From 13078f865182ff02664a588e506824f73669cceb Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Mon, 25 Jun 2018 14:50:58 +0200
Subject: [PATCH] Enable cpu/memory accounting by default
The discovery script now uses a regex and no longer cares where exactly
accounting is enabled. Follow systemd upstream by enabling it by
default.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
roles/arch-boxes/tasks/main.yml | 3 ---
roles/borg-client/tasks/main.yml | 3 ---
roles/common/templates/system.conf.j2 | 4 ++--
roles/crond/tasks/main.yml | 3 ---
roles/dbscripts/tasks/main.yml | 6 ------
roles/dovecot/tasks/main.yml | 3 ---
roles/flyspray/tasks/main.yml | 3 ---
roles/grafana/tasks/main.yml | 3 ---
roles/kanboard/tasks/main.yml | 3 ---
roles/mariadb/tasks/main.yml | 3 ---
roles/matrix/tasks/main.yml | 5 -----
roles/nginx/tasks/main.yml | 3 ---
roles/opendkim/tasks/main.yml | 3 ---
roles/planet/tasks/main.yml | 3 ---
roles/postfix/tasks/main.yml | 3 ---
roles/postfwd/tasks/main.yml | 4 ----
roles/postgres/tasks/main.yml | 3 ---
roles/quassel/tasks/main.yml | 3 ---
roles/security_tracker/tasks/main.yml | 3 ---
roles/sogrep/tasks/main.yml | 2 --
roles/spampd/tasks/main.yml | 3 ---
roles/sshd/tasks/main.yml | 3 ---
roles/syncrepo/tasks/main.yml | 3 ---
roles/unbound/tasks/main.yml | 3 ---
roles/zabbix-agent/tasks/main.yml | 7 -------
roles/zabbix-server/tasks/main.yml | 5 -----
26 files changed, 2 insertions(+), 88 deletions(-)
diff --git a/roles/arch-boxes/tasks/main.yml b/roles/arch-boxes/tasks/main.yml
index 1dfadb701..3fce9ab4b 100644
--- a/roles/arch-boxes/tasks/main.yml
+++ b/roles/arch-boxes/tasks/main.yml
@@ -37,6 +37,3 @@
- name: start and enable arch-boxes timer
service: name='arch-boxes.timer' enabled=yes state=started
-
-- name: enable systemd ressource accounting
- command: systemctl set-property arch-boxes CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/borg-client/tasks/main.yml b/roles/borg-client/tasks/main.yml
index 704cdd990..6349dde08 100644
--- a/roles/borg-client/tasks/main.yml
+++ b/roles/borg-client/tasks/main.yml
@@ -61,6 +61,3 @@
- name: activate systemd timers for backup
service: name=borg-backup.timer enabled=yes state=started
-
-- name: enable systemd ressource accounting
- command: systemctl set-property borg-backup CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/common/templates/system.conf.j2 b/roles/common/templates/system.conf.j2
index 1d498e743..e0eaeca0f 100644
--- a/roles/common/templates/system.conf.j2
+++ b/roles/common/templates/system.conf.j2
@@ -38,11 +38,11 @@
#DefaultStartLimitIntervalSec=10s
#DefaultStartLimitBurst=5
#DefaultEnvironment=
-DefaultCPUAccounting=no
+DefaultCPUAccounting=yes
DefaultIOAccounting=no
DefaultIPAccounting=no
DefaultBlockIOAccounting=no
-DefaultMemoryAccounting=no
+DefaultMemoryAccounting=yes
DefaultTasksAccounting=yes
#DefaultTasksMax=15%
#DefaultLimitCPU=
diff --git a/roles/crond/tasks/main.yml b/roles/crond/tasks/main.yml
index aca98707e..f49087e64 100644
--- a/roles/crond/tasks/main.yml
+++ b/roles/crond/tasks/main.yml
@@ -6,6 +6,3 @@
- name: activate cronie.service
service: name=cronie enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property cronie CPUAccounting=yes MemoryAccounting=yes
-
diff --git a/roles/dbscripts/tasks/main.yml b/roles/dbscripts/tasks/main.yml
index c14416ff4..75ee26213 100644
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -225,9 +225,6 @@
- name: start and enable rsync
service: name=rsyncd.socket enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property system-rsyncd.slice CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes for rsync
firewalld: service=rsyncd permanent=true state=enabled
when: configure_firewall
@@ -238,9 +235,6 @@
- name: start and enable svnserve
service: name=svnserve enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property svnserve CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes for svnserve
firewalld: port=3690/tcp permanent=true state=enabled
when: configure_firewall
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index dda332780..99b43e15b 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -17,9 +17,6 @@
- name: start and enable dovecot
service: name=dovecot enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property dovecot CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled
