This will replace all of the existing node provisioning/configuration.
CentOS 7 nodes are currently supported.
Signed-off-by: Martin Schwenke <martin@meltin.net>
--- /dev/null
+---
+- hosts: ad-nodes
+ remote_user: root
+
+ roles:
+ - common
+ - ad
--- /dev/null
+---
+- hosts: base-nodes
+ remote_user: root
+
+ roles:
+ - common
--- /dev/null
+---
+- hosts: build-nodes
+ remote_user: root
+
+ roles:
+ - common
+ - nasrepos
+ - build
--- /dev/null
+---
+- hosts: cbuild-nodes
+ remote_user: root
+
+ roles:
+ - common
+ - clusterfs
+ - build
--- /dev/null
+---
+- hosts: nas-nodes
+ remote_user: root
+
+ roles:
+ - common
+ - clusterfs
+ - nasrepos
+ - ctdb
+ - storage
+ - nas
--- /dev/null
+Roles defined:
+
+common: The basis for all node types
+
+ Includes:
+ * Firewall disabled
+ * NTP setup
+ * NetworkManager disabled
+ * Repositories set up
+ * /etc/{hosts,resolv.conf} set yp
+ * Passwordless ssh enabled between cluster nodes
+ * Timezone set as configured
+ * Syslog configured to log with high resolution timestamps
+
+ad: Samba AD installed and configured
+
+build: Development and packaging tools installed
+
+clusterfs: Cluster filesystem is installed
+
+ctdb: CTDB packages installed, nodes file created
+
+ Depends: nasrepos
+
+nas: CTDB, Samba, NFS installed and configured
+
+ Depends: clusterfs, nasrepos, ctdb
+
+nasrepos: Samba/CTDB package repositories configured
+
+storage: Cluster filesystem configured and accessible
+
+ Depends: clusterfs
--- /dev/null
+---
+- name: check if AD server active flag file exists
+ stat:
+ path: /root/.autocluster/ad_active
+ register: ad_active
+
+- name: remove smb.conf
+ file:
+ path: /etc/samba/smb.conf
+ state: absent
+ when: not ad_active.stat.exists
+
+- name: provision domain
+ command: >
+ samba-tool domain provision
+ --server-role="dc"
+ --use-rfc2307
+ --dns-backend="SAMBA_INTERNAL"
+ --realm="{{ resolv_conf.domain }}"
+ --domain="{{ samba.workgroup }}"
+ --adminpass="{{ ad.admin_password }}"
+ --host-ip={{ nodes[ansible_hostname].ips[0] }}
+ --option="dns forwarder = {{ ad.dns_forwarder }}"
+ when: not ad_active.stat.exists
+
+- name: add users and groups
+ command: samba-tool {{ p }}
+ with_list:
+ - domain passwordsettings set --min-pwd-length=3
+ - domain passwordsettings set --complexity=off
+ - user setexpiry --noexpiry Administrator
+ - user setpassword administrator --newpassword="{{ ad.admin_password }}"
+ - group add group1
+ - group add group2
+ - user add user1 "{{ ad.admin_password }}"
+ - group addmembers group1 user1
+ - user setexpiry --noexpiry user1
+ - user add user2 "{{ ad.admin_password }}"
+ - group addmembers group2 user2
+ - user setexpiry --noexpiry user2
+ loop_control:
+ loop_var: p
+ when: not ad_active.stat.exists
+
+# This is created from a template in common/. It might be good not to
+# update this twice but we probably want a working configuration under
+# the DC is started below.
