X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/cb5f0da0d5c1e54318bb10ea9609b256876bce41..3e2102f454444729f62c5f84ea6b62370afdb62e:/roles/base.rb diff --git a/roles/base.rb b/roles/base.rb index 2e2805142..5ffc5dee9 100644 --- a/roles/base.rb +++ b/roles/base.rb @@ -11,14 +11,14 @@ default_attributes( } }, :apt => { - :sources => [ "openstreetmap" ] + :sources => ["openstreetmap"] }, :networking => { :roles => { :internal => { :metric => 200, :zone => "loc" }, :external => { :metric => 100 } }, - :search => [ "openstreetmap.org" ] + :search => ["openstreetmap.org"] }, :sysctl => { :panic => { @@ -27,11 +27,14 @@ default_attributes( }, :blackhole => { :comment => "Do TCP level MTU probing if we seem to have an ICMP blackhole", - :parameters => { "net.ipv4.tcp_mtu_probing" => "1" } + :parameters => { + "net.ipv4.tcp_mtu_probing" => "1", + "net.ipv4.tcp_base_mss" => "1024" + } }, :network_buffers => { :comment => "Tune network buffers", - :parameters => { + :parameters => { "net.core.rmem_max" => "16777216", "net.core.wmem_max" => "16777216", "net.ipv4.tcp_rmem" => "4096\t87380\t16777216", @@ -44,7 +47,7 @@ default_attributes( }, :network_conntrack_established => { :comment => "Only track established connections for four hours", - :parameters => { + :parameters => { "net.netfilter.nf_conntrack_tcp_timeout_established" => "14400" } }, @@ -60,7 +63,7 @@ default_attributes( :comment => "Tune the ondemand CPU frequency governor", :parameters => { "devices/system/cpu/cpufreq/ondemand/up_threshold" => "25", - "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "10" + "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "100" } } } @@ -79,5 +82,6 @@ run_list( "recipe[openssh]", "recipe[sysctl]", "recipe[sysfs]", - "recipe[tools]" + "recipe[tools]", + "recipe[fail2ban]" )