This should solve the issue where RHEL7 machines that get a network
hiccup need an OpenVPN restart to restore their routes.
The code is broken in the current upstream OpenVPN release, such that
it does tear down some of the routes during a ping-restart (when the
connection is dropped due to network hiccups), but the reconnection
code does not restore the routes.
I am working on an upstream patch to fix this, but in the meantime
disabling persist-tun will make sure that OpenVPN does the entire
initialization upon reconnection, which makes sure that all routes
are created.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This makes sure that the global version does not get changed while processing
a request, keeping the hostnet check working across requests.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
The mirrorlist-server is the process which has the mirrorlist data
loaded and which is accessed by the public facing
mirrorlist_client.wsgi. The mirrorlist-server uses the
ForkingUnixStreamServer which has a default of max_children = 40.
(https://hg.python.org/cpython/file/2.7/Lib/SocketServer.py#l516)
Looking at the code of ForkingUnixStreamServer it says at
https://hg.python.org/cpython/file/2.7/Lib/SocketServer.py#l523
# If we're above the max number of children, wait and reap them until
# we go back below threshold. Note that we use waitpid(-1) below to be
# able to collect children in size(<defunct children>) syscalls instead
# of size(<children>): the downside is that this might reap children
# which we didn't spawn, which is why we only resort to this when we're
# above max_children.
As we are running the wsgi with processes=45 this sounds like it can
lead to situation where it might just hang.
This increases max_children to 80 and processes to 60.
Signed-off-by: Adrian Reber <adrian@lisas.de>
- koschei-specific setup tasks are moved to a new koschei role
- cloud dev instance is made to use koschei role
- stg and prod instances are added to inventory
- koschei host group is introduced