+- name: update /etc/resolv.conf
+ lineinfile:
+ path: /etc/resolv.conf
+ regexp: "^nameserver.*"
+ line: "nameserver {{ nodes[ansible_hostname].ips[0] }}"
+ when: not ad_active.stat.exists
+
+- name: ensure domain controller is enabled and running
+ service:
+ name: samba
+ state: started
+ enabled: yes
+ when: not ad_active.stat.exists
+
+- name: flag AD server as active
+ file:
+ path: /root/.autocluster/ad_active
+ state: touch
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - packages
+ loop_control:
+ loop_var: task
+
+- include_tasks: generic/{{ task }}.yml
+ with_list:
+ - configure_ad
+ loop_control:
+ loop_var: task
--- /dev/null
+---
+- name: Add Samba AD repos
+ yum_repository:
+ name: "autocluster-{{ repo.name }}"
+ description: "{{ repo.name }}"
+ baseurl: "{{ repo.baseurl | default(repository_baseurl) }}/{{ repo.path }}"
+ gpgcheck: no
+ proxy: _none_
+ when: repo.type == "ad"
+ with_list: "{{ repositories }}"
+ loop_control:
+ loop_var: repo
+
+- name: FIXME - create /run/samba directory
+ file:
+ path: /run/samba
+ state: directory
+
+- name: install packages for Active Directory node
+ package:
+ name: samba-dc
+ state: present
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - packages
+ - packaging_setup
+ loop_control:
+ loop_var: task
--- /dev/null
+---
+- name: install packages for build node
+ package:
+ name:
+ - git
+ # RPM development
+ - rpmdevtools
+ # Performance co-pilot to allow build of CTDB pmda code
+ - pcp-libs
+ - pcp-libs-devel
+ # Building Samba
+ - readline-devel
+ - libacl-devel
+ - e2fsprogs-devel
+ - libxslt
+ - docbook-utils
+ - docbook-style-xsl
+ - dbus-devel
+ - libaio-devel
+ - libcap-devel
+ - quota-devel
+ - perl-Parse-Yapp
+ - perl-ExtUtils-MakeMaker
+ state: present
--- /dev/null
+---
+- name: Setup the RPM directory tree
+ command: rpmdev-setuptree
+
+- name: Remove .rpmmacros
+ file:
+ path: /root/.rpmmacros
+ state: absent
--- /dev/null
+# Added by autocluster
+pathmunge /usr/lpp/mmfs/bin
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - repo
+ - clusterfs-{{ clusterfs.type }}
+ loop_control:
+ loop_var: task
--- /dev/null
+---
+- name: install GPFS packages
+ package:
+ name:
+ - gpfs.base
+ - gpfs.docs
+ - gpfs.gpl
+ - gpfs.msg.en_US
+ - gpfs.gskit
+ state: present
+
+- name: install GPFS /etc/profile.d/ snippet
+ copy:
+ src: autocluster-gpfs.profile
+ dest: /etc/profile.d/autocluster-gpfs.sh
+
+- name: build GPFS modules
+ shell: LINUX_DISTRIBUTION=REDHAT_AS_LINUX /usr/lpp/mmfs/bin/mmbuildgpl
+ args:
+ chdir: /usr/lpp/mmfs/src
--- /dev/null
+---
+- name: Add cluster filesystem repos
+ yum_repository:
+ name: "autocluster-{{ repo.name }}"
+ description: "{{ repo.name }}"
+ baseurl: "{{ repo.baseurl | default(repository_baseurl) }}/{{ repo.path }}"
+ gpgcheck: no
+ proxy: _none_
+ when: repo.type == "clusterfs"
+ with_list: "{{ repositories }}"
+ loop_control:
+ loop_var: repo
--- /dev/null
+# Select a high precision time format. This allows accurate merging
+# of logs from multiple cluster nodes for easier CTDB debugging.
+$ActionFileDefaultTemplate RSYSLOG_FileFormat
+
+# Turn off rate-limiting. Why would we want to lose messages by
+# default?
+$SystemLogRateLimitInterval 0
+$SystemLogRateLimitBurst 0
+
+# Turn on UDP listener to be able to take advantage of CTDB's new
+# direct-to-syslog-on-UDP feature.
