgi:app_factory 7 | glance.app_factory = glance.image_cache.prefetcher:Prefetcher 8 | 9 | [app:glance-cleaner] 10 | paste.app_factory = glance.common.wsgi:app_factory 11 | glance.app_factory = glance.image_cache.cleaner:Cleaner 12 | 13 | [app:glance-queue-image] 14 | paste.app_factory = glance.common.wsgi:app_factory 15 | glance.app_factory = glance.image_cache.queue_image:Queuer 16 | -------------------------------------------------------------------------------- /small.sls: -------------------------------------------------------------------------------- 1 | base: 2 | 'webserv*': 3 | - apache 4 | - python.django 5 | - python.mako 6 | - pypy 7 | - core 8 | - recurse 9 | - redis 10 | 'syndic*': 11 | - salt.syndic 12 | - salt.master 13 | - core 14 | 'haproxy*': 15 | - haproxy 16 | - core 17 | 'mongo*': 18 | - mongo 19 | - core 20 | 'os:RedHat': 21 | - match: grain 22 | - apache 23 | - python.django 24 | - pypy 25 | - core 26 | 'os:FreeBSD': 27 | - match: grain 28 | - sudo 29 | - edit.vim 30 | - edit.emacs 31 | - users 32 | - tags 33 | - hosts 34 | - salt.dirs 35 | 36 | -------------------------------------------------------------------------------- /http/absent.sls: -------------------------------------------------------------------------------- 1 | # pkg.latest 2 | # service.running 3 | httpd: 4 | pkg: 5 | - removed 6 | {% if grains['os'] == 'RedHat' or grains['os'] == 'Fedora' or grains['os'] == 'CentOS'%} 7 | - name: httpd 8 | {% elif grains['os'] == 'Debian' or grains['os'] == 'Ubuntu'%} 9 | - name: apache2 10 | {% elif grains['os'] == 'Gentoo' or grains['os'] == 'Arch' or grains['os'] == 'FreeBSD' %} 11 | - name: apache 12 | {% endif %} 13 | service: 14 | - dead 15 | {% if grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' or grains['os'] == 'Gentoo' %} 16 | - name: apache2 17 | {% endif %} 18 | - require: 19 | - pkg: httpd 20 | 21 | -------------------------------------------------------------------------------- /small/ruby-1.9.2/init.sls: -------------------------------------------------------------------------------- 1 | # Get it 2 | 3 | ruby-1.9.2: 4 | file.managed: 5 | - name: /tmp/ruby-1.9.2.tar.gz 6 | - source: http://ftp.ruby-lang.org/pub/ruby/ruby-1.9.2-p320.tar.gz 7 | - source_hash: md5=5ef5d9c07af207710bd9c2ad1cef4b42 8 | 9 | # Extract it 10 | 11 | extract-ruby: 12 | cmd: 13 | - cwd: /tmp 14 | - names: 15 | - tar xvf ruby-1.9.2.tar.gz 16 | - run 17 | - require: 18 | - file: ruby-1.9.2 19 | 20 | # Configure it 21 | 22 | configure-ruby: 23 | cmd: 24 | - cwd: /tmp/ruby-1.9.2-p320 25 | - names: 26 | - ./configure 27 | - make 28 | - make install 29 | - run 30 | - require: 31 | - cmd: extract-ruby 32 | 33 | 34 | -------------------------------------------------------------------------------- /small/ssh/init.sls: -------------------------------------------------------------------------------- 1 | # Just install openssh 2 | 3 | openssh: 4 | pkg: 5 | - installed 6 | 7 | AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyYvlRBsJdDOo49CNfhlWHWXQRqul6rwL4KIuPrhY7hBw0tV7UNC7J9IZRNO4iGod9C+OYutuWGJ2x5YNf7P4uGhH9AhBQGQ4LKOLxhDyT1OrDKXVFw3wgY3rHiJYAbd1PXNuclJHOKL27QZCRFjWSEaSrUOoczvAAAAFQD9d4jp2dCJSIseSkk4Lez3LqFcqQAAAIAmovHIVSrbLbXAXQE8eyPoL9x5C+x2GRpEcA7AeMH6bGx/xw6NtnQZVMcmZIre5Elrw3OKgxcDNomjYFNHuOYaQLBBMosyO++tJe1KTAr3A2zGj2xbWO9JhEzu8xvSdF8jRu0N5SRXPpzSyU4o1WGIPLVZSeSq1VFTHRT4lXB7PQAAAIBXUz6ZO0bregF5xtJRuxUN583HlfQkXvxLqHAGY8WSEVlTnuG/x75wolBDbVzeTlxWxgxhafj7P6Ncdv25Wz9wvc6ko/puww0b3rcLNqK+XCNJlsM/7lB8Q26iK5mRZzNsGeGwGTyzNIMBekGYQ5MRdIcPv5dBIP/1M6fQDEsAXQ==: 8 | ssh_auth: 9 | - present 10 | - user: root 11 | - enc: ssh-dss 12 | -------------------------------------------------------------------------------- /small/mongodb-10gen/init.sls: -------------------------------------------------------------------------------- 1 | {% if grains['os'] == 'Ubuntu' %} 2 | mongodb-10gen: 3 | cmd.run: 4 | - name: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 5 | - unless: apt-key list | grep -q 7F0CEB10 6 | - require: 7 | - file: /etc/apt/sources.list.d/10gen.list 8 | file: 9 | - managed 10 | - name: /etc/apt/sources.list.d/10gen.list 11 | - source: salt://mongodb-10gen/10gen.list 12 | - skip_verify: True 13 | {% elif grains['os_family'] == 'RedHat' %} 14 | mongodb-10gen: 15 | file: 16 | - managed 17 | - name: /etc/yum.repos.d/10gen.repo 18 | - source: salt://mongodb-10gen/10gen.repo 19 | - skip_verify: True 20 | {% endif %} 21 | pkg: 22 | - installed 23 | - refresh: True 24 | -------------------------------------------------------------------------------- /http/init.sls: -------------------------------------------------------------------------------- 1 | # pkg.latest 2 | # service.running 3 | httpd: 4 | pkg: 5 | - installed 6 | {% if grains['os'] == 'RedHat' or grains['os'] == 'Fedora' or grains['os'] == 'CentOS'%} 7 | - name: httpd 8 | {% elif grains['os'] == 'Debian' or grains['os'] == 'Ubuntu'%} 9 | - name: apache2 10 | {% elif grains['os'] == 'Gentoo' or grains['os'] == 'Arch' or grains['os'] == 'FreeBSD' %} 11 | - name: apache 12 | {% endif %} 13 | service: 14 | - running 15 | {% if grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' or grains['os'] == 'Gentoo' %} 16 | - name: apache2 17 | {% endif %} 18 | - enable: True 19 | - require: 20 | - pkg: httpd 21 | 22 | date > /tmp/started_apache: 23 | cmd: 24 | - wait 25 | - watch: 26 | - service: httpd 27 | -------------------------------------------------------------------------------- /ssh/absent.sls: -------------------------------------------------------------------------------- 1 | # Just install openssh 2 | 3 | openssh: 4 | pkg: 5 | {% if grains['os'] == 'Gentoo' %} 6 | - name: net-misc/openssh 7 | {% endif %} 8 | - removed 9 | 10 | AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyYvlRBsJdDOo49CNfhlWHWXQRqul6rwL4KIuPrhY7hBw0tV7UNC7J9IZRNO4iGod9C+OYutuWGJ2x5YNf7P4uGhH9AhBQGQ4LKOLxhDyT1OrDKXVFw3wgY3rHiJYAbd1PXNuclJHOKL27QZCRFjWSEaSrUOoczvAAAAFQD9d4jp2dCJSIseSkk4Lez3LqFcqQAAAIAmovHIVSrbLbXAXQE8eyPoL9x5C+x2GRpEcA7AeMH6bGx/xw6NtnQZVMcmZIre5Elrw3OKgxcDNomjYFNHuOYaQLBBMosyO++tJe1KTAr3A2zGj2xbWO9JhEzu8xvSdF8jRu0N5SRXPpzSyU4o1WGIPLVZSeSq1VFTHRT4lXB7PQAAAIBXUz6ZO0bregF5xtJRuxUN583HlfQkXvxLqHAGY8WSEVlTnuG/x75wolBDbVzeTlxWxgxhafj7P6Ncdv25Wz9wvc6ko/puww0b3rcLNqK+XCNJlsM/7lB8Q26iK5mRZzNsGeGwGTyzNIMBekGYQ5MRdIcPv5dBIP/1M6fQDEsAXQ==: 11 | ssh_auth: 12 | - absent 13 | - user: root 14 | - enc: ssh-dss 15 | -------------------------------------------------------------------------------- /ssh/init.sls: -------------------------------------------------------------------------------- 1 | # Just install openssh 2 | 3 | openssh: 4 | pkg: 5 | {% if grains['os'] == 'Gentoo' %} 6 | - name: net-misc/openssh 7 | {% endif %} 8 | - installed 9 | 10 | AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyYvlRBsJdDOo49CNfhlWHWXQRqul6rwL4KIuPrhY7hBw0tV7UNC7J9IZRNO4iGod9C+OYutuWGJ2x5YNf7P4uGhH9AhBQGQ4LKOLxhDyT1OrDKXVFw3wgY3rHiJYAbd1PXNuclJHOKL27QZCRFjWSEaSrUOoczvAAAAFQD9d4jp2dCJSIseSkk4Lez3LqFcqQAAAIAmovHIVSrbLbXAXQE8eyPoL9x5C+x2GRpEcA7AeMH6bGx/xw6NtnQZVMcmZIre5Elrw3OKgxcDNomjYFNHuOYaQLBBMosyO++tJe1KTAr3A2zGj2xbWO9JhEzu8xvSdF8jRu0N5SRXPpzSyU4o1WGIPLVZSeSq1VFTHRT4lXB7PQAAAIBXUz6ZO0bregF5xtJRuxUN583HlfQkXvxLqHAGY8WSEVlTnuG/x75wolBDbVzeTlxWxgxhafj7P6Ncdv25Wz9wvc6ko/puww0b3rcLNqK+XCNJlsM/7lB8Q26iK5mRZzNsGeGwGTyzNIMBekGYQ5MRdIcPv5dBIP/1M6fQDEsAXQ==: 11 | ssh_auth: 12 | - present 13 | - user: root 14 | - enc: ssh-dss 15 | -------------------------------------------------------------------------------- /ldap/init.sls: -------------------------------------------------------------------------------- 1 | ldap: 2 | pkg: 3 | - installed 4 | - names: 5 | - openldap-servers 6 | - openldap-clients 7 | file: 8 | - managed 9 | {% if grains['os'] == 'RedHat' or grains['os'] == 'CentOS' %} 10 | - name: /etc/openldap/ldap.conf 11 | {% elif grains['os'] == 'Ubuntu' %} 12 | - name: /etc/ldap/ldap.conf 13 | {% elif grains['os'] == 'Debian' %} 14 | - name: /etc/ldap/ldap.conf 15 | {% endif %} 16 | - source: salt://ldap/ldap.conf 17 | - template: jinja 18 | - user: root 19 | - context: { 20 | ldap_uri: "ldaps://ldap01.domain.com/ ldaps://p-chi-ldap02.domain.com/", 21 | ldap_base: "dc=domain,dc=com" } 22 | - group: root 23 | - mode: 644 24 | - makedirs: True 25 | - require: 26 | - pkg: openldap-servers 27 | - pkg: openldap-clients 28 | 29 | -------------------------------------------------------------------------------- /small/munin/files/php5-fpm/plugins/phpfpm_memory: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # 3 | # Munin plugin for monitoring PHP5-FPM memory usage 4 | # 5 | # Copyright TJ Stein 2010 http://constantshift.com 6 | 7 | my $PHP_BIN = exists $ENV{'phpbin'} ? $ENV{'phpbin'} : "php5-fpm"; 8 | 9 | if ( exists $ARGV[0] and $ARGV[0] eq "config" ) { 10 | print "graph_title PHP5-FPM Memory Usage\n"; 11 | print "graph_vlabel RAM\n"; 12 | print "graph_category PHP\n"; 13 | print "ram.label ram\n"; 14 | print "graph_args --base 1024\n"; 15 | } else { 16 | my $i = Integer; 17 | @cmd = `ps auwx | grep $PHP_BIN | grep -v grep | grep -v phpfpm_memory`; 18 | 19 | foreach (@cmd) { 20 | @return = split(/ +/, $_); 21 | $i += @return[5]*1024; 22 | } 23 | print "ram.value ".$i."\n"; 24 | } 25 | -------------------------------------------------------------------------------- /ceph/README.rst: -------------------------------------------------------------------------------- 1 | Ceph with Salt in 5 Minutes 2 | =========================== 3 | 4 | These `Salt States`__ will deploy Ceph according to the `5-Minute Quickstart`__ 5 | from the Ceph docs. 6 | 7 | .. __: http://github.com/saltstack/salt-states 8 | .. __: http://ceph.com/docs/master/start/quick-start/ 9 | 10 | Running a self-contained evaluation version 11 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 12 | 13 | Applying the ceph.eval state should: 14 | 15 | - install Ceph from repositories 16 | - setup a standalone evaluation config 17 | 18 | Future objectives 19 | ================= 20 | 21 | A ceph.deploy state or ceph module capable of: 22 | 23 | - setup a cluster config file 24 | - deploy monitors (mon), storage nodes (osd), and metadata servers (mds) 25 | - manage filesystems and volumes for Ceph storage 26 | - deploy Rados Block Device (rbd) and gateway (radosgw) daemons 27 | -------------------------------------------------------------------------------- /small/opengeo/init.sls: -------------------------------------------------------------------------------- 1 | # This hasn't been tested yet with RedHat or CentOS 2 | 3 | opengeo-suite-: 4 | {% if grains['os'] == 'Ubuntu' %} 5 | cmd.run: 6 | - name: wget -qO- http://apt.opengeo.org/gpg.key | apt-key add - 7 | file: 8 | - append 9 | - name: /etc/apt/sources.list 10 | - text: deb http://apt.opengeo.org/ubuntu lucid main 11 | - skip_verify: True 12 | {% endif %} 13 | {% if grains['os_family'] == 'RedHat' %} 14 | cmd.run: 15 | - name: wget http://yum.opengeo.org/centos/6/x86_64/OpenGeo.repo 16 | file: 17 | - managed 18 | - name: /etc/yum.repos.d/OpenGeo.repo 19 | - source: http://http://yum.opengeo.org/centos/6/x86_64/OpenGeo.repo 20 | - source_hash: 64d30046330f45852de542c59385571c 21 | {% endif %} 22 | pkg: 23 | - name: opengeo-suite 24 | - installed 25 | - refresh: True 26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /files/init.sls: -------------------------------------------------------------------------------- 1 | /bin/cheeseandbiscuits: 2 | file: 3 | - symlink 4 | - target: /bin/sh 5 | 6 | /etc/testfile: 7 | file: 8 | - managed 9 | - source: salt://files/testfile 10 | - user: root 11 | - group: bin 12 | - mode: 723 13 | - template: jinja 14 | 15 | /cheese/spam/bacon: 16 | file: 17 | - directory 18 | - user: root 19 | - group: bin 20 | - makedirs: True 21 | 22 | sedfile: 23 | file: 24 | - sed 25 | - name: /etc/testfile 26 | - before: cheese 27 | - after: spam 28 | - order: last 29 | 30 | /etc/hosts: 31 | file: 32 | - comment 33 | - regex: '127.0.0.1.*' 34 | - order: 50 35 | 36 | uncomment-hosts: 37 | file: 38 | - uncomment 39 | - name: /etc/hosts 40 | - regex: '.*127.0.0.1.*' 41 | - order: 51 42 | 43 | /etc/resolv.conf: 44 | file: 45 | - append 46 | - text: '# test append' 47 | 48 | -------------------------------------------------------------------------------- /saltsrc/init.sls: -------------------------------------------------------------------------------- 1 | # file.recurse 2 | /saltsrc: 3 | file: 4 | - recurse 5 | - source: salt://saltsrc/salt 6 | 7 | addon: 8 | file: 9 | - recurse 10 | - source: salt://saltsrc/addon 11 | - name: /saltsrc 12 | 13 | /root/update_minion.sh: 14 | file: 15 | - managed 16 | - mode: 755 17 | - template: jinja 18 | - source: salt://saltsrc/update_minion.sh 19 | 20 | /root/salt-0.9.5: 21 | file: 22 | - managed 23 | - source: http://pypi.python.org/packages/source/s/salt/salt-0.9.5.tar.gz 24 | - source_hash: salt://saltsrc/salt-hash 25 | 26 | /root/salt-0.9.5.line_hash: 27 | file: 28 | - managed 29 | - source: http://pypi.python.org/packages/source/s/salt/salt-0.9.5.tar.gz 30 | - source_hash: md5=e138491e9d5b97023cea823fe17bac22 31 | 32 | /root/py_render: 33 | file: 34 | - managed 35 | - source: salt://saltsrc/py_render.py 36 | - template: py 37 | -------------------------------------------------------------------------------- /openstack/nova/nova.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | logdir = /var/log/nova 3 | state_path = /var/lib/nova 4 | lock_path = /var/lib/nova/tmp 5 | dhcpbridge = /usr/bin/nova-dhcpbridge 6 | dhcpbridge_flagfile = /etc/nova/nova.conf 7 | force_dhcp_release = True 8 | injected_network_template = /usr/share/nova/interfaces.template 9 | libvirt_xml_template = /usr/share/nova/libvirt.xml.template 10 | libvirt_nonblocking = True 11 | libvirt_inject_partition = -1 12 | vpn_client_template = /usr/share/nova/client.ovpn.template 13 | credentials_template = /usr/share/nova/novarc.template 14 | network_manager = nova.network.manager.FlatDHCPManager 15 | iscsi_helper = tgtadm 16 | sql_connection = mysql://nova:nova@localhost/nova 17 | connection_type = libvirt 18 | firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver 19 | rpc_backend = nova.rpc.impl_qpid 20 | root_helper = sudo nova-rootwrap 21 | auth_strategy = keystone 22 | remove_unused_base_images = True 23 | -------------------------------------------------------------------------------- /iptables/iptables: -------------------------------------------------------------------------------- 1 | # Firewall configuration written by system-config-securitylevel 2 | # Manual customization of this file is not recommended. 3 | *filter 4 | :INPUT ACCEPT [0:0] 5 | :FORWARD ACCEPT [0:0] 6 | :OUTPUT ACCEPT [0:0] 7 | :RH-Firewall-1-INPUT - [0:0] 8 | -A INPUT -j RH-Firewall-1-INPUT 9 | -A FORWARD -j RH-Firewall-1-INPUT 10 | -A RH-Firewall-1-INPUT -i lo -j ACCEPT 11 | -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT 12 | -A RH-Firewall-1-INPUT -p 50 -j ACCEPT 13 | -A RH-Firewall-1-INPUT -p 51 -j ACCEPT 14 | -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT 15 | -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT 16 | -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT 17 | -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 18 | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 19 | -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 20 | COMMIT 21 | -------------------------------------------------------------------------------- /small/munin/node.sls: -------------------------------------------------------------------------------- 1 | # Example Configurations for Munin Node 2 | # Originally for Ubuntu 10.04, package 3 | # name may be different for your dist 4 | 5 | munin-node: 6 | pkg: 7 | - installed 8 | service: 9 | - running 10 | - watch: 11 | - file: core-munin-conf 12 | - pkg: munin-node-dependancies 13 | 14 | # Dependancies for Several Custom Munin Plugins 15 | munin-node-dependancies: 16 | pkg: 17 | - installed 18 | - names: 19 | - libwww-perl 20 | 21 | # Configuration Files & Scripts 22 | munin-node-conf: 23 | file: 24 | - recurse 25 | - source: salt://munin/files/node 26 | - name: /etc/munin 27 | 28 | # Check Permissions of Plugins to Ensure They Are Executible 29 | chmod -R 755 /etc/munin/plugins/: 30 | cmd: 31 | - run 32 | - unless: bash /etc/munin/checkPermissions.sh 33 | - require: 34 | - file: core-munin-conf -------------------------------------------------------------------------------- /small/fail2ban/fail2ban.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # 5 | # $Revision: 629 $ 6 | # 7 | 8 | [Definition] 9 | 10 | # Option: loglevel 11 | # Notes.: Set the log level output. 12 | # 1 = ERROR 13 | # 2 = WARN 14 | # 3 = INFO 15 | # 4 = DEBUG 16 | # Values: NUM Default: 3 17 | # 18 | loglevel = 3 19 | 20 | # Option: logtarget 21 | # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. 22 | # Only one log target can be specified. 23 | # Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log 24 | # 25 | logtarget = /var/log/fail2ban.log 26 | 27 | # Option: socket 28 | # Notes.: Set the socket file. This is used to communicate with the daemon. Do 29 | # not remove this file when Fail2ban runs. It will not be possible to 30 | # communicate with the server afterwards. 31 | # Values: FILE Default: /var/run/fail2ban/fail2ban.sock 32 | # 33 | socket = /var/run/fail2ban/fail2ban.sock 34 | 35 | -------------------------------------------------------------------------------- /small/lamp-drupal/init.sls: -------------------------------------------------------------------------------- 1 | {% if grains['os'] == 'Ubuntu' %} 2 | 3 | php5-pkgs: 4 | pkg.installed: 5 | - names: 6 | - php5 7 | - php5-mysql 8 | - php5-curl 9 | - php5-cli 10 | - php5-cgi 11 | - php5-dev 12 | - php-pear 13 | - php5-gd 14 | 15 | apache2: 16 | pkg: 17 | - installed 18 | 19 | pear-drush: 20 | cmd.run: 21 | - name: pear channel-discover pear.drush.org & pear install drush/drush 22 | 23 | mariadb-server-5.5: 24 | cmd.run: 25 | - name: sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db 26 | - unless: apt-key list | grep -q 0xcbcb082a1bb943db 27 | - require: 28 | - file: mariadb-server-5.5 29 | file: 30 | - append 31 | - name: /etc/apt/sources.list 32 | - text: deb http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu precise main 33 | - skip_verify: True 34 | pkg: 35 | - installed 36 | - refresh: True 37 | - require: 38 | - cmd: mariadb-server-5.5 39 | 40 | git: 41 | pkg: 42 | - installed 43 | 44 | {% endif %} 45 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | # Minimal Travis verfication for salt states 2 | 3 | # Since salt/salt states aren't a language proper, this is a hackaround for now 4 | # We should probably build a basebox for travis at some point 5 | # (see https://github.com/travis-ci/travis-ci/issues/1549) 6 | language: python 7 | python: 8 | - '2.7' 9 | 10 | before_install: 11 | - sudo apt-get update -y 12 | # Install salt minion on the same box 13 | - curl -L http://bootstrap.saltstack.org | sudo sh -s -- git develop 14 | # Set up our installation bits 15 | - sudo mkdir -p /srv/salt/states 16 | - sudo cp .travis/minion /etc/salt/minion 17 | 18 | install: 19 | # Copy the states and restart 20 | - sudo cp -r . /srv/salt/states 21 | - sudo service salt-minion restart 22 | 23 | # If anything bad happened on restarting the minion, 24 | # we'll want to see the logs 25 | - sudo cat /var/log/salt/* 26 | 27 | # For additional debugging, see what's in grains on a travis box 28 | - sudo salt-call grains.items --local 29 | 30 | script: 31 | - sudo salt-call state.show_lowstate --local --retcode-passthrough 32 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | =========== 2 | Salt States 3 | =========== 4 | 5 | This repository is intended as a collection of salt states which can be 6 | checked out and used. 7 | 8 | Since Salt is intended as a means to control minion state and flow this is 9 | a needed step in developing more powerful state management. 10 | 11 | Using this Repository 12 | --------------------- 13 | 14 | Clone this repository to get started. SLS implementations are provided 15 | as working examples and possible good configurations. Every effort is made 16 | to ensure the quality and upkeep of this repository. 17 | 18 | Once cloned, there are several example top.sls files for review. The 'top.sls' 19 | is used to implement every state declaration, with the exception of the absent 20 | declarations. 21 | 22 | Questions can be sent to the salt mailing list at salt-users@googlegroups.com 23 | or directed to #salt (the IRC support channel) on irc.freenode.net. Patches 24 | are accepted as pull requests to the github repository. To learn more about 25 | pull requests, see https://help.github.com/articles/using-pull-requests. 26 | -------------------------------------------------------------------------------- /openstack/glance/glance-registry-paste.ini: -------------------------------------------------------------------------------- 1 | # Default minimal pipeline 2 | [pipeline:glance-registry] 3 | pipeline = context registryapp 4 | 5 | # Use the following pipeline for keystone auth 6 | # i.e. in glance-registry.conf: 7 | # [paste_deploy] 8 | # flavor = keystone 9 | # 10 | [pipeline:glance-registry-keystone] 11 | pipeline = authtoken context registryapp 12 | 13 | [app:registryapp] 14 | paste.app_factory = glance.common.wsgi:app_factory 15 | glance.app_factory = glance.registry.api.v1:API 16 | 17 | [filter:context] 18 | context_class = glance.registry.context.RequestContext 19 | paste.filter_factory = glance.common.wsgi:filter_factory 20 | glance.filter_factory = glance.common.context:ContextMiddleware 21 | 22 | [filter:authtoken] 23 | paste.filter_factory = keystone.middleware.auth_token:filter_factory 24 | service_protocol = http 25 | service_host = 127.0.0.1 26 | service_port = 5000 27 | auth_host = 127.0.0.1 28 | auth_port = 35357 29 | auth_protocol = http 30 | auth_uri = http://127.0.0.1:5000/ 31 | admin_tenant_name = service 32 | admin_user = glance 33 | admin_password = servicepass 34 | -------------------------------------------------------------------------------- /small/munin/files/php5-fpm/plugins/phpfpm_processes: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # -*- sh -*- 3 | # 4 | # Plugin to monitor the number of PHP5-FPM processes on the machine. 