parallelvirtualcluster/pvc-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
45f5697b5e32fbcc1047d8073ecb142db9766ed2
pvc-ansible/group_vars/default/base.yml

212 lines
11 KiB
YAML
Raw Blame History

---
# The name of the Ansible cluster group, used to set file paths and determine hosts in the cluster
# This should match the lowest-level group in the Ansible `hosts` file that defines this cluster
cluster_group: default
# Local timezone for the cluster
timezone_location: Canada/Eastern
# Cluster domain for node FQDNs
local_domain: upstream.local
# Email address of the manager of the cluster
manager_email: team@company.tld
# DNS recursive servers and search domains for nodes
recursive_dns_servers:
- 8.8.8.8
- 8.8.4.4
recursive_dns_search_domains:
- "{{ local_domain }}"
# Cluster hardware model, used in pvc_user_configuration and grub_configuration below
cluster_hardware: default
# CPU governor, sets power and performance statistics of the system CPUs; default is ondemand
# > Valid options are (usually): conservative, ondemand, powersave, userspace, performance, schedutil
cpu_governor: ondemand
# Debian package repository URL
debian_main_repository: http://ftp.debian.org/debian
debian_security_repository: http://security.debian.org
debian_pvc_repository: https://repo.parallelvirtualcluster.org/debian
# Enable Prometheus metric reporting from PVC nodes; installs prometheus-node-exporter and enables
# (unauthenticated) metrics endpoints within the PVC API. Set "no" to turn off Prometheus metric
# functionality.
enable_prometheus_exporters: yes
# Root user password
# > Use pwgen to generate
root_password: ""
# GRUB configuration
# > Generally this is a good default, though some systems use console 1 for serial-over-IPMI
# consoles, so set this based on your actual hardware.
grub:
serial_console:
"default":
console: 0
# IPMI configuration
# > For the "pvc" user password, use pwgen to generate.
# > Set the "pvc"user with permissions in IPMI to reboot the host as this user will be use for
# any fencing operations.
# > Set the IP networking to match your expected IPMI configuration.
ipmi:
users:
admin:
username: "root"
password: "{{ root_password }}"
pvc:
username: "host"
password: "" # Set a random password here
# > use pwgen to generate
hosts:
"hv1": # This name MUST match the Ansible inventory_hostname's first portion, i.e. "inventory_hostname.split('.')[0]"
hostname: hv1-lom # A valid short name (e.g. from /etc/hosts) or an FQDN must be used here and it must resolve to address.
# PVC connects to this *hostname* for fencing.
address: 10.100.0.101 # The IPMI address should usually be in the "upstream" network, but can be routed if required
netmask: 255.255.255.0
gateway: 10.100.0.254
channel: 1 # Optional: defaults to "1" if not set; defines the IPMI LAN channel which is usually 1
"hv2": # This name MUST match the Ansible inventory_hostname's first portion, i.e. "inventory_hostname.split('.')[0]"
hostname: hv2-lom # A valid short name (e.g. from /etc/hosts) or an FQDN must be used here and it must resolve to address.
# PVC connects to this *hostname* for fencing.
address: 192.168.100.102
netmask: 255.255.255.0
gateway: 192.168.100.1
channel: 1 # Optional: defaults to "1" if not set; defines the IPMI LAN channel which is usually 1
"hv3": # This name MUST match the Ansible inventory_hostname's first portion, i.e. "inventory_hostname.split('.')[0]"
hostname: hv3-lom # A valid short name (e.g. from /etc/hosts) or an FQDN must be used here and it must resolve to address.
# PVC connects to this *hostname* for fencing.
address: 192.168.100.103
netmask: 255.255.255.0
gateway: 192.168.100.1
channel: 1 # Optional: defaults to "1" if not set; defines the IPMI LAN channel which is usually 1
# IPMI user configuration
# > Adjust this based on the specific hardware you are using; the cluster_hardware variable is
# used as the key in this dictionary.
ipmi_user_configuration:
"default":
channel: 1 # The IPMI user channel, usually 1
admin: # Configuration for the Admin user
id: 1 # The user ID, usually 1 for the Admin user
role: 0x4 # ADMINISTRATOR privileges
username: "{{ ipmi['users']['admin']['username'] }}" # Loaded from the above section
password: "{{ ipmi['users']['admin']['password'] }}" # Loaded from the above section
pvc: # Configuration for the PVC user
id: 2 # The user ID, usually 2 for the PVC user
role: 0x4 # ADMINISTRATOR privileges
username: "{{ ipmi['users']['pvc']['username'] }}"
password: "{{ ipmi['users']['pvc']['password'] }}"
# Log rotation configuration
# > The defaults here are usually sufficient and should not need to be changed without good reason
logrotate_keepcount: 7
logrotate_interval: daily
# Root email name (usually "root")
# > Can be used to send email destined for the root user (e.g. cron reports) to a real email address if desired
username_email_root: root
# Hosts entries
# > Define any static `/etc/hosts` entries here; the provided example shows the format but should be removed
hosts:
- name: test
ip: 1.2.3.4
# Administrative shell users for the cluster
# > These users will be permitted SSH access to the cluster, with the user created automatically and its
# SSH public keys set based on the provided lists. In addition, all keys will be allowed access to the
# Ansible deploy user for managing the cluster
admin_users:
- name: "myuser" # Set the username
uid: 500 # Set the UID; the first admin user should be 500, then 501, 502, etc.
