From f7c0203827db265c19e6fa2393b9fac6506afe87 Mon Sep 17 00:00:00 2001 From: Charles Wyble Date: Sun, 24 Feb 2019 19:46:07 -0600 Subject: [PATCH] capturing current reality --- .../{tsys-ovh => tsys-base}/files/etc/issue | 0 .../files/etc/issue.net | 0 .../prod/tsys-base/files/etc/ssh/sshd_config | 30 ++ .../tsys-base/files/usr/local/bin/up2date.sh | 7 + .../tsys-base/files/usr/local/librenms/distro | 114 ++++++ .../files/usr/local/librenms/ntp-client.sh | 25 ++ .../files/usr/local/librenms/os-updates.sh | 73 ++++ .../files/usr/local/librenms/postfix-queues | 13 + .../tsys-base/files/usr/local/librenms/smart | 363 ++++++++++++++++++ .../files/usr/local/librenms/smart.config | 3 + .../tsys-base/files/usr/local/librenms/zfs | 266 +++++++++++++ slack/prod/tsys-base/scripts/postinstall | 9 +- slack/prod/tsys-ovh/files/etc/ntp.conf | 2 +- slack/prod/tsys-ovh/files/etc/resolv.conf | 2 +- slack/prod/tsys-pfv/files/etc/issue | 10 - slack/prod/tsys-pfv/files/etc/issue.net | 10 - slack/prod/tsys-pfv/files/etc/ntp.conf | 1 - slack/prod/tsys-pfv/files/etc/resolv.conf | 5 +- slack/prod/tsys-pfv/scripts/postinstall | 3 - 19 files changed, 907 insertions(+), 29 deletions(-) rename slack/prod/{tsys-ovh => tsys-base}/files/etc/issue (100%) rename slack/prod/{tsys-ovh => tsys-base}/files/etc/issue.net (100%) create mode 100644 slack/prod/tsys-base/files/etc/ssh/sshd_config create mode 100755 slack/prod/tsys-base/files/usr/local/bin/up2date.sh create mode 100755 slack/prod/tsys-base/files/usr/local/librenms/distro create mode 100755 slack/prod/tsys-base/files/usr/local/librenms/ntp-client.sh create mode 100755 slack/prod/tsys-base/files/usr/local/librenms/os-updates.sh create mode 100755 slack/prod/tsys-base/files/usr/local/librenms/postfix-queues create mode 100755 slack/prod/tsys-base/files/usr/local/librenms/smart create mode 100644 slack/prod/tsys-base/files/usr/local/librenms/smart.config create mode 100755 slack/prod/tsys-base/files/usr/local/librenms/zfs delete mode 100644 slack/prod/tsys-pfv/files/etc/issue delete mode 100644 slack/prod/tsys-pfv/files/etc/issue.net delete mode 100755 slack/prod/tsys-pfv/scripts/postinstall diff --git a/slack/prod/tsys-ovh/files/etc/issue b/slack/prod/tsys-base/files/etc/issue similarity index 100% rename from slack/prod/tsys-ovh/files/etc/issue rename to slack/prod/tsys-base/files/etc/issue diff --git a/slack/prod/tsys-ovh/files/etc/issue.net b/slack/prod/tsys-base/files/etc/issue.net similarity index 100% rename from slack/prod/tsys-ovh/files/etc/issue.net rename to slack/prod/tsys-base/files/etc/issue.net diff --git a/slack/prod/tsys-base/files/etc/ssh/sshd_config b/slack/prod/tsys-base/files/etc/ssh/sshd_config new file mode 100644 index 0000000..b1f1ca8 --- /dev/null +++ b/slack/prod/tsys-base/files/etc/ssh/sshd_config @@ -0,0 +1,30 @@ +#Official Turn Net Systems SSHD configuration +#Created by Charles Wyble +#Sourced from +#https://stribika.github.io/2015/01/04/secure-secure-shell.html +#https://infosec.mozilla.org/guidelines/openssh + +#Eliminated all the stock bits that had good/sane defaults, below values are set intentionally + +HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +PermitRootLogin without-password +AuthenticationMethods publickey +SyslogFacility AUTH +LogLevel VERBOSE +StrictModes yes +PubkeyAuthentication