5 | # 6 | # Copyright TJ Stein 2010 http://constantshift.com 7 | # 8 | # Parameters: 9 | # 10 | # config (required) 11 | # autoconf (optional - used by munin-config) 12 | # 13 | # Magick markers (optional - used by munin-config and som installation 14 | # scripts): 15 | #%# family=manual 16 | #%# capabilities=autoconf 17 | 18 | PHP_BIN=${phpbin-"php5-fpm"} 19 | 20 | if [ "$1" = "autoconf" ]; then 21 | echo yes 22 | exit 0 23 | fi 24 | 25 | if [ "$1" = "config" ]; then 26 | echo 'graph_title PHP5-FPM Processes' 27 | echo 'graph_args --base 1000 -l 0 ' 28 | echo 'graph_vlabel PHP5-FPM Processes' 29 | echo 'graph_category PHP' 30 | echo 'graph_info This graph shows the number of PHP5-FPM processes in the system.' 31 | echo 'php_processes.label PHP5-FPM Processes' 32 | echo 'php_processes.draw LINE2' 33 | echo 'php_processes.info The current number of PHP5-FPM processes.' 34 | exit 0 35 | fi 36 | 37 | echo -n "php_processes.value " 38 | pgrep -c $PHP_BIN 39 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/coalesced_mmio.h: -------------------------------------------------------------------------------- 1 | #ifndef __KVM_COALESCED_MMIO_H__ 2 | #define __KVM_COALESCED_MMIO_H__ 3 | 4 | /* 5 | * KVM coalesced MMIO 6 | * 7 | * Copyright (c) 2008 Bull S.A.S. 8 | * 9 | * Author: Laurent Vivier 10 | * 11 | */ 12 | 13 | #ifdef CONFIG_KVM_MMIO 14 | 15 | #define KVM_COALESCED_MMIO_ZONE_MAX 100 16 | 17 | struct kvm_coalesced_mmio_dev { 18 | struct kvm_io_device dev; 19 | struct kvm *kvm; 20 | spinlock_t lock; 21 | int nb_zones; 22 | struct kvm_coalesced_mmio_zone zone[KVM_COALESCED_MMIO_ZONE_MAX]; 23 | }; 24 | 25 | int kvm_coalesced_mmio_init(struct kvm *kvm); 26 | void kvm_coalesced_mmio_free(struct kvm *kvm); 27 | int kvm_vm_ioctl_register_coalesced_mmio(struct kvm *kvm, 28 | struct kvm_coalesced_mmio_zone *zone); 29 | int kvm_vm_ioctl_unregister_coalesced_mmio(struct kvm *kvm, 30 | struct kvm_coalesced_mmio_zone *zone); 31 | 32 | #else 33 | 34 | static inline int kvm_coalesced_mmio_init(struct kvm *kvm) { return 0; } 35 | static inline void kvm_coalesced_mmio_free(struct kvm *kvm) { } 36 | 37 | #endif 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /openstack/glance/glance-scrubber.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show more verbose log output (sets INFO log level output) 3 | verbose = True 4 | 5 | # Show debugging output in logs (sets DEBUG log level output) 6 | debug = False 7 | 8 | # Log to this file. Make sure you do not set the same log 9 | # file for both the API and registry servers! 10 | log_file = /var/log/glance/scrubber.log 11 | 12 | # Send logs to syslog (/dev/log) instead of to file specified by `log_file` 13 | use_syslog = False 14 | 15 | # Should we run our own loop or rely on cron/scheduler to run us 16 | daemon = False 17 | 18 | # Loop time between checking for new items to schedule for delete 19 | wakeup_time = 300 20 | 21 | # Directory that the scrubber will use to remind itself of what to delete 22 | # Make sure this is also set in glance-api.conf 23 | scrubber_datadir = /var/lib/glance/scrubber 24 | 25 | # Only one server in your deployment should be designated the cleanup host 26 | cleanup_scrubber = False 27 | 28 | # pending_delete items older than this time are candidates for cleanup 29 | cleanup_scrubber_time = 86400 30 | 31 | # Address to find the registry server for cleanups 32 | registry_host = 0.0.0.0 33 | 34 | # Port the registry server is listening on 35 | registry_port = 9191 36 | -------------------------------------------------------------------------------- /small/munin/files/php5-fpm/plugins/phpfpm_average: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # -*- sh -*- 3 | # 4 | # Plugin to monitor the average process size of PHP5-FPM on the machine. 5 | # 6 | # Copyright TJ Stein 2010 http://constantshift.com 7 | # 8 | # Parameters: 9 | # 10 | # config (required) 11 | # autoconf (optional - used by munin-config) 12 | # 13 | # Magick markers (optional - used by munin-config and som installation 14 | # scripts): 15 | #%# family=manual 16 | #%# capabilities=autoconf 17 | 18 | PHP_BIN=${phpbin-"php5-fpm"} 19 | 20 | if [ "$1" = "autoconf" ]; then 21 | echo yes 22 | exit 0 23 | fi 24 | 25 | if [ "$1" = "config" ]; then 26 | echo 'graph_title PHP5-FPM Average Process Size' 27 | echo 'graph_args --base 1024 -l 0 ' 28 | echo 'graph_vlabel PHP5-FPM Average Process Size' 29 | echo 'graph_category PHP' 30 | echo 'graph_info This graph shows the average process size for PHP5-FPM' 31 | echo 'php_average.label PHP5-FPM Average Proccess Size' 32 | echo 'php_average.draw LINE2' 33 | echo 'php_average.info The average process size for PHP5-FPM' 34 | exit 0 35 | fi 36 | 37 | echo -n "php_average.value " 38 | ps awwwux | grep $PHP_BIN | grep -v grep | grep -v master | awk '{total_mem = $6 * 1024 + total_mem; total_proc++} END{printf("%d\n", total_mem / total_proc)}' 39 | 40 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/async_pf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * kvm asynchronous fault support 3 | * 4 | * Copyright 2010 Red Hat, Inc. 5 | * 6 | * Author: 7 | * Gleb Natapov 8 | * 9 | * This file is free software; you can redistribute it and/or modify 10 | * it under the terms of version 2 of the GNU General Public License 11 | * as published by the Free Software Foundation. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software Foundation, 20 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #ifndef __KVM_ASYNC_PF_H__ 24 | #define __KVM_ASYNC_PF_H__ 25 | 26 | #ifdef CONFIG_KVM_ASYNC_PF 27 | int kvm_async_pf_init(void); 28 | void kvm_async_pf_deinit(void); 29 | void kvm_async_pf_vcpu_init(struct kvm_vcpu *vcpu); 30 | #else 31 | #define kvm_async_pf_init() (0) 32 | #define kvm_async_pf_deinit() do{}while(0) 33 | #define kvm_async_pf_vcpu_init(C) do{}while(0) 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /small/recurse/linux/.gitignore: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE! Don't add files that are generated in specific 3 | # subdirectories here. Add them in the ".gitignore" file 4 | # in that subdirectory instead. 5 | # 6 | # NOTE! Please use 'git ls-files -i --exclude-standard' 7 | # command after changing this file, to see if there are 8 | # any tracked files which get ignored after the change. 9 | # 10 | # Normal rules 11 | # 12 | .* 13 | *.o 14 | *.o.* 15 | *.a 16 | *.s 17 | *.ko 18 | *.so 19 | *.so.dbg 20 | *.mod.c 21 | *.i 22 | *.lst 23 | *.symtypes 24 | *.order 25 | modules.builtin 26 | *.elf 27 | *.bin 28 | *.gz 29 | *.bz2 30 | *.lzma 31 | *.xz 32 | *.lzo 33 | *.patch 34 | *.gcno 35 | 36 | # 37 | # Top-level generic files 38 | # 39 | /tags 40 | /TAGS 41 | /linux 42 | /vmlinux 43 | /vmlinuz 44 | /System.map 45 | /Module.markers 46 | /Module.symvers 47 | 48 | # 49 | # git files that we don't want to ignore even it they are dot-files 50 | # 51 | !.gitignore 52 | !.mailmap 53 | 54 | # 55 | # Generated include files 56 | # 57 | include/config 58 | include/linux/version.h 59 | include/generated 60 | arch/*/include/generated 61 | 62 | # stgit generated dirs 63 | patches-* 64 | 65 | # quilt's files 66 | patches 67 | series 68 | 69 | # cscope files 70 | cscope.* 71 | ncscope.* 72 | 73 | # gnu global files 74 | GPATH 75 | GRTAGS 76 | GSYMS 77 | GTAGS 78 | 79 | *.orig 80 | *~ 81 | \#*# 82 | -------------------------------------------------------------------------------- /ceph/eval.sls: -------------------------------------------------------------------------------- 1 | # use this to install ceph and setup a single-node evaluation config according 2 | # to the ceph docs: http://ceph.com/docs/master/start/quick-start/ 3 | # this is not intended for production use 4 | 5 | ceph: 6 | pkg.installed: 7 | - refresh: True 8 | service: 9 | - dead 10 | - enable: False 11 | - require: 12 | - file: /etc/ceph/ceph.conf 13 | {% if grains['os'] == 'Ubuntu'%} 14 | - file: /etc/apt/sources.list.d/ceph.list 15 | {% endif %} 16 | 17 | ceph-mds: 18 | pkg.installed: 19 | - require: 20 | - pkg: ceph 21 | 22 | include: 23 | - ceph.extras 24 | 25 | {% if grains['os'] == 'Ubuntu'%} 26 | /etc/apt/sources.list.d/ceph.list: 27 | file.managed: 28 | - source: salt://ceph/apt.list 29 | - template: jinja 30 | - require: 31 | - cmd: repo-key 32 | 33 | repo-key: 34 | cmd.run: 35 | - name: 'wget -q -O - https://raw.github.com/ceph/ceph/master/keys/release.asc | sudo apt-key add -' 36 | - unless: 'apt-key list | grep -q -i ceph' 37 | {% endif %} 38 | 39 | /etc/ceph/ceph.conf: 40 | file.managed: 41 | - source: salt://ceph/eval.conf 42 | - template: jinja 43 | - makedirs: true 44 | 45 | /var/lib/ceph: 46 | file.directory: 47 | - names: 48 | {% for dir in 'mon.a','osd.0','osd.1','mds.a' %} 49 | - /var/lib/ceph/{{ dir.split('.')[0] }}/ceph-{{ dir.split('.')[1] }} 50 | {% endfor %} 51 | - require: 52 | - pkg: ceph 53 | -------------------------------------------------------------------------------- /small/munin/files/node/munin-node.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Example config-file for munin-node 3 | # 4 | 5 | log_level 4 6 | log_file /var/log/munin/munin-node.log 7 | pid_file /var/run/munin/munin-node.pid 8 | 9 | background 1 10 | setsid 1 11 | 12 | user root 13 | group root 14 | 15 | # Regexps for files to ignore 16 | 17 | ignore_file ~$ 18 | #ignore_file [#~]$ # FIX doesn't work. '#' starts a comment 19 | ignore_file DEADJOE$ 20 | ignore_file \.bak$ 21 | ignore_file %$ 22 | ignore_file \.dpkg-(tmp|new|old|dist)$ 23 | ignore_file \.rpm(save|new)$ 24 | ignore_file \.pod$ 25 | 26 | # Set this if the client doesn't report the correct hostname when 27 | # telnetting to localhost, port 4949 28 | # 29 | #host_name localhost.localdomain 30 | 31 | # A list of addresses that are allowed to connect. This must be a 32 | # regular expression, since Net::Server does not understand CIDR-style 33 | # network notation unless the perl module Net::CIDR is installed. You 34 | # may repeat the allow line as many times as you'd like 35 | 36 | 37 | # Add Allowed IPs Here 38 | allow ^127\.0\.0\.1$ 39 | allow ^10\..$ 40 | 41 | # If you have installed the Net::CIDR perl module, you can use 42 | # multiple cidr_allow and cidr_deny address/mask patterns. A 43 | # connecting client must match any cidr_allow, and not match any 44 | # cidr_deny. Example: 45 | 46 | # cidr_allow 127.0.0.1/32 47 | # cidr_allow 192.0.2.0/24 48 | # cidr_deny 192.0.2.42/32 49 | 50 | # Which address to bind to; 51 | host * 52 | # host 127.0.0.1 53 | 54 | # And which port -------------------------------------------------------------------------------- /openstack/keystone/default_catalog.templates: -------------------------------------------------------------------------------- 1 | # config for TemplatedCatalog, using camelCase because I don't want to do 2 | # translations for keystone compat 3 | catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0 4 | catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0 5 | catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0 6 | catalog.RegionOne.identity.name = Identity Service 7 | 8 | # fake compute service for now to help novaclient tests work 9 | catalog.RegionOne.compute.publicURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s 10 | catalog.RegionOne.compute.adminURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s 11 | catalog.RegionOne.compute.internalURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s 12 | catalog.RegionOne.compute.name = Compute Service 13 | 14 | catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s 15 | catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s 16 | catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s 17 | catalog.RegionOne.volume.name = Volume Service 18 | 19 | catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud 20 | catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin 21 | catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud 22 | catalog.RegionOne.ec2.name = EC2 Service 23 | 24 | catalog.RegionOne.image.publicURL = http://localhost:9292/v1 25 | catalog.RegionOne.image.adminURL = http://localhost:9292/v1 26 | catalog.RegionOne.image.internalURL = http://localhost:9292/v1 27 | catalog.RegionOne.image.name = Image Service 28 | -------------------------------------------------------------------------------- /small/libpamcracklib/common-password: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/pam.d/common-password - password-related modules common to all services 3 | # 4 | # This file is included from other service-specific PAM config files, 5 | # and should contain a list of modules that define the services to be 6 | # used to change user passwords. The default is pam_unix. 7 | 8 | # Explanation of pam_unix options: 9 | # 10 | # The "sha512" option enables salted SHA512 passwords. Without this option, 11 | # the default is Unix crypt. Prior releases used the option "md5". 12 | # 13 | # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in 14 | # login.defs. 15 | # 16 | # See the pam_unix manpage for other options. 17 | 18 | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 19 | # To take advantage of this, it is recommended that you configure any 20 | # local modules either before or after the default block, and use 21 | # pam-auth-update to manage selection of other modules. See 22 | # pam-auth-update(8) for details. 23 | 24 | # here are the per-package modules (the "Primary" block) 25 | # Change these to your own values 26 | password requisite pam_cracklib.so retry=0 minlen=0 difok=0 dcredit=0 ucredit=0 lcredit=0 ocredit=0 27 | password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 28 | # here's the fallback if no module succeeds 29 | password requisite pam_deny.so 30 | # prime the stack with a positive return value if there isn't one already; 31 | # this avoids us returning an error just because nothing sets a success code 32 | # since the modules above will each just jump around 33 | password required pam_permit.so 34 | # and here are more per-package modules (the "Additional" block) 35 | # end of pam-auth-update config 36 | -------------------------------------------------------------------------------- /small/mongodb/init.sls: -------------------------------------------------------------------------------- 1 | # This setup for mongodb assumes that the replica set can be determined from 2 | # the id of the minion 3 | include: 4 | - python.pymongo 5 | 6 | mongodb: 7 | pkg: 8 | - installed 9 | service: 10 | - running 11 | - require: 12 | - file: mongo-data 13 | - file: /usr/libexec/mongo/repset_init.js 14 | - file: /etc/mongodb.conf 15 | - file: /var/log/mongodb 16 | user: 17 | - present 18 | - uid: 70002 19 | - gid: 70002 20 | - require: 21 | - group: mongodb 22 | group: 23 | - present 24 | - gid: 70002 25 | 26 | mongo-dirs: 27 | file: 28 | - directory 29 | - user: mongodb 30 | - group: mongodb 31 | - mode: 755 32 | - makedirs: True 33 | - names: 34 | - /var/log/mongodb 35 | - /usr/libexec/mongo 36 | - require: 37 | - user: mongodb 38 | - group: mongodb 39 | 40 | /etc/mongodb.conf: 41 | file: 42 | - managed 43 | - user: mongodb 44 | - group: mongodb 45 | - mode: 644 46 | - source: salt://mongodb/mongodb.conf 47 | - template: jinja 48 | - require: 49 | - pkg: mongodb 50 | 51 | /usr/libexec/mongo/repset_init.js: 52 | file: 53 | - managed 54 | - source: salt://mongodb/repset.js 55 | - template: jinja 56 | - require: 57 | - file: mongo-dirs 58 | 59 | /usr/libexec/mongo/check_mongo_status.sh: 60 | file: 61 | - managed 62 | - source: salt://mongodb/check_mongo_status.sh 63 | - mode: 755 64 | - require: 65 | - file: mongo-dirs 66 | 67 | mongo --quiet /usr/libexec/mongo/repset_init.js: 68 | cmd: 69 | - run 70 | - unless: /usr/libexec/mongo/check_mongo_status.sh 71 | - user: root 72 | - group: root 73 | - require: 74 | - service: mongodb 75 | - file: /usr/libexec/mongo/check_mongo_status.sh 76 | 77 | -------------------------------------------------------------------------------- /small/munin/files/php5-fpm/plugins/phpfpm_connections: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Magic markers: 4 | #%# family=auto 5 | #%# capabilities=autoconf 6 | 7 | my $ret = undef; 8 | 9 | if (! eval "require LWP::UserAgent;") 10 | { 11 | $ret = "LWP::UserAgent not found"; 12 | } 13 | 14 | my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://127.0.0.1:%d/status"; 15 | my @PORTS = exists $ENV{'ports'} ? split(' ', $ENV{'ports'}) : (80); 16 | 17 | if ( defined $ARGV[0] and $ARGV[0] eq "autoconf" ) 18 | { 19 | if ($ret) 20 | { 21 | print "no ($ret)\n"; 22 | exit 1; 23 | } 24 | 25 | my $ua = LWP::UserAgent->new(timeout => 30); 26 | 27 | my @badports; 28 | foreach my $port (@PORTS) { 29 | my $url = sprintf $URL, $port; 30 | my $response = $ua->request(HTTP::Request->new('GET',$url)); 31 | push @badports, $port unless $response->is_success and $response->content =~ /^accepted conn:/im; 32 | } 33 | if (@badports) { 34 | print "no (phpfpm-status)\n"; 35 | exit 1; 36 | } else { 37 | print "yes\n"; 38 | exit 0; 39 | } 40 | } 41 | 42 | if ( defined $ARGV[0] and $ARGV[0] eq "config" ) 43 | { 44 | print('graph_title PHP5-FPM Accepted Connections 45 | graph_args --base 1024 -l 0 46 | graph_vlabel Connections 47 | graph_category PHP 48 | graph_order Connections 49 | graph_info Plugin created by TJ Stein 50 | accepted.label Idle 51 | accepted.draw AREA 52 | accepted.type DERIVE 53 | accepted.min 0 54 | '); 55 | 56 | exit 0; 57 | } 58 | 59 | foreach my $port (@PORTS) 60 | { 61 | my $ua = LWP::UserAgent->new(timeout => 30); 62 | my $url = sprintf $URL, $port; 63 | my $response = $ua->request(HTTP::Request->new('GET',$url)); 64 | if ($response->content =~ /accepted conn:\s+([0-9\.]+)/im) { 65 | print "accepted.value $1\n"; 66 | } else { 67 | print "accepted.value U\n"; 68 | } 69 | } 70 | 71 | # vim:syntax=perl 72 | -------------------------------------------------------------------------------- /openstack/glance/glance-cache.conf: -------------------------------------------------------------------------------- 1 | # Pillar Example for this file 2 | # glance: 3 | # cache: 4 | # verbose: True 5 | # debug: False 6 | [DEFAULT] 7 | # Show more verbose log output (sets INFO log level output) 8 | verbose = {{ salt['pillar.get']('glance:cache:verbose', 'True') }} 9 | 10 | # Show debugging output in logs (sets DEBUG log level output) 11 | debug = {{ salt['pillar.get']('glance:cache:debug', 'False') }} 12 | 13 | log_file = /var/log/glance/image-cache.log 14 | 15 | # Send logs to syslog (/dev/log) instead of to file specified by `log_file` 16 | use_syslog = False 17 | 18 | # Directory that the Image Cache writes data to 19 | image_cache_dir = /var/lib/glance/image-cache/ 20 | 21 | # Number of seconds after which we should consider an incomplete image to be 22 | # stalled and eligible for reaping 23 | image_cache_stall_time = 86400 24 | 25 | # image_cache_invalid_entry_grace_period - seconds 26 | # 27 | # If an exception is raised as we're writing to the cache, the cache-entry is 28 | # deemed invalid and moved to /invalid so that it can be 29 | # inspected for debugging purposes. 30 | # 31 | # This is number of seconds to leave these invalid images around before they 32 | # are elibible to be reaped. 33 | image_cache_invalid_entry_grace_period = 3600 34 | 35 | # Max cache size in bytes 36 | image_cache_max_size = 10737418240 37 | 38 | # Address to find the registry server 39 | registry_host = 0.0.0.0 40 | 41 | # Port the registry server is listening on 42 | registry_port = 9191 43 | 44 | # Auth settings if using Keystone 45 | # auth_url = http://127.0.0.1:5000/v2.0/ 46 | # admin_tenant_name = %SERVICE_TENANT_NAME% 47 | # admin_user = %SERVICE_USER% 48 | # admin_password = %SERVICE_PASSWORD% 49 | 50 | # ================= Security Options ========================== 51 | 52 | # AES key for encrypting store 'location' metadata, including 53 | # -- if used -- Swift or S3 credentials 54 | # Should be set to a random string of length 16, 24 or 32 bytes 55 | # metadata_encryption_key = <16, 24 or 32 char registry metadata key> 56 | -------------------------------------------------------------------------------- /ceph/eval.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | 3 | # For version 0.55 and beyond, you must explicitly enable 4 | # or disable authentication with "auth" entries in [global]. 5 | 6 | auth cluster required = cephx 7 | auth service required = cephx 8 | auth client required = cephx 9 | 10 | [osd] 11 | osd journal size = 1000 12 | 13 | #The following assumes ext4 filesystem. 14 | filestore xattr use omap = true 15 | 16 | 17 | # For Bobtail (v 0.56) and subsequent versions, you may 18 | # add settings for mkcephfs so that it will create and mount 19 | # the file system on a particular OSD for you. Remove the comment `#` 20 | # character for the following settings and replace the values 21 | # in braces with appropriate values, or leave the following settings 22 | # commented out to accept the default values. You must specify the 23 | # --mkfs option with mkcephfs in order for the deployment script to 24 | # utilize the following settings, and you must define the 'devs' 25 | # option for each osd instance; see below. 26 | 27 | #osd mkfs type = {fs-type} 28 | #osd mkfs options {fs-type} = {mkfs options} # default for xfs is "-f" 29 | #osd mount options {fs-type} = {mount options} # default mount option is "rw, noatime" 30 | 31 | # Execute $ hostname to retrieve the name of your host, 32 | # and replace {hostname} with the name of your host. 33 | # For the monitor, replace {ip-address} with the IP 34 | # address of your host. 35 | 36 | [mon.a] 37 | 38 | host = {{ grains['localhost'] }} 39 | mon addr = {{ grains['fqdn_ip4'][-1] }}:6789 40 | 41 | [osd.0] 42 | #host = {hostname} 43 | host = {{ grains['localhost'] }} 44 | 45 | # For Bobtail (v 0.56) and subsequent versions, you may 46 | # add settings for mkcephfs so that it will create and mount 47 | # the file system on a particular OSD for you. Remove the comment `#` 48 | # character for the following setting for each OSD and specify 49 | # a path to the device if you use mkcephfs with the --mkfs option. 