From 9ce6bc6f74c74653f825eb9b0c3189b358048595 Mon Sep 17 00:00:00 2001 From: Jack Ding Date: Wed, 16 May 2018 10:40:21 -0400 Subject: [PATCH] Package and Enable Memcached on Controllers/AIO Add memcached as a service on controllers/AIOs. Memcached engineering values: 1. MAXCONN (-c option) : max simultaneous connections. Set to puppet-memcached default value 8192. 2. CACHESIZE (-m option): MB memory max to use for object storage. Set to roughly 10% of 8192 = 782. 3. -t option: number of threads. Set to number of CPU cores. Puppet creates memcached service as 'disabled' and 'running'. This change make sure memcached service is enabled. Change-Id: I212924a42b105ba7ecc7f46224b02a50902d59bf Signed-off-by: Jack Ding --- puppet-manifests/centos/puppet-manifests.spec | 1 + .../src/hieradata/controller.yaml | 6 +++ puppet-manifests/src/manifests/controller.pp | 2 + .../modules/platform/manifests/memcached.pp | 49 +++++++++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 puppet-manifests/src/modules/platform/manifests/memcached.pp diff --git a/puppet-manifests/centos/puppet-manifests.spec b/puppet-manifests/centos/puppet-manifests.spec index 3f083950eb..2f141ce3eb 100644 --- a/puppet-manifests/centos/puppet-manifests.spec +++ b/puppet-manifests/centos/puppet-manifests.spec @@ -40,6 +40,7 @@ Requires: puppet-murano Requires: puppet-magnum Requires: puppet-ironic Requires: puppet-panko +Requires: puppet-memcached # Puppetlabs puppet modules Requires: puppet-concat diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml index bf7ad9c2a1..520c3f7480 100644 --- a/puppet-manifests/src/hieradata/controller.yaml +++ b/puppet-manifests/src/hieradata/controller.yaml @@ -115,6 +115,12 @@ haproxy::defaults_options: maxconn: '8000' +# memcached +# disable UDP listener to prevent DOS attack +platform::memcached::params::udp_port: 0 +platform::memcached::params::max_connections: 8192 +platform::memcached::params::max_memory: 782 + # ceph ceph::public_addr: '127.0.0.1:5001' diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp index 789f7d9ce4..bea9de6587 100644 --- a/puppet-manifests/src/manifests/controller.pp +++ b/puppet-manifests/src/manifests/controller.pp @@ -43,6 +43,8 @@ include ::platform::sysinv::conductor include ::platform::mtce include ::platform::mtce::agent +include ::platform::memcached + include ::platform::nfv include ::platform::nfv::api diff --git a/puppet-manifests/src/modules/platform/manifests/memcached.pp b/puppet-manifests/src/modules/platform/manifests/memcached.pp new file mode 100644 index 0000000000..0d8900dfc4 --- /dev/null +++ b/puppet-manifests/src/modules/platform/manifests/memcached.pp @@ -0,0 +1,49 @@ +class platform::memcached::params( + $package_ensure = 'present', + $logfile = '/var/log/memcached.log', + # set CACHESIZE in /etc/sysconfig/memcached + $max_memory = false, + $tcp_port = 11211, + $udp_port = 11211, + # set MAXCONN in /etc/sysconfig/memcached + $max_connections = 8192, + $service_restart = true, +) { + include ::platform::params + $controller_0_hostname = $::platform::params::controller_0_hostname + $controller_1_hostname = $::platform::params::controller_1_hostname + $system_mode = $::platform::params::system_mode + + if $system_mode == 'simplex' { + $listen_ip = $::platform::network::mgmt::params::controller0_address + } else { + case $::hostname { + $controller_0_hostname: { + $listen_ip = $::platform::network::mgmt::params::controller0_address + } + $controller_1_hostname: { + $listen_ip = $::platform::network::mgmt::params::controller1_address + } + } + } +} + + +class platform::memcached + inherits ::platform::memcached::params { + + class { '::memcached': + package_ensure => $package_ensure, + logfile => $logfile, + listen_ip => $listen_ip, + tcp_port => $tcp_port, + udp_port => $udp_port, + max_connections => $max_connections, + max_memory => $max_memory, + service_restart => $service_restart, + } -> + + exec { 'systemctl enable memcached.service': + command => "/usr/bin/systemctl enable memcached.service", + } +}