keys:
# These SSH public keys will be added if missing
- "ssh-ed25519 MyKey 2019-06"
removed:
# These SSH public keys will be removed if present
- "ssh-ed25519 ObsoleteKey 2017-01"
# Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync)
# > Uncomment to activate this functionality.
# > Useful for tools like BackupPC (the authors preferred backup tool) or remote rsync backups.
#backup_keys:
# - "ssh-ed25519 MyKey 2019-06"
# Node network definitions (used by /etc/network/interfaces and PVC)
# > The "type" can be one of three NIC types: "nic" for raw NIC devices, "bond" for ifenslave bonds,
# or "vlan" for vLAN interfaces. The PVC role will write out an interfaces file matching these specs.
# > Three names are reserved for the PVC-specific interfaces: upstream, cluster, and storage; others
# may be used at will to describe the other devices. These devices have IP info which is then written
# into `pvc.conf`.
# > All devices should be using the predictable device name format (i.e. enp1s0f0 instead of eth0). If
# you do not know these names, consult the manual of your selected node hardware, or boot a Linux
# LiveCD to see the generated interface configuration.
# > This example configuration is one the author uses frequently, to demonstrate all possible options.
# First, two base NIC devices are set with some custom ethtool options; these are optional of course.
# The "timing" value for a "custom_options" entry must be "pre" or "post". The command can include $IFACE
# which is written as-is (to be interpreted by Debian ifupdown at runtime).
# Second, a bond interface is created on top of the two NIC devices in 802.3ad (LACP) mode with high MTU.
# Third, the 3 PVC interfaces are created as vLANs (1000, 1001, and 1002) on top of the bond.
# This should cover most normal usecases, though consult the template files for more detail if needed.
networks:
enp1s0f0:
device: enp1s0f0
type: nic
mtu: 9000 # Forms a post-up ip link set $IFACE mtu statement; a high MTU is recommended for optimal backend network performance
custom_options:
- timing: pre # Forms a pre-up statement
command: ethtool -K $IFACE rx-gro-hw off
- timing: post # Forms a post-up statement
command: sysctl -w net.ipv6.conf.$IFACE.accept_ra=0
enp1s0f1:
device: enp1s0f1
type: nic
mtu: 9000 # Forms a post-up ip link set $IFACE mtu statement; a high MTU is recommended for optimal backend network performance
custom_options:
- timing: pre # Forms a pre-up statement
command: ethtool -K $IFACE rx-gro-hw off
- timing: post # Forms a post-up statement
command: sysctl -w net.ipv6.conf.$IFACE.accept_ra=0
bond0:
device: bond0
type: bond
bond_mode: 802.3ad # Can also be active-backup for active-passive failover, but LACP is advised
bond_devices:
- enp1s0f0
- enp1s0f1
bond_rate: slow # for 802.3ad (LACP) only, set rate: fast/slow[default]
mtu: 9000 # Forms a post-up ip link set $IFACE mtu statement; a high MTU is recommended for optimal backend network performance
upstream:
device: vlan1000
type: vlan
raw_device: bond0
mtu: 1500 # Use a lower MTU on upstream for compatibility with upstream networks to avoid fragmentation
domain: "{{ local_domain }}" # This should be the local_domain for the upstream network
subnet: 10.100.0.0 # The CIDR subnet address without the netmask
netmask: 24 # The CIDR netmask
floating_ip: 10.100.0.250 # The floating IP used by the cluster primary coordinator; should be a high IP that won't conflict with any node IDs
gateway_ip: 10.100.0.254 # The default gateway IP
cluster:
device: vlan1001
type: vlan
raw_device: bond0
mtu: 9000 # Use a higher MTU on cluster for performance
domain: pvc-cluster.local # This domain is arbitrary; using this default example is a good practice
subnet: 10.0.0.0 # The CIDR subnet address without the netmask; this should be an UNROUTED network (no gateway)
netmask: 24 # The CIDR netmask
floating_ip: 10.0.0.254 # The floating IP used by the cluster primary coordinator; should be a high IP that won't conflict with any node IDs
storage:
device: vlan1002
type: vlan
raw_device: bond0
mtu: 9000 # Use a higher MTU on storage for performance
domain: pvc-storage.local # This domain is arbitrary; using this default example is a good practice
subnet: 10.0.1.0 # The CIDR subnet address without the netmask; this should be an UNROUTED network (no gateway)
netmask: 24 # The CIDR netmask
floating_ip: 10.0.1.254 # The floating IP used by the cluster primary coordinator; should be a high IP that won't conflict with any node IDs
Reference in New Issue View Git Blame Copy Permalink