From 72611564bcdcce823a0ddc905b49b94a241f6088 Mon Sep 17 00:00:00 2001
From: Lu Qiuwen <luqiuwen@gmail.com>
Date: Fri, 6 Aug 2021 16:32:33 +0800
Subject: [PATCH] =?UTF-8?q?TSG-7213=20=E5=90=AF=E7=94=A8systemd-coredump?=
 =?UTF-8?q?=EF=BC=8C=E5=A2=9E=E5=8A=A0=E5=9C=A8=E6=9C=AC=E5=9C=B0=E8=AE=B0?=
 =?UTF-8?q?=E5=BD=95coredump=E7=9A=84=E5=8A=9F=E8=83=BD=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../coredump/coredump_setup_override.conf.j2  | 12 ++++++
 .../files/tasks/provision.yml.7400MCN0P01R01  | 10 +++++
 .../tasks/provision.yml.7400MCN123P01R01      | 10 +++++
 .../files/tasks/provision.yml.9000NPBP01R01   | 10 +++++
 ansible/roles/tsg-os-provision/tasks/main.yml |  7 ++++
 rootconf/sysroot-usr/sysctl/50-coredump.conf  | 37 +++++++++++++++++++
 tools/mk-base-image                           |  2 +
 7 files changed, 88 insertions(+)
 create mode 100644 ansible/roles/tsg-os-provision/files/coredump/coredump_setup_override.conf.j2
 create mode 100644 rootconf/sysroot-usr/sysctl/50-coredump.conf

diff --git a/ansible/roles/tsg-os-provision/files/coredump/coredump_setup_override.conf.j2 b/ansible/roles/tsg-os-provision/files/coredump/coredump_setup_override.conf.j2
new file mode 100644
index 00000000..ef102a42
--- /dev/null
+++ b/ansible/roles/tsg-os-provision/files/coredump/coredump_setup_override.conf.j2
@@ -0,0 +1,12 @@
+[Coredump]
+{% if coredump.format == 'core' %}
+Storage=external
+{% else %}
+Storage=none
+{% endif %}
+Compress=no
+ProcessSizeMax=128G
+ExternalSizeMax=128G
+JournalSizeMax=128G
+MaxUse=50
+KeepFree=50
\ No newline at end of file
diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
index 5b88e978..9df1f12e 100644
--- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
@@ -198,6 +198,16 @@
         - maat-redis
         - maat-redis-exporter
 
+    - name: "tsg-os-provision: coredump setup override - mkdir"
+      file:
+        path: /usr/lib/systemd/coredump.conf.d/
+        state: directory
+
+    - name: "tsg-os-provision: coredump setup override - override"
+      template:
+        src: "../templates/coredump_setup_override.conf.j2"
+        dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
+
     - name: "tsg-os-provision: snapshot the stage2 config files"
       copy:
         src: /data/tsg-os-provision/provision.yml
diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01
index c0c61d45..fc1cd650 100644
--- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01
@@ -68,6 +68,16 @@
         dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
       tags: tfe
 
+    - name: "tsg-os-provision: coredump setup override - mkdir"
+      file:
+        path: /usr/lib/systemd/coredump.conf.d/
+        state: directory
+
+    - name: "tsg-os-provision: coredump setup override - override"
+      template:
+        src: "../templates/coredump_setup_override.conf.j2"
+        dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
+
     - name: 'tsg-os-provision: execute command - systemctl daemon-reload'
       systemd:
         daemon_reload: yes
diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
index 4b52c12e..67d784c3 100644
--- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
@@ -114,6 +114,16 @@
         dest: /opt/tsg/etc/tsg_device_tag.json
       tags: tsg_device_tag
 
+    - name: "tsg-os-provision: coredump setup override - mkdir"
+      file:
+        path: /usr/lib/systemd/coredump.conf.d/
+        state: directory
+
+    - name: "tsg-os-provision: coredump setup override - override"
+      template:
+        src: "../templates/coredump_setup_override.conf.j2"
+        dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
+
     - name: 'tsg-os-provision: execute command - systemctl daemon-reload'
       systemd:
         daemon_reload: yes
diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml
index 32b14fbe..870fe02b 100644
--- a/ansible/roles/tsg-os-provision/tasks/main.yml
+++ b/ansible/roles/tsg-os-provision/tasks/main.yml
@@ -23,6 +23,13 @@
     - adapt_tera_network_setting.sh.j2
     - setup_policy_log_nic_network.sh.j2
 
+- name: "tsg-os-provision: template coredump settings"
+  copy:
+    src: "{{ role_path }}/files/coredump/{{ item }}"
+    dest: "/opt/tsg/tsg-os-provision/templates/"
+  with_items:
+    - coredump_setup_override.conf.j2
+
 - name: "tsg-os-provision: copy tasks file that excutes provision to dest  - tsg9140"
   copy:
     src: "{{ role_path }}/files/tasks/provision.yml.9000NPBP01R01"
diff --git a/rootconf/sysroot-usr/sysctl/50-coredump.conf b/rootconf/sysroot-usr/sysctl/50-coredump.conf
new file mode 100644
index 00000000..75ad6090
--- /dev/null
+++ b/rootconf/sysroot-usr/sysctl/50-coredump.conf
@@ -0,0 +1,37 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) for the description of the files in this directory.
+
+# Pipe the core file to systemd-coredump. The systemd-coredump process spawned
+# by the kernel will start a second copy of itself as the
+# systemd-coredump@.service, which will do the actual processing and storing of
+# the core dump.
+#
+# See systemd-coredump(8) and core(5).
+kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
+
+# Allow 16 coredumps to be dispatched in parallel by the kernel.
+# We collect metadata from /proc/%P/, and thus need to make sure the crashed
+# processes are not reaped until we have finished collecting what we need. The
+# kernel default for this sysctl is "0" which means the kernel doesn't wait for
+# userspace to finish processing before reaping the crashed processes. With a
+# higher setting the kernel will delay reaping until we are done, but only for
+# the specified number of crashes in parallel. The value of 16 is chosen to
+# match systemd-coredump.socket's MaxConnections= value.
+kernel.core_pipe_limit=16
+
+# Also dump processes executing a set-user-ID/set-group-ID program that is
+# owned by a user/group other than the real user/group ID of the process, or
+# a program that has file capabilities. ("2" is called "suidsafe" in core(5)).
+#
+# systemd-coredump will store the core file owned by the effective uid and gid
+# of the running process (and not the filesystem-user-ID which the kernel uses
+# when saving a core dump).
+#
+# See proc(5), setuid(2), capabilities(7).
+fs.suid_dumpable=2
diff --git a/tools/mk-base-image b/tools/mk-base-image
index 1916f6fb..8475b027 100755
--- a/tools/mk-base-image
+++ b/tools/mk-base-image
@@ -72,6 +72,8 @@ chmod 0755 $projectdir/rootconf/sysroot-lib/*
 cp -rf $projectdir/rootconf/sysroot-bin/* $target/bin/
 cp -rf $projectdir/rootconf/sysroot-lib/* $target/lib/
 cp -rf $projectdir/rootconf/sysroot-usr/service/* $target/usr/lib/systemd/system
+cp -rf $projectdir/rootconf/sysroot-usr/sysctl/* $target/usr/lib/sysctl.d/
+
 ln -vfs --relative  $target/usr/lib/systemd/system/ldconfig.service $target/usr/lib/systemd/system/sysinit.target.wants/ldconfig.service
 
 #tty audit using pam