+$ModLoad imudp
+$UDPServerAddress 127.0.0.1
+$UDPServerRun 514
--- /dev/null
+StrictHostKeyChecking no
+IdentityFile ~/.ssh/id_autocluster
--- /dev/null
+---
+# Including handlers and conditional handlers seem broken :-(
+
+- name: restart NTP server redhat
+ service:
+ name: chronyd
+ state: restarted
+
+- name: restart rsyslog
+ service:
+ name: rsyslog
+ state: restarted
--- /dev/null
+---
+- name: create autocluster state directory
+ file:
+ path: /root/.autocluster
+ state: directory
--- /dev/null
+---
+- name: create /etc/hosts
+ template:
+ src: hosts.j2
+ dest: /etc/hosts
--- /dev/null
+---
+- name: ensure that an fstab entry exists to NFS mount /home
+ lineinfile:
+ path: /etc/fstab
+ regexp: '^.*:/home /home nfs.*'
+ # Do not use locking, since this starts/needs rpc.statd, which is
+ # stopped/started by CTDB
+ line: '{{ virthost }}:/home /home nfs nfsvers=3,intr,nolock 0 0'
+
+- name: ensure that /home is mounted
+ shell: >
+ findmnt -n /home || mount /home
--- /dev/null
+---
+- name: configure resolver
+ template:
+ src: resolv.conf.j2
+ dest: /etc/resolv.conf
--- /dev/null
+---
+- name: add autocluster-specific rsyslog configuration
+ copy:
+ src: rsyslog.conf
+ dest: /etc/rsyslog.d/autocluster.conf
+ notify:
+ - restart rsyslog
--- /dev/null
+---
+- selinux:
+ policy: targeted
+ state: permissive
--- /dev/null
+---
+- name: configure passwordless SSH
+ copy:
+ src: ssh_config
+ dest: /root/.ssh/config
--- /dev/null
+---
+- name: configure node timezone
+ timezone:
+ hwclock: UTC
+ name: "{{timezone}}"
+
+- name: hand hack timezone to avoid reboot
+ file:
+ src: /usr/share/zoneinfo/{{timezone}}
+ path: /etc/localtime
+ state: link
+ force: yes
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - packages
+ - firewall
+ - ntp
+ loop_control:
+ loop_var: task
+
+- meta: flush_handlers
+
+- include_tasks: generic/{{ task }}.yml
+ with_list:
+ - selinux
+ - autocluster
+ - hosts
+ - resolv_conf
+ - ssh
+ - timezone
+ - rsyslog
+ - mount_home
+ loop_control:
+ loop_var: task
+
+- meta: flush_handlers
--- /dev/null
+---
+- name: disable firewall
+ service:
+ name: firewalld
+ enabled: no
+ state: stopped
--- /dev/null
+---
+- name: ensure NTP server is installed
+ package:
+ name: chrony
+ state: installed
+
+- name: ensure NTP server is configured
+ template:
+ src: chrony.conf.j2
+ dest: /etc/chrony.conf
+ notify:
+ - restart NTP server redhat
+
+- name: ensure NTP server is running and enabled
+ service:
+ name: chronyd
+ state: started
+ enabled: yes
--- /dev/null
+---
+- name: disable Network Manager on next boot
+ service:
+ name: NetworkManager
+ enabled: no
+ # Note that this only works because the interfaces of interest
+ # have been marked in Vagrant as: nm_controlled: "no" - otherwise
+ # NetworkManager would stop and take the interfaces down with it!
+ state: stopped
+
+- name: disable EPEL to speed things up
+ package:
+ name: epel-release
+ state: absent
+
+- name: find non-autocluster YUM repo files
+ find:
+ paths: /etc/yum.repos.d/
+ patterns: '(?!autocluster-)^.*\.repo$'
+ use_regex: yes
+ register: find_results
+ when: repositories_delete_existing
+
+- name: Remove non-autocluster repo files
+ file:
+ path: "{{ f['path'] }}"
+ state: absent
+ with_list: "{{ find_results['files'] }}"
+ loop_control:
+ loop_var: f
+ when: repositories_delete_existing
+
+- name: Add local distro repos
+ yum_repository:
+ name: "autocluster-{{ repo.name }}"
+ description: "{{ repo.name }}"
+ baseurl: "{{ repo.baseurl | default(repository_baseurl) }}/{{ repo.path }}"
+ gpgcheck: "{{ repo.gpgcheck | default('yes') }}"
+ proxy: _none_
+ when: repo.type == "distro"
+ with_list: "{{ repositories }}"
+ loop_control:
+ loop_var: repo
+
+- name: ensure optional dependencies for Ansible template handling
+ package:
+ name: libselinux-python
+ state: present
+
+- name: ensure NFS client tools are installed
+ package:
+ name: nfs-utils
+ state: present
--- /dev/null
+server {{virthost}} iburst
+
+# Ignore stratum in source selection.
+stratumweight 0
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Enable kernel RTC synchronization.
+rtcsync
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
+
+# Allow NTP client access from local network.
+#allow 192.168/16
+
+# Listen for commands only on localhost.
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+
+# Serve time even if not synchronized to any NTP server.
+#local stratum 10
+
+keyfile /etc/chrony.keys
+
+# Specify the key used as password for chronyc.
+commandkey 1
+
+# Generate command key if missing.
+generatecommandkey
+
+# Disable logging of client accesses.