with_items:
diff --git a/roles/flyspray/tasks/main.yml b/roles/flyspray/tasks/main.yml
index bce2cacdc..33787e904 100644
--- a/roles/flyspray/tasks/main.yml
+++ b/roles/flyspray/tasks/main.yml
@@ -59,6 +59,3 @@
- name: start and enable systemd socket
service: name=php-fpm@flyspray.socket state=started enabled=true
-
-- name: enable systemd ressource accounting
- command: systemctl set-property php-fpm@flyspray CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
index 1fe78d78b..59f167516 100644
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -21,6 +21,3 @@
- name: start and enable service
service: name=grafana state=started enabled=true
-
-- name: enable systemd ressource accounting
- command: systemctl set-property grafana CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/kanboard/tasks/main.yml b/roles/kanboard/tasks/main.yml
index 4df3c502c..9b300674b 100644
--- a/roles/kanboard/tasks/main.yml
+++ b/roles/kanboard/tasks/main.yml
@@ -48,9 +48,6 @@
- name: start and enable systemd socket
service: name=php-fpm@kanboard.socket state=started enabled=true
-- name: enable systemd ressource accounting
- command: systemctl set-property php-fpm@kanboard CPUAccounting=yes MemoryAccounting=yes
-
- name: install systemd timers for kanboard cronjob
template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 0fad28211..29f72724a 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -15,9 +15,6 @@
- name: start and enable the service
service: name=mariadb state=started enabled=yes
-- name: enable systemd ressource accounting
- command: systemctl set-property mariadb CPUAccounting=yes MemoryAccounting=yes
-
- name: delete anonymous users
mysql_user: user='' host_all=yes state='absent'
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 15d2408f4..b351a8847 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -150,8 +150,3 @@
- synapse.service
- matrix-appservice-irc.service
-- name: enable systemd ressource accounting
- command: systemctl set-property {{item}} CPUAccounting=yes MemoryAccounting=yes
- with_items:
- - synapse
- - matrix-appservice-irc
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index c24c71050..d2404689c 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -66,9 +66,6 @@
- name: enable nginx
service: name=nginx enabled=yes
-- name: enable systemd ressource accounting
- command: systemctl set-property nginx CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled
with_items:
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml
index 1b451c900..513aff0b6 100644
--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@@ -32,6 +32,3 @@
- name: start and enable opendkim
service: name=opendkim enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property opendkim CPUAccounting=yes MemoryAccounting=yes
-
diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml
index 018982aa1..edfbac02b 100644
--- a/roles/planet/tasks/main.yml
+++ b/roles/planet/tasks/main.yml
@@ -40,6 +40,3 @@
service: name={{ item }} enabled=yes state=started
with_items:
- planet.timer
-
-- name: enable systemd ressource accounting
- command: systemctl set-property planet CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 13a3d1d1b..4824ea54f 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -63,9 +63,6 @@
- name: start and enable postfix
service: name=postfix enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property postfix CPUAccounting=yes MemoryAccounting=yes
-
- name: remove old files
file: path={{item}} state=absent
with_items:
diff --git a/roles/postfwd/tasks/main.yml b/roles/postfwd/tasks/main.yml
index 71217cd17..6633cd264 100644
--- a/roles/postfwd/tasks/main.yml
+++ b/roles/postfwd/tasks/main.yml
@@ -11,7 +11,3 @@
- name: start and enable postfwd
service: name=postfwd enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property postfwd CPUAccounting=yes MemoryAccounting=yes
-
-
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index 49aa0f131..33578bc63 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -25,9 +25,6 @@
- name: start and enable postgres
service: name=postgresql enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property postgresql CPUAccounting=yes MemoryAccounting=yes
-
- name: set postgres user password
postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