yes +PasswordAuthentication no +ChallengeResponseAuthentication no +PermitEmptyPasswords no +X11Forwarding no +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256 +PrintMotd yes +Banner /etc/ssh/tsys-banner +Subsystem sftp /usr/lib/openssh/sftp-server +#Review the following: +UsePAM yes +AllowAgentForwarding yes + diff --git a/slack/prod/tsys-base/files/usr/local/bin/up2date.sh b/slack/prod/tsys-base/files/usr/local/bin/up2date.sh new file mode 100755 index 0000000..c81d409 --- /dev/null +++ b/slack/prod/tsys-base/files/usr/local/bin/up2date.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +apt-get update +apt-get -y --purge autoremove +apt-get -y autoclean +apt-get -y upgrade +apt-get -y dist-upgrade diff --git a/slack/prod/tsys-base/files/usr/local/librenms/distro b/slack/prod/tsys-base/files/usr/local/librenms/distro new file mode 100755 index 0000000..61ad248 --- /dev/null +++ b/slack/prod/tsys-base/files/usr/local/librenms/distro @@ -0,0 +1,114 @@ +#!/usr/bin/env bash +# Detects which OS and if it is Linux then it will detect which Linux Distribution. + +OS=`uname -s` +REV=`uname -r` +MACH=`uname -m` + +if [ "${OS}" = "SunOS" ] ; then + OS=Solaris + ARCH=`uname -p` + OSSTR="${OS} ${REV}(${ARCH} `uname -v`)" + +elif [ "${OS}" = "AIX" ] ; then + OSSTR="${OS} `oslevel` (`oslevel -r`)" + +elif [ "${OS}" = "Linux" ] ; then + KERNEL=`uname -r` + + if [ -f /etc/fedora-release ]; then + DIST=$(cat /etc/fedora-release | awk '{print $1}') + REV=`cat /etc/fedora-release | sed s/.*release\ // | sed s/\ .*//` + + elif [ -f /etc/redhat-release ] ; then + DIST=$(cat /etc/redhat-release | awk '{print $1}') + if [ "${DIST}" = "CentOS" ]; then + DIST="CentOS" + elif [ "${DIST}" = "Mandriva" ]; then + DIST="Mandriva" + PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//` + REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//` + elif [ -f /etc/oracle-release ]; then + DIST="Oracle" + else + DIST="RedHat" + fi + + PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//` + REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//` + + elif [ -f /etc/mandrake-release ] ; then + DIST='Mandrake' + PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//` + REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//` + + elif [ -f /etc/devuan_version ] ; then + DIST="Devuan `cat /etc/devuan_version`" + REV="" + + elif [ -f /etc/debian_version ] ; then + DIST="Debian `cat /etc/debian_version`" + REV="" + ID=`lsb_release -i | awk -F ':' '{print $2}' | sed 's/ //g'` + if [ "${ID}" = "Raspbian" ] ; then + DIST="Raspbian `cat /etc/debian_version`" + fi + + elif [ -f /etc/gentoo-release ] ; then + DIST="Gentoo" + REV=$(tr -d '[[:alpha:]]' The config file to use.\n"; +} + +#gets the options +my %opts=(); +getopts('ugc:', \%opts); + +# guess if asked +if ( defined( $opts{g} ) ){ + + #get what path to use for smartctl + $smartctl=`which smartctl`; + chomp($smartctl); + if ( $? != 0 ){ + warn("'which smartctl' failed with a exit code of $?"); + exit 1; + } + + #try to touch the default cache location and warn if it can't be done + system('touch '.$cache.'>/dev/null'); + if ( $? != 0 ){ + $cache='#Could not touch '.$cache. "You will need to manually set it\n". + "cache=?\n"; + }else{ + $cache='cache='.$cache."\n"; + } + + my %found_disks; + + #check for drives named /dev/sd* + my @matches=glob('/dev/sd*'); + @matches=grep(!