50 | 51 | #devs = {path-to-device} 52 | 53 | [osd.1] 54 | #host = {hostname} 55 | host = {{ grains['localhost'] }} 56 | #devs = {path-to-device} 57 | 58 | [mds.a] 59 | #host = {hostname} 60 | host = {{ grains['localhost'] }} 61 | -------------------------------------------------------------------------------- /small/munin/files/php5-fpm/plugins/phpfpm_status: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Magic markers: 4 | #%# family=auto 5 | #%# capabilities=autoconf 6 | 7 | my $ret = undef; 8 | 9 | if (! eval "require LWP::UserAgent;") 10 | { 11 | $ret = "LWP::UserAgent not found"; 12 | } 13 | 14 | my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://127.0.0.1:%d/status"; 15 | my @PORTS = exists $ENV{'ports'} ? split(' ', $ENV{'ports'}) : (80); 16 | 17 | if ( defined $ARGV[0] and $ARGV[0] eq "autoconf" ) 18 | { 19 | if ($ret) 20 | { 21 | print "no ($ret)\n"; 22 | exit 1; 23 | } 24 | 25 | my $ua = LWP::UserAgent->new(timeout => 30); 26 | 27 | my @badports; 28 | foreach my $port (@PORTS) { 29 | my $url = sprintf $URL, $port; 30 | my $response = $ua->request(HTTP::Request->new('GET',$url)); 31 | push @badports, $port unless $response->is_success and $response->content =~ /^accepted conn:/im; 32 | } 33 | if (@badports) { 34 | print "no (phpfpm-status)\n"; 35 | exit 1; 36 | } else { 37 | print "yes\n"; 38 | exit 0; 39 | } 40 | } 41 | 42 | if ( defined $ARGV[0] and $ARGV[0] eq "config" ) 43 | { 44 | print('graph_title PHP5-FPM Status 45 | graph_args --base 1024 -l 0 46 | graph_vlabel Connections 47 | graph_category PHP 48 | graph_order Idle Active Total 49 | graph_info Plugin created by TJ Stein 50 | idle.label Idle 51 | idle.draw AREA 52 | active.label Active 53 | active.draw AREA 54 | total.label Total 55 | total.draw STACK 56 | '); 57 | 58 | exit 0; 59 | } 60 | 61 | foreach my $port (@PORTS) 62 | { 63 | my $ua = LWP::UserAgent->new(timeout => 30); 64 | my $url = sprintf $URL, $port; 65 | my $response = $ua->request(HTTP::Request->new('GET',$url)); 66 | if ($response->content =~ /idle processes:\s+([0-9\.]+)/im) { 67 | print "idle.value $1\n"; 68 | } else { 69 | print "idle.value U\n"; 70 | } 71 | if ($response->content =~ /active processes:\s+([0-9\.]+)/im) { 72 | print "active.value $1\n"; 73 | } else { 74 | print "active.value U\n"; 75 | } 76 | if ($response->content =~ /total processes:\s+([0-9\.]+)/im) { 77 | print "total.value $1\n"; 78 | } else { 79 | print "total.value U\n"; 80 | } 81 | } 82 | 83 | # vim:syntax=perl -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/iodev.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software; you can redistribute it and/or modify 3 | * it under the terms of the GNU General Public License as published by 4 | * the Free Software Foundation; either version 2 of the License. 5 | * 6 | * This program is distributed in the hope that it will be useful, 7 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 8 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 9 | * GNU General Public License for more details. 10 | * 11 | * You should have received a copy of the GNU General Public License 12 | * along with this program; if not, write to the Free Software 13 | * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 14 | */ 15 | 16 | #ifndef __KVM_IODEV_H__ 17 | #define __KVM_IODEV_H__ 18 | 19 | #include 20 | #include 21 | 22 | struct kvm_io_device; 23 | 24 | /** 25 | * kvm_io_device_ops are called under kvm slots_lock. 26 | * read and write handlers return 0 if the transaction has been handled, 27 | * or non-zero to have it passed to the next device. 28 | **/ 29 | struct kvm_io_device_ops { 30 | int (*read)(struct kvm_io_device *this, 31 | gpa_t addr, 32 | int len, 33 | void *val); 34 | int (*write)(struct kvm_io_device *this, 35 | gpa_t addr, 36 | int len, 37 | const void *val); 38 | void (*destructor)(struct kvm_io_device *this); 39 | }; 40 | 41 | 42 | struct kvm_io_device { 43 | const struct kvm_io_device_ops *ops; 44 | }; 45 | 46 | static inline void kvm_iodevice_init(struct kvm_io_device *dev, 47 | const struct kvm_io_device_ops *ops) 48 | { 49 | dev->ops = ops; 50 | } 51 | 52 | static inline int kvm_iodevice_read(struct kvm_io_device *dev, 53 | gpa_t addr, int l, void *v) 54 | { 55 | return dev->ops->read ? dev->ops->read(dev, addr, l, v) : -EOPNOTSUPP; 56 | } 57 | 58 | static inline int kvm_iodevice_write(struct kvm_io_device *dev, 59 | gpa_t addr, int l, const void *v) 60 | { 61 | return dev->ops->write ? dev->ops->write(dev, addr, l, v) : -EOPNOTSUPP; 62 | } 63 | 64 | static inline void kvm_iodevice_destructor(struct kvm_io_device *dev) 65 | { 66 | if (dev->ops->destructor) 67 | dev->ops->destructor(dev); 68 | } 69 | 70 | #endif /* __KVM_IODEV_H__ */ 71 | -------------------------------------------------------------------------------- /small/mongodb-10gen/mongodb.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ### Basic Defaults 3 | ## 4 | bind_ip = 127.0.0.1 5 | port = 27017 6 | fork = true 7 | pidfilepath = /var/run/mongodb/mongodb.pid 8 | logpath = /var/log/mongodb/mongodb.log 9 | dbpath =/var/lib/mongodb 10 | journal = true 11 | 12 | # Enables periodic logging of CPU utilization and I/O wait 13 | #cpu = true 14 | 15 | # Turn on/off security. Off is currently the default 16 | #noauth = true 17 | #auth = true 18 | 19 | # Verbose logging output. 20 | #verbose = true 21 | 22 | # Inspect all client data for validity on receipt (useful for 23 | # developing drivers) 24 | #objcheck = true 25 | 26 | # Enable db quota management 27 | #quota = true 28 | 29 | # Set oplogging level where n is 30 | # 0=off (default) 31 | # 1=W 32 | # 2=R 33 | # 3=both 34 | # 7=W+some reads 35 | #oplog = 0 36 | 37 | # Diagnostic/debugging option 38 | #nocursors = true 39 | 40 | # Ignore query hints 41 | #nohints = true 42 | 43 | # Disable the HTTP interface (Defaults to port+1000). 44 | nohttpinterface = true 45 | 46 | # Turns off server-side scripting. This will result in greatly limited 47 | # functionality 48 | #noscripting = true 49 | 50 | # Turns off table scans. Any query that would do a table scan fails. 51 | #notablescan = true 52 | 53 | # Disable data file preallocation. 54 | #noprealloc = true 55 | 56 | # Specify .ns file size for new databases. 57 | # nssize = 58 | 59 | # Accout token for Mongo monitoring server. 60 | #mms-token = 61 | 62 | # Server name for Mongo monitoring server. 63 | #mms-name = 64 | 65 | # Ping interval for Mongo monitoring server. 66 | #mms-interval = 67 | 68 | # Replication Options 69 | 70 | # in replicated mongo databases, specify here whether this is a slave or master 71 | #slave = true 72 | #source = master.example.com 73 | # Slave only: specify a single database to replicate 74 | #only = master.example.com 75 | # or 76 | #master = true 77 | #source = slave.example.com 78 | 79 | # Address of a server to pair with. 80 | #pairwith = 81 | # Address of arbiter server. 82 | #arbiter = 83 | # Automatically resync if slave data is stale 84 | #autoresync 85 | # Custom size for replication operation log. 86 | #oplogSize = 87 | # Size limit for in-memory storage of op ids. 88 | #opIdMem = 89 | -------------------------------------------------------------------------------- /small/ruby/rvm.sls: -------------------------------------------------------------------------------- 1 | # TODO: support more operating systems 2 | 3 | # This should run on every OS that rvm supports, only the package 4 | # names have to be changed accordingly. 5 | 6 | {% if grains['os'] == 'Ubuntu' and grains['osrelease'] == '10.04' %} 7 | 8 | rvm: 9 | group: 10 | - present 11 | user: 12 | - present 13 | - gid: rvm 14 | - home: /home/rvm 15 | - require: 16 | - group: rvm 17 | 18 | rvm-deps: 19 | pkg: 20 | - installed 21 | - names: 22 | - bash 23 | - coreutils 24 | - gzip 25 | - bzip2 26 | - gawk 27 | - sed 28 | - curl 29 | - git-core 30 | - subversion 31 | - sudo 32 | 33 | mri-deps: 34 | pkg: 35 | - installed 36 | - names: 37 | - build-essential 38 | - openssl 39 | - libreadline6 40 | - libreadline6-dev 41 | - curl 42 | - git-core 43 | - zlib1g 44 | - zlib1g-dev 45 | - libssl-dev 46 | - libyaml-dev 47 | - libsqlite3-0 48 | - libsqlite3-dev 49 | - sqlite3 50 | - libxml2-dev 51 | - libxslt1-dev 52 | - autoconf 53 | - libc6-dev 54 | - libncurses5-dev 55 | - automake 56 | - libtool 57 | - bison 58 | - subversion 59 | - ruby 60 | 61 | jruby-deps: 62 | pkg: 63 | - installed 64 | - names: 65 | - curl 66 | - g++ 67 | - openjdk-6-jre-headless 68 | 69 | ruby-1.9.2: 70 | rvm: 71 | - installed 72 | - default: True 73 | - runas: rvm 74 | - require: 75 | - pkg: rvm-deps 76 | - pkg: mri-deps 77 | - user: rvm 78 | 79 | jruby: 80 | rvm: 81 | - installed 82 | - runas: rvm 83 | - require: 84 | - pkg: rvm-deps 85 | - pkg: jruby-deps 86 | - user: rvm 87 | 88 | jgemset: 89 | rvm: 90 | - gemset_present 91 | - ruby: jruby 92 | - runas: rvm 93 | - require: 94 | - rvm: jruby 95 | 96 | mygemset: 97 | rvm: 98 | - gemset_present 99 | - ruby: ruby-1.9.2 100 | - runas: rvm 101 | - require: 102 | - rvm: ruby-1.9.2 103 | 104 | addressable: 105 | gem: 106 | - installed 107 | - runas: rvm 108 | - ruby: jruby@jgemset 109 | - require: 110 | - rvm: jgemset 111 | 112 | {% endif %} 113 | -------------------------------------------------------------------------------- /openstack/glance/glance-registry.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show more verbose log output (sets INFO log level output) 3 | verbose = True 4 | 5 | # Show debugging output in logs (sets DEBUG log level output) 6 | debug = False 7 | 8 | # Address to bind the registry server 9 | bind_host = 0.0.0.0 10 | 11 | # Port the bind the registry server to 12 | bind_port = 9191 13 | 14 | # Log to this file. Make sure you do not set the same log 15 | # file for both the API and registry servers! 16 | log_file = /var/log/glance/registry.log 17 | 18 | # Backlog requests when creating socket 19 | backlog = 4096 20 | 21 | # SQLAlchemy connection string for the reference implementation 22 | # registry server. Any valid SQLAlchemy connection string is fine. 23 | # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine 24 | sql_connection = mysql://glance:glance@localhost/glance 25 | 26 | # Whether the glance service creates the database tables 27 | # automatically at startup, or explicitly with db_sync 28 | db_auto_create = False 29 | 30 | # Period in seconds after which SQLAlchemy should reestablish its connection 31 | # to the database. 32 | # 33 | # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop 34 | # idle connections. This can result in 'MySQL Gone Away' exceptions. If you 35 | # notice this, you can lower this value to ensure that SQLAlchemy reconnects 36 | # before MySQL can drop the connection. 37 | sql_idle_timeout = 3600 38 | 39 | # Limit the api to return `param_limit_max` items in a call to a container. If 40 | # a larger `limit` query param is provided, it will be reduced to this value. 41 | api_limit_max = 1000 42 | 43 | # If a `limit` query param is not provided in an api request, it will 44 | # default to `limit_param_default` 45 | limit_param_default = 25 46 | 47 | # Role used to identify an authenticated user as administrator 48 | #admin_role = admin 49 | 50 | # ================= Syslog Options ============================ 51 | 52 | # Send logs to syslog (/dev/log) instead of to file specified 53 | # by `log_file` 54 | use_syslog = False 55 | 56 | # Facility to use. If unset defaults to LOG_USER. 57 | # syslog_log_facility = LOG_LOCAL1 58 | 59 | # ================= SSL Options =============================== 60 | 61 | # Certificate file to use when starting registry server securely 62 | # cert_file = /path/to/certfile 63 | 64 | # Private key file to use when starting registry server securely 65 | # key_file = /path/to/keyfile 66 | 67 | 68 | [paste_deploy] 69 | flavor = keystone 70 | -------------------------------------------------------------------------------- /small/mongodb/mongodb.conf: -------------------------------------------------------------------------------- 1 | # mongodb.conf 2 | 3 | # Where to store the data. 4 | 5 | # Note: if you run mongodb as a non-root user (recommended) you may 6 | # need to create and set permissions for this directory manually, 7 | # e.g., if the parent directory isn't mutable by the mongodb user. 8 | dbpath=/srv/data 9 | 10 | #where to log 11 | logpath=/var/log/mongodb/mongodb.log 12 | 13 | logappend=true 14 | 15 | #port = 27017 16 | 17 | replSet={{grains['host'].split('-')[1]}} 18 | 19 | # Enables periodic logging of CPU utilization and I/O wait 20 | #cpu = true 21 | 22 | # Turn on/off security. Off is currently the default 23 | #noauth = true 24 | #auth = true 25 | 26 | # Verbose logging output. 27 | #verbose = true 28 | 29 | # Inspect all client data for validity on receipt (useful for 30 | # developing drivers) 31 | #objcheck = true 32 | 33 | # Enable db quota management 34 | #quota = true 35 | 36 | # Set oplogging level where n is 37 | # 0=off (default) 38 | # 1=W 39 | # 2=R 40 | # 3=both 41 | # 7=W+some reads 42 | #oplog = 0 43 | 44 | # Diagnostic/debugging option 45 | #nocursors = true 46 | 47 | # Ignore query hints 48 | #nohints = true 49 | 50 | # Disable the HTTP interface (Defaults to localhost:27018). 51 | #nohttpinterface = true 52 | 53 | # Turns off server-side scripting. This will result in greatly limited 54 | # functionality 55 | #noscripting = true 56 | 57 | # Turns off table scans. Any query that would do a table scan fails. 58 | #notablescan = true 59 | 60 | # Disable data file preallocation. 61 | #noprealloc = true 62 | 63 | # Specify .ns file size for new databases. 64 | # nssize = 65 | 66 | # Accout token for Mongo monitoring server. 67 | #mms-token = 68 | 69 | # Server name for Mongo monitoring server. 70 | #mms-name = 71 | 72 | # Ping interval for Mongo monitoring server. 73 | #mms-interval = 74 | 75 | # Replication Options 76 | 77 | # in replicated mongo databases, specify here whether this is a slave or master 78 | #slave = true 79 | #source = master.example.com 80 | # Slave only: specify a single database to replicate 81 | #only = master.example.com 82 | # or 83 | #master = true 84 | #source = slave.example.com 85 | 86 | # Address of a server to pair with. 87 | #pairwith = 88 | # Address of arbiter server. 89 | #arbiter = 90 | # Automatically resync if slave data is stale 91 | #autoresync 92 | # Custom size for replication operation log. 93 | #oplogSize = 76800 94 | # Size limit for in-memory storage of op ids. 95 | #opIdMem = 96 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/ioapic.h: -------------------------------------------------------------------------------- 1 | #ifndef __KVM_IO_APIC_H 2 | #define __KVM_IO_APIC_H 3 | 4 | #include 5 | 6 | #include "iodev.h" 7 | 8 | struct kvm; 9 | struct kvm_vcpu; 10 | 11 | #define IOAPIC_NUM_PINS KVM_IOAPIC_NUM_PINS 12 | #define IOAPIC_VERSION_ID 0x11 /* IOAPIC version */ 13 | #define IOAPIC_EDGE_TRIG 0 14 | #define IOAPIC_LEVEL_TRIG 1 15 | 16 | #define IOAPIC_DEFAULT_BASE_ADDRESS 0xfec00000 17 | #define IOAPIC_MEM_LENGTH 0x100 18 | 19 | /* Direct registers. */ 20 | #define IOAPIC_REG_SELECT 0x00 21 | #define IOAPIC_REG_WINDOW 0x10 22 | #define IOAPIC_REG_EOI 0x40 /* IA64 IOSAPIC only */ 23 | 24 | /* Indirect registers. */ 25 | #define IOAPIC_REG_APIC_ID 0x00 /* x86 IOAPIC only */ 26 | #define IOAPIC_REG_VERSION 0x01 27 | #define IOAPIC_REG_ARB_ID 0x02 /* x86 IOAPIC only */ 28 | 29 | /*ioapic delivery mode*/ 30 | #define IOAPIC_FIXED 0x0 31 | #define IOAPIC_LOWEST_PRIORITY 0x1 32 | #define IOAPIC_PMI 0x2 33 | #define IOAPIC_NMI 0x4 34 | #define IOAPIC_INIT 0x5 35 | #define IOAPIC_EXTINT 0x7 36 | 37 | struct kvm_ioapic { 38 | u64 base_address; 39 | u32 ioregsel; 40 | u32 id; 41 | u32 irr; 42 | u32 pad; 43 | union kvm_ioapic_redirect_entry redirtbl[IOAPIC_NUM_PINS]; 44 | unsigned long irq_states[IOAPIC_NUM_PINS]; 45 | struct kvm_io_device dev; 46 | struct kvm *kvm; 47 | void (*ack_notifier)(void *opaque, int irq); 48 | spinlock_t lock; 49 | DECLARE_BITMAP(handled_vectors, 256); 50 | }; 51 | 52 | #ifdef DEBUG 53 | #define ASSERT(x) \ 54 | do { \ 55 | if (!(x)) { \ 56 | printk(KERN_EMERG "assertion failed %s: %d: %s\n", \ 57 | __FILE__, __LINE__, #x); \ 58 | BUG(); \ 59 | } \ 60 | } while (0) 61 | #else 62 | #define ASSERT(x) do { } while (0) 63 | #endif 64 | 65 | static inline struct kvm_ioapic *ioapic_irqchip(struct kvm *kvm) 66 | { 67 | return kvm->arch.vioapic; 68 | } 69 | 70 | int kvm_apic_match_dest(struct kvm_vcpu *vcpu, struct kvm_lapic *source, 71 | int short_hand, int dest, int dest_mode); 72 | int kvm_apic_compare_prio(struct kvm_vcpu *vcpu1, struct kvm_vcpu *vcpu2); 73 | void kvm_ioapic_update_eoi(struct kvm *kvm, int vector, int trigger_mode); 74 | int kvm_ioapic_init(struct kvm *kvm); 75 | void kvm_ioapic_destroy(struct kvm *kvm); 76 | int kvm_ioapic_set_irq(struct kvm_ioapic *ioapic, int irq, int level); 77 | void kvm_ioapic_reset(struct kvm_ioapic *ioapic); 78 | int kvm_irq_delivery_to_apic(struct kvm *kvm, struct kvm_lapic *src, 79 | struct kvm_lapic_irq *irq); 80 | int kvm_get_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state); 81 | int kvm_set_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state); 82 | 83 | #endif 84 | -------------------------------------------------------------------------------- /openstack/glance/glance-api-paste.ini: -------------------------------------------------------------------------------- 1 | # Default minimal pipeline 2 | [pipeline:glance-api] 3 | pipeline = versionnegotiation context apiv1app 4 | 5 | # Use the following pipeline for keystone auth 6 | # i.e. in glance-api.conf: 7 | # [paste_deploy] 8 | # flavor = keystone 9 | # 10 | [pipeline:glance-api-keystone] 11 | pipeline = versionnegotiation authtoken context apiv1app 12 | 13 | # Use the following pipeline to enable transparent caching of image files 14 | # i.e. in glance-api.conf: 15 | # [paste_deploy] 16 | # flavor = caching 17 | # 18 | [pipeline:glance-api-caching] 19 | pipeline = versionnegotiation context cache apiv1app 20 | 21 | # Use the following pipeline for keystone auth with caching 22 | # i.e. in glance-api.conf: 23 | # [paste_deploy] 24 | # flavor = keystone+caching 25 | # 26 | [pipeline:glance-api-keystone+caching] 27 | pipeline = versionnegotiation authtoken context cache apiv1app 28 | 29 | # Use the following pipeline to enable the Image Cache Management API 30 | # i.e. in glance-api.conf: 31 | # [paste_deploy] 32 | # flavor = cachemanagement 33 | # 34 | [pipeline:glance-api-cachemanagement] 35 | pipeline = versionnegotiation context cache cachemanage apiv1app 36 | 37 | # Use the following pipeline for keystone auth with cache management 38 | # i.e. in glance-api.conf: 39 | # [paste_deploy] 40 | # flavor = keystone+cachemanagement 41 | # 42 | [pipeline:glance-api-keystone+cachemanagement] 43 | pipeline = versionnegotiation authtoken context cache cachemanage apiv1app 44 | 45 | [app:apiv1app] 46 | paste.app_factory = glance.common.wsgi:app_factory 47 | glance.app_factory = glance.api.v1.router:API 48 | 49 | [filter:versionnegotiation] 50 | paste.filter_factory = glance.common.wsgi:filter_factory 51 | glance.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter 52 | 53 | [filter:cache] 54 | paste.filter_factory = glance.common.wsgi:filter_factory 55 | glance.filter_factory = glance.api.middleware.cache:CacheFilter 56 | 57 | [filter:cachemanage] 58 | paste.filter_factory = glance.common.wsgi:filter_factory 59 | glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter 60 | 61 | [filter:context] 62 | paste.filter_factory = glance.common.wsgi:filter_factory 63 | glance.filter_factory = glance.common.context:ContextMiddleware 64 | 65 | [filter:authtoken] 66 | paste.filter_factory = keystone.middleware.auth_token:filter_factory 67 | service_protocol = http 68 | service_host = 127.0.0.1 69 | service_port = 5000 70 | auth_host = 127.0.0.1 71 | auth_port = 35357 72 | auth_protocol = http 73 | auth_uri = http://127.0.0.1:5000/ 74 | admin_tenant_name = service 75 | admin_user = glance 76 | admin_password = servicepass 77 | -------------------------------------------------------------------------------- /small/recurse/linux/Kbuild: -------------------------------------------------------------------------------- 1 | # 2 | # Kbuild for top-level directory of the kernel 3 | # This file takes care of the following: 4 | # 1) Generate bounds.h 5 | # 2) Generate asm-offsets.h (may need bounds.h) 6 | # 3) Check for missing system calls 7 | 8 | ##### 9 | # 1) Generate bounds.h 10 | 11 | bounds-file := include/generated/bounds.h 12 | 13 | always := $(bounds-file) 14 | targets := $(bounds-file) kernel/bounds.s 15 | 16 | quiet_cmd_bounds = GEN $@ 17 | define cmd_bounds 18 | (set -e; \ 19 | echo "#ifndef __LINUX_BOUNDS_H__"; \ 20 | echo "#define __LINUX_BOUNDS_H__"; \ 21 | echo "/*"; \ 22 | echo " * DO NOT MODIFY."; \ 23 | echo " *"; \ 24 | echo " * This file was generated by Kbuild"; \ 25 | echo " *"; \ 26 | echo " */"; \ 27 | echo ""; \ 28 | sed -ne $(sed-y) $<; \ 29 | echo ""; \ 30 | echo "#endif" ) > $@ 31 | endef 32 | 33 | # We use internal kbuild rules to avoid the "is up to date" message from make 34 | kernel/bounds.s: kernel/bounds.c FORCE 35 | $(Q)mkdir -p $(dir $@) 36 | $(call if_changed_dep,cc_s_c) 37 | 38 | $(obj)/$(bounds-file): kernel/bounds.s Kbuild 39 | $(Q)mkdir -p $(dir $@) 40 | $(call cmd,bounds) 41 | 42 | ##### 43 | # 2) Generate asm-offsets.h 44 | # 45 | 46 | offsets-file := include/generated/asm-offsets.h 47 | 48 | always += $(offsets-file) 49 | targets += $(offsets-file) 50 | targets += arch/$(SRCARCH)/kernel/asm-offsets.s 51 | 52 | 53 | # Default sed regexp - multiline due to syntax constraints 54 | define sed-y 55 | "/^->/{s:->#\(.*\):/* \1 */:; \ 56 | s:^->\([^ ]*\) [\$$#]*\([-0-9]*\) \(.*\):#define \1 \2 /* \3 */:; \ 57 | s:^->\([^ ]*\) [\$$#]*\([^ ]*\) \(.