+noclientlog
+
+# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
+logchange 0.5
+
+logdir /var/log/chrony
+#log measurements statistics tracking
--- /dev/null
+# Generated by autocluster
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+{{ virthost }} kvmhost
+
+# autocluster {{ cluster }}
+{% for hostname, n in nodes | dictsort %}
+{{ n.ips[0] }} {{ hostname }}.{{ resolv_conf.domain | lower }} {{ hostname }}
+{% endfor %}
--- /dev/null
+domain {{resolv_conf.domain}}
+search {{resolv_conf.search}}
+nameserver {{resolv_conf.nameserver}}
--- /dev/null
+---
+- name: generate CTDB nodes file
+ template:
+ src: ctdb_nodes.j2
+ dest: /etc/ctdb/nodes
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - packages
+ loop_control:
+ loop_var: task
+
+- include_tasks: generic/{{ task }}.yml
+ with_list:
+ - ctdb
+ loop_control:
+ loop_var: task
--- /dev/null
+---
+- name: install CTDB packages
+ package:
+ name:
+ - ctdb
+ - ctdb-debuginfo
+ - ctdb-tests
+ state: present
+
+- name: install tcpdump
+ package:
+ name: tcpdump
+ state: present
--- /dev/null
+{% for hostname, n in nodes | dictsort %}
+{% if n.is_ctdb_node %}
+{{ n.ips[0] }}
+{% endif %}
+{% endfor %}
--- /dev/null
+RPCRQUOTADOPTS="-p 32768"
--- /dev/null
+[global]
+ clustering=yes
+ ctdb:registry.tdb=yes
+ include=registry
--- /dev/null
+---
+- name: set security context for CTDB recovery lock directory
+ command: chcon -t ctdbd_var_t {{ clusterfs.mountpoint }}/.ctdb
--- /dev/null
+---
+- name: start CTDB
+ service:
+ name: ctdb
+ state: started
+
+- name: wait until CTDB is healthy
+ command: ctdb nodestatus all
+ register: result
+ until: result.rc == 0
+ retries: 24
+ delay: 5
--- /dev/null
+---
+- name: stop CTDB
+ service:
+ name: ctdb
+ state: stopped
--- /dev/null
+---
+# Should be running already but this won't hurt
+- import_tasks: ctdb-start.yml
+
+- name: join active directory domain
+ shell: |
+ net ads testjoin || \
+ timeout 10 net ads join -U "administrator%{{ ad.admin_password }}"
+ register: result
+ until: result.rc == 0
+ retries: 5
+ delay: 1
+ run_once: true
+ when: auth_method == 'winbind'
+
+# FIXME: This will be useful to allow version checking to enable
+# services/event scripts in different ways
+
+# New in Ansible 2.5
+#- name: get package facts
+# package_facts:
+# manager: "auto"
+
+#- name: show them
+# debug: var=ansible_facts.packages
+
+- import_tasks: ctdb-stop.yml
+
+- name: configure CTDB to manage smbd and NFS
+ command: ctdb event script enable legacy {{ s }}
+ with_list:
+ - 50.samba
+ - 60.nfs
+ loop_control:
+ loop_var: s
+
+- name: configure CTDB to manage winbindd
+ command: ctdb event script enable legacy 49.winbind
+ when: auth_method == 'winbind'
+
+- import_tasks: ctdb-start.yml
--- /dev/null
+---
+- name: generate CTDB configuration file
+ template:
+ src: ctdb_conf.j2
+ dest: /etc/ctdb/ctdb.conf
+
+- name: generate CTDB public addresses file
+ template:
+ src: ctdb_public_addresses.j2
+ dest: /etc/ctdb/public_addresses
+
+- name: create directory for CTDB recovery lock
+ file:
+ path: "{{ clusterfs.mountpoint }}/.ctdb"
+ state: directory
+
+- import_tasks: ctdb-once.yml
+ run_once: true
+
+- name: ensure CTDB is enabled
+ service:
+ name: ctdb
+ enabled: yes
+
+# This stops things failing if the domain has not been joined or similar
+- name: ensure that CTDB is not managing smbd, winbind and NFS
+ command: ctdb event script disable legacy {{ s }}
+ with_list:
+ - 49.winbind
+ - 50.samba
+ - 60.nfs
+ loop_control:
+ loop_var: s
+
+# Restart just in case ctdbd was running but unhealthy
+- import_tasks: ctdb-stop.yml
+- import_tasks: ctdb-start.yml
--- /dev/null
+---
+- name: generate NFS exports file
+ template:
+ src: nfs_exports.j2
+ dest: /etc/exports
--- /dev/null
+---
+- name: Tweak Samba config for GPFS cluster filesystem
+ command: net conf setparm global "{{ p.param }}" "{{ p.value }}"
+ with_list:
+ - param: vfs objects
+ value: gpfs fileid
+ - param: fileid:mapping
+ value: fsname
+ - param: nfs4:chown
+ value: "yes"
+ - param: nfs4:acedup
+ value: merge
+ - param: force unknown acl user
+ value: "yes"
+ loop_control:
+ loop_var: p
--- /dev/null
+---
+- name: generate initial Samba registry configuration
+ template:
+ src: samba_registry.j2
+ dest: /root/.autocluster/samba-registry.conf
+
+# Need to start at least ctdbd... maybe smbd?