/[0-9]/, @matches); + my $matches_int=0; + while ( defined( $matches[$matches_int] ) ){ + my $device=$matches[$matches_int]; + system( $smartctl.' -A '.$device.' > /dev/null' ); + if ( $? == 0 ){ + $device =~ s/\/dev\///; + $found_disks{$device}=1; + } + + $matches_int++; + } + + #check for drives named /dev/ada* + @matches=glob('/dev/ada*'); + @matches=grep(!/[ps]/, @matches); + $matches_int=0; + while ( defined( $matches[$matches_int] ) ){ + my $device=$matches[$matches_int]; + system( $smartctl.' -A '.$device.' > /dev/null' ); + if ( $? == 0 ){ + $device =~ s/\/dev\///; + $found_disks{$device}=1; + } + + $matches_int++; + } + + #check for drives named /dev/da* + @matches=glob('/dev/da*'); + @matches=grep(!/[ps]/, @matches); + $matches_int=0; + while ( defined( $matches[$matches_int] ) ){ + my $device=$matches[$matches_int]; + system( $smartctl.' -A '.$device.' > /dev/null' ); + if ( $? == 0 ){ + $device =~ s/\/dev\///; + $found_disks{$device}=1; + } + + $matches_int++; + } + + #have smartctl scan and see if it finds anythings not get found + my $scan_output=`$smartctl --scan-open`; + my @scan_outputA=split(/\n/, $scan_output); + @scan_outputA=grep(!/ses[0-9]/, @scan_outputA); # not a disk, but may or may not have SMART attributes + @scan_outputA=grep(!/pass[0-9]/, @scan_outputA); # very likely a duplicate and a disk under another name + $matches_int=0; + while ( defined( $scan_outputA[$matches_int] ) ){ + my $device=$scan_outputA[$matches_int]; + $device =~ s/ .*//; + system( $smartctl.' -A '.$device.' > /dev/null' ); + if ( $? == 0 ){ + $device =~ s/\/dev\///; + $found_disks{$device}=1; + } + + $matches_int++; + } + + print "useSN=0\n".'smartctl='.$smartctl."\n". + $cache. + join( "\n", keys(%found_disks) )."\n"; + + exit 0; +} + +#get which config file to use +my $config=$0.'.config'; +if ( defined( $opts{c} ) ){ + $config=$opts{c}; +} + +#reads the config file, optionally +my $config_file=''; +open(my $readfh, "<", $config) or die "Can't open '".$config."'"; +read($readfh , $config_file , 1000000); +close($readfh); + +#parse the config file and remove comments and empty lines +my @configA=split(/\n/, $config_file); +@configA=grep(!/^$/, @configA); +@configA=grep(!/^\#/, @configA); +@configA=grep(!/^[\s\t]*$/, @configA); +my $configA_int=0; +while ( defined( $configA[$configA_int] ) ){ + my $line=$configA[$configA_int]; + $line=~s/^[\t\s]+//; + $line=~s/[\t\s]+$//; + + my ( $var, $val )=split(/=/, $line, 2); + + if ( $var eq 'cache' ){ + $cache=$val; + } + + if ( $var eq 'smartctl' ){ + $smartctl=$val; + } + + if ( $var eq 'useSN' ){ + $useSN=$val; + } + + if ( !defined( $val ) ){ + push(@disks, $var); + } + + $configA_int++; +} + +#if set to 1, no cache will be written and it will be printed instead +my $noWrite=0; + +# if no -u, it means we are being called from snmped +if ( ! defined( $opts{u} ) ){ + # if the cache file exists, print it, otherwise assume one is not being used + if ( -f $cache ){ + my $old=''; + open(my $readfh, "<", $cache) or die "Can't open '".