diff --git a/kubezero/aws-neuron-driver/APKBUILD b/kubezero/aws-neuron-driver/APKBUILD
index 5aeaf94..391082f 100644
--- a/kubezero/aws-neuron-driver/APKBUILD
+++ b/kubezero/aws-neuron-driver/APKBUILD
@@ -15,9 +15,9 @@ options="!check"
source="$pkgname-$pkgver.deb::https://apt.repos.neuron.amazonaws.com/pool/main/a/aws-neuron-dkms/aws-neuron-dkms_"$pkgver"_amd64.deb"
unpack() {
- ar -x /var/cache/distfiles/$pkgname-$pkgver.deb
- tar xfJ data.tar.xz
- mv usr/src/aws-neuron-$pkgver $srcdir/$pkgname-$pkgver
+ ar -x "$srcdir/$pkgname-$pkgver.deb" && tar xfJo data.tar.xz
+ mv usr/src/aws-neuron-"$pkgver" "$srcdir/$pkgname-$pkgver"
+ rm -rf usr data.tar.xz control.tar.xz debian-binary
# What is wrong with AWS ?
find $srcdir/$pkgname-$pkgver -type d -exec chmod 755 {} \;
diff --git a/kubezero/zdt-base/APKBUILD b/kubezero/zdt-base/APKBUILD
index 1ca459d..4283efa 100644
--- a/kubezero/zdt-base/APKBUILD
+++ b/kubezero/zdt-base/APKBUILD
@@ -7,29 +7,84 @@ pkgdesc="ZeroDownTime Alpine additions and customizations"
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
arch="noarch"
license="AGPL-3.0"
-depends=""
+depends="logrotate syslog-ng neofetch monit"
options="!check"
-subpackages="$pkgname-aws"
+subpackages="$pkgname-openrc $pkgname-aws"
+install="$pkgname.post-install"
-source="route53.py
+source="
+ zdt-mount.init
+ zdt-sysctl.conf
+ https://raw.githubusercontent.com/pixelb/ps_mem/v3.14/ps_mem.py
+ syslog-ng.conf
+ syslog-ng.logrotate.conf
+ monitrc
+ monit_alert.sh.aws
+ neofetch.conf
+ zdt-ascii.txt
+ dhclient.conf
+ cloudbender.stop
+ route53.py
get_iam_sshkeys.py
"
build() {
- return 0
+ sed -i -e 's,#!/usr/bin/env python,#!/usr/bin/env python3,' ps_mem.py
}
package() {
- mkdir -p "$pkgdir"
+ # dhcp tuning for MTU
+ install -Dm644 "$srcdir"/dhclient.conf "$pkgdir"/etc/dhcp/dhclient.conf
+
+ # various sysctl tunings
+ install -Dm644 "$srcdir"/zdt-sysctl.conf "$pkgdir"/etc/sysctl.d/60-zdt.conf
+
+ # init script to find and mount /var
+ mkdir -p "$pkgdir"/etc/init.d
+ cp zdt-mount.init "$pkgdir"/etc/init.d/zdt-mount
+
+ # syslog-ng configs, json all into messages
+ install -Dm644 "$srcdir"/syslog-ng.conf "$pkgdir"/lib/zdt/syslog-ng.conf
+ install -Dm644 "$srcdir"/syslog-ng.logrotate.conf "$pkgdir"/lib/zdt/syslog-ng.logrotate.conf
+
+ # monit
+ mkdir -p "$pkgdir"/etc/monit.d
+ install -Dm600 "$srcdir"/monitrc "$pkgdir"/etc/monitrc.zdt
+
+ # ps_mem
+ install -Dm755 "$srcdir"/ps_mem.py "$pkgdir"/usr/sbin/ps_mem
+
+ # Neofetch
+ install -Dm644 "$srcdir"/neofetch.conf "$pkgdir"/etc/neofetch.conf
+ install -Dm644 "$srcdir"/zdt-ascii.txt "$pkgdir"/etc/neofetch-logo.txt
+ mkdir -p "$pkgdir"/etc/profile.d
+ echo '[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && neofetch --config /etc/neofetch.conf' > "$pkgdir"/etc/profile.d/motd.sh
}
aws() {
+ # Basic AWS tools
mkdir -p "$subpkgdir"
install -Dm755 "$srcdir"/route53.py "$subpkgdir"/usr/sbin/route53.py
install -Dm755 "$srcdir"/get_iam_sshkeys.py "$subpkgdir"/usr/sbin/get_iam_sshkeys.py
+
+ # Cloudbender SNS integration
+ install -Dm755 "$srcdir"/cloudbender.stop "$subpkgdir"/etc/local.d/cloudbender.stop
+ install -Dm755 "$srcdir"/monit_alert.sh.aws "$pkgdir"/usr/bin/monit_alert.sh
+ mkdir -p "$subpkgdir"/etc/cloudbender/shutdown.d
}
sha512sums="
