]> git.openstreetmap.org Git - chef.git/blobdiff - roles/base.rb
reduce fpm pool size on poldi a bit
[chef.git] / roles / base.rb
index 15c913d3d3d9354643ed176b9dc8a05cb9f1ddec..0875bdb4ded0d52a5176d4dcd9a3c1ad1ea6021d 100644 (file)
@@ -49,9 +49,9 @@ default_attributes(
       }
     },
     :tcp_syncookies => {
-      :comment => "Turn off syncookies as they interact badly with the firewall",
+      :comment => "Turn on syncookies to protect against SYN floods",
       :parameters => {
-        "net.ipv4.tcp_syncookies" => "0"
+        "net.ipv4.tcp_syncookies" => "1"
       }
     }
   },
@@ -60,7 +60,7 @@ default_attributes(
       :comment => "Tune the ondemand CPU frequency governor",
       :parameters => {
         "devices/system/cpu/cpufreq/ondemand/up_threshold" => "25",
-        "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "10"
+        "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "100"
       }
     }
   }
@@ -79,5 +79,6 @@ run_list(
   "recipe[openssh]",
   "recipe[sysctl]",
   "recipe[sysfs]",
-  "recipe[tools]"
+  "recipe[tools]",
+  "recipe[fail2ban]"
 )