$cache."'"; + read($readfh , $old , 1000000); + close($readfh); + print $old; + exit 0; + }else{ + $opts{u}=1; + $noWrite=1; + } +} + +my $toReturn=''; +my $int=0; +while ( defined($disks[$int]) ) { + my $disk=$disks[$int]; + my $disk_sn=$disk; + my $output=`$smartctl -A /dev/$disk`; + + my %IDs=( '5'=>'null', + '10'=>'null', + '173'=>'null', + '177'=>'null', + '183'=>'null', + '184'=>'null', + '187'=>'null', + '188'=>'null', + '190'=>'null', + '194'=>'null', + '196'=>'null', + '197'=>'null', + '198'=>'null', + '199'=>'null', + '231'=>'null', + '233'=>'null', + ); + + my @outputA=split( /\n/, $output ); + my $outputAint=0; + while ( defined($outputA[$outputAint]) ) { + my $line=$outputA[$outputAint]; + $line=~s/^ +//; + $line=~s/ +/ /g; + + if ( $line =~ /^[0123456789]+ / ) { + my @lineA=split(/\ /, $line, 10); + my $raw=$lineA[9]; + my $id=$lineA[0]; + + # single int raw values + if ( + ( $id == 5 ) || + ( $id == 10 ) || + ( $id == 173 ) || + ( $id == 177 ) || + ( $id == 183 ) || + ( $id == 184 ) || + ( $id == 187 ) || + ( $id == 196 ) || + ( $id == 197 ) || + ( $id == 198 ) || + ( $id == 199 ) || + ( $id == 231 ) || + ( $id == 233 ) + ) { + $IDs{$id}=$raw; + } + + # 188, Command_Timeout + if ( $id == 188 ) { + my $total=0; + my @rawA=split( /\ /, $raw ); + my $rawAint=0; + while ( defined( $rawA[$rawAint] ) ) { + $total=$total+$rawA[$rawAint]; + $rawAint++; + } + $IDs{$id}=$total; + } + + # 190, airflow temp + # 194, temp + if ( + ( $id == 190 ) || + ( $id == 194 ) + ) { + my ( $temp )=split(/\ /, $raw); + $IDs{$id}=$temp; + } + + } + + $outputAint++; + } + + #get the selftest logs + $output=`$smartctl -l selftest /dev/$disk`; + @outputA=split( /\n/, $output ); + my $completed=scalar grep(/Completed without error/, @outputA); + my $interrupted=scalar grep(/Interrupted/, @outputA); + my $read_failure=scalar grep(/read failure/, @outputA); + my $unknown_failure=scalar grep(/unknown failure/, @outputA); + my $extended=scalar grep(/Extended/, @outputA); + my $short=scalar grep(/Short/, @outputA); + my $conveyance=scalar grep(/Conveyance/, @outputA); + my $selective=scalar grep(/Selective/, @outputA); + + # get the drive serial number, if needed + my $disk_id=$disk; + if ( $useSN ){ + while (`$smartctl -i /dev/$disk` =~ /Serial Number:(.*)/g) { + $disk_id = $1; + $disk_id =~ s/^\s+|\s+$//g; + } + } + + $toReturn=$toReturn.$disk_id.','.$IDs{'5'}.','.$IDs{'10'}.','.$IDs{'173'}.','.$IDs{'177'}.','.$IDs{'183'}.','.$IDs{'184'}.','.$IDs{'187'}.','.$IDs{'188'} + .','.$IDs{'190'} .','.$IDs{'194'}.','.$IDs{'196'}.','.$IDs{'197'}.','.$IDs{'198'}.','.$IDs{'199'}.','.$IDs{'231'}.','.$IDs{'233'}.','. + $completed.','.$interrupted.','.$read_failure.','.$unknown_failure.','.$extended.','.$short.','.$conveyance.','.$selective."\n"; + + $int++; +} + +if ( ! $noWrite ){ + open(my $writefh, ">", $cache) or die "Can't open '".$cache."'"; + print $writefh $toReturn; + close($writefh); +}else{ + print $toReturn; +} diff --git a/slack/prod/tsys-base/files/usr/local/librenms/smart.config b/slack/prod/tsys-base/files/usr/local/librenms/smart.config new file mode 100644 index 0000000..2b12988 --- /dev/null +++ b/slack/prod/tsys-base/files/usr/local/librenms/smart.config @@ -0,0 +1,3 @@ +smartctl=/usr/sbin/smartctl +cache=/var/cache/smart +sda diff --git a/slack/prod/tsys-base/files/usr/local/librenms/zfs b/slack/prod/tsys-base/files/usr/local/librenms/zfs new file mode 100755 index 0000000..cea6e1e --- /dev/null +++ b/slack/prod/tsys-base/files/usr/local/librenms/zfs @@ -0,0 +1,266 @@ +#!