--- # The name of the Ansible cluster group, used to set file paths and determine hosts in the cluster # This should match the lowest-level group in the Ansible `hosts` file that defines this cluster cluster_group: default # Local timezone for the cluster timezone_location: Canada/Eastern # Cluster domain for node FQDNs local_domain: upstream.local # Email address of the manager of the cluster manager_email: team@company.tld # DNS recursive servers and search domains for nodes recursive_dns_servers: - 8.8.8.8 - 8.8.4.4 recursive_dns_search_domains: - "{{ local_domain }}" # Cluster hardware model, used in pvc_user_configuration and grub_configuration below cluster_hardware: default # CPU governor, sets power and performance statistics of the system CPUs; default is ondemand # > Valid options are (usually): conservative, ondemand, powersave, userspace, performance, schedutil cpu_governor: ondemand # Debian package repository URL debian_main_repository: http://ftp.debian.org/debian debian_security_repository: http://security.debian.org debian_pvc_repository: https://repo.parallelvirtualcluster.org/debian # Enable Prometheus metric reporting from PVC nodes; installs prometheus-node-exporter and enables # (unauthenticated) metrics endpoints within the PVC API. Set "no" to turn off Prometheus metric # functionality. enable_prometheus_exporters: yes # Root user password # > Use pwgen to generate root_password: "" # GRUB configuration # > Generally this is a good default, though some systems use console 1 for serial-over-IPMI # consoles, so set this based on your actual hardware. grub: serial_console: "default": console: 0 # IPMI configuration # > For the "pvc" user password, use pwgen to generate. # > Set the "pvc"user with permissions in IPMI to reboot the host as this user will be use for # any fencing operations. # > Set the IP networking to match your expected IPMI configuration. ipmi: users: admin: username: "root" password: "{{ root_password }}" pvc: username: "host" password: "" hosts: "pvchv1": # This name MUST match the Ansible inventory_hostname's first portion, i.e. "inventory_hostname.split('.')[0]" hostname: pvchv1-lom # A valid short name (e.g. from /etc/hosts) or an FQDN must be used here and it must resolve to address. # PVC connects to this *hostname* for fencing. address: 192.168.100.101 netmask: 255.255.255.0 gateway: 192.168.100.1 channel: 1 # Optional: defaults to "1" if not set "pvchv2": # This name MUST match the Ansible inventory_hostname's first portion, i.e. "inventory_hostname.split('.')[0]" hostname: pvchv2-lom # A valid short name (e.g. from /etc/hosts) or an FQDN must be used here and it must resolve to address. # PVC connects to this *hostname* for fencing. address: 192.168.100.102 netmask: 255.255.255.0 gateway: 192.168.100.1 channel: 1 # Optional: defaults to "1" if not set "pvchv3": # This name MUST match the Ansible inventory_hostname's first portion, i.e. "inventory_hostname.split('.')[0]" hostname: pvchv3-lom # A valid short name (e.g. from /etc/hosts) or an FQDN must be used here and it must resolve to address. # PVC connects to this *hostname* for fencing. address: 192.168.100.103 netmask: 255.255.255.0 gateway: 192.168.100.1 channel: 1 # Optional: defaults to "1" if not set # IPMI user configuration # > Adjust this based on the specific hardware you are using; the cluster_hardware variable is # used as the key in this dictionary. # > If you run multiple clusters with different hardware, it may be prudent to move this to an # 'all' group_vars file instead. ipmi_user_configuration: "default": channel: 1 admin: id: 1 role: 0x4 # ADMINISTRATOR username: "{{ ipmi['users']['admin']['username'] }}" password: "{{ ipmi['users']['admin']['password'] }}" pvc: id: 2 role: 0x4 # ADMINISTRATOR username: "{{ ipmi['users']['pvc']['username'] }}" password: "{{ ipmi['users']['pvc']['password'] }}" # Log rotation configuration logrotate_keepcount: 7 logrotate_interval: daily # Root email name (usually "root") username_email_root: root # Hosts entries hosts: - name: test ip: 127.0.0.1 # Administrative shell users for the cluster admin_users: - name: "myuser" uid: 500 keys: - "ssh-ed25519 MyKey 2019-06" removed: - "ssh-ed25519 ObsoleteKey 2017-01" # Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync) # > Uncomment to activate this functionality. #backup_keys: # - "ssh-ed25519 MyKey 2019-06" # Node network definitions (used by /etc/network/interfaces and PVC) # > The "type" can be one of three NIC types: "nic" for raw NIC devices, "bond" for ifenslave bonds, # or "vlan" for vLAN interfaces. The PVC role will write out an interfaces file matching these specs. # > Three names are reserved for the PVC-specific interfaces: upstream, cluster, and storage; others # may be used at will to describe the other devices. These devices have IP info which is then written # into `pvc.conf`. # > All devices should be using the newer device name format (i.e. enp1s0f0 instead of eth0). # > Usually, the Upstream network provides Internet connectivity for nodes in the cluster, and all # nodes are part of it regardless of function for this reason; an optional, advanced, configuration # will have only coordinators in the upstream network, however this configuration is out of the scope # of this role. # > This example configuration is one the author uses frequently, to demonstrate all possible options. # First, two base NIC devices are set with some custom ethtool options; these are optional of course. # The "timing" value for a "custom_options" entry must be "pre" or "post". The command can include $IFACE # which is written as-is (to be interpreted by Debian ifupdown at runtime). # Second, a bond interface is created on top of the two NIC devices in 802.3ad (LACP) mode with high MTU. # Third, the 3 PVC interfaces are created as vLANs (1000, 1001, and 1002) on top of the bond. # This should cover most normal usecases, though consult the template files for more detail if needed. networks: enp1s0f0: device: "enp1s0f0" type: "nic" custom_options: - timing: pre # Forms a "pre-up" statement command: ethtool -K $IFACE rx-gro-hw off - timing: post # Forms a "post-up" statement command: sysctl -w net.ipv6.conf.$IFACE.accept_ra=0 enp1s0f1: device: "enp1s0f1" type: "nic" custom_options: - timing: pre # Forms a "pre-up" statement command: ethtool -K $IFACE rx-gro-hw off - timing: post # Forms a "post-up" statement command: sysctl -w net.ipv6.conf.$IFACE.accept_ra=0 bond0: device: "bond0" type: "bond" bond_mode: "802.3ad" bond_devices: - "enp1s0f0" - "enp1s0f1" mtu: 9000 # Forms a "post-up ip link set $IFACE mtu" statement upstream: device: "vlan1000" type: "vlan" raw_device: "bond0" mtu: 1500 # Use a lower MTU on upstream for compatibility domain: "{{ local_domain }}" netmask: "24" subnet: "192.168.100.0" floating_ip: "192.168.100.10" gateway_ip: "192.168.100.1" cluster: device: "vlan1001" type: "vlan" raw_device: "bond0" mtu: 9000 # Use a higher MTU on cluster for performance domain: "pvc-cluster.local" netmask: "24" subnet: "10.0.0.0" floating_ip: "10.0.0.254" storage: device: "vlan1002" type: "vlan" raw_device: "bond0" mtu: 9000 # Use a higher MTU on cluster for performance domain: "pvc-storage.local" netmask: "24" subnet: "10.0.1.0" floating_ip: "10.0.1.254"