*\):#define \1 \2 /* \3 */:; \ 58 | s:->::; p;}" 59 | endef 60 | 61 | quiet_cmd_offsets = GEN $@ 62 | define cmd_offsets 63 | (set -e; \ 64 | echo "#ifndef __ASM_OFFSETS_H__"; \ 65 | echo "#define __ASM_OFFSETS_H__"; \ 66 | echo "/*"; \ 67 | echo " * DO NOT MODIFY."; \ 68 | echo " *"; \ 69 | echo " * This file was generated by Kbuild"; \ 70 | echo " *"; \ 71 | echo " */"; \ 72 | echo ""; \ 73 | sed -ne $(sed-y) $<; \ 74 | echo ""; \ 75 | echo "#endif" ) > $@ 76 | endef 77 | 78 | # We use internal kbuild rules to avoid the "is up to date" message from make 79 | arch/$(SRCARCH)/kernel/asm-offsets.s: arch/$(SRCARCH)/kernel/asm-offsets.c \ 80 | $(obj)/$(bounds-file) FORCE 81 | $(Q)mkdir -p $(dir $@) 82 | $(call if_changed_dep,cc_s_c) 83 | 84 | $(obj)/$(offsets-file): arch/$(SRCARCH)/kernel/asm-offsets.s Kbuild 85 | $(call cmd,offsets) 86 | 87 | ##### 88 | # 3) Check for missing system calls 89 | # 90 | 91 | quiet_cmd_syscalls = CALL $< 92 | cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) 93 | 94 | PHONY += missing-syscalls 95 | missing-syscalls: scripts/checksyscalls.sh FORCE 96 | $(call cmd,syscalls) 97 | 98 | # Keep these two files during make clean 99 | no-clean-files := $(bounds-file) $(offsets-file) 100 | -------------------------------------------------------------------------------- /small/munin/files/nginx/plugins/nginx_request: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | # -*- cperl -*- 3 | 4 | =head1 NAME 5 | 6 | nginx_request - Munin plugin to show number of requests pr. second to nginx. 7 | 8 | =head1 APPLICABLE SYSTEMS 9 | 10 | Any nginx host 11 | 12 | =head1 CONFIGURATION 13 | 14 | This shows the default configuration of this plugin. You can override 15 | the status URL. 16 | 17 | [nginx*] 18 | env.url http://localhost/nginx_status 19 | 20 | Nginx must also be configured. Firstly the stub-status module must be 21 | compiled, and secondly it must be configured like this: 22 | 23 | server { 24 | listen 127.0.0.1; 25 | server_name localhost; 26 | location /nginx_status { 27 | stub_status on; 28 | access_log off; 29 | allow 127.0.0.1; 30 | deny all; 31 | } 32 | } 33 | 34 | =head1 MAGIC MARKERS 35 | 36 | #%# family=auto 37 | #%# capabilities=autoconf 38 | 39 | =head1 VERSION 40 | 41 | $Id: nginx_request.in 2431 2009-09-16 10:04:17Z janl $ 42 | 43 | =head1 BUGS 44 | 45 | None known 46 | 47 | =head1 AUTHOR 48 | 49 | Unknown 50 | 51 | =head1 LICENSE 52 | 53 | Unknown. Not specified by the unknown author. Nginx has a BSD 54 | license. Munin is GPLv2 licensed. 55 | 56 | =cut 57 | 58 | my $ret = undef; 59 | 60 | if (! eval "require LWP::UserAgent;"){ 61 | $ret = "LWP::UserAgent not found"; 62 | } 63 | 64 | chomp(my $fqdn=`hostname -f 2>/dev/null | hostname`); 65 | 66 | my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://$fqdn/nginx_status"; 67 | my $port = exists $ENV{'port'} ? $ENV{'port'} : "80"; 68 | 69 | if ( exists $ARGV[0] and $ARGV[0] eq "autoconf" ) 70 | { 71 | if ($ret){ 72 | print "no ($ret)\n"; 73 | exit 0; 74 | } 75 | 76 | my $ua = LWP::UserAgent->new(timeout => 30); 77 | my $response = $ua->request(HTTP::Request->new('GET',$URL)); 78 | 79 | unless ($response->is_success and $response->content =~ /server/im) 80 | { 81 | print "no (no nginx status on $URL)\n"; 82 | exit 0; 83 | } 84 | else 85 | { 86 | print "yes\n"; 87 | exit 0; 88 | } 89 | } 90 | 91 | if ( exists $ARGV[0] and $ARGV[0] eq "config" ) 92 | { 93 | print "graph_title Nginx requests\n"; 94 | print "graph_args --base 1000\n"; 95 | print "graph_category nginx\n"; 96 | print "graph_vlabel Request per second\n"; 97 | print "request.label req/sec\n"; 98 | print "request.type DERIVE\n"; 99 | print "request.min 0\n"; 100 | print "request.label requests port $port\n"; 101 | print "request.draw LINE2\n"; 102 | 103 | exit 0; 104 | } 105 | 106 | my $ua = LWP::UserAgent->new(timeout => 30); 107 | 108 | my $response = $ua->request(HTTP::Request->new('GET',$URL)); 109 | 110 | if ($response->content =~ /^\s+(\d+)\s+(\d+)\s+(\d+)/m) { 111 | print "request.value $3\n"; 112 | } else { 113 | print "request.value U\n"; 114 | } -------------------------------------------------------------------------------- /small/sudo/sudoers: -------------------------------------------------------------------------------- 1 | ## sudoers file. 2 | ## 3 | ## This file MUST be edited with the 'visudo' command as root. 4 | ## Failure to use 'visudo' may result in syntax or file permission errors 5 | ## that prevent sudo from running. 6 | ## 7 | ## See the sudoers man page for the details on how to write a sudoers file. 8 | ## 9 | 10 | ## 11 | ## Host alias specification 12 | ## 13 | ## Groups of machines. These may include host names (optionally with wildcards), 14 | ## IP addresses, network numbers or netgroups. 15 | # Host_Alias WEBSERVERS = www1, www2, www3 16 | 17 | ## 18 | ## User alias specification 19 | ## 20 | ## Groups of users. These may consist of user names, uids, Unix groups, 21 | ## or netgroups. 22 | # User_Alias ADMINS = millert, dowdy, mikef 23 | 24 | ## 25 | ## Cmnd alias specification 26 | ## 27 | ## Groups of commands. Often used to group related commands together. 28 | # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ 29 | # /usr/bin/pkill, /usr/bin/top 30 | 31 | ## 32 | ## Defaults specification 33 | ## 34 | ## You may wish to keep some of the following environment variables 35 | ## when running commands via sudo. 36 | ## 37 | ## Locale settings 38 | # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" 39 | ## 40 | ## Run X applications through sudo; HOME is used to find the 41 | ## .Xauthority file. Note that other programs use HOME to find 42 | ## configuration files and this may lead to privilege escalation! 43 | # Defaults env_keep += "HOME" 44 | ## 45 | ## X11 resource path settings 46 | # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" 47 | ## 48 | ## Desktop path settings 49 | # Defaults env_keep += "QTDIR KDEDIR" 50 | ## 51 | ## Allow sudo-run commands to inherit the callers' ConsoleKit session 52 | # Defaults env_keep += "XDG_SESSION_COOKIE" 53 | ## 54 | ## Uncomment to enable special input methods. Care should be taken as 55 | ## this may allow users to subvert the command being run via sudo. 56 | # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" 57 | ## 58 | ## Uncomment to enable logging of a command's output, except for 59 | ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. 60 | # Defaults log_output 61 | # Defaults!/usr/bin/sudoreplay !log_output 62 | # Defaults!/usr/local/bin/sudoreplay !log_output 63 | # Defaults!/sbin/reboot !log_output 64 | 65 | ## 66 | ## Runas alias specification 67 | ## 68 | 69 | ## 70 | ## User privilege specification 71 | ## 72 | root ALL=(ALL) ALL 73 | 74 | ## Uncomment to allow members of group wheel to execute any command 75 | # %wheel ALL=(ALL) ALL 76 | 77 | ## Same thing without a password 78 | %wheel ALL=(ALL) NOPASSWD: ALL 79 | 80 | ## Uncomment to allow members of group sudo to execute any command 81 | # %sudo ALL=(ALL) ALL 82 | 83 | ## Uncomment to allow any user to run sudo if they know the password 84 | ## of the user they are running the command as (root by default). 85 | # Defaults targetpw # Ask for the password of the target user 86 | # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' 87 | 88 | ## Read drop-in files from /etc/sudoers.d 89 | ## (the '#' here does not indicate a comment) 90 | #includedir /etc/sudoers.d 91 | -------------------------------------------------------------------------------- /openstack/keystone/keystone.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | #bind_host = 0.0.0.0 3 | public_port = 5000 4 | admin_port = 35357 5 | admin_token = c195b883042b11f25916 6 | compute_port = 8774 7 | verbose = True 8 | debug = True 9 | #log_config = ./etc/logging.conf.sample 10 | 11 | # ================= Syslog Options ============================ 12 | # Send logs to syslog (/dev/log) instead of to file specified 13 | # by `log-file` 14 | use_syslog = False 15 | log_file = /var/log/keystone/keystone.log 16 | 17 | # Facility to use. If unset defaults to LOG_USER. 18 | # syslog_log_facility = LOG_LOCAL0 19 | 20 | [sql] 21 | connection = mysql://keystone:keystone@localhost/keystone 22 | idle_timeout = 200 23 | 24 | [ldap] 25 | #url = ldap://localhost 26 | #tree_dn = dc=example,dc=com 27 | #user_tree_dn = ou=Users,dc=example,dc=com 28 | #role_tree_dn = ou=Roles,dc=example,dc=com 29 | #tenant_tree_dn = ou=Groups,dc=example,dc=com 30 | #user = dc=Manager,dc=example,dc=com 31 | #password = freeipa4all 32 | #suffix = cn=example,cn=com 33 | 34 | [identity] 35 | driver = keystone.identity.backends.sql.Identity 36 | 37 | [catalog] 38 | driver = keystone.catalog.backends.sql.Catalog 39 | template_file = /etc/keystone/default_catalog.templates 40 | 41 | [token] 42 | driver = keystone.token.backends.sql.Token 43 | 44 | # Amount of time a token should remain valid (in seconds) 45 | expiration = 86400 46 | 47 | [policy] 48 | driver = keystone.policy.backends.rules.Policy 49 | 50 | [ec2] 51 | driver = keystone.contrib.ec2.backends.sql.Ec2 52 | 53 | [filter:debug] 54 | paste.filter_factory = keystone.common.wsgi:Debug.factory 55 | 56 | [filter:token_auth] 57 | paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory 58 | 59 | [filter:admin_token_auth] 60 | paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory 61 | 62 | [filter:xml_body] 63 | paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory 64 | 65 | [filter:json_body] 66 | paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory 67 | 68 | [filter:crud_extension] 69 | paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory 70 | 71 | [filter:ec2_extension] 72 | paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory 73 | 74 | [app:public_service] 75 | paste.app_factory = keystone.service:public_app_factory 76 | 77 | [app:admin_service] 78 | paste.app_factory = keystone.service:admin_app_factory 79 | 80 | [pipeline:public_api] 81 | pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service 82 | 83 | [pipeline:admin_api] 84 | pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service 85 | 86 | [app:public_version_service] 87 | paste.app_factory = keystone.service:public_version_app_factory 88 | 89 | [app:admin_version_service] 90 | paste.app_factory = keystone.service:admin_version_app_factory 91 | 92 | [pipeline:public_version_api] 93 | pipeline = xml_body public_version_service 94 | 95 | [pipeline:admin_version_api] 96 | pipeline = xml_body admin_version_service 97 | 98 | [composite:main] 99 | use = egg:Paste#urlmap 100 | /v2.0 = public_api 101 | / = public_version_api 102 | 103 | [composite:admin] 104 | use = egg:Paste#urlmap 105 | /v2.0 = admin_api 106 | / = admin_version_api 107 | -------------------------------------------------------------------------------- /small/munin/files/nginx/plugins/nginx_status: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | # -*- cperl -*- 3 | 4 | =head1 NAME 5 | 6 | nginx_status - Munin plugin to show connection status for nginx 7 | 8 | =head1 APPLICABLE SYSTEMS 9 | 10 | Any nginx host 11 | 12 | =head1 CONFIGURATION 13 | 14 | This shows the default configuration of this plugin. You can override 15 | the status URL. 16 | 17 | [nginx*] 18 | env.url http://localhost/nginx_status 19 | 20 | Nginx must also be configured. Firstly the stub-status module must be 21 | compiled, and secondly it must be configured like this: 22 | 23 | server { 24 | listen 127.0.0.1; 25 | server_name localhost; 26 | location /nginx_status { 27 | stub_status on; 28 | access_log off; 29 | allow 127.0.0.1; 30 | deny all; 31 | } 32 | } 33 | 34 | =head1 MAGIC MARKERS 35 | 36 | #%# family=auto 37 | #%# capabilities=autoconf 38 | 39 | =head1 VERSION 40 | 41 | $Id: nginx_status.in 2431 2009-09-16 10:04:17Z janl $ 42 | 43 | =head1 BUGS 44 | 45 | None known 46 | 47 | =head1 AUTHOR 48 | 49 | Unknown 50 | 51 | =head1 LICENSE 52 | 53 | Unknown. Not specified by the unknown author. Nginx has a BSD 54 | license. Munin is GPLv2 licensed. 55 | 56 | =cut 57 | 58 | my $ret = undef; 59 | 60 | if (! eval "require LWP::UserAgent;"){ 61 | $ret = "LWP::UserAgent not found"; 62 | } 63 | 64 | my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://localhost/nginx_status"; 65 | 66 | if ( exists $ARGV[0] and $ARGV[0] eq "autoconf" ) { 67 | if ($ret){ 68 | print "no ($ret)\n"; 69 | exit 0; 70 | } 71 | 72 | my $ua = LWP::UserAgent->new(timeout => 30); 73 | my $response = $ua->request(HTTP::Request->new('GET',$URL)); 74 | 75 | unless ($response->is_success and $response->content =~ /server/im) { 76 | print "no (no nginx status on $URL)\n"; 77 | exit 0; 78 | } else { 79 | print "yes\n"; 80 | exit 0; 81 | } 82 | } 83 | 84 | if ( exists $ARGV[0] and $ARGV[0] eq "config" ) { 85 | print "graph_title NGINX status\n"; 86 | print "graph_args --base 1000\n"; 87 | print "graph_category nginx\n"; 88 | print "graph_vlabel Connections\n"; 89 | 90 | print "total.label Active connections\n"; 91 | print "total.info Active connections\n"; 92 | print "total.draw LINE2\n"; 93 | 94 | print "reading.label Reading\n"; 95 | print "reading.info Reading\n"; 96 | print "reading.draw LINE2\n"; 97 | 98 | print "writing.label Writing\n"; 99 | print "writing.info Writing\n"; 100 | print "writing.draw LINE2\n"; 101 | 102 | print "waiting.label Waiting\n"; 103 | print "waiting.info Waiting\n"; 104 | print "waiting.draw LINE2\n"; 105 | 106 | exit 0; 107 | } 108 | 109 | my $ua = LWP::UserAgent->new(timeout => 30); 110 | 111 | my $response = $ua->request(HTTP::Request->new('GET',$URL)); 112 | 113 | #Active connections: 1845 114 | #server accepts handled requests 115 | # 4566318 4566318 84218236 116 | # Reading: 2 Writing: 278 Waiting: 1565 117 | if ($response->content =~ /Active connections:\s+(\d+).*Reading:\s+(\d+).*Writing:\s+(\d+).*Waiting:\s+(\d+)/s) { 118 | print "total.value $1\n"; 119 | print "reading.value $2\n"; 120 | print "writing.value $3\n"; 121 | print "waiting.value $4\n"; 122 | } else { 123 | foreach (qw(total reading writing waiting)){ 124 | print "$_.value U\n"; 125 | } 126 | } -------------------------------------------------------------------------------- /small/recurse/linux/REPORTING-BUGS: -------------------------------------------------------------------------------- 1 | [Some of this is taken from Frohwalt Egerer's original linux-kernel FAQ] 2 | 3 | What follows is a suggested procedure for reporting Linux bugs. You 4 | aren't obliged to use the bug reporting format, it is provided as a guide 5 | to the kind of information that can be useful to developers - no more. 6 | 7 | If the failure includes an "OOPS:" type message in your log or on 8 | screen please read "Documentation/oops-tracing.txt" before posting your 9 | bug report. This explains what you should do with the "Oops" information 10 | to make it useful to the recipient. 11 | 12 | Send the output to the maintainer of the kernel area that seems to 13 | be involved with the problem, and cc the relevant mailing list. Don't 14 | worry too much about getting the wrong person. If you are unsure send it 15 | to the person responsible for the code relevant to what you were doing. 16 | If it occurs repeatably try and describe how to recreate it. That is 17 | worth even more than the oops itself. The list of maintainers and 18 | mailing lists is in the MAINTAINERS file in this directory. If you 19 | know the file name that causes the problem you can use the following 20 | command in this directory to find some of the maintainers of that file: 21 | perl scripts/get_maintainer.pl -f 22 | 23 | If it is a security bug, please copy the Security Contact listed 24 | in the MAINTAINERS file. They can help coordinate bugfix and disclosure. 25 | See Documentation/SecurityBugs for more information. 26 | 27 | If you are totally stumped as to whom to send the report, send it to 28 | linux-kernel@vger.kernel.org. (For more information on the linux-kernel 29 | mailing list see http://www.tux.org/lkml/). 30 | 31 | This is a suggested format for a bug report sent to the Linux kernel mailing 32 | list. Having a standardized bug report form makes it easier for you not to 33 | overlook things, and easier for the developers to find the pieces of 34 | information they're really interested in. Don't feel you have to follow it. 35 | 36 | First run the ver_linux script included as scripts/ver_linux, which 37 | reports the version of some important subsystems. Run this script with 38 | the command "sh scripts/ver_linux". 39 | 40 | Use that information to fill in all fields of the bug report form, and 41 | post it to the mailing list with a subject of "PROBLEM: " for easy identification by the developers. 43 | 44 | [1.] One line summary of the problem: 45 | [2.] Full description of the problem/report: 46 | [3.] Keywords (i.e., modules, networking, kernel): 47 | [4.] Kernel information 48 | [4.1.] Kernel version (from /proc/version): 49 | [4.2.] Kernel .config file: 50 | [5.] Most recent kernel version which did not have the bug: 51 | [6.] Output of Oops.. message (if applicable) with symbolic information 52 | resolved (see Documentation/oops-tracing.txt) 53 | [7.] A small shell script or example program which triggers the 54 | problem (if possible) 55 | [8.] Environment 56 | [8.1.] Software (add the output of the ver_linux script here) 57 | [8.2.] Processor information (from /proc/cpuinfo): 58 | [8.3.] Module information (from /proc/modules): 59 | [8.4.] Loaded driver and hardware information (/proc/ioports, /proc/iomem) 60 | [8.5.] PCI information ('lspci -vvv' as root) 61 | [8.6.] SCSI information (from /proc/scsi/scsi) 62 | [8.7.] Other information that might be relevant to the problem 63 | (please look in /proc and include all information that you 64 | think to be relevant): 65 | [X.] Other notes, patches, fixes, workarounds: 66 | 67 | 68 | Thank you 69 | -------------------------------------------------------------------------------- /small/edit/vimrc: -------------------------------------------------------------------------------- 1 | " All system-wide defaults are set in $VIMRUNTIME/archlinux.vim (usually just 2 | " /usr/share/vim/vimfiles/archlinux.vim) and sourced by the call to :runtime 3 | " you can find below. If you wish to change any of those settings, you should 4 | " do it in this file (/etc/vimrc), since archlinux.vim will be overwritten 5 | " everytime an upgrade of the vim packages is performed. It is recommended to 6 | " make changes after sourcing archlinux.vim since it alters the value of the 7 | " 'compatible' option. 8 | 9 | " This line should not be removed as it ensures that various options are 10 | " properly set to work with the Vim-related packages. 11 | runtime! archlinux.vim 12 | 13 | " If you prefer the old-style vim functionalty, add 'runtime! vimrc_example.vim' 14 | " Or better yet, read /usr/share/vim/vim72/vimrc_example.vim or the vim manual 15 | " and configure vim to your own liking! 16 | 17 | set tabstop=4 " Number of spaces that a in the file counts for. 18 | 19 | set shiftwidth=4 " Number of spaces to use for each step of (auto)indent. 20 | 21 | set expandtab " Use the appropriate number of spaces to insert a . 22 | " Spaces are used in indents with the '>' and '<' commands 23 | " and when 'autoindent' is on. To insert a real tab when 24 | " 'expandtab' is on, use CTRL-V . 25 | 26 | set smarttab " When on, a in front of a line inserts blanks 27 | " according to 'shiftwidth'. 'tabstop' is used in other 28 | " places. A will delete a 'shiftwidth' worth of space 29 | " at the start of the line. 30 | 31 | set showcmd " Show (partial) command in status line. 32 | 33 | set number " Show line numbers. 34 | 35 | set showmatch " When a bracket is inserted, briefly jump to the matching 36 | " one. The jump is only done if the match can be seen on the 37 | " screen. The time to show the match can be set with 38 | " 'matchtime'. 39 | 40 | set hlsearch " When there is a previous search pattern, highlight all 41 | " its matches. 42 | 43 | set incsearch " While typing a search command, show immediately where the 44 | " so far typed pattern matches. 45 | 46 | set ignorecase " Ignore case in search patterns. 47 | 48 | set smartcase " Override the 'ignorecase' option if the search pattern 49 | " contains upper case characters. 50 | 51 | set backspace=2 " Influences the working of , , CTRL-W 52 | " and CTRL-U in Insert mode. This is a list of items, 53 | " separated by commas. Each item allows a way to backspace 54 | " over something. 55 | 56 | set autoindent " Copy indent from current line when starting a new line 57 | " (typing in Insert mode or when using the "o" or "O" 58 | " command). 59 | 60 | set formatoptions=c,q,r,t " This is a sequence of letters which describes how 61 | " automatic formatting is to be done. 62 | " 63 | " letter meaning when present in 'formatoptions' 64 | " ------ --------------------------------------- 65 | " c Auto-wrap comments using textwidth, inserting 66 | " the current comment leader automatically. 67 | " q Allow formatting of comments with "gq". 68 | " r Automatically insert the current comment leader 69 | " after hitting in Insert mode. 70 | " t Auto-wrap text using textwidth (does not apply 71 | " to comments) 72 | 73 | set ruler " Show the line and column number of the cursor position, 74 | " separated by a comma. 75 | 76 | set background=dark " When set to "dark", Vim will try to use colors that look 77 | " good on a dark background. When set to "light", Vim will 78 | " try to use colors that look good on a light background. 79 | " Any other value is illegal. 80 | 81 | 82 | filetype plugin indent on 83 | syntax on 84 | -------------------------------------------------------------------------------- /vim/vimrc: -------------------------------------------------------------------------------- 1 | 2 | " All system-wide defaults are set in $VIMRUNTIME/archlinux.vim (usually just 3 | " /usr/share/vim/vimfiles/archlinux.vim) and sourced by the call to :runtime 4 | " you can find below. If you wish to change any of those settings, you should 5 | " do it in this file (/etc/vimrc), since archlinux.vim will be overwritten 6 | " everytime an upgrade of the vim packages is performed. It is recommended to 7 | " make changes after sourcing archlinux.vim since it alters the value of the 8 | " 'compatible' option. 9 | 10 | " This line should not be removed as it ensures that various options are 11 | " properly set to work with the Vim-related packages. 12 | runtime! archlinux.vim 13 | 14 | " If you prefer the old-style vim functionalty, add 'runtime! vimrc_example.vim' 15 | " Or better yet, read /usr/share/vim/vim72/vimrc_example.vim or the vim manual 16 | " and configure vim to your own liking! 