Initial commit of PVC Ansible role

2019-06-09 00:11:06 -04:00
commit 8ac0776a8e
92 changed files with 4709 additions and 0 deletions
--- a/roles/pvc/templates/ceph/default.conf.j2
+++ b/roles/pvc/templates/ceph/default.conf.j2
@ -0,0 +1,4 @@
+# Environment file for ceph daemon systemd unit files.
+# {{ ansible_managed }}
+
+LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1
--- a/roles/pvc/templates/ceph/limits.conf.j2
+++ b/roles/pvc/templates/ceph/limits.conf.j2
@ -0,0 +1,4 @@
+# Limits for ceph processes
+# {{ ansible_managed }}
+ceph       soft    nproc     unlimited
+ceph       soft    nofile    unlimited
--- a/roles/pvc/templates/ceph/sysctl.conf.j2
+++ b/roles/pvc/templates/ceph/sysctl.conf.j2
@ -0,0 +1,4 @@
+# sysctl: tweak settings for Ceph
+# {{ ansible_managed }}
+
+vm.swappiness = 0
--- a/roles/pvc/templates/frr/daemons.j2
+++ b/roles/pvc/templates/frr/daemons.j2
@ -0,0 +1,16 @@
+# frr daemon status
+# {{ ansible_managed }}
+zebra=yes
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+ldpd=no
+nhrpd=no
+eigrpd=no
+babeld=no
+sharpd=no
+pbrd=no
--- a/roles/pvc/templates/frr/frr.conf.j2
+++ b/roles/pvc/templates/frr/frr.conf.j2
@ -0,0 +1,53 @@
+! frr main configuration
+! {{ ansible_managed }}
+!
+frr version 4.0
+frr defaults traditional
+hostname cloud-14
+no ipv6 forwarding
+username cumulus nopassword
+!
+service integrated-vtysh-config
+!
+log syslog informational
+!
+line vty
+!
+! BGP EVPN mesh configuration
+!
+router bgp {{ pvc_asn }}
+  bgp router-id {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.router_id }}{% endfor %}
+
+  no bgp default ipv4-unicast
+  ! BGP sessions with route reflectors
+  neighbor fabric peer-group
+  neighbor fabric remote-as {{ pvc_asn }}
+  neighbor fabric capability extended-nexthop
+{% for node in pvc_nodes if node.is_coordinator %}
+  neighbor {{ node.router_id }} peer-group fabric
+{% endfor %}
+  ! BGP sessions with upstream routers
+  neighbor upstream peer-group
+  neighbor upstream remote-as {{ pvc_asn }}
+  neighbor upstream capability extended-nexthop
+{% for router in pvc_routers %}
+  neighbor {{ router }} peer-group upstream
+{% endfor %}
+  !
+  address-family l2vpn evpn
+   neighbor fabric activate
+   advertise-all-vni
+  exit-address-family
+  address-family ipv4 unicast
+   neighbor fabric activate
+   neighbor upstream activate
+   redistribute connected
+  exit-address-family
+  address-family ipv6 unicast
+   neighbor fabric activate
+   neighbor upstream activate
+   redistribute connected
+  exit-address-family
+  !
+  exit
+!
--- a/roles/pvc/templates/libvirt/ceph-secret.xml.j2
+++ b/roles/pvc/templates/libvirt/ceph-secret.xml.j2
@ -0,0 +1,6 @@
+<secret ephemeral='no' private='no'>
+  <uuid>{{ ceph_storage_secret_uuid }}</uuid>
+  <usage type='ceph'>
+    <name>client.libvirt secret</name>
+  </usage>
+</secret>
--- a/roles/pvc/templates/libvirt/libvirtd.conf.j2
+++ b/roles/pvc/templates/libvirt/libvirtd.conf.j2
@ -0,0 +1,7 @@
+# PVC libvirt daemon configuration file
+# {{ ansible_managed }}
+
+listen_tls = 0
+listen_tcp = 1
+tcp_port = "16509"
+auth_tcp = "none"
--- a/roles/pvc/templates/patroni/patroni.yml.j2
+++ b/roles/pvc/templates/patroni/patroni.yml.j2
@ -0,0 +1,63 @@
+scope: pvcdns
+namespace: /patroni
+name: {{ ansible_hostname }}
+
+restapi:
+    listen: '0.0.0.0:8008'
+    connect_address: '{{ ansible_fqdn }}:8008'
+
+zookeeper:
+    hosts: [ {% for host in groups[ansible_local.host_group] %}'{{ host }}.{{ ansible_domain }}:2181',{% endfor %} ]
+
+bootstrap:
+    dcs:
+        ttl: 30
+        loop_wait: 10
+        retry_timeout: 10
+        maximum_lag_on_failover: 1048576
+        postgresql:
+            use_pg_rewind: true
+
+    initdb:
+    - encoding: UTF8
+    - data-checksums
+
+    pg_hba:
+    - local all all peer
+    - host replication replicator 127.0.0.1/32 trust
+{% for host in groups[ansible_local.host_group] %}
+    - host replication replicator {{ host }}.{{ ansible_domain }} trust
+{% endfor %}
+    - host all all 0.0.0.0/0 md5