+16f4020e2e1f93b13b2ce140dea0c31066a55709cb3ae2ece54b9a6db57583e226bc43ac62be18f5a60274b87ae0de8c6bc613597988451853cdf085cae245eb zdt-mount.init
+b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
+76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
+9d087f2d4403a9c6d4d2f06fbb86519f2b8b134d8eb305facaef07c183815f917fb7bac916d39d504dbab7fdf3321a3f70954dde57e8986cc223371715bb1c54 syslog-ng.conf
+484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
+b928ba547af080a07dc9063d44cb0f258d0e88e7c5a977e8f1cf1263c23608f0a138b8ffca0cdf5818ee72fccb3ce8433f877811be3107bb9c275dfff988179c monitrc
+64944727d658ff37e7ff9d22a23869e225e104d9229756ba4fef1fc481c56f782472a1c74f8127636b4a98d4545ae30e7d35822a1f0a0fa31a59ec8eaf8c0396 monit_alert.sh.aws
+346b0170ada6cc1207ffb7b8ef138a1570a63c7df4d57618aa4b6b6c0d2df2197b0f5b23578ec83c641ee5e724865ac06985222e125809c990467426a0851b72 neofetch.conf
+532b8e2eb04942ab20bdc36b5dea1c60239fcbfcb85706123f3e05c18d65c938b85e9072d964ae5793177625a8db47b532db1f5bd5ed5ecbb70d5a331666ff54 zdt-ascii.txt
+c565516121b9e6f9d5f769511eb900546753e67cc4208d1b388fdce44cd28699261a5c3905f9a168d4b2d45ac65ac3a2a6a95335f1bbd76d2f444d5f50ec5c9e dhclient.conf
+399356eaf09b41cde101aa9164eb492dc824e4bc75d8cd2197d1c2d6120349462dad2791609fb073285b3d3545067611f4608ff14b9d9586a46909269f496c02 cloudbender.stop
2d419d5c25a3829e99326b09876f459e48ab66f5756a8ad39b406c0f2829f5a323e8ff512afd8f32b7b07f24c88efa911bee495ce6c4d1925194cb54d3ba57bd route53.py
00eaff6c0a506580340b2547c3b1602a54238bac6090a15516839411478a4b4fdc138668b8ad23455445131f3a3e3fda175ed4bb0dd375402641c0e7b69c3218 get_iam_sshkeys.py
"
diff --git a/kubezero/zdt-base/cloudbender.stop b/kubezero/zdt-base/cloudbender.stop
new file mode 100755
index 0000000..d84fd44
--- /dev/null
+++ b/kubezero/zdt-base/cloudbender.stop
@@ -0,0 +1,15 @@
+# Include dynamic config setting create at boot
+[ -r /etc/cloudbender/rc.conf ] && . /etc/cloudbender/rc.conf
+
+rm -f /tmp/shutdown.log
+
+for cmd in $(ls /etc/cloudbender/shutdown.d/* | sort); do
+ . $cmd 1>>/tmp/shutdown.log 2>&1
+done
+
+[ $DEBUG -eq 1 ] && SHUTDOWNLOG="$(cat /tmp/shutdown.log)"
+
+[ -n "$RC_REBOOT" ] && ACTION="rebooting" || ACTION="terminated"
+[ -z "$DISABLE_SCALING_EVENTS" ] && cloudbender_sns_alarm.sh "Instance $ACTION" "" Info "$SHUTDOWNLOG"
+
+sleep ${SHUTDOWN_PAUSE:-0}
diff --git a/kubezero/zdt-base/dhclient.conf b/kubezero/zdt-base/dhclient.conf
new file mode 100644
index 0000000..12b6b25
--- /dev/null
+++ b/kubezero/zdt-base/dhclient.conf
@@ -0,0 +1,12 @@
+# Borrowed from Ubuntu 20.04LTS minimal EC2 AMi
+
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+
+send host-name = gethostname();
+request subnet-mask, broadcast-address, time-offset, routers,
+ domain-name, domain-name-servers, domain-search, host-name,
+ dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
+ netbios-name-servers, netbios-scope, interface-mtu,
+ rfc3442-classless-static-routes, ntp-servers;
+
+timeout 300;
diff --git a/kubezero/zdt-base/etc/init.d/zdt-mount b/kubezero/zdt-base/etc/init.d/zdt-mount
new file mode 100644
index 0000000..973ad11
--- /dev/null
+++ b/kubezero/zdt-base/etc/init.d/zdt-mount
@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+# vim:set ts=8 noet ft=sh:
+
+description="ZDT stateful /var"
+
+depend() {
+ after mdev
+ before syslog-ng
+}
+
+start() {
+ ebegin "Looking for suitable /var"
+ echo "fake it"
+ eend $?