+
+- name: initialise Samba registry configuration
+ command: net conf import /root/.autocluster/samba-registry.conf
+
+- import_tasks: samba-{{ clusterfs.type }}-once.yml
--- /dev/null
+---
+- name: add smb.conf
+ copy:
+ src: smb.conf
+ dest: /etc/samba/smb.conf
+
+# TODO: Enable 50.samba and 60.nfs event scripts
+
+- import_tasks: samba-once.yml
+ run_once: true
--- /dev/null
+---
+- name: create share directories
+ file:
+ path: "{{s.directory}}"
+ mode: "{{s.mode}}"
+ state: directory
+ with_list: "{{shares}}"
+ loop_control:
+ loop_var: s
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - samba
+ - nfs
+ loop_control:
+ loop_var: task
+
+- include_tasks: generic/{{ task }}.yml
+ with_list:
+ - shares
+ - ctdb
+ - samba
+ - nfs
+ - ctdb-with-samba-nfs
+ loop_control:
+ loop_var: task
--- /dev/null
+---
+- name: install NFS packages
+ package:
+ name: nfs-utils
+ state: present
+
+- name: ensure NFS does not autostart
+ service:
+ name: "{{ s }}"
+ enabled: no
+ with_list:
+ - nfs
+ - nfslock
+ loop_control:
+ loop_var: s
+
+- name: generate NFS configuration
+ template:
+ src: nfs_sysconfig.j2
+ dest: /etc/sysconfig/nfs
+
+- name: check if /etc/sysconfig/rpc-rquotad exists
+ stat:
+ path: /etc/sysconfig/rpc-rquotad
+ register: sysconfig_rpc_rquotad
+
+- name: generate quota configuration file
+ file:
+ src: rpc-rquotad.sysconfig
+ path: /etc/sysconfig/rpc-rquotad
+ when: sysconfig_rpc_rquotad.stat.exists
--- /dev/null
+---
+
+- name: install Samba packages
+ package:
+ name:
+ - tdb-tools
+ - samba
+ - samba-client
+ - samba-doc
+ - samba-winbind
+ - samba-winbind-clients
+ state: present
+
+- name: install Samba packages for GPFS
+ package:
+ name: samba-vfs-gpfs
+ state: present
+ when: clusterfs.type == 'gpfs'
+
+- name: ensure Samba does not autostart
+ service:
+ name: "{{ service }}"
+ enabled: no
+ with_list:
+ - smb
+ - nmb
+ - winbind
+ loop_control:
+ loop_var: service
+
+- name: Set up NSS, PAM, ...
+ command: >
+ authconfig --update --nostart
+ --disablewinbindauth --disablewinbind --disablekrb5
+ when: auth_method == 'files'
+
+- name: Set up NSS, PAM, KRB5, ...
+ command: >
+ authconfig --update --nostart
+ --enablewinbindauth --enablewinbind --enablekrb5
+ --krb5kdc={{ kdc }}.{{ resolv_conf.domain }}
+ --krb5realm={{ resolv_conf.domain }}
+ when: auth_method == 'winbind'
+
+- name: Set up NSS, PAM, KRB5, ...