+
+    users:
+        admin:
+            password: admin
+            options:
+                - createrole
+                - createdb
+
+postgresql:
+    listen: '0.0.0.0:5432'
+    connect_address: '{{ ansible_fqdn }}:5432'
+    log_destination: 'stderr'
+    log_min_messages: INFO
+    custom_conf: /etc/postgresql/postgresql.pvc.conf
+    bin_dir: /usr/lib/postgresql/11/bin
+    data_dir: /var/lib/postgresql/patroni/pvc
+    pgpass: /tmp/pgpass
+    authentication:
+        replication:
+            username: '{{ pvc_replication_database_user }}'
+            password: '{{ pvc_replication_database_password }}'
+        superuser:
+            username: '{{ pvc_superuser_database_user }}'
+            password: '{{ pvc_superuser_database_password }}'
+    parameters:
+        unix_socket_directories: '/run/postgresql'
+
+tags:
+    nofailover: false
+    noloadbalance: false
+    clonefrom: false
+    nosync: false
--- a/roles/pvc/templates/patroni/postgresql.pvc.conf.j2
+++ b/roles/pvc/templates/patroni/postgresql.pvc.conf.j2
@ -0,0 +1,21 @@
+# Additional PostgreSQL tuning parameters for PVC Patroni instance
+# {{ ansible_managed }}
+
+max_connections = 100
+shared_buffers = 64MB
+effective_cache_size = 256MB
+dynamic_shared_memory_type = posix
+
+random_page_cost = 1
+seq_page_cost = 1
+
+log_timezone = 'localtime'
+datestyle = 'iso, dmy'
+timezone = 'localtime'
+
+lc_messages = 'en_CA.UTF-8'
+lc_monetary = 'en_CA.UTF-8'
+lc_numeric = 'en_CA.UTF-8'
+lc_time = 'en_CA.UTF-8'
+
+default_text_search_config = 'pg_catalog.english'
--- a/roles/pvc/templates/pvc/pvcd.yaml.j2
+++ b/roles/pvc/templates/pvc/pvcd.yaml.j2
@ -0,0 +1,75 @@
+---
+# pvcd cluster configuration
+# {{ ansible_managed }}
+pvc:
+  node: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.hostname }}{% endfor %}
+
+  functions:
+    enable_hypervisor: True
+    enable_networking: True
+    enable_storage: False
+  cluster:
+    coordinators:
+{% for node in pvc_nodes if node.is_coordinator %}
+      - {{ node.hostname }}
+{% endfor %}
+    networks:
+      cluster:
+        domain: {{ pvc_cluster_domain }}
+        network: {{ pvc_cluster_subnet }}
+        floating_ip: {{ pvc_cluster_floatingip }}
+      storage:
+        domain: {{ pvc_storage_domain }}
+        network: {{ pvc_storage_subnet }}
+        floating_ip: {{ pvc_storage_floatingip }}
+      upstream:
+        domain: {{ pvc_upstream_domain }}
+        network: {{ pvc_upstream_subnet }}
+        floating_ip: {{ pvc_upstream_floatingip }}
+        gateway: {{ pvc_upstream_gatewayip }}
+  coordinator:
+    dns:
+      database:
+        host: localhost
+        port: 5432
+        name: pvcdns
+        user: pvcdns
+        pass: PVCdnsPassw0rd
+  system:
+    fencing:
+      intervals:
+        keepalive_interval: 5
+        fence_intervals: 6
+        suicide_intervals: 0
+      actions:
+        successful_fence: migrate
+        failed_fence: None
+      ipmi:
+        host: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.ipmi_host }}{% endfor %}
+
+        user: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.ipmi_user }}{% endfor %}
+
+        pass: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.ipmi_password }}{% endfor %}
+
+    migration:
+      target_selector: mem
+    configuration:
+      directories:
+        dynamic_directory: "/run/pvc"
+        log_directory: "/var/log/pvc"
+        console_log_directory: "/var/log/libvirt"
+      logging:
+        file_logging: True
+        stdout_logging: True
+        console_log_lines: 1000
+      networking:
+        devices:
+          cluster: {{ pvc_cluster_device }}
+          storage: {{ pvc_storage_device }}
+          upstream: {{ pvc_upstream_device }}
+        addresses:
+          cluster: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.cluster_ip }}{% endfor %}
+
+          storage: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.storage_ip }}{% endfor %}
+