+}
+
diff --git a/kubezero/zdt-base/monit_alert.sh.aws b/kubezero/zdt-base/monit_alert.sh.aws
new file mode 100755
index 0000000..636d77c
--- /dev/null
+++ b/kubezero/zdt-base/monit_alert.sh.aws
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+LEVEL=${1}
+shift
+
+ATTACHMENT="$@"
+
+if [ -n "${MONIT_SERVICE}${MONIT_EVENT}" -a -n "$MONIT_DESCRIPTION" ]; then
+ [ -x /var/lib/cloudbender/sns_alarm.sh ] && \
+ /var/lib/cloudbender/sns_alarm.sh "$MONIT_SERVICE - $MONIT_EVENT" "$MONIT_DESCRIPTION" "$LEVEL" "$ATTACHMENT"
+fi
diff --git a/kubezero/zdt-base/monitrc b/kubezero/zdt-base/monitrc
new file mode 100644
index 0000000..5743962
--- /dev/null
+++ b/kubezero/zdt-base/monitrc
@@ -0,0 +1,19 @@
+# Give instance 3 min to settle after boot
+set daemon 30
+ with start delay 180
+
+set log syslog
+
+set httpd port 2812 and
+ use address localhost
+ allow localhost
+ allow admin:localmonit
+
+# Basic rootfs check
+# >80%: emergency logrotate
+# >90%: warning
+check filesystem rootfs with path /
+ if space usage > 80% then exec "/etc/periodic/hourly/logrotate"
+ if space usage > 90% then exec "/usr/bin/monit_alert.sh warning"
+
+include /etc/monit.d/*.conf
diff --git a/kubezero/zdt-base/neofetch.conf b/kubezero/zdt-base/neofetch.conf
new file mode 100644
index 0000000..585fa39
--- /dev/null
+++ b/kubezero/zdt-base/neofetch.conf
@@ -0,0 +1,35 @@
+print_info() {
+ echo -e "\n"
+
+ prin "$(color 1)Welcome to Alpine - ZeroDownTime edition"
+ echo
+ prin "Release Notes:"
+ prin " - "
+ prin " - "
+ echo
+
+ info title
+ info underline
+
+ info "OS" distro
+ info "Host" model
+ info "Kernel" kernel
+ info "Uptime" uptime
+ # info "Packages" packages
+ info "CPU" cpu
+ info "GPU" gpu
+ info "Memory" memory
+
+ info "GPU Driver" gpu_driver # Linux/macOS only
+ info "CPU Usage" cpu_usage
+ info "Local IP" local_ip
+ info "Disk" disk
+
+ info underline
+}
+
+title_fqdn="off"
+memory_percent="on"
+colors=(1 2 15 15 15 15)
+image_source="/etc/neofetch-logo.txt"
+gap=0
diff --git a/kubezero/zdt-base/syslog-ng.conf b/kubezero/zdt-base/syslog-ng.conf
new file mode 100644
index 0000000..0570d26
--- /dev/null
+++ b/kubezero/zdt-base/syslog-ng.conf
@@ -0,0 +1,22 @@
+# syslog-ng, format all json into messages
+# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.23/administration-guide/63#TOPIC-1268643
+
+@version: 3.36
+@include "scl.conf"
+
+options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
+ dns_cache(no); owner("root"); group("adm"); perm(0640);
+ stats_freq(0); bad_hostname("^gconfd$"); frac-digits(6);
+};
+
+source s_sys { system(); internal();};
+
+destination d_mesg { file("/var/log/messages" template("$(format-json time=\"$UNIXTIME\" facility=\"$FACILITY\" host=\"$LOGHOST\" ident=\"$PROGRAM\" pid=\"$PID\" level=\"$PRIORITY\" message=\"$MESSAGE\")\n")); };
+
+# filter ipvs loggging each SYN to closed port
+# IPVS: rr: TCP 10.52.82.199:31021 - no destination available
+filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
+# "message":"net_ratelimit: 16 callbacks suppressed"
+filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
+
+log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
diff --git a/kubezero/zdt-base/syslog-ng.logrotate.conf b/kubezero/zdt-base/syslog-ng.logrotate.conf
new file mode 100644
index 0000000..93bbbd8
--- /dev/null
+++ b/kubezero/zdt-base/syslog-ng.logrotate.conf
@@ -0,0 +1,13 @@
+/var/log/messages
+{
+ nodateext
+ rotate 2
+ missingok
+ notifempty
+ compress
+ maxsize 32M
+ sharedscripts
+ postrotate
+ /etc/init.d/syslog-ng --ifstarted reload >/dev/null
+ endscript
+}
diff --git a/kubezero/zdt-base/zdt-ascii.txt b/kubezero/zdt-base/zdt-ascii.txt
new file mode 100644
index 0000000..b3e74e5
--- /dev/null
+++ b/kubezero/zdt-base/zdt-ascii.txt
@@ -0,0 +1,21 @@
+\x1b[38;2;32;120;108m ..