+ fail:
+ msg: "Invalid auth_method: {{ auth_method }}"
+ when: auth_method != 'files' and auth_method != 'winbind'
--- /dev/null
+[logging]
+ location = syslog
+ log level = NOTICE
+
+[cluster]
+ recovery lock = {{ clusterfs.mountpoint }}/.ctdb/recovery.lock
--- /dev/null
+{# #}
+{# How many static public addresses/interfaces per node? #}
+{# #}
+{% set num_static = (nodes[ansible_hostname].ips | length) - 1 %}
+{# #}
+{# Gather all static addresses, sublist per interface #}
+{# #}
+{% set static_addrs = [] %}
+{% for i in range(1, num_static + 1) -%}
+{{ static_addrs.append([]) }}
+{%- endfor %}
+{% for hostname, n in nodes | dictsort %}
+{% if n.is_ctdb_node %}
+{% for i in range(1, num_static + 1) -%}
+{{ static_addrs[i - 1].append(n.ips[i]) }}
+{%- endfor %}
+{% endif %}
+{% endfor %}
+{# #}
+{# For each list of static IPs, find interface, print with each IP #}
+{# #}
+{% set h = ansible_hostname %}
+{% for ips in static_addrs %}
+{% for iface in ansible_interfaces %}
+{% set ai = 'ansible_%s'|format(iface) %}
+{% if hostvars[h][ai]['ipv4'] is defined %}
+{% set ip4 = hostvars[h][ai]['ipv4'] %}
+{% if ip4['address'] is defined %}
+{% set aip = ip4['address'] %}
+{% set netmask = ip4['netmask'] %}
+{% set prefix = (aip + '/' + netmask) | ipv4('prefix') %}
+{% if aip in ips %}
+{% for ip in ips %}
+{% set ip_int = ip | ipaddr('int') %}
+{{ (ip_int + 100) | ipaddr('address') }}/{{ prefix }} {{ iface }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endif %}
+{% if hostvars[h][ai]['ipv6'] is defined %}
+{% for ip6 in hostvars[h][ai]['ipv6'] %}
+{% if ip6['address'] is defined %}
+{% set aip = ip6['address'] %}
+{% set prefix = ip6['prefix'] %}
+{% if aip in ips %}
+{% for ip in ips %}
+{% set ip_int = ip | ipaddr('int') %}
+{{ (ip_int + 100) | ipaddr('address') }}/{{ prefix }} {{ iface }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endfor %}
--- /dev/null
+# Core
+CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
+CTDB_RECOVERY_LOCK={{ clusterfs.mountpoint }}/.ctdb/recovery.lock
+
+# Services managed
+CTDB_MANAGES_SAMBA=yes
+{% if auth_method == 'winbind' %}
+CTDB_MANAGES_WINBIND=yes
+{% else %}
+CTDB_MANAGES_WINBIND=no
+{% endif %}
+
+CTDB_MANAGES_NFS=yes
+CTDB_MANAGES_HTTPD=yes
+CTDB_MANAGES_VSFTPD=yes
+
+# System
+ulimit -n 1048576
+ulimit -c unlimited
+
+# Logging
+CTDB_LOGGING="syslog"
+CTDB_DEBUGLEVEL=NOTICE
--- /dev/null
+# NFS exports file generated by autocluster
+{% set fsid = 834258092 %}
+{% for s in shares %}
+"{{ s.directory }}" *(rw,no_root_squash,subtree_check,fsid={{ fsid }})
+ {% set fsid = fsid + 1 %}
+{% endfor %}
--- /dev/null
+NFS_HOSTNAME="{{ cluster }}"
+
+STATD_PORT=32765
+STATD_OUTGOING_PORT=32766
+MOUNTD_PORT=32767
+RQUOTAD_PORT=32768
+LOCKD_UDPPORT=32769
+LOCKD_TCPPORT=32769
+
+STATDARG="-n ${NFS_HOSTNAME}"
+STATD_HA_CALLOUT="/etc/ctdb/statd-callout"
+
+RPCNFSDARGS="-N 4"
+RPCNFSDCOUNT=8
--- /dev/null
+[global]
+{% if auth_method == 'winbind' %}
+ security = ADS
+{% elif auth_method == 'files' %}
+ security = USER
+{% else %}
+ security = BROKEN
+{% endif %}
+
+ logging = syslog
+ log level = 1
+
+ netbios name = {{ cluster }}
+ workgroup = {{ samba.workgroup }}
+ realm = {{ resolv_conf.domain }}
+
+ disable netbios = yes
+ disable spoolss = yes
+
+ idmap config * : backend = autorid
+ idmap config * : range = 1000000-1999999
+
+ kernel oplocks = yes
+
+ read only = no
+
+{% for s in shares %}
+[{{ s.name }}]
+ path = {{ s.directory }}
+ comment = Example share {{ s.name }}