17 | 18 | set tabstop=4 " Number of spaces that a in the file counts for. 19 | 20 | set shiftwidth=4 " Number of spaces to use for each step of (auto)indent. 21 | 22 | set expandtab " Use the appropriate number of spaces to insert a . 23 | " Spaces are used in indents with the '>' and '<' commands 24 | " and when 'autoindent' is on. To insert a real tab when 25 | " 'expandtab' is on, use CTRL-V . 26 | 27 | set smarttab " When on, a in front of a line inserts blanks 28 | " according to 'shiftwidth'. 'tabstop' is used in other 29 | " places. A will delete a 'shiftwidth' worth of space 30 | " at the start of the line. 31 | 32 | set showcmd " Show (partial) command in status line. 33 | 34 | set number " Show line numbers. 35 | 36 | set showmatch " When a bracket is inserted, briefly jump to the matching 37 | " one. The jump is only done if the match can be seen on the 38 | " screen. The time to show the match can be set with 39 | " 'matchtime'. 40 | 41 | set hlsearch " When there is a previous search pattern, highlight all 42 | " its matches. 43 | 44 | set incsearch " While typing a search command, show immediately where the 45 | " so far typed pattern matches. 46 | 47 | set ignorecase " Ignore case in search patterns. 48 | 49 | set smartcase " Override the 'ignorecase' option if the search pattern 50 | " contains upper case characters. 51 | 52 | set backspace=2 " Influences the working of , , CTRL-W 53 | " and CTRL-U in Insert mode. This is a list of items, 54 | " separated by commas. Each item allows a way to backspace 55 | " over something. 56 | 57 | set autoindent " Copy indent from current line when starting a new line 58 | " (typing in Insert mode or when using the "o" or "O" 59 | " command). 60 | 61 | set formatoptions=c,q,r,t " This is a sequence of letters which describes how 62 | " automatic formatting is to be done. 63 | " 64 | " letter meaning when present in 'formatoptions' 65 | " ------ --------------------------------------- 66 | " c Auto-wrap comments using textwidth, inserting 67 | " the current comment leader automatically. 68 | " q Allow formatting of comments with "gq". 69 | " r Automatically insert the current comment leader 70 | " after hitting in Insert mode. 71 | " t Auto-wrap text using textwidth (does not apply 72 | " to comments) 73 | 74 | set ruler " Show the line and column number of the cursor position, 75 | " separated by a comma. 76 | 77 | set background=dark " When set to "dark", Vim will try to use colors that look 78 | " good on a dark background. When set to "light", Vim will 79 | " try to use colors that look good on a light background. 80 | " Any other value is illegal. 81 | 82 | 83 | filetype plugin indent on 84 | syntax on 85 | 86 | 87 | 88 | 89 | 90 | -------------------------------------------------------------------------------- /small/munin/files/server/munin.conf: -------------------------------------------------------------------------------- 1 | # Example configuration file for Munin, generated by 'make build' 2 | 3 | # The next three variables specifies where the location of the RRD 4 | # databases, the HTML output, logs and the lock/pid files. They all 5 | # must be writable by the user running munin-cron. They are all 6 | # defaulted to the values you see here. 7 | # 8 | dbdir /var/lib/munin 9 | htmldir /var/cache/munin/www 10 | logdir /var/log/munin 11 | rundir /var/run/munin 12 | # 13 | # Where to look for the HTML templates 14 | tmpldir /etc/munin/templates 15 | 16 | graph_width 500 17 | #graph_height 600 18 | 19 | # (Exactly one) directory to include all files from. 20 | # 21 | includedir /etc/munin/munin-conf.d 22 | 23 | 24 | # Make graphs show values per minute instead of per second 25 | #graph_period minute 26 | 27 | # Graphics files are normaly generated by munin-graph, no matter if 28 | # the graphs are used or not. You can change this to 29 | # on-demand-graphing by following the instructions in 30 | # http://munin.projects.linpro.no/wiki/CgiHowto 31 | # 32 | #graph_strategy cgi 33 | 34 | # munin-cgi-graph is invoked by the web server up to very many times at the 35 | # same time. This is not optimal since it results in high CPU and memory 36 | # consumption to the degree that the system can thrash. Again the default is 37 | # 6. Most likely the optimal number for max_cgi_graph_jobs is the same as 38 | # max_graph_jobs. 39 | # 40 | #munin_cgi_graph_jobs 6 41 | 42 | # If the automatic CGI url is wrong for your system override it here: 43 | # 44 | #cgiurl_graph /cgi-bin/munin-cgi-graph 45 | 46 | # munin-graph runs in parallel, the number of concurrent processes is 47 | # 6. If you want munin-graph to not be parallel set to 0. If set too 48 | # high it will slow down munin-graph. Some experiments are needed to 49 | # determine how many are optimal on your system. On a multi-core 50 | # system with good SCSI disks the number can probably be quite high. 51 | # 52 | #max_graph_jobs 6 53 | 54 | # Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime 55 | # something changes (OK -> WARNING, CRITICAL -> OK, etc) 56 | #contact.someuser.command mail -s "Munin notification" somejuser@fnord.comm 57 | #contact.anotheruser.command mail -s "Munin notification" anotheruser@blibb.comm 58 | # 59 | # For those with Nagios, the following might come in handy. In addition, 60 | # the services must be defined in the Nagios server as well. 61 | #contact.nagios.command /usr/bin/send_nsca nagios.host.comm -c /etc/nsca.conf 62 | 63 | # a simple host tree 64 | [localhost] 65 | address 127.0.0.1 66 | use_node_name yes 67 | 68 | # 69 | # A more complex example of a host tree 70 | # 71 | ## First our "normal" host. 72 | # [fii.foo.com] 73 | # address foo 74 | # 75 | ## Then our other host... 76 | # [fay.foo.com] 77 | # address fay 78 | # 79 | ## Then we want totals... 80 | # [foo.com;Totals] #Force it into the "foo.com"-domain... 81 | # update no # Turn off data-fetching for this "host". 82 | # 83 | # # The graph "load1". We want to see the loads of both machines... 84 | # # "fii=fii.foo.com:load.load" means "label=machine:graph.field" 85 | # load1.graph_title Loads side by side 86 | # load1.graph_order fii=fii.foo.com:load.load fay=fay.foo.com:load.load 87 | # 88 | # # The graph "load2". Now we want them stacked on top of each other. 89 | # load2.graph_title Loads on top of each other 90 | # load2.dummy_field.stack fii=fii.foo.com:load.load fay=fay.foo.com:load.load 91 | # load2.dummy_field.draw AREA # We want area instead the default LINE2. 92 | # load2.dummy_field.label dummy # This is needed. Silly, really. 93 | # 94 | # # The graph "load3". Now we want them summarised into one field 95 | # load3.graph_title Loads summarised 96 | # load3.combined_loads.sum fii.foo.com:load.load fay.foo.com:load.load 97 | # load3.combined_loads.label Combined loads # Must be set, as this is 98 | # # not a dummy field! 99 | # 100 | ## ...and on a side note, I want them listen in another order (default is 101 | ## alphabetically) 102 | # 103 | # # Since [foo.com] would be interpreted as a host in the domain "com", we 104 | # # specify that this is a domain by adding a semicolon. 105 | # [foo.com;] 106 | # node_order Totals fii.foo.com fay.foo.com 107 | # 108 | -------------------------------------------------------------------------------- /openstack/init.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - epel 3 | - selinux 4 | 5 | permissive: 6 | selinux.mode: 7 | - require: 8 | - pkg: libsemanage 9 | - pkg: setools-console 10 | 11 | openstack-pkgs: 12 | pkg.installed: 13 | - repo: epel-testing 14 | - require: 15 | - pkg.installed: mysql-server 16 | - names: 17 | - openstack-nova 18 | - openstack-glance 19 | - openstack-keystone 20 | - openstack-quantum 21 | - openstack-swift 22 | - openstack-swift-account 23 | - openstack-swift-container 24 | - openstack-swift-object 25 | - openstack-swift-plugin-swift3 26 | - openstack-swift-proxy 27 | - openstack-dashboard 28 | - openstack-utils 29 | - memcached 30 | - qpid-cpp-server 31 | - avahi 32 | - avahi-libs 33 | # if RHEL 6.3 34 | - dnsmasq-utils 35 | # elif <= RHEL 6.2: 36 | # cmd.run: penstack-config --set /etc/nova/nova.conf DEFAULT force_dhcp_release False 37 | 38 | mysql-server: 39 | pkg.installed 40 | 41 | mysqld: 42 | service: 43 | - running 44 | require: 45 | - pkg.installed: mysql-server 46 | 47 | nova-support: 48 | service: 49 | - running 50 | - enable: True 51 | - names: 52 | - mysqld 53 | - qpidd 54 | - libvirtd 55 | - messagebus 56 | 57 | nova-db-init: 58 | cmd: 59 | - run 60 | - name: openstack-db --init --service nova --rootpw '' 61 | - unless: echo '' | mysql nova 62 | - require: 63 | - pkg.installed: openstack-nova 64 | - service.running: mysqld 65 | 66 | glance-db-init: 67 | cmd: 68 | - run 69 | - name: openstack-db --init --service glance --rootpw '' 70 | 71 | - unless: echo '' | mysql glance 72 | - require: 73 | - pkg.installed: openstack-glance 74 | - service.running: mysqld 75 | 76 | glance-services: 77 | service: 78 | - running 79 | - enable: True 80 | - names: 81 | - openstack-glance-api 82 | - openstack-glance-registry 83 | - require: 84 | - pkg.installed: openstack-glance 85 | - cmd.run: glance-db-init 86 | 87 | nova-services: 88 | service: 89 | - running 90 | - enable: True 91 | - names: 92 | - openstack-nova-api 93 | - openstack-nova-objectstore 94 | - openstack-nova-compute 95 | - openstack-nova-network 96 | - openstack-nova-volume 97 | - openstack-nova-scheduler 98 | - openstack-nova-cert 99 | - require: 100 | - cmd.run: nova-db-init 101 | - cmd.run: keystone-db-init 102 | - service.running: openstack-glance-api 103 | 104 | keystone-db-init: 105 | cmd: 106 | - run 107 | - name: openstack-db --init --service keystone --rootpw '' 108 | 109 | - unless: echo '' | mysql keystone 110 | - require: 111 | - pkg.installed: openstack-keystone 112 | - service.running: mysqld 113 | 114 | openstack-keystone: 115 | service: 116 | - running 117 | - enable: True 118 | - require: 119 | - pkg.installed: openstack-keystone 120 | - watch: 121 | - cmd.run: keystone-db-init 122 | 123 | /etc/nova: 124 | file: 125 | - recurse 126 | - source: salt://openstack/nova 127 | - require: 128 | - pkg.installed: openstack-nova 129 | - watch_in: 130 | - service: nova-services 131 | 132 | /etc/keystone: 133 | file: 134 | - recurse 135 | - source: salt://openstack/keystone 136 | - require: 137 | - pkg.installed: openstack-keystone 138 | - watch_in: 139 | - service: openstack-keystone 140 | 141 | /etc/glance: 142 | file: 143 | - recurse 144 | - source: salt://openstack/glance 145 | - require: 146 | - pkg.installed: openstack-glance 147 | - watch_in: 148 | - service: glance-services 149 | 150 | httpd: 151 | service: 152 | - running 153 | - enable: True 154 | - require: 155 | - pkg.installed: openstack-dashboard 156 | -------------------------------------------------------------------------------- /small/salt/minion: -------------------------------------------------------------------------------- 1 | ##### Primary configuration settings ##### 2 | ########################################## 3 | # Set the location of the salt master server, if the master server cannot be 4 | # resolved, then the minion will fail to start 5 | master: syndic.example.com 6 | 7 | # Set the post used by the master reply and authentication server 8 | #master_port: 4506 9 | 10 | # The root directory prepended to these options: pki_dir, cachedir, log_file. 11 | #root_dir: / 12 | 13 | # The directory to store the pki information in 14 | #pki_dir: /etc/salt/pki 15 | 16 | # Explicitly declare the id for this minion to use, if left commented the id 17 | # will be the hostname as returned by the python call: socket.getfqdn() 18 | # Since salt uses detached ids it is possible to run multiple minions on the 19 | # same machine but with different ids, this can be useful for salt compute 20 | # clusters. 21 | #id: 22 | 23 | # Where cache data goes 24 | #cachedir: /var/cache/salt 25 | 26 | 27 | ##### Minion module management ##### 28 | ########################################## 29 | # Disable specific modules, this will allow the admin to limit the level os 30 | # access the master has to the minion 31 | #disable_modules: [cmd,test] 32 | #disable_returners: [] 33 | # Modules can be loaded from arbitrary paths, this enables the easy deployment 34 | # of third party modules, modules for returners and minions can be loaded. 35 | # Specify a list of extra directories to search for minion modules and 36 | # returners. These paths must be fully qualified! 37 | #module_dirs: [] 38 | #returner_dirs: [] 39 | #states_dirs: [] 40 | #render_dirs: [] 41 | # Enable Cython modules searching and loading. (Default: True) 42 | #cython_enable: true 43 | 44 | ##### State Management Settings ##### 45 | ########################################### 46 | # The state management system executes all of the state templates on the minion 47 | # to enable more granular control of system state management. The type of 48 | # template and serialization used for state management needs to be configured 49 | # on the minion, the default renderer is yaml_jinja. This is a yaml file 50 | # rendered from a jinja template, the available options are: 51 | # yaml_jinja 52 | # yaml_mako 53 | # json_jinja 54 | # json_mako 55 | # 56 | #renderer: yaml_jinja 57 | # 58 | # Test allows for the state runs to only be test runs 59 | #test: False 60 | 61 | ###### Security settings ##### 62 | ########################################### 63 | # Enable "open mode", this mode still maintains encryption, but turns off 64 | # authentication, this is only intended for highly secure environments or for 65 | # the situation where your keys end up in a bad state. If you run in open mode 66 | # you do so at your own risk! 67 | #open_mode: False 68 | 69 | 70 | ###### Thread settings ##### 71 | ########################################### 72 | # Disable multiprocessing support, by default when a minion receives a 73 | # publication a new process is spawned and the command is executed therein. 74 | #multiprocessing: True 75 | 76 | ###### Logging settings ##### 77 | ########################################### 78 | # The location of the minion log file 79 | #log_file: /var/log/salt/minion 80 | # The level of messages to send to the log file. 81 | # One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'. 82 | # Default: 'warning' 83 | #log_level: warning 84 | # 85 | # Logger levels can be used to tweak specific loggers logging levels. 86 | # Imagine you want to have the salt library at the 'warning' level, but, you 87 | # still wish to have 'salt.modules' at the 'debug' level: 88 | # log_granular_levels: { 89 | # 'salt': 'warning', 90 | # 'salt.modules': 'debug' 91 | # } 92 | # 93 | #log_granular_levels: {} 94 | 95 | 96 | ###### Module configuration ##### 97 | ########################################### 98 | # Salt allows for modules to be passed arbitrary configuration data, any data 99 | # passed here in valid yaml format will be passed on to the salt minion modules 100 | # for use. It is STRONGLY recommended that a naming convention be used in which 101 | # the module name is followed by a . and then the value. Also, all top level 102 | # data must be allied via the yaml dict construct, some examples: 103 | # 104 | # A simple value for the test module: 105 | #test.foo: foo 106 | # 107 | # A list for the test module: 108 | #test.bar: [baz,quo] 109 | # 110 | # A dict for the test module: 111 | #test.baz: {spam: sausage, cheese: bread} 112 | -------------------------------------------------------------------------------- /openstack/nova/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]], 3 | "default": [["rule:admin_or_owner"]], 4 | 5 | 6 | "compute:create": [], 7 | "compute:create:attach_network": [], 8 | "compute:create:attach_volume": [], 9 | "compute:get_all": [], 10 | 11 | 12 | "admin_api": [["role:admin"]], 13 | "compute_extension:accounts": [["rule:admin_api"]], 14 | "compute_extension:admin_actions": [["rule:admin_api"]], 15 | "compute_extension:admin_actions:pause": [["rule:admin_or_owner"]], 16 | "compute_extension:admin_actions:unpause": [["rule:admin_or_owner"]], 17 | "compute_extension:admin_actions:suspend": [["rule:admin_or_owner"]], 18 | "compute_extension:admin_actions:resume": [["rule:admin_or_owner"]], 19 | "compute_extension:admin_actions:lock": [["rule:admin_api"]], 20 | "compute_extension:admin_actions:unlock": [["rule:admin_api"]], 21 | "compute_extension:admin_actions:resetNetwork": [["rule:admin_api"]], 22 | "compute_extension:admin_actions:injectNetworkInfo": [["rule:admin_api"]], 23 | "compute_extension:admin_actions:createBackup": [["rule:admin_or_owner"]], 24 | "compute_extension:admin_actions:migrateLive": [["rule:admin_api"]], 25 | "compute_extension:admin_actions:migrate": [["rule:admin_api"]], 26 | "compute_extension:aggregates": [["rule:admin_api"]], 27 | "compute_extension:certificates": [], 28 | "compute_extension:cloudpipe": [["rule:admin_api"]], 29 | "compute_extension:console_output": [], 30 | "compute_extension:consoles": [], 31 | "compute_extension:createserverext": [], 32 | "compute_extension:deferred_delete": [], 33 | "compute_extension:disk_config": [], 34 | "compute_extension:extended_server_attributes": [["rule:admin_api"]], 35 | "compute_extension:extended_status": [], 36 | "compute_extension:flavorextradata": [], 37 | "compute_extension:flavorextraspecs": [], 38 | "compute_extension:flavormanage": [["rule:admin_api"]], 39 | "compute_extension:floating_ip_dns": [], 40 | "compute_extension:floating_ip_pools": [], 41 | "compute_extension:floating_ips": [], 42 | "compute_extension:hosts": [["rule:admin_api"]], 43 | "compute_extension:keypairs": [], 44 | "compute_extension:multinic": [], 45 | "compute_extension:networks": [["rule:admin_api"]], 46 | "compute_extension:quotas": [], 47 | "compute_extension:rescue": [], 48 | "compute_extension:security_groups": [], 49 | "compute_extension:server_action_list": [["rule:admin_api"]], 50 | "compute_extension:server_diagnostics": [["rule:admin_api"]], 51 | "compute_extension:simple_tenant_usage:show": [["rule:admin_or_owner"]], 52 | "compute_extension:simple_tenant_usage:list": [["rule:admin_api"]], 53 | "compute_extension:users": [["rule:admin_api"]], 54 | "compute_extension:virtual_interfaces": [], 55 | "compute_extension:virtual_storage_arrays": [], 56 | "compute_extension:volumes": [], 57 | "compute_extension:volumetypes": [], 58 | 59 | 60 | "volume:create": [], 61 | "volume:get_all": [], 62 | "volume:get_volume_metadata": [], 63 | "volume:get_snapshot": [], 64 | "volume:get_all_snapshots": [], 65 | 66 | 67 | "network:get_all_networks": [], 68 | "network:get_network": [], 69 | "network:delete_network": [], 70 | "network:disassociate_network": [], 71 | "network:get_vifs_by_instance": [], 72 | "network:allocate_for_instance": [], 73 | "network:deallocate_for_instance": [], 74 | "network:validate_networks": [], 75 | "network:get_instance_uuids_by_ip_filter": [], 76 | 77 | "network:get_floating_ip": [], 78 | "network:get_floating_ip_pools": [], 79 | "network:get_floating_ip_by_address": [], 80 | "network:get_floating_ips_by_project": [], 81 | "network:get_floating_ips_by_fixed_address": [], 82 | "network:allocate_floating_ip": [], 83 | "network:deallocate_floating_ip": [], 84 | "network:associate_floating_ip": [], 85 | "network:disassociate_floating_ip": [], 86 | 87 | "network:get_fixed_ip": [], 88 | "network:add_fixed_ip_to_instance": [], 89 | "network:remove_fixed_ip_from_instance": [], 90 | "network:add_network_to_project": [], 91 | "network:get_instance_nw_info": [], 92 | 93 | "network:get_dns_domains": [], 94 | "network:add_dns_entry": [], 95 | "network:modify_dns_entry": [], 96 | "network:delete_dns_entry": [], 97 | "network:get_dns_entries_by_address": [], 98 | "network:get_dns_entries_by_name": [], 99 | "network:create_private_dns_domain": [], 100 | "network:create_public_dns_domain": [], 101 | "network:delete_dns_domain": [] 102 | } 103 | -------------------------------------------------------------------------------- /small/recurse/linux/.mailmap: -------------------------------------------------------------------------------- 1 | # 2 | # This list is used by git-shortlog to fix a few botched name translations 3 | # in the git archive, either because the author's full name was messed up 4 | # and/or not always written the same way, making contributions from the 5 | # same person appearing not to be so or badly displayed. 6 | # 7 | # repo-abbrev: /pub/scm/linux/kernel/git/ 8 | # 9 | 10 | Aaron Durbin 11 | Adam Oldham 12 | Adam Radford 13 | Adrian Bunk 14 | Alan Cox 15 | Alan Cox 16 | Aleksey Gorelov 17 | Al Viro 18 | Al Viro 19 | Andreas Herrmann 20 | Andrew Morton 21 | Andrew Vasquez 22 | Andy Adamson 23 | Archit Taneja 24 | Arnaud Patard 25 | Arnd Bergmann 26 | Axel Dyks 27 | Axel Lin 28 | Ben Gardner 29 | Ben M Cahill 30 | Björn Steinbrink 31 | Brian Avery 32 | Brian King 33 | Christoph Hellwig 34 | Corey Minyard 35 | Damian Hobson-Garcia 36 | David Brownell 37 | David Woodhouse 38 | Dmitry Eremin-Solenikov 39 | Domen Puncer 40 | Douglas Gilbert 41 | Ed L. Cashin 42 | Evgeniy Polyakov 43 | Felipe W Damasio 44 | Felix Kuhling 45 | Felix Moeller 46 | Filipe Lautert 47 | Franck Bui-Huu 48 | Frank Zago 49 | Greg Kroah-Hartman 50 | Greg Kroah-Hartman 51 | Greg Kroah-Hartman 52 | Henk Vergonet 53 | Henrik Kretzschmar 54 | Herbert Xu 55 | Jacob Shin 56 | James Bottomley 57 | James Bottomley 58 | James E Wilson 59 | James Ketrenos 60 | Jean Tourrilhes 61 | Jeff Garzik 62 | Jens Axboe 63 | Jens Osterkamp 64 | John Stultz 65 | Juha Yrjola 66 | Juha Yrjola 67 | Juha Yrjola 68 | Kay Sievers 69 | Kenneth W Chen 70 | Koushik 71 | Leonid I Ananiev 72 | Linas Vepstas 73 | Mark Brown 74 | Matthieu CASTET 75 | Mayuresh Janorkar 76 | Michael Buesch 77 | Michael Buesch 78 | Michel Dänzer 79 | Mitesh shah 80 | Morten Welinder 81 | Morten Welinder 82 | Morten Welinder 83 | Morten Welinder 84 | Mythri P K 85 | Nguyen Anh Quynh 86 | Paolo 'Blaisorblade' Giarrusso 87 | Patrick Mochel 88 | Peter A Jonsson 89 | Peter Oruba 90 | Peter Oruba 91 | Praveen BP 92 | Rajesh Shah 93 | Ralf Baechle 94 | Ralf Wildenhues 95 | Rémi Denis-Courmont 96 | Rudolf Marek 97 | Rui Saraiva 98 | Sachin P Sant 99 | Sam Ravnborg 100 | Sascha Hauer 101 | S.