+          upstream: {% for node in pvc_nodes if node.hostname == ansible_hostname %}{{ node.upstream_ip }}{% endfor %}
--- a/roles/pvc/templates/system/blacklist.j2
+++ b/roles/pvc/templates/system/blacklist.j2
@ -0,0 +1,11 @@
+# modprobe blacklist
+# {{ ansible_managed }}
+
+# Blacklist GPU drivers
+blacklist nouveau
+blacklist radeon
+blacklist amdgpu
+blacklist snd_hda_intel
+
+# Blacklist HP Proliant management
+blacklist hpwdt
--- a/roles/pvc/templates/zookeeper/configuration.xsl.j2
+++ b/roles/pvc/templates/zookeeper/configuration.xsl.j2
@ -0,0 +1,25 @@
+<!-- {{ ansible_managed }} -->
+<?xml version="1.0"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+<xsl:output method="html"/>
+<xsl:template match="configuration">
+<html>
+<body>
+<table border="1">
+<tr>
+ <td>name</td>
+ <td>value</td>
+ <td>description</td>
+</tr>
+<xsl:for-each select="property">
+<tr>
+  <td><a name="{name}"><xsl:value-of select="name"/></a></td>
+  <td><xsl:value-of select="value"/></td>
+  <td><xsl:value-of select="description"/></td>
+</tr>
+</xsl:for-each>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
--- a/roles/pvc/templates/zookeeper/environment.j2
+++ b/roles/pvc/templates/zookeeper/environment.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+ZOOMAIN=org.apache.zookeeper.server.quorum.QuorumPeerMain
+ZOOCFGDIR=/etc/zookeeper/conf
+ZOOCFG=/etc/zookeeper/conf/zoo.cfg
+ZOO_LOG_DIR=/var/log/zookeeper
+ZOO_LOG4J_PROP=INFO,ROLLINGFILE
+JMXLOCALONLY=false
+JAVA_OPTS=""
+JAVA=/usr/bin/java
+CLASSPATH="/etc/zookeeper/conf:/usr/share/java/jline.jar:/usr/share/java/log4j-1.2.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/xmlParserAPIs.jar:/usr/share/java/netty.jar:/usr/share/java/slf4j-api.jar:/usr/share/java/slf4j-log4j12.jar:/usr/share/java/zookeeper.jar"
--- a/roles/pvc/templates/zookeeper/log4j.properties.j2
+++ b/roles/pvc/templates/zookeeper/log4j.properties.j2
@ -0,0 +1,50 @@
+# ZooKeeper Logging Configuration
+# {{ ansible_managed }}
+
+# Format is "<default threshold> (, <appender>)+
+
+log4j.rootLogger=${zookeeper.root.logger}
+
+# Example: console appender only
+# log4j.rootLogger=INFO, CONSOLE
+
+# Example with rolling log file
+#log4j.rootLogger=DEBUG, CONSOLE, ROLLINGFILE
+
+# Example with rolling log file and tracing
+#log4j.rootLogger=TRACE, CONSOLE, ROLLINGFILE, TRACEFILE
+
+#
+# Log INFO level and above messages to the console
+#
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+#
+# Add ROLLINGFILE to rootLogger to get log file output
+#    Log DEBUG level and above messages to a log file
+log4j.appender.ROLLINGFILE=org.apache.log4j.RollingFileAppender
+log4j.appender.ROLLINGFILE.Threshold=DEBUG
+log4j.appender.ROLLINGFILE.File=${zookeeper.log.dir}/zookeeper.log
+
+# Max log file size of 10MB
+log4j.appender.ROLLINGFILE.MaxFileSize=10MB
+# uncomment the next line to limit number of backup files
+#log4j.appender.ROLLINGFILE.MaxBackupIndex=10
+
+log4j.appender.ROLLINGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.ROLLINGFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+
+#
+# Add TRACEFILE to rootLogger to get log file output
+#    Log DEBUG level and above messages to a log file
+log4j.appender.TRACEFILE=org.apache.log4j.FileAppender
+log4j.appender.TRACEFILE.Threshold=TRACE
+log4j.appender.TRACEFILE.File=${zookeeper.log.dir}/zookeeper_trace.log
+
+log4j.appender.TRACEFILE.layout=org.apache.log4j.PatternLayout
+### Notice we are including log4j's NDC here (%x)
+log4j.appender.TRACEFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L][%x] - %m%n
--- a/roles/pvc/templates/zookeeper/myid.j2
+++ b/roles/pvc/templates/zookeeper/myid.j2
@ -0,0 +1 @@
+{{ ansible_local.host_id }}
--- a/roles/pvc/templates/zookeeper/zoo.cfg.j2
+++ b/roles/pvc/templates/zookeeper/zoo.cfg.j2
@ -0,0 +1,13 @@
+# PVC Zookeeper configuration
+# {{ ansible_managed }}
+
+tickTime=1000
+initLimit=10
+syncLimit=5
+dataDir=/var/lib/zookeeper
+
+clientPort=2181
+
+{% for node in pvc_nodes if node.is_coordinator %}
+server.{{ node.node_id }}={{ node.hostname }}:2888:3888
+{% endfor %}