+ guest ok = yes
+ browseable = yes
+{% endfor %}
--- /dev/null
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - repo
+ loop_control:
+ loop_var: task
--- /dev/null
+---
+- name: Add NAS (Samba/CTDB) repos
+ yum_repository:
+ name: "autocluster-{{ repo.name }}"
+ description: "{{ repo.name }}"
+ baseurl: "{{ repo.baseurl | default(repository_baseurl) }}/{{ repo.path }}"
+ gpgcheck: no
+ proxy: _none_
+ when: repo.type == "nas"
+ with_list: "{{ repositories }}"
+ loop_control:
+ loop_var: repo
--- /dev/null
+---
+- name: generate GPFS nodes file
+ template:
+ src: gpfs_nodes.j2
+ dest: /root/.autocluster/gpfs_nodes
+
+- name: generate file containing GPFS primary and secondary nodes
+ template:
+ src: gpfs_primary_secondary.j2
+ dest: /root/.autocluster/gpfs_primary_secondary
+
+- name: check if GPFS active flag file exists
+ stat:
+ path: /root/.autocluster/gpfs_active
+ register: gpfs_active
+
+- name: create GPFS cluster
+ shell: |
+ mmlscluster || {
+ read primary secondary </root/.autocluster/gpfs_primary_secondary && \
+ mmcrcluster -N /root/.autocluster/gpfs_nodes \
+ -p "$primary" -s "$secondary" \
+ -r /usr/bin/ssh -R /usr/bin/scp \
+ -C "{{ cluster }}.{{ resolv_conf.domain | lower }}"
+ }
+ when: not gpfs_active.stat.exists
+
+- name: set GPFS server license mode
+ command: mmchlicense server --accept -N all
+ when: not gpfs_active.stat.exists
+
+- name: set GPFS admin mode to allToAll
+ command: mmchconfig adminMode=allToAll
+ when: not gpfs_active.stat.exists
+
+- name : generate GPFS auth key
+ # Without the commit, this can't be run more than once
+ shell: mmauth genkey new && mmauth genkey commit
+ when: not gpfs_active.stat.exists
+
+- name: set GPFS config options
+ # Can not be run if GPFS is active
+ command: mmchconfig autoload=yes,leaseRecoveryWait=3,maxFilesToCache=20000,failureDetectionTime=10,maxMBpS=500,unmountOnDiskFail=yes,pagepool=64M,allowSambaCaseInsensitiveLookup=no
+ when: not gpfs_active.stat.exists
+
+- name: set GPFS cipher list option
+ # Can not be set with the above, can not be run if GPFS is active
+ command: mmchconfig cipherList=AUTHONLY
+ when: not gpfs_active.stat.exists
+
+- name: start GPFS
+ command: mmstartup -a
+ when: not gpfs_active.stat.exists
+
+- name: wait until GPFS is active on all nodes
+ # The field-separator passed to awk must be protected from YAML
+ shell: |
+ mmgetstate -a -Y | awk -F':' 'NR > 1 && $9 != "active" { exit(1) }'
+ register: result
+ until: result.rc == 0
+ retries: 12
+ delay: 5
+ when: not gpfs_active.stat.exists
+
+- name: flag GPFS as active
+ file:
+ path: /root/.autocluster/gpfs_active
+ state: touch
+
+- name: generate NSD file
+ shell: >
+ ls /dev/disk/by-id/virtio-AUTO-* |
+ xargs -n 1 realpath |
+ awk '{printf "%nsd:\n device=%s\n usage=dataAndMetadata\n failureGroup=1\n\n", $1}' |
+ tee gpfs_nsds
+ args:
+ chdir: /root/.autocluster/
+ creates: gpfs_nsds
+
+- name: check if GPFS NSDs created file exists
+ stat:
+ path: /root/.autocluster/gpfs_nsds_created
+ register: gpfs_nsds_created
+
+- name: create GPFS NSDs
+ command: mmcrnsd -F gpfs_nsds
+ args:
+ chdir: /root/.autocluster/
+ when: not gpfs_nsds_created.stat.exists
+
+- name: flag GPFS NSDs as created
+ file:
+ path: /root/.autocluster/gpfs_nsds_created
+ state: touch
+
+- name: check if GPFS filesystem created file exists
+ stat:
+ path: /root/.autocluster/gpfs_fs_created
+ register: gpfs_fs_created
+
+- name: create GPFS filesystem
+ command: >
+ mmcrfs gpfs0 -F gpfs_nsds