Çağlar Onur 102 | Simon Kelley 103 | Stéphane Witzmann 104 | Stephen Hemminger 105 | Sumit Semwal 106 | Tejun Heo 107 | Thomas Graf 108 | Tony Luck 109 | Tsuneo Yoshioka 110 | Uwe Kleine-König 111 | Uwe Kleine-König 112 | Uwe Kleine-König 113 | Valdis Kletnieks 114 | Takashi YOSHII 115 | -------------------------------------------------------------------------------- /openstack/nova/api-paste.ini: -------------------------------------------------------------------------------- 1 | ############ 2 | # Metadata # 3 | ############ 4 | [composite:metadata] 5 | use = egg:Paste#urlmap 6 | /: metaversions 7 | /latest: meta 8 | /1.0: meta 9 | /2007-01-19: meta 10 | /2007-03-01: meta 11 | /2007-08-29: meta 12 | /2007-10-10: meta 13 | /2007-12-15: meta 14 | /2008-02-01: meta 15 | /2008-09-01: meta 16 | /2009-04-04: meta 17 | 18 | [pipeline:metaversions] 19 | pipeline = ec2faultwrap logrequest metaverapp 20 | 21 | [pipeline:meta] 22 | pipeline = ec2faultwrap logrequest metaapp 23 | 24 | [app:metaverapp] 25 | paste.app_factory = nova.api.metadata.handler:Versions.factory 26 | 27 | [app:metaapp] 28 | paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory 29 | 30 | ####### 31 | # EC2 # 32 | ####### 33 | 34 | [composite:ec2] 35 | use = egg:Paste#urlmap 36 | /services/Cloud: ec2cloud 37 | 38 | [composite:ec2cloud] 39 | use = call:nova.api.auth:pipeline_factory 40 | noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor 41 | deprecated = ec2faultwrap logrequest authenticate cloudrequest validator ec2executor 42 | keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor 43 | 44 | [filter:ec2faultwrap] 45 | paste.filter_factory = nova.api.ec2:FaultWrapper.factory 46 | 47 | [filter:logrequest] 48 | paste.filter_factory = nova.api.ec2:RequestLogging.factory 49 | 50 | [filter:ec2lockout] 51 | paste.filter_factory = nova.api.ec2:Lockout.factory 52 | 53 | [filter:totoken] 54 | paste.filter_factory = nova.api.ec2:EC2Token.factory 55 | 56 | [filter:ec2keystoneauth] 57 | paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory 58 | 59 | [filter:ec2noauth] 60 | paste.filter_factory = nova.api.ec2:NoAuth.factory 61 | 62 | [filter:authenticate] 63 | paste.filter_factory = nova.api.ec2:Authenticate.factory 64 | 65 | [filter:cloudrequest] 66 | controller = nova.api.ec2.cloud.CloudController 67 | paste.filter_factory = nova.api.ec2:Requestify.factory 68 | 69 | [filter:authorizer] 70 | paste.filter_factory = nova.api.ec2:Authorizer.factory 71 | 72 | [filter:validator] 73 | paste.filter_factory = nova.api.ec2:Validator.factory 74 | 75 | [app:ec2executor] 76 | paste.app_factory = nova.api.ec2:Executor.factory 77 | 78 | ############# 79 | # Openstack # 80 | ############# 81 | 82 | [composite:osapi_compute] 83 | use = call:nova.api.openstack.urlmap:urlmap_factory 84 | /: oscomputeversions 85 | /v1.1: openstack_compute_api_v2 86 | /v2: openstack_compute_api_v2 87 | 88 | [composite:osapi_volume] 89 | use = call:nova.api.openstack.urlmap:urlmap_factory 90 | /: osvolumeversions 91 | /v1: openstack_volume_api_v1 92 | 93 | [composite:openstack_compute_api_v2] 94 | use = call:nova.api.auth:pipeline_factory 95 | noauth = faultwrap noauth ratelimit osapi_compute_app_v2 96 | deprecated = faultwrap auth ratelimit osapi_compute_app_v2 97 | keystone = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2 98 | keystone_nolimit = faultwrap authtoken keystonecontext osapi_compute_app_v2 99 | 100 | [composite:openstack_volume_api_v1] 101 | use = call:nova.api.auth:pipeline_factory 102 | noauth = faultwrap noauth ratelimit osapi_volume_app_v1 103 | deprecated = faultwrap auth ratelimit osapi_volume_app_v1 104 | keystone = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1 105 | keystone_nolimit = faultwrap authtoken keystonecontext osapi_volume_app_v1 106 | 107 | [filter:faultwrap] 108 | paste.filter_factory = nova.api.openstack:FaultWrapper.factory 109 | 110 | [filter:auth] 111 | paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory 112 | 113 | [filter:noauth] 114 | paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory 115 | 116 | [filter:ratelimit] 117 | paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory 118 | 119 | [app:osapi_compute_app_v2] 120 | paste.app_factory = nova.api.openstack.compute:APIRouter.factory 121 | 122 | [pipeline:oscomputeversions] 123 | pipeline = faultwrap oscomputeversionapp 124 | 125 | [app:osapi_volume_app_v1] 126 | paste.app_factory = nova.api.openstack.volume:APIRouter.factory 127 | 128 | [app:oscomputeversionapp] 129 | paste.app_factory = nova.api.openstack.compute.versions:Versions.factory 130 | 131 | [pipeline:osvolumeversions] 132 | pipeline = faultwrap osvolumeversionapp 133 | 134 | [app:osvolumeversionapp] 135 | paste.app_factory = nova.api.openstack.volume.versions:Versions.factory 136 | 137 | ########## 138 | # Shared # 139 | ########## 140 | 141 | [filter:keystonecontext] 142 | paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory 143 | 144 | [filter:authtoken] 145 | paste.filter_factory = keystone.middleware.auth_token:filter_factory 146 | service_protocol = http 147 | service_host = 127.0.0.1 148 | service_port = 5000 149 | auth_host = 127.0.0.1 150 | auth_port = 35357 151 | auth_protocol = http 152 | auth_uri = http://127.0.0.1:5000/ 153 | admin_tenant_name = service 154 | admin_user = nova 155 | admin_password = servicepass 156 | -------------------------------------------------------------------------------- /small/munin/files/nginx/plugins/nginx_combined_localhost: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | # -*- cperl -*- 3 | # Magic markers: 4 | #%# family=auto 5 | #%# capabilities=autoconf 6 | # nginx_combine_ --- Determine the current status of Nginx 7 | # using the http_stub_status module. 8 | # extend of nginx_status_ plugin of Ant?nio P. P. Almeida 9 | 10 | # Copyright (C) 2010 Ant?nio P. P. Almeida 11 | # Copyright (C) 2010 Minato Miray 12 | 13 | # Author: Ant?nio P. P. Almeida , 14 | # Author: Minato Miray 15 | 16 | ####################################### 17 | # Nginx combined plugin to measure in one graph: 18 | # - Request /sec 19 | # - Connection / sec 20 | # - Request / connection 21 | # - Active connections 22 | # - Reading 23 | # - Writing 24 | # - Waiting 25 | ######################################## 26 | 27 | # Usage: 28 | # Copy to /usr/share/munin/plugins 29 | # ln -s /usr/share/munin/plugins/nginx_combined_ /etc/munin/plugins/nginx_combined_[hostname OR IP address] 30 | 31 | #examples based on nginx configuration: 32 | #example1: ./nginx_combined_mysite.net 33 | #example2: ./nginx_combined_10.0.0.1 34 | 35 | ######################################## 36 | 37 | my $ret = undef; 38 | 39 | if (! eval "require LWP::UserAgent;"){ 40 | $ret = "LWP::UserAgent not found"; 41 | } 42 | 43 | chomp(my $fqdn = `basename $0 | sed 's/^nginx_combined_//g'`); 44 | 45 | my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://$fqdn/nginx_status"; 46 | 47 | if ( exists $ARGV[0] and $ARGV[0] eq "autoconf" ) 48 | { 49 | if ($ret){ 50 | print "no ($ret)\n"; 51 | exit 1; 52 | } 53 | 54 | my $ua = LWP::UserAgent->new(timeout => 30); 55 | my $response = $ua->request(HTTP::Request->new('GET',$URL)); 56 | 57 | unless ($response->is_success and $response->content =~ /server/im) 58 | { 59 | print "no (no nginx status on $URL)\n"; 60 | exit 1; 61 | } 62 | else 63 | { 64 | print "yes\n"; 65 | exit 0; 66 | } 67 | } 68 | 69 | if ( exists $ARGV[0] and $ARGV[0] eq "config" ) 70 | { 71 | print "graph_title NGINX status: $URL\n"; 72 | print "graph_args --base 1000\n"; 73 | print "graph_category nginx\n"; 74 | print "graph_vlabel Connections\n"; 75 | 76 | print "reqpsec.label Request/sec.\n"; 77 | print "reqpsec.info Request/sec.\n"; 78 | print "reqpsec.draw LINE2\n"; 79 | 80 | print "conpersec.label Connection/sec.\n"; 81 | print "conpersec.info Connection/sec.\n"; 82 | print "conpersec.draw LINE2\n"; 83 | 84 | print "reqpcon.label Request/conn.\n"; 85 | print "reqpcon.info Request/conn.\n"; 86 | print "reqpcon.draw LINE2\n"; 87 | 88 | print "total.label Active connections\n"; 89 | print "total.info Active connections\n"; 90 | print "total.draw LINE2\n"; 91 | 92 | print "reading.label Reading\n"; 93 | print "reading.info Reading\n"; 94 | print "reading.draw LINE2\n"; 95 | 96 | print "writing.label Writing\n"; 97 | print "writing.info Writing\n"; 98 | print "writing.draw LINE2\n"; 99 | 100 | print "waiting.label Waiting\n"; 101 | print "waiting.info Waiting\n"; 102 | print "waiting.draw LINE2\n"; 103 | 104 | exit 0; 105 | } 106 | 107 | #do requests 108 | my $ua = LWP::UserAgent->new(timeout => 10); 109 | my $response = $ua->request(HTTP::Request->new('GET',$URL)); 110 | sleep(1); 111 | my $response2 = $ua->request(HTTP::Request->new('GET',$URL)); 112 | 113 | 114 | #calculate responses 115 | $response->content =~ /Active connections:\s+(\d+).*Reading:\s+(\d+).*Writing:\s+(\d+).*Waiting:\s+(\d+)/s; 116 | my $a1 = $1; 117 | my $r1 = $2; 118 | my $w1 = $3; 119 | my $wa1 = $4; 120 | 121 | my $out1 = $response->content; 122 | $out1 =~ s/\n/ /g; 123 | my @vals = split(/ /, $out1); 124 | 125 | my $tmp1_reqpsec=$vals[11]; 126 | my $tmp1_conpsec=$vals[10]; 127 | 128 | $response2->content =~ /Active connections:\s+(\d+).*Reading:\s+(\d+).*Writing:\s+(\d+).*Waiting:\s+(\d+)/s; 129 | 130 | my $a2 = $1; 131 | my $r2 = $2; 132 | my $w2 = $3; 133 | my $wa2 = $4; 134 | 135 | my $out2 = $response2->content; 136 | $out2 =~ s/\n/ /g; 137 | my @vals2 = split(/ /, $out2); 138 | my $tmp2_reqpsec=$vals2[11]; 139 | my $tmp2_conpsec=$vals2[10]; 140 | 141 | my $conpersec=0; 142 | my $reqpcon=0; 143 | my $reqpsec=0; 144 | if (defined $tmp2_conpsec && $tmp2_conpsec =~ /^[+-]?\d+$/ && $tmp2_conpsec > 0){ 145 | $conpersec=$tmp2_conpsec-$tmp1_conpsec; 146 | } 147 | if (defined $tmp2_reqpsec && $tmp2_reqpsec =~ /^[+-]?\d+$/ && $tmp2_reqpsec > 0){ 148 | $reqpsec=$tmp2_reqpsec-$tmp1_reqpsec; 149 | } 150 | if ($conpersec > 0){ 151 | $reqpcon=$reqpsec/$conpersec; 152 | } 153 | 154 | print "reqpsec.value $reqpsec\n"; 155 | print "conpersec.value $conpersec\n"; 156 | printf("reqpcon.value %.2f\n", $reqpcon); 157 | print "total.value $a2\n"; 158 | print "reading.value $r2\n"; 159 | print "writing.value $w2\n"; 160 | print "waiting.value $wa2\n"; 161 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/coalesced_mmio.c: -------------------------------------------------------------------------------- 1 | /* 2 | * KVM coalesced MMIO 3 | * 4 | * Copyright (c) 2008 Bull S.A.S. 5 | * Copyright 2009 Red Hat, Inc. and/or its affiliates. 6 | * 7 | * Author: Laurent Vivier 8 | * 9 | */ 10 | 11 | #include "iodev.h" 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #include "coalesced_mmio.h" 18 | 19 | static inline struct kvm_coalesced_mmio_dev *to_mmio(struct kvm_io_device *dev) 20 | { 21 | return container_of(dev, struct kvm_coalesced_mmio_dev, dev); 22 | } 23 | 24 | static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, 25 | gpa_t addr, int len) 26 | { 27 | struct kvm_coalesced_mmio_zone *zone; 28 | struct kvm_coalesced_mmio_ring *ring; 29 | unsigned avail; 30 | int i; 31 | 32 | /* Are we able to batch it ? */ 33 | 34 | /* last is the first free entry 35 | * check if we don't meet the first used entry 36 | * there is always one unused entry in the buffer 37 | */ 38 | ring = dev->kvm->coalesced_mmio_ring; 39 | avail = (ring->first - ring->last - 1) % KVM_COALESCED_MMIO_MAX; 40 | if (avail < KVM_MAX_VCPUS) { 41 | /* full */ 42 | return 0; 43 | } 44 | 45 | /* is it in a batchable area ? */ 46 | 47 | for (i = 0; i < dev->nb_zones; i++) { 48 | zone = &dev->zone[i]; 49 | 50 | /* (addr,len) is fully included in 51 | * (zone->addr, zone->size) 52 | */ 53 | 54 | if (zone->addr <= addr && 55 | addr + len <= zone->addr + zone->size) 56 | return 1; 57 | } 58 | return 0; 59 | } 60 | 61 | static int coalesced_mmio_write(struct kvm_io_device *this, 62 | gpa_t addr, int len, const void *val) 63 | { 64 | struct kvm_coalesced_mmio_dev *dev = to_mmio(this); 65 | struct kvm_coalesced_mmio_ring *ring = dev->kvm->coalesced_mmio_ring; 66 | if (!coalesced_mmio_in_range(dev, addr, len)) 67 | return -EOPNOTSUPP; 68 | 69 | spin_lock(&dev->lock); 70 | 71 | /* copy data in first free entry of the ring */ 72 | 73 | ring->coalesced_mmio[ring->last].phys_addr = addr; 74 | ring->coalesced_mmio[ring->last].len = len; 75 | memcpy(ring->coalesced_mmio[ring->last].data, val, len); 76 | smp_wmb(); 77 | ring->last = (ring->last + 1) % KVM_COALESCED_MMIO_MAX; 78 | spin_unlock(&dev->lock); 79 | return 0; 80 | } 81 | 82 | static void coalesced_mmio_destructor(struct kvm_io_device *this) 83 | { 84 | struct kvm_coalesced_mmio_dev *dev = to_mmio(this); 85 | 86 | kfree(dev); 87 | } 88 | 89 | static const struct kvm_io_device_ops coalesced_mmio_ops = { 90 | .write = coalesced_mmio_write, 91 | .destructor = coalesced_mmio_destructor, 92 | }; 93 | 94 | int kvm_coalesced_mmio_init(struct kvm *kvm) 95 | { 96 | struct kvm_coalesced_mmio_dev *dev; 97 | struct page *page; 98 | int ret; 99 | 100 | ret = -ENOMEM; 101 | page = alloc_page(GFP_KERNEL | __GFP_ZERO); 102 | if (!page) 103 | goto out_err; 104 | kvm->coalesced_mmio_ring = page_address(page); 105 | 106 | ret = -ENOMEM; 107 | dev = kzalloc(sizeof(struct kvm_coalesced_mmio_dev), GFP_KERNEL); 108 | if (!dev) 109 | goto out_free_page; 110 | spin_lock_init(&dev->lock); 111 | kvm_iodevice_init(&dev->dev, &coalesced_mmio_ops); 112 | dev->kvm = kvm; 113 | kvm->coalesced_mmio_dev = dev; 114 | 115 | mutex_lock(&kvm->slots_lock); 116 | ret = kvm_io_bus_register_dev(kvm, KVM_MMIO_BUS, &dev->dev); 117 | mutex_unlock(&kvm->slots_lock); 118 | if (ret < 0) 119 | goto out_free_dev; 120 | 121 | return ret; 122 | 123 | out_free_dev: 124 | kvm->coalesced_mmio_dev = NULL; 125 | kfree(dev); 126 | out_free_page: 127 | kvm->coalesced_mmio_ring = NULL; 128 | __free_page(page); 129 | out_err: 130 | return ret; 131 | } 132 | 133 | void kvm_coalesced_mmio_free(struct kvm *kvm) 134 | { 135 | if (kvm->coalesced_mmio_ring) 136 | free_page((unsigned long)kvm->coalesced_mmio_ring); 137 | } 138 | 139 | int kvm_vm_ioctl_register_coalesced_mmio(struct kvm *kvm, 140 | struct kvm_coalesced_mmio_zone *zone) 141 | { 142 | struct kvm_coalesced_mmio_dev *dev = kvm->coalesced_mmio_dev; 143 | 144 | if (dev == NULL) 145 | return -ENXIO; 146 | 147 | mutex_lock(&kvm->slots_lock); 148 | if (dev->nb_zones >= KVM_COALESCED_MMIO_ZONE_MAX) { 149 | mutex_unlock(&kvm->slots_lock); 150 | return -ENOBUFS; 151 | } 152 | 153 | dev->zone[dev->nb_zones] = *zone; 154 | dev->nb_zones++; 155 | 156 | mutex_unlock(&kvm->slots_lock); 157 | return 0; 158 | } 159 | 160 | int kvm_vm_ioctl_unregister_coalesced_mmio(struct kvm *kvm, 161 | struct kvm_coalesced_mmio_zone *zone) 162 | { 163 | int i; 164 | struct kvm_coalesced_mmio_dev *dev = kvm->coalesced_mmio_dev; 165 | struct kvm_coalesced_mmio_zone *z; 166 | 167 | if (dev == NULL) 168 | return -ENXIO; 169 | 170 | mutex_lock(&kvm->slots_lock); 171 | 172 | i = dev->nb_zones; 173 | while (i) { 174 | z = &dev->zone[i - 1]; 175 | 176 | /* unregister all zones 177 | * included in (zone->addr, zone->size) 178 | */ 179 | 180 | if (zone->addr <= z->addr && 181 | z->addr + z->size <= zone->addr + zone->size) { 182 | dev->nb_zones--; 183 | *z = dev->zone[dev->nb_zones]; 184 | } 185 | i--; 186 | } 187 | 188 | mutex_unlock(&kvm->slots_lock); 189 | 190 | return 0; 191 | } 192 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/async_pf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * kvm asynchronous fault support 3 | * 4 | * Copyright 2010 Red Hat, Inc. 5 | * 6 | * Author: 7 | * Gleb Natapov 8 | * 9 | * This file is free software; you can redistribute it and/or modify 10 | * it under the terms of version 2 of the GNU General Public License 11 | * as published by the Free Software Foundation. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software Foundation, 20 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #include "async_pf.h" 29 | #include 30 | 31 | static struct kmem_cache *async_pf_cache; 32 | 33 | int kvm_async_pf_init(void) 34 | { 35 | async_pf_cache = KMEM_CACHE(kvm_async_pf, 0); 36 | 37 | if (!async_pf_cache) 38 | return -ENOMEM; 39 | 40 | return 0; 41 | } 42 | 43 | void kvm_async_pf_deinit(void) 44 | { 45 | if (async_pf_cache) 46 | kmem_cache_destroy(async_pf_cache); 47 | async_pf_cache = NULL; 48 | } 49 | 50 | void kvm_async_pf_vcpu_init(struct kvm_vcpu *vcpu) 51 | { 52 | INIT_LIST_HEAD(&vcpu->async_pf.done); 53 | INIT_LIST_HEAD(&vcpu->async_pf.queue); 54 | spin_lock_init(&vcpu->async_pf.lock); 55 | } 56 | 57 | static void async_pf_execute(struct work_struct *work) 58 | { 59 | struct page *page = NULL; 60 | struct kvm_async_pf *apf = 61 | container_of(work, struct kvm_async_pf, work); 62 | struct mm_struct *mm = apf->mm; 63 | struct kvm_vcpu *vcpu = apf->vcpu; 64 | unsigned long addr = apf->addr; 65 | gva_t gva = apf->gva; 66 | 67 | might_sleep(); 68 | 69 | use_mm(mm); 70 | down_read(&mm->mmap_sem); 71 | get_user_pages(current, mm, addr, 1, 1, 0, &page, NULL); 72 | up_read(&mm->mmap_sem); 73 | unuse_mm(mm); 74 | 75 | spin_lock(&vcpu->async_pf.lock); 76 | list_add_tail(&apf->link, &vcpu->async_pf.done); 77 | apf->page = page; 78 | apf->done = true; 79 | spin_unlock(&vcpu->async_pf.lock); 80 | 81 | /* 82 | * apf may be freed by kvm_check_async_pf_completion() after 83 | * this point 84 | */ 85 | 86 | trace_kvm_async_pf_completed(addr, page, gva); 87 | 88 | if (waitqueue_active(&vcpu->wq)) 89 | wake_up_interruptible(&vcpu->wq); 90 | 91 | mmdrop(mm); 92 | kvm_put_kvm(vcpu->kvm); 93 | } 94 | 95 | void kvm_clear_async_pf_completion_queue(struct kvm_vcpu *vcpu) 96 | { 97 | /* cancel outstanding work queue item */ 98 | while (!list_empty(&vcpu->async_pf.queue)) { 99 | struct kvm_async_pf *work = 100 | list_entry(vcpu->async_pf.queue.next, 101 | typeof(*work), queue); 102 | cancel_work_sync(&work->work); 103 | list_del(&work->queue); 104 | if (!work->done) /* work was canceled */ 105 | kmem_cache_free(async_pf_cache, work); 106 | } 107 | 108 | spin_lock(&vcpu->async_pf.lock); 109 | while (!list_empty(&vcpu->async_pf.done)) { 110 | struct kvm_async_pf *work = 111 | list_entry(vcpu->async_pf.done.next, 112 | typeof(*work), link); 113 | list_del(&work->link); 114 | if (work->page) 115 | put_page(work->page); 116 | kmem_cache_free(async_pf_cache, work); 117 | } 118 | spin_unlock(&vcpu->async_pf.lock); 119 | 120 | vcpu->async_pf.queued = 0; 121 | } 122 | 123 | void kvm_check_async_pf_completion(struct kvm_vcpu *vcpu) 124 | { 125 | struct kvm_async_pf *work; 126 | 127 | while (!list_empty_careful(&vcpu->async_pf.done) && 128 | kvm_arch_can_inject_async_page_present(vcpu)) { 129 | spin_lock(&vcpu->async_pf.lock); 130 | work = list_first_entry(&vcpu->async_pf.done, typeof(*work), 131 | link); 132 | list_del(&work->link); 133 | spin_unlock(&vcpu->async_pf.lock); 134 | 135 | if (work->page) 136 | kvm_arch_async_page_ready(vcpu, work); 137 | kvm_arch_async_page_present(vcpu, work); 138 | 139 | list_del(&work->queue); 140 | vcpu->async_pf.queued--; 141 | if (work->page) 142 | put_page(work->page); 143 | kmem_cache_free(async_pf_cache, work); 144 | } 145 | } 146 | 147 | int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn, 148 | struct kvm_arch_async_pf *arch) 149 | { 150 | struct kvm_async_pf *work; 151 | 152 | if (vcpu->async_pf.queued >= ASYNC_PF_PER_VCPU) 153 | return 0; 154 | 155 | /* setup delayed work */ 156 | 157 | /* 158 | * do alloc nowait since if we are going to sleep anyway we 159 | * may as well sleep faulting in page 160 | */ 161 | work = kmem_cache_zalloc(async_pf_cache, GFP_NOWAIT); 162 | if (!work) 163 | return 0; 164 | 165 | work->page = NULL; 166 | work->done = false; 167 | work->vcpu = vcpu; 168 | work->gva = gva; 169 | work->addr = gfn_to_hva(vcpu->kvm, gfn); 170 | work->arch = *arch; 171 | work->mm = current->mm; 172 | atomic_inc(&work->mm->mm_count); 173 | kvm_get_kvm(work->vcpu->kvm); 174 | 175 | /* this can't really happen otherwise gfn_to_pfn_async 176 | would succeed */ 177 | if (unlikely(kvm_is_error_hva(work->addr))) 178 | goto retry_sync; 179 | 180 | INIT_WORK(&work->work, async_pf_execute); 181 | if (!schedule_work(&work->work)) 182 | goto retry_sync; 183 | 184 | list_add_tail(&work->queue, &vcpu->async_pf.queue); 185 | vcpu->async_pf.queued++; 186 | kvm_arch_async_page_not_present(vcpu, work); 187 | return 1; 188 | retry_sync: 189 | kvm_put_kvm(work->vcpu->kvm); 190 | mmdrop(work->mm); 191 | kmem_cache_free(async_pf_cache, work); 192 | return 0; 193 | } 194 | 195 | int kvm_async_pf_wakeup_all(struct kvm_vcpu *vcpu) 196 | { 197 | struct kvm_async_pf *work; 198 | 199 | if (!list_empty_careful(&vcpu->async_pf.done)) 200 | return 0; 201 | 202 | work = kmem_cache_zalloc(async_pf_cache, GFP_ATOMIC); 203 | if (!work) 204 | return -ENOMEM; 205 | 206 | work->page = bad_page; 207 | get_page(bad_page); 208 | INIT_LIST_HEAD(&work->queue); /* for list_del to work */ 209 | 210 | spin_lock(&vcpu->async_pf.lock); 211 | list_add_tail(&work->link, &vcpu->async_pf.done); 212 | spin_unlock(&vcpu->async_pf.lock); 213 | 214 | vcpu->async_pf.queued++; 215 | return 0; 216 | } 217 | -------------------------------------------------------------------------------- /small/salt/master: -------------------------------------------------------------------------------- 1 | ##### Primary configuration settings ##### 2 | ########################################## 3 | # The address of the interface to bind to 4 | #interface: 0.0.0.0 5 | 6 | # The port used by the publisher 7 | #publish_port: 4505 8 | 9 | # The number of worker threads to start, these threads are used to manage 10 | # return calls made from minions to the master, if the master seems to be 11 | # running slowly, increase the number of threads 12 | #worker_threads: 5 13 | 14 | # The port used by the communication interface 15 | #ret_port: 4506 16 | 17 | # The root directory prepended to these options: pki_dir, cachedir, log_file. 18 | #root_dir: / 19 | 20 | # Directory used to store public key data 21 | #pki_dir: /etc/salt/pki 22 | 23 | # Directory to store job and cache data 24 | #cachedir: /var/cache/salt 25 | 26 | # Set the number of hours to keep old job information 27 | #keep_jobs: 24 28 | 29 | # Set the directory used to hold unix sockets 30 | #sock_dir: /tmp/salt-unix 31 | 32 | ##### Security settings ##### 33 | ########################################## 34 | # Enable "open mode", this mode still maintains encryption, but turns off 35 | # authentication, this is only intended for highly secure environments or for 36 | # the situation where your keys end up in a bad state. If you run in open more 37 | # you do so at your own risk! 38 | #open_mode: False 39 | 40 | # Enable auto_accept, this setting will automatically accept all incoming 41 | # public keys from the minions 42 | #auto_accept: False 43 | 44 | ##### State System settings ##### 45 | ########################################## 46 | # The state system uses a "top" file to tell the minions what environment to 47 | # use and what modules to use. The state_top file is defined relative to the 48 | # root of the base environment 49 | #state_top: top.yml 50 | # 51 | # The renderer to use on the minions to render the state data 52 | #renderer: yaml_jinja 53 | 54 | ##### File Server settings ##### 55 | ########################################## 56 | # Salt runs a lightweight file server written in zeromq to deliver files to 57 | # minions. This file server is built into the master daemon and does not 58 | # require a dedicated port. 59 | 60 | # The file server works on environments passed to the master, each environment 61 | # can have multiple root directories, the subdirectories in the multiple file 62 | # roots cannot match, otherwise the downloaded files will not be able to be 63 | # reliably ensured. A base environment is required to house the top file 64 | # Example: 65 | # file_roots: 66 | # base: 67 | # - /srv/salt/ 68 | # dev: 69 | # - /srv/salt/dev/services 70 | # - /srv/salt/dev/states 71 | # prod: 72 | # - /srv/salt/prod/services 73 | # - /srv/salt/prod/states 74 | # 75 | # Default: 76 | #file_roots: 77 | # base: 78 | # - /srv/salt 79 | 80 | # The hash_type is the hash to use when discovering the hash of a file on 81 | # the master server, the default is md5, but sha1, sha224, sha256, sha384 82 | # and sha512 are also supported. 