/usr/bin/env perl + +=head1 DESCRIPTION + +This is a SNMP extend for ZFS and FreeBSD for use with LibreNMS. + +For more information, see L. + +=head1 SWITCHES + +=head2 -p + +Pretty print the JSON. + +=head1 SNMPD SETUP EXAMPLES + + extend zfs /etc/snmp/zfs-freebsd + +=cut + +#Copyright (c) 2017, Zane C. Bowers-Hadley +#All rights reserved. +# +#Redistribution and use in source and binary forms, with or without modification, +#are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +#IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +#INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +#DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +#LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +#OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +#THE POSSIBILITY OF SUCH DAMAGE. + +# Many thanks to Ben Rockwood, Jason J. Hellenthal, and Martin Matuska +# for zfs-stats and figuring out the math for all the stats + +use strict; +use warnings; +use JSON; +use Getopt::Std; + +$Getopt::Std::STANDARD_HELP_VERSION = 1; +sub main::VERSION_MESSAGE { + print "FreeBSD ZFS stats extend 0.0.0\n"; +} + +sub main::HELP_MESSAGE { + +} + +#this will be dumped to json at the end +my %tojson; + +#gets the options +my %opts=(); +getopts('p', \%opts); + +my $sysctls; +my @to_pull=( + 'kstat.zfs', + 'vfs.zfs', + ); +my @sysctls_pull = `/sbin/sysctl -q @to_pull`; +foreach my $stat (@sysctls_pull) { + chomp( $stat ); + my ( $var, $val ) = split(/:/, $stat, 2); + + $val =~ s/^ //; + $sysctls->{$var}=$val; +} + +# does not seem to exist for me, but some of these don't seem to be created till needed +if ( ! defined( $sysctls->{"kstat.zfs.misc.arcstats.recycle_miss"} ) ) { + $sysctls->{"kstat.zfs.misc.arcstats.recycle_miss"}=0; +} + +## +## ARC misc +## +$tojson{deleted}=$sysctls->{"kstat.zfs.misc.arcstats.deleted"}; +$tojson{evict_skip}=$sysctls->{"kstat.zfs.misc.arcstats.evict_skip"}; +$tojson{mutex_skip}=$sysctls->{'kstat.zfs.misc.arcstats.mutex_miss'}; +$tojson{recycle_miss}=$sysctls->{"kstat.zfs.misc.arcstats.recycle_miss"}; + +## +## ARC size +## +my $target_size_percent = $sysctls->{"kstat.zfs.misc.arcstats.c"} / $sysctls->{"kstat.zfs.misc.arcstats.c_max"} * 100; +my $arc_size_percent = $sysctls->{"kstat.zfs.misc.arcstats.size"} / $sysctls->{"kstat.zfs.misc.arcstats.c_max"} * 100; +my $target_size_adaptive_ratio = $sysctls->{"kstat.zfs.misc.arcstats.c"} / $sysctls->{"kstat.zfs.misc.arcstats.c_max"}; +my $min_size_percent = $sysctls->{"kstat.zfs.misc.arcstats.c_min"} / $sysctls->{"kstat.zfs.misc.arcstats.c_max"} * 100; + +$tojson{arc_size}=$sysctls->{"kstat.zfs.misc.arcstats.size"}; +$tojson{target_size_max}=$sysctls->{"kstat.zfs.misc.arcstats.c_max"}; +$tojson{target_size_min}=$sysctls->{"kstat.zfs.misc.arcstats.c_min"}; +$tojson{target_size}=$sysctls->{"kstat.zfs.misc.arcstats.c"}; +$tojson{target_size_per}=$target_size_percent; +$tojson{arc_size_per}=$arc_size_percent; +$tojson{target_size_arat}=$target_size_adaptive_ratio; +$tojson{min_size_per}=$min_size_percent; + +## +## ARC size breakdown +## +my $mfu_size; +my $recently_used_percent; +my $frequently_used_percent; +if ( $sysctls->{"kstat.zfs.misc.arcstats.size"} >= $sysctls->{"kstat.zfs.misc.arcstats.c"} ){ + $mfu_size = $sysctls->{"kstat.zfs.misc.arcstats.size"} - $sysctls->{"kstat.zfs.misc.arcstats.p"}; + $recently_used_percent = $sysctls->{"kstat.zfs.misc.arcstats.p"} / $sysctls->{"kstat.zfs.misc.arcstats.size"} * 100; + $frequently_used_percent = $mfu_size / $sysctls->{"kstat.zfs.misc.arcstats.size"} * 100; +}else{ + $mfu_size = $sysctls->{"kstat.zfs.misc.arcstats.c"} - $sysctls->{"kstat.zfs.misc.arcstats.p"}; + $recently_used_percent = $sysctls->{"kstat.zfs.misc.arcstats.p"} / $sysctls->{"kstat.zfs.misc.arcstats.c"} * 100; + $frequently_used_percent = $mfu_size / $sysctls->{"kstat.zfs.misc.arcstats.c"} * 100; +} + +$tojson{mfu_size}=$mfu_size; +$tojson{p}=$sysctls->{"kstat.zfs.misc.arcstats.p"}; +$tojson{rec_used_per}=$recently_used_percent; +$tojson{freq_used_per}=$frequently_used_percent; + +## +## ARC efficiency +## +my $arc_hits = $sysctls->{"kstat.zfs.misc.arcstats.hits"}; +my $arc_misses = $sysctls->{"kstat.zfs.misc.arcstats.misses"}; +my $demand_data_hits = $sysctls->{"kstat.zfs.misc.arcstats.demand_data_hits"}; +my $demand_data_misses = $sysctls->{"kstat.zfs.misc.arcstats.demand_data_misses"}; +my $demand_metadata_hits = $sysctls->{"kstat.zfs.misc.arcstats.demand_metadata_hits"}; +my $demand_metadata_misses = $sysctls->{"kstat.zfs.misc.arcstats.demand_metadata_misses"}; +my $mfu_ghost_hits = $sysctls->{"kstat.zfs.misc.arcstats.mfu_ghost_hits"}; +my $mfu_hits = $sysctls->{"kstat.zfs.misc.arcstats.mfu_hits"}; +my $mru_ghost_hits = $sysctls->{"kstat.zfs.misc.arcstats.mru_ghost_hits"}; +my $mru_hits = $sysctls->{"kstat.zfs.misc.arcstats.mru_hits"}; +my $prefetch_data_hits = $sysctls->{"kstat.zfs.misc.arcstats.prefetch_data_hits"}; +my $prefetch_data_misses = $sysctls->{"kstat.zfs.misc.arcstats.prefetch_data_misses"}; +my $prefetch_metadata_hits = $sysctls->{"kstat.zfs.misc.arcstats.prefetch_metadata_hits"}; +my $prefetch_metadata_misses = $sysctls->{"kstat.zfs.misc.arcstats.prefetch_metadata_misses"}; + +my $anon_hits = $arc_hits - ($mfu_hits + $mru_hits + $mfu_ghost_hits + $mru_ghost_hits); +my $arc_accesses_total = $arc_hits + $arc_misses; +my $demand_data_total = $demand_data_hits + $demand_data_misses; +my $prefetch_data_total = $prefetch_data_hits + $prefetch_data_misses; +my $real_hits = $mfu_hits + $mru_hits; + +my $cache_hit_percent = $arc_hits / $arc_accesses_total * 100; +my $cache_miss_percent = $arc_misses / $arc_accesses_total * 100; +my $actual_hit_percent = $real_hits / $arc_accesses_total * 100; +my $data_demand_percent = $demand_data_hits / $demand_data_total * 100; + +my $data_prefetch_percent; +if ( $prefetch_data_total != 0 ) { + $data_prefetch_percent = $prefetch_data_hits / $prefetch_data_total * 100; +}else{ + $data_prefetch_percent = 0; +} + +my $anon_hits_percent; +if ( $anon_hits != 0 ) { + $anon_hits_percent = $anon_hits / $arc_hits * 100; +}else{ + $anon_hits_percent=0; +} + +my $mru_percent = $mru_hits / $arc_hits * 100; +my $mfu_percent = $mfu_hits / $arc_hits * 100; +my $mru_ghost_percent = $mru_ghost_hits / $arc_hits * 100; +my $mfu_ghost_percent = $mfu_ghost_hits / $arc_hits * 100; + +my $demand_hits_percent = $demand_data_hits / $arc_hits * 100; +my $prefetch_hits_percent = $prefetch_data_hits / $arc_hits * 100; +my $metadata_hits_percent = $demand_metadata_hits / $arc_hits * 100; +my $prefetch_metadata_hits_percent = $prefetch_metadata_hits / $arc_hits * 100; + +my $demand_misses_percent = $demand_data_misses / $arc_misses * 100; +my $prefetch_misses_percent = $prefetch_data_misses / $arc_misses * 100; +my $metadata_misses_percent = $demand_metadata_misses / $arc_misses * 100; +my $prefetch_metadata_misses_percent = $prefetch_metadata_misses / $arc_misses * 100; + +# ARC misc. efficient stats +$tojson{arc_hits}=$arc_hits; +$tojson{arc_misses}=$arc_misses; +$tojson{demand_data_hits}=$demand_data_hits; +$tojson{demand_data_misses}=$demand_data_misses; +$tojson{demand_meta_hits}=$demand_metadata_hits; +$tojson{demand_meta_misses}=$demand_metadata_misses; +$tojson{mfu_ghost_hits}=$mfu_ghost_hits; +$tojson{mfu_hits}=$mfu_hits; +$tojson{mru_ghost_hits}=$mru_ghost_hits; +$tojson{mru_hits}=$mru_hits; +$tojson{pre_data_hits}=$prefetch_data_hits; +$tojson{pre_data_misses}=$prefetch_data_misses; +$tojson{pre_meta_hits}=$prefetch_metadata_hits; +$tojson{pre_meta_misses}=$prefetch_metadata_misses; +$tojson{anon_hits}=$anon_hits; +$tojson{arc_accesses_total}=$arc_accesses_total; +$tojson{demand_data_total}=$demand_data_total; +$tojson{pre_data_total}=$prefetch_data_total; +$tojson{real_hits}=$real_hits; + +# ARC efficient percents +$tojson{cache_hits_per}=$cache_hit_percent; +$tojson{cache_miss_per}=$cache_miss_percent; +$tojson{actual_hit_per}=$actual_hit_percent; +$tojson{data_demand_per}=$data_demand_percent; +$tojson{data_pre_per}=$data_prefetch_percent; +$tojson{anon_hits_per}=$anon_hits_percent; +$tojson{mru_per}=$mru_percent; +$tojson{mfu_per}=$mfu_percent; +$tojson{mru_ghost_per}=$mru_ghost_percent; +$tojson{mfu_ghost_per}=$mfu_ghost_percent; +$tojson{demand_hits_per}=$demand_hits_percent; +$tojson{pre_hits_per}=$prefetch_hits_percent; +$tojson{meta_hits_per}=$metadata_hits_percent; +$tojson{pre_meta_hits_per}=$prefetch_metadata_hits_percent; +$tojson{demand_misses_per}=$demand_misses_percent; +$tojson{pre_misses_per}=$prefetch_misses_percent; +$tojson{meta_misses_per}=$metadata_misses_percent; +$tojson{pre_meta_misses_per}=$prefetch_metadata_misses_percent; + +#process each pool and shove them into JSON +my $zpool_output=`/sbin/zpool list -pH`; +my @pools=split( /\n/, $zpool_output ); +my $pools_int=0; +my @toShoveIntoJSON; +while ( defined( $pools[$pools_int] ) ) { + my %newPool; + + my $pool=$pools[$pools_int]; + $pool =~ s/\t/,/g; + $pool =~ s/\,\-\,/\,0\,/g; + $pool =~ s/\%//g; + $pool =~ s/\,([0-1\.]*)x\,/,$1,/; + + ( $newPool{name}, $newPool{size}, $newPool{alloc}, $newPool{free}, $newPool{expandsz}, $newPool{frag}, $newPool{cap}, $newPool{dedup} )=split(/\,/, $pool); + + push(@toShoveIntoJSON, \%newPool); + + $pools_int++; +} +$tojson{pools}=\@toShoveIntoJSON; + +my $j=JSON->new; + +if ( $opts{p} ){ + $j->pretty(1); +} + +print $j->encode( \%tojson ); + +if (! $opts{p} ){ + print "\n"; +} + +exit 0; diff --git a/slack/prod/tsys-base/scripts/postinstall b/slack/prod/tsys-base/scripts/postinstall index 3773b79..0d7f242 100755 --- a/slack/prod/tsys-base/scripts/postinstall +++ b/slack/prod/tsys-base/scripts/postinstall @@ -7,4 +7,11 @@ if [ $ISUCS -ne 0 ]; then exit 1 fi -apt -y install htop glances sssd-ad dstat ladvd snmpd ntp tcpdump autofs +apt-get update +apt-get -y --purge autoremove +apt-get -y autoclean +apt-get -y upgrade +apt-get -y dist-upgrade +apt -y install htop glances dstat ladvd snmpd ntp tcpdump autofs logwatch molly-guard + +slack tsys-base-$tsysSysLocation diff --git a/slack/prod/tsys-ovh/files/etc/ntp.conf b/slack/prod/tsys-ovh/files/etc/ntp.conf index cbcd83b..db0f223 100644 --- a/slack/prod/tsys-ovh/files/etc/ntp.conf +++ b/slack/prod/tsys-ovh/files/etc/ntp.conf @@ -7,7 +7,7 @@ filegen clockstats file clockstats type day enable server ovh-ucs.turnsys.net server pfv-ucs.turnsys.net -server satx-ucs.turnsys.net +server pool.ntp.org restrict default mssntp noquery restrict 127.0.0.1 diff --git a/slack/prod/tsys-ovh/files/etc/resolv.conf b/slack/prod/tsys-ovh/files/etc/resolv.conf index 7ebdb38..b417239 100644 --- a/slack/prod/tsys-ovh/files/etc/resolv.conf +++ b/slack/prod/tsys-ovh/files/etc/resolv.conf @@ -1,3 +1,3 @@ domain turnsys.net nameserver 10.253.3.201 -nameserver 10.40.100.200 +nameserver 10.251.30.201 diff --git a/slack/prod/tsys-pfv/files/etc/issue b/slack/prod/tsys-pfv/files/etc/issue deleted file mode 100644 index a6e88dc..0000000 --- a/slack/prod/tsys-pfv/files/etc/issue +++ /dev/null @@ -1,10 +0,0 @@ -=============================================================================== - - This is a private computer system. These resources, including all - related equipment, networks, and devices, are provided for authorized - use only. The system may be monitored for all lawful purposes. Evidence - of unauthorized use collected during monitoring may be used for criminal - prosecution by staff, legal counsel, and law enforcement agencies. - -=============================================================================== - diff --git a/slack/prod/tsys-pfv/files/etc/issue.net b/slack/prod/tsys-pfv/files/etc/issue.net deleted file mode 100644 index a6e88dc..0000000 --- a/slack/prod/tsys-pfv/files/etc/issue.net +++ /dev/null @@ -1,10 +0,0 @@ -=============================================================================== - - This is a private computer system. These resources, including all - related equipment, networks, and devices, are provided for authorized - use only. The system may be monitored for all lawful purposes. Evidence - of unauthorized use collected during monitoring may be used for criminal - prosecution by staff, legal counsel, and law enforcement agencies. - -=============================================================================== - diff --git a/slack/prod/tsys-pfv/files/etc/ntp.conf b/slack/prod/tsys-pfv/files/etc/ntp.conf index 8c7299a..680ec29 100644 --- a/slack/prod/tsys-pfv/files/etc/ntp.conf +++ b/slack/prod/tsys-pfv/files/etc/ntp.conf @@ -7,7 +7,6 @@ filegen clockstats file clockstats type day enable server pfv-ucs.turnsys.net server ovh-ucs.turnsys.net -server satx-ucs.turnsys.net restrict default mssntp noquery restrict 127.0.0.1 diff --git a/slack/prod/tsys-pfv/files/etc/resolv.conf b/slack/prod/tsys-pfv/files/etc/resolv.conf index 62050dc..1b89b6d 100644 --- a/slack/prod/tsys-pfv/files/etc/resolv.conf +++ b/slack/prod/tsys-pfv/files/etc/resolv.conf @@ -1,3 +1,4 @@ domain pfv.turnsys.net -nameserver 10.251.30.71 -nameserver 10.251.3.201 +search pfv.turnsys.net turnsys.net +nameserver 10.251.30.201 +nameserver 10.253.3.201 diff --git a/slack/prod/tsys-pfv/scripts/postinstall b/slack/prod/tsys-pfv/scripts/postinstall deleted file mode 100755 index 896144a..0000000 --- a/slack/prod/tsys-pfv/scripts/postinstall +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -slack common