+ -A yes -Q yes -D nfs4 -B 64k -k nfs4 -n 32 -E yes -S no
+ -T {{ clusterfs.mountpoint}} -i 512
+ args:
+ chdir: /root/.autocluster/
+ when: not gpfs_fs_created.stat.exists
+
+- name: flag GPFS filesystem as created
+ file:
+ path: /root/.autocluster/gpfs_fs_created
+ state: touch
+
+- name: check if GPFS filesystem mounted file exists
+ stat:
+ path: /root/.autocluster/gpfs_fs_mounted
+ register: gpfs_fs_mounted
+
+- name: mount GPFS filesystem
+ command: mmmount gpfs0 -a
+ when: not gpfs_fs_mounted.stat.exists
+
+- name: wait until GPFS filesystem is mounted
+ command: findmnt {{ clusterfs.mountpoint }}
+ register: result
+ until: result.rc == 0
+ retries: 12
+ delay: 5
+ when: not gpfs_fs_mounted.stat.exists
+
+- name: flag GPFS filesystem as mounted
+ file:
+ path: /root/.autocluster/gpfs_fs_mounted
+ state: touch
--- /dev/null
+---
+- name: create cluster filesystem mountpoint
+ file:
+ path: "{{clusterfs.mountpoint}}"
+ state: directory
+
+- name: create cluster filesystem automount directory
+ file:
+ path: "{{clusterfs.mountpoint}}/automount"
+ state: directory
+
+- name: make cluster filesystem mountpoint immutable
+ shell: >
+ if ! findmnt "{{clusterfs.mountpoint}}"; then
+ chattr +i "{{clusterfs.mountpoint}}"
+ fi
+
+- import_tasks: clusterfs-gpfs-once.yml
+ run_once: true
+ when: nodes[ansible_hostname].has_shared_storage
--- /dev/null
+---
+- include_tasks: generic/{{ task }}.yml
+ with_list:
+ - clusterfs-{{ clusterfs.type }}
+ loop_control:
+ loop_var: task
--- /dev/null
+# GPFS nodes file generated by autocluster
+{# #}
+{# Count dedicated storage nodes, find first CTDB node #}
+{# #}
+{% set num_storage_nodes = 0 %}
+{% set first_ctdb_node = "" %}
+{% for hostname, n in nodes | dictsort %}
+{% if n.has_shared_storage %}
+{% if n.is_ctdb_node %}
+{% if not first_ctdb_node %}
+{% set first_ctdb_node = hostname %}
+{% endif %}
+{% else %}
+{% set num_storage_nodes = num_storage_nodes + 1 %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{# #}
+{# Generate GPFS nodes file lines #}
+{# #}
+{% for hostname, n in nodes | dictsort %}
+{% if n.is_ctdb_node %}
+{% if hostname == first_ctdb_node %}
+{{ hostname }}:manager-quorum:
+{% elif num_storage_nodes > 0 %}
+{{ hostname }}:manager:
+{% else %}
+{{ hostname }}:manager-quorum:
+{% endif %}
+{% elif n.has_shared_storage %}
+{{ hostname }}:manager-quorum:
+{% endif %}
+{% endfor %}
--- /dev/null
+{# #}
+{# Count dedicated storage nodes #}
+{# #}
+{% set num_storage_nodes = 0 %}
+{% for hostname, n in nodes | dictsort %}
+{% if n.has_shared_storage and not n.is_ctdb_node %}
+{% set num_storage_nodes = num_storage_nodes + 1 %}
+{% endif %}
+{% endfor %}
+{# #}
+{# Write a single line containing "primary secondary" #}
+{# #}
+{% if num_storage_nodes >= 2 %}
+{{ groups['storage-nodes'][0] }} {{ groups['storage-nodes'][1] }}
+{% elif num_storage_nodes == 1 %}
+{{ groups['storage-nodes'][0] }} {{ groups['nas-nodes'][0] }}
+{% else %}
+{{ groups['nas-nodes'][0] }} {{ groups['nas-nodes'][1] }}
+{% endif %}
--- /dev/null
+---
+- import_playbook: ad.yml
+- import_playbook: base.yml
+- import_playbook: build.yml
+- import_playbook: cbuild.yml
+- import_playbook: storage.yml
+- import_playbook: test.yml
+- import_playbook: nas.yml
--- /dev/null
+---
+- hosts: storage-nodes
+ remote_user: root
+
+ roles:
+ - common
+ - clusterfs
+ - storage
--- /dev/null
+---
+- hosts: test-nodes
+ remote_user: root
+
+ roles:
+ - common
+ - nasrepos
+ - ctdb
git.samba.org / autocluster.git / commitdiff