83 | #hash_type: md5 84 | 85 | # The buffer size in the file server can be adjusted here: 86 | #file_buffer_size: 1048576 87 | 88 | ##### Syndic settings ##### 89 | ########################################## 90 | # The Salt syndic is used to pass commands through a master from a higher 91 | # master. Using the syndic is simple, if this is a master that will have 92 | # syndic servers(s) below it set the "order_masters" setting to True, if this 93 | # is a master that will be running a syndic daemon for passthrough the 94 | # "syndic_master" setting needs to be set to the location of the master server 95 | # to recieve commands from 96 | # 97 | # Set the order_masters setting to True if this master will command lower 98 | # masters' syndic interfaces 99 | #order_masters: False 100 | # 101 | # If this master will be running a salt syndic daemon, then the syndic needs 102 | # to know where the master it is recieving commands from is, set it with the 103 | # syndic_master value 104 | syndic_master: salt-lord 105 | 106 | ##### Peer Publish settings ##### 107 | ########################################## 108 | # Salt minions can send commands to other minions, but only if the minion is 109 | # allowed to. By default "Peer Publication" is disabled, and when enabled it 110 | # is enabled for specific minions and specific commands. This allows secure 111 | # compartmentalization of commands based on individual minions. 112 | # 113 | # The configuration uses regular expressions to match minions and then a list 114 | # of regular expressions to match functions, the following will allow the 115 | # minion authenticated as foo.example.com to execute functions from the test 116 | # and pkg modules 117 | # peer: 118 | # foo.example.com: 119 | # - test.* 120 | # - pkg.* 121 | # 122 | # This will allow all minions to execute all commands: 123 | # peer: 124 | # .*: 125 | # - .* 126 | # This is not recomanded, since it would allow anyone who gets root on any 127 | # single minion to instantly have root on all of the minions! 128 | # 129 | 130 | ##### Cluster settings ##### 131 | ########################################## 132 | # Salt supports automatic clustering, salt creates a single ip address which 133 | # is shared among the individual salt components using ucarp. The private key 134 | # and all of the minion keys are maintained across the defined cluster masters 135 | # The failover service is automatically managed via these settings 136 | 137 | # List the identifiers for the other cluster masters in this manner: 138 | # [saltmaster-01.foo.com,saltmaster-02.foo.com,saltmaster-03.foo.com] 139 | # The members of this master array must be running as salt minions to 140 | # facilitate the distribution of cluster information 141 | #cluster_masters: [] 142 | 143 | # The cluster modes are "paranoid" and "full" 144 | # paranoid will only distribute the accepted minion public keys. 145 | # full will also distribute the master private key. 146 | #cluster_mode: paranoid 147 | 148 | 149 | ##### Logging settings ##### 150 | ########################################## 151 | # The location of the master log file 152 | #log_file: /var/log/salt/master 153 | # The level of messages to send to the log file. 154 | # One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'. 155 | # Default: 'warning' 156 | #log_level: warning 157 | # 158 | # Logger levels can be used to tweak specific loggers logging levels. 159 | # Imagine you want to have the salt library at the 'warning' level, but, you 160 | # still wish to have 'salt.modules' at the 'debug' level: 161 | # log_granular_levels: { 162 | # 'salt': 'warning', 163 | # 'salt.modules': 'debug' 164 | # } 165 | # 166 | #log_granular_levels: {} 167 | -------------------------------------------------------------------------------- /small/fail2ban/jail.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file. 2 | # 3 | # This file was composed for Debian systems from the original one 4 | # provided now under /usr/share/doc/fail2ban/examples/jail.conf 5 | # for additional examples. 6 | # 7 | # To avoid merges during upgrades DO NOT MODIFY THIS FILE 8 | # and rather provide your changes in /etc/fail2ban/jail.local 9 | # 10 | # Author: Yaroslav O. Halchenko 11 | # 12 | # $Revision: 281 $ 13 | # 14 | 15 | # The DEFAULT allows a global definition of the options. They can be overridden 16 | # in each jail afterwards. 17 | 18 | [DEFAULT] 19 | 20 | # "ignoreip" can be an IP address, a CIDR mask or a DNS host 21 | ignoreip = 127.0.0.1/8 22 | bantime = 7200 23 | maxretry = 3 24 | 25 | # "backend" specifies the backend used to get files modification. Available 26 | # options are "gamin", "polling" and "auto". 27 | # yoh: For some reason Debian shipped python-gamin didn't work as expected 28 | # This issue left ToDo, so polling is default backend for now 29 | backend = auto 30 | 31 | # 32 | # Destination email address used solely for the interpolations in 33 | # jail.{conf,local} configuration files. 34 | destemail = root@localhost 35 | 36 | # 37 | # ACTIONS 38 | # 39 | 40 | # Default banning action (e.g. iptables, iptables-new, 41 | # iptables-multiport, shorewall, etc) It is used to define 42 | # action_* variables. Can be overridden globally or per 43 | # section within jail.local file 44 | banaction = iptables-multiport 45 | 46 | # email action. Since 0.8.1 upstream fail2ban uses sendmail 47 | # MTA for the mailing. Change mta configuration parameter to mail 48 | # if you want to revert to conventional 'mail'. 49 | mta = sendmail 50 | 51 | # Default protocol 52 | protocol = tcp 53 | 54 | # Specify chain where jumps would need to be added in iptables-* actions 55 | chain = INPUT 56 | 57 | # 58 | # Action shortcuts. To be used to define action parameter 59 | 60 | # The simplest action to take: ban only 61 | action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 62 | 63 | # ban & send an e-mail with whois report to the destemail. 64 | action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 65 | %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] 66 | 67 | # ban & send an e-mail with whois report and relevant log lines 68 | # to the destemail. 69 | action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 70 | %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] 71 | 72 | # Choose default action. To change, just override value of 'action' with the 73 | # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local 74 | # globally (section [DEFAULT]) or per specific section 75 | action = %(action_)s 76 | 77 | # 78 | # JAILS 79 | # 80 | 81 | # Next jails corresponds to the standard configuration in Fail2ban 0.6 which 82 | # was shipped in Debian. Enable any defined here jail by including 83 | # 84 | # [SECTION_NAME] 85 | # enabled = true 86 | 87 | # 88 | # in /etc/fail2ban/jail.local. 89 | # 90 | # Optionally you may override any other parameter (e.g. banaction, 91 | # action, port, logpath, etc) in that section within jail.local 92 | 93 | [ssh] 94 | 95 | enabled = true 96 | port = ssh 97 | filter = sshd 98 | logpath = /var/log/auth.log 99 | #maxretry = 6 100 | maxretry = 2 101 | 102 | [dropbear] 103 | 104 | enabled = false 105 | port = ssh 106 | filter = sshd 107 | logpath = /var/log/dropbear 108 | maxretry = 6 109 | 110 | # Generic filter for pam. Has to be used with action which bans all ports 111 | # such as iptables-allports, shorewall 112 | [pam-generic] 113 | 114 | enabled = false 115 | # pam-generic filter can be customized to monitor specific subset of 'tty's 116 | filter = pam-generic 117 | # port actually must be irrelevant but lets leave it all for some possible uses 118 | port = all 119 | banaction = iptables-allports 120 | port = anyport 121 | logpath = /var/log/auth.log 122 | maxretry = 6 123 | 124 | [xinetd-fail] 125 | 126 | enabled = false 127 | filter = xinetd-fail 128 | port = all 129 | banaction = iptables-multiport-log 130 | logpath = /var/log/daemon.log 131 | maxretry = 2 132 | 133 | 134 | [ssh-ddos] 135 | 136 | enabled = false 137 | port = ssh 138 | filter = sshd-ddos 139 | logpath = /var/log/auth.log 140 | maxretry = 6 141 | 142 | # 143 | # HTTP servers 144 | # 145 | 146 | [apache] 147 | 148 | enabled = false 149 | port = http,https 150 | filter = apache-auth 151 | logpath = /var/log/apache*/*error.log 152 | maxretry = 6 153 | 154 | # default action is now multiport, so apache-multiport jail was left 155 | # for compatibility with previous (<0.7.6-2) releases 156 | [apache-multiport] 157 | 158 | enabled = false 159 | port = http,https 160 | filter = apache-auth 161 | logpath = /var/log/apache*/*error.log 162 | maxretry = 6 163 | 164 | [apache-noscript] 165 | 166 | enabled = false 167 | port = http,https 168 | filter = apache-noscript 169 | logpath = /var/log/apache*/*error.log 170 | maxretry = 6 171 | 172 | [apache-overflows] 173 | 174 | enabled = false 175 | port = http,https 176 | filter = apache-overflows 177 | logpath = /var/log/apache*/*error.log 178 | maxretry = 2 179 | 180 | # 181 | # FTP servers 182 | # 183 | 184 | [vsftpd] 185 | 186 | enabled = false 187 | port = ftp,ftp-data,ftps,ftps-data 188 | filter = vsftpd 189 | logpath = /var/log/vsftpd.log 190 | # or overwrite it in jails.local to be 191 | # logpath = /var/log/auth.log 192 | # if you want to rely on PAM failed login attempts 193 | # vsftpd's failregex should match both of those formats 194 | maxretry = 6 195 | 196 | 197 | [proftpd] 198 | 199 | enabled = false 200 | port = ftp,ftp-data,ftps,ftps-data 201 | filter = proftpd 202 | logpath = /var/log/proftpd/proftpd.log 203 | maxretry = 6 204 | 205 | 206 | [wuftpd] 207 | 208 | enabled = false 209 | port = ftp,ftp-data,ftps,ftps-data 210 | filter = wuftpd 211 | logpath = /var/log/auth.log 212 | maxretry = 6 213 | 214 | 215 | # 216 | # Mail servers 217 | # 218 | 219 | [postfix] 220 | 221 | enabled = false 222 | port = smtp,ssmtp 223 | filter = postfix 224 | logpath = /var/log/mail.log 225 | 226 | 227 | [couriersmtp] 228 | 229 | enabled = false 230 | port = smtp,ssmtp 231 | filter = couriersmtp 232 | logpath = /var/log/mail.log 233 | 234 | 235 | # 236 | # Mail servers authenticators: might be used for smtp,ftp,imap servers, so 237 | # all relevant ports get banned 238 | # 239 | 240 | [courierauth] 241 | 242 | enabled = false 243 | port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s 244 | filter = courierlogin 245 | logpath = /var/log/mail.log 246 | 247 | 248 | [sasl] 249 | 250 | enabled = false 251 | port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s 252 | filter = sasl 253 | # You might consider monitoring /var/log/mail.warn instead if you are 254 | # running postfix since it would provide the same log lines at the 255 | # "warn" level but overall at the smaller filesize. 256 | logpath = /var/log/mail.log 257 | 258 | 259 | # DNS Servers 260 | 261 | 262 | # These jails block attacks against named (bind9). By default, logging is off 263 | # with bind9 installation. You will need something like this: 264 | # 265 | # logging { 266 | # channel security_file { 267 | # file "/var/log/named/security.log" versions 3 size 30m; 268 | # severity dynamic; 269 | # print-time yes; 270 | # }; 271 | # category security { 272 | # security_file; 273 | # }; 274 | # }; 275 | # 276 | # in your named.conf to provide proper logging 277 | 278 | # !!! WARNING !!! 279 | # Since UDP is connection-less protocol, spoofing of IP and imitation 280 | # of illegal actions is way too simple. Thus enabling of this filter 281 | # might provide an easy way for implementing a DoS against a chosen 282 | # victim. See 283 | # http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html 284 | # Please DO NOT USE this jail unless you know what you are doing. 285 | #[named-refused-udp] 286 | # 287 | #enabled = false 288 | #port = domain,953 289 | #protocol = udp 290 | #filter = named-refused 291 | #logpath = /var/log/named/security.log 292 | 293 | [named-refused-tcp] 294 | 295 | enabled = false 296 | port = domain,953 297 | protocol = tcp 298 | filter = named-refused 299 | logpath = /var/log/named/security.log 300 | 301 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/iommu.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006, Intel Corporation. 3 | * 4 | * This program is free software; you can redistribute it and/or modify it 5 | * under the terms and conditions of the GNU General Public License, 6 | * version 2, as published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope it will be useful, but WITHOUT 9 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 11 | * more details. 12 | * 13 | * You should have received a copy of the GNU General Public License along with 14 | * this program; if not, write to the Free Software Foundation, Inc., 59 Temple 15 | * Place - Suite 330, Boston, MA 02111-1307 USA. 16 | * 17 | * Copyright (C) 2006-2008 Intel Corporation 18 | * Copyright IBM Corporation, 2008 19 | * Copyright 2010 Red Hat, Inc. and/or its affiliates. 20 | * 21 | * Author: Allen M. Kay 22 | * Author: Weidong Han 23 | * Author: Ben-Ami Yassour 24 | */ 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | static int kvm_iommu_unmap_memslots(struct kvm *kvm); 34 | static void kvm_iommu_put_pages(struct kvm *kvm, 35 | gfn_t base_gfn, unsigned long npages); 36 | 37 | static pfn_t kvm_pin_pages(struct kvm *kvm, struct kvm_memory_slot *slot, 38 | gfn_t gfn, unsigned long size) 39 | { 40 | gfn_t end_gfn; 41 | pfn_t pfn; 42 | 43 | pfn = gfn_to_pfn_memslot(kvm, slot, gfn); 44 | end_gfn = gfn + (size >> PAGE_SHIFT); 45 | gfn += 1; 46 | 47 | if (is_error_pfn(pfn)) 48 | return pfn; 49 | 50 | while (gfn < end_gfn) 51 | gfn_to_pfn_memslot(kvm, slot, gfn++); 52 | 53 | return pfn; 54 | } 55 | 56 | int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) 57 | { 58 | gfn_t gfn, end_gfn; 59 | pfn_t pfn; 60 | int r = 0; 61 | struct iommu_domain *domain = kvm->arch.iommu_domain; 62 | int flags; 63 | 64 | /* check if iommu exists and in use */ 65 | if (!domain) 66 | return 0; 67 | 68 | gfn = slot->base_gfn; 69 | end_gfn = gfn + slot->npages; 70 | 71 | flags = IOMMU_READ | IOMMU_WRITE; 72 | if (kvm->arch.iommu_flags & KVM_IOMMU_CACHE_COHERENCY) 73 | flags |= IOMMU_CACHE; 74 | 75 | 76 | while (gfn < end_gfn) { 77 | unsigned long page_size; 78 | 79 | /* Check if already mapped */ 80 | if (iommu_iova_to_phys(domain, gfn_to_gpa(gfn))) { 81 | gfn += 1; 82 | continue; 83 | } 84 | 85 | /* Get the page size we could use to map */ 86 | page_size = kvm_host_page_size(kvm, gfn); 87 | 88 | /* Make sure the page_size does not exceed the memslot */ 89 | while ((gfn + (page_size >> PAGE_SHIFT)) > end_gfn) 90 | page_size >>= 1; 91 | 92 | /* Make sure gfn is aligned to the page size we want to map */ 93 | while ((gfn << PAGE_SHIFT) & (page_size - 1)) 94 | page_size >>= 1; 95 | 96 | /* 97 | * Pin all pages we are about to map in memory. This is 98 | * important because we unmap and unpin in 4kb steps later. 99 | */ 100 | pfn = kvm_pin_pages(kvm, slot, gfn, page_size); 101 | if (is_error_pfn(pfn)) { 102 | gfn += 1; 103 | continue; 104 | } 105 | 106 | /* Map into IO address space */ 107 | r = iommu_map(domain, gfn_to_gpa(gfn), pfn_to_hpa(pfn), 108 | get_order(page_size), flags); 109 | if (r) { 110 | printk(KERN_ERR "kvm_iommu_map_address:" 111 | "iommu failed to map pfn=%llx\n", pfn); 112 | goto unmap_pages; 113 | } 114 | 115 | gfn += page_size >> PAGE_SHIFT; 116 | 117 | 118 | } 119 | 120 | return 0; 121 | 122 | unmap_pages: 123 | kvm_iommu_put_pages(kvm, slot->base_gfn, gfn); 124 | return r; 125 | } 126 | 127 | static int kvm_iommu_map_memslots(struct kvm *kvm) 128 | { 129 | int i, idx, r = 0; 130 | struct kvm_memslots *slots; 131 | 132 | idx = srcu_read_lock(&kvm->srcu); 133 | slots = kvm_memslots(kvm); 134 | 135 | for (i = 0; i < slots->nmemslots; i++) { 136 | r = kvm_iommu_map_pages(kvm, &slots->memslots[i]); 137 | if (r) 138 | break; 139 | } 140 | srcu_read_unlock(&kvm->srcu, idx); 141 | 142 | return r; 143 | } 144 | 145 | int kvm_assign_device(struct kvm *kvm, 146 | struct kvm_assigned_dev_kernel *assigned_dev) 147 | { 148 | struct pci_dev *pdev = NULL; 149 | struct iommu_domain *domain = kvm->arch.iommu_domain; 150 | int r, last_flags; 151 | 152 | /* check if iommu exists and in use */ 153 | if (!domain) 154 | return 0; 155 | 156 | pdev = assigned_dev->dev; 157 | if (pdev == NULL) 158 | return -ENODEV; 159 | 160 | r = iommu_attach_device(domain, &pdev->dev); 161 | if (r) { 162 | printk(KERN_ERR "assign device %x:%x:%x.%x failed", 163 | pci_domain_nr(pdev->bus), 164 | pdev->bus->number, 165 | PCI_SLOT(pdev->devfn), 166 | PCI_FUNC(pdev->devfn)); 167 | return r; 168 | } 169 | 170 | last_flags = kvm->arch.iommu_flags; 171 | if (iommu_domain_has_cap(kvm->arch.iommu_domain, 172 | IOMMU_CAP_CACHE_COHERENCY)) 173 | kvm->arch.iommu_flags |= KVM_IOMMU_CACHE_COHERENCY; 174 | 175 | /* Check if need to update IOMMU page table for guest memory */ 176 | if ((last_flags ^ kvm->arch.iommu_flags) == 177 | KVM_IOMMU_CACHE_COHERENCY) { 178 | kvm_iommu_unmap_memslots(kvm); 179 | r = kvm_iommu_map_memslots(kvm); 180 | if (r) 181 | goto out_unmap; 182 | } 183 | 184 | printk(KERN_DEBUG "assign device %x:%x:%x.%x\n", 185 | assigned_dev->host_segnr, 186 | assigned_dev->host_busnr, 187 | PCI_SLOT(assigned_dev->host_devfn), 188 | PCI_FUNC(assigned_dev->host_devfn)); 189 | 190 | return 0; 191 | out_unmap: 192 | kvm_iommu_unmap_memslots(kvm); 193 | return r; 194 | } 195 | 196 | int kvm_deassign_device(struct kvm *kvm, 197 | struct kvm_assigned_dev_kernel *assigned_dev) 198 | { 199 | struct iommu_domain *domain = kvm->arch.iommu_domain; 200 | struct pci_dev *pdev = NULL; 201 | 202 | /* check if iommu exists and in use */ 203 | if (!domain) 204 | return 0; 205 | 206 | pdev = assigned_dev->dev; 207 | if (pdev == NULL) 208 | return -ENODEV; 209 | 210 | iommu_detach_device(domain, &pdev->dev); 211 | 212 | printk(KERN_DEBUG "deassign device %x:%x:%x.%x\n", 213 | assigned_dev->host_segnr, 214 | assigned_dev->host_busnr, 215 | PCI_SLOT(assigned_dev->host_devfn), 216 | PCI_FUNC(assigned_dev->host_devfn)); 217 | 218 | return 0; 219 | } 220 | 221 | int kvm_iommu_map_guest(struct kvm *kvm) 222 | { 223 | int r; 224 | 225 | if (!iommu_found()) { 226 | printk(KERN_ERR "%s: iommu not found\n", __func__); 227 | return -ENODEV; 228 | } 229 | 230 | kvm->arch.iommu_domain = iommu_domain_alloc(); 231 | if (!kvm->arch.iommu_domain) 232 | return -ENOMEM; 233 | 234 | r = kvm_iommu_map_memslots(kvm); 235 | if (r) 236 | goto out_unmap; 237 | 238 | return 0; 239 | 240 | out_unmap: 241 | kvm_iommu_unmap_memslots(kvm); 242 | return r; 243 | } 244 | 245 | static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages) 246 | { 247 | unsigned long i; 248 | 249 | for (i = 0; i < npages; ++i) 250 | kvm_release_pfn_clean(pfn + i); 251 | } 252 | 253 | static void kvm_iommu_put_pages(struct kvm *kvm, 254 | gfn_t base_gfn, unsigned long npages) 255 | { 256 | struct iommu_domain *domain; 257 | gfn_t end_gfn, gfn; 258 | pfn_t pfn; 259 | u64 phys; 260 | 261 | domain = kvm->arch.iommu_domain; 262 | end_gfn = base_gfn + npages; 263 | gfn = base_gfn; 264 | 265 | /* check if iommu exists and in use */ 266 | if (!domain) 267 | return; 268 | 269 | while (gfn < end_gfn) { 270 | unsigned long unmap_pages; 271 | int order; 272 | 273 | /* Get physical address */ 274 | phys = iommu_iova_to_phys(domain, gfn_to_gpa(gfn)); 275 | pfn = phys >> PAGE_SHIFT; 276 | 277 | /* Unmap address from IO address space */ 278 | order = iommu_unmap(domain, gfn_to_gpa(gfn), 0); 279 | unmap_pages = 1ULL << order; 280 | 281 | /* Unpin all pages we just unmapped to not leak any memory */ 282 | kvm_unpin_pages(kvm, pfn, unmap_pages); 283 | 284 | gfn += unmap_pages; 285 | } 286 | } 287 | 288 | static int kvm_iommu_unmap_memslots(struct kvm *kvm) 289 | { 290 | int i, idx; 291 | struct kvm_memslots *slots; 292 | 293 | idx = srcu_read_lock(&kvm->srcu); 294 | slots = kvm_memslots(kvm); 295 | 296 | for (i = 0; i < slots->nmemslots; i++) { 297 | kvm_iommu_put_pages(kvm, slots->memslots[i].base_gfn, 298 | slots->memslots[i].npages); 299 | } 300 | srcu_read_unlock(&kvm->srcu, idx); 301 | 302 | return 0; 303 | } 304 | 305 | int kvm_iommu_unmap_guest(struct kvm *kvm) 306 | { 307 | struct iommu_domain *domain = kvm->arch.iommu_domain; 308 | 309 | /* check if iommu exists and in use */ 310 | if (!domain) 311 | return 0; 312 | 313 | kvm_iommu_unmap_memslots(kvm); 314 | iommu_domain_free(domain); 315 | return 0; 316 | } 317 | -------------------------------------------------------------------------------- /openstack/glance/glance-api.