+ ox@@@@@x
+ -x@@@@@@@@@@@@x-
+ .x@@@x- -x@@@x.
+ ox@@@@x ox@@@@@@@@x- x@@@@xo
+ @@@@@@@@ x@@@@@@@@@@@@x @@@@@@@@o
+ o @@@@@x -x@@@@@@@@x- x@@@@@ o
+ @@@x- @@@x- -x@@@o .x@@@.
+ @@@@@@@x. x@@@@@@@@@@@@@ o@@@@@@@.
+ @@@@@@@@@@xo @@@@@@ -x@@@@@xx@@@.
+ @@@@@@@@@@@@@@x- .x@@@@@x- -@@@.
+ @@@@@@@@ @@@@@@@@ x@@@@@x ox x@@@.
+ @@@@ -@@ @@@@@@@@ @@@@ -x@@x .@@@@@.
+ @@@@x @ @@@@@@@@ @@@x .-o .x@@@.
+ @@@@@x @xoo@@@@ @@@@xx .xxx -@@@.
+ @@@@@@@ @@@@ @@@@@ x@xo x@@@.
+ @@@@@@@. -x@@@@@@ @@@@ x. -x@@@@@
+ .@@@@@@@@@@@@@ @@@x .x@@@@@x
+ x@@@@@@@@@ @@@@x@@@@@
+ @@@@@@ @@@@@@.
+ o@@ @@x
diff --git a/kubezero/zdt-base/zdt-base.post-install b/kubezero/zdt-base/zdt-base.post-install
new file mode 100644
index 0000000..f3211d3
--- /dev/null
+++ b/kubezero/zdt-base/zdt-base.post-install
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Enable SSH keepalive
+sed -i -e 's/^[\s#]*TCPKeepAlive\s.*/TCPKeepAlive yes/' -e 's/^[\s#]*ClientAliveInterval\s.*/ClientAliveInterval 60/' /etc/ssh/sshd_config
+echo 'enabled SSH keep alives'
+
+# CgroupsV2
+sed -i -e 's/^[\s#]*rc_cgroup_mode=.*/rc_cgroup_mode="unified"/' /etc/rc.conf
+echo 'enabled cgroupv2'
+
+# Setup syslog-ng json logging
+cp /lib/zdt/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+cp /lib/zdt/syslog-ng.logrotate.conf /etc/logrotate.d/syslog-ng
+
+mv /etc/periodic/daily/logrotate /etc/periodic/hourly/
+echo 'syslog-ng: all to /var/log/messages as json, rotate hourly'
+
+# use init to spawn monit
+echo ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc.zdt" >> /etc/inittab
+echo 'Enable monit via inittab'
+
+# QoL
+mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh || true
+echo 'alias rs="doas bash"' > /etc/profile.d/alias.sh
+
diff --git a/kubezero/zdt-base/zdt-mount.init b/kubezero/zdt-base/zdt-mount.init
new file mode 100755
index 0000000..973ad11
--- /dev/null
+++ b/kubezero/zdt-base/zdt-mount.init
@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+# vim:set ts=8 noet ft=sh:
+
+description="ZDT stateful /var"
+
+depend() {
+ after mdev
+ before syslog-ng
+}
+
+start() {
+ ebegin "Looking for suitable /var"
+ echo "fake it"
+ eend $?
+}
+
diff --git a/kubezero/zdt-base/zdt-sysctl.conf b/kubezero/zdt-base/zdt-sysctl.conf
new file mode 100644
index 0000000..c61ef3b
--- /dev/null
+++ b/kubezero/zdt-base/zdt-sysctl.conf
@@ -0,0 +1,15 @@
+net.core.somaxconn = 1024
+net.core.netdev_max_backlog = 4096
+net.core.rmem_max = 16777216
+net.core.wmem_max = 16777216
+net.ipv4.tcp_wmem = 4096 12582912 16777216
+net.ipv4.tcp_rmem = 4096 12582912 16777216
+net.ipv4.tcp_max_syn_backlog = 8192
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_retries2 = 9
+net.ipv4.tcp_slow_start_after_idle = 0
+net.ipv4.ip_no_pmtu_disc = 0
+net.ipv4.ip_forward_use_pmtu = 0
+kernel.panic = 10
+kernel.panic_on_oops = 1
+vm.oom_dump_tasks = 0