become: yes
diff --git a/roles/quassel/tasks/main.yml b/roles/quassel/tasks/main.yml
index 7f240e7bf..713f1f2fe 100644
--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -62,9 +62,6 @@
- quassel.service
- clean-quassel.timer
-- name: enable systemd ressource accounting
- command: systemctl set-property quassel CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes
firewalld: port=4242/tcp permanent=true state=enabled
when: configure_firewall
diff --git a/roles/security_tracker/tasks/main.yml b/roles/security_tracker/tasks/main.yml
index 29fb0200d..d4a0e05e5 100644
--- a/roles/security_tracker/tasks/main.yml
+++ b/roles/security_tracker/tasks/main.yml
@@ -69,6 +69,3 @@
- name: start and enable security-tracker timer
service: name="security-tracker-update.timer" enabled=yes state=started
-
-- name: enable systemd ressource accounting
- command: systemctl set-property security-tracker-update CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/sogrep/tasks/main.yml b/roles/sogrep/tasks/main.yml
index f9a40ca73..e85d9e5f7 100644
--- a/roles/sogrep/tasks/main.yml
+++ b/roles/sogrep/tasks/main.yml
@@ -20,5 +20,3 @@
- name: start and enable sogrep units
service: name=createlinks.timer enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property createlinks CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/spampd/tasks/main.yml b/roles/spampd/tasks/main.yml
index 04a2edde8..491a9aaa3 100644
--- a/roles/spampd/tasks/main.yml
+++ b/roles/spampd/tasks/main.yml
@@ -49,6 +49,3 @@
- name: start spampd
service: name=spampd enabled=yes state=started
-
-- name: enable systemd ressource accounting
- command: systemctl set-property spampd CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index b97d6daad..03322775c 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -17,9 +17,6 @@
- name: start and enable sshd
service: name=sshd enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property sshd CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes
firewalld: service=ssh permanent=true state=enabled
when: configure_firewall
diff --git a/roles/syncrepo/tasks/main.yml b/roles/syncrepo/tasks/main.yml
index 02312b449..9e8ae4fd5 100644
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -27,9 +27,6 @@
- syncrepo.timer
- rsyncd.socket
-- name: enable systemd ressource accounting
- command: systemctl set-property system-rsyncd.slice CPUAccounting=yes MemoryAccounting=yes
-
- name: set local mirror as cachedir
lineinfile:
dest: /etc/pacman.conf
diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index 0f0980c5d..cc1562111 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -13,6 +13,3 @@
- name: Active service
service: name=unbound state=started enabled=yes
-
-- name: enable systemd ressource accounting
- command: systemctl set-property unbound CPUAccounting=yes MemoryAccounting=yes
diff --git a/roles/zabbix-agent/tasks/main.yml b/roles/zabbix-agent/tasks/main.yml
index dac1066c5..792b88ce1 100644
--- a/roles/zabbix-agent/tasks/main.yml
+++ b/roles/zabbix-agent/tasks/main.yml
@@ -59,16 +59,9 @@
service: name=nginx-zabbix.service enabled=yes state=started
when: "'nginx' in group_names"
-- name: enable systemd ressource accounting
- command: systemctl set-property nginx-zabbix CPUAccounting=yes MemoryAccounting=yes
- when: "'nginx' in group_names"
-
- name: run zabbix agent service
service: name=zabbix-agent enabled=yes state=started
-- name: enable systemd ressource accounting
- command: systemctl set-property zabbix-agent CPUAccounting=yes MemoryAccounting=yes
-
- name: open firewall holes
firewalld: service=zabbix-agent permanent=true state=enabled
when: configure_firewall
diff --git a/roles/zabbix-server/tasks/main.yml b/roles/zabbix-server/tasks/main.yml
index ffc087e5e..a5652e3af 100644
--- a/roles/zabbix-server/tasks/main.yml
+++ b/roles/zabbix-server/tasks/main.yml
@@ -63,8 +63,3 @@
- name: start and enable systemd socket
service: name=php-fpm@zabbix-web.socket state=started enabled=true
-- name: enable systemd ressource accounting php-fpm
- command: systemctl set-property php-fpm@zabbix-web CPUAccounting=yes MemoryAccounting=yes
-
-- name: enable systemd ressource accounting zabbix-server
- command: systemctl set-property zabbix-server-pgsql CPUAccounting=yes MemoryAccounting=yes
--
GitLab