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Show more verbose log output (sets INFO log level output) 3 | verbose = True 4 | 5 | # Show debugging output in logs (sets DEBUG log level output) 6 | debug = False 7 | 8 | # Which backend store should Glance use by default is not specified 9 | # in a request to add a new image to Glance? Default: 'file' 10 | # Available choices are 'file', 'swift', and 's3' 11 | default_store = file 12 | 13 | # Address to bind the API server 14 | bind_host = 0.0.0.0 15 | 16 | # Port the bind the API server to 17 | bind_port = 9292 18 | 19 | # Log to this file. Make sure you do not set the same log 20 | # file for both the API and registry servers! 21 | log_file = /var/log/glance/api.log 22 | 23 | # Backlog requests when creating socket 24 | backlog = 4096 25 | 26 | # Number of Glance API worker processes to start. 27 | # On machines with more than one CPU increasing this value 28 | # may improve performance (especially if using SSL with 29 | # compression turned on). It is typically recommended to set 30 | # this value to the number of CPUs present on your machine. 31 | workers = 0 32 | 33 | # Role used to identify an authenticated user as administrator 34 | #admin_role = admin 35 | 36 | # ================= Syslog Options ============================ 37 | 38 | # Send logs to syslog (/dev/log) instead of to file specified 39 | # by `log_file` 40 | use_syslog = False 41 | 42 | # Facility to use. If unset defaults to LOG_USER. 43 | # syslog_log_facility = LOG_LOCAL0 44 | 45 | # ================= SSL Options =============================== 46 | 47 | # Certificate file to use when starting API server securely 48 | # cert_file = /path/to/certfile 49 | 50 | # Private key file to use when starting API server securely 51 | # key_file = /path/to/keyfile 52 | 53 | # ================= Security Options ========================== 54 | 55 | # AES key for encrypting store 'location' metadata, including 56 | # -- if used -- Swift or S3 credentials 57 | # Should be set to a random string of length 16, 24 or 32 bytes 58 | # metadata_encryption_key = <16, 24 or 32 char registry metadata key> 59 | 60 | # ============ Registry Options =============================== 61 | 62 | # Address to find the registry server 63 | registry_host = 0.0.0.0 64 | 65 | # Port the registry server is listening on 66 | registry_port = 9191 67 | 68 | # What protocol to use when connecting to the registry server? 69 | # Set to https for secure HTTP communication 70 | registry_client_protocol = http 71 | 72 | # The path to the key file to use in SSL connections to the 73 | # registry server, if any. Alternately, you may set the 74 | # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file 75 | # registry_client_key_file = /path/to/key/file 76 | 77 | # The path to the cert file to use in SSL connections to the 78 | # registry server, if any. Alternately, you may set the 79 | # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file 80 | # registry_client_cert_file = /path/to/cert/file 81 | 82 | # The path to the certifying authority cert file to use in SSL connections 83 | # to the registry server, if any. Alternately, you may set the 84 | # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file 85 | # registry_client_ca_file = /path/to/ca/file 86 | 87 | # ============ Notification System Options ===================== 88 | 89 | # Notifications can be sent when images are create, updated or deleted. 90 | # There are three methods of sending notifications, logging (via the 91 | # log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid 92 | # message queue), or noop (no notifications sent, the default) 93 | notifier_strategy = noop 94 | 95 | # Configuration options if sending notifications via rabbitmq (these are 96 | # the defaults) 97 | rabbit_host = localhost 98 | rabbit_port = 5672 99 | rabbit_use_ssl = false 100 | rabbit_userid = guest 101 | rabbit_password = guest 102 | rabbit_virtual_host = / 103 | rabbit_notification_exchange = glance 104 | rabbit_notification_topic = glance_notifications 105 | 106 | # Configuration options if sending notifications via Qpid (these are 107 | # the defaults) 108 | qpid_notification_exchange = glance 109 | qpid_notification_topic = glance_notifications 110 | qpid_host = localhost 111 | qpid_port = 5672 112 | qpid_username = 113 | qpid_password = 114 | qpid_sasl_mechanisms = 115 | qpid_reconnect_timeout = 0 116 | qpid_reconnect_limit = 0 117 | qpid_reconnect_interval_min = 0 118 | qpid_reconnect_interval_max = 0 119 | qpid_reconnect_interval = 0 120 | qpid_heartbeat = 5 121 | # Set to 'ssl' to enable SSL 122 | qpid_protocol = tcp 123 | qpid_tcp_nodelay = True 124 | 125 | # ============ Filesystem Store Options ======================== 126 | 127 | # Directory that the Filesystem backend store 128 | # writes image data to 129 | filesystem_store_datadir = /var/lib/glance/images/ 130 | 131 | # ============ Swift Store Options ============================= 132 | 133 | # Version of the authentication service to use 134 | # Valid versions are '2' for keystone and '1' for swauth and rackspace 135 | swift_store_auth_version = 2 136 | 137 | # Address where the Swift authentication service lives 138 | # Valid schemes are 'http://' and 'https://' 139 | # If no scheme specified, default to 'https://' 140 | # For swauth, use something like '127.0.0.1:8080/v1.0/' 141 | swift_store_auth_address = 127.0.0.1:35357/v2.0/ 142 | 143 | # User to authenticate against the Swift authentication service 144 | # If you use Swift authentication service, set it to 'account':'user' 145 | # where 'account' is a Swift storage account and 'user' 146 | # is a user in that account 147 | swift_store_user = jdoe:jdoe 148 | 149 | # Auth key for the user authenticating against the 150 | # Swift authentication service 151 | swift_store_key = a86850deb2742ec3cb41518e26aa2d89 152 | 153 | # Container within the account that the account should use 154 | # for storing images in Swift 155 | swift_store_container = glance 156 | 157 | # Do we create the container if it does not exist? 158 | swift_store_create_container_on_put = False 159 | 160 | # What size, in MB, should Glance start chunking image files 161 | # and do a large object manifest in Swift? By default, this is 162 | # the maximum object size in Swift, which is 5GB 163 | swift_store_large_object_size = 5120 164 | 165 | # When doing a large object manifest, what size, in MB, should 166 | # Glance write chunks to Swift? This amount of data is written 167 | # to a temporary disk buffer during the process of chunking 168 | # the image file, and the default is 200MB 169 | swift_store_large_object_chunk_size = 200 170 | 171 | # Whether to use ServiceNET to communicate with the Swift storage servers. 172 | # (If you aren't RACKSPACE, leave this False!) 173 | # 174 | # To use ServiceNET for authentication, prefix hostname of 175 | # `swift_store_auth_address` with 'snet-'. 176 | # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ 177 | swift_enable_snet = False 178 | 179 | # ============ S3 Store Options ============================= 180 | 181 | # Address where the S3 authentication service lives 182 | # Valid schemes are 'http://' and 'https://' 183 | # If no scheme specified, default to 'http://' 184 | s3_store_host = 127.0.0.1:8080/v1.0/ 185 | 186 | # User to authenticate against the S3 authentication service 187 | s3_store_access_key = <20-char AWS access key> 188 | 189 | # Auth key for the user authenticating against the 190 | # S3 authentication service 191 | s3_store_secret_key = <40-char AWS secret key> 192 | 193 | # Container within the account that the account should use 194 | # for storing images in S3. Note that S3 has a flat namespace, 195 | # so you need a unique bucket name for your glance images. An 196 | # easy way to do this is append your AWS access key to "glance". 197 | # S3 buckets in AWS *must* be lowercased, so remember to lowercase 198 | # your AWS access key if you use it in your bucket name below! 199 | s3_store_bucket = glance 200 | 201 | # Do we create the bucket if it does not exist? 202 | s3_store_create_bucket_on_put = False 203 | 204 | # When sending images to S3, the data will first be written to a 205 | # temporary buffer on disk. By default the platform's temporary directory 206 | # will be used. If required, an alternative directory can be specified here. 207 | # s3_store_object_buffer_dir = /path/to/dir 208 | 209 | # ============ RBD Store Options ============================= 210 | 211 | # Ceph configuration file path 212 | # If using cephx authentication, this file should 213 | # include a reference to the right keyring 214 | # in a client. section 215 | rbd_store_ceph_conf = /etc/ceph/ceph.conf 216 | 217 | # RADOS user to authenticate as (only applicable if using cephx) 218 | rbd_store_user = glance 219 | 220 | # RADOS pool in which images are stored 221 | rbd_store_pool = images 222 | 223 | # Images will be chunked into objects of this size (in megabytes). 224 | # For best performance, this should be a power of two 225 | rbd_store_chunk_size = 8 226 | 227 | # ============ Delayed Delete Options ============================= 228 | 229 | # Turn on/off delayed delete 230 | delayed_delete = False 231 | 232 | # Delayed delete time in seconds 233 | scrub_time = 43200 234 | 235 | # Directory that the scrubber will use to remind itself of what to delete 236 | # Make sure this is also set in glance-scrubber.conf 237 | scrubber_datadir = /var/lib/glance/scrubber 238 | 239 | # =============== Image Cache Options ============================= 240 | 241 | # Base directory that the Image Cache uses 242 | image_cache_dir = /var/lib/glance/image-cache/ 243 | 244 | 245 | [paste_deploy] 246 | flavor = keystone 247 | -------------------------------------------------------------------------------- /small/recurse/linux/virt/kvm/ioapic.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2001 MandrakeSoft S.A. 3 | * Copyright 2010 Red Hat, Inc. and/or its affiliates. 4 | * 5 | * MandrakeSoft S.A. 6 | * 43, rue d'Aboukir 7 | * 75002 Paris - France 8 | * http://www.linux-mandrake.com/ 9 | * http://www.mandrakesoft.com/ 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24 | * 25 | * Yunhong Jiang 26 | * Yaozu (Eddie) Dong 27 | * Based on Xen 3.1 code. 28 | */ 29 | 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | 43 | #include "ioapic.h" 44 | #include "lapic.h" 45 | #include "irq.h" 46 | 47 | #if 0 48 | #define ioapic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) 49 | #else 50 | #define ioapic_debug(fmt, arg...) 51 | #endif 52 | static int ioapic_deliver(struct kvm_ioapic *vioapic, int irq); 53 | 54 | static unsigned long ioapic_read_indirect(struct kvm_ioapic *ioapic, 55 | unsigned long addr, 56 | unsigned long length) 57 | { 58 | unsigned long result = 0; 59 | 60 | switch (ioapic->ioregsel) { 61 | case IOAPIC_REG_VERSION: 62 | result = ((((IOAPIC_NUM_PINS - 1) & 0xff) << 16) 63 | | (IOAPIC_VERSION_ID & 0xff)); 64 | break; 65 | 66 | case IOAPIC_REG_APIC_ID: 67 | case IOAPIC_REG_ARB_ID: 68 | result = ((ioapic->id & 0xf) << 24); 69 | break; 70 | 71 | default: 72 | { 73 | u32 redir_index = (ioapic->ioregsel - 0x10) >> 1; 74 | u64 redir_content; 75 | 76 | ASSERT(redir_index < IOAPIC_NUM_PINS); 77 | 78 | redir_content = ioapic->redirtbl[redir_index].bits; 79 | result = (ioapic->ioregsel & 0x1) ? 80 | (redir_content >> 32) & 0xffffffff : 81 | redir_content & 0xffffffff; 82 | break; 83 | } 84 | } 85 | 86 | return result; 87 | } 88 | 89 | static int ioapic_service(struct kvm_ioapic *ioapic, unsigned int idx) 90 | { 91 | union kvm_ioapic_redirect_entry *pent; 92 | int injected = -1; 93 | 94 | pent = &ioapic->redirtbl[idx]; 95 | 96 | if (!pent->fields.mask) { 97 | injected = ioapic_deliver(ioapic, idx); 98 | if (injected && pent->fields.trig_mode == IOAPIC_LEVEL_TRIG) 99 | pent->fields.remote_irr = 1; 100 | } 101 | 102 | return injected; 103 | } 104 | 105 | static void update_handled_vectors(struct kvm_ioapic *ioapic) 106 | { 107 | DECLARE_BITMAP(handled_vectors, 256); 108 | int i; 109 | 110 | memset(handled_vectors, 0, sizeof(handled_vectors)); 111 | for (i = 0; i < IOAPIC_NUM_PINS; ++i) 112 | __set_bit(ioapic->redirtbl[i].fields.vector, handled_vectors); 113 | memcpy(ioapic->handled_vectors, handled_vectors, 114 | sizeof(handled_vectors)); 115 | smp_wmb(); 116 | } 117 | 118 | static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val) 119 | { 120 | unsigned index; 121 | bool mask_before, mask_after; 122 | union kvm_ioapic_redirect_entry *e; 123 | 124 | switch (ioapic->ioregsel) { 125 | case IOAPIC_REG_VERSION: 126 | /* Writes are ignored. */ 127 | break; 128 | 129 | case IOAPIC_REG_APIC_ID: 130 | ioapic->id = (val >> 24) & 0xf; 131 | break; 132 | 133 | case IOAPIC_REG_ARB_ID: 134 | break; 135 | 136 | default: 137 | index = (ioapic->ioregsel - 0x10) >> 1; 138 | 139 | ioapic_debug("change redir index %x val %x\n", index, val); 140 | if (index >= IOAPIC_NUM_PINS) 141 | return; 142 | e = &ioapic->redirtbl[index]; 143 | mask_before = e->fields.mask; 144 | if (ioapic->ioregsel & 1) { 145 | e->bits &= 0xffffffff; 146 | e->bits |= (u64) val << 32; 147 | } else { 148 | e->bits &= ~0xffffffffULL; 149 | e->bits |= (u32) val; 150 | e->fields.remote_irr = 0; 151 | } 152 | update_handled_vectors(ioapic); 153 | mask_after = e->fields.mask; 154 | if (mask_before != mask_after) 155 | kvm_fire_mask_notifiers(ioapic->kvm, KVM_IRQCHIP_IOAPIC, index, mask_after); 156 | if (e->fields.trig_mode == IOAPIC_LEVEL_TRIG 157 | && ioapic->irr & (1 << index)) 158 | ioapic_service(ioapic, index); 159 | break; 160 | } 161 | } 162 | 163 | static int ioapic_deliver(struct kvm_ioapic *ioapic, int irq) 164 | { 165 | union kvm_ioapic_redirect_entry *entry = &ioapic->redirtbl[irq]; 166 | struct kvm_lapic_irq irqe; 167 | 168 | ioapic_debug("dest=%x dest_mode=%x delivery_mode=%x " 169 | "vector=%x trig_mode=%x\n", 170 | entry->fields.dest_id, entry->fields.dest_mode, 171 | entry->fields.delivery_mode, entry->fields.vector, 172 | entry->fields.trig_mode); 173 | 174 | irqe.dest_id = entry->fields.dest_id; 175 | irqe.vector = entry->fields.vector; 176 | irqe.dest_mode = entry->fields.dest_mode; 177 | irqe.trig_mode = entry->fields.trig_mode; 178 | irqe.delivery_mode = entry->fields.delivery_mode << 8; 179 | irqe.level = 1; 180 | irqe.shorthand = 0; 181 | 182 | #ifdef CONFIG_X86 183 | /* Always delivery PIT interrupt to vcpu 0 */ 184 | if (irq == 0) { 185 | irqe.dest_mode = 0; /* Physical mode. */ 186 | /* need to read apic_id from apic regiest since 187 | * it can be rewritten */ 188 | irqe.dest_id = ioapic->kvm->bsp_vcpu->vcpu_id; 189 | } 190 | #endif 191 | return kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe); 192 | } 193 | 194 | int kvm_ioapic_set_irq(struct kvm_ioapic *ioapic, int irq, int level) 195 | { 196 | u32 old_irr; 197 | u32 mask = 1 << irq; 198 | union kvm_ioapic_redirect_entry entry; 199 | int ret = 1; 200 | 201 | spin_lock(&ioapic->lock); 202 | old_irr = ioapic->irr; 203 | if (irq >= 0 && irq < IOAPIC_NUM_PINS) { 204 | entry = ioapic->redirtbl[irq]; 205 | level ^= entry.fields.polarity; 206 | if (!level) 207 | ioapic->irr &= ~mask; 208 | else { 209 | int edge = (entry.fields.trig_mode == IOAPIC_EDGE_TRIG); 210 | ioapic->irr |= mask; 211 | if ((edge && old_irr != ioapic->irr) || 212 | (!edge && !entry.fields.remote_irr)) 213 | ret = ioapic_service(ioapic, irq); 214 | else 215 | ret = 0; /* report coalesced interrupt */ 216 | } 217 | trace_kvm_ioapic_set_irq(entry.bits, irq, ret == 0); 218 | } 219 | spin_unlock(&ioapic->lock); 220 | 221 | return ret; 222 | } 223 | 224 | static void __kvm_ioapic_update_eoi(struct kvm_ioapic *ioapic, int vector, 225 | int trigger_mode) 226 | { 227 | int i; 228 | 229 | for (i = 0; i < IOAPIC_NUM_PINS; i++) { 230 | union kvm_ioapic_redirect_entry *ent = &ioapic->redirtbl[i]; 231 | 232 | if (ent->fields.vector != vector) 233 | continue; 234 | 235 | /* 236 | * We are dropping lock while calling ack notifiers because ack 237 | * notifier callbacks for assigned devices call into IOAPIC 238 | * recursively. Since remote_irr is cleared only after call 239 | * to notifiers if the same vector will be delivered while lock 240 | * is dropped it will be put into irr and will be delivered 241 | * after ack notifier returns. 242 | */ 243 | spin_unlock(&ioapic->lock); 244 | kvm_notify_acked_irq(ioapic->kvm, KVM_IRQCHIP_IOAPIC, i); 245 | spin_lock(&ioapic->lock); 246 | 247 | if (trigger_mode != IOAPIC_LEVEL_TRIG) 248 | continue; 249 | 250 | ASSERT(ent->fields.trig_mode == IOAPIC_LEVEL_TRIG); 251 | ent->fields.remote_irr = 0; 252 | if (!ent->fields.mask && (ioapic->irr & (1 << i))) 253 | ioapic_service(ioapic, i); 254 | } 255 | } 256 | 257 | void kvm_ioapic_update_eoi(struct kvm *kvm, int vector, int trigger_mode) 258 | { 259 | struct kvm_ioapic *ioapic = kvm->arch.vioapic; 260 | 261 | smp_rmb(); 262 | if (!test_bit(vector, ioapic->handled_vectors)) 263 | return; 264 | spin_lock(&ioapic->lock); 265 | __kvm_ioapic_update_eoi(ioapic, vector, trigger_mode); 266 | spin_unlock(&ioapic->lock); 267 | } 268 | 269 | static inline struct kvm_ioapic *to_ioapic(struct kvm_io_device *dev) 270 | { 271 | return container_of(dev, struct kvm_ioapic, dev); 272 | } 273 | 274 | static inline int ioapic_in_range(struct kvm_ioapic *ioapic, gpa_t addr) 275 | { 276 | return ((addr >= ioapic->base_address && 277 | (addr < ioapic->base_address + IOAPIC_MEM_LENGTH))); 278 | } 279 | 280 | static int ioapic_mmio_read(struct kvm_io_device *this, gpa_t addr, int len, 281 | void *val) 282 | { 283 | struct kvm_ioapic *ioapic = to_ioapic(this); 284 | u32 result; 285 | if (!ioapic_in_range(ioapic, addr)) 286 | return -EOPNOTSUPP; 287 | 288 | ioapic_debug("addr %lx\n", (unsigned long)addr); 289 | ASSERT(!(addr & 0xf)); /* check alignment */ 290 | 291 | addr &= 0xff; 292 | spin_lock(&ioapic->lock); 293 | switch (addr) { 294 | case IOAPIC_REG_SELECT: 295 | result = ioapic->ioregsel; 296 | break; 297 | 298 | case IOAPIC_REG_WINDOW: 299 | result = ioapic_read_indirect(ioapic, addr, len); 300 | break; 301 | 302 | default: 303 | result = 0; 304 | break; 305 | } 306 | spin_unlock(&ioapic->lock); 307 | 308 | switch (len) { 309 | case 8: 310 | *(u64 *) val = result; 311 | break; 312 | case 1: 313 | case 2: 314 | case 4: 315 | memcpy(val, (char *)&result, len); 316 | break; 317 | default: 318 | printk(KERN_WARNING "ioapic: wrong length %d\n", len); 319 | } 320 | return 0; 321 | } 322 | 323 | static int ioapic_mmio_write(struct kvm_io_device *this, gpa_t addr, int len, 324 | const void *val) 325 | { 326 | struct kvm_ioapic *ioapic = to_ioapic(this); 327 | u32 data; 328 | if (!ioapic_in_range(ioapic, addr)) 329 | return -EOPNOTSUPP; 330 | 331 | ioapic_debug("ioapic_mmio_write addr=%p len=%d val=%p\n", 332 | (void*)addr, len, val); 333 | ASSERT(!(addr & 0xf)); /* check alignment */ 334 | 335 | if (len == 4 || len == 8) 336 | data = *(u32 *) val; 337 | else { 338 | printk(KERN_WARNING "ioapic: Unsupported size %d\n", len); 339 | return 0; 340 | } 341 | 342 | addr &= 0xff; 343 | spin_lock(&ioapic->lock); 344 | switch (addr) { 345 | case IOAPIC_REG_SELECT: 346 | ioapic->ioregsel = data; 347 | break; 348 | 349 | case IOAPIC_REG_WINDOW: 350 | ioapic_write_indirect(ioapic, data); 351 | break; 352 | #ifdef CONFIG_IA64 353 | case IOAPIC_REG_EOI: 354 | __kvm_ioapic_update_eoi(ioapic, data, IOAPIC_LEVEL_TRIG); 355 | break; 356 | #endif 357 | 358 | default: 359 | break; 360 | } 361 | spin_unlock(&ioapic->lock); 362 | return 0; 363 | } 364 | 365 | void kvm_ioapic_reset(struct kvm_ioapic *ioapic) 366 | { 367 | int i; 368 | 369 | for (i = 0; i < IOAPIC_NUM_PINS; i++) 370 | ioapic->redirtbl[i].fields.mask = 1; 371 | ioapic->base_address = IOAPIC_DEFAULT_BASE_ADDRESS; 372 | ioapic->ioregsel = 0; 373 | ioapic->irr = 0; 374 | ioapic->id = 0; 375 | update_handled_vectors(ioapic); 376 | } 377 | 378 | static const struct kvm_io_device_ops ioapic_mmio_ops = { 379 | .read = ioapic_mmio_read, 380 | .write = ioapic_mmio_write, 381 | }; 382 | 383 | int kvm_ioapic_init(struct kvm *kvm) 384 | { 385 | struct kvm_ioapic *ioapic; 386 | int ret; 387 | 388 | ioapic = kzalloc(sizeof(struct kvm_ioapic), GFP_KERNEL); 389 | if (!ioapic) 390 | return -ENOMEM; 391 | spin_lock_init(&ioapic->lock); 392 | kvm->arch.vioapic = ioapic; 393 | kvm_ioapic_reset(ioapic); 394 | kvm_iodevice_init(&ioapic->dev, &ioapic_mmio_ops); 395 | ioapic->kvm = kvm; 396 | mutex_lock(&kvm->slots_lock); 397 | ret = kvm_io_bus_register_dev(kvm, KVM_MMIO_BUS, &ioapic->dev); 398 | mutex_unlock(&kvm->slots_lock); 399 | if (ret < 0) { 400 | kvm->arch.vioapic = NULL; 401 | kfree(ioapic); 402 | } 403 | 404 | return ret; 405 | } 406 | 407 | void kvm_ioapic_destroy(struct kvm *kvm) 408 | { 409 | struct kvm_ioapic *ioapic = kvm->arch.vioapic; 410 | 411 | if (ioapic) { 412 | kvm_io_bus_unregister_dev(kvm, KVM_MMIO_BUS, &ioapic->dev); 413 | kvm->arch.vioapic = NULL; 414 | kfree(ioapic); 415 | } 416 | } 417 | 418 | int kvm_get_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state) 419 | { 420 | struct kvm_ioapic *ioapic = ioapic_irqchip(kvm); 421 | if (!ioapic) 422 | return -EINVAL; 423 | 424 | spin_lock(&ioapic->lock); 425 | memcpy(state, ioapic, sizeof(struct kvm_ioapic_state)); 426 | spin_unlock(&ioapic->lock); 427 | return 0; 428 | } 429 | 430 | int kvm_set_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state) 431 | { 432 | struct kvm_ioapic *ioapic = ioapic_irqchip(kvm); 433 | if (!ioapic) 434 | return -EINVAL; 435 | 436 | spin_lock(&ioapic->lock); 437 | memcpy(ioapic, state, sizeof(struct kvm_ioapic_state)); 438 | update_handled_vectors(ioapic); 439 | spin_unlock(&ioapic->lock); 440 | return 0; 441 | } 442 | --------------------------------------------------------------------------------